net/cert/ct_log_verifier.h - Issue 55953002: CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin…

Side by Side Diff: net/cert/ct_log_verifier.h

Issue 55953002: CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_

	6 #define NET_CERT_CT_LOG_VERIFIER_H_

	7

	8 #include <string>

	9

	10 #include "base/gtest_prod_util.h"

	11 #include "base/memory/scoped_ptr.h"

	12 #include "base/strings/string_piece.h"

	13 #include "base/time/time.h"
	wtc 2013/11/08 21:04:00 This header doesn't seem necessary. This header doesn't seem necessary. Eran M. (Google) 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > This header doesn't seem necessary. Done.
	14 #include "net/base/net_export.h"

	15 #include "net/cert/signed_certificate_timestamp.h"

	16

	17 // Forward declare the crypto types to avoid having to include the full

	18 // headers.

	19 #if defined(USE_OPENSSL)

	20 typedef struct evp_pkey_st EVP_PKEY;

	21 #else

	22 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;

	23 #endif

	24

	25 namespace net {

	26

	27 /**
	wtc 2013/11/08 21:04:00 Chromium doesn't use this / comment delimiter fo Chromium doesn't use this / comment delimiter for automatic generation of documentation. Just use //. Eran M. (Google) 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > Chromium doesn't use this /** comment delimiter for automatic generation of > documentation. Just use //. Done.
	28 * Class for verifying Signed Certificate Timestamps (SCTs) provided by a

	29 * specific log (whose identity is provided during construction).

	30 */
	Ryan Sleevi 2013/11/08 00:30:43 nit: Comment style: alternates between // and /* * nit: Comment style: alternates between // and /* / here. Would be good to be consistent. Eran M. (Google)* 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 00:30:43, Ryan Sleevi (OoO until 11-18) wrote: > nit: Comment style: alternates between // and /* */ here. Would be good to be > consistent. Done.
	31 class NET_EXPORT CTLogVerifier {

	32 public:

	33 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps

	34 // using \|public_key\|, which is a DER-encoded SubjectPublicKeyInfo.

	35 // If \|public_key\| refers to an unsupported public key, returns NULL.

	36 // \|description\| is an optional textual description of the log.

	37 static scoped_ptr<CTLogVerifier> Create(

	38 const base::StringPiece& public_key,

	39 const base::StringPiece& description = "");
	Ryan Sleevi 2013/11/08 00:30:43 style: Default arguments are forbidden - http://go style: Default arguments are forbidden - http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Defaul... Eran M. (Google) 2013/11/12 12:01:28 Done - made required. Show quoted text On 2013/11/08 00:30:43, Ryan Sleevi (OoO until 11-18) wrote: > style: Default arguments are forbidden - > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Defaul... Done - made required.
	40

	41 ~CTLogVerifier();

	42

	43 // Returns the log's key ID (RFC6962, Section 3.2)

	44 const std::string& key_id() const { return key_id_; }

	45 // Returns the log's human-readable description.

	46 const std::string& description() const { return description_; }

	47

	48 // Verifies that \|sct\| contains a valid signature for \|entry\|.

	49 bool VerifySCT(const ct::LogEntry& entry,
	wtc 2013/11/08 21:04:00 If this class only verifies SignedCertificateTimes If this class only verifies SignedCertificateTimestamp, you can also just name this method "Verify". Eran M. (Google) 2013/11/12 12:01:28 Done. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > If this class only verifies SignedCertificateTimestamp, you can also just name > this method "Verify". Done.
	50 const ct::SignedCertificateTimestamp& sct);

	51

	52 private:

	53 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);

	54

	55 CTLogVerifier();

	56

	57 // Performs crypto-library specific initialization.

	58 bool Init(const base::StringPiece& public_key,

	59 const base::StringPiece& description);

	60

	61 // Performs the underlying verification using the selected public key. Note

	62 // that \|signature\| contains the raw signature data (eg: without any

	63 // DigitallySigned struct encoding).

	64 bool VerifySignature(const base::StringPiece& data_to_sign,

	65 const base::StringPiece& signature);

	66

	67 std::string key_id_;

	68 std::string description_;

	69 ct::DigitallySigned::HashAlgorithm hash_algorithm_;

	70 ct::DigitallySigned::SignatureAlgorithm sig_algorithm_;
	wtc 2013/11/08 21:04:00 Nit: just wanted to make sure you intended to abbr Nit: just wanted to make sure you intended to abbreviate "signature" to "sig" because in general our Style Guide in unfriendly to abbreviations. Eran M. (Google) 2013/11/12 12:01:28 Done, replaced sig with signature. Show quoted text On 2013/11/08 21:04:00, wtc wrote: > > Nit: just wanted to make sure you intended to abbreviate "signature" to "sig" > because in general our Style Guide in unfriendly to abbreviations. Done, replaced sig with signature.
	71

	72 #if defined(USE_OPENSSL)

	73 EVP_PKEY* public_key_;

	74 #else

	75 SECKEYPublicKey* public_key_;

	76 #endif

	77 };

	78

	79 } // namespace net

	80

	81 #endif // NET_CERT_CT_LOG_VERIFIER_H_

OLD	NEW

« no previous file with comments | « no previous file | net/cert/ct_log_verifier.cc » ('j') | net/cert/ct_log_verifier_nss.cc » ('J')