| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ |
| 6 #define NET_CERT_CT_LOG_VERIFIER_H_ |
| 7 |
| 8 #include <string> |
| 9 |
| 10 #include "base/gtest_prod_util.h" |
| 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/strings/string_piece.h" |
| 13 #include "net/base/net_export.h" |
| 14 #include "net/cert/signed_certificate_timestamp.h" |
| 15 |
| 16 // Forward declare the crypto types to avoid having to include the full |
| 17 // headers. |
| 18 #if defined(USE_OPENSSL) |
| 19 typedef struct evp_pkey_st EVP_PKEY; |
| 20 #else |
| 21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; |
| 22 #endif |
| 23 |
| 24 namespace net { |
| 25 |
| 26 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a |
| 27 // specific log (whose identity is provided during construction). |
| 28 class NET_EXPORT CTLogVerifier { |
| 29 public: |
| 30 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps |
| 31 // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo. |
| 32 // If |public_key| refers to an unsupported public key, returns NULL. |
| 33 // |description| is a textual description of the log. |
| 34 static scoped_ptr<CTLogVerifier> Create( |
| 35 const base::StringPiece& public_key, |
| 36 const base::StringPiece& description); |
| 37 |
| 38 ~CTLogVerifier(); |
| 39 |
| 40 // Returns the log's key ID (RFC6962, Section 3.2) |
| 41 const std::string& key_id() const { return key_id_; } |
| 42 // Returns the log's human-readable description. |
| 43 const std::string& description() const { return description_; } |
| 44 |
| 45 // Verifies that |sct| contains a valid signature for |entry|. |
| 46 bool Verify(const ct::LogEntry& entry, |
| 47 const ct::SignedCertificateTimestamp& sct); |
| 48 |
| 49 private: |
| 50 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
| 51 |
| 52 CTLogVerifier(); |
| 53 |
| 54 // Performs crypto-library specific initialization. |
| 55 bool Init(const base::StringPiece& public_key, |
| 56 const base::StringPiece& description); |
| 57 |
| 58 // Performs the underlying verification using the selected public key. Note |
| 59 // that |signature| contains the raw signature data (eg: without any |
| 60 // DigitallySigned struct encoding). |
| 61 bool VerifySignature(const base::StringPiece& data_to_sign, |
| 62 const base::StringPiece& signature); |
| 63 |
| 64 std::string key_id_; |
| 65 std::string description_; |
| 66 ct::DigitallySigned::HashAlgorithm hash_algorithm_; |
| 67 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; |
| 68 |
| 69 #if defined(USE_OPENSSL) |
| 70 EVP_PKEY* public_key_; |
| 71 #else |
| 72 SECKEYPublicKey* public_key_; |
| 73 #endif |
| 74 }; |
| 75 |
| 76 } // namespace net |
| 77 |
| 78 #endif // NET_CERT_CT_LOG_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 55953002:
CT: Adding SCT verification functionality: A CTLogVerifier instance can verify SCTs signed by a sin… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master