Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(945)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier.cc

Issue 67513008: Certificate Transparency: Add the high-level interface for verifying SCTs over multiple logs (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/cert/ct_log_verifier.h ('K') | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | net/cert/ct_serialization.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/ct_serialization.h" 8 #include "net/cert/ct_serialization.h"
9 9
10 namespace net { 10 namespace net {
11 11
12 // static 12 // static
13 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( 13 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
14 const base::StringPiece& public_key, 14 const base::StringPiece& public_key,
15 const base::StringPiece& description) { 15 const base::StringPiece& description) {
16 scoped_ptr<CTLogVerifier> result(new CTLogVerifier()); 16 scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
17 if (!result->Init(public_key, description)) 17 if (!result->Init(public_key, description))
18 result.reset(); 18 result.reset();
19 return result.Pass(); 19 return result.Pass();
20 } 20 }
21 21
22 bool CTLogVerifier::Verify(const ct::LogEntry& entry, 22 CTLogVerifier::VerifyResult CTLogVerifier::Verify(
23 const ct::SignedCertificateTimestamp& sct) { 23 const ct::LogEntry& entry,
24 const ct::SignedCertificateTimestamp& sct) {
24 if (sct.log_id != key_id()) { 25 if (sct.log_id != key_id()) {
25 DVLOG(1) << "SCT is not signed by this log."; 26 DVLOG(1) << "SCT is not signed by this log.";
26 return false; 27 return CTLogVerifier::SCT_NOT_FROM_THIS_LOG;
27 } 28 }
28 29
29 if (sct.signature.hash_algorithm != hash_algorithm_) { 30 if (sct.signature.hash_algorithm != hash_algorithm_) {
30 DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_ 31 DVLOG(1) << "Mismatched hash algorithm. Expected " << hash_algorithm_
31 << ", got " << sct.signature.hash_algorithm << "."; 32 << ", got " << sct.signature.hash_algorithm << ".";
32 return false; 33 return CTLogVerifier::SCT_ALGORITHM_MISMATCH;
33 } 34 }
34 35
35 if (sct.signature.signature_algorithm != signature_algorithm_) { 36 if (sct.signature.signature_algorithm != signature_algorithm_) {
36 DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_ 37 DVLOG(1) << "Mismatched sig algorithm. Expected " << signature_algorithm_
37 << ", got " << sct.signature.signature_algorithm << "."; 38 << ", got " << sct.signature.signature_algorithm << ".";
38 return false; 39 return CTLogVerifier::SCT_ALGORITHM_MISMATCH;
39 } 40 }
40 41
41 std::string serialized_log_entry; 42 std::string serialized_log_entry;
42 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { 43 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
43 DVLOG(1) << "Unable to serialize entry."; 44 DVLOG(1) << "Unable to serialize entry.";
44 return false; 45 return CTLogVerifier::SCT_DATA_SERIALIZATION_FAILED;
45 } 46 }
46 std::string serialized_data; 47 std::string serialized_data;
47 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, 48 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
48 sct.extensions, &serialized_data)) { 49 sct.extensions, &serialized_data)) {
49 DVLOG(1) << "Unable to create SCT to verify."; 50 DVLOG(1) << "Unable to create SCT to verify.";
50 return false; 51 return CTLogVerifier::SCT_DATA_SERIALIZATION_FAILED;
51 } 52 }
52 53
53 return VerifySignature(serialized_data, sct.signature.signature_data); 54 if (VerifySignature(serialized_data, sct.signature.signature_data))
55 return CTLogVerifier::SCT_VERIFIED_OK;
56
57 return CTLogVerifier::SCT_VERIFICATION_FAILED;
54 } 58 }
55 59
56 } // namespace net 60 } // namespace net
OLDNEW
« net/cert/ct_log_verifier.h ('K') | « net/cert/ct_log_verifier.h ('k') | net/cert/ct_log_verifier_unittest.cc » ('j') | net/cert/ct_serialization.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698