| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ | |
| 6 #define NET_CERT_CT_LOG_VERIFIER_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "base/gtest_prod_util.h" | |
| 11 #include "base/memory/scoped_ptr.h" | |
| 12 #include "base/strings/string_piece.h" | |
| 13 #include "net/base/net_export.h" | |
| 14 #include "net/cert/signed_certificate_timestamp.h" | |
| 15 | |
| 16 // Forward declare the crypto types to avoid having to include the full | |
| 17 // headers. | |
| 18 #if defined(USE_OPENSSL) | |
| 19 typedef struct evp_pkey_st EVP_PKEY; | |
| 20 #else | |
| 21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey; | |
| 22 #endif | |
| 23 | |
| 24 namespace net { | |
| 25 | |
| 26 namespace ct { | |
| 27 struct SignedTreeHead; | |
| 28 } // namespace ct | |
| 29 | |
| 30 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a | |
| 31 // specific log (whose identity is provided during construction). | |
| 32 class NET_EXPORT CTLogVerifier { | |
| 33 public: | |
| 34 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps | |
| 35 // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo. | |
| 36 // If |public_key| refers to an unsupported public key, returns NULL. | |
| 37 // |description| is a textual description of the log. | |
| 38 static scoped_ptr<CTLogVerifier> Create( | |
| 39 const base::StringPiece& public_key, | |
| 40 const base::StringPiece& description); | |
| 41 | |
| 42 ~CTLogVerifier(); | |
| 43 | |
| 44 // Returns the log's key ID (RFC6962, Section 3.2) | |
| 45 const std::string& key_id() const { return key_id_; } | |
| 46 // Returns the log's human-readable description. | |
| 47 const std::string& description() const { return description_; } | |
| 48 | |
| 49 // Verifies that |sct| contains a valid signature for |entry|. | |
| 50 bool Verify(const ct::LogEntry& entry, | |
| 51 const ct::SignedCertificateTimestamp& sct); | |
| 52 | |
| 53 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is | |
| 54 // valid, stores it and returns true. Otherwise, discards the sth and | |
| 55 // returns false. | |
| 56 bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head); | |
| 57 | |
| 58 private: | |
| 59 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); | |
| 60 | |
| 61 CTLogVerifier(); | |
| 62 | |
| 63 // Performs crypto-library specific initialization. | |
| 64 bool Init(const base::StringPiece& public_key, | |
| 65 const base::StringPiece& description); | |
| 66 | |
| 67 // Performs the underlying verification using the selected public key. Note | |
| 68 // that |signature| contains the raw signature data (eg: without any | |
| 69 // DigitallySigned struct encoding). | |
| 70 bool VerifySignature(const base::StringPiece& data_to_sign, | |
| 71 const base::StringPiece& signature); | |
| 72 | |
| 73 // Returns true if the signature and hash algorithms in |signature| | |
| 74 // match those of the log | |
| 75 bool SignatureParametersMatch(const ct::DigitallySigned& signature); | |
| 76 | |
| 77 std::string key_id_; | |
| 78 std::string description_; | |
| 79 ct::DigitallySigned::HashAlgorithm hash_algorithm_; | |
| 80 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; | |
| 81 scoped_ptr<ct::SignedTreeHead> signed_tree_head_; | |
| 82 | |
| 83 #if defined(USE_OPENSSL) | |
| 84 EVP_PKEY* public_key_; | |
| 85 #else | |
| 86 SECKEYPublicKey* public_key_; | |
| 87 #endif | |
| 88 }; | |
| 89 | |
| 90 } // namespace net | |
| 91 | |
| 92 #endif // NET_CERT_CT_LOG_VERIFIER_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master