net/cert/ct_log_verifier.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_
   6 #define NET_CERT_CT_LOG_VERIFIER_H_
   7
   8 #include <string>
   9
  10 #include "base/gtest_prod_util.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/strings/string_piece.h"
  13 #include "net/base/net_export.h"
  14 #include "net/cert/signed_certificate_timestamp.h"
  15
  16 // Forward declare the crypto types to avoid having to include the full
  17 // headers.
  18 #if defined(USE_OPENSSL)
  19 typedef struct evp_pkey_st EVP_PKEY;
  20 #else
  21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
  22 #endif
  23
  24 namespace net {
  25
  26 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a
  27 // specific log (whose identity is provided during construction).
  28 class NET_EXPORT CTLogVerifier {
  29  public:
  30   // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps
  31   // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo.
  32   // If |public_key| refers to an unsupported public key, returns NULL.
  33   // |description| is a textual description of the log.
  34   static scoped_ptr<CTLogVerifier> Create(
  35       const base::StringPiece& public_key,
  36       const base::StringPiece& description);
  37
  38   ~CTLogVerifier();
  39
  40   // Returns the log's key ID (RFC6962, Section 3.2)
  41   const std::string& key_id() const { return key_id_; }
  42   // Returns the log's human-readable description.
  43   const std::string& description() const { return description_; }
  44
  45   // Verifies that |sct| contains a valid signature for |entry|.
  46   bool Verify(const ct::LogEntry& entry,
  47               const ct::SignedCertificateTimestamp& sct);
  48
  49  private:
  50   FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
  51
  52   CTLogVerifier();
  53
  54   // Performs crypto-library specific initialization.
  55   bool Init(const base::StringPiece& public_key,
  56             const base::StringPiece& description);
  57
  58   // Performs the underlying verification using the selected public key. Note
  59   // that |signature| contains the raw signature data (eg: without any
  60   // DigitallySigned struct encoding).
  61   bool VerifySignature(const base::StringPiece& data_to_sign,
  62                        const base::StringPiece& signature);
  63
  64   std::string key_id_;
  65   std::string description_;
  66   ct::DigitallySigned::HashAlgorithm hash_algorithm_;
  67   ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
  68
  69 #if defined(USE_OPENSSL)
  70   EVP_PKEY* public_key_;
  71 #else
  72   SECKEYPublicKey* public_key_;
  73 #endif
  74 };
  75
  76 }  // namespace net
  77
  78 #endif  // NET_CERT_CT_LOG_VERIFIER_H_