Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
      6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "net/base/completion_callback.h"
     12 #include "net/base/net_export.h"
     13 
     14 namespace net {
     15 
     16 class CertVerifyResult;
     17 
     18 // ProofVerifyDetails is an abstract class that acts as a container for any
     19 // implementation specific details that a ProofVerifier wishes to return. These
     20 // details are saved in the CachedInfo for the origin in question.
     21 class ProofVerifyDetails {
     22  public:
     23   virtual ~ProofVerifyDetails();
     24 };
     25 
     26 // ProofVerifierCallback provides a generic mechanism for a ProofVerifier to
     27 // call back after an asynchronous verification.
     28 class NET_EXPORT_PRIVATE ProofVerifierCallback {
     29  public:
     30   virtual ~ProofVerifierCallback();
     31 
     32   // Run is called on the original thread to mark the completion of an
     33   // asynchonous verification. If |ok| is true then the certificate is valid
     34   // and |*error_details| is unused. Otherwise, |*error_details| contains a
     35   // description of the error. |details| contains implementation-specific
     36   // details of the verification. |Run| may take ownership of |details| by
     37   // calling |release| on it.
     38   virtual void Run(bool ok,
     39                    const std::string& error_details,
     40                    scoped_ptr<ProofVerifyDetails>* details) = 0;
     41 };
     42 
     43 // A ProofVerifier checks the signature on a server config, and the certificate
     44 // chain that backs the public key.
     45 class NET_EXPORT_PRIVATE ProofVerifier {
     46  public:
     47   // Status enumerates the possible results of verifying a proof.
     48   enum Status {
     49     SUCCESS = 0,
     50     FAILURE = 1,
     51     // PENDING results from a verification which will occur asynchonously. When
     52     // the verification is complete, |callback|'s |Run| method will be called.
     53     PENDING = 2,
     54   };
     55 
     56   virtual ~ProofVerifier();
     57 
     58   // VerifyProof checks that |signature| is a valid signature of
     59   // |server_config| by the public key in the leaf certificate of |certs|, and
     60   // that |certs| is a valid chain for |hostname|. On success, it returns
     61   // SUCCESS. On failure, it returns ERROR and sets |*error_details| to a
     62   // description of the problem. In either case it may set |*details|, which the
     63   // caller takes ownership of.
     64   //
     65   // This function may also return PENDING, in which case the ProofVerifier
     66   // will call back, on the original thread, via |callback| when complete.
     67   //
     68   // This function takes ownership of |callback|. It will be deleted even if
     69   // the call returns immediately.
     70   //
     71   // The signature uses SHA-256 as the hash function and PSS padding in the
     72   // case of RSA.
     73   virtual Status VerifyProof(const std::string& hostname,
     74                              const std::string& server_config,
     75                              const std::vector<std::string>& certs,
     76                              const std::string& signature,
     77                              std::string* error_details,
     78                              scoped_ptr<ProofVerifyDetails>* details,
     79                              ProofVerifierCallback* callback) = 0;
     80 };
     81 
     82 }  // namespace net
     83 
     84 #endif  // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_
     85