1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/cert/ct_log_verifier.h" 6 7 #include "base/logging.h" 8 #include "net/cert/ct_serialization.h" 9 #include "net/cert/signed_tree_head.h" 10 11 namespace net { 12 13 // static 14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create( 15 const base::StringPiece& public_key, 16 const base::StringPiece& description) { 17 scoped_ptr<CTLogVerifier> result(new CTLogVerifier()); 18 if (!result->Init(public_key, description)) 19 result.reset(); 20 return result.Pass(); 21 } 22 23 bool CTLogVerifier::Verify(const ct::LogEntry& entry, 24 const ct::SignedCertificateTimestamp& sct) { 25 if (sct.log_id != key_id()) { 26 DVLOG(1) << "SCT is not signed by this log."; 27 return false; 28 } 29 30 if (!SignatureParametersMatch(sct.signature)) 31 return false; 32 33 std::string serialized_log_entry; 34 if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) { 35 DVLOG(1) << "Unable to serialize entry."; 36 return false; 37 } 38 std::string serialized_data; 39 if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry, 40 sct.extensions, &serialized_data)) { 41 DVLOG(1) << "Unable to create SCT to verify."; 42 return false; 43 } 44 45 return VerifySignature(serialized_data, sct.signature.signature_data); 46 } 47 48 bool CTLogVerifier::SetSignedTreeHead( 49 scoped_ptr<ct::SignedTreeHead> signed_tree_head) { 50 if (!SignatureParametersMatch(signed_tree_head->signature)) 51 return false; 52 53 std::string serialized_data; 54 ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data); 55 if (VerifySignature(serialized_data, 56 signed_tree_head->signature.signature_data)) { 57 signed_tree_head_.reset(signed_tree_head.release()); 58 return true; 59 } 60 return false; 61 } 62 63 bool CTLogVerifier::SignatureParametersMatch( 64 const ct::DigitallySigned& signature) { 65 if (!signature.SignatureParametersMatch(hash_algorithm_, 66 signature_algorithm_)) { 67 DVLOG(1) << "Mismatched hash or signature algorithm. Hash: " 68 << hash_algorithm_ << " vs " << signature.hash_algorithm 69 << " Signature: " << signature_algorithm_ << " vs " 70 << signature.signature_algorithm << "."; 71 return false; 72 } 73 74 return true; 75 } 76 77 } // namespace net 78