Home | History | Annotate | Download | only in cert 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/cert/ct_log_verifier.h"
      6 
      7 #include "base/logging.h"
      8 #include "net/cert/ct_serialization.h"
      9 #include "net/cert/signed_tree_head.h"
     10 
     11 namespace net {
     12 
     13 // static
     14 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
     15     const base::StringPiece& public_key,
     16     const base::StringPiece& description) {
     17   scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
     18   if (!result->Init(public_key, description))
     19     result.reset();
     20   return result.Pass();
     21 }
     22 
     23 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
     24                            const ct::SignedCertificateTimestamp& sct) {
     25   if (sct.log_id != key_id()) {
     26     DVLOG(1) << "SCT is not signed by this log.";
     27     return false;
     28   }
     29 
     30   if (!SignatureParametersMatch(sct.signature))
     31     return false;
     32 
     33   std::string serialized_log_entry;
     34   if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
     35     DVLOG(1) << "Unable to serialize entry.";
     36     return false;
     37   }
     38   std::string serialized_data;
     39   if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
     40                                  sct.extensions, &serialized_data)) {
     41     DVLOG(1) << "Unable to create SCT to verify.";
     42     return false;
     43   }
     44 
     45   return VerifySignature(serialized_data, sct.signature.signature_data);
     46 }
     47 
     48 bool CTLogVerifier::SetSignedTreeHead(
     49     scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
     50   if (!SignatureParametersMatch(signed_tree_head->signature))
     51     return false;
     52 
     53   std::string serialized_data;
     54   ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
     55   if (VerifySignature(serialized_data,
     56                       signed_tree_head->signature.signature_data)) {
     57     signed_tree_head_.reset(signed_tree_head.release());
     58     return true;
     59   }
     60   return false;
     61 }
     62 
     63 bool CTLogVerifier::SignatureParametersMatch(
     64     const ct::DigitallySigned& signature) {
     65   if (!signature.SignatureParametersMatch(hash_algorithm_,
     66                                           signature_algorithm_)) {
     67     DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
     68              << hash_algorithm_ << " vs " << signature.hash_algorithm
     69              << " Signature: " << signature_algorithm_ << " vs "
     70              << signature.signature_algorithm << ".";
     71     return false;
     72   }
     73 
     74   return true;
     75 }
     76 
     77 }  // namespace net
     78