We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / cert / ct_log_verifier.h
blob38e0930eb6594ec60c77e01fc4dd77b05e32c8cf
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_
6 #define NET_CERT_CT_LOG_VERIFIER_H_
8 #include <string>
10 #include "base/gtest_prod_util.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/strings/string_piece.h"
13 #include "net/base/net_export.h"
14 #include "net/cert/signed_certificate_timestamp.h"
16 // Forward declare the crypto types to avoid having to include the full
17 // headers.
18 #if defined(USE_OPENSSL)
19 typedef struct evp_pkey_st EVP_PKEY;
20 #else
21 typedef struct SECKEYPublicKeyStr SECKEYPublicKey;
22 #endif
24 namespace net {
26 namespace ct {
27 struct SignedTreeHead;
28 } // namespace ct
30 // Class for verifying Signed Certificate Timestamps (SCTs) provided by a
31 // specific log (whose identity is provided during construction).
32 class NET_EXPORT CTLogVerifier {
33 public:
34 // Creates a new CTLogVerifier that will verify SignedCertificateTimestamps
35 // using |public_key|, which is a DER-encoded SubjectPublicKeyInfo.
36 // If |public_key| refers to an unsupported public key, returns NULL.
37 // |description| is a textual description of the log.
38 static scoped_ptr<CTLogVerifier> Create(
39 const base::StringPiece& public_key,
40 const base::StringPiece& description);
42 ~CTLogVerifier();
44 // Returns the log's key ID (RFC6962, Section 3.2)
45 const std::string& key_id() const { return key_id_; }
46 // Returns the log's human-readable description.
47 const std::string& description() const { return description_; }
49 // Verifies that |sct| contains a valid signature for |entry|.
50 bool Verify(const ct::LogEntry& entry,
51 const ct::SignedCertificateTimestamp& sct);
53 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is
54 // valid, stores it and returns true. Otherwise, discards the sth and
55 // returns false.
56 bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head);
58 private:
59 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
61 CTLogVerifier();
63 // Performs crypto-library specific initialization.
64 bool Init(const base::StringPiece& public_key,
65 const base::StringPiece& description);
67 // Performs the underlying verification using the selected public key. Note
68 // that |signature| contains the raw signature data (eg: without any
69 // DigitallySigned struct encoding).
70 bool VerifySignature(const base::StringPiece& data_to_sign,
71 const base::StringPiece& signature);
73 // Returns true if the signature and hash algorithms in |signature|
74 // match those of the log
75 bool SignatureParametersMatch(const ct::DigitallySigned& signature);
77 std::string key_id_;
78 std::string description_;
79 ct::DigitallySigned::HashAlgorithm hash_algorithm_;
80 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
81 scoped_ptr<ct::SignedTreeHead> signed_tree_head_;
83 #if defined(USE_OPENSSL)
84 EVP_PKEY* public_key_;
85 #else
86 SECKEYPublicKey* public_key_;
87 #endif
90 } // namespace net
92 #endif // NET_CERT_CT_LOG_VERIFIER_H_