net/cert/ct_log_verifier.cc - mojo-tools - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "net/cert/ct_log_verifier.h"

 #include "base/logging.h"
 #include "net/cert/ct_serialization.h"
 #include "net/cert/signed_tree_head.h"

 namespace net {

 // static
 scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
     const base::StringPiece& public_key,
     const base::StringPiece& description) {
   scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
   if (!result->Init(public_key, description))
     result.reset();
   return result.Pass();
 }

 bool CTLogVerifier::Verify(const ct::LogEntry& entry,
                            const ct::SignedCertificateTimestamp& sct) {
   if (sct.log_id != key_id()) {
     DVLOG(1) << "SCT is not signed by this log.";
     return false;
   }

   if (!SignatureParametersMatch(sct.signature))
     return false;

   std::string serialized_log_entry;
   if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
     DVLOG(1) << "Unable to serialize entry.";
     return false;
   }
   std::string serialized_data;
   if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
                                  sct.extensions, &serialized_data)) {
     DVLOG(1) << "Unable to create SCT to verify.";
     return false;
   }

   return VerifySignature(serialized_data, sct.signature.signature_data);
 }

 bool CTLogVerifier::SetSignedTreeHead(
     scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
   if (!SignatureParametersMatch(signed_tree_head->signature))
     return false;

   std::string serialized_data;
   ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
   if (VerifySignature(serialized_data,
                       signed_tree_head->signature.signature_data)) {
     signed_tree_head_.reset(signed_tree_head.release());
     return true;
   }
   return false;
 }

 bool CTLogVerifier::SignatureParametersMatch(
     const ct::DigitallySigned& signature) {
   if (!signature.SignatureParametersMatch(hash_algorithm_,
                                           signature_algorithm_)) {
     DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
              << hash_algorithm_ << " vs " << signature.hash_algorithm
              << " Signature: " << signature_algorithm_ << " vs "
              << signature.signature_algorithm << ".";
     return false;
   }

   return true;
 }

 }  // namespace net
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "net/cert/ct_log_verifier.h"

	#include "base/logging.h"
	#include "net/cert/ct_serialization.h"
	#include "net/cert/signed_tree_head.h"

	namespace net {

	// static
	scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
	const base::StringPiece& public_key,
	const base::StringPiece& description) {
	scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
	if (!result->Init(public_key, description))
	result.reset();
	return result.Pass();
	}

	bool CTLogVerifier::Verify(const ct::LogEntry& entry,
	const ct::SignedCertificateTimestamp& sct) {
	if (sct.log_id != key_id()) {
	DVLOG(1) << "SCT is not signed by this log.";
	return false;
	}

	if (!SignatureParametersMatch(sct.signature))
	return false;

	std::string serialized_log_entry;
	if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
	DVLOG(1) << "Unable to serialize entry.";
	return false;
	}
	std::string serialized_data;
	if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
	sct.extensions, &serialized_data)) {
	DVLOG(1) << "Unable to create SCT to verify.";
	return false;
	}

	return VerifySignature(serialized_data, sct.signature.signature_data);
	}

	bool CTLogVerifier::SetSignedTreeHead(
	scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
	if (!SignatureParametersMatch(signed_tree_head->signature))
	return false;

	std::string serialized_data;
	ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
	if (VerifySignature(serialized_data,
	signed_tree_head->signature.signature_data)) {
	signed_tree_head_.reset(signed_tree_head.release());
	return true;
	}
	return false;
	}

	bool CTLogVerifier::SignatureParametersMatch(
	const ct::DigitallySigned& signature) {
	if (!signature.SignatureParametersMatch(hash_algorithm_,
	signature_algorithm_)) {
	DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
	<< hash_algorithm_ << " vs " << signature.hash_algorithm
	<< " Signature: " << signature_algorithm_ << " vs "
	<< signature.signature_algorithm << ".";
	return false;
	}

	return true;
	}

	} // namespace net