Halaman utama Jelajahi Bantuan
Masuk
khronosschoty
/
palemoon-dev
Liatin 2
Bintangi 1
Fork 0
Berkas Masalah 0 Tarik Permintaan 0 Wiki
Cabang: master
Ranting Tag
palemoon-dev
/
platform
/
security
/
certverifier
/
CTLogVerifier.h

CTLogVerifier.h 2.5 KB
Permalink Riwayat Mentahan

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
    2. 

  2. /* This Source Code Form is subject to the terms of the Mozilla Public
    3. 

  3.  * License, v. 2.0. If a copy of the MPL was not distributed with this
    4. 

  4.  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
    5. 

  5. 

  6. #ifndef CTLogVerifier_h
    7. 

  7. #define CTLogVerifier_h
    8. 

  8. 

  9. #include "pkix/Input.h"
    10. 

  10. #include "pkix/pkix.h"
    11. 

  11. #include "SignedCertificateTimestamp.h"
    12. 

  12. #include "SignedTreeHead.h"
    13. 

  13. 

  14. namespace mozilla { namespace ct {
    15. 

  15. 

  16. // Verifies Signed Certificate Timestamps (SCTs) provided by a specific log
    17. 

  17. // using the public key of that log. Assumes the SCT being verified
    18. 

  18. // matches the log by log key ID and signature parameters (an error is returned
    19. 

  19. // otherwise).
    20. 

  20. // The verification functions return Success if the provided SCT has passed
    21. 

  21. // verification, ERROR_BAD_SIGNATURE if failed verification, or other result
    22. 

  22. // on error.
    23. 

  23. class CTLogVerifier
    24. 

  24. {
    25. 

  25. public:
    26. 

  26.   CTLogVerifier();
    27. 

  27. 

  28.   // Initializes the verifier with log-specific information.
    29. 

  29.   // |subjectPublicKeyInfo| is a DER-encoded SubjectPublicKeyInfo.
    30. 

  30.   // An error is returned if |subjectPublicKeyInfo| refers to an unsupported
    31. 

  31.   // public key.
    32. 

  32.   pkix::Result Init(pkix::Input subjectPublicKeyInfo);
    33. 

  33. 

  34.   // Returns the log's key ID, which is a SHA256 hash of its public key.
    35. 

  35.   // See RFC 6962, Section 3.2.
    36. 

  36.   const Buffer& keyId() const { return mKeyId; }
    37. 

  37. 

  38.   // Verifies that |sct| contains a valid signature for |entry|.
    39. 

  39.   // |sct| must be signed by the verifier's log.
    40. 

  40.   pkix::Result Verify(const LogEntry& entry,
    41. 

  41.                       const SignedCertificateTimestamp& sct);
    42. 

  42. 

  43.   // Verifies the signature in |sth|.
    44. 

  44.   // |sth| must be signed by the verifier's log.
    45. 

  45.   pkix::Result VerifySignedTreeHead(const SignedTreeHead& sth);
    46. 

  46. 

  47.   // Returns true if the signature and hash algorithms in |signature|
    48. 

  48.   // match those of the log.
    49. 

  49.   bool SignatureParametersMatch(const DigitallySigned& signature);
    50. 

  50. 

  51. private:
    52. 

  52.   // Performs the underlying verification using the log's public key. Note
    53. 

  53.   // that |signature| contains the raw signature data (i.e. without any
    54. 

  54.   // DigitallySigned struct encoding).
    55. 

  55.   // Returns Success if passed verification, ERROR_BAD_SIGNATURE if failed
    56. 

  56.   // verification, or other result on error.
    57. 

  57.   pkix::Result VerifySignature(pkix::Input data, pkix::Input signature);
    58. 

  58.   pkix::Result VerifySignature(const Buffer& data, const Buffer& signature);
    59. 

  59. 

  60.   Buffer mSubjectPublicKeyInfo;
    61. 

  61.   Buffer mKeyId;
    62. 

  62.   DigitallySigned::SignatureAlgorithm mSignatureAlgorithm;
    63. 

  63. };
    64. 

  64. 

  65. } } // namespace mozilla::ct
    66. 

  66. 

  67. #endif // CTLogVerifier_h
    68. 

  68.