ct_log_verifier.cc - Android社区 - https://www.androidos.net.cn/

// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/ct_log_verifier.h"

#include "base/logging.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/signed_tree_head.h"

namespace net {

// static
scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
    const base::StringPiece& public_key,
    const base::StringPiece& description) {
  scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
  if (!result->Init(public_key, description))
    result.reset();
  return result.Pass();
}

bool CTLogVerifier::Verify(const ct::LogEntry& entry,
                           const ct::SignedCertificateTimestamp& sct) {
  if (sct.log_id != key_id()) {
    DVLOG(1) << "SCT is not signed by this log.";
    return false;
  }

if (!SignatureParametersMatch(sct.signature))
    return false;

std::string serialized_log_entry;
  if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
    DVLOG(1) << "Unable to serialize entry.";
    return false;
  }
  std::string serialized_data;
  if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
                                 sct.extensions, &serialized_data)) {
    DVLOG(1) << "Unable to create SCT to verify.";
    return false;
  }

return VerifySignature(serialized_data, sct.signature.signature_data);
}

bool CTLogVerifier::SetSignedTreeHead(
    scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
  if (!SignatureParametersMatch(signed_tree_head->signature))
    return false;

std::string serialized_data;
  ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
  if (VerifySignature(serialized_data,
                      signed_tree_head->signature.signature_data)) {
    signed_tree_head_.reset(signed_tree_head.release());
    return true;
  }
  return false;
}

bool CTLogVerifier::SignatureParametersMatch(
    const ct::DigitallySigned& signature) {
  if (!signature.SignatureParametersMatch(hash_algorithm_,
                                          signature_algorithm_)) {
    DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
             << hash_algorithm_ << " vs " << signature.hash_algorithm
             << " Signature: " << signature_algorithm_ << " vs "
             << signature.signature_algorithm << ".";
    return false;
  }

return true;
}

}  // namespace net

普通文本 | 78行 | 2.36 KB

// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/cert/ct_log_verifier.h"

#include "base/logging.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/signed_tree_head.h"

namespace net {

// static
scoped_ptr<CTLogVerifier> CTLogVerifier::Create(
    const base::StringPiece& public_key,
    const base::StringPiece& description) {
  scoped_ptr<CTLogVerifier> result(new CTLogVerifier());
  if (!result->Init(public_key, description))
    result.reset();
  return result.Pass();
}

bool CTLogVerifier::Verify(const ct::LogEntry& entry,
                           const ct::SignedCertificateTimestamp& sct) {
  if (sct.log_id != key_id()) {
    DVLOG(1) << "SCT is not signed by this log.";
    return false;
  }

  if (!SignatureParametersMatch(sct.signature))
    return false;

  std::string serialized_log_entry;
  if (!ct::EncodeLogEntry(entry, &serialized_log_entry)) {
    DVLOG(1) << "Unable to serialize entry.";
    return false;
  }
  std::string serialized_data;
  if (!ct::EncodeV1SCTSignedData(sct.timestamp, serialized_log_entry,
                                 sct.extensions, &serialized_data)) {
    DVLOG(1) << "Unable to create SCT to verify.";
    return false;
  }

  return VerifySignature(serialized_data, sct.signature.signature_data);
}

bool CTLogVerifier::SetSignedTreeHead(
    scoped_ptr<ct::SignedTreeHead> signed_tree_head) {
  if (!SignatureParametersMatch(signed_tree_head->signature))
    return false;

  std::string serialized_data;
  ct::EncodeTreeHeadSignature(*signed_tree_head.get(), &serialized_data);
  if (VerifySignature(serialized_data,
                      signed_tree_head->signature.signature_data)) {
    signed_tree_head_.reset(signed_tree_head.release());
    return true;
  }
  return false;
}

bool CTLogVerifier::SignatureParametersMatch(
    const ct::DigitallySigned& signature) {
  if (!signature.SignatureParametersMatch(hash_algorithm_,
                                          signature_algorithm_)) {
    DVLOG(1) << "Mismatched hash or signature algorithm. Hash: "
             << hash_algorithm_ << " vs " << signature.hash_algorithm
             << " Signature: " << signature_algorithm_ << " vs "
             << signature.signature_algorithm << ".";
    return false;
  }

  return true;
}

}  // namespace net

登录后可以享受更多权益