Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Side by Side Diff: net/base/dnssec_chain_verifier.cc

Issue 6805019: Move crypto files out of base, to a top level directory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/dnssec_chain_verifier.h" 5 #include "net/base/dnssec_chain_verifier.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/memory/scoped_ptr.h" 8 #include "base/memory/scoped_ptr.h"
9 #include "base/sha1.h" 9 #include "base/sha1.h"
10 #include "base/sha2.h"
11 #include "base/string_util.h" 10 #include "base/string_util.h"
11 #include "crypto/sha2.h"
12 #include "net/base/dns_util.h" 12 #include "net/base/dns_util.h"
13 #include "net/base/dnssec_keyset.h" 13 #include "net/base/dnssec_keyset.h"
14 14
15 // We don't have a location for the spec yet, so we'll include it here until it 15 // We don't have a location for the spec yet, so we'll include it here until it
16 // finds a better home. 16 // finds a better home.
17 17
18 /* 18 /*
19 When connecting to a host www.example.com, www.example.com may present a certifi cate which includes a DNSSEC chain embedded in it. The aim of the embedded chain is to prove that the fingerprint of the public key is valid DNSSEC data. This i s achieved by proving a CERT record for the target domain. 19 When connecting to a host www.example.com, www.example.com may present a certifi cate which includes a DNSSEC chain embedded in it. The aim of the embedded chain is to prove that the fingerprint of the public key is valid DNSSEC data. This i s achieved by proving a CERT record for the target domain.
20 20
21 Initially, the target domain is constructed by prepending _ssl. For example, the initial target domain for www.example.com is _ssl.www.example.com. 21 Initially, the target domain is constructed by prepending _ssl. For example, the initial target domain for www.example.com is _ssl.www.example.com.
(...skipping 487 matching lines...) Expand 10 before | Expand all | Expand 10 after
509 // digest_type: see http://tools.ietf.org/html/rfc4034#appendix-A.2 509 // digest_type: see http://tools.ietf.org/html/rfc4034#appendix-A.2
510 // keyid: the key's id 510 // keyid: the key's id
511 // algorithm: see http://tools.ietf.org/html/rfc4034#appendix-A.1 511 // algorithm: see http://tools.ietf.org/html/rfc4034#appendix-A.1
512 bool DNSSECChainVerifier::DigestKey(base::StringPiece* out, 512 bool DNSSECChainVerifier::DigestKey(base::StringPiece* out,
513 const base::StringPiece& name, 513 const base::StringPiece& name,
514 const base::StringPiece& dnskey, 514 const base::StringPiece& dnskey,
515 uint8 digest_type, 515 uint8 digest_type,
516 uint16 keyid, 516 uint16 keyid,
517 uint8 algorithm) { 517 uint8 algorithm) {
518 std::string temp; 518 std::string temp;
519 uint8 temp2[base::SHA256_LENGTH]; 519 uint8 temp2[crypto::SHA256_LENGTH];
520 const uint8* digest; 520 const uint8* digest;
521 unsigned digest_len; 521 unsigned digest_len;
522 522
523 std::string input = name.as_string() + dnskey.as_string(); 523 std::string input = name.as_string() + dnskey.as_string();
524 524
525 if (digest_type == kDNSSEC_SHA1) { 525 if (digest_type == kDNSSEC_SHA1) {
526 temp = base::SHA1HashString(input); 526 temp = base::SHA1HashString(input);
527 digest = reinterpret_cast<const uint8*>(temp.data()); 527 digest = reinterpret_cast<const uint8*>(temp.data());
528 digest_len = base::SHA1_LENGTH; 528 digest_len = base::SHA1_LENGTH;
529 } else if (digest_type == kDNSSEC_SHA256) { 529 } else if (digest_type == kDNSSEC_SHA256) {
530 base::SHA256HashString(input, temp2, sizeof(temp2)); 530 crypto::SHA256HashString(input, temp2, sizeof(temp2));
531 digest = temp2; 531 digest = temp2;
532 digest_len = sizeof(temp2); 532 digest_len = sizeof(temp2);
533 } else { 533 } else {
534 return false; 534 return false;
535 } 535 }
536 536
537 uint8* output = static_cast<uint8*>(malloc(4 + digest_len)); 537 uint8* output = static_cast<uint8*>(malloc(4 + digest_len));
538 scratch_pool_.push_back(output); 538 scratch_pool_.push_back(output);
539 output[0] = static_cast<uint8>(keyid >> 8); 539 output[0] = static_cast<uint8>(keyid >> 8);
540 output[1] = static_cast<uint8>(keyid); 540 output[1] = static_cast<uint8>(keyid);
(...skipping 260 matching lines...) Expand 10 before | Expand all | Expand 10 after
801 base::StringPiece name; 801 base::StringPiece name;
802 if (!ReadName(&name)) 802 if (!ReadName(&name))
803 return BAD_DATA; 803 return BAD_DATA;
804 804
805 rrdatas->resize(1); 805 rrdatas->resize(1);
806 (*rrdatas)[0] = name; 806 (*rrdatas)[0] = name;
807 return OK; 807 return OK;
808 } 808 }
809 809
810 } // namespace net 810 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698