OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/signature_algorithm.h" | 5 #include "net/cert/internal/signature_algorithm.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/numerics/safe_math.h" | 9 #include "base/numerics/safe_math.h" |
10 #include "net/der/input.h" | 10 #include "net/der/input.h" |
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
219 return !parser.HasMore(); | 219 return !parser.HasMore(); |
220 } | 220 } |
221 | 221 |
222 // Parses an RSA PKCS#1 v1.5 signature algorithm given the DER-encoded | 222 // Parses an RSA PKCS#1 v1.5 signature algorithm given the DER-encoded |
223 // "parameters" from the parsed AlgorithmIdentifier, and the hash algorithm | 223 // "parameters" from the parsed AlgorithmIdentifier, and the hash algorithm |
224 // that was implied by the AlgorithmIdentifier's OID. | 224 // that was implied by the AlgorithmIdentifier's OID. |
225 // | 225 // |
226 // Returns a nullptr on failure. | 226 // Returns a nullptr on failure. |
227 // | 227 // |
228 // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be NULL | 228 // RFC 5912 requires that the parameters for RSA PKCS#1 v1.5 algorithms be NULL |
229 // ("PARAMS TYPE NULL ARE required"): | 229 // ("PARAMS TYPE NULL ARE required"), however an empty parameter is also |
| 230 // allowed for compatibility with non-compliant OCSP responders: |
230 // | 231 // |
231 // sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= { | 232 // sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= { |
232 // IDENTIFIER sha1WithRSAEncryption | 233 // IDENTIFIER sha1WithRSAEncryption |
233 // PARAMS TYPE NULL ARE required | 234 // PARAMS TYPE NULL ARE required |
234 // HASHES { mda-sha1 } | 235 // HASHES { mda-sha1 } |
235 // PUBLIC-KEYS { pk-rsa } | 236 // PUBLIC-KEYS { pk-rsa } |
236 // SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption } | 237 // SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption } |
237 // } | 238 // } |
238 // | 239 // |
239 // sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= { | 240 // sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= { |
(...skipping 14 matching lines...) Expand all Loading... |
254 // | 255 // |
255 // sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= { | 256 // sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= { |
256 // IDENTIFIER sha512WithRSAEncryption | 257 // IDENTIFIER sha512WithRSAEncryption |
257 // PARAMS TYPE NULL ARE required | 258 // PARAMS TYPE NULL ARE required |
258 // HASHES { mda-sha512 } | 259 // HASHES { mda-sha512 } |
259 // PUBLIC-KEYS { pk-rsa } | 260 // PUBLIC-KEYS { pk-rsa } |
260 // SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption } | 261 // SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption } |
261 // } | 262 // } |
262 scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest, | 263 scoped_ptr<SignatureAlgorithm> ParseRsaPkcs1(DigestAlgorithm digest, |
263 const der::Input& params) { | 264 const der::Input& params) { |
264 if (!IsNull(params)) | 265 // TODO(svaldez): Add warning about non-strict parsing. |
| 266 if (!IsNull(params) && !IsEmpty(params)) |
265 return nullptr; | 267 return nullptr; |
266 | 268 |
267 return SignatureAlgorithm::CreateRsaPkcs1(digest); | 269 return SignatureAlgorithm::CreateRsaPkcs1(digest); |
268 } | 270 } |
269 | 271 |
270 // Parses an ECDSA signature algorithm given the DER-encoded "parameters" from | 272 // Parses an ECDSA signature algorithm given the DER-encoded "parameters" from |
271 // the parsed AlgorithmIdentifier, and the hash algorithm that was implied by | 273 // the parsed AlgorithmIdentifier, and the hash algorithm that was implied by |
272 // the AlgorithmIdentifier's OID. | 274 // the AlgorithmIdentifier's OID. |
273 // | 275 // |
274 // On failure returns a nullptr. | 276 // On failure returns a nullptr. |
(...skipping 340 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
615 return nullptr; | 617 return nullptr; |
616 } | 618 } |
617 | 619 |
618 SignatureAlgorithm::SignatureAlgorithm( | 620 SignatureAlgorithm::SignatureAlgorithm( |
619 SignatureAlgorithmId algorithm, | 621 SignatureAlgorithmId algorithm, |
620 DigestAlgorithm digest, | 622 DigestAlgorithm digest, |
621 scoped_ptr<SignatureAlgorithmParameters> params) | 623 scoped_ptr<SignatureAlgorithmParameters> params) |
622 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {} | 624 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {} |
623 | 625 |
624 } // namespace net | 626 } // namespace net |
OLD | NEW |