| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/signature_policy.h" | 5 #include "net/cert/internal/signature_policy.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "net/cert/internal/cert_errors.h" |
| 8 | 9 |
| 9 #include <openssl/obj.h> | 10 #include <openssl/obj.h> |
| 10 | 11 |
| 11 namespace net { | 12 namespace net { |
| 12 | 13 |
| 14 namespace { |
| 15 |
| 16 DEFINE_CERT_ERROR_TYPE(kUnacceptableCurveForEcdsa, |
| 17 "Only P-256, P-384, P-521 are supported for ECDSA"); |
| 18 DEFINE_CERT_ERROR_TYPE(kRsaModulusLessThan2048, |
| 19 "RSA modulus must be at least 2048 bits"); |
| 20 DEFINE_CERT_ERROR_TYPE(kRsaModulusTooSmall, "RSA modulus too small"); |
| 21 |
| 22 } // namespace |
| 23 |
| 13 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( | 24 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( |
| 14 const SignatureAlgorithm& algorithm) const { | 25 const SignatureAlgorithm& algorithm, |
| 26 CertErrors* errors) const { |
| 15 return true; | 27 return true; |
| 16 } | 28 } |
| 17 | 29 |
| 18 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid) const { | 30 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid, |
| 31 CertErrors* errors) const { |
| 19 switch (curve_nid) { | 32 switch (curve_nid) { |
| 20 case NID_X9_62_prime256v1: | 33 case NID_X9_62_prime256v1: |
| 21 case NID_secp384r1: | 34 case NID_secp384r1: |
| 22 case NID_secp521r1: | 35 case NID_secp521r1: |
| 23 return true; | 36 return true; |
| 24 } | 37 } |
| 38 |
| 39 errors->Add(kUnacceptableCurveForEcdsa); |
| 25 return false; | 40 return false; |
| 26 } | 41 } |
| 27 | 42 |
| 28 bool SignaturePolicy::IsAcceptableModulusLengthForRsa( | 43 bool SignaturePolicy::IsAcceptableModulusLengthForRsa( |
| 29 size_t modulus_length_bits) const { | 44 size_t modulus_length_bits, |
| 30 return modulus_length_bits >= 2048; | 45 CertErrors* errors) const { |
| 46 if (modulus_length_bits < 2048) { |
| 47 // TODO(crbug.com/634443): Add a parameter for actual modulus size. |
| 48 errors->Add(kRsaModulusLessThan2048); |
| 49 return false; |
| 50 } |
| 51 |
| 52 return true; |
| 31 } | 53 } |
| 32 | 54 |
| 33 SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits) | 55 SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits) |
| 34 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} | 56 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} |
| 35 | 57 |
| 36 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( | 58 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( |
| 37 size_t modulus_length_bits) const { | 59 size_t modulus_length_bits, |
| 38 return modulus_length_bits >= min_rsa_modulus_length_bits_; | 60 CertErrors* errors) const { |
| 61 if (modulus_length_bits < min_rsa_modulus_length_bits_) { |
| 62 // TODO(crbug.com/634443): Add parameters for actual and expected modulus |
| 63 // size. |
| 64 errors->Add(kRsaModulusTooSmall); |
| 65 return false; |
| 66 } |
| 67 |
| 68 return true; |
| 39 } | 69 } |
| 40 | 70 |
| 41 } // namespace net | 71 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2289363004:
Add error information to VerifySignedData(). (Closed)
