Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(229)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_policy.cc

Issue 2349103002: Include the RSA key modulus size in error message when it is too small. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/internal/cert_error_params.h ('K') | « net/cert/internal/cert_error_params.cc ('k') | net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_policy.h" 5 #include "net/cert/internal/signature_policy.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "net/cert/internal/cert_error_params.h"
8 #include "net/cert/internal/cert_errors.h" 9 #include "net/cert/internal/cert_errors.h"
9 10
10 #include <openssl/obj.h> 11 #include <openssl/obj.h>
11 12
12 namespace net { 13 namespace net {
13 14
14 namespace { 15 namespace {
15 16
16 DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa, 17 DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa,
17 "Only P-256, P-384, P-521 are supported for ECDSA"); 18 "Only P-256, P-384, P-521 are supported for ECDSA");
18 DEFINE_CERT_ERROR_ID(kRsaModulusLessThan2048,
19 "RSA modulus must be at least 2048 bits");
20 DEFINE_CERT_ERROR_ID(kRsaModulusTooSmall, "RSA modulus too small"); 19 DEFINE_CERT_ERROR_ID(kRsaModulusTooSmall, "RSA modulus too small");
21 20
21 bool IsModulusSizeGreaterOrEqual(size_t modulus_length_bits,
22 size_t min_length_bits,
23 CertErrors* errors) {
24 if (modulus_length_bits < min_length_bits) {
25 errors->AddError(kRsaModulusTooSmall,
26 CreateCertErrorParamsSizeT("actual", modulus_length_bits,
27 "minimum", min_length_bits));
28 return false;
29 }
30 return true;
31 }
32
22 } // namespace 33 } // namespace
23 34
24 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( 35 bool SignaturePolicy::IsAcceptableSignatureAlgorithm(
25 const SignatureAlgorithm& algorithm, 36 const SignatureAlgorithm& algorithm,
26 CertErrors* errors) const { 37 CertErrors* errors) const {
27 return true; 38 return true;
28 } 39 }
29 40
30 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid, 41 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid,
31 CertErrors* errors) const { 42 CertErrors* errors) const {
32 switch (curve_nid) { 43 switch (curve_nid) {
33 case NID_X9_62_prime256v1: 44 case NID_X9_62_prime256v1:
34 case NID_secp384r1: 45 case NID_secp384r1:
35 case NID_secp521r1: 46 case NID_secp521r1:
36 return true; 47 return true;
37 } 48 }
38 49
39 errors->AddError(kUnacceptableCurveForEcdsa); 50 errors->AddError(kUnacceptableCurveForEcdsa);
40 return false; 51 return false;
41 } 52 }
42 53
43 bool SignaturePolicy::IsAcceptableModulusLengthForRsa( 54 bool SignaturePolicy::IsAcceptableModulusLengthForRsa(
44 size_t modulus_length_bits, 55 size_t modulus_length_bits,
45 CertErrors* errors) const { 56 CertErrors* errors) const {
46 if (modulus_length_bits < 2048) { 57 return IsModulusSizeGreaterOrEqual(modulus_length_bits, 2048, errors);
47 // TODO(crbug.com/634443): Add a parameter for actual modulus size.
48 errors->AddError(kRsaModulusLessThan2048);
49 return false;
50 }
51
52 return true;
53 } 58 }
54 59
55 SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits) 60 SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits)
56 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} 61 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {}
57 62
58 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( 63 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa(
59 size_t modulus_length_bits, 64 size_t modulus_length_bits,
60 CertErrors* errors) const { 65 CertErrors* errors) const {
61 if (modulus_length_bits < min_rsa_modulus_length_bits_) { 66 return IsModulusSizeGreaterOrEqual(modulus_length_bits,
62 // TODO(crbug.com/634443): Add parameters for actual and expected modulus 67 min_rsa_modulus_length_bits_, errors);
63 // size.
64 errors->AddError(kRsaModulusTooSmall);
65 return false;
66 }
67
68 return true;
69 } 68 }
70 69
71 } // namespace net 70 } // namespace net
OLDNEW
« net/cert/internal/cert_error_params.h ('K') | « net/cert/internal/cert_error_params.cc ('k') | net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698