OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/signature_policy.h" | 5 #include "net/cert/internal/signature_policy.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "net/cert/internal/cert_error_params.h" | 8 #include "net/cert/internal/cert_error_params.h" |
9 #include "net/cert/internal/cert_errors.h" | 9 #include "net/cert/internal/cert_errors.h" |
10 #include "third_party/boringssl/src/include/openssl/obj.h" | 10 #include "third_party/boringssl/src/include/openssl/obj.h" |
(...skipping 16 matching lines...) Expand all Loading... | |
27 return false; | 27 return false; |
28 } | 28 } |
29 return true; | 29 return true; |
30 } | 30 } |
31 | 31 |
32 } // namespace | 32 } // namespace |
33 | 33 |
34 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( | 34 bool SignaturePolicy::IsAcceptableSignatureAlgorithm( |
35 const SignatureAlgorithm& algorithm, | 35 const SignatureAlgorithm& algorithm, |
36 CertErrors* errors) const { | 36 CertErrors* errors) const { |
37 // Don't allow MD2, MD4, or MD5. | |
Ryan Sleevi
2017/03/07 20:26:34
Is this comment in the wrong place?
| |
38 switch (algorithm.algorithm()) { | |
39 case SignatureAlgorithmId::Ecdsa: | |
40 case SignatureAlgorithmId::RsaPss: | |
41 case SignatureAlgorithmId::RsaPkcs1: | |
42 break; | |
43 } | |
Ryan Sleevi
2017/03/07 20:26:34
It's unclear the purpose of this switch (I suspect
eroman
2017/03/07 20:41:06
Thanks.
I have improved the organization and code
| |
44 | |
45 switch (algorithm.digest()) { | |
46 case DigestAlgorithm::Md2: | |
47 case DigestAlgorithm::Md4: | |
48 case DigestAlgorithm::Md5: | |
49 return false; | |
50 | |
51 case DigestAlgorithm::Sha1: | |
52 case DigestAlgorithm::Sha256: | |
53 case DigestAlgorithm::Sha384: | |
54 case DigestAlgorithm::Sha512: | |
55 break; | |
56 } | |
57 | |
58 if (algorithm.ParamsForRsaPss()) { | |
59 switch (algorithm.ParamsForRsaPss()->mgf1_hash()) { | |
60 case DigestAlgorithm::Md2: | |
61 case DigestAlgorithm::Md4: | |
62 case DigestAlgorithm::Md5: | |
63 return false; | |
64 | |
65 case DigestAlgorithm::Sha1: | |
66 case DigestAlgorithm::Sha256: | |
67 case DigestAlgorithm::Sha384: | |
68 case DigestAlgorithm::Sha512: | |
69 break; | |
70 } | |
71 } | |
72 | |
37 return true; | 73 return true; |
38 } | 74 } |
39 | 75 |
40 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid, | 76 bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid, |
41 CertErrors* errors) const { | 77 CertErrors* errors) const { |
42 switch (curve_nid) { | 78 switch (curve_nid) { |
43 case NID_X9_62_prime256v1: | 79 case NID_X9_62_prime256v1: |
44 case NID_secp384r1: | 80 case NID_secp384r1: |
45 case NID_secp521r1: | 81 case NID_secp521r1: |
46 return true; | 82 return true; |
(...skipping 13 matching lines...) Expand all Loading... | |
60 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} | 96 : min_rsa_modulus_length_bits_(min_rsa_modulus_length_bits) {} |
61 | 97 |
62 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( | 98 bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa( |
63 size_t modulus_length_bits, | 99 size_t modulus_length_bits, |
64 CertErrors* errors) const { | 100 CertErrors* errors) const { |
65 return IsModulusSizeGreaterOrEqual(modulus_length_bits, | 101 return IsModulusSizeGreaterOrEqual(modulus_length_bits, |
66 min_rsa_modulus_length_bits_, errors); | 102 min_rsa_modulus_length_bits_, errors); |
67 } | 103 } |
68 | 104 |
69 } // namespace net | 105 } // namespace net |
OLD | NEW |