Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for

net/cert/internal/signature_algorithm.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/internal/signature_algorithm.h"
 
 #include <memory>
 #include <utility>
 
 #include "base/memory/ptr_util.h"
@@ skipping 495 matching lines @@
   // There must not be any unconsumed data left. (RFC 5912 does not explicitly
   // include an extensibility point for RSASSA-PSS-params)
   if (params_parser.HasMore())
     return nullptr;
 
   return SignatureAlgorithm::CreateRsaPss(hash, mgf1_hash, salt_length);
 }
 
 }  // namespace
 
-WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input,
+WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input& input,
                                            DigestAlgorithm* out) {
   der::Input oid;
   der::Input params;
   if (!ParseAlgorithmIdentifier(input, &oid, &params))
     return false;
 
   DigestAlgorithm hash;
 
   if (oid == der::Input(kOidSha1)) {
     hash = DigestAlgorithm::Sha1;
@@ skipping 104 matching lines @@
       SignatureAlgorithmId::RsaPss, digest,
       base::MakeUnique<RsaPssParameters>(mgf1_hash, salt_length)));
 }
 
 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
   if (algorithm_ == SignatureAlgorithmId::RsaPss)
     return static_cast<RsaPssParameters*>(params_.get());
   return nullptr;
 }
 
+bool SignatureAlgorithm::IsEquivalent(const der::Input& alg1_tlv,
+                                      const der::Input& alg2_tlv) {
+  if (alg1_tlv == alg2_tlv)
+    return true;
+
+  auto alg1 = Create(alg1_tlv, nullptr);
+  auto alg2 = Create(alg2_tlv, nullptr);

[Ryan Sleevi, 2017/03/09 00:45:26]

I think this runs afoul of several of the principles in The type aids clarity to
the reader - https://google.github.io/styleguide/cppguide.html#auto

- The type is not clear from surrounding context (this isn't a new / make_unique
style allocation)
- The type matters because it's more than just 'simple' equality comparison

[eroman, 2017/03/09 01:09:44]

Done.

+
+  // Do checks that apply to all algorithms.
+  if (!alg1 || !alg2 || (alg1->algorithm() != alg2->algorithm()) ||
+      (alg1->digest() != alg2->digest())) {
+    return false;
+  }
+
+  // Check algorithm-specific parameters for equality.
+  switch (alg1->algorithm()) {
+    case SignatureAlgorithmId::RsaPkcs1:
+    case SignatureAlgorithmId::Ecdsa:
+      DCHECK(!alg1->has_params());
+      DCHECK(!alg2->has_params());
+      return true;
+    case SignatureAlgorithmId::RsaPss: {
+      const auto* params1 = alg1->ParamsForRsaPss();
+      const auto* params2 = alg2->ParamsForRsaPss();

[Ryan Sleevi, 2017/03/09 00:45:26]

ditto here

[eroman, 2017/03/09 01:09:44]

Done.

+      return params1 && params2 &&
+             (params1->salt_length() == params2->salt_length()) &&
+             (params1->mgf1_hash() == params2->mgf1_hash());
+    }
+  }
+
+  return false;
+}
+
 SignatureAlgorithm::SignatureAlgorithm(
     SignatureAlgorithmId algorithm,
     DigestAlgorithm digest,
     std::unique_ptr<SignatureAlgorithmParameters> params)
     : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {}
 
 }  // namespace net