Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(37)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_algorithm.cc

Issue 2731603002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for (Closed)
Patch Set: fix Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verify_proc_unittest.cc ('K') | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | net/cert/internal/verify_certificate_chain.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_algorithm.h" 5 #include "net/cert/internal/signature_algorithm.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
(...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after
506 // There must not be any unconsumed data left. (RFC 5912 does not explicitly 506 // There must not be any unconsumed data left. (RFC 5912 does not explicitly
507 // include an extensibility point for RSASSA-PSS-params) 507 // include an extensibility point for RSASSA-PSS-params)
508 if (params_parser.HasMore()) 508 if (params_parser.HasMore())
509 return nullptr; 509 return nullptr;
510 510
511 return SignatureAlgorithm::CreateRsaPss(hash, mgf1_hash, salt_length); 511 return SignatureAlgorithm::CreateRsaPss(hash, mgf1_hash, salt_length);
512 } 512 }
513 513
514 } // namespace 514 } // namespace
515 515
516 WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input, 516 WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input& input,
517 DigestAlgorithm* out) { 517 DigestAlgorithm* out) {
518 der::Input oid; 518 der::Input oid;
519 der::Input params; 519 der::Input params;
520 if (!ParseAlgorithmIdentifier(input, &oid, &params)) 520 if (!ParseAlgorithmIdentifier(input, &oid, &params))
521 return false; 521 return false;
522 522
523 DigestAlgorithm hash; 523 DigestAlgorithm hash;
524 524
525 if (oid == der::Input(kOidSha1)) { 525 if (oid == der::Input(kOidSha1)) {
526 hash = DigestAlgorithm::Sha1; 526 hash = DigestAlgorithm::Sha1;
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
631 SignatureAlgorithmId::RsaPss, digest, 631 SignatureAlgorithmId::RsaPss, digest,
632 base::MakeUnique<RsaPssParameters>(mgf1_hash, salt_length))); 632 base::MakeUnique<RsaPssParameters>(mgf1_hash, salt_length)));
633 } 633 }
634 634
635 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const { 635 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
636 if (algorithm_ == SignatureAlgorithmId::RsaPss) 636 if (algorithm_ == SignatureAlgorithmId::RsaPss)
637 return static_cast<RsaPssParameters*>(params_.get()); 637 return static_cast<RsaPssParameters*>(params_.get());
638 return nullptr; 638 return nullptr;
639 } 639 }
640 640
641 bool SignatureAlgorithm::IsEquivalent(const der::Input& alg1_tlv,
642 const der::Input& alg2_tlv) {
643 if (alg1_tlv == alg2_tlv)
644 return true;
645
646 auto alg1 = Create(alg1_tlv, nullptr);
647 auto alg2 = Create(alg2_tlv, nullptr);
648
649 if (!alg1 || !alg2 || (alg1->algorithm() != alg2->algorithm()) ||
650 (alg1->digest() != alg2->digest())) {
651 return false;
652 }
653
654 // For simplicity don't check the parsed parameters (only applicable
655 // for RSA-PSS). This does mean RSA-PSS AlgorithmIdentifiers need to
656 // use identical encodings to be considered equivalent by this
657 // function.
658 return !alg1->has_params() && !alg2->has_params();
659 }
660
641 SignatureAlgorithm::SignatureAlgorithm( 661 SignatureAlgorithm::SignatureAlgorithm(
642 SignatureAlgorithmId algorithm, 662 SignatureAlgorithmId algorithm,
643 DigestAlgorithm digest, 663 DigestAlgorithm digest,
644 std::unique_ptr<SignatureAlgorithmParameters> params) 664 std::unique_ptr<SignatureAlgorithmParameters> params)
645 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {} 665 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {}
646 666
647 } // namespace net 667 } // namespace net
OLDNEW
« net/cert/cert_verify_proc_unittest.cc ('K') | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | net/cert/internal/verify_certificate_chain.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698