net/cert/asn1_util.cc - Issue 2731603002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/asn1_util.cc

Issue 2731603002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for (Closed)

Patch Set: Use rsleevi's background comment Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/asn1_util.cc

diff --git a/net/cert/asn1_util.cc b/net/cert/asn1_util.cc

index 97e12dfc45ae72cab4f032b2159b62ae40170898..1cbd201f472bd06c12a0a78e3eaa13f30590b67a 100644

--- a/net/cert/asn1_util.cc

+++ b/net/cert/asn1_util.cc

@@ -340,6 +340,58 @@ bool HasTLSFeatureExtension(base::StringPiece cert) {

return false;

}

+bool ExtractSignatureAlgorithmsFromDERCert(

+ base::StringPiece cert,

+ base::StringPiece* cert_signature_algorithm_sequence,

+ base::StringPiece* tbs_signature_algorithm_sequence) {

+ // From RFC 5280, section 4.1

+ // Certificate ::= SEQUENCE {

+ // tbsCertificate TBSCertificate,

+ // signatureAlgorithm AlgorithmIdentifier,

+ // signatureValue BIT STRING }

+ // TBSCertificate ::= SEQUENCE {

+ // version [0] EXPLICIT Version DEFAULT v1,

+ // serialNumber CertificateSerialNumber,

+ // signature AlgorithmIdentifier,

+ // issuer Name,

+ // validity Validity,

+ // subject Name,

+ // subjectPublicKeyInfo SubjectPublicKeyInfo,

+ // ... }

+ der::Parser parser((der::Input(cert)));

+ der::Parser certificate;

+ if (!parser.ReadSequence(&certificate))

+ return false;

+ der::Parser tbs_certificate;

+ if (!certificate.ReadSequence(&tbs_certificate))

+ return false;

+ bool unused;

+ if (!tbs_certificate.SkipOptionalTag(

+ der::kTagConstructed | der::kTagContextSpecific | 0, &unused)) {

+ return false;

+ }

+ // serialNumber

+ if (!tbs_certificate.SkipTag(der::kInteger))

+ return false;

+ // signature

+ der::Input tbs_algorithm;

+ if (!tbs_certificate.ReadRawTLV(&tbs_algorithm))

+ return false;

+ der::Input cert_algorithm;

+ if (!certificate.ReadRawTLV(&cert_algorithm))

+ return false;

+ *cert_signature_algorithm_sequence = cert_algorithm.AsStringPiece();

+ *tbs_signature_algorithm_sequence = tbs_algorithm.AsStringPiece();

+ return true;

} // namespace asn1

} // namespace net

« no previous file with comments | « net/cert/asn1_util.h ('k') | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »