Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_signed_data.cc

Issue 2750703002: Add support for MD2, MD4, and MD5 to SignatureAlgorithm. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/signature_policy.cc ('k') | net/cert/x509_util_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_signed_data.h" 5 #include "net/cert/internal/verify_signed_data.h"
6 6
7 #include "base/compiler_specific.h" 7 #include "base/compiler_specific.h"
8 #include "base/logging.h" 8 #include "base/logging.h"
9 #include "base/numerics/safe_math.h" 9 #include "base/numerics/safe_math.h"
10 #include "crypto/openssl_util.h" 10 #include "crypto/openssl_util.h"
(...skipping 22 matching lines...) Expand all
33 DEFINE_CERT_ERROR_ID(kUnacceptableEcdsaCurve, 33 DEFINE_CERT_ERROR_ID(kUnacceptableEcdsaCurve,
34 "Unacceptable curve for ECDSA key"); 34 "Unacceptable curve for ECDSA key");
35 DEFINE_CERT_ERROR_ID(kSignatureVerificationFailed, 35 DEFINE_CERT_ERROR_ID(kSignatureVerificationFailed,
36 "Signature verification failed"); 36 "Signature verification failed");
37 37
38 // Converts a DigestAlgorithm to an equivalent EVP_MD*. 38 // Converts a DigestAlgorithm to an equivalent EVP_MD*.
39 WARN_UNUSED_RESULT bool GetDigest(DigestAlgorithm digest, const EVP_MD** out) { 39 WARN_UNUSED_RESULT bool GetDigest(DigestAlgorithm digest, const EVP_MD** out) {
40 *out = nullptr; 40 *out = nullptr;
41 41
42 switch (digest) { 42 switch (digest) {
43 case DigestAlgorithm::Md2:
44 case DigestAlgorithm::Md4:
45 case DigestAlgorithm::Md5:
46 // Unsupported.
47 break;
43 case DigestAlgorithm::Sha1: 48 case DigestAlgorithm::Sha1:
44 *out = EVP_sha1(); 49 *out = EVP_sha1();
45 break; 50 break;
46 case DigestAlgorithm::Sha256: 51 case DigestAlgorithm::Sha256:
47 *out = EVP_sha256(); 52 *out = EVP_sha256();
48 break; 53 break;
49 case DigestAlgorithm::Sha384: 54 case DigestAlgorithm::Sha384:
50 *out = EVP_sha384(); 55 *out = EVP_sha384();
51 break; 56 break;
52 case DigestAlgorithm::Sha512: 57 case DigestAlgorithm::Sha512:
(...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after
285 290
286 } // namespace 291 } // namespace
287 292
288 bool VerifySignedData(const SignatureAlgorithm& signature_algorithm, 293 bool VerifySignedData(const SignatureAlgorithm& signature_algorithm,
289 const der::Input& signed_data, 294 const der::Input& signed_data,
290 const der::BitString& signature_value, 295 const der::BitString& signature_value,
291 const der::Input& public_key_spki, 296 const der::Input& public_key_spki,
292 const SignaturePolicy* policy, 297 const SignaturePolicy* policy,
293 CertErrors* errors) { 298 CertErrors* errors) {
294 if (!policy->IsAcceptableSignatureAlgorithm(signature_algorithm, errors)) { 299 if (!policy->IsAcceptableSignatureAlgorithm(signature_algorithm, errors)) {
300 // TODO(crbug.com/634443): Include the DER for the AlgorithmIdentifier
295 errors->AddError(kUnacceptableSignatureAlgorithm); 301 errors->AddError(kUnacceptableSignatureAlgorithm);
296 return false; 302 return false;
297 } 303 }
298 304
299 bssl::UniquePtr<EVP_PKEY> public_key; 305 bssl::UniquePtr<EVP_PKEY> public_key;
300 306
301 // Parse the SPKI to an EVP_PKEY appropriate for the signature algorithm. 307 // Parse the SPKI to an EVP_PKEY appropriate for the signature algorithm.
302 switch (signature_algorithm.algorithm()) { 308 switch (signature_algorithm.algorithm()) {
303 case SignatureAlgorithmId::RsaPkcs1: 309 case SignatureAlgorithmId::RsaPkcs1:
304 case SignatureAlgorithmId::RsaPss: 310 case SignatureAlgorithmId::RsaPss:
305 if (!ParseRsaKeyFromSpki(public_key_spki, &public_key, policy, errors)) 311 if (!ParseRsaKeyFromSpki(public_key_spki, &public_key, policy, errors))
306 return false; 312 return false;
307 break; 313 break;
308 case SignatureAlgorithmId::Ecdsa: 314 case SignatureAlgorithmId::Ecdsa:
309 if (!ParseEcKeyFromSpki(public_key_spki, &public_key, policy, errors)) 315 if (!ParseEcKeyFromSpki(public_key_spki, &public_key, policy, errors))
310 return false; 316 return false;
311 break; 317 break;
312 } 318 }
313 319
314 if (!DoVerify(signature_algorithm, signed_data, signature_value, 320 if (!DoVerify(signature_algorithm, signed_data, signature_value,
315 public_key.get())) { 321 public_key.get())) {
316 errors->AddError(kSignatureVerificationFailed); 322 errors->AddError(kSignatureVerificationFailed);
317 return false; 323 return false;
318 } 324 }
319 325
320 return true; 326 return true;
321 } 327 }
322 328
323 } // namespace net 329 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/signature_policy.cc ('k') | net/cert/x509_util_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698