Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(97)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/asn1_util.cc

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/asn1_util.h ('k') | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/asn1_util.h" 5 #include "net/cert/asn1_util.h"
6 6
7 #include "net/der/input.h" 7 #include "net/der/input.h"
8 #include "net/der/parser.h" 8 #include "net/der/parser.h"
9 9
10 namespace net { 10 namespace net {
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after
333 // X.509 TLS Feature Extension. 333 // X.509 TLS Feature Extension.
334 static const uint8_t kTLSFeatureExtensionOID[] = {0x2B, 0x06, 0x01, 0x05, 334 static const uint8_t kTLSFeatureExtensionOID[] = {0x2B, 0x06, 0x01, 0x05,
335 0x05, 0x07, 0x01, 0x18}; 335 0x05, 0x07, 0x01, 0x18};
336 if (oid == der::Input(kTLSFeatureExtensionOID)) 336 if (oid == der::Input(kTLSFeatureExtensionOID))
337 return true; 337 return true;
338 } 338 }
339 339
340 return false; 340 return false;
341 } 341 }
342 342
343 bool ExtractSignatureAlgorithmsFromDERCert(
344 base::StringPiece cert,
345 base::StringPiece* cert_signature_algorithm_sequence,
346 base::StringPiece* tbs_signature_algorithm_sequence) {
347 // From RFC 5280, section 4.1
348 // Certificate ::= SEQUENCE {
349 // tbsCertificate TBSCertificate,
350 // signatureAlgorithm AlgorithmIdentifier,
351 // signatureValue BIT STRING }
352
353 // TBSCertificate ::= SEQUENCE {
354 // version [0] EXPLICIT Version DEFAULT v1,
355 // serialNumber CertificateSerialNumber,
356 // signature AlgorithmIdentifier,
357 // issuer Name,
358 // validity Validity,
359 // subject Name,
360 // subjectPublicKeyInfo SubjectPublicKeyInfo,
361 // ... }
362
363 der::Parser parser((der::Input(cert)));
364 der::Parser certificate;
365 if (!parser.ReadSequence(&certificate))
366 return false;
367
368 der::Parser tbs_certificate;
369 if (!certificate.ReadSequence(&tbs_certificate))
370 return false;
371
372 bool unused;
373 if (!tbs_certificate.SkipOptionalTag(
374 der::kTagConstructed | der::kTagContextSpecific | 0, &unused)) {
375 return false;
376 }
377
378 // serialNumber
379 if (!tbs_certificate.SkipTag(der::kInteger))
380 return false;
381 // signature
382 der::Input tbs_algorithm;
383 if (!tbs_certificate.ReadRawTLV(&tbs_algorithm))
384 return false;
385
386 der::Input cert_algorithm;
387 if (!certificate.ReadRawTLV(&cert_algorithm))
388 return false;
389
390 *cert_signature_algorithm_sequence = cert_algorithm.AsStringPiece();
391 *tbs_signature_algorithm_sequence = tbs_algorithm.AsStringPiece();
392 return true;
393 }
394
343 } // namespace asn1 395 } // namespace asn1
344 396
345 } // namespace net 397 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/asn1_util.h ('k') | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698