Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/signature_algorithm.cc

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/signature_algorithm.h" 5 #include "net/cert/internal/signature_algorithm.h"
6 6
7 #include <memory> 7 #include <memory>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
(...skipping 495 matching lines...) Expand 10 before | Expand all | Expand 10 after
506 // There must not be any unconsumed data left. (RFC 5912 does not explicitly 506 // There must not be any unconsumed data left. (RFC 5912 does not explicitly
507 // include an extensibility point for RSASSA-PSS-params) 507 // include an extensibility point for RSASSA-PSS-params)
508 if (params_parser.HasMore()) 508 if (params_parser.HasMore())
509 return nullptr; 509 return nullptr;
510 510
511 return SignatureAlgorithm::CreateRsaPss(hash, mgf1_hash, salt_length); 511 return SignatureAlgorithm::CreateRsaPss(hash, mgf1_hash, salt_length);
512 } 512 }
513 513
514 } // namespace 514 } // namespace
515 515
516 WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input, 516 WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input& input,
517 DigestAlgorithm* out) { 517 DigestAlgorithm* out) {
518 der::Input oid; 518 der::Input oid;
519 der::Input params; 519 der::Input params;
520 if (!ParseAlgorithmIdentifier(input, &oid, &params)) 520 if (!ParseAlgorithmIdentifier(input, &oid, &params))
521 return false; 521 return false;
522 522
523 DigestAlgorithm hash; 523 DigestAlgorithm hash;
524 524
525 if (oid == der::Input(kOidSha1)) { 525 if (oid == der::Input(kOidSha1)) {
526 hash = DigestAlgorithm::Sha1; 526 hash = DigestAlgorithm::Sha1;
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
631 SignatureAlgorithmId::RsaPss, digest, 631 SignatureAlgorithmId::RsaPss, digest,
632 base::MakeUnique<RsaPssParameters>(mgf1_hash, salt_length))); 632 base::MakeUnique<RsaPssParameters>(mgf1_hash, salt_length)));
633 } 633 }
634 634
635 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const { 635 const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
636 if (algorithm_ == SignatureAlgorithmId::RsaPss) 636 if (algorithm_ == SignatureAlgorithmId::RsaPss)
637 return static_cast<RsaPssParameters*>(params_.get()); 637 return static_cast<RsaPssParameters*>(params_.get());
638 return nullptr; 638 return nullptr;
639 } 639 }
640 640
641 bool SignatureAlgorithm::IsEquivalent(const der::Input& alg1_tlv,
642 const der::Input& alg2_tlv) {
643 if (alg1_tlv == alg2_tlv)
644 return true;
645
646 std::unique_ptr<SignatureAlgorithm> alg1 = Create(alg1_tlv, nullptr);
647 std::unique_ptr<SignatureAlgorithm> alg2 = Create(alg2_tlv, nullptr);
648
649 // Do checks that apply to all algorithms.
650 if (!alg1 || !alg2 || (alg1->algorithm() != alg2->algorithm()) ||
651 (alg1->digest() != alg2->digest())) {
652 return false;
653 }
654
655 // Check algorithm-specific parameters for equality.
656 switch (alg1->algorithm()) {
657 case SignatureAlgorithmId::RsaPkcs1:
658 case SignatureAlgorithmId::Ecdsa:
659 DCHECK(!alg1->has_params());
660 DCHECK(!alg2->has_params());
661 return true;
662 case SignatureAlgorithmId::RsaPss: {
663 const RsaPssParameters* params1 = alg1->ParamsForRsaPss();
664 const RsaPssParameters* params2 = alg2->ParamsForRsaPss();
665 return params1 && params2 &&
666 (params1->salt_length() == params2->salt_length()) &&
667 (params1->mgf1_hash() == params2->mgf1_hash());
668 }
669 }
670
671 return false;
672 }
673
641 SignatureAlgorithm::SignatureAlgorithm( 674 SignatureAlgorithm::SignatureAlgorithm(
642 SignatureAlgorithmId algorithm, 675 SignatureAlgorithmId algorithm,
643 DigestAlgorithm digest, 676 DigestAlgorithm digest,
644 std::unique_ptr<SignatureAlgorithmParameters> params) 677 std::unique_ptr<SignatureAlgorithmParameters> params)
645 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {} 678 : algorithm_(algorithm), digest_(digest), params_(std::move(params)) {}
646 679
647 } // namespace net 680 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698