Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(191)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/signature_algorithm.cc

Issue 2750723002: Check TBSCertificate.algorithm and Certificate.signatureAlgorithm for consistency when verifying ce… (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/signature_algorithm.cc
diff --git a/net/cert/internal/signature_algorithm.cc b/net/cert/internal/signature_algorithm.cc
index 9853ac024988d47ea2c051313497b71487af5cdb..285ae61dc054a75e3cfdc0276122a39224514748 100644
--- a/net/cert/internal/signature_algorithm.cc
+++ b/net/cert/internal/signature_algorithm.cc
@@ -513,7 +513,7 @@ std::unique_ptr<SignatureAlgorithm> ParseRsaPss(const der::Input& params) {
} // namespace
-WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input input,
+WARN_UNUSED_RESULT bool ParseHashAlgorithm(const der::Input& input,
DigestAlgorithm* out) {
der::Input oid;
der::Input params;
@@ -638,6 +638,39 @@ const RsaPssParameters* SignatureAlgorithm::ParamsForRsaPss() const {
return nullptr;
}
+bool SignatureAlgorithm::IsEquivalent(const der::Input& alg1_tlv,
+ const der::Input& alg2_tlv) {
+ if (alg1_tlv == alg2_tlv)
+ return true;
+
+ std::unique_ptr<SignatureAlgorithm> alg1 = Create(alg1_tlv, nullptr);
+ std::unique_ptr<SignatureAlgorithm> alg2 = Create(alg2_tlv, nullptr);
+
+ // Do checks that apply to all algorithms.
+ if (!alg1 || !alg2 || (alg1->algorithm() != alg2->algorithm()) ||
+ (alg1->digest() != alg2->digest())) {
+ return false;
+ }
+
+ // Check algorithm-specific parameters for equality.
+ switch (alg1->algorithm()) {
+ case SignatureAlgorithmId::RsaPkcs1:
+ case SignatureAlgorithmId::Ecdsa:
+ DCHECK(!alg1->has_params());
+ DCHECK(!alg2->has_params());
+ return true;
+ case SignatureAlgorithmId::RsaPss: {
+ const RsaPssParameters* params1 = alg1->ParamsForRsaPss();
+ const RsaPssParameters* params2 = alg2->ParamsForRsaPss();
+ return params1 && params2 &&
+ (params1->salt_length() == params2->salt_length()) &&
+ (params1->mgf1_hash() == params2->mgf1_hash());
+ }
+ }
+
+ return false;
+}
+
SignatureAlgorithm::SignatureAlgorithm(
SignatureAlgorithmId algorithm,
DigestAlgorithm digest,
« no previous file with comments | « net/cert/internal/signature_algorithm.h ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698