Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1075)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier_nss.cc

Issue 67073004: Certificate Transparency: Style fixes following review of issue 55953002. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/ct_log_verifier_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_log_verifier.h" 5 #include "net/cert/ct_log_verifier.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <keyhi.h> 8 #include <keyhi.h>
9 #include <nss.h> 9 #include <nss.h>
10 #include <pk11pub.h> 10 #include <pk11pub.h>
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
56 } 56 }
57 } 57 }
58 58
59 } // namespace 59 } // namespace
60 60
61 CTLogVerifier::~CTLogVerifier() { 61 CTLogVerifier::~CTLogVerifier() {
62 if (public_key_) 62 if (public_key_)
63 SECKEY_DestroyPublicKey(public_key_); 63 SECKEY_DestroyPublicKey(public_key_);
64 } 64 }
65 65
66 CTLogVerifier::CTLogVerifier() : 66 CTLogVerifier::CTLogVerifier()
67 hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE), 67 : hash_algorithm_(ct::DigitallySigned::HASH_ALGO_NONE),
68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS), 68 signature_algorithm_(ct::DigitallySigned::SIG_ALGO_ANONYMOUS),
69 public_key_(NULL) {} 69 public_key_(NULL) {}
70 70
71 bool CTLogVerifier::Init(const base::StringPiece& public_key, 71 bool CTLogVerifier::Init(const base::StringPiece& public_key,
72 const base::StringPiece& description) { 72 const base::StringPiece& description) {
73 SECItem key_data; 73 SECItem key_data;
74 74
75 crypto::EnsureNSSInit(); 75 crypto::EnsureNSSInit();
76 76
77 key_data.data = reinterpret_cast<unsigned char*>( 77 key_data.data = reinterpret_cast<unsigned char*>(
78 const_cast<char*>(public_key.data())); 78 const_cast<char*>(public_key.data()));
79 key_data.len = public_key.size(); 79 key_data.len = public_key.size();
(...skipping 21 matching lines...) Expand all
101 switch (SECKEY_GetPublicKeyType(public_key_)) { 101 switch (SECKEY_GetPublicKeyType(public_key_)) {
102 case rsaKey: 102 case rsaKey:
103 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 103 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
104 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA; 104 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_RSA;
105 break; 105 break;
106 case ecKey: 106 case ecKey:
107 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256; 107 hash_algorithm_ = ct::DigitallySigned::HASH_ALGO_SHA256;
108 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA; 108 signature_algorithm_ = ct::DigitallySigned::SIG_ALGO_ECDSA;
109 break; 109 break;
110 default: 110 default:
111 DVLOG(1) << "Unsupported key type: " << 111 DVLOG(1) << "Unsupported key type: "
112 SECKEY_GetPublicKeyType(public_key_); 112 << SECKEY_GetPublicKeyType(public_key_);
113 return false; 113 return false;
114 } 114 }
115 115
116 // Extra sanity check: Require RSA keys of at least 2048 bits. 116 // Extra sanity check: Require RSA keys of at least 2048 bits.
117 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA && 117 if (signature_algorithm_ == ct::DigitallySigned::SIG_ALGO_RSA &&
118 SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) { 118 SECKEY_PublicKeyStrengthInBits(public_key_) < 2048) {
119 DVLOG(1) << "Too small a public key."; 119 DVLOG(1) << "Too small a public key.";
120 return false; 120 return false;
121 } 121 }
122 122
(...skipping 10 matching lines...) Expand all
133 SECStatus rv = VFY_VerifyDataDirect( 133 SECStatus rv = VFY_VerifyDataDirect(
134 reinterpret_cast<const unsigned char*>(data_to_sign.data()), 134 reinterpret_cast<const unsigned char*>(data_to_sign.data()),
135 data_to_sign.size(), public_key_, &sig_data, 135 data_to_sign.size(), public_key_, &sig_data,
136 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_), 136 GetNSSSigAlg(signature_algorithm_), GetNSSHashAlg(hash_algorithm_),
137 NULL, NULL); 137 NULL, NULL);
138 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess); 138 DVLOG(1) << "Signature verification result: " << (rv == SECSuccess);
139 return rv == SECSuccess; 139 return rv == SECSuccess;
140 } 140 }
141 141
142 } // namespace net 142 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/ct_log_verifier_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698