net/quic/crypto/proof_verifier_chromium.cc - Issue 22647002: Add support to QUIC for QUIC_VERSION_8: for RSA-PSS signatures, set

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 22647002: Add support to QUIC for QUIC_VERSION_8: for RSA-PSS signatures, set (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/quic/crypto/proof_verifier_chromium.cc

===================================================================

--- net/quic/crypto/proof_verifier_chromium.cc (revision 216255)

+++ net/quic/crypto/proof_verifier_chromium.cc (working copy)

@@ -42,6 +42,7 @@

}

ProofVerifierChromium::Status ProofVerifierChromium::VerifyProof(

+ QuicVersion version,

const string& hostname,

const string& server_config,

const vector<string>& certs,

@@ -89,7 +90,7 @@

// We call VerifySignature first to avoid copying of server_config and

// signature.

- if (!VerifySignature(server_config, signature, certs[0])) {

+ if (!VerifySignature(version, server_config, signature, certs[0])) {

*error_details = "Failed to verify signature of server config";

DLOG(WARNING) << *error_details;

verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID;

@@ -176,7 +177,8 @@

return result;

}

-bool ProofVerifierChromium::VerifySignature(const string& signed_data,

+bool ProofVerifierChromium::VerifySignature(QuicVersion version,

+ const string& signed_data,

const string& signature,

const string& cert) {

StringPiece spki;

@@ -196,8 +198,8 @@

crypto::SignatureVerifier::SHA256;

crypto::SignatureVerifier::HashAlgorithm mask_hash_alg = hash_alg;

unsigned int hash_len = 32; // 32 is the length of a SHA-256 hash.

- // TODO(wtc): change this to hash_len when we can change the wire format.

- unsigned int salt_len = signature.size() - hash_len - 2;

+ unsigned int salt_len =

+ version >= QUIC_VERSION_8 ? hash_len : signature.size() - hash_len - 2;

wtc 2013/08/08 00:37:33 This is the most important change, which selects t

bool ok = verifier.VerifyInitRSAPSS(

hash_alg, mask_hash_alg, salt_len,

« no previous file with comments | « net/quic/crypto/proof_verifier_chromium.h ('k') | net/quic/quic_crypto_client_stream.cc » ('j') | no next file with comments »