diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-17 19:05:15 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-17 19:05:15 +0000 |
| commit | 659ba74332cd6353af762787efdde4f78c51bafa (patch) | |
| tree | 970f97756d7dc6a1c5ae248084eff4fa62f27e21 /net | |
| parent | 1218f337b58d7f56e15ae816bb7901dc32e4f160 (diff) | |
| download | chromium_src-659ba74332cd6353af762787efdde4f78c51bafa.zip chromium_src-659ba74332cd6353af762787efdde4f78c51bafa.tar.gz chromium_src-659ba74332cd6353af762787efdde4f78c51bafa.tar.bz2 | |
net: support SHA512 hashes in DNSSEC chains.
Patch-by: Simon Arlott
BUG=122239
TEST=https://chromium-122239.test.lp0.eu/
Review URL: http://codereview.chromium.org/10082010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132612 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/dns_util.h | 1 | ||||
| -rw-r--r-- | net/base/dnssec_keyset.cc | 27 |
2 files changed, 23 insertions, 5 deletions
diff --git a/net/base/dns_util.h b/net/base/dns_util.h index 2bd3eda..a991521 100644 --- a/net/base/dns_util.h +++ b/net/base/dns_util.h @@ -60,6 +60,7 @@ static const uint16 kDNS_TESTING = 0xfffe; // in private use area. static const uint8 kDNSSEC_RSA_SHA1 = 5; static const uint8 kDNSSEC_RSA_SHA1_NSEC3 = 7; static const uint8 kDNSSEC_RSA_SHA256 = 8; +static const uint8 kDNSSEC_RSA_SHA512 = 10; // RFC 4509 static const uint8 kDNSSEC_SHA1 = 1; diff --git a/net/base/dnssec_keyset.cc b/net/base/dnssec_keyset.cc index 9d81f9d..133d158 100644 --- a/net/base/dnssec_keyset.cc +++ b/net/base/dnssec_keyset.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -16,13 +16,25 @@ namespace { -// These are encoded AlgorithmIdentifiers for the given signature algorithm. +// These are encoded AlgorithmIdentifiers for the given signature algorithm +// from RFC 4055. + +// 1.2.840.113549.1.1.5 const unsigned char kRSAWithSHA1[] = { - 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 5, 0 + 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0xd, 0x1, 0x1, 0x5, 0x5, 0x0, }; +// 1.2.840.113549.1.1.11 const unsigned char kRSAWithSHA256[] = { - 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xb, 5, 0 + 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0xd, 0x1, 0x1, 0xb, 0x5, 0x0, +}; + +// 1.2.840.113549.1.1.13 +const unsigned char kRSAWithSHA512[] = { + 0x30, 0xd, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0xd, 0x1, 0x1, 0xd, 0x5, 0x0, }; } // namespace @@ -143,6 +155,10 @@ bool DNSSECKeySet::CheckSignature( signature_algorithm = base::StringPiece( reinterpret_cast<const char*>(kRSAWithSHA256), sizeof(kRSAWithSHA256)); + } else if (algorithm == kDNSSEC_RSA_SHA512) { + signature_algorithm = base::StringPiece( + reinterpret_cast<const char*>(kRSAWithSHA512), + sizeof(kRSAWithSHA512)); } else { // Unknown algorithm. return false; @@ -330,7 +346,8 @@ std::string DNSSECKeySet::ASN1WrapDNSKEY(const base::StringPiece& dnskey) { const uint8 algorithm = data[3]; if (algorithm != kDNSSEC_RSA_SHA1 && algorithm != kDNSSEC_RSA_SHA1_NSEC3 && - algorithm != kDNSSEC_RSA_SHA256) { + algorithm != kDNSSEC_RSA_SHA256 && + algorithm != kDNSSEC_RSA_SHA512) { return ""; } |