Google Git
Sign in
quiche/quiche.git/d782fd9e320e16787fba505039b82fd04a9b686e^!/.
commit
d782fd9e320e16787fba505039b82fd04a9b686e
[log]
author
vasilvv <vasilvv@google.com>
Thu Jul 30 04:14:22 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Thu Jul 30 04:15:04 2020 -0700
tree
65754f728265cc4a50491b16b730a505b7495abe
parent
5c1d7d8a3746f4cb74f9bcf7da910fef4299ae98 [diff]
Fix a typo in CertificateView that prevented P-256 from working.

PiperOrigin-RevId: 323976495
Change-Id: I0c335a8fabf8dcf5ea9b93fe5ae14898d981d0ab

diff --git a/quic/core/crypto/certificate_view.cc b/quic/core/crypto/certificate_view.cc
index fa6b30c..36b6d3f 100644
--- a/quic/core/crypto/certificate_view.cc
+++ b/quic/core/crypto/certificate_view.cc

@@ -91,7 +91,7 @@
     case SSL_SIGN_RSA_PSS_RSAE_SHA256:
       return PublicKeyType::kRsa;
     case SSL_SIGN_ECDSA_SECP256R1_SHA256:
-      return PublicKeyType::kP384;
+      return PublicKeyType::kP256;
     case SSL_SIGN_ECDSA_SECP384R1_SHA384:
       return PublicKeyType::kP384;
     case SSL_SIGN_ED25519:
@@ -508,8 +508,7 @@
 
 std::string CertificatePrivateKey::Sign(QuicheStringPiece input,
                                         uint16_t signature_algorithm) {
-  if (PublicKeyTypeFromSignatureAlgorithm(signature_algorithm) !=
-      PublicKeyTypeFromKey(private_key_.get())) {
+  if (!ValidForSignatureAlgorithm(signature_algorithm)) {
     QUIC_BUG << "Mismatch between the requested signature algorithm and the "
                 "type of the private key.";
     return "";
@@ -551,4 +550,10 @@
   return EVP_PKEY_cmp(view.public_key(), private_key_.get()) == 1;
 }
 
+bool CertificatePrivateKey::ValidForSignatureAlgorithm(
+    uint16_t signature_algorithm) {
+  return PublicKeyTypeFromSignatureAlgorithm(signature_algorithm) ==
+         PublicKeyTypeFromKey(private_key_.get());
+}
+
 }  // namespace quic

diff --git a/quic/core/crypto/certificate_view.h b/quic/core/crypto/certificate_view.h
index 13bb5ff..085d68d 100644
--- a/quic/core/crypto/certificate_view.h
+++ b/quic/core/crypto/certificate_view.h

@@ -105,6 +105,10 @@
   // certificate |view|.
   bool MatchesPublicKey(const CertificateView& view);
 
+  // Verifies that the private key can be used with the specified TLS signature
+  // algorithm.
+  bool ValidForSignatureAlgorithm(uint16_t signature_algorithm);
+
  private:
   CertificatePrivateKey() = default;
 

diff --git a/quic/core/crypto/certificate_view_test.cc b/quic/core/crypto/certificate_view_test.cc
index e5ad8e9..e7ce0ce 100644
--- a/quic/core/crypto/certificate_view_test.cc
+++ b/quic/core/crypto/certificate_view_test.cc

@@ -136,6 +136,7 @@
   std::unique_ptr<CertificatePrivateKey> key =
       CertificatePrivateKey::LoadPemFromStream(&pem_stream);
   ASSERT_TRUE(key != nullptr);
+  EXPECT_TRUE(key->ValidForSignatureAlgorithm(SSL_SIGN_ECDSA_SECP256R1_SHA256));
 }
 
 TEST(CertificateViewTest, DerTime) {