diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-29 23:28:55 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-07-29 23:28:55 +0000 |
| commit | baff1d0461a2d10eb9f99b64d3fd724e7b363a44 (patch) | |
| tree | a23fbf71576e47f26200a29bef0e514a54ded89a | |
| parent | f94d52bc3311375e96a1a0b620f46054c7cc0d6a (diff) | |
| download | chromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.zip chromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.tar.gz chromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.tar.bz2 | |
Add a routine for truncated HMAC verification
BUG=none
TEST=crypto_unittests --gtest_filter=HMACTest.*
Review URL: http://codereview.chromium.org/7532020
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94794 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | crypto/hmac.cc | 17 | ||||
| -rw-r--r-- | crypto/hmac.h | 9 | ||||
| -rw-r--r-- | crypto/hmac_unittest.cc | 4 |
3 files changed, 25 insertions, 5 deletions
diff --git a/crypto/hmac.cc b/crypto/hmac.cc index 588cb9e..74d1f91 100644 --- a/crypto/hmac.cc +++ b/crypto/hmac.cc @@ -4,6 +4,8 @@ #include "crypto/hmac.h" +#include <algorithm> + #include "base/logging.h" namespace crypto { @@ -43,12 +45,21 @@ bool HMAC::Verify(const base::StringPiece& data, const base::StringPiece& digest) const { if (digest.size() != DigestLength()) return false; + return VerifyTruncated(data, digest); +} + +bool HMAC::VerifyTruncated(const base::StringPiece& data, + const base::StringPiece& digest) const { + if (digest.empty()) + return false; + size_t digest_length = DigestLength(); scoped_array<unsigned char> computed_digest( - new unsigned char[digest.size()]); - if (!Sign(data, computed_digest.get(), static_cast<int>(digest.size()))) + new unsigned char[digest_length]); + if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length))) return false; - return SecureMemcmp(digest.data(), computed_digest.get(), digest.size()); + return SecureMemcmp(digest.data(), computed_digest.get(), + std::min(digest.size(), digest_length)); } } // namespace crypto diff --git a/crypto/hmac.h b/crypto/hmac.h index a8956ff..73d6dc3 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -59,11 +59,16 @@ class CRYPTO_API HMAC { // supplied to the Init method. Use of this method is strongly recommended // over using Sign() with a manual comparison (such as memcmp), as such // comparisons may result in side-channel disclosures, such as timing, that - // undermine the cryptographic integrity. This method does not support - // comparing truncated HMACs. + // undermine the cryptographic integrity. |digest| must be exactly + // |DigestLength()| bytes long. bool Verify(const base::StringPiece& data, const base::StringPiece& digest) const; + // Verifies a truncated HMAC, behaving identical to Verify(), except + // that |digest| is allowed to be smaller than |DigestLength()|. + bool VerifyTruncated(const base::StringPiece& data, + const base::StringPiece& digest) const; + private: HashAlgorithm hash_alg_; scoped_ptr<HMACPlatformData> plat_; diff --git a/crypto/hmac_unittest.cc b/crypto/hmac_unittest.cc index 1978705..f5d9906 100644 --- a/crypto/hmac_unittest.cc +++ b/crypto/hmac_unittest.cc @@ -221,6 +221,10 @@ TEST(HMACTest, NSSFIPSPowerUpSelfTest) { message_data, base::StringPiece(reinterpret_cast<const char*>(kKnownHMACSHA1), kSHA1DigestSize))); + EXPECT_TRUE(hmac.VerifyTruncated( + message_data, + base::StringPiece(reinterpret_cast<const char*>(kKnownHMACSHA1), + kSHA1DigestSize / 2))); crypto::HMAC hmac2(crypto::HMAC::SHA256); ASSERT_TRUE(hmac2.Init(kKnownSecretKey, kKnownSecretKeySize)); |