Implement verify() for HMAC using NSS

BUG=245025

Review URL: https://codereview.chromium.org/24616003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@225589 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 137 insertions, 0 deletions

diff --git a/content/renderer/webcrypto_impl.cc b/content/renderer/webcrypto_impl.cc
index b0fc14f..f6f77ba 100644
--- a/content/renderer/webcrypto_impl.cc
+++ b/content/renderer/webcrypto_impl.cc
@@ -71,4 +71,26 @@ void WebCryptoImpl::sign(
   }
 }
 
+void WebCryptoImpl::verifySignature(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* signature,
+    unsigned signature_size,
+    const unsigned char* data,
+    unsigned data_size,
+    WebKit::WebCryptoResult result) {
+  bool signature_match = false;
+  if (!VerifySignatureInternal(algorithm,
+                               key,
+                               signature,
+                               signature_size,
+                               data,
+                               data_size,
+                               &signature_match)) {
+    result.completeWithError();
+  } else {
+    result.completeWithBoolean(signature_match);
+  }
+}
+
 }  // namespace content
diff --git a/content/renderer/webcrypto_impl.h b/content/renderer/webcrypto_impl.h
index a2c8a87..41adf64 100644
--- a/content/renderer/webcrypto_impl.h
+++ b/content/renderer/webcrypto_impl.h
@@ -37,6 +37,14 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebCryptoResult result);
+  virtual void verifySignature(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      const WebKit::WebCryptoKey& key,
+      const unsigned char* signature,
+      unsigned signature_size,
+      const unsigned char* data,
+      unsigned data_size,
+      WebKit::WebCryptoResult result);
 
  protected:
   friend class WebCryptoImplTest;
@@ -62,6 +70,14 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebArrayBuffer* buffer);
+  bool VerifySignatureInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      const WebKit::WebCryptoKey& key,
+      const unsigned char* signature,
+      unsigned signature_size,
+      const unsigned char* data,
+      unsigned data_size,
+      bool* signature_match);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(WebCryptoImpl);
diff --git a/content/renderer/webcrypto_impl_nss.cc b/content/renderer/webcrypto_impl_nss.cc
index caf986f..f42f852 100644
--- a/content/renderer/webcrypto_impl_nss.cc
+++ b/content/renderer/webcrypto_impl_nss.cc
@@ -7,9 +7,12 @@
 #include <pk11pub.h>
 #include <sechash.h>
 
+#include <vector>
+
 #include "base/logging.h"
 #include "crypto/nss_util.h"
 #include "crypto/scoped_nss_types.h"
+#include "crypto/secure_util.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
@@ -249,4 +252,36 @@ bool WebCryptoImpl::SignInternal(
   return true;
 }
 
+bool WebCryptoImpl::VerifySignatureInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* signature,
+    unsigned signature_size,
+    const unsigned char* data,
+    unsigned data_size,
+    bool* signature_match) {
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdHmac: {
+      WebKit::WebArrayBuffer result;
+      if (!SignInternal(algorithm, key, data, data_size, &result)) {
+        return false;
+      }
+
+      // Handling of truncated signatures is underspecified in the WebCrypto
+      // spec, so here we fail verification if a truncated signature is being
+      // verified.
+      // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097
+      *signature_match =
+          result.byteLength() == signature_size &&
+          crypto::SecureMemEqual(result.data(), signature, signature_size);
+
+      break;
+    }
+    default:
+      return false;
+  }
+
+  return true;
+}
+
 }  // namespace content
diff --git a/content/renderer/webcrypto_impl_openssl.cc b/content/renderer/webcrypto_impl_openssl.cc
index 9aa1a42..3b81250 100644
--- a/content/renderer/webcrypto_impl_openssl.cc
+++ b/content/renderer/webcrypto_impl_openssl.cc
@@ -43,4 +43,17 @@ bool WebCryptoImpl::SignInternal(
   return false;
 }
 
+bool WebCryptoImpl::VerifySignatureInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* signature,
+    unsigned signature_size,
+    const unsigned char* data,
+    unsigned data_size,
+    bool* signature_match) {
+  // TODO(bryaneyler): Placeholder for OpenSSL implementation.
+  // Issue http://crbug.com/267888.
+  return false;
+}
+
 }  // namespace content
diff --git a/content/renderer/webcrypto_impl_unittest.cc b/content/renderer/webcrypto_impl_unittest.cc
index 170c39d..696d887 100644
--- a/content/renderer/webcrypto_impl_unittest.cc
+++ b/content/renderer/webcrypto_impl_unittest.cc
@@ -105,6 +105,23 @@ class WebCryptoImplTest : public testing::Test {
     return crypto_.SignInternal(algorithm, key, data, data_size, buffer);
   }
 
+  bool VerifySignatureInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      const WebKit::WebCryptoKey& key,
+      const unsigned char* signature,
+      unsigned signature_size,
+      const unsigned char* data,
+      unsigned data_size,
+      bool* signature_match) {
+    return crypto_.VerifySignatureInternal(algorithm,
+                                           key,
+                                           signature,
+                                           signature_size,
+                                           data,
+                                           data_size,
+                                           signature_match);
+  }
+
  private:
   WebCryptoImpl crypto_;
 };
@@ -296,6 +313,40 @@ TEST_F(WebCryptoImplTest, HMACSampleSets) {
         algorithm, key, message_raw.data(), message_raw.size(), &output));
 
     ExpectArrayBufferMatchesHex(test.mac, output);
+
+    bool signature_match = false;
+    EXPECT_TRUE(VerifySignatureInternal(
+        algorithm,
+        key,
+        static_cast<const unsigned char*>(output.data()),
+        output.byteLength(),
+        message_raw.data(),
+        message_raw.size(),
+        &signature_match));
+    EXPECT_TRUE(signature_match);
+
+    // Ensure truncated signature does not verify by passing one less byte.
+    EXPECT_TRUE(VerifySignatureInternal(
+        algorithm,
+        key,
+        static_cast<const unsigned char*>(output.data()),
+        output.byteLength() - 1,
+        message_raw.data(),
+        message_raw.size(),
+        &signature_match));
+    EXPECT_FALSE(signature_match);
+
+    // Ensure extra long signature does not cause issues and fails.
+    const unsigned char kLongSignature[1024] = { 0 };
+    EXPECT_TRUE(VerifySignatureInternal(
+        algorithm,
+        key,
+        kLongSignature,
+        sizeof(kLongSignature),
+        message_raw.data(),
+        message_raw.size(),
+        &signature_match));
+    EXPECT_FALSE(signature_match);
   }
 }