summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorrsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-07-29 23:28:55 +0000
committerrsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-07-29 23:28:55 +0000
commitbaff1d0461a2d10eb9f99b64d3fd724e7b363a44 (patch)
treea23fbf71576e47f26200a29bef0e514a54ded89a /crypto
parentf94d52bc3311375e96a1a0b620f46054c7cc0d6a (diff)
downloadchromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.zip
chromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.tar.gz
chromium_src-baff1d0461a2d10eb9f99b64d3fd724e7b363a44.tar.bz2
Add a routine for truncated HMAC verification
BUG=none TEST=crypto_unittests --gtest_filter=HMACTest.* Review URL: http://codereview.chromium.org/7532020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94794 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
-rw-r--r--crypto/hmac.cc17
-rw-r--r--crypto/hmac.h9
-rw-r--r--crypto/hmac_unittest.cc4
3 files changed, 25 insertions, 5 deletions
diff --git a/crypto/hmac.cc b/crypto/hmac.cc
index 588cb9e..74d1f91 100644
--- a/crypto/hmac.cc
+++ b/crypto/hmac.cc
@@ -4,6 +4,8 @@
#include "crypto/hmac.h"
+#include <algorithm>
+
#include "base/logging.h"
namespace crypto {
@@ -43,12 +45,21 @@ bool HMAC::Verify(const base::StringPiece& data,
const base::StringPiece& digest) const {
if (digest.size() != DigestLength())
return false;
+ return VerifyTruncated(data, digest);
+}
+
+bool HMAC::VerifyTruncated(const base::StringPiece& data,
+ const base::StringPiece& digest) const {
+ if (digest.empty())
+ return false;
+ size_t digest_length = DigestLength();
scoped_array<unsigned char> computed_digest(
- new unsigned char[digest.size()]);
- if (!Sign(data, computed_digest.get(), static_cast<int>(digest.size())))
+ new unsigned char[digest_length]);
+ if (!Sign(data, computed_digest.get(), static_cast<int>(digest_length)))
return false;
- return SecureMemcmp(digest.data(), computed_digest.get(), digest.size());
+ return SecureMemcmp(digest.data(), computed_digest.get(),
+ std::min(digest.size(), digest_length));
}
} // namespace crypto
diff --git a/crypto/hmac.h b/crypto/hmac.h
index a8956ff..73d6dc3 100644
--- a/crypto/hmac.h
+++ b/crypto/hmac.h
@@ -59,11 +59,16 @@ class CRYPTO_API HMAC {
// supplied to the Init method. Use of this method is strongly recommended
// over using Sign() with a manual comparison (such as memcmp), as such
// comparisons may result in side-channel disclosures, such as timing, that
- // undermine the cryptographic integrity. This method does not support
- // comparing truncated HMACs.
+ // undermine the cryptographic integrity. |digest| must be exactly
+ // |DigestLength()| bytes long.
bool Verify(const base::StringPiece& data,
const base::StringPiece& digest) const;
+ // Verifies a truncated HMAC, behaving identical to Verify(), except
+ // that |digest| is allowed to be smaller than |DigestLength()|.
+ bool VerifyTruncated(const base::StringPiece& data,
+ const base::StringPiece& digest) const;
+
private:
HashAlgorithm hash_alg_;
scoped_ptr<HMACPlatformData> plat_;
diff --git a/crypto/hmac_unittest.cc b/crypto/hmac_unittest.cc
index 1978705..f5d9906 100644
--- a/crypto/hmac_unittest.cc
+++ b/crypto/hmac_unittest.cc
@@ -221,6 +221,10 @@ TEST(HMACTest, NSSFIPSPowerUpSelfTest) {
message_data,
base::StringPiece(reinterpret_cast<const char*>(kKnownHMACSHA1),
kSHA1DigestSize)));
+ EXPECT_TRUE(hmac.VerifyTruncated(
+ message_data,
+ base::StringPiece(reinterpret_cast<const char*>(kKnownHMACSHA1),
+ kSHA1DigestSize / 2)));
crypto::HMAC hmac2(crypto::HMAC::SHA256);
ASSERT_TRUE(hmac2.Init(kKnownSecretKey, kKnownSecretKeySize));