diff options
Diffstat (limited to 'crypto/hmac.h')
-rw-r--r-- | crypto/hmac.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/crypto/hmac.h b/crypto/hmac.h index a8956ff..73d6dc3 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -59,11 +59,16 @@ class CRYPTO_API HMAC { // supplied to the Init method. Use of this method is strongly recommended // over using Sign() with a manual comparison (such as memcmp), as such // comparisons may result in side-channel disclosures, such as timing, that - // undermine the cryptographic integrity. This method does not support - // comparing truncated HMACs. + // undermine the cryptographic integrity. |digest| must be exactly + // |DigestLength()| bytes long. bool Verify(const base::StringPiece& data, const base::StringPiece& digest) const; + // Verifies a truncated HMAC, behaving identical to Verify(), except + // that |digest| is allowed to be smaller than |DigestLength()|. + bool VerifyTruncated(const base::StringPiece& data, + const base::StringPiece& digest) const; + private: HashAlgorithm hash_alg_; scoped_ptr<HMACPlatformData> plat_; |