From baff1d0461a2d10eb9f99b64d3fd724e7b363a44 Mon Sep 17 00:00:00 2001 From: "rsleevi@chromium.org" Date: Fri, 29 Jul 2011 23:28:55 +0000 Subject: Add a routine for truncated HMAC verification BUG=none TEST=crypto_unittests --gtest_filter=HMACTest.* Review URL: http://codereview.chromium.org/7532020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94794 0039d316-1c4b-4281-b951-d872f2087c98 --- crypto/hmac.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'crypto/hmac.h') diff --git a/crypto/hmac.h b/crypto/hmac.h index a8956ff..73d6dc3 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -59,11 +59,16 @@ class CRYPTO_API HMAC { // supplied to the Init method. Use of this method is strongly recommended // over using Sign() with a manual comparison (such as memcmp), as such // comparisons may result in side-channel disclosures, such as timing, that - // undermine the cryptographic integrity. This method does not support - // comparing truncated HMACs. + // undermine the cryptographic integrity. |digest| must be exactly + // |DigestLength()| bytes long. bool Verify(const base::StringPiece& data, const base::StringPiece& digest) const; + // Verifies a truncated HMAC, behaving identical to Verify(), except + // that |digest| is allowed to be smaller than |DigestLength()|. + bool VerifyTruncated(const base::StringPiece& data, + const base::StringPiece& digest) const; + private: HashAlgorithm hash_alg_; scoped_ptr plat_; -- cgit v1.1