Add a Verify routine for HMAC
BUG=none
TEST=crypto_unittests
Review URL: http://codereview.chromium.org/7277024
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@92824 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/crypto/hmac.cc b/crypto/hmac.cc
index a38f514..588cb9e 100644
--- a/crypto/hmac.cc
+++ b/crypto/hmac.cc
@@ -8,6 +8,25 @@
namespace crypto {
+// Performs a constant-time comparison of two strings, returning true if the
+// strings are equal.
+//
+// For cryptographic operations, comparison functions such as memcmp() may
+// expose side-channel information about input, allowing an attacker to
+// perform timing analysis to determine what the expected bits should be. In
+// order to avoid such attacks, the comparison must execute in constant time,
+// so as to not to reveal to the attacker where the difference(s) are.
+// For an example attack, see
+// http://groups.google.com/group/keyczar-discuss/browse_thread/thread/5571eca0948b2a13
+static bool SecureMemcmp(const void* s1, const void* s2, size_t n) {
+ const unsigned char* s1_ptr = reinterpret_cast<const unsigned char*>(s1);
+ const unsigned char* s2_ptr = reinterpret_cast<const unsigned char*>(s2);
+ unsigned char tmp = 0;
+ for (size_t i = 0; i < n; ++i, ++s1_ptr, ++s2_ptr)
+ tmp |= *s1_ptr ^ *s2_ptr;
+ return (tmp == 0);
+}
+
size_t HMAC::DigestLength() const {
switch (hash_alg_) {
case SHA1:
@@ -20,4 +39,16 @@
}
}
+bool HMAC::Verify(const base::StringPiece& data,
+ const base::StringPiece& digest) const {
+ if (digest.size() != DigestLength())
+ return false;
+ scoped_array<unsigned char> computed_digest(
+ new unsigned char[digest.size()]);
+ if (!Sign(data, computed_digest.get(), static_cast<int>(digest.size())))
+ return false;
+
+ return SecureMemcmp(digest.data(), computed_digest.get(), digest.size());
+}
+
} // namespace crypto
