| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Utility class for calculating the HMAC for a given message. We currently | 5 // Utility class for calculating the HMAC for a given message. We currently |
| 6 // only support SHA1 for the hash algorithm, but this can be extended easily. | 6 // only support SHA1 for the hash algorithm, but this can be extended easily. |
| 7 | 7 |
| 8 #ifndef CRYPTO_HMAC_H_ | 8 #ifndef CRYPTO_HMAC_H_ |
| 9 #define CRYPTO_HMAC_H_ | 9 #define CRYPTO_HMAC_H_ |
| 10 #pragma once | 10 #pragma once |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 // returned in |digest|, which has |digest_length| bytes of storage available. | 52 // returned in |digest|, which has |digest_length| bytes of storage available. |
| 53 // TODO(abarth): digest_length should be a size_t. | 53 // TODO(abarth): digest_length should be a size_t. |
| 54 bool Sign(const base::StringPiece& data, unsigned char* digest, | 54 bool Sign(const base::StringPiece& data, unsigned char* digest, |
| 55 int digest_length) const; | 55 int digest_length) const; |
| 56 | 56 |
| 57 // Verifies that the HMAC for the message in |data| equals the HMAC provided | 57 // Verifies that the HMAC for the message in |data| equals the HMAC provided |
| 58 // in |digest|, using the algorithm supplied to the constructor and the key | 58 // in |digest|, using the algorithm supplied to the constructor and the key |
| 59 // supplied to the Init method. Use of this method is strongly recommended | 59 // supplied to the Init method. Use of this method is strongly recommended |
| 60 // over using Sign() with a manual comparison (such as memcmp), as such | 60 // over using Sign() with a manual comparison (such as memcmp), as such |
| 61 // comparisons may result in side-channel disclosures, such as timing, that | 61 // comparisons may result in side-channel disclosures, such as timing, that |
| 62 // undermine the cryptographic integrity. This method does not support | 62 // undermine the cryptographic integrity. |digest| must be exactly |
| 63 // comparing truncated HMACs. | 63 // |DigestLength()| bytes long. |
| 64 bool Verify(const base::StringPiece& data, | 64 bool Verify(const base::StringPiece& data, |
| 65 const base::StringPiece& digest) const; | 65 const base::StringPiece& digest) const; |
| 66 | 66 |
| 67 // Verifies a truncated HMAC, behaving identical to Verify(), except |
| 68 // that |digest| is allowed to be smaller than |DigestLength()|. |
| 69 bool VerifyTruncated(const base::StringPiece& data, |
| 70 const base::StringPiece& digest) const; |
| 71 |
| 67 private: | 72 private: |
| 68 HashAlgorithm hash_alg_; | 73 HashAlgorithm hash_alg_; |
| 69 scoped_ptr<HMACPlatformData> plat_; | 74 scoped_ptr<HMACPlatformData> plat_; |
| 70 | 75 |
| 71 DISALLOW_COPY_AND_ASSIGN(HMAC); | 76 DISALLOW_COPY_AND_ASSIGN(HMAC); |
| 72 }; | 77 }; |
| 73 | 78 |
| 74 } // namespace crypto | 79 } // namespace crypto |
| 75 | 80 |
| 76 #endif // CRYPTO_HMAC_H_ | 81 #endif // CRYPTO_HMAC_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7532020:
Add a routine for truncated HMAC verification (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src