OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto_impl.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <sechash.h> | 8 #include <sechash.h> |
9 | 9 |
| 10 #include <vector> |
| 11 |
10 #include "base/logging.h" | 12 #include "base/logging.h" |
11 #include "crypto/nss_util.h" | 13 #include "crypto/nss_util.h" |
12 #include "crypto/scoped_nss_types.h" | 14 #include "crypto/scoped_nss_types.h" |
| 15 #include "crypto/secure_util.h" |
13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 16 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
16 | 19 |
17 namespace content { | 20 namespace content { |
18 | 21 |
19 namespace { | 22 namespace { |
20 | 23 |
21 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { | 24 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { |
22 public: | 25 public: |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
242 break; | 245 break; |
243 } | 246 } |
244 default: | 247 default: |
245 return false; | 248 return false; |
246 } | 249 } |
247 | 250 |
248 *buffer = result; | 251 *buffer = result; |
249 return true; | 252 return true; |
250 } | 253 } |
251 | 254 |
| 255 bool WebCryptoImpl::VerifySignatureInternal( |
| 256 const WebKit::WebCryptoAlgorithm& algorithm, |
| 257 const WebKit::WebCryptoKey& key, |
| 258 const unsigned char* signature, |
| 259 unsigned signature_size, |
| 260 const unsigned char* data, |
| 261 unsigned data_size, |
| 262 bool* signature_match) { |
| 263 switch (algorithm.id()) { |
| 264 case WebKit::WebCryptoAlgorithmIdHmac: { |
| 265 WebKit::WebArrayBuffer result; |
| 266 if (!SignInternal(algorithm, key, data, data_size, &result)) { |
| 267 return false; |
| 268 } |
| 269 |
| 270 // Handling of truncated signatures is underspecified in the WebCrypto |
| 271 // spec, so here we fail verification if a truncated signature is being |
| 272 // verified. |
| 273 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 |
| 274 *signature_match = |
| 275 result.byteLength() == signature_size && |
| 276 crypto::SecureMemEqual(result.data(), signature, signature_size); |
| 277 |
| 278 break; |
| 279 } |
| 280 default: |
| 281 return false; |
| 282 } |
| 283 |
| 284 return true; |
| 285 } |
| 286 |
252 } // namespace content | 287 } // namespace content |
OLD | NEW |