OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto_impl.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <sechash.h> | 8 #include <sechash.h> |
9 #include <vector> | |
9 | 10 |
10 #include "base/logging.h" | 11 #include "base/logging.h" |
11 #include "crypto/nss_util.h" | 12 #include "crypto/nss_util.h" |
12 #include "crypto/scoped_nss_types.h" | 13 #include "crypto/scoped_nss_types.h" |
14 #include "crypto/secure_util.h" | |
13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
16 | 18 |
17 namespace content { | 19 namespace content { |
18 | 20 |
19 namespace { | 21 namespace { |
20 | 22 |
21 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { | 23 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { |
22 public: | 24 public: |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
242 break; | 244 break; |
243 } | 245 } |
244 default: | 246 default: |
245 return false; | 247 return false; |
246 } | 248 } |
247 | 249 |
248 *buffer = result; | 250 *buffer = result; |
249 return true; | 251 return true; |
250 } | 252 } |
251 | 253 |
254 bool WebCryptoImpl::VerifySignatureInternal( | |
255 const WebKit::WebCryptoAlgorithm& algorithm, | |
256 const WebKit::WebCryptoKey& key, | |
257 const unsigned char* signature, | |
258 unsigned signature_size, | |
259 const unsigned char* data, | |
260 unsigned data_size, | |
261 bool* signature_match) { | |
262 switch (algorithm.id()) { | |
263 case WebKit::WebCryptoAlgorithmIdHmac: { | |
264 WebKit::WebArrayBuffer result; | |
265 if (!SignInternal(algorithm, key, data, data_size, &result)) { | |
266 return false; | |
267 } | |
268 | |
269 // Handling of truncated signatures is underspecified in the WebCrypto | |
270 // spec, so here we fail verification if a truncated signature is being | |
271 // verified. | |
272 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 | |
273 *signature_match = | |
274 crypto::SecureMemEqual(result.data(), signature, signature_size) && | |
eroman
2013/09/26 00:10:43
This is incorrect: the size check needs to be done
Bryan Eyler
2013/09/26 00:18:07
Done.
| |
275 result.byteLength() == signature_size; | |
276 | |
277 break; | |
278 } | |
279 default: | |
280 return false; | |
281 } | |
282 | |
283 return true; | |
284 } | |
285 | |
252 } // namespace content | 286 } // namespace content |
OLD | NEW |