Index: content/renderer/webcrypto_impl_nss.cc |
diff --git a/content/renderer/webcrypto_impl_nss.cc b/content/renderer/webcrypto_impl_nss.cc |
index caf986fce44f168fe5c390239d27336919066188..f42f8520a6a9b809b559b483214cf186842dec4f 100644 |
--- a/content/renderer/webcrypto_impl_nss.cc |
+++ b/content/renderer/webcrypto_impl_nss.cc |
@@ -7,9 +7,12 @@ |
#include <pk11pub.h> |
#include <sechash.h> |
+#include <vector> |
+ |
#include "base/logging.h" |
#include "crypto/nss_util.h" |
#include "crypto/scoped_nss_types.h" |
+#include "crypto/secure_util.h" |
#include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
@@ -249,4 +252,36 @@ bool WebCryptoImpl::SignInternal( |
return true; |
} |
+bool WebCryptoImpl::VerifySignatureInternal( |
+ const WebKit::WebCryptoAlgorithm& algorithm, |
+ const WebKit::WebCryptoKey& key, |
+ const unsigned char* signature, |
+ unsigned signature_size, |
+ const unsigned char* data, |
+ unsigned data_size, |
+ bool* signature_match) { |
+ switch (algorithm.id()) { |
+ case WebKit::WebCryptoAlgorithmIdHmac: { |
+ WebKit::WebArrayBuffer result; |
+ if (!SignInternal(algorithm, key, data, data_size, &result)) { |
+ return false; |
+ } |
+ |
+ // Handling of truncated signatures is underspecified in the WebCrypto |
+ // spec, so here we fail verification if a truncated signature is being |
+ // verified. |
+ // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 |
+ *signature_match = |
+ result.byteLength() == signature_size && |
+ crypto::SecureMemEqual(result.data(), signature, signature_size); |
+ |
+ break; |
+ } |
+ default: |
+ return false; |
+ } |
+ |
+ return true; |
+} |
+ |
} // namespace content |