Use constant-time HMAC comparison in Nigori.

Cryptography is timing-sensitive. MACs should never be compared with usual string comparison functions, only constant-time checks. Use HMAC::Verify. Bug: none Change-Id: Ic1b164441396e4a4a853f1a50d91bc8f5c7fa18e Reviewed-on: https://chromium-review.googlesource.com/1246323Reviewed-by: vitaliii <vitaliii@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#594737}

Use constant-time HMAC comparison in Nigori.
Cryptography is timing-sensitive. MACs should never be compared with usual string comparison functions, only constant-time checks. Use HMAC::Verify. Bug: none Change-Id: Ic1b164441396e4a4a853f1a50d91bc8f5c7fa18e Reviewed-on: https://chromium-review.googlesource.com/1246323Reviewed-by: vitaliii <vitaliii@chromium.org> Commit-Queue: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#594737}
acbc35cd · David Benjamin · Commit Bot · 4f9fb41c · acbc35cd
Commit acbc35cd authored Sep 27, 2018 by David Benjamin Committed by Commit Bot Sep 27, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 6 deletions

components/sync/base/nigori.cc components/sync/base/nigori.cc +1 -6

No files found.
--- a/components/sync/base/nigori.cc
+++ b/components/sync/base/nigori.cc
@@ -334,12 +334,7 @@ bool Nigori::Decrypt(const std::string& encrypted, std::string* value) const {
  if (!hmac.Init(keys_.mac_key->key()))
    return false;
-  std::vector<unsigned char> expected(kHashSize);
+  if (!hmac.Verify(ciphertext, hash))
-  if (!hmac.Sign(ciphertext, &expected[0], expected.size()))
-    return false;
-  if (hash.compare(0, hash.size(), reinterpret_cast<char*>(&expected[0]),
-                   expected.size()))
    return false;
  crypto::Encryptor encryptor;