///
/// See @ref isc::cryptolink::HMAC::verify() for details.
bool verify(const void* sig, size_t len) {
- /// @todo Botan's verify_mac checks if len matches the output_length,
- /// which causes it to fail for truncated signatures, so we do
- /// the check ourselves
+ // Botan's verify_mac checks if len matches the output_length,
+ // which causes it to fail for truncated signatures, so we do
+ // the check ourselves
try {
size_t size = getOutputLength();
if (len < 10 || len < size / 2) {
if (digest_.empty()) {
digest_ = hmac_->final();
}
+ // digest_.size() == size by construction
+ // if you are not convinced, add an assert()
return (Botan::same_mem(&digest_[0],
static_cast<const unsigned char*>(sig),
len));
~Hash();
/// \brief Returns the HashAlgorithm of the object
+ ///
+ /// \return hash algorithm
HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest
~HMAC();
/// \brief Returns the HashAlgorithm of the object
+ ///
+ /// \return hash algorithm
HashAlgorithm getHashAlgorithm() const;
/// \brief Returns the output size of the digest
/// \param sig The signature to verify
/// \param len The length of the signature. If this is smaller
/// than the output length of the algorithm,
- /// only len bytes will be checked
+ /// only len bytes will be checked. If this is
+ /// larger than the output length of the algorithm,
+ /// only output size bytes will be checked
/// \return true if the signature is correct, false otherwise
///
/// \note verify() does not destroy its context so it can be
if (len > size) {
len = size;
}
+ // digest.size() == size by construction
+ // if you are not convinced, add an assert()
return (digest.same(sig, len));
}