rust: add default implementation for Mac::verify_mac

Author: daviddrysdale

rust/tink/Cargo.toml

@@ -15,6 +15,7 @@ prost = "*"
 rand = "*"
 sha-1 = "*"
 sha2 = "*"
+subtle = "*"
 
 [build-dependencies]
 prost-build = "*"

rust/tink/src/mac.rs

@@ -21,5 +21,12 @@ pub trait Mac {
 
     // Returns `()` if `mac` is a correct authentication code (MAC) for `data`,
     // otherwise it returns an error.
-    fn verify_mac(&self, mac: &[u8], data: &[u8]) -> Result<(), crate::TinkError>;
+    fn verify_mac(&self, mac: &[u8], data: &[u8]) -> Result<(), crate::TinkError> {
+        let computed = self.compute_mac(data)?;
+        if crate::subtle::constant_time_compare(mac, &computed) {
+            Ok(())
+        } else {
+            Err("Invalid MAC".into())
+        }
+    }
 }