Add constant-time method for verifying MACs.

bramble-api/src/main/java/org/briarproject/bramble/api/client/ClientHelper.java

@@ -105,8 +105,8 @@ public interface ClientHelper {
 	byte[] sign(String label, BdfList toSign, byte[] privateKey)
 			throws FormatException, GeneralSecurityException;
 
-	void verifySignature(String label, byte[] sig, byte[] publicKey,
-			BdfList signed) throws FormatException, GeneralSecurityException;
+	void verifySignature(byte[] signature, String label, BdfList signed,
+			byte[] publicKey) throws FormatException, GeneralSecurityException;
 
 	Author parseAndValidateAuthor(BdfList author) throws FormatException;
 

bramble-api/src/main/java/org/briarproject/bramble/api/crypto/CryptoComponent.java

@@ -67,8 +67,8 @@ public interface CryptoComponent {
 	 * signature created for another purpose
 	 * @return true if the signature was valid, false otherwise.
 	 */
-	boolean verify(String label, byte[] signedData, byte[] publicKey,
-			byte[] signature) throws GeneralSecurityException;
+	boolean verifySignature(byte[] signature, String label, byte[] signed,
+			byte[] publicKey) throws GeneralSecurityException;
 
 	/**
 	 * Returns the hash of the given inputs. The inputs are unambiguously
@@ -91,6 +91,18 @@ public interface CryptoComponent {
 	 */
 	byte[] mac(String label, SecretKey macKey, byte[]... inputs);
 
+	/**
+	 * Verifies that the given message authentication code is valid for the
+	 * given secret key and inputs.
+	 *
+	 * @param label a namespaced label indicating the purpose of this MAC, to
+	 * prevent it from being repurposed or colliding with a MAC created for
+	 * another purpose
+	 * @return true if the MAC was valid, false otherwise.
+	 */
+	boolean verifyMac(byte[] mac, String label, SecretKey macKey,
+			byte[]... inputs);
+
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to
 	 * storage. The encryption and authentication keys are derived from the