HMACs of files

19 views
Skip to first unread message

Tom

unread,
Sep 7, 2021, 7:45:17 AM9/7/21
to Crypto++ Users
I can create HMACs of files using pipelines via filesources but... I can't seem to figure out to verify the HMAC without throwing the file into a string in memory.

like this:

StringSource(plain + mac, true, new HashVerificationFilter(hmac, NULL, flags) ); // StringSource

Is there a way to use a FileSource without loading the file fully into memory?

I think its possible but do I append the hmac if I use a file?

Jeffrey Walton

unread,
Sep 8, 2021, 6:47:45 AM9/8/21
to Crypto++ Users List
Yeah, that's a problem. We should have some documentation covering it.

I think you need a custom source that takes two sources - the existing
HMAC wrapped in a StringSource and the FileSource. The custom source
then pumps the data to the attached filter.

Another option is a HashVerificationFilter that takes two sources. It
could be tricky since the source is expected to pump its data. I did
not test this option.

Attached is an example. It uses a hash rather than HMAC to simplify the code.

The example has a bug, though. HashVerificationFilter is failing.
Instead of PUT_RESULT (or THROW), I used PUT_HASH to see the hash that
was calculated during verification. When using PUT_HASH, the
calculated digest has 32 0's appending to it. So the calculated digest
in the example program is
AD7FACB2586FC6E966C004D7D1D16B024F5805FF7CB47C7A85DABD8B48892CA7
0000000000000000000000000000000000000000000000000000000000000000.

I'll add the example to the wiki once I get the problem sorted out.

Jeff
test.cxx

Jeffrey Walton

unread,
Sep 8, 2021, 6:52:13 PM9/8/21
to Crypto++ Users
On Wednesday, September 8, 2021 at 6:47:45 AM UTC-4 Jeffrey Walton wrote:
On Tue, Sep 7, 2021 at 7:45 AM Tom <thoma...@gmail.com> wrote:
>
> I can create HMACs of files using pipelines via filesources but... I can't seem to figure out to verify the HMAC without throwing the file into a string in memory.
>
> like this:
>
> StringSource(plain + mac, true, new HashVerificationFilter(hmac, NULL, flags) ); // StringSource
>
> Is there a way to use a FileSource without loading the file fully into memory?
>
> I think its possible but do I append the hmac if I use a file?

Yeah, that's a problem. We should have some documentation covering it.

I think you need a custom source that takes two sources - the existing
HMAC wrapped in a StringSource and the FileSource. The custom source
then pumps the data to the attached filter.

Another option is a HashVerificationFilter that takes two sources. It
could be tricky since the source is expected to pump its data. I did
not test this option.

Attached is an example. It uses a hash rather than HMAC to simplify the code.

The example has a bug, though. HashVerificationFilter is failing...

Attached is a corrected example that works as expected. Unfortunately, I was not able to get the CombinedSource class to work as expected. Instead, I had to manually fiddle with both Sources. It is not as elegant, but it should get you through your task.

Jeff
test.cxx

Jeffrey Walton

unread,
Sep 8, 2021, 7:24:28 PM9/8/21
to Crypto++ Users List
On Wed, Sep 8, 2021 at 6:46 AM Jeffrey Walton <nolo...@gmail.com> wrote:
>
> On Tue, Sep 7, 2021 at 7:45 AM Tom <thoma...@gmail.com> wrote:
> >
> > I can create HMACs of files using pipelines via filesources but... I can't seem to figure out to verify the HMAC without throwing the file into a string in memory.
> >
> > like this:
> >
> > StringSource(plain + mac, true, new HashVerificationFilter(hmac, NULL, flags) ); // StringSource
> >
> > Is there a way to use a FileSource without loading the file fully into memory?
> >
> > I think its possible but do I append the hmac if I use a file?
>
> Yeah, that's a problem. We should have some documentation covering it.

Here is the documentation:
https://www.cryptopp.com/wiki/HashVerificationFilter#String_and_File_Sources

Jeff
Reply all
Reply to author
Forward
0 new messages