DelphiEncryptionCompendium
DelphiEncryptionCompendium copied to clipboard
Published
20 hours ago •
MHumm
MHumm
Implement HMACStream and HMACFile
I want to suggest a combination of the following methods:
- TDECHashAuthentication.HMAC combined with TDECHashExtended.CalcStream
- TDECHashAuthentication.HMAC combined with TDECHashExtended.CalcFile
Background information: I want to encrypt a large file which does not fit into the memory, and I would like to do "Encrypt-then-HMAC". So I need to HMAC the whole file or stream. (Pre-hasing is not a solution, because it is insecure)
Here is the code I wrote (actually copied and modified) and tested.
type
TDECHashExtendedAuthentication = class helper for TDECHashAuthentication
class function HMACFile(const Key: TBytes; const FileName: string;
const OnProgress:TDECProgressEvent = nil): TBytes;
class function HMACStream(const Key: TBytes; const Stream: TStream; Size: Int64;
const OnProgress:TDECProgressEvent = nil): TBytes;
end;
{ TDECHashExtendedAuthentication }
class function TDECHashExtendedAuthentication.HMACFile(const Key: TBytes;
const FileName: string; const OnProgress: TDECProgressEvent): TBytes;
var
fs: TFileStream;
begin
fs := TFileStream.Create(FileName, fmOpenRead);
try
HMACStream(Key, fs, fs.Size, OnProgress);
finally
FreeAndNil(fs);
end;
end;
class function TDECHashExtendedAuthentication.HMACStream(const Key: TBytes;
const Stream: TStream; Size: Int64;
const OnProgress: TDECProgressEvent = nil): TBytes;
const
CONST_UINT_OF_0x36 = $3636363636363636;
CONST_UINT_OF_0x5C = $5C5C5C5C5C5C5C5C;
var
HashInstance: TDECHashAuthentication;
InnerKeyPad, OuterKeyPad: array of Byte;
I, KeyLength, BlockSize, DigestLength: Integer;
begin
// Taken from TDECHashAuthentication.HMAC and changed HashInstance.Calc to HashInstance.CalcStream for the message
HashInstance := TDECHashAuthenticationClass(self).Create;
try
BlockSize := HashInstance.BlockSize; // 64 for sha1, ...
DigestLength := HashInstance.DigestSize;
KeyLength := Length(Key);
SetLength(InnerKeyPad, BlockSize);
SetLength(OuterKeyPad, BlockSize);
I := 0;
if KeyLength > BlockSize then
begin
Result := HashInstance.CalcBytes(Key);
KeyLength := DigestLength;
end
else
Result := Key;
while I <= KeyLength - SizeOf(NativeUInt) do
begin
PNativeUInt(@InnerKeyPad[I])^ := PNativeUInt(@Result[I])^ xor NativeUInt(CONST_UINT_OF_0x36);
PNativeUInt(@OuterKeyPad[I])^ := PNativeUInt(@Result[I])^ xor NativeUInt(CONST_UINT_OF_0x5C);
Inc(I, SizeOf(NativeUInt));
end;
while I < KeyLength do
begin
InnerKeyPad[I] := Result[I] xor $36;
OuterKeyPad[I] := Result[I] xor $5C;
Inc(I);
end;
while I <= BlockSize - SizeOf(NativeUInt) do
begin
PNativeUInt(@InnerKeyPad[I])^ := NativeUInt(CONST_UINT_OF_0x36);
PNativeUInt(@OuterKeyPad[I])^ := NativeUInt(CONST_UINT_OF_0x5C);
Inc(I, SizeOf(NativeUInt));
end;
while I < BlockSize do
begin
InnerKeyPad[I] := $36;
OuterKeyPad[I] := $5C;
Inc(I);
end;
HashInstance.Init;
HashInstance.Calc(InnerKeyPad[0], BlockSize);
if Size > 0 then
TDECHashExtended(HashInstance).CalcStream(Stream, Size, OnProgress, false);
HashInstance.Done;
Result := HashInstance.DigestAsBytes;
HashInstance.Init;
HashInstance.Calc(OuterKeyPad[0], BlockSize);
HashInstance.Calc(Result[0], DigestLength);
HashInstance.Done;
Result := HashInstance.DigestAsBytes;
finally
HashInstance.Free;
end;
end;
