Re: processing same stream in parallel

[Jeffrey Walton]

On Sunday, April 5, 2015 at 11:26:15 PM UTC-4, Maricel Gregoraschko wrote:
>
> Also, in order to get the authentication right (not using an authenticated 
> mode like GCM/EAX), is there anything else obvious that I should be aware 
> of other than making sure I calculate the HMAC(SHA256/512) on the cipher 
> text, not plain, and use a different MAC key than the cipher key, and if 
> deriving it from a passphrase, generate it with a computationally heavy 
> KDF? Thank you!
>
Independent key derivation.

In pseudo code, something like:

    master_key = PBKDF(password, salt, iterations, useage)

Useage is just a label like "Master key derivation for Maricel's 
Algorithm". It tries to ensure master_key differs under the same parameters.

Then:

    enc_key = KDF(master_key, salt, iteration, "encryption key")
    enc_iv = KDF(master_key, salt, iteration, "encryption iv")
    hamc_key = KDF(master_key, salt, iteration, "hmac key")

Now you have your independent keys for your block cipher and hamc.

  ------------------------------
 *From:* Maricel Gregoraschko <maricelgr...@yahoo.com <javascript:>>
*To:* Jeffrey Walton <nolo...@gmail.com <javascript:>>; "
cryptop...@googlegroups.com <javascript:>" <cryptop...@googlegroups.com 
<javascript:>> 
*Sent:* Sunday, April 5, 2015 11:20 PM
*Subject:* Re: processing same stream in parallel
 
Jeffrey,
Thank you very much for your insights and details.
I was indeed looking to do HMAC on cipher text, not directly on clear text. 
I asked the question wrong.
Your code using putMessage=true was what I needed, but it's also good to 
know that ChannelSwitch is the equivalent of Fork.
I looked at the crash in the sample that you gave, and started by assuming 
there was something in HashVerificationFilter that made it send the wrong 
data to CBC_Encryption; I followed the data through all the hoops all the 
way down to AESNI_AdvancedProcessBlocks(), until I realized it was on its 
subkeys  parameter that the read violation was occurring. Turns out the key 
wasn't set:
CBC_Mode<AES>::Encryption encryptor;
encryptor.SetKeyWithIV(keys. data() + 0 /*key*/, 16, keys.data() + 16 
/*iv*/, 16);
CBC_Mode<AES>::Decryption decryptor;
encryptor.SetKeyWithIV(keys. data() + 0 /*key*/, 16, keys.data() + 16 
/*iv*/, 16); //needs to be decryptor.SetKeyWithIV....

Quite an easy mistake to make with boilerplate code, and it's a bit 
disconcerting that the decryption class wouldn't at a minimum make a basic 
check that the key was set by the client, before proceeding to use it. 

>You will *always* have to touch the data twice. 

If I understand you correctly, you are saying each block of data/chunk 
needs to be read twice (once in memory, from there), once as input to the 
encryption cipher, and once as input to the hmac? That makes sense. 
I was referring to not reading it off the disk twice, e.g. in the case of 
doing hmac on plain text from a file, not going twice through the input 
stream (first to encrypt, then resetting the stream, and reading through it 
again for the mac). putMessage=true, or Fork/ChannelSwitch help with that.

By the way, you are linking to wiki pages (Authenticated_Encryption, 
ChannelSwitch), that I see no way to get to from cryptopp main wiki page
http://www.cryptopp.com/wiki/Main_Page - private 
<http://www.cryptopp.com/wiki/Main_Page>

I had no clue they existed, and it seems there are many more. I see no 
table of contents, no index and no search, how does one get to the 
documentation without knowing exact URL's of specific pages?

The source code is incredibly sparsely documented, is there annotated code 
elsewhere? Am I looking in the wrong place?

How is one supposed to know what putMessage=true means in HashFilter()? Or 
the fact that HashVerificationFilter() takes in the message + hash at the 
end if you use HashVerificationFilter::HASH_AT_END and it outputs just the 
message with the hash stripped if you use 
HashVerificationFilter::PUT_MESSAGE?
Or the fact that ChannelSwitch exists and what it's used for? People just 
browse through source code, look at classes and go "there it is! that's 
what I'm looking for!"? :)

One more question, how does HashVerificationFilter check the hash, does it 
set a status somewhere? Because it doesn't throw an exception or anything 
for the wrong hash.
Thank you very much for your time. It's truly appreciated.
 

-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.