i am trying to implement a reader in golang to decrypt data (provided by a reader) and validate the data (hmac + sha256) at the same time.
Decrypting the complete data as one block and validating it afterwards works. The data can be rather big, so i don´t want to hold in a data array.
The reader implementation works for the most part, but the result of every 1024th aes block is wrong.
func (r *mediaReader) Read(dst []byte) (n int, err error) {
if m := len(dst); m%r.cbc.BlockSize() != 0 {
m = (m / r.cbc.BlockSize()) * r.cbc.BlockSize()
dst = dst[:m]
}
n, err = r.limitedReader.Read(dst)
r.cbc.CryptBlocks(dst, dst)
tmp := r.fileLength - int64(n)
if tmp < 0 || err == io.EOF {
n += int(tmp)
}
r.total += n
r.fileLength -= int64(n)
r.hash.Write(dst)
if r.fileLength <= 0 || err == io.EOF {
//validate
mac := make([]byte, 10)
nn, rr := r.fullReader.Read(mac)
if rr != nil {
return n, rr
}
if nn != 10 {
return n, fmt.Errorf("not enougth data remaining")
}
if !hmac.Equal(mac, r.hash.Sum(nil)) {
return n, fmt.Errorf("invalid media hmac
%v
%v", r.hash.Sum(nil)[:10], mac)
}
//SUCCESS
return n, io.EOF
}
return n, err
}
The limitedReader
uses the fullReader and ends 10 bytes before the fullReader does. Snippet of mediaReader creation:
h := hmac.New(sha256.New, macKey)
h.Write(iv)
cbc := cipher.NewCBCDecrypter(block, iv)
media := &io.LimitedReader{R: fullReader, N: length - 10}
return &mediaReader{
limitedReader: media,
fullReader: fullReader,
hash: h,
fileLength: fileLength,
cbc: cbc,
total: 0,
}
Does anyone regocnize what I am doing wrong? Wrong decrypted bytes: 16384-16399; 1 * 1024 * 16 (AES Blocksize); 16 wrong bytes 32768-32783; 2 * 1024 * 16 (AES Blocksize); 16 wrong bytes 49152-49167; 3 * 1024 * 16 (AES Blocksize); 16 wrong bytes ...
Thanks for your help!