I was wondering if, in ordinary operation, the 32k file chunks’ HMACs are verified during decryption
Using the excellent architecture document, I’ve written a C# program to decrypt a Cryptomator file. Though the decryption works fine, I can’t get the chunk HMACs to match the expected values. The code looks like this:
bchMac.Init(new KeyParameter(hmackey));
var bcHash = new byte[bchMac.GetMacSize()];
bchMac.BlockUpdate(headerNonce, 0, headerNonce.Length); // 16 bytes
bchMac.BlockUpdate(beBlockNum, 0, beBlockNum.Length); // 8 big-endian
bchMac.BlockUpdate(chunkNonce, 0, chunkNonce.Length); // 32 bytes
bchMac.BlockUpdate(chunkpayload, 0, chunkpayload.Length); // 32768
bchMac.DoFinal(bcHash, 0);
Resulting hash does not does not match the last 32 bytes of the file content chunk where the expected mac value is supposed to be. But again, the decrypted file is perfect.
Thanks for any insight.