2
responses

Hello everyone,

I'm having trouble architecturing something with hmac verification, any help of yours would be welcome.

I'm trying to setup an architecture with three clients/servers and using hmac/hmac_check to guarantee the integrity of the logs. Logs 1 are created by client 1 and sent to client 2, which check their integrity, logs 2 are created by client 2, and both logs 1 and 2 are send in the end to client 3 which finally check for integrity for both of them. Here is a "beautiful" scheme to illustrate my words:

client 1 ---hmac(logs 1)---> client 2 ---hmac_check(logs 1) + hmac(logs 2)---> client 3 ---hmac_check(logs 1) + hmac_check(logs2) + hmac(logs 3)-->...

I would have multiple routes on each clients and I would use different instances of each processor on each route to avoid having errors like "processor X already used in route A and was not load in the route B". Also, I would be using batchcompress between client 1 and 2 but UDP between client 2 and 3.

I'm wondering how you would do this thing? Would you open multiple UDP ports on client 3 to receive independantly logs coming from client 1 and client 2 and check the hmac independantly or would you send those two logs on the same network port and check them with the same hmac_check processor? And would you use multiple routes to process independantly logs coming from different clients because of the hmac integrity check?

Thank you in advance, Kind Regards,

AskedJanuary 17, 2020 - 5:22pm

Answer (1)

Due to how the HMAC is calculated, there is an initial value and then all other values are chained from the previous. So initial>1>2>3 and so on. Per route, there can only be one HMAC/CHECK due to this. The feature is run as a processor module as well, so in=>HMAC=>out --> in2=>HMAC_CHECK=>out2

-MisaZ

Comments (1)