Cryptographic Hashes in Qt (HMAC-SHA1, PBKDF2, Md5)

At times we need to generate cryptographic hashes for encryption purposes. This can be done in Qt using QCryptographicHash or QCA (Qt Cryptographic Architecture). QCA is a cross-platform crypto API, using Qt datatypes and conventions, hence we need to download and build it separately and include it in Qt. On the other hand QCryptographicHash class comes with Qt itself and can be used to generate cryptographic hashes.

Using QCA increases the size of our application as we need to include qca plugins and library in our application bundle to make it deployable (I’ll explain how to build and deploy QCA in my next post). Therefore I prefer to use qt’s inbuilt class QCryptographicHash if requirements can be completed using this.

Even after some research I couldn’t find a way to generate PBKDF2 using QCryptographicHash, therefore I am using QCA to generate PBKDF2 from a string/byte-array.

In this post I’ll explain how to generate HMAC-SHA1 and Md5 hash using QCryptographicHash, and generate PBKDF2 using QCA library.

Here is the code to generate HMAC-SHA1 of public key and a secret base string:

// Returns HMAC-SHA1 encrypted signature composed of public key and secret base string
QString hmacSha1(QByteArray key, QByteArray baseString)
{
    int blockSize = 64; // HMAC-SHA-1 block size, defined in SHA-1 standard
    if (key.length() > blockSize) { // if key is longer than block size (64), reduce key length with SHA-1 compression
        key = QCryptographicHash::hash(key, QCryptographicHash::Sha1);
    }
    QByteArray innerPadding(blockSize, char(0x36)); // initialize inner padding with char "6"
    QByteArray outerPadding(blockSize, char(0x5c)); // initialize outer padding with char "\"
    // ascii characters 0x36 ("6") and 0x5c ("\") are selected because they have large
    // Hamming distance (http://en.wikipedia.org/wiki/Hamming_distance)

    for (int i = 0; i < key.length(); i++) {
        innerPadding[i] = innerPadding[i] ^ key.at(i); // XOR operation between every byte in key and innerpadding, of key length
        outerPadding[i] = outerPadding[i] ^ key.at(i); // XOR operation between every byte in key and outerpadding, of key length
    }

    // result = hash ( outerPadding CONCAT hash ( innerPadding CONCAT baseString ) ).toBase64
    QByteArray total = outerPadding;
    QByteArray part = innerPadding;
    part.append(baseString);
    total.append(QCryptographicHash::hash(part, QCryptographicHash::Sha1));
    QByteArray hashed = QCryptographicHash::hash(total, QCryptographicHash::Sha1);

    QString result = QCA::arrayToHex(hashed);
    return result;
}

Above method will return the HMAC-SHA1 hex as a string. Now, lets see how to generate md5 hash from the content of a file.

QString md5Hash(QString path)
{
    QFile file(path);
    if(!file.exists())
    {
        qDebug()<<"File does not exist to read md5hash";
        return "";
    }
    if (!file.open(QIODevice::ReadOnly))
    {
        qDebug()<<"error in reading file: "<<path;
        return "";
    }

    QByteArray fileContent(file.readAll());

    QByteArray fileHash = QCryptographicHash::hash(fileContent, QCryptographicHash::Md5);

    file.close();

    QString result = QString(fileHash.toHex());
   
    qDebug()<<"md5 : "<<result;

    return result;
}

Now, the last we are going to discuss here is PBKDF2. We will need to use QCA for this.
PBKDF2 of a string can be generated by passing the salt value, iterations and length of the key.
Here is the code to generate PBKDF2 from a password string passed in the function :

QString pbkdf2(QString password, QString salt, int length, int iterations)
{
    if(!QCA::isSupported("pbkdf2(sha1)", "qca-ossl"))
    {
       qDebug()<<"PBKDF version 2 with SHA1 not supported  ";
    }
    else
    {
        QCA::InitializationVector esalt(QCA::SecureArray(salt.toUtf8()));
        QCA::SecureArray epassword(password.toUtf8());
        QCA::SymmetricKey passwordOut = QCA::PBKDF2("sha1", "qca-ossl").makeKey (epassword, esalt, length, iterations);
        QString result = QCA::arrayToHex(passwordOut.toByteArray());
        return result;
     }
    return "";
}

Note: When using QCA classes remember to include the header <QtCrypto/QtCrypto>

Written By: Neha Gupta

Upload files using POCO C++ Libraries

I have recently worked on uploading files using POCO and it gave me a hard time to get it work properly. I dint get much working tutorials on client side programming to upload a binary file to a upload link using POCO. So I thought of writing one by myself to help others who are facing the same problem.

Below is the code to upload any file as multipart form data by reading the entire data of file as binary :

Note that this may not work for large files as reading the entire data (1GB or more) in a variable will take a lot of memory and will slow down the system. You must consider chunked upload for this case by reading the file data in a fixed size buffer and uploading in chunks.

void uploadFile(const char* uploadLink, const char* filePath, const char* filename)
{
   try
   {
      //Prepare request
      Poco::URI uri(uploadLink);

      Poco::Net::HTTPClientSession session(uri.getHost(), uri.getPort());

      session.setKeepAlive(true);

      // prepare path
      std::string path(uri.getPathAndQuery());
      if (path.empty())
      {
         path = "/";
      }

      Poco::Net::HTTPRequest req(Poco::Net::HTTPRequest::HTTP_POST, path, Poco::Net::HTTPMessage::HTTP_1_1);

      // Set headers
      // Set Multipart type and some boundary value 
      req.setContentType("multipart/form-data; boundary=-------------------------87142694621188");

     // Append boundary, content type and disposition to file data

      std::string boundary = "-------------------------87142694621188";
      std::string data1("---------------------------87142694621188\r\nContent-Disposition: form-data; name=\"data\"; filename=\"");
      std::string data2(filename);
      std::string data3("\";\r\nContent-Type: application/octet-stream\r\n\r\n");

      std::string data4("\r\n---------------------------87142694621188--\r\n");
  
    // Read File Data in binary
      std::ifstream file (filePath,std::ios::binary);
      std::ostringstream ostrm;
      ostrm << file.rdbuf();

      std::string reqBody;
      reqBody.append(data1);
      reqBody.append(data2);
      reqBody.append(data3);
      reqBody.append(ostrm.str());
      reqBody.append(data4);

      req.setContentLength(reqBody.length());

      req.setKeepAlive(true);
      
      // sends request, returns open stream
      std::ostream& myOStream = session.sendRequest(req);
      // sends the body
      myOStream << reqBody;

      Poco::Net::HTTPResponse res;

      std::istream& rs = session.receiveResponse(res);

      //Get status code
      int statusCode = (int)res.getStatus();

      //Get status
      std::string status = res.getReason();

      std::string response;
      while(rs)
      {
         response.push_back(char(rs.get()));
      }
      std::cout<<"\nStatusCode: "<<statusCode<<"\nStatus: "<<status<<"\nResponse: "<<response;
  }
  catch(Poco::Exception& exception)
  {
       //Set Response for Exception
       std::cout<<"\nException occurred while uploading: "<<exception.displayText();
  }
}

The above method accepts the file name, upload link and complete file path (path along with file name) as parameters. Then we read the entire file data as binary and send the HTTP POST request to the server with the complete file data and boundaries appended. This uploads the file to server and we get the response received and the Http Status code.

Written By: Neha Gupta

QFileSystemWatcher: Monitor directories and get Rename, Delete, Add, Modify notifications with the name and path of the modified file/dir.

QFileSystemWatcher gives notification if the watched directory is modified. But it does not give any information about the type of change. So here I am going to explain that how you can find the change (rename, add, delete, modify) and the name of the file/dir (inside the watched dir) that is modified.

First of all add a class to your project. Lets name it “MyFileSystemWatcher”.

Now add a class variable of type QFileSystemWatcher to this class and a function to add paths to watch.

We will add two slots directoryUpdated(QString path) and fileUpdated(QString path) that will be connected to corresponding signals that are emitted when some change occurs in the watched dir/file.

Also we need a variable to maintain the list of current contents in a directory, and that can be compared to the directory contents after a change is notified to find out the name of file changed and the type of change. We’ll use a QMap having a  QString as key and QStringList as its value for this purpose. The key will be the path of some directory and the value will be the list of names of all files/directories it contains.

Hence moving on, your header file  MyFileSystemWatcher.h will look like:

#ifndef MYFILESYSTEMWATCHER_H

#define MYFILESYSTEMWATCHER_H

#include <QObject>
#include <QStringList>
#include <QMap>
#include <QFileSystemWatcher>

class MyFileSystemWatcher : public QObject
{
   Q_OBJECT

   public:

      static MyFileSystemWatcher* _instance; //singleton class instance

      QMap<QString, QStringList> _currContents; //maintain list of current contents of each watched directory
 
      QFileSystemWatcher* _sysWatcher;  //QFileSystemWatcher variable
     
      static void addWatchPath(QString path);

public slots:

      void directoryUpdated(const QString & path);  //called when a watched directory is updated. "path" is the path of watched directory in which change occured
      void fileUpdated(const QString & path);   //called when a watched file is modified."path" is the path of watched file which is modified
};

In the implementation file, we will allocate memory to the singleton instance of class and the QFileSystemWatcher variable “_sysWatcher”, also we will maintain the currents contents of each directory path that is watched(added to watcher) and compare the contents in the directoryUpdated() method called when a watched directory is modified.

So here is what the implementation file MyFileSystemWatcher.cpp will look like:

#include "MyFileSystemWatcher.h"

MyFileSystemWatcher* MyFileSystemWatcher::_instance = 0;

// Add a file or directory path to be watched

void MyFileSystemWatcher::addWatchPath(QString path)
{
   qDebug()<<"Add to watch: "<<path;
  
// Allocate memory to instance if not already allocated 

   if(_instance == 0)
   {
        _instance = new MyFileSystemWatcher;
        _instance->_sysWatcher = new QFileSystemWatcher();

// Connect the directoryChanged and fileChanged signals of QFileSystemWatcher to corresponding slots

        connect(_instance->_sysWatcher,SIGNAL(directoryChanged( QString )),_instance,SLOT(directoryUpdated(QString)));
        connect(_instance->_sysWatcher,SIGNAL(fileChanged( QString )),_instance,SLOT(fileUpdated(QString)));
   }
    
   _instance->_sysWatcher->addPath(path);  //add path to watch

// Save the list of current contents if the added path is a directory
 
    QFileInfo f(path);

    if(f.isDir())
    {
         const QDir dirw(path);
         _instance->_currContents[path] = dirw.entryList(QDir::NoDotAndDotDot | QDir::AllDirs | QDir::Files, QDir::DirsFirst);
    }   

}

// Slot invoked whenever any of the watched directory is updated (some file in the watched dir is added, deleted or renamed)

void MyFileSystemWatcher::directoryUpdated(const QString & path)
{
    qDebug()<<"Directory updated: "<<path;

// Compare the latest contents to saved contents for the dir updated to find out the difference(change) 
    
    QStringList currEntryList = _instance->_currContents[path];
    const QDir dir(path);

    QStringList newEntryList = dir.entryList(QDir::NoDotAndDotDot  | QDir::AllDirs | QDir::Files, QDir::DirsFirst);

    QSet<QString> newDirSet = QSet<QString>::fromList( newEntryList );
 
    QSet<QString> currentDirSet = QSet<QString>::fromList( currEntryList );

   // Files that have been added
    QSet<QString> newFiles = newDirSet - currentDirSet;
    QStringList newFile = newFiles.toList();

   // Files that have been removed
    QSet<QString> deletedFiles = currentDirSet - newDirSet;
    QStringList deleteFile = deletedFiles.toList();

   // Update the current set
    _instance->_currContents[path] = newEntryList;

   if(!newFile.isEmpty() && !deleteFile.isEmpty())
   {
       // File/Dir is renamed

       if(newFile.count() == 1 && deleteFile.count() == 1)
       {
           qDebug()<<"File Renamed from "<<newFile.first()<<" to "<<deleteFile.first();
       }
   }

   else
   {
        // New File/Dir Added to Dir
        if(!newFile.isEmpty())
        {

             qDebug()<<"New Files/Dirs added: "<<newFile;

             foreach(QString file, newFile)
             {
                     //Handle Operation on new files.....
             }
        }

        // File/Dir is deleted from Dir

        if(!deleteFile.isEmpty())
        {
            qDebug()<<"Files/Dirs deleted: "<<deleteFile;
            foreach(QString file, deleteFile)
            {
                // Handle operation of each deleted file....
            }
        }

    }

  }


// Slot invoked whenever the watched file is modified

void MyFileSystemWatcher::fileUpdated(const QString & path)
{
    QFileInfo file(path);

    QString path1 = file.absolutePath();

    QString name = file.fileName();

    qDebug()<<"The file "<<name<<" at path "<<path1<<" is updated";
}

This way you may add any no. of paths to the watcher by calling the static method “addWatchPath:” and the path can be either a file or directory.
If you want to watch a directory as well as all its sub directories, you need to add the path of parent directory and path of all its sub directories recursively to the watcher.

For Example:

If you want to watch a directory “ABC” in the C drive, just call the method

MyFileSystemwatcher::addWatchPath("C:/ABC");

This is all about QFileSystemWatcher. However there is a known bug in using it for recursive monitoring on Windows. To know more about this check out my other post.

Written By: Neha Gupta