Can anyone recommend libraries (native Smalltalk or via FFI)
to do generate a HMAC-SHA512 ? cheers -ben |
> On 10 Dec 2017, at 10:01, Ben Coman <[hidden email]> wrote: > > Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? > > cheers -ben Well Pharo itself of course ! (HMAC on: SHA256) key: (ByteArray new: 32); digestMessage: #[1 2 3]. SHA256 new hmac key: (ByteArray new: 32); digestMessage: #[1 2 3]. Sven PS: You might like this one too https://medium.com/concerning-pharo/the-code-behind-google-authenticator-9c59c606a572 |
In reply to this post by Ben Coman
Good to have extensions to Cryptography to include SHA-512, along with SHA-384. For that matter there seems to be other extensions could be made to Cryptography to support the proximate TLS 1.3, see references below for algorithms/groups specifiable. Cryptography would love to be extended for these, although OpenSSL should pick up TLS 1.3 for standardized wrapped implementation of TLS. - HH
|
In reply to this post by Sven Van Caekenberghe-2
On 10 December 2017 at 18:23, Sven Van Caekenberghe <[hidden email]> wrote:
Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective. However SHA256 != SHA512 which is a defined requirement of the site I'm accessing. What I understand from the trace is that the HMAC is generic regardless of size of SHA function and could remain in-Image while the SHA512 part could be supplied from outside the image. I could perhaps use the one from the OpenSSL library already included with Pharo. $ readelf -a ./pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0 | grep 512 EVP_sha512 SHA512_Init SHA512_Update SHA512_Transform SHA512_Final where the "EVP function provide a high level interface to OpenSSL cryptographic functions." and I guess could be used similar to... ftp://188.44.46.157/Augustus/blatSrc/lib/hmac.c except I'm not sure how I'd use proceed without it taking any parameters... const EVP_MD *EVP_sha512(void); // include/openssl/evp.h The lower level functions could be used like... unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); int SHA512_Init(SHA512_CTX *c); // include/openssl/sha.h int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); Actually the lower level functions look easier from an FFI perspective. Other options I found... but it seems to be NativeBoost rather than UFFI, and also is Linux only (which might not be an issue) * https://github.com/mygityf/cipher/blob/master/cipher/sha512.h https://github.com/mygityf/cipher/blob/master/cipher/sha512.c to compile into a (hopefully) cross platform shared library cheers -ben P.S. I learnt today that "SHA-512 is faster than SHA-256 on 64 bit machines (as they use 64 bit arithmetic internally)" https://stackoverflow.com/a/18083633 |
In reply to this post by Ben Coman
Hi Ben,
I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf which you can install from the Pharo Project Catalog in Pharo 6.x Cheers, Hernán 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>: > Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? > > cheers -ben |
In reply to this post by Ben Coman
> On 10 Dec 2017, at 17:46, Ben Coman <[hidden email]> wrote: > > Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective. > However SHA256 != SHA512 which is a defined requirement of the site I'm accessing. I was too quick. There is also http://www.samadhiweb.com/blog/2017.02.18.shacrypt.html I prefer code written in Pharo, but if you need real performance, then native code will be needed. Are you sure SHA512 is not in the Cryptography package ? |
SHA512 is not in the Cryptography package, but it would be great to see it there, with an appropriate plugin, of course, for performance. I am toying with the idea of extending SSL to include TLS 1.3, and that would require SHA512, plus it would be great to keep the Cryptography package current. Adding TLS 1.3 would be a fair amount of work requiring Diffie-Hellman group extensions to ephemeral elliptic curves, in addition. I am unsure what symmetric ciphers are used by TLS 1.3 also. The advantage is that it is automatically cross-platform, even with plugin generation, such that Cryptography could be used on the big 3 as well as on ARM, Android and iOS. I'll keep dreaming about it.
|
On 11 December 2017 at 03:08, henry <[hidden email]> wrote:
Given that SSL is "so last century" [https://www.polyglotdeveloper.com/timeline/2015-07-01-ssl-tls-timeline/] with security issues [Section 2.2 https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices] and latency improvements in upcoming TLS1.3 [https://www.keycdn.com/blog/tls-1-3] perhaps this would make a good bounty to be done outside the current planned work for engineering resources. There seem several potential resources available [http://www.squeaksource.com/Cryptography.html] Could a plan be made to address TLS? cheers -ben |
In reply to this post by hernanmd
2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? On 11 December 2017 at 01:30, Hernán Morales Durand <[hidden email]> wrote: Hi Ben, Thanks Henry. That looks like path of least resistance. I hit a stumbling block that took a short while to understand. The library binary downloaded specified by ConfigruationOfNacl>>platformLibraryUrl is libsodium: ELF 32-bit LSB shared object whereas I'm using 64bit Linux. I have the following system library preinstalled... /usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared object However its api is slightly different. Pharo Nacl makes this call out... crypto_hash_sha512_ref() but the system library provides... 56: 0000000000014dc0 175 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512_final 81: 0000000000014c40 384 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512_update 154: 0000000000014bd0 106 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512_init 233: 0000000000014e70 114 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512 342: 0000000000012330 6 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512_bytes 351: 0000000000012340 6 FUNC GLOBAL DEFAULT 11 crypto_hash_sha512_statebytes The canonical source doesn't seem to have the function so I'm curious where the "_ref" comes from. My options seem... * Compile a 64-bit libsodium from source which includes "_ref" functions. Where is such source? * Use the system libsodium and define an FFI callout just for the one function I need. cheers -ben |
On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote:
Whoops, I meant thanks Hernán.
btw, I discovered just now that FFILibrary>>unix64ModuleName was introduced this year. So presumably with the following you could include both bit'ness libraries in the libsodium.so.gz file specified in ConfigurationOfNacl >> platformLibraryUrl. FFILbrary subclass: #Nacl instanceVariableNames: '' classVariableNames: '' package: 'Crypto-Nacl' Nacl >> unixModuleName ^ 'libsodium.so' Nacl >> unix64ModuleName ^ 'libsodium64.so' Nacl class >> apiXXX ^ self ffiCall: #(void XXX()) module: Nacl
btw, I'm doing the latter for now as the immediate path of least resistance. Thanks Hernan, for the tip on libsodium. cheers -ben |
In reply to this post by Ben Coman
On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote:
> where the "EVP function provide a high level interface to OpenSSL > cryptographic functions." Hi Ben, As it happened, over the weekend I implemented the Pharo wrappers for the EVP_DigestSign* and EVP_DigestVerify* APIs. It is straightforward to add the non-public key-using message digest functions, so I've just done it. Code snippets: | msg st c | msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'. st := SHA256 hashMessage: msg asByteArray. c := LcEvpSHA256 new hashMessage: msg asByteArray. st = c => true Using Sven's example: | msg st c | key := ByteArray new: 32. msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'. st := (HMAC on: SHA256) key: key; digestMessage: msg asByteArray. c := (HMAC on: LcEvpSHA256) key: key; digestMessage: msg asByteArray. st = c => true Code at http://smalltalkhub.com/#!/~PierceNg/OpenSSL-Pharo. I've also added tests for SHA256 similar to the snippets above. I will add SHA512 tests when I find the test vectors. In the next two weeks when I have some time off from work, I will attempt to move the repo to GH. Meanwhile, I've added you as a contributor to the STH repo if you'd like to hack on it. Pierce |
In reply to this post by Ben Coman
2017-12-11 5:28 GMT-03:00 Ben Coman <[hidden email]>:
> > > On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote: >> >> 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>: >> > Can anyone recommend libraries (native Smalltalk or via FFI) >> > to do generate a HMAC-SHA512 ? >> >> On 11 December 2017 at 01:30, Hernán Morales Durand >> <[hidden email]> wrote: >>> >>> Hi Ben, >>> >>> I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf >>> which you can install from the Pharo Project Catalog in Pharo 6.x >> >> >> Thanks Henry. That looks like path of least resistance. > > > Whoops, I meant thanks Hernán. > > > >> >> I hit a stumbling block that took a short while to understand. >> The library binary downloaded specified by >> ConfigruationOfNacl>>platformLibraryUrl >> is libsodium: ELF 32-bit LSB shared object >> whereas I'm using 64bit Linux. > > > btw, I discovered just now that FFILibrary>>unix64ModuleName > was introduced this year. So presumably with the following > you could include both bit'ness libraries in the libsodium.so.gz > file specified in ConfigurationOfNacl >> platformLibraryUrl. > > FFILbrary subclass: #Nacl > instanceVariableNames: '' > classVariableNames: '' > package: 'Crypto-Nacl' > > Nacl >> unixModuleName > ^ 'libsodium.so' > > Nacl >> unix64ModuleName > ^ 'libsodium64.so' > > Nacl class >> apiXXX > ^ self ffiCall: #(void XXX()) > module: Nacl > > Done. Thank you Ben. All tests passes in Windows, so I uploaded a new Configuration with updated dev version. Let me know any issues. > > >> >> >> I have the following system library preinstalled... >> /usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared >> object >> >> However its api is slightly different. Pharo Nacl makes this call out... >> crypto_hash_sha512_ref() >> >> but the system library provides... >> 56: 0000000000014dc0 175 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512_final >> 81: 0000000000014c40 384 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512_update >> 154: 0000000000014bd0 106 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512_init >> 233: 0000000000014e70 114 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512 >> 342: 0000000000012330 6 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512_bytes >> 351: 0000000000012340 6 FUNC GLOBAL DEFAULT 11 >> crypto_hash_sha512_statebytes >> >> The canonical source doesn't seem to have the function >> >> https://github.com/jedisct1/libsodium/search?utf8=%E2%9C%93&q=+crypto_hash_sha512_ref >> so I'm curious where the "_ref" comes from. >> >> My options seem... >> * Compile a 64-bit libsodium from source which includes "_ref" functions. >> Where is such source? >> The official sources seem to be here: https://download.libsodium.org/libsodium/releases/ I discovered that the version we use in the Pharo binding is old, so I will update to the latest version as next step. >> * Use the system libsodium and define an FFI callout just for the one >> function I need. > > > btw, I'm doing the latter for now as the immediate path of least resistance. > Thanks Hernan, for the tip on libsodium. > > cheers -ben Cheers Hernán |
2017-12-11 10:13 GMT-03:00 Hernán Morales Durand <[hidden email]>:
> 2017-12-11 5:28 GMT-03:00 Ben Coman <[hidden email]>: >> >> >> On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote: >>> >>> 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>: >>> > Can anyone recommend libraries (native Smalltalk or via FFI) >>> > to do generate a HMAC-SHA512 ? >>> >>> On 11 December 2017 at 01:30, Hernán Morales Durand >>> <[hidden email]> wrote: >>>> >>>> Hi Ben, >>>> >>>> I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf >>>> which you can install from the Pharo Project Catalog in Pharo 6.x >>> >>> >>> Thanks Henry. That looks like path of least resistance. >> >> >> Whoops, I meant thanks Hernán. >> >> >> >>> >>> I hit a stumbling block that took a short while to understand. >>> The library binary downloaded specified by >>> ConfigruationOfNacl>>platformLibraryUrl >>> is libsodium: ELF 32-bit LSB shared object >>> whereas I'm using 64bit Linux. >> >> >> btw, I discovered just now that FFILibrary>>unix64ModuleName >> was introduced this year. So presumably with the following >> you could include both bit'ness libraries in the libsodium.so.gz >> file specified in ConfigurationOfNacl >> platformLibraryUrl. >> >> FFILbrary subclass: #Nacl >> instanceVariableNames: '' >> classVariableNames: '' >> package: 'Crypto-Nacl' >> >> Nacl >> unixModuleName >> ^ 'libsodium.so' >> >> Nacl >> unix64ModuleName >> ^ 'libsodium64.so' >> >> Nacl class >> apiXXX >> ^ self ffiCall: #(void XXX()) >> module: Nacl >> >> > > Done. Thank you Ben. > > All tests passes in Windows, so I uploaded a new Configuration with > updated dev version. > Let me know any issues. > BTW you can install the dev version using: Metacello new smalltalkhubUser: 'tonyg' project: 'Crypto-Nacl'; configuration: 'Nacl'; version: #development; load. >> >> >>> >>> >>> I have the following system library preinstalled... >>> /usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared >>> object >>> >>> However its api is slightly different. Pharo Nacl makes this call out... >>> crypto_hash_sha512_ref() >>> >>> but the system library provides... >>> 56: 0000000000014dc0 175 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512_final >>> 81: 0000000000014c40 384 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512_update >>> 154: 0000000000014bd0 106 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512_init >>> 233: 0000000000014e70 114 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512 >>> 342: 0000000000012330 6 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512_bytes >>> 351: 0000000000012340 6 FUNC GLOBAL DEFAULT 11 >>> crypto_hash_sha512_statebytes >>> >>> The canonical source doesn't seem to have the function >>> >>> https://github.com/jedisct1/libsodium/search?utf8=%E2%9C%93&q=+crypto_hash_sha512_ref >>> so I'm curious where the "_ref" comes from. >>> >>> My options seem... >>> * Compile a 64-bit libsodium from source which includes "_ref" functions. >>> Where is such source? >>> > > The official sources seem to be here: > https://download.libsodium.org/libsodium/releases/ > I discovered that the version we use in the Pharo binding is old, so I > will update to the latest version as next step. > >>> * Use the system libsodium and define an FFI callout just for the one >>> function I need. >> >> >> btw, I'm doing the latter for now as the immediate path of least resistance. >> Thanks Hernan, for the tip on libsodium. >> >> cheers -ben > > Cheers > > Hernán |
In reply to this post by Pierce Ng-3
On 11 December 2017 at 20:28, Pierce Ng <[hidden email]> wrote: On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote: I don't about SHA512-only, but I found some HMACSHA512 test vectors at https://tools.ietf.org/html/rfc4231. I've attached the first five tests I got working against LibSodium.
thx. cheers -ben x.zip (2K) Download Attachment |
In reply to this post by Pierce Ng-3
On 11 December 2017 at 20:28, Pierce Ng <[hidden email]> wrote: On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote: Great! Looks like you've been busy! I was going to ask why these updates aren't being pushed an OpenSSL repo shared with Squeak, since things should not be much different at this low level, but actually it was hard to determine which was the original repo. I see... seems to have not beenupdated since 2012. cheers -ben I've also added tests for SHA256 similar to the snippets above. I will add |
On Tue, Dec 12, 2017 at 12:52:11AM +0800, Ben Coman wrote:
> I was going to ask why these updates aren't being pushed an OpenSSL repo > shared with Squeak, > since things should not be much different at this low level, but actually > it was hard to > determine which was the original repo. I see... > http://www.squeaksource.com/SqueakSSL.html > seems to have not beenupdated since 2012. I think this might be the SSL plugin which is now part of the VM and is still called SqueakSSL. My library is for access to the crypto/X509 functions in OpenSSL's libcrypto. For green field applications I recommend using NaCl aka libsodium with its modern algorithms and crypto-safe programming practices. Pierce |
In reply to this post by Ben Coman
Hi Ben, all,
So after all this what's the recommended way to use HMAC-SHA512 in Pharo 6? I'd need it in combination with PBKDF2 to replicate this Python call: PBKDF2(password, salt, iterations, macmodule=hmac, digestmodule=hashlib.sha512).read(64) Regards, Esteban A. Maringolo 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>: > Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? > > cheers -ben |
PBKDF2 is in Cryptography yet I think it may hardcore HMAC-SHA256. An implementation of SHA512 in Cryptography be so cool 😎
Sent from ProtonMail Mobile
Hi Ben, all, So after all this what's the recommended way to use HMAC-SHA512 in Pharo 6? I'd need it in combination with PBKDF2 to replicate this Python call: PBKDF2(password, salt, iterations, macmodule=hmac, digestmodule=hashlib.sha512).read(64) Regards, Esteban A. Maringolo 2017-12-10 6:01 GMT-03:00 Ben Coman : > Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? > > cheers -ben |
In reply to this post by Esteban A. Maringolo
On 2 March 2018 at 10:43, Esteban A. Maringolo <[hidden email]> wrote: Hi Ben, all, Start poking around here... I'd need it in combination with PBKDF2 to replicate this Python call: I guess with iterations=1 you should get the same result as libsodium I had to play around a bit before I worked out where to use bytes and where to use hex strings.It might help to run these test cases through PBKDF2... cheers -ben
|
2018-03-02 8:54 GMT-03:00 Ben Coman <[hidden email]>:
> On 2 March 2018 at 10:43, Esteban A. Maringolo <[hidden email]> wrote: >> So after all this what's the recommended way to use HMAC-SHA512 in Pharo >> 6? > Libsodium installation instructions... > https://github.com/Traadh/bittrex Why did you create BittrexLibsodium library wrapper instead of a plain Libsodium wrapper like the one at http://smalltalkhub.com/#!/~tonyg/Crypto-Nacl/ ? >> I'd need it in combination with PBKDF2 to replicate this Python call: >> PBKDF2(password, salt, iterations, macmodule=hmac, >> digestmodule=hashlib.sha512).read(64) > I guess with iterations=1 you should get the same result as libsodium > I had to play around a bit before I worked out where to use bytes and where > to use hex strings. > It might help to run these test cases through PBKDF2... > https://github.com/Traadh/bittrex/tree/master/src/Bittrex.package/BittrexLibsodiumTest.class/instance Well, I need 2048 iterations. There is a PBKDF2 package made by Udo Schneider, and seems to be easily pluggable with a different hashing algorithm, so I'd need a SHA512 class. Thanks in advance. Regards. Esteban A. Maringolo |
Free forum by Nabble | Edit this page |