HMAC-SHA512

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

HMAC-SHA512

Ben Coman
Can anyone recommend libraries (native Smalltalk or via FFI)
to do generate a HMAC-SHA512 ?

cheers -ben
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Sven Van Caekenberghe-2


> On 10 Dec 2017, at 10:01, Ben Coman <[hidden email]> wrote:
>
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben

Well Pharo itself of course !

(HMAC on: SHA256)
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].

SHA256 new hmac
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].

Sven

PS: You might like this one too https://medium.com/concerning-pharo/the-code-behind-google-authenticator-9c59c606a572
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

henry
In reply to this post by Ben Coman
Good to have extensions to Cryptography to include SHA-512, along with SHA-384. For that matter there seems to be other extensions could be made to Cryptography to support the proximate TLS 1.3, see references below for algorithms/groups specifiable.  Cryptography would love to be extended for these, although OpenSSL should pick up TLS 1.3 for standardized wrapped implementation of TLS.


- HH


-------- Original Message --------
Subject: [Pharo-users] HMAC-SHA512
Local Time: December 10, 2017 4:01 AM
UTC Time: December 10, 2017 9:01 AM
To: Any question about pharo is welcome <[hidden email]>

Can anyone recommend libraries (native Smalltalk or via FFI)
to do generate a HMAC-SHA512 ?

cheers -ben

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman
In reply to this post by Sven Van Caekenberghe-2


On 10 December 2017 at 18:23, Sven Van Caekenberghe <[hidden email]> wrote:


> On 10 Dec 2017, at 10:01, Ben Coman <[hidden email]> wrote:
>
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben

Well Pharo itself of course ! 

(HMAC on: SHA256)
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].

SHA256 new hmac
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].


Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective.
However SHA256 != SHA512 which is a defined requirement of the site I'm accessing.

What I understand from the trace is that the HMAC is generic regardless of size of SHA function
and could remain in-Image while the SHA512 part could be supplied from outside the image. 
I could perhaps use the one from the OpenSSL library already included with Pharo.

$ readelf -a ./pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0 | grep 512
   EVP_sha512
   SHA512_Init
   SHA512_Update
   SHA512_Transform
   SHA512_Final

where the "EVP function provide a high level interface to OpenSSL cryptographic functions."
and I guess could be used similar to...  ftp://188.44.46.157/Augustus/blatSrc/lib/hmac.c
except I'm not sure how I'd use proceed without it taking any parameters... 

        const EVP_MD *EVP_sha512(void);   // include/openssl/evp.h


The lower level functions could be used like...

unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);

int SHA512_Init(SHA512_CTX *c);     // include/openssl/sha.h
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);

Actually the lower level functions look easier from an FFI perspective.


Other options I found... 

   but it seems to be NativeBoost rather than UFFI, and also is Linux only (which might not be an issue) 

  to compile into a (hopefully) cross platform shared library


cheers -ben

P.S. I learnt today that "SHA-512 is faster than SHA-256 on 64 bit machines (as they use 64 bit arithmetic internally)"
https://stackoverflow.com/a/18083633




Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

hernanmd
In reply to this post by Ben Coman
Hi Ben,

I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
which you can install from the Pharo Project Catalog in Pharo 6.x
Cheers,

Hernán





2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Sven Van Caekenberghe-2
In reply to this post by Ben Coman


> On 10 Dec 2017, at 17:46, Ben Coman <[hidden email]> wrote:
>
> Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective.
> However SHA256 != SHA512 which is a defined requirement of the site I'm accessing.

I was too quick.

There is also http://www.samadhiweb.com/blog/2017.02.18.shacrypt.html

I prefer code written in Pharo, but if you need real performance, then native code will be needed. Are you sure SHA512 is not in the Cryptography package ?
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

henry

-------- Original Message --------
Subject: Re: [Pharo-users] HMAC-SHA512
Local Time: December 10, 2017 1:20 PM
UTC Time: December 10, 2017 6:20 PM
To: Any question about pharo is welcome <[hidden email]>


On 10 Dec 2017, at 17:46, Ben Coman [hidden email] wrote:
Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective.
However SHA256 != SHA512 which is a defined requirement of the site I'm accessing.

I was too quick.


I prefer code written in Pharo, but if you need real performance, then native code will be needed. Are you sure SHA512 is not in the Cryptography package ?

SHA512 is not in the Cryptography package, but it would be great to see it there, with an appropriate plugin, of course, for performance. I am toying with the idea of extending SSL to include TLS 1.3, and that would require SHA512, plus it would be great to keep the Cryptography package current. Adding TLS 1.3 would be a fair amount of work requiring Diffie-Hellman group extensions to ephemeral elliptic curves, in addition. I am unsure what symmetric ciphers are used by TLS 1.3 also. The advantage is that it is automatically cross-platform, even with plugin generation, such that Cryptography could be used on the big 3 as well as on ARM, Android and iOS. I'll keep dreaming about it.
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman


On 11 December 2017 at 03:08, henry <[hidden email]> wrote:

-------- Original Message --------
Subject: Re: [Pharo-users] HMAC-SHA512
Local Time: December 10, 2017 1:20 PM
UTC Time: December 10, 2017 6:20 PM
To: Any question about pharo is welcome <[hidden email]>


On 10 Dec 2017, at 17:46, Ben Coman [hidden email] wrote:
Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective.
However SHA256 != SHA512 which is a defined requirement of the site I'm accessing.

I was too quick.


I prefer code written in Pharo, but if you need real performance, then native code will be needed. Are you sure SHA512 is not in the Cryptography package ?

SHA512 is not in the Cryptography package, but it would be great to see it there, with an appropriate plugin, of course, for performance. I am toying with the idea of extending SSL to include TLS 1.3, and that would require SHA512, plus it would be great to keep the Cryptography package current. Adding TLS 1.3 would be a fair amount of work requiring Diffie-Hellman group extensions to ephemeral elliptic curves, in addition. I am unsure what symmetric ciphers are used by TLS 1.3 also. The advantage is that it is automatically cross-platform, even with plugin generation, such that Cryptography could be used on the big 3 as well as on ARM, Android and iOS. I'll keep dreaming about it.

and latency improvements in upcoming TLS1.3   [https://www.keycdn.com/blog/tls-1-3]
perhaps this would make a good bounty to be done outside the current planned work for engineering resources.
There seem several potential resources available  [http://www.squeaksource.com/Cryptography.html]

Could a plan be made to address TLS?

cheers -ben
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman
In reply to this post by hernanmd
2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?

On 11 December 2017 at 01:30, Hernán Morales Durand <[hidden email]> wrote:
Hi Ben,

I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
which you can install from the Pharo Project Catalog in Pharo 6.x

Thanks Henry.  That looks like path of least resistance. 

I hit a stumbling block that took a short while to understand.
The library binary downloaded specified by ConfigruationOfNacl>>platformLibraryUrl
is  libsodium: ELF 32-bit LSB shared object
whereas I'm using 64bit Linux. 

I have the following system library preinstalled... 
/usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared object

However its api is slightly different.  Pharo Nacl makes this call out...
   crypto_hash_sha512_ref()

but the system library provides...
    56: 0000000000014dc0   175 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_final
    81: 0000000000014c40   384 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_update
   154: 0000000000014bd0   106 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_init
   233: 0000000000014e70   114 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512
   342: 0000000000012330     6 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_bytes
   351: 0000000000012340     6 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_statebytes

The canonical source doesn't seem to have the function
so I'm curious where the "_ref" comes from. 

My options seem...
* Compile a 64-bit libsodium from source which includes "_ref" functions. Where is such source?
* Use the system libsodium and define an FFI callout just for the one function I need.

cheers -ben
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman


On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote:
2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?

On 11 December 2017 at 01:30, Hernán Morales Durand <[hidden email]> wrote:
Hi Ben,

I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
which you can install from the Pharo Project Catalog in Pharo 6.x

Thanks Henry.  That looks like path of least resistance.

Whoops, I meant thanks Hernán.  


 
 I hit a stumbling block that took a short while to understand.
The library binary downloaded specified by ConfigruationOfNacl>>platformLibraryUrl
is  libsodium: ELF 32-bit LSB shared object
whereas I'm using 64bit Linux. 

btw, I discovered just now that FFILibrary>>unix64ModuleName 
was introduced this year.  So presumably with the following
you could include both bit'ness libraries in the libsodium.so.gz 
file specified in ConfigurationOfNacl >> platformLibraryUrl.

FFILbrary subclass: #Nacl
instanceVariableNames: ''
classVariableNames: ''
package: 'Crypto-Nacl'

Nacl >> unixModuleName
    ^ 'libsodium.so'

Nacl >> unix64ModuleName
    ^ 'libsodium64.so'

Nacl class >> apiXXX 
^ self ffiCall: #(void XXX())  
                 module: Nacl



 

I have the following system library preinstalled... 
/usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared object

However its api is slightly different.  Pharo Nacl makes this call out...
   crypto_hash_sha512_ref()

but the system library provides...
    56: 0000000000014dc0   175 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_final
    81: 0000000000014c40   384 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_update
   154: 0000000000014bd0   106 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_init
   233: 0000000000014e70   114 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512
   342: 0000000000012330     6 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_bytes
   351: 0000000000012340     6 FUNC    GLOBAL DEFAULT   11 crypto_hash_sha512_statebytes

The canonical source doesn't seem to have the function
so I'm curious where the "_ref" comes from. 

My options seem...
* Compile a 64-bit libsodium from source which includes "_ref" functions. Where is such source? 
* Use the system libsodium and define an FFI callout just for the one function I need.

btw, I'm doing the latter for now as the immediate path of least resistance.   
Thanks Hernan, for the tip on libsodium.

cheers -ben
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Pierce Ng-3
In reply to this post by Ben Coman
On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote:
> where the "EVP function provide a high level interface to OpenSSL
> cryptographic functions."

Hi Ben,

As it happened, over the weekend I implemented the Pharo wrappers for the
EVP_DigestSign* and EVP_DigestVerify* APIs. It is straightforward to add the
non-public key-using message digest functions, so I've just done it. Code
snippets:

  | msg st c |
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := SHA256 hashMessage: msg asByteArray.
  c := LcEvpSHA256 new hashMessage: msg asByteArray.
  st = c
  => true

Using Sven's example:

  | msg st c |
  key := ByteArray new: 32.
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := (HMAC on: SHA256) key: key; digestMessage: msg asByteArray.
  c := (HMAC on: LcEvpSHA256) key: key; digestMessage: msg asByteArray.
  st = c
  => true

Code at http://smalltalkhub.com/#!/~PierceNg/OpenSSL-Pharo.

I've also added tests for SHA256 similar to the snippets above.  I will add
SHA512 tests when I find the test vectors.

In the next two weeks when I have some time off from work, I will attempt to
move the repo to GH. Meanwhile, I've added you as a contributor to the STH
repo if you'd like to hack on it.

Pierce


Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

hernanmd
In reply to this post by Ben Coman
2017-12-11 5:28 GMT-03:00 Ben Coman <[hidden email]>:

>
>
> On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote:
>>
>> 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
>> > Can anyone recommend libraries (native Smalltalk or via FFI)
>> > to do generate a HMAC-SHA512 ?
>>
>> On 11 December 2017 at 01:30, Hernán Morales Durand
>> <[hidden email]> wrote:
>>>
>>> Hi Ben,
>>>
>>> I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
>>> which you can install from the Pharo Project Catalog in Pharo 6.x
>>
>>
>> Thanks Henry.  That looks like path of least resistance.
>
>
> Whoops, I meant thanks Hernán.
>
>
>
>>
>>  I hit a stumbling block that took a short while to understand.
>> The library binary downloaded specified by
>> ConfigruationOfNacl>>platformLibraryUrl
>> is  libsodium: ELF 32-bit LSB shared object
>> whereas I'm using 64bit Linux.
>
>
> btw, I discovered just now that FFILibrary>>unix64ModuleName
> was introduced this year.  So presumably with the following
> you could include both bit'ness libraries in the libsodium.so.gz
> file specified in ConfigurationOfNacl >> platformLibraryUrl.
>
> FFILbrary subclass: #Nacl
> instanceVariableNames: ''
> classVariableNames: ''
> package: 'Crypto-Nacl'
>
> Nacl >> unixModuleName
>     ^ 'libsodium.so'
>
> Nacl >> unix64ModuleName
>     ^ 'libsodium64.so'
>
> Nacl class >> apiXXX
> ^ self ffiCall: #(void XXX())
>                  module: Nacl
>
>

Done. Thank you Ben.

All tests passes in Windows, so I uploaded a new Configuration with
updated dev version.
Let me know any issues.

>
>
>>
>>
>> I have the following system library preinstalled...
>> /usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared
>> object
>>
>> However its api is slightly different.  Pharo Nacl makes this call out...
>>    crypto_hash_sha512_ref()
>>
>> but the system library provides...
>>     56: 0000000000014dc0   175 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512_final
>>     81: 0000000000014c40   384 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512_update
>>    154: 0000000000014bd0   106 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512_init
>>    233: 0000000000014e70   114 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512
>>    342: 0000000000012330     6 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512_bytes
>>    351: 0000000000012340     6 FUNC    GLOBAL DEFAULT   11
>> crypto_hash_sha512_statebytes
>>
>> The canonical source doesn't seem to have the function
>>
>> https://github.com/jedisct1/libsodium/search?utf8=%E2%9C%93&q=+crypto_hash_sha512_ref
>> so I'm curious where the "_ref" comes from.
>>
>> My options seem...
>> * Compile a 64-bit libsodium from source which includes "_ref" functions.
>> Where is such source?
>>

The official sources seem to be here:
https://download.libsodium.org/libsodium/releases/
I discovered that the version we use in the Pharo binding is old, so I
will update to the latest version as next step.

>> * Use the system libsodium and define an FFI callout just for the one
>> function I need.
>
>
> btw, I'm doing the latter for now as the immediate path of least resistance.
> Thanks Hernan, for the tip on libsodium.
>
> cheers -ben

Cheers

Hernán

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

hernanmd
2017-12-11 10:13 GMT-03:00 Hernán Morales Durand <[hidden email]>:

> 2017-12-11 5:28 GMT-03:00 Ben Coman <[hidden email]>:
>>
>>
>> On 11 December 2017 at 13:09, Ben Coman <[hidden email]> wrote:
>>>
>>> 2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
>>> > Can anyone recommend libraries (native Smalltalk or via FFI)
>>> > to do generate a HMAC-SHA512 ?
>>>
>>> On 11 December 2017 at 01:30, Hernán Morales Durand
>>> <[hidden email]> wrote:
>>>>
>>>> Hi Ben,
>>>>
>>>> I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
>>>> which you can install from the Pharo Project Catalog in Pharo 6.x
>>>
>>>
>>> Thanks Henry.  That looks like path of least resistance.
>>
>>
>> Whoops, I meant thanks Hernán.
>>
>>
>>
>>>
>>>  I hit a stumbling block that took a short while to understand.
>>> The library binary downloaded specified by
>>> ConfigruationOfNacl>>platformLibraryUrl
>>> is  libsodium: ELF 32-bit LSB shared object
>>> whereas I'm using 64bit Linux.
>>
>>
>> btw, I discovered just now that FFILibrary>>unix64ModuleName
>> was introduced this year.  So presumably with the following
>> you could include both bit'ness libraries in the libsodium.so.gz
>> file specified in ConfigurationOfNacl >> platformLibraryUrl.
>>
>> FFILbrary subclass: #Nacl
>> instanceVariableNames: ''
>> classVariableNames: ''
>> package: 'Crypto-Nacl'
>>
>> Nacl >> unixModuleName
>>     ^ 'libsodium.so'
>>
>> Nacl >> unix64ModuleName
>>     ^ 'libsodium64.so'
>>
>> Nacl class >> apiXXX
>> ^ self ffiCall: #(void XXX())
>>                  module: Nacl
>>
>>
>
> Done. Thank you Ben.
>
> All tests passes in Windows, so I uploaded a new Configuration with
> updated dev version.
> Let me know any issues.
>

BTW you can install the dev version using:

Metacello new
    smalltalkhubUser: 'tonyg' project: 'Crypto-Nacl';
    configuration: 'Nacl';
    version: #development;
    load.


>>
>>
>>>
>>>
>>> I have the following system library preinstalled...
>>> /usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared
>>> object
>>>
>>> However its api is slightly different.  Pharo Nacl makes this call out...
>>>    crypto_hash_sha512_ref()
>>>
>>> but the system library provides...
>>>     56: 0000000000014dc0   175 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512_final
>>>     81: 0000000000014c40   384 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512_update
>>>    154: 0000000000014bd0   106 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512_init
>>>    233: 0000000000014e70   114 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512
>>>    342: 0000000000012330     6 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512_bytes
>>>    351: 0000000000012340     6 FUNC    GLOBAL DEFAULT   11
>>> crypto_hash_sha512_statebytes
>>>
>>> The canonical source doesn't seem to have the function
>>>
>>> https://github.com/jedisct1/libsodium/search?utf8=%E2%9C%93&q=+crypto_hash_sha512_ref
>>> so I'm curious where the "_ref" comes from.
>>>
>>> My options seem...
>>> * Compile a 64-bit libsodium from source which includes "_ref" functions.
>>> Where is such source?
>>>
>
> The official sources seem to be here:
> https://download.libsodium.org/libsodium/releases/
> I discovered that the version we use in the Pharo binding is old, so I
> will update to the latest version as next step.
>
>>> * Use the system libsodium and define an FFI callout just for the one
>>> function I need.
>>
>>
>> btw, I'm doing the latter for now as the immediate path of least resistance.
>> Thanks Hernan, for the tip on libsodium.
>>
>> cheers -ben
>
> Cheers
>
> Hernán

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman
In reply to this post by Pierce Ng-3


On 11 December 2017 at 20:28, Pierce Ng <[hidden email]> wrote:
On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote:
> where the "EVP function provide a high level interface to OpenSSL
> cryptographic functions."

Hi Ben,

As it happened, over the weekend I implemented the Pharo wrappers for the
EVP_DigestSign* and EVP_DigestVerify* APIs. It is straightforward to add the
non-public key-using message digest functions, so I've just done it. Code
snippets:

  | msg st c |
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := SHA256 hashMessage: msg asByteArray.
  c := LcEvpSHA256 new hashMessage: msg asByteArray.
  st = c
  => true

Using Sven's example:

  | msg st c |
  key := ByteArray new: 32.
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := (HMAC on: SHA256) key: key; digestMessage: msg asByteArray.
  c := (HMAC on: LcEvpSHA256) key: key; digestMessage: msg asByteArray.
  st = c
  => true

Code at http://smalltalkhub.com/#!/~PierceNg/OpenSSL-Pharo.

I've also added tests for SHA256 similar to the snippets above.  I will add
SHA512 tests when I find the test vectors.

I don't about SHA512-only, but I found some HMACSHA512 test vectors 
at https://tools.ietf.org/html/rfc4231.   I've attached the first five tests I got 
working against LibSodium.  

 

 
 

In the next two weeks when I have some time off from work, I will attempt to
move the repo to GH. Meanwhile, I've added you as a contributor to the STH
repo if you'd like to hack on it.

thx.

cheers -ben

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman
In reply to this post by Pierce Ng-3


On 11 December 2017 at 20:28, Pierce Ng <[hidden email]> wrote:
On Mon, Dec 11, 2017 at 12:46:59AM +0800, Ben Coman wrote:
> where the "EVP function provide a high level interface to OpenSSL
> cryptographic functions."

Hi Ben,

As it happened, over the weekend I implemented the Pharo wrappers for the
EVP_DigestSign* and EVP_DigestVerify* APIs. It is straightforward to add the
non-public key-using message digest functions, so I've just done it. Code
snippets:

  | msg st c |
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := SHA256 hashMessage: msg asByteArray.
  c := LcEvpSHA256 new hashMessage: msg asByteArray.
  st = c
  => true

Using Sven's example:

  | msg st c |
  key := ByteArray new: 32.
  msg := 'Grumpy wizards make toxic brew for the evil Queen and Jack.'.
  st := (HMAC on: SHA256) key: key; digestMessage: msg asByteArray.
  c := (HMAC on: LcEvpSHA256) key: key; digestMessage: msg asByteArray.
  st = c
  => true

Code at http://smalltalkhub.com/#!/~PierceNg/OpenSSL-Pharo.


Great! Looks like you've been busy!  

I was going to ask why these updates aren't being pushed an OpenSSL repo shared with Squeak,
since things should not be much different at this low level, but actually it was hard to 
determine which was the original repo. I see...
seems to have not beenupdated since 2012.

cheers -ben


I've also added tests for SHA256 similar to the snippets above.  I will add
SHA512 tests when I find the test vectors.

In the next two weeks when I have some time off from work, I will attempt to
move the repo to GH. Meanwhile, I've added you as a contributor to the STH
repo if you'd like to hack on it.

 
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Pierce Ng-3
On Tue, Dec 12, 2017 at 12:52:11AM +0800, Ben Coman wrote:
> I was going to ask why these updates aren't being pushed an OpenSSL repo
> shared with Squeak,
> since things should not be much different at this low level, but actually
> it was hard to
> determine which was the original repo. I see...
>    http://www.squeaksource.com/SqueakSSL.html
> seems to have not beenupdated since 2012.

I think this might be the SSL plugin which is now part of the VM and is still
called SqueakSSL.

My library is for access to the crypto/X509 functions in OpenSSL's libcrypto.

For green field applications I recommend using NaCl aka libsodium with its
modern algorithms and crypto-safe programming practices.

Pierce


Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Esteban A. Maringolo
In reply to this post by Ben Coman
Hi Ben, all,

So after all this what's the recommended way to use HMAC-SHA512 in Pharo 6?

I'd need it in combination with PBKDF2 to replicate this Python call:
PBKDF2(password, salt, iterations, macmodule=hmac,
digestmodule=hashlib.sha512).read(64)

Regards,

Esteban A. Maringolo


2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben

Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

henry
PBKDF2 is in Cryptography yet I think it may hardcore HMAC-SHA256. An implementation of SHA512 in Cryptography be so cool 😎 

Sent from ProtonMail Mobile


On Thu, Mar 1, 2018 at 21:43, Esteban A. Maringolo <[hidden email]> wrote:
Hi Ben, all, So after all this what's the recommended way to use HMAC-SHA512 in Pharo 6? I'd need it in combination with PBKDF2 to replicate this Python call: PBKDF2(password, salt, iterations, macmodule=hmac, digestmodule=hashlib.sha512).read(64) Regards, Esteban A. Maringolo 2017-12-10 6:01 GMT-03:00 Ben Coman : > Can anyone recommend libraries (native Smalltalk or via FFI) > to do generate a HMAC-SHA512 ? > > cheers -ben
Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Ben Coman
In reply to this post by Esteban A. Maringolo



On 2 March 2018 at 10:43, Esteban A. Maringolo <[hidden email]> wrote:
Hi Ben, all,

So after all this what's the recommended way to use HMAC-SHA512 in Pharo 6?

Start poking around here...
 

I'd need it in combination with PBKDF2 to replicate this Python call:
PBKDF2(password, salt, iterations, macmodule=hmac,
digestmodule=hashlib.sha512).read(64)

I guess with iterations=1 you should get the same result as libsodium
I had to play around a bit before I worked out where to use bytes and where to use hex strings.

It might help to run these test cases through PBKDF2... 

 
cheers -ben
 

Regards,

Esteban A. Maringolo


2017-12-10 6:01 GMT-03:00 Ben Coman <[hidden email]>:
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben


Reply | Threaded
Open this post in threaded view
|

Re: HMAC-SHA512

Esteban A. Maringolo
2018-03-02 8:54 GMT-03:00 Ben Coman <[hidden email]>:

> On 2 March 2018 at 10:43, Esteban A. Maringolo <[hidden email]> wrote:

>> So after all this what's the recommended way to use HMAC-SHA512 in Pharo
>> 6?

> Libsodium installation instructions...
> https://github.com/Traadh/bittrex

Why did you create  BittrexLibsodium library wrapper instead of a
plain Libsodium wrapper like the one at
http://smalltalkhub.com/#!/~tonyg/Crypto-Nacl/ ?


>> I'd need it in combination with PBKDF2 to replicate this Python call:
>> PBKDF2(password, salt, iterations, macmodule=hmac,
>> digestmodule=hashlib.sha512).read(64)

> I guess with iterations=1 you should get the same result as libsodium
> I had to play around a bit before I worked out where to use bytes and where
> to use hex strings.
> It might help to run these test cases through PBKDF2...
> https://github.com/Traadh/bittrex/tree/master/src/Bittrex.package/BittrexLibsodiumTest.class/instance

Well, I need 2048 iterations.

There is a PBKDF2 package made by Udo Schneider, and seems to be
easily pluggable with a different hashing algorithm, so I'd need a
SHA512 class.


Thanks in advance.

Regards.


Esteban A. Maringolo

12