Foreign Function Interface and OpenSSL Issue

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Foreign Function Interface and OpenSSL Issue

Brad Lindsay
Since Lasso uses the openSSL library, I’ve been trying to access that library via Lasso 9’s foreign function interface to get access to things like SHA256 and SHA512. Here’s the code I have so far:

define encrypt_sha256(value::string) => encrypt_sha256(bytes(#value))
define encrypt_sha256(value::bytes)  =>
    _ffi('SHA256', 'C', 'C', #value, 'i32', #value->size)->encodeHex


define encrypt_sha512(value::string) => encrypt_sha512(bytes(#value))
define encrypt_sha512(value::bytes)  =>
    _ffi('SHA512', 'C', 'C', #value, 'i32', #value->size)->encodeHex


The problem comes when using [encrypt_sha512]: Sometimes I get the right answer, but other times (after loading it in a new process) I get extra stuff tacked on the end. For example, [encryt_sha512('foo')] should sometimes has added "38" on to the end and at other times added "10AEA10301" to the end.

Also, I can never get this example to work:

encrypt_sha512('dddf')
// => 0A464FF05980AA76B01BBFD93D280E

That’s it, it stops there and is missing the last 100 characters or so. And this is consistently doing this for that value. I have no clue what’s going on. 

While I have yet to get encrypt_sha256 to fail, the fact that encrypt_sha512 is failing makes me worried that I may have something wrong with it too.

If anyone knows what the issue is, please let me know.

Thanks,
Brad


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Foreign Function Interface and OpenSSL Issue

Alex Betz-2
hmm, are you sure you are not making your live unnecessarily difficult. I
found the section in the lassoguide very helpful when I was struggling with
this notoriously difficult subject:

http://lassoguide.com/operations/encryption.html

I would try to use something along the lines:

bytes(encrypt_hmac(-password = '******', -token = 'string_to_sign', -digest
= 'SHA512', -base64 = true))->encodehex

assuming that cipher_list(-digest) gives you SHA512 as an option.

Maybe I am barking up the wrong tree?

Good luck
Alex

On 28 January 2015 at 20:50, Brad Lindsay <[hidden email]> wrote:

> Since Lasso uses the openSSL library, I’ve been trying to access that
> library via Lasso 9’s foreign function interface to get access to things
> like SHA256 and SHA512. Here’s the code I have so far:
>
> define encrypt_sha256(value::string) => encrypt_sha256(bytes(#value))
> define encrypt_sha256(value::bytes)  =>
>     _ffi('SHA256', 'C', 'C', #value, 'i32', #value->size)->encodeHex
>
>
> define encrypt_sha512(value::string) => encrypt_sha512(bytes(#value))
> define encrypt_sha512(value::bytes)  =>
>     _ffi('SHA512', 'C', 'C', #value, 'i32', #value->size)->encodeHex
>
>
> The problem comes when using [encrypt_sha512]: Sometimes I get the right
> answer, but other times (after loading it in a new process) I get extra
> stuff tacked on the end. For example, [encryt_sha512('foo')] should
> sometimes has added "38" on to the end and at other times added
> "10AEA10301" to the end.
>
> Also, I can never get this example to work:
>
> encrypt_sha512('dddf')
> // => 0A464FF05980AA76B01BBFD93D280E
>
> That’s it, it stops there and is missing the last 100 characters or so.
> And this is consistently doing this for that value. I have no clue what’s
> going on.
>
> While I have yet to get encrypt_sha256 to fail, the fact that
> encrypt_sha512 is failing makes me worried that I may have something wrong
> with it too.
>
> If anyone knows what the issue is, please let me know.
>
> Thanks,
> Brad
>
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Foreign Function Interface and OpenSSL Issue

Brad Lindsay
On January 29, 2015 at 8:00:09 AM, Alex Betz ([hidden email]) wrote:

> hmm, are you sure you are not making your live unnecessarily difficult. I
> found the section in the lassoguide very helpful when I was struggling with
> this notoriously difficult subject:
>  
> http://lassoguide.com/operations/encryption.html
>  
> I would try to use something along the lines:
>  
> bytes(encrypt_hmac(-password = '******', -token = 'string_to_sign', -digest
> = 'SHA512', -base64 = true))->encodehex
>  
> assuming that cipher_list(-digest) gives you SHA512 as an option.
>  
> Maybe I am barking up the wrong tree?

If you go farther down in the guide, there’s a nicer function to use: cipher_digest. It would be great if I could do something like this:
    [cipher_digest(#my_value, -digest='SHA512', -hex)]
Unfortunately I can’t for the very reason you mention, [cipher_list(-digest)] doesn’t list SHA512 or SHA256.

This is weird because the OpenSSL library Lasso is using clearly has these (and other) hashing algorithms, but Lasso can’t access them through cipher_digest. My guess is that Lasso is using an older interface with OpenSSL or there’s some bug in OpenSSL that doesn’t register all the digests.

This is what led me to use the Foreign Function Interface since I know Lasso has access to the OpenSSL library, and I know these methods exist in there. My only other option is to use [sys_process] with the openssl executable, but I’d like to avoid doing that if I can.


Thanks,
Brad

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Foreign Function Interface and OpenSSL Issue

Jussi Hirvi-2
On my CentOS 6 system, cipher_list(-digest) shows

array: (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160)

And cipher_list

array: (DES-ECB), (DES-EDE), (DES-CFB), (DES-OFB), (DES-CBC),
(DES-EDE3-CBC), (RC4), (RC2-CBC), (BF-CBC), (CAST5-CBC)

I can still do
        cipher_digest($myvar,-digest='sha256')

Even though SHA256 is not listed as such.

So maybe you could just try SHA512 and see if it works. If not, maybe
you can get it to work by installing something new (??) on your system
level.

- Jussi

On 29.1.2015 16.03, Brad Lindsay wrote:

> On January 29, 2015 at 8:00:09 AM, Alex Betz ([hidden email])
> wrote:
>> hmm, are you sure you are not making your live unnecessarily
>> difficult. I found the section in the lassoguide very helpful when
>> I was struggling with this notoriously difficult subject:
>>
>> http://lassoguide.com/operations/encryption.html
>>
>> I would try to use something along the lines:
>>
>> bytes(encrypt_hmac(-password = '******', -token = 'string_to_sign',
>> -digest = 'SHA512', -base64 = true))->encodehex
>>
>> assuming that cipher_list(-digest) gives you SHA512 as an option.
>>
>> Maybe I am barking up the wrong tree?
>
> If you go farther down in the guide, there’s a nicer function to use:
> cipher_digest. It would be great if I could do something like this:
> [cipher_digest(#my_value, -digest='SHA512', -hex)] Unfortunately I
> can’t for the very reason you mention, [cipher_list(-digest)] doesn’t
> list SHA512 or SHA256.
>
> This is weird because the OpenSSL library Lasso is using clearly has
> these (and other) hashing algorithms, but Lasso can’t access them
> through cipher_digest. My guess is that Lasso is using an older
> interface with OpenSSL or there’s some bug in OpenSSL that doesn’t
> register all the digests.
>
> This is what led me to use the Foreign Function Interface since I
> know Lasso has access to the OpenSSL library, and I know these
> methods exist in there. My only other option is to use [sys_process]
> with the openssl executable, but I’d like to avoid doing that if I
> can.
>
>
> Thanks, Brad
>
> #############################################################
>
> This message is sent to you because you are subscribed to the mailing
> list Lasso [hidden email] Official list archives available
> at http://www.lassotalk.com To unsubscribe, E-mail to:
> <[hidden email]> Send administrative queries
> to  <[hidden email]>
>


--
Jussi Hirvi * Green Spot
Suvilahdenkatu 1 B 78 * 00500 Helsinki * Puh. 09 493 981
Matkapuh. 040 771 2098 (vain tekstiviestit)
[hidden email] * http://www.greenspot.fi

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Foreign Function Interface and OpenSSL Issue

Brad Lindsay
My digest list is the exact same, and my other list has all that you listed and a couple more. (This is on OS X 10.10)

However, if I try sha256 or sha512 like you suggest, I get “-9956 Unknown digest name.” (This is 9.2.7 - maybe it adds a layer of checking before trying?)

Thanks,
Brad


On January 29, 2015 at 10:43:42 AM, Jussi Hirvi ([hidden email]) wrote:

> On my CentOS 6 system, cipher_list(-digest) shows
>  
> array: (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160)
>  
> And cipher_list
>  
> array: (DES-ECB), (DES-EDE), (DES-CFB), (DES-OFB), (DES-CBC),
> (DES-EDE3-CBC), (RC4), (RC2-CBC), (BF-CBC), (CAST5-CBC)
>  
> I can still do
> cipher_digest($myvar,-digest='sha256')
>  
> Even though SHA256 is not listed as such.
>  
> So maybe you could just try SHA512 and see if it works. If not, maybe
> you can get it to work by installing something new (??) on your system
> level.
>  
> - Jussi
>  
> On 29.1.2015 16.03, Brad Lindsay wrote:
> > On January 29, 2015 at 8:00:09 AM, Alex Betz ([hidden email])
> > wrote:
> >> hmm, are you sure you are not making your live unnecessarily
> >> difficult. I found the section in the lassoguide very helpful when
> >> I was struggling with this notoriously difficult subject:
> >>
> >> http://lassoguide.com/operations/encryption.html
> >>
> >> I would try to use something along the lines:
> >>
> >> bytes(encrypt_hmac(-password = '******', -token = 'string_to_sign',
> >> -digest = 'SHA512', -base64 = true))->encodehex
> >>
> >> assuming that cipher_list(-digest) gives you SHA512 as an option.
> >>
> >> Maybe I am barking up the wrong tree?
> >
> > If you go farther down in the guide, there’s a nicer function to use:
> > cipher_digest. It would be great if I could do something like this:
> > [cipher_digest(#my_value, -digest='SHA512', -hex)] Unfortunately I
> > can’t for the very reason you mention, [cipher_list(-digest)] doesn’t
> > list SHA512 or SHA256.
> >
> > This is weird because the OpenSSL library Lasso is using clearly has
> > these (and other) hashing algorithms, but Lasso can’t access them
> > through cipher_digest. My guess is that Lasso is using an older
> > interface with OpenSSL or there’s some bug in OpenSSL that doesn’t
> > register all the digests.
> >
> > This is what led me to use the Foreign Function Interface since I
> > know Lasso has access to the OpenSSL library, and I know these
> > methods exist in there. My only other option is to use [sys_process]
> > with the openssl executable, but I’d like to avoid doing that if I
> > can.
> >
> >
> > Thanks, Brad
> >
> > #############################################################
> >
> > This message is sent to you because you are subscribed to the mailing
> > list Lasso [hidden email] Official list archives available
> > at http://www.lassotalk.com To unsubscribe, E-mail to:
> > Send administrative queries
> > to  
> >
>  
>  
> --
> Jussi Hirvi * Green Spot
> Suvilahdenkatu 1 B 78 * 00500 Helsinki * Puh. 09 493 981
> Matkapuh. 040 771 2098 (vain tekstiviestit)
> [hidden email] * http://www.greenspot.fi
>  
> #############################################################
>  
> This message is sent to you because you are subscribed to
> the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to:  
> Send administrative queries to  


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Foreign Function Interface and OpenSSL Issue

Jussi Hirvi-2
In reply to this post by Jussi Hirvi-2
On 29.1.2015 17.43, Jussi Hirvi wrote:
> On my CentOS 6 system, cipher_list(-digest) shows

Correcting myself: this system is CentOS 5, not 6.

I don't remember for sure if SHA256 worked just out of the box or if I
installed something to get it to work.

- Jussi

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>