hash_hmac tag in php

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

hash_hmac tag in php

Jussi Hirvi-2
I am still building a payment gateway. The payment operator have a
ready-made library for php, and it was pretty straight-forward to just
convert it to Lasso.

One problem though, with encryption, which always seems to be the tricky
part in this kind of gateways. Below is the problem and my
dirty solution (include a php file to process the digest part).

The original php code was like this (simplified here). This is for
calculating a MAC value based on a string of parameters.

$generatedMac = hash_hmac("sha256","$myparams",$mypw);

The problem is that in Lasso 8.6 I cannot use

encrypt_hmac(-token=$myparams,-digest=sha256,-password=$mypw)

...because that yields a Lasso error:

> [Encrypt_HMAC] The digest "sha256" is not supported by Lasso on this
> machine. Supported digest types include (MD2, MD4, MD5, SHA, SHA1,
> DSA-SHA, DSA, RIPEMD160).

(The OS is CentOS 6). However, on command line I can use SHA256:

# openssl dgst -sha256 -hmac 'mypassword' myfile

But the result is not the same as with the php tag, I don't know why. I
could  not make them match.

So my dirty solution is to use a php file to calculate. I will pass the
parameters from my payment validation ctag like this:

    local('generatedMac') =
         include_url($myserver + '/digest-test.php',
           -username='myuser',
           -password='mypass',
           -GETParams=(array('macbasis'=#macbasis))
         );

Seems to work just fine. Still, a cleaner solution would be nice. :-)

- Jussi

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: hash_hmac tag in php

Ke Carlton-3
Try running [cipher_list] as see what it returns.

Ke

On Fri, Dec 4, 2015 at 8:12 AM Jussi Hirvi <[hidden email]> wrote:

> I am still building a payment gateway. The payment operator have a
> ready-made library for php, and it was pretty straight-forward to just
> convert it to Lasso.
>
> One problem though, with encryption, which always seems to be the tricky
> part in this kind of gateways. Below is the problem and my
> dirty solution (include a php file to process the digest part).
>
> The original php code was like this (simplified here). This is for
> calculating a MAC value based on a string of parameters.
>
> $generatedMac = hash_hmac("sha256","$myparams",$mypw);
>
> The problem is that in Lasso 8.6 I cannot use
>
> encrypt_hmac(-token=$myparams,-digest=sha256,-password=$mypw)
>
> ...because that yields a Lasso error:
>
> > [Encrypt_HMAC] The digest "sha256" is not supported by Lasso on this
> > machine. Supported digest types include (MD2, MD4, MD5, SHA, SHA1,
> > DSA-SHA, DSA, RIPEMD160).
>
> (The OS is CentOS 6). However, on command line I can use SHA256:
>
> # openssl dgst -sha256 -hmac 'mypassword' myfile
>
> But the result is not the same as with the php tag, I don't know why. I
> could  not make them match.
>
> So my dirty solution is to use a php file to calculate. I will pass the
> parameters from my payment validation ctag like this:
>
>     local('generatedMac') =
>          include_url($myserver + '/digest-test.php',
>            -username='myuser',
>            -password='mypass',
>            -GETParams=(array('macbasis'=#macbasis))
>          );
>
> Seems to work just fine. Still, a cleaner solution would be nice. :-)
>
> - Jussi
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: hash_hmac tag in php

maxwellk2
In reply to this post by Jussi Hirvi-2
Had to do something similar decrypting JSON objects sent from a partner website, but in this case it was AES128, which Lasso 8.6 wasn’t able to do under Mac OS 10.10 or CentOS 6.5. I was able to get the partner to translate their sample decryption Java code into the correct OpenSSL command line structure. From there Steve Piercy helped me with a ctag that uses shell to call OpenSSL, the meat of it looks like this in Lasso 8.6:

        #out = shell('openssl enc -aes-128-cbc -d -in ' + #path + #filename + ' -K ' + #key + ' -iv ' + #iv)

Part of the ctag writes out the encrypted package to a file before calling openssl to decrypt it, not sure if your SHA256 encryption process will need to something similar.

See if the payment gateway techs can help you translate the PHP into OpenSSL CLI.

-Max


> On Dec 3, 2015, at 11:10 AM, Jussi Hirvi <[hidden email]> wrote:
>
> I am still building a payment gateway. The payment operator have a ready-made library for php, and it was pretty straight-forward to just convert it to Lasso.
>
> One problem though, with encryption, which always seems to be the tricky part in this kind of gateways. Below is the problem and my
> dirty solution (include a php file to process the digest part).
>
> The original php code was like this (simplified here). This is for
> calculating a MAC value based on a string of parameters.
>
> $generatedMac = hash_hmac("sha256","$myparams",$mypw);
>
> The problem is that in Lasso 8.6 I cannot use
>
> encrypt_hmac(-token=$myparams,-digest=sha256,-password=$mypw)
>
> ...because that yields a Lasso error:
>
>> [Encrypt_HMAC] The digest "sha256" is not supported by Lasso on this
>> machine. Supported digest types include (MD2, MD4, MD5, SHA, SHA1,
>> DSA-SHA, DSA, RIPEMD160).
>
> (The OS is CentOS 6). However, on command line I can use SHA256:
>
> # openssl dgst -sha256 -hmac 'mypassword' myfile
>
> But the result is not the same as with the php tag, I don't know why. I could  not make them match.
>
> So my dirty solution is to use a php file to calculate. I will pass the parameters from my payment validation ctag like this:
>
>   local('generatedMac') =
>        include_url($myserver + '/digest-test.php',
>          -username='myuser',
>          -password='mypass',
>          -GETParams=(array('macbasis'=#macbasis))
>        );
>
> Seems to work just fine. Still, a cleaner solution would be nice. :-)
>
> - Jussi
>
> #############################################################
>
> This message is sent to you because you are subscribed to
> the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>


#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: hash_hmac tag in php

Jussi Hirvi-2
In reply to this post by Ke Carlton-3
On 3.12.2015 21.27, Ke Carlton wrote:
 > Try running [cipher_list] as see what it returns.


I did. SHA256 is not included:

[cipher_list]

-> array: (DES-ECB), (DES-EDE), (DES-CFB), (DES-OFB), (DES-CBC),
(DES-EDE3-CBC), (RC4), (RC2-CBC), (BF-CBC), (CAST5-CBC)

[cipher_list(-digest)]

-> array: (MD2), (MD4), (MD5), (SHA), (SHA1), (DSA-SHA), (DSA), (RIPEMD160)

The latter list is almost (but not quite) the same as this, from
command-line:

# openssl list digest-commands
(...)
Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160
sha               sha1

- Jussi

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: hash_hmac tag in php

Jussi Hirvi-2
In reply to this post by maxwellk2
On 3.12.2015 22.01, Maxwell Klein wrote:
> See if the payment gateway techs can help you translate the PHP into OpenSSL CLI.

Yes, I have not asked them yet. You never know. :-)

- Jussi

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>