Hi Mindaugas,
> I didn't deal with SHA1 because it isn't considered safe anymore (just like >> MD5). It can easily be added, given we find an implementation with a Harbour >> compatible licence. >> > > MD5 and SHA1 is still used in many standards. You can use stronger hashing > in your application, but you'll need these for compatibility, ex. CRAM-MD5 > (using MD5 HMAC) is used in IMAP, see: > http://www.isi.edu/in-notes/rfc2195.txt Yes, I know. Well, let's rename the lib to hbcrypt, so all such can be included, I've also added an SHA-1 implementation, but no Harbour layer and tests. I'll leave that for the group. > 3) HMAC calculation is algorithm independent from hasing. Maybe we >> can have universal HB_HMAC() instead of HB_*_HMAC(), >> I guess code is: >> FUNC HB_HMAC(fHash, cMessage, cKey) >> IF LEN(cKey) > 64; cKey := HB_HexToStr(EVAL(fHash, cKey)) >> ENDIF >> cKey := PADR(cKey, 64, CHR(0)) >> RETURN EVAL(fHash, HB_STRXOR(cKey, 0x5C) + ; >> EVAL(fHash, HB_STRXOR(cKey, 0x36) + cMessage)) >> >> >> Good idea, but I'm personally lost with the details here :) >> > > The proposed above HB_HMAC() is full implementation of HMAC. Just see: > http://en.wikipedia.org/wiki/HMAC It is independent from hashing > algorithm. It can calculate any HMAC: > cSHA256HMAC := HB_HMAC(@HB_SHA256, cMessage, cKey) > cMD5HMAC := HB_HMAC(@HB_MD5, cMessage, cKey) > etc. Great, I'll test this and replace current HMAC implementation with this, thanks! We will need an HB_STRXOR(). Does this seem okay (UCHAR vs. BYTE might be wrong here): --- #include "hbapi.h" HB_FUNC( HB_STRXOR ) { ULONG nStrSize = hb_parclen( 1 ); UCHAR * pbyDest = ( UCHAR * ) hb_xgrab( nStrSize + 1 ); const UCHAR * pbySource = ( UCHAR * ) hb_parcx( 1 ); const UCHAR * pbyXor = ( UCHAR * ) hb_parcx( 2 ); ULONG nXorSize = hb_parclen( 2 ); ULONG nRetValPos = 0; ULONG nStrPos = 0; ULONG nXorPos = 0; while( nStrPos < nStrSize ) { pbyDest[ nRetValPos++ ] = pbySource[ nStrPos++ ] ^ ( nXorSize ? pbyXor[ nXorPos++ ] : 0 ); if( nXorPos == nXorSize ) nXorPos = 0; } hb_retclen_buffer( ( char * ) pbyDest, nStrSize ); } --- > A public domain one would be great, but couldn't find any. >> > > http://www.cryptopp.com/ source are public domain, but it's C++. I also > think it is not difficult to implement using algorithm description. Nice page. On first round these BSD sources will do, just to have something to tackle (and use), later, the group can rewrite and/or replace them with better licensed ones. > Just go ahead :) >> > > You've mentioned AES. Here I think we will need also some hb_crypt*() > functions to separate block cipher mode (ECB, CBC, PCBC, CFB, OFB) from > cipher itself (AES, DES, Blowfish, etc), just like I suggest to separate > HMAC algorithm from hashing algorithm. Definitely sounds very interesting (and also beyond my capabilities :). Brgds, Viktor
_______________________________________________ Harbour mailing list Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour
