On 10 December 2017 at 18:23, Sven Van Caekenberghe <s...@stfx.eu> wrote:
> > > > On 10 Dec 2017, at 10:01, Ben Coman <b...@openinworld.com> wrote: > > > > Can anyone recommend libraries (native Smalltalk or via FFI) > > to do generate a HMAC-SHA512 ? > > > > cheers -ben > > Well Pharo itself of course ! > (HMAC on: SHA256) > key: (ByteArray new: 32); > digestMessage: #[1 2 3]. > > SHA256 new hmac > key: (ByteArray new: 32); > digestMessage: #[1 2 3]. > > Thanks Sven. Its interesting to trace that through to put other stuff I've read about HMAC into perspective. However SHA256 != SHA512 which is a defined requirement of the site I'm accessing. What I understand from the trace is that the HMAC is generic regardless of size of SHA function and could remain in-Image while the SHA512 part could be supplied from outside the image. I could perhaps use the one from the OpenSSL library already included with Pharo. $ readelf -a ./pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0 | grep 512 EVP_sha512 SHA512_Init SHA512_Update SHA512_Transform SHA512_Final where the "EVP function provide a high level interface to OpenSSL cryptographic functions." and I guess could be used similar to... ftp://188.44.46.157/Augustus/blatSrc/lib/hmac.c except I'm not sure how I'd use proceed without it taking any parameters... const EVP_MD *EVP_sha512(void); // include/openssl/evp.h The lower level functions could be used like... http://www.askyb.com/cpp/openssl-sha512-hashing-example-in-cpp/ https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/crypto/sha/sha512.c#L264 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); int SHA512_Init(SHA512_CTX *c); // include/openssl/sha.h int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); Actually the lower level functions look easier from an FFI perspective. Other options I found... * http://forum.world.st/How-to-encrypt-a-password-td3933585.html#a3933778 but it seems to be NativeBoost rather than UFFI, and also is Linux only (which might not be an issue) * https://github.com/mygityf/cipher/blob/master/cipher/sha512.h https://github.com/mygityf/cipher/blob/master/cipher/sha512.c to compile into a (hopefully) cross platform shared library cheers -ben P.S. I learnt today that "SHA-512 is faster than SHA-256 on 64 bit machines (as they use 64 bit arithmetic internally)" https://stackoverflow.com/a/18083633
