I am trying to wrap my head around HOTP values, and I believe the essential building block is understanding the SHA-1 hashing function. I am coding in C, and I have seen many examples of people implementing the SHA1 function using libraries, such as OpenSSL. My question is, if I am attempting to implement my code on hardware that will not have internet access, is it viable to implement SHA1 using a library, or is it possible to create the function from scratch in the code?
I have tried implementing the sha1 algorithm by using libraries from openSSL, however I am not sure if this is the right approach.
Related
My C code uses librypto.a library to link to the compiled source code at the final stage for implementing RSA algorithm.
When a vulnerability scan was done, it comes back with a YARA signature match for the following:
YARA signature "ldpreload" classified file as as "backdoor" based on indicators: "dlopen,dlsym,fopen,fopen64,__fxstat,accept,Accept,open,Open,OPEN,opendir,readdir"
This is because I use the libcrypto.a library from Open SSL. I thought this is a widely used library for implementing crypro algorithms. How to mitigate this issue? Should try to get this whitelisted as I was not able to find any other way of implementing RSA in C without having to use OpenSSL libraries.
I need an HMAC implementation with SHA384 in C. It is needed for some API I'm writing.
If anyone can provide at least a starting point I would be happy. Thanks!
Use the openssl library.
An example of using openssl to generate an SHA384 hash is here: http://www.askyb.com/cpp/openssl-sha384-hashing-example-in-cpp/
It claims to be in C++ but it's pretty much straight C.
I'm trying to implement some basic AES/DES encryption/decryption in small apps. Mainly to store sensitive user information.
I've seen a lot of examples of implementations in C which is what I want because it's easy to use in Objective-C later, but I can't really make them work. Most of the examples are from 5-10 years ago and have a lot of deprecated and unused stuff and I can't simply make them work. Other just end up in segmentation fault and other errors.
Lately I've been reading a book called "Network Security With OpenSSL". It has a lot of interesting content, but I can't compile most of the examples.
I was already able to encrypt/decrypt stuff using OpenSSL in PHP and on the command line interface too, but no luck with C.
Can someone please give me working examples from today (not from 10 years ago!) how I should work with this in C?
From the same folks:
https://opensource.conformal.com/viewgit/?a=viewblob&p=cyphertite&h=899259f8ba145c11087088ec83153db524031800&hb=6782c6839d847fbed0aed8c55917e78b5684110f&f=cyphertite/ct_crypto.c
Look at the ct_crypto_* functions. They use AES-XTS which is a much better idea then DES (don't use DES!!)
Code compiles and works like a champ. There are examples in the code but they might be a little tangly but everything is there to do it right.
The best example I know of which is both concise and useable out-of-the-box is AgglomeratedSSL, which is an OpenSSL wrapper: https://opensource.conformal.com/wiki/Agglomerated_SSL. Comes with a few example clients and servers using the wrapper API, and the code itself is an example of using OpenSSL for basic tasks.
PS: For a humorous look at the state of OpenSSL documentation, see http://www.peereboom.us/assl/assl/html/openssl.html
I'm trying to use public key crypto to sign and later verify a file. The file is a simple plaintext file that contains user information for authoring purposes.
I tried different sites for a C implementation of a public key crypto algorithm but I haven't found anything. A lot of sites point to using certificates (x.509, etc) but that is way beyond what I need. I am just looking for a way to generate and public and private keys and use a relatively well known algorithm to sign and verify a file.
Any pointers to a pure C implementation out there? The focus is on code that I can reuse and not external libs. The main problem being that I don't want to have to link against a full lib and its dependencies in order to have a very basic public key system.
Thanks.
OpenSSL is a very good package. You can just use the crypto library portion, which provides basic RSA implementations. That might be in line with what you are looking for.
Cryptlib is another alternative that could work for you. It has some strange licensing issues though, so consider those depending on how you will be using it.
Crypto++ is a set of different crypto technologies, and includes RSA, so you might try that.
Finally, RSA is not terribly complex to implement, so you could even implement it yourself using GMP, which provides the necessary mathematical functions you would need.
You may want to look at the well-respected, debugged, and tested OpenSSL libraries. Although OpenSSL is primarily for SSL/TLS networking, it contains extremely good implementations of many cryptographic protocols, which are often used by themselves for general cryptography.
Hope this helps!
DJ Bernstein's curve25519 lets you create public/private key pairs. It does not have functions for signing, but you should be able to figure that part out with not too much hassle.
Update: In the mean time, there's also Ed25519 which already has the signature generation stuff figured out, without you having to jump through hoops. Same author, same availability of software (also e.g. "Donna" implementation and python binding), same ease of use, comparable speed.
The original implementation as well as the "Donna" implementation are both available under very liberal licenses.
You need to compile one file and call exactly one function to generate a key pair, and it's very fast. No obscure requirements for the public key. All one ever needs for some "cheap, fast, easy public key crypto".
I think that there was an answer[1] that fitted your question on :: Small RSA or DSA lib without dependencies
You may find LibTomCrypt useful. It's written in C, supports RSA and
DSA (along with a host of other algorithms), and is public domain
software. You can read about its features here: http://libtom.org/?page=features
[1] https://stackoverflow.com/a/1735526/68338 ( courtesy of https://stackoverflow.com/users/33837/emerick-rogul )
The answers on this question contain some interesting links to other libraries.
However, I remember that there exists some reference source code in C for RSA and private key cryptography. I will add a link as soon as I have found it ;-)
EDIT
I just found "this link" (http://www.hackchina.com/en/cont/93068 - open on your own risk) - not sure about the source and details of that code. But, however, in the past the link to the original RSA reference implementation was contained somewhere in OpenSSL source or its documentation. Which is based on cryptsoft.com's library. I am sure the source can still be found somewhere on www.rsa.com/rsalabs/ - but I could not find it, and I am running out of time for now. Good luck ;-)
I'm trying to write an audio analysis application, and I need to identify local maxima in a 2D array which represents a spectrogram. I've already got an open source library that can generate the spectrogram using Fast Fourier Transforms, but I was wondering if anybody knew of any good libraries to help me with actually finding the maxima? I'm not quite sure what to search Google for - the best I could think of was "numerical library" but that hasn't got me very far.
Preferably in C, but I'm open to other suggestions.
Peak finding is a fairly general problem. It has already been discussed once on SO as Peak detection of measured signal.
The answers provided include several viable heuristics.
Of course, I prefer my own answer if you need rigor, but ROOT is written in c++, and is almost certainly too heavy for your application, so you'll need to strip out just the code you want...
The GNU Scientific Library features a multidimensional minimization framework that can be made to work for maximization easily enough. It's designed to only return a single minimum rather than a bunch of different minima, however.