Home AMX User Forum AMX General Discussion

SHA-1 <> Netlinx

ericmedleyericmedley Posts: 4,177
in AMX General Discussion
I'm choosing my words carefully. :D

can anyone think of areason(s) why one could not do SHA-1 in a Netlinx program?

If not, could one do it in a DUET module?

I'm speaking specifically of making a single string, not continuous communication.

Thanks
E

Comments

  • Andrew G WelkerAndrew G Welker Posts: 124
    I don't see any reason you couldn't do it. My question is why would you want to?
  • ericmedleyericmedley Posts: 4,177
    Oh, I'm weighing the options and possible time black hole I could be getting myself in. I'm looking at a protocol that requires part of the message being hashed. (part of the message mind you - as I roll my eyes...). I can think of a couple ways to deal with the whole bit-wise operations on a 32-bit word length but don't want to spend a long time on something that will be fairly hard to test and reverse engineer.
  • PhreaKPhreaK Posts: 966
    You can definitely do it in Duet. Check out the bouncycastle library for a nice J2ME friendly implementation.

    If you decide that you want to roll it in NetLinx (not recommended) there's a couple of functions in the NCL math libary that may be of use for lshifting and rshifting 32 bit values as well as deconstructing doubles into a pair of longs for manipulation and vice versa.
  • AuserAuser Posts: 506
    We've done this in Netlinx so it is definitely possible. It is likely to be a time black hole as you intimated though...

    If you've access to Duet and are comfortable working with it I'd go down that path. We had this option also, but chose to build the algorithms in Netlinx for various reasons.

    If you do choose to roll your own in Netlinx land, be careful about the distinction between bit and byte counts in calculations especially if porting from a Javascript implementation. Two of us wrote Netlinx functions separately, one from the specification and one by porting JS code, and had the same bug in both implementations which took a while to track down. From memory it was related to bits being counted when it should have been bytes or vice versa.
  • annuelloannuello Posts: 294
    Last year I rolled my own SHA-1 in NetLinx to use as part of an OAuth scheme. (Each HTTP packet uniquely signed with HMAC-SHA1 signature, etc). This was needed for my EchoSystem module (http://opax.swin.edu.au/~romclean/amx/echo/). Ugly painful work which I remember vividly. It took me two weeks of hard-core coding to get the SHA1 working properly. I used the RFC and various C implementations as reference, and ported from there.

    If you do decide to have a go at it, do a comparison of the various online calculators first to find one that actually works properly. I found some would truncate your input (e.g. to 200 chars) before hashing, which obviously results in a radically different result. I think (but can't remember exactly) that others would modify your line endings (CR vs CRLF vs LF) before hashing, which would also end in bogus results.

    Roger McLean
    Swinburne University
Sign In or Register to comment.