14 Replies Latest reply on Jul 29, 2014 12:44 PM by ccordero

    Cryptography libraries for Intel Galileo

    lenych

      Hi,

      I was wondering if anyone knows of any reliable and tested libraries for computing HMAC, for instance. I've tried to install this AVR-Crypto-Lib  , however, didn't succeed. So I figured it may be it's not really meant for Galileo. Any ideas on it?

       

      Thank you!

        • 1. Re: Cryptography libraries for Intel Galileo
          JPMontero_Intel

          Yes that is correct that library won’t work because it is for the AVR.  I’d recommend you to try the module HMAC included in Python 2.7 in the Linux side of Galileo. Take a look at these documents from the Python website on how to use it https://docs.python.org/2/library/hashlib.html https://docs.python.org/2/library/hmac.html . Let me know if it worked.
          Regards,
          JPMontero_Intel

          • 2. Re: Cryptography libraries for Intel Galileo
            AlexT_Intel

            I'd say that would depend on what programming language you want to use.

             

            For example, Galileo, being a normal Linux computer in this sense, has libgcrypt library, which has subroutines for HMAC calculation as far as I can see by googling. But then it probably only has bindings to C/C++ and not Pythin, at least out of the box. It also has OpenSSL, which has a lot of stuff as well. And so on - so start with the language and I think it'll be easier to narrow down the library you could use.

            • 3. Re: Cryptography libraries for Intel Galileo
              lenych

              Thank you for your replies. However, I need to use the non-Linux side of the Intel Galileo, i.e., I shouldn't have to use Linux to achieve this. The idea is to have an equivalent solution on Arduino, which cannot have Linux. Could you please suggest any cryptography libraries available on out-of-the-box Galileo. I know best Python, however, I don't think I will be able to use it to achieve my goal.

              • 4. Re: Cryptography libraries for Intel Galileo
                AlexT_Intel

                Well, here goes the power of Galileo The sketch you write in the Arduino IDE is actually a normal Linux program and in addition to being able to use the Arduino API, objects and libraries, you can use the normal Linux functions as well. Just include necessary headers like "stdio.h" and so on and you are good to go. You'll most probably need to install the respective -dev package though, but this is true for any language I think - for Python you'll probably need to install modules and the same goes for Node.js - languages and runtimes available out of the box.

                 

                But if you want to have a sort of "cross-platform" (Arduino and Galileo) code, as your reply suggests, then the only way is to either re-implement everything yourself (which is ought to be complex with crypto) or to look for libraries someone has already (maybe) wrote. I don't know of any personally, so if that's indeed the case, let's see if someone else has anything to say. I assume you did the standard googling around for that.

                • 5. Re: Cryptography libraries for Intel Galileo
                  lenych

                  Thank you for your response, Alex. I will try to install the development packages and will see how it works.
                  I have indeed googled for libraries that would work on Arduino too, but no luck so far.

                  • 6. Re: Cryptography libraries for Intel Galileo
                    lenych

                    Also, you probably meant that I could run the same commands as on Linux if my Galileo would be booted from the SD card. In my case though, I shouldn't use a separate SD card. So that the board is similar to an Arduino.

                    • 7. Re: Cryptography libraries for Intel Galileo
                      AlexT_Intel

                      Well, depending on the specific library you end up using, you may not need SD card to run your program. Galileo has a mini Linux image installed into the SPI flash, this is what is boots if no SD card is inserted. So if you pick the one installed into the image by default, then you will only need the SD card for development (with -dev packages) and for just running it the out-of-the-box image should be fine.

                      • 8. Re: Cryptography libraries for Intel Galileo
                        ccordero

                        Tenych, I have an sha1 arduino library I adapted for galileo as I am trying to build a library to comunícate with twitter (and Oauth is giving me a hard time by the way).

                         

                        Let me know if it may interest you.

                        • 9. Re: Cryptography libraries for Intel Galileo
                          lenych

                          Oh, OK. I just wonder where I could find these libraries.

                          • 10. Re: Cryptography libraries for Intel Galileo
                            lenych

                            Well, it would be great to see the source, ccordero!

                            • 11. Re: Cryptography libraries for Intel Galileo
                              ccordero

                              lenych, I will upload them this afternoon.

                              • 12. Re: Cryptography libraries for Intel Galileo
                                ccordero

                                lenych, you should have it by now. Hope it will help.

                                • 13. Re: Cryptography libraries for Intel Galileo
                                  lenych

                                  Hey ccordero,

                                  Thanks a lot for the library. Could you please also provide an example of how to get a sha1 message digest? I tried to do it on my own, but I am not familiar with C++, so I didn't succeed.

                                  Thanks!

                                  • 14. Re: Cryptography libraries for Intel Galileo
                                    ccordero

                                    lenych, apologies for late reply.

                                     

                                    This routine calculates the authorization code encrypted with HMAC to be authorized by twitter to post a tweet (using OAuth protocol authentication).

                                     

                                    Original work comes from Markku Rossi mtr@iki.fi; I had to tune a bit the code to compile on galileo.

                                     

                                    The important steps are marked with ************; forget about the rest.

                                     

                                    Here you go:

                                     

                                    void
                                    Twitter::compute_authorization(const char *message)
                                    {
                                      char *cp = buffer;

                                      /* Compute key and init HMAC. */

                                      cp = url_encode_pgm(buffer, consumer_secret);
                                      *cp++ = '&';

                                      if (access_token_pgm)
                                        cp = url_encode_pgm(cp, token_secret.pgm);
                                      else
                                        cp = url_encode_eeprom(cp, token_secret.eeprom);

                                      Sha1.initHmac((uint8_t *) buffer, cp - buffer);   // ************

                                      auth_add_pgm(PSTR("POST&http%3A%2F%2F"));
                                      auth_add_pgm(server);

                                      url_encode_pgm(buffer, uri);
                                      auth_add(buffer);

                                      auth_add('&');

                                      auth_add_pgm(PSTR("oauth_consumer_key"));
                                      auth_add_value_separator();
                                      url_encode_pgm(buffer, consumer_key);
                                      auth_add(buffer);

                                      cp = hex_encode(buffer, nonce, sizeof(nonce));

                                      auth_add_param(PSTR("oauth_nonce"), buffer, cp + 1);

                                      auth_add_param(PSTR("oauth_signature_method"), "HMAC-SHA1", buffer);

                                      sprintf(buffer, "%ld", timestamp);
                                      auth_add_param(PSTR("oauth_timestamp"), buffer, cp + 1);

                                      auth_add_param_separator();

                                      auth_add_pgm(PSTR("oauth_token"));
                                      auth_add_value_separator();
                                      if (access_token_pgm)
                                        url_encode_pgm(buffer, access_token.pgm);
                                      else
                                        url_encode_eeprom(buffer, access_token.eeprom);
                                      auth_add(buffer);

                                      auth_add_param(PSTR("oauth_version"), "1.0", buffer);

                                      cp = url_encode(buffer, message);
                                      auth_add_param(PSTR("status"), buffer, cp + 1);

                                      signature = Sha1.resultHmac(); //  ************
                                    }

                                     

                                    Regards,

                                    Carlos