SHA1 vs SHA256

[lslarry86]

I need to write something around a SHA256 algorithm. Prototype code is working on PC using OpenSSL SHA256, and the customer says the results are correct per their existing system.

NNDK includes SHA1. There is a sha1.h and NetBurnerSecurityLibraries.pdf mentions SHA1 in the SSH Library chapter.

I would assume that SHA1 is different from SHA256, and I need to import the code from OpenSSL. BUT, this page says SHA256 was introduced in 2.7.1:

viewtopic.php?f=5&t=2161&p=9711&hilit=sha256#p9711

I am running 2.8.2 and don't see any sha256.h and the string sha256 is not in any file include/*.h. Is SHA1 the same as SHA256 somehow?

Thanks,
Larry

[TomNB]

Hello Larry,

Here is a list of ciphers for the 2.8.7 release:
https://www.netburner.com/learn/the-lat ... -june-2018

There are 2 that might be what you are looking for:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

[lslarry86]

That might work. How do I use these ciphers? I don't see them in any manuals or header files.

Code: Select all

Larry@GLPC_02Dec2013 /cygdrive/c/nburn
$ /bin/find -name "*.h" | grep TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Larry@GLPC_02Dec2013 /cygdrive/c/nburn
$

[kackle123]

Search inside ALL the files within your NetBurner directory. I found some seemingly appropriate, non-.H files.

[TomNB]

Also, you will need the 2.8.7 release for that entire list. For searching, the program called agent ransack is amazing. Free for personal use.

[lslarry86]

Also, you will need the 2.8.7 release for that entire list.

I guess so, since none of the Cipher names appear anywhere in my 2.8.2:

Code: Select all

Larry@GLPC_02Dec2013 /cygdrive/c/nburn
$ /bin/find | xargs grep TLS_ 2>/dev/null
./examples/StandardStack/BoardLock/checklock/main.cpp:#ifdef SSL_TLS_SUPPORT
./examples/StandardStack/BoardLock/signboard/main.cpp:#ifdef SSL_TLS_SUPPORT
Binary file ./gcc-m68k/bin/m68k-elf-addr2line.exe matches
... lots of binaries
Binary file ./gcc-m68k/m68k-unknown-elf/sysroot/lib/softfp/libsupc++.a matches
./include/constants.h:#define FAST_TLS_VARIABLES
./include/constants.h:#ifdef FAST_TLS_VARIABLES
./include/constants.h:#define FAST_TLS_VAR __attribute__((section("TLS_VAR_SECT")))
./include/constants.h:#define FAST_TLS_VAR
./include/md5.h:#ifdef SSL_TLS_SUPPORT
./include/md5.h:#ifdef SSL_TLS_SUPPORT
./include/predef.h: *  SSL_TLS_SUPPORT - TLS is supported by default with SSL.
./include/predef.h:    #define SSL_TLS_SUPPORT    ( 1 )
./include/predef.h:    #define TLS_CACHE_PEER_CERT_VALIDATIONS ( 1 )
./include/sha1.h:#ifdef SSL_TLS_SUPPORT
./include/websockets.h:        WS_STAT_TLS_FAILURE         = 1015, // Must not be sent
./MOD5441X/lib/MOD5441X.ld:             *( TLS_VAR_SECT )
./MOD5441X/lib/MOD5441X.ld:             TLS_VAR_SECT_END = .;
./system/cryptolib/bigmath.cpp:   static Bignum div, x, tmp FAST_TLS_VAR;
./system/cryptolib/bigmath.cpp:   static Bignum bdiv, btmp FAST_TLS_VAR;
./system/cryptolib/bigmath.cpp:   static Bignum bdiv, btmp FAST_TLS_VAR;
./system/md5c.cpp:#ifdef SSL_TLS_SUPPORT
./system/md5c.cpp:#ifdef SSL_TLS_SUPPORT

That Cygwin command line collects all the filenames under c:\nburn and searches each one for "TLS_". The null thing at the end suppresses messages like "so-and-so is a directory."

I'm about half done pulling in the code from OpenSSL. I think I'll stay on that path. Thanks for the information.