Re: [Pharo-users] HMAC-SHA512

[Ben Coman]

2017-12-10 6:01 GMT-03:00 Ben Coman :
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?

On 11 December 2017 at 01:30, Hernán Morales Durand <
hernan.mora...@gmail.com> wrote:

> Hi Ben,
>
> I would use NaCl: http://cr.yp.to/highspeed/coolnacl-20120725.pdf
> which you can install from the Pharo Project Catalog in Pharo 6.x


Thanks Henry.  That looks like path of least resistance.

I hit a stumbling block that took a short while to understand.
The library binary downloaded specified by
ConfigruationOfNacl>>platformLibraryUrl
is  libsodium: ELF 32-bit LSB shared object
whereas I'm using 64bit Linux.

I have the following system library preinstalled...
/usr/lib/x86_64-linux-gnu/libsodium.so.18.0.1: ELF 64-bit LSB shared object

However its api is slightly different.  Pharo Nacl makes this call out...
   crypto_hash_sha512_ref()

but the system library provides...
56: 00014dc0   175 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512_final
81: 00014c40   384 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512_update
   154: 00014bd0   106 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512_init
   233: 00014e70   114 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512
   342: 00012330 6 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512_bytes
   351: 00012340 6 FUNCGLOBAL DEFAULT   11
crypto_hash_sha512_statebytes

The canonical source doesn't seem to have the function
https://github.com/jedisct1/libsodium/search?utf8=%E2%9C%93=+crypto_hash_sha512_ref
so I'm curious where the "_ref" comes from.

My options seem...
* Compile a 64-bit libsodium from source which includes "_ref" functions.
Where is such source?
* Use the system libsodium and define an FFI callout just for the one
function I need.

cheers -ben

Re: [Pharo-users] OSEnvironment issue

[Eno]

yes, you are right, it's caused by wrong VM, since by default, my images are
opened by pharo 5 VM, I cann't change to pharo 6.1 anyway without manual
effort. I would easily miss this point while saving to new image and reopen.

BTW, another wierd error occured frequently, nearly everytime, i.e. system
font error while runing IDEs.  
Error message: FT2Error: Freetype2 primitive failed[error 2][unknown file
format] while calling FreeTypeFace>>create. 

The system would halt complete at that point and the debugger window also
failed since they all depended upon the font to show.  

I tried to change the system via Setting Browser, but it was locked due to
the same reason. 



--
Sent from: http://forum.world.st/Pharo-Smalltalk-Users-f1310670.html

Re: [Pharo-users] HMAC-SHA512

[Ben Coman]

On 11 December 2017 at 03:08, henry  wrote:

>
>  Original Message 
> Subject: Re: [Pharo-users] HMAC-SHA512
> Local Time: December 10, 2017 1:20 PM
> UTC Time: December 10, 2017 6:20 PM
> From: s...@stfx.eu
> To: Any question about pharo is welcome 
>
>
> On 10 Dec 2017, at 17:46, Ben Coman b...@openinworld.com wrote:
> Thanks Sven. Its interesting to trace that through to put other stuff I've
> read about HMAC into perspective.
> However SHA256 != SHA512 which is a defined requirement of the site I'm
> accessing.
>
> I was too quick.
>
> There is also http://www.samadhiweb.com/blog/2017.02.18.shacrypt.html
>
> I prefer code written in Pharo, but if you need real performance, then
> native code will be needed. Are you sure SHA512 is not in the Cryptography
> package ?
>
>
> SHA512 is not in the Cryptography package, but it would be great to see it
> there, with an appropriate plugin, of course, for performance. I am toying
> with the idea of extending SSL to include TLS 1.3, and that would require
> SHA512, plus it would be great to keep the Cryptography package current.
> Adding TLS 1.3 would be a fair amount of work requiring Diffie-Hellman
> group extensions to ephemeral elliptic curves, in addition. I am unsure
> what symmetric ciphers are used by TLS 1.3 also. The advantage is that it
> is automatically cross-platform, even with plugin generation, such that
> Cryptography could be used on the big 3 as well as on ARM, Android and iOS.
> I'll keep dreaming about it.
>

Given that SSL is "so last century"   [
https://www.polyglotdeveloper.com/timeline/2015-07-01-ssl-tls-timeline/]
with security issues   [Section 2.2
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
]
and latency improvements in upcoming TLS1.3   [
https://www.keycdn.com/blog/tls-1-3]
perhaps this would make a good bounty to be done outside the current
planned work for engineering resources.
There seem several potential resources available  [
http://www.squeaksource.com/Cryptography.html]

Could a plan be made to address TLS?

cheers -ben

[Pharo-users] Why do downloads not use HTTPS by default?

[Silent Walls]

Today I visited https://pharo.org/gnu-linux-installation-64 to download the
zip file containing the executable. To my surprise, the download is not
carried out over HTTPS. The download link is
http://files.pharo.org/platform/Pharo6.1-64-linux.zip. I ended up
downloading the zip file using
https://files.pharo.org/platform/Pharo6.1-64-linux.zip.

The point is: if HTTPS downloads are supported, why is it not the default
on the download pages of the Pharo website?

Re: [Pharo-users] Using a TreePresenter

[Nicolai Hess]

2017-11-27 20:40 GMT+01:00 Prof. Andrew P. Black :

> I'm trying to use a (subclass of a) TreePresenter that is populated with
> FileReferences. I see that the current selection is, reasonably enough, a
> TreeNodePresenter, so I'm assuming that to *set* a selection
> programatically, I'm going to have to find the right TreeNodePresenter.
>
> So I've assumed a method allItemsDo: that I'm trying to write on my
> subclass of TreePresenter that will iterate through all of the TreeNodes
> and let me do stuff, such as looking at their #content to see if this is a
> node that I'm interested in.
>
> But I can't! The #roots method of TreePresenter doesn't give me the root
> TreeNodePresenters; it gives me the file references that they contain. How
> do I iterate over the TreeNodePresenters? Or am I going about this in
> entirely the wrong way?
>

I find the way the TreeNodeModel (or TreeNodePresenter) is used strange too.
I think it is to tightly bound to the underlaying morphic tree ui.
(seems a TreeNode is only created during morphic interaction).

What I have seen on some other projects (pharo launcher for example). They
are creating a TreeNode when building the root of the tree itself.

tree roots: (something that creates the root "raw nodes") collect:[:item |
build a TreeNode with this content].

But this does not fully work, as for example

tree root last selected:[true] "< really selects the item"

tree root last selectAllChildren "< still does not change the selection of
the nodes in the tree morph."




>
> Andrew
>
>

Re: [Pharo-users] HTTP request question for an arango driver

[Norbert Hartl]

> Am 10.12.2017 um 20:35 schrieb Yann Lesage :
> 
> 
> 
>> Le 10/12/2017 à 19:18, Sven Van Caekenberghe a écrit :
>> 
 On 9 Dec 2017, at 18:34, Yann Lesage  wrote:
 
 
 
 Le 09/12/2017 à 15:52, Sven Van Caekenberghe a écrit :
 Hi Yann,
 
 Zinc HTTP Components can do 1000s of requests per second, to localhost (so 
 excluding a real network) and using a single ZnClient instance with a 
 reused connection (HTTP/1.1's default). Of course, data size is also a 
 factor, I am talking about small requests/responses.
 
 I browsed your code a bit on GitHub. You do reuse an instance, so that is 
 good. But I think you are using HTTPS (TLS), which is a real slowdown 
 (encryption is native, but costs real resources). Also, your data payload 
 is using JSON which also adds a cost (parsing, generating).
>>> Thanks for this review.
 So what you measured sounds about right. You might be able to optimise a 
 bit, but that won't give you a factor 10 improvement, IMHO. The trick is 
 usually to make as few requests as possible.
>>> A factor of 10 maximum ? Ok, this indication help me.
>> If you cache and reuse a single ZnClient instance, that is already good. 
>> Maybe try once without SSL to see how much difference that makes. You could 
>> also try to disable logging. As in
>> 
>> ZnClient new in: [ :client |
>>   [ client get: 'http://localhost:8080' ] benchFor: 5 seconds ].
>> 
>> vs.
>> 
>> ZnClient new in: [ :client |
>>   client loggingOff.
>>   [ client get: 'http://localhost:8080' ] benchFor: 5 seconds ].
>> 
>> You can also try to run in a Time profiler, but the server time is hard to 
>> abstract away from.
> Use SSL or not is set by ZNCLient in fonction of url (http or https), no ? If 
> there an option to set completely off SSL, I don't think is a good idea to 
> use it. SSL is a real improve in security when we connect to a distant server.
> 
It depends on what need. If you try to get maximum performance you should try 
without SSL to see the difference and tell us ;)
Be able to use SSL enables easy setups of multiple hosts with a standalone 
application. If you need maximum performance the apllication setup might be 
different. The OS can add encryption transparently and much faster. 
What we use is several machines with a second network card and a private switch 
where they are attached to. So no need to add extra security

> For the logs, I did not see that they were active by default. LoggingOff 
> improve the perf thanks.
> 
> I have already look with a TimeProfiler, and yes, it's difficult to extract 
> an information.
> 
>> 
>>> For the trick, I know it. But it's must be performed by user no ?
>> Yes, the more you do in a single netwerk round trip, the better. Aggregation 
>> is good. 
> 
> Aggregation is possible for user with AQL(Arango Query Langage).
> 
 Sven
 
> On 8 Dec 2017, at 16:32, Yann Lesage  wrote:
> 
> Hello,
> 
> 
> I write an driver for Arangodb . So like it's indicated in Arango 
> documentation, I use the HTTP API.  The repo is 
> https://github.com/Valtena/Pharango
> 
> 
> Now, the problem : Arango using Znclient make around 1 000 
> requests/second.
> 
> 
> And the question : Are there any recommended pratice to have the better 
> performance with ZNClient or a better way to perform lot of HTTP requests 
> ?
> 
> 
> Thanks for your attention,
> 
> Yann Lesage
> 
> 
> 
>>> 
>> 
> 

Re: [Pharo-users] HTTP request question for an arango driver

[Stephan Eggermont]

Op 10-12-2017 om 20:35 schreef Yann Lesage:
? If there an option to set completely off SSL, I don't think is a good 
idea to use it. SSL is a real improve in security when we connect to a 
distant server.


Depending on what you need to secure against, using a single or a few 
secure shared tunnel(s) might be good enough


Stephan

Re: [Pharo-users] HTTP request question for an arango driver

[Yann Lesage]

Le 10/12/2017 à 19:18, Sven Van Caekenberghe a écrit :



On 9 Dec 2017, at 18:34, Yann Lesage  wrote:



Le 09/12/2017 à 15:52, Sven Van Caekenberghe a écrit :

Hi Yann,

Zinc HTTP Components can do 1000s of requests per second, to localhost (so 
excluding a real network) and using a single ZnClient instance with a reused 
connection (HTTP/1.1's default). Of course, data size is also a factor, I am 
talking about small requests/responses.

I browsed your code a bit on GitHub. You do reuse an instance, so that is good. 
But I think you are using HTTPS (TLS), which is a real slowdown (encryption is 
native, but costs real resources). Also, your data payload is using JSON which 
also adds a cost (parsing, generating).

Thanks for this review.

So what you measured sounds about right. You might be able to optimise a bit, 
but that won't give you a factor 10 improvement, IMHO. The trick is usually to 
make as few requests as possible.

A factor of 10 maximum ? Ok, this indication help me.

If you cache and reuse a single ZnClient instance, that is already good. Maybe 
try once without SSL to see how much difference that makes. You could also try 
to disable logging. As in

ZnClient new in: [ :client |
   [ client get: 'http://localhost:8080' ] benchFor: 5 seconds ].

vs.

ZnClient new in: [ :client |
   client loggingOff.
   [ client get: 'http://localhost:8080' ] benchFor: 5 seconds ].

You can also try to run in a Time profiler, but the server time is hard to 
abstract away from.
Use SSL or not is set by ZNCLient in fonction of url (http or https), no 
? If there an option to set completely off SSL, I don't think is a good 
idea to use it. SSL is a real improve in security when we connect to a 
distant server.


For the logs, I did not see that they were active by default. LoggingOff 
improve the perf thanks.


I have already look with a TimeProfiler, and yes, it's difficult to 
extract an information.





For the trick, I know it. But it's must be performed by user no ?

Yes, the more you do in a single netwerk round trip, the better. Aggregation is 
good.


Aggregation is possible for user with AQL(Arango Query Langage).


Sven


On 8 Dec 2017, at 16:32, Yann Lesage  wrote:

Hello,


I write an driver for Arangodb . So like it's indicated in Arango 
documentation, I use the HTTP API.  The repo is 
https://github.com/Valtena/Pharango


Now, the problem : Arango using Znclient make around 1 000 requests/second.


And the question : Are there any recommended pratice to have the better 
performance with ZNClient or a better way to perform lot of HTTP requests ?


Thanks for your attention,

Yann Lesage

Re: [Pharo-users] HMAC-SHA512

[henry]

>  Original Message 
> Subject: Re: [Pharo-users] HMAC-SHA512
> Local Time: December 10, 2017 1:20 PM
> UTC Time: December 10, 2017 6:20 PM
> From: s...@stfx.eu
> To: Any question about pharo is welcome 
>
>> On 10 Dec 2017, at 17:46, Ben Coman b...@openinworld.com wrote:
>> Thanks Sven. Its interesting to trace that through to put other stuff I've 
>> read about HMAC into perspective.
>> However SHA256 != SHA512 which is a defined requirement of the site I'm 
>> accessing.
>>
>> I was too quick.
>>
>> There is also http://www.samadhiweb.com/blog/2017.02.18.shacrypt.html
>>
>> I prefer code written in Pharo, but if you need real performance, then 
>> native code will be needed. Are you sure SHA512 is not in the Cryptography 
>> package ?

SHA512 is not in the Cryptography package, but it would be great to see it 
there, with an appropriate plugin, of course, for performance. I am toying with 
the idea of extending SSL to include TLS 1.3, and that would require SHA512, 
plus it would be great to keep the Cryptography package current. Adding TLS 1.3 
would be a fair amount of work requiring Diffie-Hellman group extensions to 
ephemeral elliptic curves, in addition. I am unsure what symmetric ciphers are 
used by TLS 1.3 also. The advantage is that it is automatically cross-platform, 
even with plugin generation, such that Cryptography could be used on the big 3 
as well as on ARM, Android and iOS. I'll keep dreaming about it.

Re: [Pharo-users] OSEnvironment issue

[Hilaire]

Work there on a P7 on Linux.

Wrong VM of yours?


Le 10/12/2017 à 17:25, Eno a écrit :

Problem with opening pharo image on macOS 10.12.6. cann't find requested
origin: #home.

i.e. the script "Smalltalk os current environment getEnv: 'HOME'" failed.

(actually The ffiCall from LibC in the method UnixEnvironment>>getEnv:
failed ).

Is it occurred recently? or issued or fixed in issue tracker already?

Best regards.


--
Dr. Geo
http://drgeo.eu

[Pharo-users] unsolicited package-cache use

[Hilaire]

I am using tonel format to install from and save to a local repository.

How to prevent Monticello/Configuration/Metacello to save packages to 
the image package-cache dir?


Even when installing from a configuration with repo on tonel file 
format, packages get created in the image package-cache directory.


I have read there and there, Pharo gets confused and uses wrongly the 
package-cache versions and not the local repo.


--
Dr. Geo
http://drgeo.eu

Re: [Pharo-users] HMAC-SHA512

[Ben Coman]

On 10 December 2017 at 18:23, Sven Van Caekenberghe  wrote:

>
>
> > On 10 Dec 2017, at 10:01, Ben Coman  wrote:
> >
> > Can anyone recommend libraries (native Smalltalk or via FFI)
> > to do generate a HMAC-SHA512 ?
> >
> > cheers -ben
>
> Well Pharo itself of course !


> (HMAC on: SHA256)
>   key: (ByteArray new: 32);
>   digestMessage: #[1 2 3].
>
> SHA256 new hmac
>   key: (ByteArray new: 32);
>   digestMessage: #[1 2 3].
>
>
Thanks Sven. Its interesting to trace that through to put other stuff I've
read about HMAC into perspective.
However SHA256 != SHA512 which is a defined requirement of the site I'm
accessing.

What I understand from the trace is that the HMAC is generic regardless of
size of SHA function
and could remain in-Image while the SHA512 part could be supplied from
outside the image.
I could perhaps use the one from the OpenSSL library already included with
Pharo.

$ readelf -a ./pharo-vm/lib/pharo/5.0-201707201942/libssl.so.1.0.0 | grep
512
   EVP_sha512
   SHA512_Init
   SHA512_Update
   SHA512_Transform
   SHA512_Final

where the "EVP function provide a high level interface to OpenSSL
cryptographic functions."
and I guess could be used similar to...
ftp://188.44.46.157/Augustus/blatSrc/lib/hmac.c
except I'm not sure how I'd use proceed without it taking any parameters...

const EVP_MD *EVP_sha512(void);   // include/openssl/evp.h


The lower level functions could be used like...
http://www.askyb.com/cpp/openssl-sha512-hashing-example-in-cpp/

https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/crypto/sha/sha512.c#L264

unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);

int SHA512_Init(SHA512_CTX *c); // include/openssl/sha.h
int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
int SHA512_Final(unsigned char *md, SHA512_CTX *c);
void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);

Actually the lower level functions look easier from an FFI perspective.


Other options I found...

* http://forum.world.st/How-to-encrypt-a-password-td3933585.html#a3933778
   but it seems to be NativeBoost rather than UFFI, and also is Linux only
(which might not be an issue)

* https://github.com/mygityf/cipher/blob/master/cipher/sha512.h
  https://github.com/mygityf/cipher/blob/master/cipher/sha512.c
  to compile into a (hopefully) cross platform shared library


cheers -ben

P.S. I learnt today that "SHA-512 is faster than SHA-256 on 64 bit machines
(as they use 64 bit arithmetic internally)"
https://stackoverflow.com/a/18083633

[Pharo-users] OSEnvironment issue

[Eno]

Problem with opening pharo image on macOS 10.12.6. cann't find requested
origin: #home. 

i.e. the script "Smalltalk os current environment getEnv: 'HOME'" failed. 

(actually The ffiCall from LibC in the method UnixEnvironment>>getEnv:
failed ). 

Is it occurred recently? or issued or fixed in issue tracker already?

Best regards. 



--
Sent from: http://forum.world.st/Pharo-Smalltalk-Users-f1310670.html

Re: [Pharo-users] FYI about Pharo MOOC

[Stephane Ducasse]

Tx for the report :)

On Wed, Nov 1, 2017 at 5:35 PM, Sanjay Minni  wrote:
> The voice in the background behaved differetly with different players on
> windows 10
> - in "Films and TV"  and "VLC player" it comes unltil you manually switch
> the audio channel (it shows 2 audio channels)
> - In Media player it works fine though i could not find 2 audio channels
>
> ---
> Sanjay Minni
>
> On Fri, Oct 13, 2017 at 6:12 PM, Ben Coman  wrote:
>>
>> I played C019SD-W1-S1-EN-V1.mp4
>> and as well as the english voice, in the background I can still hear your
>> original french voice.
>> I'm curious the reasoning for this.
>>
>> cheers -ben
>>
>>
>> On Fri, Oct 13, 2017 at 3:59 AM, Stephane Ducasse
>>  wrote:
>>>
>>> I'm about to release the en versions.
>>> you can find them unofficially on http://www.stephaneducasse.eu/MOOC/
>>>
>>> Stef
>>>
>>> On Tue, Oct 10, 2017 at 10:10 PM, Gour  wrote:
>>> > On Tue, 10 Oct 2017 21:31:55 +0200
>>> > Stephane Ducasse
>>> >  wrote:
>>> >
>>> > Hello Stef,
>>> >
>>> >> I will ask one guy thursday and let you know.
>>> >
>>> > Thanks a lot!
>>> >
>>> >> We will release Mooc with english voices (not mine else english
>>> >> natives would get an heart attack - I have what they call a sexy
>>> >> french accents ;)
>>> >
>>> > I did watch few of your Pharo-related presentations and, although not
>>> > native,
>>> > happily survived. :-)
>>> >
>>> > Moreover, I'd say that your English is charming! At least, one is sure
>>> > that the
>>> > real human is speaking and not some "robot" put on auto-pilot, so if
>>> > the new
>>> > Mooc is going to be the same as the  current/old one, I'd prefer to
>>> > download
>>> > the current files and watched them along with *.srt subtitles?
>>> >
>>> > Iow. my point is that the accent is just one part of the talk/teaching,
>>> > but the
>>> > energy behind it is much more imporant - this is, my conviction, based
>>> > on my
>>> > own teaching experiences.
>>> >
>>> >
>>> > Sincerely,
>>> > Gour
>>> >
>>> > --
>>> > From anger, complete delusion arises, and from delusion
>>> > bewilderment of memory. When memory is bewildered,
>>> > intelligence is lost, and when intelligence is lost
>>> > one falls down again into the material pool.
>>> >
>>> >
>>> >
>>>
>>
>

Re: [Pharo-users] FYI about Pharo MOOC

[Sanjay Minni]

sorry mised your mail

I got these files from the link in the message of your post on Oct 13

"I'm about to release the en versions.
you can find them unofficially on http://www.stephaneducasse.eu/MOOC/

Stef"


http://www.stephaneducasse.eu/MOOC/Videos-EN/MOOC%20WEEK%205/
and
http://www.stephaneducasse.eu/MOOC/Videos-EN/MOOC%20WEEK%205/MP4/


---
Sanjay Minni
+91-9900-902902

On Fri, Nov 3, 2017 at 1:44 PM, Stephane Ducasse 
wrote:

> Sanjay
>
> where did you get this file?
>
> Stef
>
> On Wed, Nov 1, 2017 at 5:26 PM, Sanjay Minni  wrote:
> > There seems to be an issue with the english dubbed version of Week 5
> lesson
> > 4 - it has no content
> > C019SD-W5-S4-EN-V1.mp4
> >
> > ---
> > Sanjay Minni
> >
> > On Fri, Oct 13, 2017 at 1:29 AM, Stephane Ducasse <
> stepharo.s...@gmail.com>
> > wrote:
> >>
> >> I'm about to release the en versions.
> >> you can find them unofficially on http://www.stephaneducasse.eu/MOOC/
> >>
> >> Stef
> >>
> >> On Tue, Oct 10, 2017 at 10:10 PM, Gour  wrote:
> >> > On Tue, 10 Oct 2017 21:31:55 +0200
> >> > Stephane Ducasse
> >> >  wrote:
> >> >
> >> > Hello Stef,
> >> >
> >> >> I will ask one guy thursday and let you know.
> >> >
> >> > Thanks a lot!
> >> >
> >> >> We will release Mooc with english voices (not mine else english
> >> >> natives would get an heart attack - I have what they call a sexy
> >> >> french accents ;)
> >> >
> >> > I did watch few of your Pharo-related presentations and, although not
> >> > native,
> >> > happily survived. :-)
> >> >
> >> > Moreover, I'd say that your English is charming! At least, one is sure
> >> > that the
> >> > real human is speaking and not some "robot" put on auto-pilot, so if
> the
> >> > new
> >> > Mooc is going to be the same as the  current/old one, I'd prefer to
> >> > download
> >> > the current files and watched them along with *.srt subtitles?
> >> >
> >> > Iow. my point is that the accent is just one part of the
> talk/teaching,
> >> > but the
> >> > energy behind it is much more imporant - this is, my conviction, based
> >> > on my
> >> > own teaching experiences.
> >> >
> >> >
> >> > Sincerely,
> >> > Gour
> >> >
> >> > --
> >> > From anger, complete delusion arises, and from delusion
> >> > bewilderment of memory. When memory is bewildered,
> >> > intelligence is lost, and when intelligence is lost
> >> > one falls down again into the material pool.
> >> >
> >> >
> >> >
> >>
> >
>
>

Re: [Pharo-users] HMAC-SHA512

[henry]

Good to have extensions to Cryptography to include SHA-512, along with SHA-384. 
For that matter there seems to be other extensions could be made to 
Cryptography to support the proximate TLS 1.3, see references below for 
algorithms/groups specifiable.  Cryptography would love to be extended for 
these, although OpenSSL should pick up TLS 1.3 for standardized wrapped 
implementation of TLS.

https://tools.ietf.org/html/draft-ietf-tls-tls13-22#section-4.4.1
https://tools.ietf.org/html/draft-ietf-tls-tls13-22#section-4.2.3
https://tools.ietf.org/html/draft-ietf-tls-tls13-22#section-4.2.7
https://tools.ietf.org/html/rfc7919

- HH

>  Original Message 
> Subject: [Pharo-users] HMAC-SHA512
> Local Time: December 10, 2017 4:01 AM
> UTC Time: December 10, 2017 9:01 AM
> From: b...@openinworld.com
> To: Any question about pharo is welcome 
>
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
>
> cheers -ben

Re: [Pharo-users] HMAC-SHA512

[Sven Van Caekenberghe]

> On 10 Dec 2017, at 10:01, Ben Coman  wrote:
> 
> Can anyone recommend libraries (native Smalltalk or via FFI)
> to do generate a HMAC-SHA512 ?
> 
> cheers -ben

Well Pharo itself of course !

(HMAC on: SHA256)
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].

SHA256 new hmac
  key: (ByteArray new: 32);
  digestMessage: #[1 2 3].

Sven

PS: You might like this one too 
https://medium.com/concerning-pharo/the-code-behind-google-authenticator-9c59c606a572

Re: [Pharo-users] REST client hints

[Sven Van Caekenberghe]

> On 10 Dec 2017, at 04:45, Ben Coman  wrote:
> 
> 
> On 5 December 2017 at 20:44, Sven Van Caekenberghe  wrote:
> 
> > On 5 Dec 2017, at 13:33, Ben Coman  wrote:
> 
> > @sven, I started reading Enterprise Pharo a couple of hours ago.
> > I don't quite get your section references. I presume you
> > don't mean "chapter 11 Persisting Objects with Voyage, 11.3 Enhancing 
> > Storage"
> > That seems off topic. And "chapter 4  Zinc HTTP: The Client Side, 4.11 
> > Headers"
> > doesn't have a sub-part "3".
> 
> I meant 11.3 in this page 
> https://ci.inria.fr/pharo-contribution/job/EnterprisePharoBook/lastSuccessfulBuild/artifact/book-result/Zinc-HTTP-Server/Zinc-HTTP-Server.html
>  a section called 11.3. A Zinc Client.
> 
> > I guess part of what I'm interested in are patterns for hooking
> > NeoJSON up to parse a REST response into objects to build a wrapper
> > around a REST service. I see a chapter in Enterprise Pharo, which I'll
> > get to that soon.  Perhaps I was premature asking before reading that,
> > but its good to have a few paths to explore.
> 
> Here is a recent example 
> http://forum.world.st/Another-example-of-invoking-a-REST-JSON-web-service-resolving-User-Agent-strings-tt5017489.html
> 
> 
> Thanks Sven.  That helped a lot.   I'd like to report success.
> It may be useful to others to see how to progressively build up to parsing a 
> Nested JSON REST
> 
> 
> 1. First parse the JSON into simple Dictionaries...
> 
> (ZnClient new 
>   url: 'https://bittrex.com/api/v1.1/public/getmarkets';
>   enforceHttpSuccess: true;
>   accept: ZnMimeType applicationJson;
>   contentReader: [ :entity | NeoJSONReader fromString: entity contents ];
>   get) inspect.
> 
> ==>Dictionary( 
>   'success' ==> true
>   'message' ==> ''
>   'result ' ==> an Array(a Dictionary('BaseCurrency'->'BTC' 
> 'BaseCurrencyLong'->'Bitcoin') 
> ... a Dictionary('BaseCurrency'->'ETH' 'BaseCurrencyLong'->'Ethereum') 
> 
> 
> 
> 2. Then parse the first level response into a real object...
> 
> Object subclass: #BittrexResponse
>   instanceVariableNames: 'success message result'
>   classVariableNames: ''
>   package: 'Bittrex'
> 
> (ZnClient new 
>   url: 'https://bittrex.com/api/v1.1/public/getmarkets';
>   enforceHttpSuccess: true;
>   accept: ZnMimeType applicationJson;
>   contentReader: [ :entity | 
>   (NeoJSONReader on: entity readStream)
>   mapInstVarsFor: BittrexResponse ;
>   nextAs: BittrexResponse ];
>get) inspect.
> 
> ==>BittrexResponse
>   success => true
>   message => '' 
>   result => an Array(a Dictionary('BaseCurrency'->'BTC' 
> 'BaseCurrencyLong'->'Bitcoin') 
> ... a Dictionary('BaseCurrency'->'ETH' 'BaseCurrencyLong'->'Ethereum') 
> 
> 
> Or alternatively...
> (ZnClient new 
>   url: 'https://bittrex.com/api/v1.1/public/getmarkets';
>   enforceHttpSuccess: true;
>   accept: ZnMimeType applicationJson;
>   contentReader: [ :entity | |reader|
>   reader := (NeoJSONReader on: entity readStream).
>   reader for: BittrexResponse do: [:m| 
>   m mapInstVar: #success.
>   m mapInstVar: #message.
>   m mapInstVar: #result ].
>   reader nextAs: BittrexResponse ];
>get) inspect.
> 
> ==>BittrexResponse
>   success => true
>   message => '' 
>   result => an Array(a Dictionary('BaseCurrency'->'BTC' 
> 'BaseCurrencyLong'->'Bitcoin') 
> ... a Dictionary('BaseCurrency'->'ETH' 'BaseCurrencyLong'->'Ethereum') 
> 
> 
> 3. Finally parse into real objects the nested level holding the data you 
> really want...
> 
> Object subclass: #Market
>   instanceVariableNames: 'MarketCurrency BaseCurrency MarketCurrencyLong 
> BaseCurrencyLong MinTradeSize MarketName IsActive Created Notice IsSponsored 
> LogoUrl'
>   classVariableNames: ''
>   package: 'Bittrex'
> 
> (ZnClient new 
>   url: 'https://bittrex.com/api/v1.1/public/getmarkets';
>   enforceHttpSuccess: true;
>   accept: ZnMimeType applicationJson;
>   contentReader: [ :entity | |reader|
>   reader := (NeoJSONReader on: entity readStream).
>   reader for: BittrexResponse do: [:m| 
>   m mapInstVar: #success.
>   m mapInstVar: #message.
>   (m mapInstVar: #result) valueSchema: #ArrayOfMarkets].
>   reader for: #ArrayOfMarkets customDo: [ :mapping | mapping 
> listOfElementSchema: Market ].
>   reader mapInstVarsFor: Market. 
>   reader nextAs: BittrexResponse ];
>get) inspect.
> 
> ==>BittrexResponse
>   success => true
>   message => '' 
>   result => an Array(a Market(LTC) a Market(DOGE) a Market(VTC) a 
> Market(PPC) a Market(FTC) a Market(RDD) 
> ... Market(POWR) a Market(BTG) a Market(BTG) a Market(BTG) a Market(ADA) 

[Pharo-users] HMAC-SHA512

[Ben Coman]

Can anyone recommend libraries (native Smalltalk or via FFI)
to do generate a HMAC-SHA512 ?

cheers -ben

Re: [Pharo-users] REST client hints

[Ben Coman]

On 10 December 2017 at 15:27, Stephane Ducasse 
wrote:

> Tx for your report :)
>
> https://wordpress.com/post/pharoweekly.wordpress.com/2347
>
> Did you look at SmartShackles? on our inria github repo. Because
> Santiago is extracting information from blockchains.
>
>
I would hesitate to call where I'm up to right now as blockchain related.
Its just the trading api of one exchange where the items traded happen to
be bitcoins.
But I have a growing interest in blockchains, so thanks for the tip...

I didn't see anything relevant here...  https://github.com/INRIA
but with that product name I found...
https://github.com/sbragagnolo/SmartShackle

cheers -ben