Develop Reference

Lua - encrypt / decrypt commands with aes cbc to pair with a Panasonic TV

I’m trying to rework a script I found online to control a Panasonic TV, which requires a secure/encrypted pairing to occur so I can control it remotely. (The full code here -> https://forum.logicmachine.net/showthread.php?tid=232&pid=16580#pid16580)
Because it seems to be built on LuaJIT and has some other proprietary Lua elements; I’m trying to find alternatives that will allow it to work with the 5.1 Lua install on a Vera Home Automation controller (a relatively closed system).
Also, and perhaps most important for me is that I’d love to make as much of the converted code have minimal requirements to call external modules. I should add I’ve only recently started learning Lua, but one way I like to learn is to convert/repurpose code I find online..
So far i’ve managed to find alternatives for a number of the modules being used, e.g
encdec.base64dec -> Lua Base64 Encode
lmcore.hextostr -> https://github.com/tst2005/binascii/blob/master/binascii.lua
storage.set -> Alternative found in Vera Home Controllers
storage.get -> Alternative found in Vera Home Controllers
bit.ban -> Bitware module in Vera Home Controllers
bit.bxor -> Bitware module in Vera Home Controllers
Where I’m stuck is with the following..
aes:new
aes.cipher
user.aes
encdec.hmacsha256
Here’s an extract of the code where the above are used.
function encrypt_soap_payload(data, key, hmac_key, iv)
payload = '000000000000'
n = #data
payload = payload .. string.char(bit.band(bit.rshift(n, 24), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 16), 0xFF))
payload = payload .. string.char(bit.band(bit.rshift(n, 8), 0xFF))
payload = payload .. string.char(bit.band(n, 0xFF))
payload = payload .. data
aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 1)
ciphertext = aes_cbc:encrypt(payload)
sig = encdec.hmacsha256(ciphertext, hmac_key, true)
encrypted_payload = encdec.base64enc(ciphertext .. sig)
return encrypted_payload
end
function decrypt_soap_payload(data, key, hmac_key, iv)
aes_cbc, err = aes:new(key, nil, aes.cipher(128, 'cbc'), { iv = iv }, nil, 0)
decrypted = aes_cbc:decrypt(encdec.base64dec(data))
decrypted = string.gsub(string.sub(lmcore.strtohex(decrypted), 33), '%x%x', function(value) return string.char(tonumber(value, 16)) end)
return decrypted
end
I can get the the point where I can create the parameters for the payload encrypt request (example below), it’s the encryption/decryption I can do..
data="1234"
key="\\S„ßÍ}/Ìa5!"
hmac_key="¹jz¹2¸F\r}òcžÎ„ 臧.ª˜¹=¤µæŸ"
iv=" {¬£áæ‚2žâ3ÐÞË€ú "
I’ve found an aes.lua module online, but that requires loads of others modules most notably ffi.lua. Ideally I’d like to avoid using that. I also came across this aes128.lua but i’m not sure how that handles all the other parameters e.g cbc etc. Finally there’s this aes256ecb.lua script, could that be converted to aes 128 cbc and then used in the above?
Is anyone aware (or maybe has) a Lua script that can handle the aes cbc requirements above ?
Many thanks !

In the end I found out that I could do aes.cbc by calling openssl from the command line, e.g.
local payload = "ENTER HERE"
Local key = "ENTER HERE"
local iv = "ENTER HERE"
local buildsslcommand = "openssl enc -aes-128-cbc -nosalt -e -a -A "..payload.." -K "..key.." -iv "..iv
-- print("Command to send = " ..buildsslcommand)
local file = assert(io.popen(buildsslcommand, 'r'))
local output = file:read('*all')
file:close()
-- print(string.len(output)) --> just count what's returned.
-- print(output) -- > Prints the output of the command.
FYI - It looks like I could do encdec.hmacsha256 via openSSL as well, but I’ve not been able to do that :-( ..

Frama-C multiline macro definition syntax error

I am new to Frama-C and I am trying to formally verify a code base that contains a significant number of multiline macro definitions which look like this:
#define vector_setElement(w,x,i) \
_Generic \
( \
(x), \
const int8_t : vector_setElement_INT8 , \
int8_t : vector_setElement_INT8 , \
const uint8_t : vector_setElement_UINT8 , \
uint8_t : vector_setElement_UINT8 , \
const int16_t : vector_setElement_INT16 , \
int16_t : vector_setElement_INT16 , \
const uint16_t : vector_setElement_UINT16 , \
uint16_t : vector_setElement_UINT16 , \
const int32_t : vector_setElement_INT32 , \
int32_t : vector_setElement_INT32 , \
const uint32_t : vector_setElement_UINT32 , \
uint32_t : vector_setElement_UINT32 , \
const int64_t : vector_setElement_INT64 , \
int64_t : vector_setElement_INT64 , \
const uint64_t : vector_setElement_UINT64 , \
uint64_t : vector_setElement_UINT64 , \
) \
(w, x, i)
However when I run Frama-C on the use of this macro definition, I get a parser syntax error at the location of the use of the macro definition. I tried this with many different multiline macro definitions and a parser syntax error always occurs at the location of the use of the macro definition.
So, my questions are:
Does Frama-C support multiline macro definitions? If so, what do I need to do to fix the parser errors?
Also, I know Frama-C supports some C11 constructs, does that include _Generic?
*** Update - Solution ***
It turns out _Generic is the reason for the syntax errors with multiline macro definitions. Multiline macro definitions that I thought do not use _Generic, in fact do use it beneath a few other function and macro calls. Multiline macro definitions without _Generic parse completely fine.

Frama-C relies on an external pre-processor (default is given by the corresponding autoconf macro at compile time) to perform macro expansions, thus multi-line macros should not be a problem (and if it were, this would be an issue with your pre-processor, not with Frama-C). On the other hand, _Generic is indeed not among C11 features that Frama-C does support at this time.

Frama-C is C so it does support it, not sure about _Generics though, which is possibly why the escape is not working in this case.

decrypt with public key [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
How can I decrypt a message signed with a private key in golang?
$ openssl genrsa -out ./server/server.key
Generating RSA private key, 2048 bit long modulus
..................+++
.............................................+++
$ openssl rsa -in ./server/server.key -pubout -out ./client/client.pub
writing RSA key
$ echo "secret" | openssl rsautl -inkey ./server/server.key -sign > ./secret
# decrypt with public key
$ openssl rsautl -inkey ./client/client.pub -pubin -in ./secret
secret

I fully understood my question, it was about RSA_public_decrypt method of openssl: https://www.openssl.org/docs/man1.1.0/crypto/RSA_public_decrypt.html
I did not found any pure-golang realization. Realization with cgo: https://github.com/dgkang/rsa/blob/master/rsa/rsa.go
UPD, work for me:
func RSA_public_decrypt(pubKey *rsa.PublicKey, data []byte) []byte {
c := new(big.Int)
m := new(big.Int)
m.SetBytes(data)
e := big.NewInt(int64(pubKey.E))
c.Exp(m, e, pubKey.N)
out := c.Bytes()
skip := 0
for i := 2; i < len(out); i++ {
if i+1 >= len(out) {
break
}
if out[i] == 0xff && out[i+1] == 0 {
skip = i + 2
break
}
}
return out[skip:]
}

I think there is a bit of a misunderstanding here. openssl rsautl -sign does not encrypt the data. It produces a signature. The contents in your secret file is not "secret", encrypted. Rather, it is a signature of the text "secret" that is signed with the private key.
Using the public key, you can -verify the signature, but this isn't really what you are trying to do. It sounds like you want encrypt/decrypt, not sign/verify.
Use the -encrypt and -decrypt options of rsautl. Encryption happens with the public key, and decryption happens with the private key.
Keep in mind there are limits to the amount of data you can encrypt with RSA. Typically, you would protect a symmetric key with RSA, and use the symmetric key to do bulk encryption and decryption.

Convert unix date to integer value

hi i have my UNIX file date in particular format 2017-02-01 i want to convert it in integer value like 20170201. What can i do get this output.My UNIX box is(SunOS 5.10).I tried to check below command to see what they output.But i am not getting anything.Can anyone help?
bash-3.2$ date +'%s'
%s
bash-3.2$ date +"%s"
%s
bash-3.2$ date +%s
%s
When i try date -d "Filename" +%Y%m%d option it error out saying:-
date: bad conversion
usage: date [-u] mmddHHMM[[cc]yy][.SS]
date [-u] [+format]
date -a [-]sss[.fff]

You can get the date you like with this line of code (bash):
date +"%Y%m%d"
you can use it as a filename like this:
_now=$(date +"%Y%m%d")
_file="/tmp/$_now.ext"
then use $_file for your filename

SunOS 5.10 (Solaris 10) is pretty old. There are some things it doesn't do.
In particular, I note that its date command relies on strftime() for formatting, and according to the man page, Solaris 10's strftime does not support %s. Which explains the results in the test you did in your question.
If you really just want a YYYYMMDD format, the following should work:
$ date '+%Y%m%d'
If you're looking for an epoch second, then you might have to use some other tool. Nawk, for example, should be installed on your system:
$ nawk 'BEGIN{print srand}'
You can man nawk and search for srand to see why this works.
Alternately, you could use Perl, if you've installed it:
$ perl -e 'print time . "\n";'
These are strategies to get the current epoch second, but your initial date command is the correct way to get the date formatted the way you suggested.
Based on other comments, it also appears you're looking to get the timestamp of certain files. That's not something the date command will do. In other operating systems, like Linux or FreeBSD, you'd use the stat command, which does not appear as a separate shell command in Solaris 10.
But you can do it yourself in a pretty short C program that uses the fstat(2) system call. While it may be beyond the scope required for this question, you can probably compile this using /usr/sfw/bin/gcc:
#include <stdio.h>
#include <time.h>
#include <fcntl.h>
#include <sys/stat.h>
int main(int argc, char **argv)
{
struct tm info;
char buf[80];
struct stat fileStat;
time_t epoch;
if(argc != 2)
return 1;
int file=0;
if((file=open(argv[1],O_RDONLY)) < -1)
return 1;
if(fstat(file,&fileStat) < 0)
return 1;
info = *localtime( &fileStat.st_mtime );
epoch = mktime(&info);
printf("%s:%ld\n", argv[1], (long) epoch );
return 0;
}
For example:
$ gcc -o filedate filedate.c
$ ./filedate /bin/ls
/bin/ls:1309814136
$ perl -e 'use POSIX; print POSIX::strftime("%F %T\n", gmtime(1309814136));'
2011-07-04 21:15:36
$ ls -l /bin/ls
-r-xr-xr-x 1 root bin 18700 Jul 4 2011 /bin/ls
$

SOLVED IT WITH THIS COMMAND-:
browserDate="2016-11-21"
dateConversion="${browserDate//'-'}"

How can I specify server-side encryption of Amazon S3 objects with PowerShell?

Would someone explain how to enable Amazon S3 server-side encryption in a PowerShell script? I'm using the sample code below but when I check encryption in the AWS Console or Cloudberry S3 Explorer Pro the encryption type is still set to 'none'. Using AWS / Cloudberry to do this manually after files are uploaded isn't feasible because the script is to be deployed to 200+ servers, each with it's own bucket in S3. Here's a snippet of code from the script:
$TestFile="testfile.7z"
$S3ObjectKey = "mytestfile.7z"
#Create Amazon PutObjectRequest.
$AmazonS3 = [Amazon.AWSClientFactory]::CreateAmazonS3Client($S3AccessKeyID,$S3SecretKeyID)
$S3PutRequest = New-Object Amazon.S3.Model.PutObjectRequest
$S3PutRequest.BucketName = $S3BucketName
$S3PutRequest.Key = $S3ObjectKey
$S3PutRequest.FilePath = $TestFile
$S3Response = $AmazonS3.PutObject($S3PutRequest)
I've tried inserting the following without success (before the $S3Response line):
$S3PutRequest.ServerSideEncryption
When the above is added I get this message in the output but the file is still not tagged as encrypted on S3:
MemberType : Method
OverloadDefinitions : {Amazon.S3.Model.PutObjectRequest WithServerSideEncryptionMethod(Amazon.S3.Model.ServerSideEncryptionMethod encryption)}
TypeNameOfValue : System.Management.Automation.PSMethod
Value : Amazon.S3.Model.PutObjectRequest WithServerSideEncryptionMethod(Amazon.S3.Model.ServerSideEncryptionMethod encryption)
Name : WithServerSideEncryptionMethod
IsInstance : True
Can anyone tell me what I'm doing wrong? Many thanks in advance.

You should add:
$S3PutRequest.WithServerSideEncryptionMethod([Amazon.S3.Model.ServerSideEncryptionMethod]::AES256)
Or:
$S3PutRequest.ServerSideEncryptionMethod = [Amazon.S3.Model.ServerSideEncryptionMethod]::AES256

If you are using CloudBerry, it has its own PowerShell snapin
Add-PSSnapin CloudBerryLab.Explorer.PSSnapin
$s3 = Get-CloudS3Connection -Key XXXXXXX -Secret YYYYYYY
$destFolder = $s3 | Select-CloudFolder -path "mybucket"
$local = Get-CloudFilesystemConnection
$srcFolder = $local | Select-CloudFolder -path "c:\myzips"
$srcFolder | Copy-CloudItem $destFolder -filter "testfile.7z" -SSE
Notice -SSE parameter in the Copy-CloudItem command.
Some helpful examples can be found on their blog: http://blog.cloudberrylab.com/search?q=powershell