|
midrange.com
Here's some sample RPG code which takes into consideration the EBCDIC
to ASCII conversion, the hash generation, and the creation of a
suitable text string. The program assumes that EBCDIC means CCSID 37
and ASCII CCSID 819. These assumptions may not hold true for all
languages.
Bruce
H DFTACTGRP(*NO) ACTGRP('QILE') BNDDIR('QC2LE')
DCipher PR EXTPROC('_CIPHER')
D * VALUE
D * VALUE
D * VALUE
DConvert PR EXTPROC('_XLATEB')
D * VALUE
D * VALUE
D 10u 0 VALUE
Dcvthc PR EXTPROC('cvthc')
D 1
D 1
D 10i 0 VALUE
DControls DS
D Function 5i 0 inz(5)
D HashAlg 1 inz(x'00')
D Sequence 1 inz(x'00')
D DataLngth 10i 0 inz(15)
D Unused 8 inz(*LOVAL)
D HashCtxPtr * inz(%addr(HashWorkArea))
DHashWorkArea S 96 inz(*LOVAL)
DMsg S 50
DReceiverHex S 16
DReceiverPtr S * inz(%addr(ReceiverHex))
DReceiverChr S 32
DSourcePtr S * inz(%addr(Msg))
DStartMap s 256
DTo819 s 256
DCCSID1 s 10i 0 inz(37)
DST1 s 10i 0 inz(0)
DL1 s 10i 0 inz(%size(StartMap))
DCCSID2 s 10i 0 inz(819)
DST2 s 10i 0 inz(0)
DGCCASN s 10i 0 inz(0)
DL2 s 10i 0 inz(%size(To819))
DL3 s 10i 0
DL4 s 10i 0
DFB s 12
D ds
D x 5i 0
D LowX 2 2
D* Get all single byte ebcdic hex values
C 0 do 255 x
C eval %subst(StartMap:x+1:1) = LowX
C enddo
C* Get conversion table for 819 from 37
C call 'QTQCVRT'
C parm CCSID1
C parm ST1
C parm StartMap
C parm L1
C parm CCSID2
C parm ST2
C parm GCCASN
C parm L2
C parm To819
C parm L3
C parm L4
C parm FB
C* Set message text
C eval Msg = 'message digest'
C eval DataLngth = %len(%trimr(Msg))
C* Now Change Msg to 819 from 37 using MI
C callp Convert( %addr(Msg)
C :%addr(To819)
C :%size(Msg))
C* Get MD5 for Msg
C callp Cipher( %addr(ReceiverPtr)
C :%addr(Controls)
C :%addr(SourcePtr))
C* Convert nibbles to characters
C callp cvthc( ReceiverChr
C :ReceiverHex
C :%size(ReceiverChr))
C* Display the "proof"
C ReceiverChr dsply
C eval *INLR = '1'
C return
>
>Thanks everyone who replied!
>The MD5 seems to work okay.
>
>The reason I wanted it, and you will too in the future, is for e-commerce or
>web-based applications.
>
>You store a list of users and MD5-encoded passwords in a database, these
>people can access your application. Why not use OS/400 security? The biggest
>reason is to not create a bunch of user profiles. If your AS?400 is on the
>Internet, it is much more prudent to populate a simple user database than
>manage user profiles whose sole functions is to get to your application.
>Also, if you don't create user profiles, then the user, even if they can use
>your application, cannot FTP into your AS/400 because they don't have a
>valid OS/400 user id. Their only interface is essentially through the
>browser. You can easily encrypt passwords on the browser using an MD5
>Javascript. For "simple" password protection that is reasonably secure, and
>without the hassle of maintaining Apache's "basic authentication" or
>similar, MD5 is a very good tool.
>
>My biggest concern is the translation from EBCDIC to ASCII.
>
>For "the rest of the world", the MD5 hash is 32 alphanumeric characters
>ASCII, publicly "tradable" through email, etc. On the AS/400, the MD5 hash
>is 16 bytes, whose hexadecimal representation is the MD5. IE, the AS/400
>version is not directly readable. Other MD5 hash programs output the text
>string of 32 characters. This can be overcome by using a MD5 wrapper
>procedure, I'm sure.
>
>My issue is this: On the MD5.c file, there are a series of 7 test cases to
>"prove" the MD5 implementation is correct:
>
>"", d41d8cd98f00b204e9800998ecf8427e
>"a", 0cc175b9c0f1b6a831c399e269772661
>"abc", 900150983cd24fb0d6963f7d28e17f72
>"message digest", f96b697d7cb7938d525a2f31aaf161d0
>"abcdefghijklmnopqrstuvwxyz", c3fcd3d76192e4007dfb496cca67e13b
>"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
>d174ab98d277d9f5a5611c2c9f419d9f
>"123456789012345678901234567890123456789012345678901234567890123456789012345
>67890", 57edf4a22be3c955ac49da2e2107b67a
>
>Unfortunately, this is not directly comparable on the AS/400, because of
>ASCII/EBCDIC translation. For my test case, I had to directly compare ASCII
>"P" with EBCDIC "&" to achieve MD5: 44 c2 9e db 10 3a 28 72 f5 19 ad 0f da
>aa.
>
>Given the fact that a "normal" MD5 is alphanumeric and the AS/400 MD5 is the
>hex representation of bytes, and of the ASCII/EBCDIC translation, will this
>be of real use when using the AS/400 to serve web pages, if you want to use
>MD5 as a password protection mechanism?
>
>Loyd
>
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
