I am looking at the difference of these ciphers after I run
openssl ciphers -v
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-DSS-AES256-SHA SSLv3 Kx=DH Au=DSS Enc=AES(256) Mac=SHA1
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
As it states, they are all used in SSLv3, encryption is AES(256), and Message authentication codes is SHA1
the DHE-xxx use Diffie-Hellman (need authentication) key exchange, but the AES256-SHA uses RSA (both digital signing and encrypting data) key exchange. The Auth difference between RSA and DSS (Digital Signature standard). Verify the DSA a little bit slow.
Friday, May 28, 2010
Tuesday, May 25, 2010
C++ template tricks
Here are a few tricks for future reference:
1. Explicitly specify which template function version you want to call. This is especially useful if you have parameter type in return type.
template <class RET, class T>
RET f(T t)
{
}
char ch=f<char>("abc"); //partial specify is enough as the second parameter can be deducted
2. exported keyword is supposed to allow the template definition to be separated with the declaration. Since no one wants to support it, it is removed from C++ 0x.
In order to separate the template declaration and non-inline member function definition, you may have to put the instantiation declaration in its cpp file:
template class Foo<int>;
3. Friend function link error
If you declare a friend function in a template class, the compiler normally will take it as non-template definition:
Foo<int> operator+ <Foo<int>&, Foo<int>&);
In order to tell the compiler you want to use the template version:
template<class T> class Foo; //pre-declare Foo
template<class T> Foo<T> operator+(Foo<T>&, Foo<T>&); //a template declaration for friend
template <class T> class Foo{
//...
friend Foo<T> operator+<> (Foo<T>&, Foo<T>&); //I am using the template declaration before
};
4. The compiler does not look up dependent base class when looking up non-dependent name (signature not correlate with parametrized type). So the data structure defined in the template base class cannot be referred in the derived class. You can give a hint with typename like:
typename B::xyz x;
Similarly, if you want to refer a function defined in the template base class, you have to use:
this->f();
as this is always a dependent name, so it will search for the base class.
5. The template keyword is required before dependent names accessing member templates via ., ->, or ::
template <class T> void f(T& x)
{
int n=x.template convert<3>(pi); //tell compiler the dependent name is a template, otherwise, it can be treated as "(x.convert <3) > pi".
}
6. Default parameter list as shown in our previous tuple example:
template <class T0=null_type, class T1=null_type, class T2=null_type> class tuple;
7. Template partial specilization to absorb some parameters
template <int n, T t> struct element; //This is the real template interface I want to use
template <int n, Class TT, class HH> struct element<n, cons<HH, TT>> {
}; //Use it as a different mean.
1. Explicitly specify which template function version you want to call. This is especially useful if you have parameter type in return type.
template <class RET, class T>
RET f(T t)
{
}
char ch=f<char>("abc"); //partial specify is enough as the second parameter can be deducted
2. exported keyword is supposed to allow the template definition to be separated with the declaration. Since no one wants to support it, it is removed from C++ 0x.
In order to separate the template declaration and non-inline member function definition, you may have to put the instantiation declaration in its cpp file:
template class Foo<int>;
3. Friend function link error
If you declare a friend function in a template class, the compiler normally will take it as non-template definition:
Foo<int> operator+ <Foo<int>&, Foo<int>&);
In order to tell the compiler you want to use the template version:
template<class T> class Foo; //pre-declare Foo
template<class T> Foo<T> operator+(Foo<T>&, Foo<T>&); //a template declaration for friend
template <class T> class Foo{
//...
friend Foo<T> operator+<> (Foo<T>&, Foo<T>&); //I am using the template declaration before
};
4. The compiler does not look up dependent base class when looking up non-dependent name (signature not correlate with parametrized type). So the data structure defined in the template base class cannot be referred in the derived class. You can give a hint with typename like:
typename B
Similarly, if you want to refer a function defined in the template base class, you have to use:
this->f();
as this is always a dependent name, so it will search for the base class.
5. The template keyword is required before dependent names accessing member templates via ., ->, or ::
template <class T> void f(T& x)
{
int n=x.template convert<3>(pi); //tell compiler the dependent name is a template, otherwise, it can be treated as "(x.convert <3) > pi".
}
6. Default parameter list as shown in our previous tuple example:
template <class T0=null_type, class T1=null_type, class T2=null_type> class tuple;
7. Template partial specilization to absorb some parameters
template <int n, T t> struct element; //This is the real template interface I want to use
template <int n, Class TT, class HH> struct element<n, cons<HH, TT>> {
}; //Use it as a different mean.
Friday, May 21, 2010
Use lambda caculus to analyze the C++ template
I am looking at some template expandsion for boost c++ _1 in the conext of:
foreach(vector, cout<<_1;)
The statment is expanded to a template:
boost::lambda::lambda_functor<
boost::lambda::lambda_functor_base<
boost::lambda::bitwise_action<boost::lambda::leftshift_action>,
boost::tuples::tuple<
boost::lambda::lambda_functor<
boost::lambda::lambda_functor_base<
boost::lambda::bitwise_action<boost::lambda::leftshift_action>
boost::tuples::tuple<
std::ostream&,boost::lambda::lambda_functor<
boost::lambda::placeholder<1>
>,
boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type
>
>
>,
const char,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type
>
>
>::operator ()
It is very tedious to analyze it. The idea is to use lambda calculus to help:
foreach(vector, cout<<_1;)
The statment is expanded to a template:
boost::lambda::lambda_functor<
boost::lambda::lambda_functor_base<
boost::lambda::bitwise_action<boost::lambda::leftshift_action>,
boost::tuples::tuple<
boost::lambda::lambda_functor<
boost::lambda::lambda_functor_base<
boost::lambda::bitwise_action<boost::lambda::leftshift_action>
boost::tuples::tuple<
std::ostream&,boost::lambda::lambda_functor<
boost::lambda::placeholder<1>
>,
boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type
>
>
>,
const char,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type,boost::tuples::null_type
>
>
>::operator ()
It is very tedious to analyze it. The idea is to use lambda calculus to help:
- Extended Rules for better reading
- One large character to represent function
- three small characters to represent variable name
- the , [ { may be used to distinguish multiple parameters
- Function and variables definition
- F.arg the lambda functor
- B.ret,arg the lambda base functor which takes return value and argument
- A.act The bitwise action, which helps to select left,right type as return type
- T.t0,t1..t9 The tuple can take up to 10 different types
- lsa left shift action
- ofs ofstream
- pl1 place holder one
- nut null type
- The whole template can be defined as:
- Parse this function:
- T(ofs,F(pl1)) associate the ofstream and _1
- B(A(lsa), T(ofs,F(pl1))) Add the return value of the ofstream to the base functor
- TF[...] wrap it as an function and put it in a tuple
- F(B(A{...})) Use the tuple as an action and then pass it to the Base functor and Functor.
How to create a C++ tuple to take any amount of type
Boost C++ had a tuple library, which can take any amount of the type (maxium 10):
tuple<int>
tuple<double&, const double&, const double, double*, const double*>
tuple<A, int(*)(char, int), B(A::*)(C&), C>
//(1) A null Type will be refered as default template parameters
struct null_type {};
//(2) A class can take up to 3 class type
template<class T0, class T1, class T2>
class tuple{
public:
//(3) Constructor for these type
tuple(T0 t){}
tuple(T0 t0, T1 t1){}
tuple(T0 t0, T1 t1, T2 t2){}
};
//(4) default parameter will take effect
template <class T0=null_type, class T1=null_type, class T2=null_type> class tuple;
}
using namespace tuples;
int main()
{
tuple<int> b(1);
tuple<int, char> c(2,'a');
tuple<int, float, char> d(3,12.5,'c');
}
tuple<int>
tuple<double&, const double&, const double, double*, const double*>
tuple<A, int(*)(char, int), B(A::*)(C&), C>
The key is to use the default parameter type in a separated declaration:
//(1) A null Type will be refered as default template parameters
struct null_type {};
//(2) A class can take up to 3 class type
template<class T0, class T1, class T2>
class tuple{
public:
//(3) Constructor for these type
tuple(T0 t){}
tuple(T0 t0, T1 t1){}
tuple(T0 t0, T1 t1, T2 t2){}
};
//(4) default parameter will take effect
template <class T0=null_type, class T1=null_type, class T2=null_type> class tuple;
}
using namespace tuples;
int main()
{
tuple<int> b(1);
tuple<int, char> c(2,'a');
tuple<int, float, char> d(3,12.5,'c');
}
Wednesday, May 12, 2010
STL/Boost template based meta programming
Here is some experiment of the Arbitrary overload and Concept Check using C++ template.
#include
//is_integral
template struct is_integral{
enum {value=false};
};
template<> struct is_integral{
enum {value=true};
};
//Enable if
template struct enable_if { }; //default
template struct enable_if{
typedef T type;
};
//Arbitary ovlerload: only allow integer Foo : Substitute failure is not an error
template
typename enable_if::value, T>::type Foo(T x){return x*x;}
//Concept check
template void ignore_unused_variable_warning(const T&) { }
template void require_boolean(const T& t)
{
bool x=t;
ignore_unused_variable_warning(x);
}
template struct Comparable{
void constraints(){
require_boolean(a==b);
require_boolean(a!=b);
}
T a,b;
};
template void function_requires(Concept t){
void (Concept::*x)()=&Concept::constraints; //Force compiler to compile the constraints code
}
template void NeedCompare(T t){
function_requires(Comparable());
};
struct Data{
public:
Data operator*(const Data& data){return Data();}
private:
Data& operator=(const Data &);
};
int main()
{
is_integral a;
is_integral b;
Data data;
std::cout<<"A:"<<<" B:"<<
int x=Foo(12);
//Foo(12.3); //Error no matching function for call to Foo(double)
//NeedCompare(data) ; //no match for ‘operator==’ in
NeedCompare(12);
}
#include
//is_integral
template
enum {value=false};
};
template<> struct is_integral
enum {value=true};
};
//Enable if
template
template
typedef T type;
};
//Arbitary ovlerload: only allow integer Foo : Substitute failure is not an error
template
typename enable_if
//Concept check
template
template
{
bool x=t;
ignore_unused_variable_warning(x);
}
template
void constraints(){
require_boolean(a==b);
require_boolean(a!=b);
}
T a,b;
};
template
void (Concept::*x)()=&Concept::constraints; //Force compiler to compile the constraints code
}
template
function_requires(Comparable
};
struct Data{
public:
Data operator*(const Data& data){return Data();}
private:
Data& operator=(const Data &);
};
int main()
{
is_integral
is_integral
Data data;
std::cout<<"A:"<
int x=Foo(12);
//Foo(12.3); //Error no matching function for call to Foo(double)
//NeedCompare(data) ; //no match for ‘operator==’ in
NeedCompare(12);
}
Monday, May 10, 2010
How the google ratproxy works
The google ratproxy is used to find the potential web risk, specially, the XSS.
(1) Get the request and response
(2) Refer request header: whether the parameter contains the session tokens("token", "once", "secret", "secid", "auth", "=tok", "=sig") to detect the token leakage.
(3) When the response MIME type is active content type, it may warn "external code inclusion":
"text/html", /* HTML */
"application/xhtml+xml", /* XHTML */
"application/java-vm", /* Java class */
"application/java-archive", /* Java JAR */
"application/x-shockwave-flash", /* Flash */
"video/flv", /* Flash */
"video/x-flv", /* Flash */
(4) If it detects the POST request, it may warn "Cross-domain POST requests"
(5) Now check the URL and response
"iso8859-1", /* Valid Western */
"iso-8859-1", /* Invalid but recognized */
"iso8859-2", /* Valid European */
"iso-8859-2", /* Invalid but recognized */
"iso8859-15", /* ISO-8859-1, new and improved */
"iso-8859-15", /* ISO-8859-1, new and improved */
"windows-1252", /* Microsoft's Western */
"windows-1250", /* Microsoft's European */
"us-ascii", /* Old school but generally safe */
WARNING: Please note that "harmless" misspellings such as
'utf8' or 'utf_8' are *not* harmless, and may trigger utf-7
XSSes. Do not add these to the list unless thoroughly
validated.
(1) Get the request and response
(2) Refer request header: whether the parameter contains the session tokens("token", "once", "secret", "secid", "auth", "=tok", "=sig") to detect the token leakage.
(3) When the response MIME type is active content type, it may warn "external code inclusion":
"text/html", /* HTML */
"application/xhtml+xml", /* XHTML */
"application/java-vm", /* Java class */
"application/java-archive", /* Java JAR */
"application/x-shockwave-flash", /* Flash */
"video/flv", /* Flash */
"video/x-flv", /* Flash */
(4) If it detects the POST request, it may warn "Cross-domain POST requests"
(5) Now check the URL and response
- Is there any echoed query parameter in response body?
- Is there any echoed query parameter in response headers?
- check whether the URL contains the authentication fields? "login","user", "sess","account","pass"
- re-send without cookie to double check whether it is a request require authentication
- Sniff the char set in response body. The valid charset is:
"iso8859-1", /* Valid Western */
"iso-8859-1", /* Invalid but recognized */
"iso8859-2", /* Valid European */
"iso-8859-2", /* Invalid but recognized */
"iso8859-15", /* ISO-8859-1, new and improved */
"iso-8859-15", /* ISO-8859-1, new and improved */
"windows-1252", /* Microsoft's Western */
"windows-1250", /* Microsoft's European */
"us-ascii", /* Old school but generally safe */
WARNING: Please note that "harmless" misspellings such as
'utf8' or 'utf_8' are *not* harmless, and may trigger utf-7
XSSes. Do not add these to the list unless thoroughly
validated.
- Try_replay_xsrf: set all the session tokens in the request to clobber value, and then send it again to the server, then compare the md5 of the result.
- The header based check: for example, authentication header but not 40x response.
- HTTP redirect: detect 302 response with location header: is the host name in the request query parameter or payload?
- Check the redirect in payload: HTTP-EQUIV=\"Refresh\"
- Handle Content-Type: multipart/form-data ??
- If the response and request cookies are the same, Cookie issuer with no XSRF protection
- POST requests that do not require authentication are interesting
- Multiple "Content-Type or Content-Disposition" headers
- Misstated Content-Length: pay load greater than the content-length header
- Check cross domain POST request: the request host and refer host is different.
- Cacheable SetCookie: Check if the web page can be cached and with the cookie/auth
- Missing charsets and typos lead to UTF-7 cross-site scripting.
- content sniffing and content-type mismatch
- Echoed markup in a query is bad.
- File path in query parameters: Non-echoed paths in query are often bad
- Java method names in a query are bad.
- Javascript code in a query is bad; ignore alert(...) though, as this is almost always a sign of manual XSS testing, not a legitimate functionality.
- SQL statement in a query is bad.
- Check for OGNL-style parameter names.
- Check for what looks like JSON with inline HTML (we skip standalone scripts,as they often contain static HTML to be rendered). We do some basic quotestate tracking not to get confused by regular arithmetic. No commenttracking, but that shouldn't break easily.
- Response with directory index: "\>[To Parent Directory]\<" "\
- javascript .write(, .writeln(, .innerHtml, .outerHtml, document.referrer, document.domain
Subscribe to:
Posts (Atom)