Drawing with Cairo

Cairo is a cross platform 2D graphics library. It’s got a wide range of features that are exposed through a solid and easy to use API. From the website:

The cairo API provides operations similar to the drawing operators of PostScript and PDF. Operations in cairo including stroking and filling cubic Bézier splines, transforming and compositing translucent images, and antialiased text rendering. All drawing operations can be transformed by any affine transformation (scale, rotation, shear, etc.)

In today’s post, I’m going to re-implement a very simple version of the old windows screensaver, Mystify. In fact, it’s not even going to look as cool as the one in the video but it will take you through basic drawing with Cairo and animation using GTK+ and GDK.

Getting your feet wet

If you don’t want to dive right into doing animation with Cairo, I suggest that you take a look at the FAQ. Up there is a section on what a minimal C program looks like. For reference, I have included it below. You can see that it’s quite static in nature; writing a PNG of the result at the end:

#include <cairo.h>

int main (int argc, char *argv[]) {
  cairo_surface_t *surface =
     cairo_image_surface_create(
      CAIRO_FORMAT_ARGB32, 
      240, 
      80);

  cairo_t *cr =
     cairo_create(surface);

  cairo_select_font_face(
    cr, 
    "serif", 
    CAIRO_FONT_SLANT_NORMAL, 
    CAIRO_FONT_WEIGHT_BOLD
  );

  cairo_set_font_size(cr, 32.0);
  cairo_set_source_rgb(cr, 0.0, 0.0, 1.0);
  cairo_move_to(cr, 10.0, 50.0);
  cairo_show_text(cr, "Hello, world");

  cairo_destroy(cr);
  cairo_surface_write_to_png(
    surface, 
    "hello.png"
  );
  cairo_surface_destroy(surface);
  return 0;
}

Building Cairo applications

There’s a shopping list of compiler and linker switches when building with Cairo, GTK+ and GDK. pkg-config has been a great help here, so here are the CFLAGS and LFLAGS definitions from my Makefile:

CFLAGS := -g -Wall `pkg-config --cflags gtk+-3.0 gdk-3.0 cairo`
LFLAGS := `pkg-config --libs gtk+-3.0 gdk-3.0 cairo`

Setting up the UI

First job is to create a window that will host our drawing. This is all pretty standard boilerplate for any GTK+ application.

int main(int argc, char *argv[]) {
  GtkWidget *window;

  gtk_init(&argc, &argv);
  init_verts();

  window = gtk_window_new(
    GTK_WINDOW_TOPLEVEL
  );

  darea = gtk_drawing_area_new();
    gtk_container_add(
    GTK_CONTAINER(window), 
    darea
  );

  g_signal_connect(
    G_OBJECT(darea), 
    "draw", 
    G_CALLBACK(on_draw_event), 
    NULL
  );

  g_signal_connect(
    window, 
    "destroy", 
    G_CALLBACK(gtk_main_quit), 
    NULL
  );  

  gtk_window_set_position(
    GTK_WINDOW(window), 
    GTK_WIN_POS_CENTER
  );

  gtk_window_set_default_size(
    GTK_WINDOW(window), 
    WIN_WIDTH, 
    WIN_HEIGHT
  );

  gtk_window_set_title(
    GTK_WINDOW(window), 
    "Lines"
  );

  gtk_widget_show_all(window);

  (void)g_timeout_add(
    33, 
    (GSourceFunc)mystify_animate, 
    window
  );

  gtk_main();

  return 0;
}

The parts to really take note of here is the creation of our drawable, and it getting connected to the window:

darea = gtk_drawing_area_new();
gtk_container_add(
  GTK_CONTAINER(window), 
  darea
);

Attaching our custom draw function to the draw signal with g_signal_connect:

g_signal_connect(
  G_OBJECT(darea), 
  "draw", 
  G_CALLBACK(on_draw_event), 
  NULL
);

Setting up a timer with g_timeout_add to continually call the animation function:

(void)g_timeout_add(
  33, 
  (GSourceFunc)mystify_animate, 
  window
);

Drawing

The Mystify effect is just a handful of vertices bouncing around the screen with lines connecting them. Really quite simple and we can get away with a basic data structure to defined this:

struct tag_mystify_vert {
  int x, y;     /* x and y positions */
  int vx, vy;   /* x and y velocities */
  double r, g, b;  /* colour components */
};

typedef struct tag_mystify_vert mystify_vert;

mystify_vert verts[N_VERTS];

Drawing the structure is just enumerating over the array defined above and drawing the lines:

static gboolean on_draw_event(
GtkWidget *widget, 
cairo_t *cr, 
gpointer user_data) {
  int n;

  /* clear the background to black */
  cairo_set_source_rgb(cr, 0, 0, 0);
  cairo_paint(cr);

  /* draw lines between verts */
  for (n = 0; n < (N_VERTS - 1); n ++) {
    cairo_set_source_rgb(
      cr, 
      verts[n].r, 
      verts[n].g, 
      verts[n].b
    );

    cairo_move_to(
      cr, 
      verts[n].x, 
      verts[n].y
    );
    cairo_line_to(
      cr, 
      verts[n + 1].x, 
      verts[n + 1].y
    );

    cairo_set_line_width(cr, 1);
    cairo_stroke(cr);
  }

  /* draw a line between the first and last vert */
  n = N_VERTS - 1;

  cairo_set_source_rgb(
    cr, 
    verts[n].r, 
    verts[n].g, 
    verts[n].b
  );

  cairo_move_to(
    cr, 
    verts[n].x, 
    verts[n].y
  );

  cairo_line_to(
    cr, 
    verts[0].x, 
    verts[0].y
  );

  cairo_set_line_width(cr, 1);
  cairo_stroke(cr);

  return FALSE;
}

Pretty basic. We set our draw colour with cairo_set_source_rgb, cairo_move_to and cairo_line_to handle our start and end points for the lines. cairo_stroke makes the doughnuts.

Animating

Finally, we animate the structure. Nothing really of interest in this code block except for how we notify the UI that we need a redraw.

gboolean mystify_animate(GtkWidget *window) {
  animate_verts();

  gtk_widget_queue_draw_area(
  window, 
  0, 0, 
  WIN_WIDTH, WIN_HEIGHT
  );

  return TRUE;
}

gtk_widget_queue_draw_area invalidates the defined region and forces the redraw for us.

Putting it all together

The source for this most unexciting version of the Mystify effect can be found here.

Working with OpenSSL

OpenSSL is the open source project that provides the world with SSL and TLS. In today’s post, I’ll walk through some simple tasks to encrypt and decrypt your data.

Features

OpenSSL is a very feature-rich library. It contains many pieces of functionality that you should study in more detail. The man page for it goes into all of these details in great depth.

Encoding information

Perhaps a slightly edge-case piece of functionality, OpenSSL has the ability to Base64 encode your information. It’s no where near actually securing your information, but the facility is there.

You can Base64 encode a string with the following command:

$ echo "Hello, world!" | openssl enc -base64
SGVsbG8sIHdvcmxkIQo=

You can bring it back to plain text with the following:

 
$ echo "SGVsbG8sIHdvcmxkIQo=" | openssl enc -base64 -d
Hello, world!

Encrypt with a password

OpenSSL gives you the ability to encrypt a piece of information using a password. This is a simple way of securing your information without certificates, but isn’t a very strong strategy for information security.

Take a look under the Encoding and Cipher Commands for a full range of strategies here. Where we used the base64 options above, no password was asked for. This is because it’s just an encoding. If we were to use the bf option (which will use the Blowfish Cipher), we’re prompted for a password.

$ echo "Hello, world" | openssl enc -bf > password_enc.dat
enter bf-cbc encryption password:
Verifying - enter bf-cbc encryption password:

password_enc.dat contains what would appear to be garbage, but it is our string; just encrypted. To get our plain text back:

$ openssl enc -bf -d -in password_enc.dat 
enter bf-cbc decryption password:
Hello, world!

You need to enter the correct password in order to get your plain text back. Pretty simple. This is the process for any of the ciphers mentioned above.

Encrypt with a key pair

Stepping up the complexity, you can get OpenSSL to encrypt and decrypt your data using public-key cryptographyy.

First of all, we need to generate a public/private key pair. The following command will generate a private key. This will be an RSA keypair with a 4096 bit private key.

$ openssl genrsa -out private_key.pem 4096
Generating RSA private key, 4096 bit long modulus
....++
......................................................................................................................................................................................................................++
e is 65537 (0x10001)

Now that the private key has been generated, we extract the public key from it:

$ openssl rsa -pubout -in private_key.pem -out public_key.pem
writing RSA key

You can view all of the details of your keypair details with the following command. It’s a pretty verbose information dump, so brace yourself.

$ openssl rsa -text -in private_key.pem

We encrypt the source information with the public key and perform the decryption using the private key.

To encrypt the information:

$ echo "Hello, world" > encrypt.txt
$ openssl rsautl -encrypt -inkey public_key.pem -pubin -in encrypt.txt -out encrypt.dat

To decrypt the information:

$ openssl rsautl -decrypt -inkey private_key.pem -in encrypt.dat -out decrypt.txt
$ cat decrypt.txt 
Hello, world

Working with certificates

You can use OpenSSL to generate a self-signed certificate.

Generating a self-signed certificate is a fairly simple process. The following will generate a certificate and private key (in the one file) that’s valid for 1 year. This certificate’s key won’t be protected by a passphrase.

$ openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

You can shorted the key generation process (make it ask less questions) by specifying all of the subject details in the generation command:

$ openssl req -x509 -nodes -days 365 -subj '/C=AU/ST=Queensland/L=Brisbane/CN=localhost' -newkey rsa:4096 -keyout mycert2.pem -out mycert2.pem

Other functions

You can use OpenSSL to generate some random data for you as well. This is useful in scenarios where your application requires nonce data. The rand switch does this easily:

$ openssl rand -base64 128
tfINhtHHe5LCek2mV0z6OlCcyGUaHD6xM0jQYAXPNVpy0tjoEB4gy7m6f/0Fb4/K
cKyDfZEmpvoc3aYdQuCnH1kfJk1EQR1Gbb3xyW22KOcfjuEot5I+feinilJcDfWY
aJKDyuNUOn9YuZ8aALhP1zhA0knAT5+tKtNxjjNar04=

Piping the contents of /dev/urandom through OpenSSL’s base64 encoder will also perform the same task (with better entropy).

Prime testing is an important cryptographic step and can be achieved with the prime switch:

$ openssl prime 3
3 is prime
$ openssl prime 4
4 is not prime
$ openssl prime 5
5 is prime
$ openssl prime 6
6 is not prime

A really practical utility bundled inside of OpenSSL is the testing server that you can instantiate to test out your certificates that you generate.

$ openssl s_server -cert mycert.pem -www

This starts a HTTPS server on your machine. You can point your web browser to https://server:4433/ to see how a browser responds to your certificate.

You can also use OpenSSL as a client to pull down remote certificates:

$ openssl s_client -connect server:443

Asymmetric encryption with OpenSSL in Ruby

Asymmetric encryption is a category of cryptographic strategies employed to share information between two parties using two separate keys.

In today’s post, I want to show how the encryption flow actually works using some Ruby code.

Decisions

Before we can get started, we need to make some decisions regarding the encryption that we’re going to use. The two assumptions that I’ve made up front are about the key size and digest function. I’ve stored these assumptions in a hash up front:

common = {
	:key_length  => 4096,
	:digest_func => OpenSSL::Digest::SHA256.new
}

We’ll use 4096 bit key lengths and SHA-256 as our digest function.

Parties

First thing that we have to establish is that we have two parties. They both want to send a message to each other that no one else can read. They’re both defined in our ruby code as party_a and party_b.

There’s no network separating these parties, so you’ll have to use your imagination.

To create a party, I’ve used the following:

def make_party(conf, name)

	# create a public/private key pair for this party
	pair = OpenSSL::PKey::RSA.new(conf[:key_length])

	# extract the public key from the pair
	pub  = OpenSSL::PKey::RSA.new(pair.public_key.to_der)

	{ :keypair => pair, :pubkey => pub, :name => name }

end

Using the configuration assumptions that we’d declared above, this function will create a key pair, extract the public key and give the party a name (nice for display purposes).

Processing a message

Next up, we’ll prepare a message to send. There’s a little trickery that you need to remember here:

• :keypair is private and never seen by the other party
• :pubkey is distributed between the parties

To prove that the message was sent by the originator, the sender generates a signature for the message. This is done by the sender using the sender’s private key and the pre-defined digest function:

# using the sender's private key, generate a signature for the message
signature = from_party[:keypair].sign(conf[:digest_func], message)

Using the recipient’s public key, the sender will encrypt the plain text:

# messages are encrypted (by the sender) using the recipient's public key
encrypted = to_party[:pubkey].public_encrypt(message)

The recipient can now decrypt the message using their private key:

# messages are decrypted (by the recipient) using their private key
decrypted = to_party[:keypair].private_decrypt(encrypted)

Finally, the recipient can verify that the message is actually from the sender by checking the signature:

if from_party[:pubkey].verify(conf[:digest_func], signature, decrypted)
	puts "Verified!"
end

That’s all there is to it.

A full working gist that this article uses code from can be found here.

Using yield to create generators in python

Generators are python functions that act like iterators. This abstraction allows you to simplify a lot of your for-loop code, implement lazy evaluation and even create more intelligent value producing iterators.

In today’s post, I’ll go through a basic usage of the yield keyword; the generator that’s created as a result and how you can interact with this function type.

Prime number example

To produce the generator, I’ve written a function that will filter through numbers picking out prime numbers. The algorithm isn’t highly optimised. It’s quite crude/brute-force in its approach, but it’ll be enough for us to understand the generator function.

import math

def primes():
	ps, cur = [2], 3
	yield 2
	while True:
		y = int(math.sqrt(cur))
		c = next((x for x in ps if x < y and (cur % x) == 0), None)

		if c == None:
			yield cur
			ps.append(cur)

		cur += 2

We’re maintaining an internal list of primes that we’ve found. When we come across a potential candidate, we try to divide it by primes that we’ve already found. To cut down on the number of divides, we only go for numbers lower than the square root of the candidate.

Note the use of yield. As we call yield, this makes another value available in the iterator. You can see that this is an iterator that doesn’t end. Well, it will end - once the integer data type overflows. If we were using a data type that wasn’t susceptible to this type of overflow, we’d only be limited by the amount of memory in the machine.

Iterating

So, we’ve created what appears to be an infinite list. Testing it out in the REPL:

>>> ps = primes()
>>> ps
<generator object primes at 0x7fa1396e8af0>
>>> ps.next()
2
>>> ps.next()
3
>>> ps.next()
5
>>> ps.next()
7
>>> ps.next()
9
>>> ps.next()
11

ps is the generator, and we’re able to call the next function on it. As we do that, we progress through the iterator. We can start to work with ps now as if it were any other iterator.

Using a list comprehension, we can find the first 10 primes:

>>> ps = primes()
>>> [ps.next() for _ in xrange(1, 10)]
[2, 3, 5, 7, 9, 11, 13, 15, 17]

Using itertools we can get all of the prime numbers under 100:

>>> import itertools
>>> list(itertools.takewhile(lambda x: x < 100, primes()))
[2, 3, 5, 7, 9, 11, 13, 15, 17, 19, 23, 25, 29, 31, 35, 37, 41, 43, 47, 49, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97]

yield allows you to make generators which are the potential to create values, as opposed to the values themselves. It’s not until you start to iterate over the generator that the values start to materialise.

Exploring blocks in ruby

Ruby has a very cool feature called code blocks. Sometimes referred to as closures, code blocks are custom pieces (or blocks) of ruby code that you specify to functions that inject your code block whenever the yield keyword is used.

In today’s post, I’m just going to present a simple example and usage.

Source data

The example we’re going to use will be a Manager to Employee style relationship. A Person class is going to manage an array of Person objects that we’ll classify as staff for that person. Here’s the class definition:

class Person

	attr_reader :name, :position, :staff

	def initialize(name, position, staff=[])
		@name = name
		@position = position
		@staff = staff
	end

	def to_s
		@name + ' (' + @position + ') '
	end
end

So a Person will have a name, position and staff. Some sample data using this structure might look as follows:

bob = Person.new('Bob', 'Support Officer')
joe = Person.new('Joe', 'Support Officer')
mary = Person.new('Mary', 'Technology Director', [bob, joe])

Simple example

mary is the manager for joe and bob. Using the Array function each, we can use a code block to present each person to screen:

mary.staff.each do |p|
	puts "Mary is the manager for #{p}"
end

That’s our first code block. each will run our code block for every Person in mary’s staff array.

Another level

If we introduce ‘bill’ as the manager of the company:

bill = Person.new('Bill', 'Managing Director', [mary])

We can use each to look at Bill’s staff, which is just Mary at this stage. More interestingly, we could implement our own function on the Person class that shows all of that person’s descendants.

def descendants

	@staff.each do |s|
		yield s

		# recurse 
		s.descendants do |q|
			yield q
		end

	end

end

We’re going to call any code block specified to our descendants function for each of the staff that are managed by this Person object, but we’re also going to call each descendant’s descendants function so that we recurse down the tree.

We could augment this call slightly to also include the manager of the descendants:

def descendants

	@staff.each do |s|
		yield s

		# recurse 
		s.descendants do |q|
			yield q, s
		end

	end

end

This will supply a manager to the calling block, 1 level down from where we specify.

bill.descendants do |p, s|
	if s == nil
		puts "#{p} is managed by #{bill}"
	else
		puts "#{p} is managed by #{s}"
	end
end

This code here emits the following:

Mary (Technology Director)  is managed by Bill (Managing Director) 
Bob (Support Officer)  is managed by Mary (Technology Director) 
Joe (Support Officer)  is managed by Mary (Technology Director) 

Mary’s manager variable in the block comes through as nil as she’s a direct descendant of bill, so we handle this case in the block as opposed to in descendants.

You can specify as many parameters as you want in your yield. It’s your block’s responsibility to do something useful with them!

Other options

Within your function, you can test the block_given? property for a boolean that will determine if the calling code did or didn’t specify a block.

You can also have a parameter specified in your function &block which can be handy should you need to pass the block around.