tintinweb
commented
8 years ago 👍 lets give it a try on a separate branch and check if it breaks anything. I can test it on py26 with windows (at least easy_install was able to compile/install it :))
Closed alexmgr closed 8 years ago
tintinweb
commented
8 years ago 👍 lets give it a try on a separate branch and check if it breaks anything. I can test it on py26 with windows (at least easy_install was able to compile/install it :))
alexmgr
commented
8 years ago Already did.
It works mostly out of the box on *nix. Check pycryptodome branch if interested.
Will allow GCM/CCM mode for TLS1.3, + DSA kex.
tintinweb
commented
8 years ago I'll check that branch and report back.
alexmgr
commented
8 years ago GCM will require a refactor of CryptoContainer and TLSSecurityParameters.
Cipher intialization and state tracking has to move to the CryptoContainer, which will have to be subclassed per cipher modes... Not illogical in a sense, but have to introduce some kind of CryptoContainer factory to return the right instance for a given cipher mode and TLS version.
Guess we can have 2 CryptoContainers per TLSContext and go from there.
TLS implementation is such a mess. At least TLS 1.3 removes that stupid explicit IV idea.
alexmgr
commented
8 years ago OK, got GCM mode working for SHA-256 default PRF. Will send out a PR soon.
Will build on the PR for other PRFs.
alexmgr
commented
8 years ago Done as part of #77
pycryptodome provides a drop in replacement for pycrypto. It also supports GCM and CCM modes with the same interface, which would make it trivial to implement for us