Open tomato42 opened 5 years ago
Is this being worked on? Really all cryptographic tasks should be delegated to other libraries since this project core is the TLS protocol.
it's not, and while the core of the project is TLS, the second goal is portability, which we don't get by depending unconditionally on other libraries
TLSLite has defined interfaces for all these algorithms? What is the integration complexity?
yes, it has interfaces for most of them
What is the integration complexity?
Not very high, here's an example of using M2Crypto for aes-cbc: https://github.com/tlsfuzzer/tlslite-ng/blob/master/tlslite/utils/openssl_aes.py
https://github.com/pyca/cryptography provides a lot of algorithms we use. Implement backends to those algorithms:
gmpy2
should give faster code than pyca/cryptography but side-channel vulnerable)in general, it would be nice to first implement #309, so that we can see if and when the backends are used (and if use of them is not counter-productive – while using code that is side-channel secure but is, say, 2 times slower than the alternative side-channel insecure code is most-likely ok, using secure code that is 10 times slower, is not a good trade
checking if it works with version of pyca/cryptography present in CentOS/EPEL would also be nice in travis