HMaker
commented
2 years ago Is this being worked on? Really all cryptographic tasks should be delegated to other libraries since this project core is the TLS protocol.
Open tomato42 opened 5 years ago
HMaker
commented
2 years ago Is this being worked on? Really all cryptographic tasks should be delegated to other libraries since this project core is the TLS protocol.
tomato42
commented
2 years ago it's not, and while the core of the project is TLS, the second goal is portability, which we don't get by depending unconditionally on other libraries
HMaker
commented
2 years ago TLSLite has defined interfaces for all these algorithms? What is the integration complexity?
tomato42
commented
2 years ago yes, it has interfaces for most of them
What is the integration complexity?
Not very high, here's an example of using M2Crypto for aes-cbc: https://github.com/tlsfuzzer/tlslite-ng/blob/master/tlslite/utils/openssl_aes.py
https://github.com/pyca/cryptography provides a lot of algorithms we use. Implement backends to those algorithms:
gmpy2should give faster code than pyca/cryptography but side-channel vulnerable)in general, it would be nice to first implement #309, so that we can see if and when the backends are used (and if use of them is not counter-productive – while using code that is side-channel secure but is, say, 2 times slower than the alternative side-channel insecure code is most-likely ok, using secure code that is 10 times slower, is not a good trade
checking if it works with version of pyca/cryptography present in CentOS/EPEL would also be nice in travis