Add pyca/cryptography backend #303
Labels
complex
Issues that require good knowledge of tlslite-ng internals or cryptography
enhancement
new feature to be implemented
help wanted
Milestone
Comments
tomato42
added
enhancement
|
Is this being worked on? Really all cryptographic tasks should be delegated to other libraries since this project core is the TLS protocol. |
|
it's not, and while the core of the project is TLS, the second goal is portability, which we don't get by depending unconditionally on other libraries |
|
TLSLite has defined interfaces for all these algorithms? What is the integration complexity? |
|
yes, it has interfaces for most of them
Not very high, here's an example of using M2Crypto for aes-cbc: https://github.com/tlsfuzzer/tlslite-ng/blob/master/tlslite/utils/openssl_aes.py |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/pyca/cryptography provides a lot of algorithms we use. Implement backends to those algorithms:
gmpy2should give faster code than pyca/cryptography but side-channel vulnerable)in general, it would be nice to first implement #309, so that we can see if and when the backends are used (and if use of them is not counter-productive – while using code that is side-channel secure but is, say, 2 times slower than the alternative side-channel insecure code is most-likely ok, using secure code that is 10 times slower, is not a good trade
checking if it works with version of pyca/cryptography present in CentOS/EPEL would also be nice in travis
The text was updated successfully, but these errors were encountered: