On 06/23/2014 03:04 AM, unixninja92 wrote: > Hi all, > > I've had a busy week. The Crypto API now has interfaces with working > with all the most recently used algorithms as well as many of the old > ones meeting my deadline of having the first version of the API done > by 6/24. I have written classes for Signing, Hashing, Authenticated > Symmetric Encryption, Key Exchange, and Message Authentication Codes. > It supports all sigs, hashs, and macs. The key exchange supports both > DH and ECDH and I working on adding JFK. For Symmetric Encryption it > currently supports AEAD/OCB/AES/128 both with the new nonce length and > the old one. I'm working on the other symmetric algs, but I'm not sure > how helpful it would be to move all the old ones to this API.
I'm happy to hear things are going well! I don't know enough to have a particularly informed opinion on whether moving old algorithms to the API makes sense, but it may be reason enough that it provides consistency in the location/entry points of crypto code. > I'm not sure if I should make a class for RNGs. If people think this > would be helpful I can do that. > > The next step is to write unit-tests and documentation. I am also > planning on submitting a patch for our OCB nonce length problem that > will let us upgrade Bouncy Castle to 150, and soon 151 which was just > had it's last beta released. I made a copy of the OCB class from BC149 > and put it in crypt. I added a boolean to the AEAD classes to decide > which version of OCB to use. While boolean flags do work, I don't think it scales well. Would it make sense to have unversioned AEAD classes that give the latest, with the option of explicitly requesting a version? Something like AEADInputStream vs. AEADInputStream_v149. Older versions could be deprecated and removed with time. Maybe an enum instead? > So far for JFK integration I have support for creating and processing > message1 and creating message 2. > > The MAC class supports both HMAC and Poly1305. I fixed verification of > both hashs and macs to use MessageDigest.isEqual instead of Arrays.* > methods. Good! I find it disturbing that it was using Arrays methods. > I've decided that I'm not going to use static methods in the API. This > will make it easier to upgrade algs in the future. Instead of having > to rewrite a bunch of code that uses static methods, all that needs to > change is the constructor. That makes sense.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
