[Toybox] features
Rob Landley
rob at landley.net
Mon Jun 9 05:57:21 PDT 2014
On 06/08/14 20:16, Isaac Dunham wrote:
> On Sun, Jun 08, 2014 at 11:51:04AM -0500, Rob Landley wrote:
>> I've dug into libtomcrypt and find it incomprehensible, but it's really
>> the libtommath part I'm having problems with. I need to write my own big
>> math library for bc, and the darn spec says it has to do cosine and
>> fractional exponents and such, which I dunno how to do off the top of my
>> head.
>
> hmmm. I know that's supposed to be covered in libtomfloat; not sure
> about the status of that (most likely not really clear).
It's there, it's just an awful lot of work to understand what it's
doing. (It's public domain code, I _want_ to use it. It's just... not
clearly written, with zero documentation.)
>>> I note also that there's yet another small ssh server, moussh:
>>> ftp.rodents-montreal.org/mouse/local/src/moussh
>>> The developer was at one point considering using some of the libtom*
>>> libraries; it currently needs gmp and a set of homegrown crypto libs.
>>> It does have one or two rather frightening notes: it requires a
>>> special preprocessor (included) or a version of gcc patched to support
>>> "labeled control structure", whatever that is.
>>>
>>> While we're talking about crypto, I might as well mention axtls.
>>> It's a small BSD-licensed TLS1 library that uses kconfig with perhaps
>>> too many options (what *FLAGS you want, which keys/certificates, openssl
>>> API, ...).
>>
>> Didn't musl have a wiki page collecting this sort of thing?
>
> Yes. It's
> http://wiki.musl-libc.org/wiki/Alternative_libraries#Crypto
> (and axtls is mentioned there).
Best to keep a single collection of information up to date, I expect...
>> To be honest, rsync is higher priority for me than any of this, and
>> _that_ is post-1.0. The big need for https is because wget and friends
>> kinda useless without it these days. kernel.org: https only.
>> twitter:https only. github: https only. And there are regular
>> announcements like:
>>
>> http://code.flickr.net/2014/04/30/flickr-api-going-ssl-only-on-june-27th-2014/
>>
>> Basically the NSA has convinced people that non-encrypted connections
>> are a categorical bad idea.
>
> FWIW: axtls includes axssl (afaict, equivalent to the ssl command, which is
> something similar to netcat/telnet but doing the encryption for you...)
> and axtlswrap, which is a reimplementation of sslwrap, which does the
> same job as stunnel (wrap socket connections to do ssl).
If there was a standard stunnel syntax I could just shell out to and
pipe data through, life would be good. Unfortunately, there doesn't seem
to be. (Especially not readily available to embedded developers, or
under a near-public-domain license.)
> On the other hand, their documentation is solely online, and there's no
> explanation of how to use axssl or axtlswrap: it only deals with library
> functions.
Lots of "components to make stuff" which turn out not to have all the
bits you need when you try. Few ready to go packages...
Oh well. Up until recently the rule of thumb in crypto was "experts
only", so that if you touched anything you'd be _mocked_ for breaking
some subtle thing (timing attacks!) with your ignorance.
When the NSA's over the top shenanigans got people past that and
actually doing code review en masse, they found buckets of "you may be a
good cryptographer but you're a lousy programmer" thinkos, and
everything's in flux right now.
Rob
More information about the Toybox
mailing list