tinc devel - Sep 2007 - other crypto apis

Hi

I'd like to make tincd work with other crypto apis than openssl/ 
libcrypt. I've learned from the subversion repository that an effort  
was started to port it to gnu-tls. I for myself would like to get  
tincd linking against xyssl (1) because it is very lightweight and  
thus an adequate option on devices with little memory and disk/flash  
space, i.e. embedded systems. Now i'm browsing the sourcecode from  
1.1 branch and i'm tempted to isolate everything which is looking  
like crypto stuff to a separate file and defining some wrapper  
functions resulting in an abstraction layer.

 From 2.0 README i learn that openssl should be dropped in favour of  
gnutls and gnucrypt. I think this might be a good chance to  
modularize this part of tinc, so poeple/distributors may choose from  
different crypto/auth backends.

Now my two questions:
- Is it worth investing a great effort into tinc 1.1 and create some  
abstraction layer?
- Any chances to get something like this into 2.0? Is this branch  
already in active development or is it a still stub?

Cheers,
Lorenz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url :
http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20070902/b062c2fe/attachment.pgp

On 02.09.2007, at 15:25, Lorenz Schori wrote:

> - Is it worth investing a great effort into tinc 1.1 and create  
> some abstraction layer?
>
Silly me, i was looking at trunk. The crypt abstraction is already  
done in 1.1. Great!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url :
http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20070902/c2180563/attachment.pgp

On Sun, Sep 02, 2007 at 03:25:44PM +0200, Lorenz Schori wrote:
> I'd like to make tincd work with other crypto apis than
openssl/libcrypt.
> I've learned from the subversion repository that an effort was started
to
> port it to gnu-tls. I for myself would like to get tincd linking against 
> xyssl (1) because it is very lightweight and thus an adequate option on 
> devices with little memory and disk/flash space, i.e. embedded systems. Now
> i'm browsing the sourcecode from 1.1 branch and i'm tempted to
isolate
> everything which is looking like crypto stuff to a separate file and 
> defining some wrapper functions resulting in an abstraction layer.
>
> From 2.0 README i learn that openssl should be dropped in favour of gnutls 
> and gnucrypt. I think this might be a good chance to modularize this part 
> of tinc, so poeple/distributors may choose from different crypto/auth 
> backends.
>
> Now my two questions:
> - Is it worth investing a great effort into tinc 1.1 and create some 
> abstraction layer?
Yes, but most of the abstraction is already done. Just make a new
directory src/xyssl/, and copy the files from src/gcrypt/. Then you just
need to change those files to use xyssl instead of libgcrypt. The
function declarations in the header files must be the same, but you can
change the structures (rsa_t and digest_t).
> - Any chances to get something like this into 2.0? Is this branch already 
> in active development or is it a still stub?
2.0 was supposed to be a complete reimplementation. However, it was
decided that it would be better to work towards 2.0 with small changes.
The 1.1 branch will be compatible with 1.0, but with as many 2.0 ideas
without breaking that compatibility. Once 1.1 is finished we will move
on to 2.0. For now, 1.1 is in active development, and 2.0 is indeed a
stub.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20070902/2102fa28/attachment.pgp