Samba and a crypto library
Andreas Schneider
asn at samba.org
Tue Nov 17 17:02:33 UTC 2015
Hello,
I'm currently working on migrating our MS-BRKP implementation to GnuTLS to get
rid of the Heimdal dependency for MIT Kerberos support. I've already migrated
everthing which is certificate related to GnuTLS. However there are SHA and
HMAC functions which are still used from Heimdal.
To do this I would like to add a depenency to a crypto library. As we are
already using GnuTLS for some parts of the could, I would like to use GNU
Nettle for the low level crypto stuff. GnuTLS depends on libnettle for the low
level crypto.
https://www.lysator.liu.se/~nisse/nettle/nettle.html
https://git.lysator.liu.se/nettle/nettle
The license is LGPLv3, GPLv2 and GPLv3.
The crypto operations are mostly written in assembler and also use cpu
optimized versions like aesni.
It is really up to date and implement state of the art crypto like chacha-
poly1305, Curve25519 etc. The development seems active and healthy.
If we agree I would also suggset not only to use it for MS-BRKP but also
replace lib/crypto in future.
Cheers,
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list