Thursday, September 17, 2015

opmsg BoringSSL tests

Recently tested opmsg against G's fork of OpenSSL, named BoringSSL.

Thats more of a smoke test rather than a recommended
setup. BoringSSL is downstripped and does not provide
certain algorithms like ripmed or blowfish. It is
also missing the brainpool EC curves. It also does
not offer the CFB modes for any of their block cipher
algorithms. Some functions for EC-POINT conversions have
had to be re-implemented. After that, it cleanly builds
with BoringSSL.

If you know what you are doing (e.g. not using any
missing mentioned algorithms or modes from above)
AND you dont have peers that use brainpool EC curves,
you may use opmsg linked against BoringSSL.

The main reason for G was most likely to be upper
hand for new algorithms like ChaCha20 from DJB which
is optimized for (embedded) software such as on
smartphone SoC's which are missing native crypto instructions like AES-NI. So they dont need to wait for other projects
to add support for it.
Yet, its still not feasible for me to add ChaCha20
to opmsg as standard OpenSSL is not yet supporting it.

If you have a short link to the OpenSSL project, ask them
to add ChaCha20+Poly1305 to master (its already in a
special fork) :)

No comments: