Mark Atwood said: > On the other other other hand, can we have a Python binding on the C crypto > routines that ntpd uses?
The ntpd code gets crypto from OpenSSL's libcrypto. We could write a wrapper for libcrypto. The API is reasonably clean. (or at least the parts we use.) I'm a bit surprised that one doesn't already exist but I didn't find one with more than a little poking around. The code we use is in: libntp/macencrypt.c There are separate routines for old digest mode and new CMAC mode using AES. Looks like the current python code gets crypto from hashlib which is part of python libs. It doesn't include AES. Since AES has been out for ages, I assume that lack of support is an indication that hashlib is (somewhat?) deprecated. ---------- pyca/pyopenssl seems like the python way to get to OpenSSL https://github.com/pyca/pyopenssl https://www.pyopenssl.org/en/stable/ That suggests pyca/crytography https://github.com/pyca/cryptography https://cryptography.io/en/latest/ I looked a little, but didn't see exactly what I was looking for. I'm pretty sure I could make it work. ---------- pycryptodome seems like a reasonable choice. It's a bit more complicated that a simple pip install. We should be able to write the code so that AES doesn't work if not installed. From https://pycryptodome.readthedocs.io/en/latest/src/installation.html One must avoid having both PyCrypto and PyCryptodome installed at the same time, as they will interfere with each other. Then it goes on with the alternate recipe. I think this is will be the first/only use of pip in buildprep. Somebody smarter than me will have to sort that out. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
