I wrote on elliptic curves, and how to sustainable integrate the verified fiat software into and hannes.robur.coop/Posts/EC -- feedback welcome. Can't wait to finally write a suckless CA software as a unikernel :D

I found a test suite (wycheproof) for ECDSA which provides structured data (json), and integrated that into my current EC work <3 github.com/mirage/mirage-crypt -- unfortunately it is verify only -- is anyone aware of a ECDSA sign test suite of similar shape (structured data, lots of corner cases, eventually measuring constant time behaviour)?

the birds from riseup.net are running a great infrastructure since years, I just donated to them. see riseup.net/about-us/propaganda and donate riseup.net/donate :D

friday evening 22:00, and I finally have NIST P-256 ECDSA sign and verify up and running with test vectors in using no gmp (or other bignum libraries), but only proven (with Coq) code that does computations over p and n in constant time (using github.com/mit-plv/fiat-crypto) \o/

then I gave up, booted QubesOS and used WoeUSB (github.com/slacka/WoeUSB) -- highly recommended, works out of the box

Show thread

preparing a windows 10 boot stick on FreeBSD:
- learn that `dd if=iso of=/dev/da0` does not work
- learn that newfs_msdos can create a FAT32, but windows 10 installation has files > 4GB
- learn that mount_udf does not work with windows 10 iso -> but 7z e iso does
- sysutils/exfat-utils and fusefs-exfat are my friends now (I learned about exfat only today)

*fingers crossed*

@raichoo huch, das smart deli ist mittlerweile nicht mehr nur-vegan, sondern hat auch fisch und fleisch. ich bin ein bisschen verwundert, aber freue mich, da eben gegessen zu haben, tofu teriyaki, sooo lecker

hannes boosted

What the internet was like in the old days for a .

Also important to understand where the "pull requests" comes from ;)


ok, that was fun... developing a traceroute as MirageOS unikernel, and preserving the ttl and timestamp of sent packet inside the UDP header (well, 2 * 16 bit ports is enough for everyone, no) -- gist.github.com/hannesm/10ae02

next: figure control flow to properly terminate :)

DNS, a protocol that keeps on giving... any hints when "dig -k <my-key>" completes a zone transfer over multiple messages, and reports "WARNING -- Some TSIG could not be validated"? there are TSIG on each DNS message (and according to other software they validate) using the very same key provided to dig (if there's only a single message for the AXFR, dig validates and does not print the WARNING) -- help

woop, from the land:
- qubes-mirage-firewall supporting dynamic rules was released yesterday groups.google.com/forum/#!topi
- TLS 1.3 is released, and live at mirage.io/blog/tls-1-3-mirageo
- no clue what will be announced tomorrow ;)

hannes boosted
hannes boosted

No theory, no ready-made system, no book that has ever been written will save the world. I cleave to no system. I am a true seeker.
-- Mikhail Bakunin

#anarchism #quote #bot

on linux you also don't get bswap32/bswap64 from endian.h (and need some defines to get BYTE_ORDER), but there's then a byteswap.h where you can get bswap_32 from. I find the lack of standardisation disturbing in this area; and am happy that on the C compiler front its gcc and clang who need to agree on something to have it widely usable ;)

Show thread

I usually avoid writing C code, but if I do it should be cross-platform (Linux, BSD, macOS). Today's riddle was "byte swap" and "hto{le,be}{32,64}" functions, i.e. what normally is in endian.h (Linux) sys/endian.h (BSD) libkern/OSByteOrder.h (macOS).

After hours, I discovered __BYTE_ORDER__ and __builtin_bswapYY provided by the C compiler. They work great, no lengthly chains anymore.

Anything that speaks against them? Anyone uses a C compiler without them ("cc -dM -E - < /dev/null")?

Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!