[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [avr-chat] µC/avr crypto lib

From: Daniel Otte
Subject: Re: [avr-chat] µC/avr crypto lib
Date: Thu, 24 Jul 2008 22:48:08 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; de; rv: Gecko/20080614 Thunderbird/ Mnenhy/

However I see a small problem. According to your wiki, you're using the GPLv3 
license. Most embedded developers will stay away from the GPL license unless 
there is an exception to allow linking to proprietary code without the 
proprietary code becoming GPL. See, for example, the license used for libgcc in 
the GCC project. AVR-LibC is licensed under the modified BSD license, which is 
a very liberal license and allows the user to do anything with the code. This 
allows users to use the AVR GCC toolchain, including the libraries, in 
commercial products.

As it stands, if you keep your library as GPLv3, this will effectively limit 
the potential set of users of your library to those people who just want to 
play around with the code, but not make any serious products from it.

If you are willing, I would suggest that you reconsider how you license you 
code to gain a wider audience.
I'm currently not sure which way to go. Primary I want to encourage other developers to make their projects open source. This is the reason why I chose GPLv3+ as license. I'm also considering to make the parts written by my on a "commercial" license which would allow usage of the code in closed source projects for a small fee. The alternative would be to use something like LGPL or BSD. The problem with this is that the community would not profit from other projects which would go open source neither could I profit from that for extending the library and porting it. Currently I'm interested in porting it to the 8051, Z80, Parallax propeller an Microchip PIC. But due to the fact that I'm a quite poor student, I'm currently not able to buy a development board for those microcontrollers (I'm actualy having trouble buying tobacco for my Nagrile).

Do you have any documentation on how you have verified your code? Do you have a 
publicly available test suite? It's easy to get bugs in writing any Crypto 
algorithms, so any reassurance that you can give users of your code will be 
extremely beneficial.
I do testing with the nessie testvectors (of which some are buggy [skipjack & noekeon indrect], I already notified the authors). I use the Makefile with "make tests" followed by "make $ALGO_FLASH". But for some algos there are no nessie testvector (A5/1 and XTEA for example). This is the reason why I'm still looking for some testvectors on the net. Camellia currently fails the tests.
I'm going to document the testing procedure in more detail in the near future.

  Daniel Otte

reply via email to

[Prev in Thread] Current Thread [Next in Thread]