New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tasks for getting OCaml-TLS working on Xen #242

Closed
avsm opened this Issue May 8, 2014 · 11 comments

Comments

Projects
None yet
7 participants
@avsm
Member

avsm commented May 8, 2014

Can create subissues as appropriate. We need at least:

  • get a good entropy source (dom0 /dev/random) and create frontend driver. See virtio-rng as example of interface.
  • mirage-http needs DNS resolution and client implemented
  • C bindings for the lightweight libgmp in mirage-platform
  • C bindings for block / stream ciphers and hash algorithms
  • server constructor in https://github.com/mirleft/ocaml-tls/blob/mirage/mirage/mirage_sig.ml (and associated FLOW module type support)
@hannesm

This comment has been minimized.

Member

hannesm commented May 8, 2014

C bindings for block / stream ciphers and hash algorithms are also needed (porting https://github.com/mirleft/ocaml-nocrypto (which should be updated to decent C implementations thereof))

@avsm

This comment has been minimized.

Member

avsm commented May 8, 2014

edited task list

@pqwy

This comment has been minimized.

Contributor

pqwy commented May 8, 2014

Nononono - what nocrypto needs is an entropy source and libgmp. It was designed to run on Xen with just that.

SHA C code is a little funky, but this in no way precludes it from running on Xen. The rest are decent implementations thereof from the get go.

( DES and AES are bare bit- and array-ops, while the hashing code - MD5 and SHA - uses string.h for memcpy/memset. Which I guess would be a breeze for MiniOS. Nothing in C does memory management directly and ARC4 is in OCaml. )

You might want to strike that off the list lest it confuses somebody.

@pqwy

This comment has been minimized.

Contributor

pqwy commented May 9, 2014

Step zero: glue the stack to mirage. There's a server example in there.

I could imagine a STACKV4 that would contain TLS just like it now contains TCPV4 or UDPV4. I could also imagine this submodule being configured statically (it's dynamic in the example), and maybe client- resp. server-creating functions throwing if their corresponding side is left unconfigured (like a client app without a private cert). It would look pretty exciting. 😸

Flow-like signature can't be matched until this is somehow resolved. Right now the functions take all the configuration when making connections. It could be made into module-state, with additional functions to tweak it, but IMHO that is pretty hackish.

Two salient glue points.

Very basic scaffold for building with Xen in there. It dies a horrible death when linking.

@avsm

This comment has been minimized.

Member

avsm commented Jul 10, 2014

See #265 for nocrypto

@dbuenzli

This comment has been minimized.

Contributor

dbuenzli commented Jul 10, 2014

The title of this issue should be renamed, it's confusing.

@hannesm hannesm changed the title from Tasks for getting OCaml SSL working on Xen to Tasks for getting OCaml-TLS working on Xen Jul 16, 2014

@samoht

This comment has been minimized.

Member

samoht commented Mar 16, 2015

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?

@amirmc

This comment has been minimized.

Member

amirmc commented Mar 16, 2015

Look back at the mirage call notes. I've likely linked to it from there. mirage-dev, maybe?

Best wishes,
Amir

sent via mobile

On 16 Mar 2015, at 15:37, Thomas Gazagnaire notifications@github.com wrote:

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?


Reply to this email directly or view it on GitHub.

@talex5

This comment has been minimized.

Contributor

talex5 commented Mar 16, 2015

This mirage-dev PR tracks the patches I needed to make it work: mirage/mirage-dev#52

@hannesm

This comment has been minimized.

Member

hannesm commented Jul 7, 2015

this is done now... closing

@hannesm hannesm closed this Jul 7, 2015

@amirmc

This comment has been minimized.

Member

amirmc commented Jul 7, 2015

💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment