Tasks for getting OCaml-TLS working on Xen #242

Closed
avsm opened this Issue May 8, 2014 · 11 comments

Comments

Projects
None yet
7 participants
@avsm
Owner

avsm commented May 8, 2014

Can create subissues as appropriate. We need at least:

  • get a good entropy source (dom0 /dev/random) and create frontend driver. See virtio-rng as example of interface.
  • mirage-http needs DNS resolution and client implemented
  • C bindings for the lightweight libgmp in mirage-platform
  • C bindings for block / stream ciphers and hash algorithms
  • server constructor in https://github.com/mirleft/ocaml-tls/blob/mirage/mirage/mirage_sig.ml (and associated FLOW module type support)
@hannesm

This comment has been minimized.

Show comment Hide comment
@hannesm

hannesm May 8, 2014

Owner

C bindings for block / stream ciphers and hash algorithms are also needed (porting https://github.com/mirleft/ocaml-nocrypto (which should be updated to decent C implementations thereof))

Owner

hannesm commented May 8, 2014

C bindings for block / stream ciphers and hash algorithms are also needed (porting https://github.com/mirleft/ocaml-nocrypto (which should be updated to decent C implementations thereof))

@avsm

This comment has been minimized.

Show comment Hide comment
@avsm

avsm May 8, 2014

Owner

edited task list

Owner

avsm commented May 8, 2014

edited task list

@pqwy

This comment has been minimized.

Show comment Hide comment
@pqwy

pqwy May 8, 2014

Contributor

Nononono - what nocrypto needs is an entropy source and libgmp. It was designed to run on Xen with just that.

SHA C code is a little funky, but this in no way precludes it from running on Xen. The rest are decent implementations thereof from the get go.

( DES and AES are bare bit- and array-ops, while the hashing code - MD5 and SHA - uses string.h for memcpy/memset. Which I guess would be a breeze for MiniOS. Nothing in C does memory management directly and ARC4 is in OCaml. )

You might want to strike that off the list lest it confuses somebody.

Contributor

pqwy commented May 8, 2014

Nononono - what nocrypto needs is an entropy source and libgmp. It was designed to run on Xen with just that.

SHA C code is a little funky, but this in no way precludes it from running on Xen. The rest are decent implementations thereof from the get go.

( DES and AES are bare bit- and array-ops, while the hashing code - MD5 and SHA - uses string.h for memcpy/memset. Which I guess would be a breeze for MiniOS. Nothing in C does memory management directly and ARC4 is in OCaml. )

You might want to strike that off the list lest it confuses somebody.

@pqwy

This comment has been minimized.

Show comment Hide comment
@pqwy

pqwy May 9, 2014

Contributor

Step zero: glue the stack to mirage. There's a server example in there.

I could imagine a STACKV4 that would contain TLS just like it now contains TCPV4 or UDPV4. I could also imagine this submodule being configured statically (it's dynamic in the example), and maybe client- resp. server-creating functions throwing if their corresponding side is left unconfigured (like a client app without a private cert). It would look pretty exciting. 😸

Flow-like signature can't be matched until this is somehow resolved. Right now the functions take all the configuration when making connections. It could be made into module-state, with additional functions to tweak it, but IMHO that is pretty hackish.

Two salient glue points.

Very basic scaffold for building with Xen in there. It dies a horrible death when linking.

Contributor

pqwy commented May 9, 2014

Step zero: glue the stack to mirage. There's a server example in there.

I could imagine a STACKV4 that would contain TLS just like it now contains TCPV4 or UDPV4. I could also imagine this submodule being configured statically (it's dynamic in the example), and maybe client- resp. server-creating functions throwing if their corresponding side is left unconfigured (like a client app without a private cert). It would look pretty exciting. 😸

Flow-like signature can't be matched until this is somehow resolved. Right now the functions take all the configuration when making connections. It could be made into module-state, with additional functions to tweak it, but IMHO that is pretty hackish.

Two salient glue points.

Very basic scaffold for building with Xen in there. It dies a horrible death when linking.

@avsm

This comment has been minimized.

Show comment Hide comment
@avsm

avsm Jul 10, 2014

Owner

See #265 for nocrypto

Owner

avsm commented Jul 10, 2014

See #265 for nocrypto

@dbuenzli

This comment has been minimized.

Show comment Hide comment
@dbuenzli

dbuenzli Jul 10, 2014

Contributor

The title of this issue should be renamed, it's confusing.

Contributor

dbuenzli commented Jul 10, 2014

The title of this issue should be renamed, it's confusing.

@hannesm hannesm changed the title from Tasks for getting OCaml SSL working on Xen to Tasks for getting OCaml-TLS working on Xen Jul 16, 2014

@samoht

This comment has been minimized.

Show comment Hide comment
@samoht

samoht Mar 16, 2015

Owner

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?

Owner

samoht commented Mar 16, 2015

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?

@amirmc

This comment has been minimized.

Show comment Hide comment
@amirmc

amirmc Mar 16, 2015

Owner

Look back at the mirage call notes. I've likely linked to it from there. mirage-dev, maybe?

Best wishes,
Amir

sent via mobile

On 16 Mar 2015, at 15:37, Thomas Gazagnaire notifications@github.com wrote:

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?


Reply to this email directly or view it on GitHub.

Owner

amirmc commented Mar 16, 2015

Look back at the mirage call notes. I've likely linked to it from there. mirage-dev, maybe?

Best wishes,
Amir

sent via mobile

On 16 Mar 2015, at 15:37, Thomas Gazagnaire notifications@github.com wrote:

This seem quite outdated. Where is the issue tracking the integration of TLS on Xen?


Reply to this email directly or view it on GitHub.

@talex5

This comment has been minimized.

Show comment Hide comment
@talex5

talex5 Mar 16, 2015

Contributor

This mirage-dev PR tracks the patches I needed to make it work: mirage/mirage-dev#52

Contributor

talex5 commented Mar 16, 2015

This mirage-dev PR tracks the patches I needed to make it work: mirage/mirage-dev#52

@hannesm

This comment has been minimized.

Show comment Hide comment
@hannesm

hannesm Jul 7, 2015

Owner

this is done now... closing

Owner

hannesm commented Jul 7, 2015

this is done now... closing

@hannesm hannesm closed this Jul 7, 2015

@amirmc

This comment has been minimized.

Show comment Hide comment
@amirmc

amirmc Jul 7, 2015

Owner

💯

Owner

amirmc commented Jul 7, 2015

💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment