[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] vchan hackers wanted for mirage-entropy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Hello,

in order to move OCaml-TLS onto Xen, there is one bit missing which I
neither know in detail nor have the time to deal with.
How to get entropy into a Mirage unikernel. The startup sequence is
rather deterministic, and we don't want to require a RW object store
to keep the seed (best practises in the UNIX world).

Instead we would like to proxy /dev/urandom from dom0 into the
unikernel to seed our random number generator.

The interface is already there:
https://github.com/mirage/mirage/blob/master/types/V1.mli#L75
There is also an implementation for Xen, but this uses very weak entropy:
https://github.com/mirage/mirage-entropy/tree/master/xen


Some related work I found was virtio-rng
(https://fedoraproject.org/wiki/Features/Virtio_RNG) which is supposed
to work on Xen as well
(http://wiki.xen.org/wiki/Virtio_On_Xen) -- but this might very likely
be overengineered for our purposes.

We (well, David) already have a state of the art random number
generator implemented (Fortuna, design by Schneier + Ferguson) here:
https://github.com/mirleft/ocaml-nocrypto/blob/master/src/fortuna.mli


If someone could give that a try, it'd speed up to get mirage-tls into
a usable state.


Thanks,

Hannes
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCQAGBQJUbMqxAAoJELyJZYjffCjuaMMQAIH+9Q+t8Vr+x5DJFEX2nwFd
xljxICmmrU2hNrKf0c3qv4b/tJvs9VrHLR93eM6meTu5aesyu8mJjMxJByowePBA
mrL6y28SHnDrytfYDntWdNhlgCNch5d0HCsb3LmiE1TTY08ksn7BvDF1RiaTi1YJ
2BSsSrMnWdef+hd9U9yv4d8IqieBBK5JmAY9edkLzB9YYZySNkPVjnnWRb3UmNH1
0QvKnt+mO1T7R4GRix/YiSw97Too75u4hKP3ENSMrNZDax8OHu979F0JBxqfV8UI
SsnNzvZ2Kve+1VfA/3ZJmvieBVPhq22EWkULJPXP3YMh1EQEG9UgIA3JxTg1WX6d
rmLDjwOBDX35tnzC3MSRBFAbiNs+U0BE4DJINTRAdza74l4FRvpNaXrDY7DKvnXP
CvETZ7xdnyO9a3G2zGrcU0kzC2XyePvwHa5ORJpuY8R3f3yvXDO761aQN27Npcs/
GAvNCPp4iwyqYmEaGOQ5DzWYYP8dzo+ZRSXBWgIlnKNPOYof8Xn8gjQ06HyZ4ZrB
Yg8kIeoSFxhsLL5Kr8tRkIn1I2ruy1/h9BKR0PmhIlPXBxhVkhfne2aUAjMqvKir
DSu1AKssucGhbSe0XgLEV6pdGrf+5+mJnnpMZzoZvGXAZjyMDy9LTsUAkXP/CHYH
SdxLRj15TylPbNNkJYLQ
=SZPh
-----END PGP SIGNATURE-----

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.