[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] Compiling C components for mirage-xen

  • To: mirageos-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Hannes Mehnert <hannes@xxxxxxxxxxx>
  • Date: Thu, 14 Jan 2016 16:35:19 +0000
  • Delivery-date: Thu, 14 Jan 2016 16:35:43 +0000
  • List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>
  • Openpgp: id=11B5464249B5BD858FFF6328BC896588DF7C28EE

On 01/14/2016 15:23, Arnaud Sahuguet wrote:
> Naive question: for low-level primitives like crypto that require speed,
> when do you/we prefer native implementation (in C at the libOS level) vs
> OCaml implementation?

I prefer nearly always OCaml code.  In our nqsb-tls paper
(https://nqsb.io/nqsbtls-usenix-security15.pdf) there's in Section 4.2 a
brief description of nocrypto.

It uses allocation-free (and (data-dependent) loop free) C code for the
AES and SHA1/SHA2 cores.  The C code gets a source and destination byte
vector, as well as a key, and does only the bit twiddling.  The cipher
modes (CBC/CTR/GCM/CCM) are implemented in OCaml.


MirageOS-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.