|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] public-key crypto in the hypervisor
On Wed, Oct 15, 2014 at 11:32:48AM +0800, Anh Dinh wrote: > I'm trying to write a hypercall that performs cryptographic operations > inside Xen hypervisor, namely doing public-key signing and verification. > > I notice "xen/crypto" contains only private-key implementations. I found > polarssl containing public-key opeartions are in "stubdom/", and rsa.c in > tools/firmware/etherboot/ipxe/ Today there is only a vmac implementation needed to support trusted boot in the hypervisor. The other implementations you found are not part of the hypervisor. > Both implementations depend on libc, which is not present in xen. How would > I port them to Xen? Is there a native RSA implementation for Xen? Normally porting system code like encryption algorithms to Xen is fairly straightforward, particularly if the original code is intended for an embedded environment. The crypto implementation in iPXE might look to depend on libc, but in fact all of the functions that it requires are implemented in a minimal libc that is part of iPXE itself. Similarly, Xen implements a subset of standard C functions like string functions (see xen/common/string.c). Several system libraries have been ported to Xen like LZO, lzma2, etc. You can look to them to see what kind of glue is required for running the code in the hypervisor. --msw _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |