[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] public-key crypto in the hypervisor

On Wed, Oct 15, 2014 at 11:32:48AM +0800, Anh Dinh wrote:
> I'm trying to write a hypercall that performs cryptographic operations
> inside Xen hypervisor, namely doing public-key signing and verification.
> I notice "xen/crypto" contains only private-key implementations. I found
> polarssl containing public-key opeartions are in "stubdom/", and rsa.c in
> tools/firmware/etherboot/ipxe/

Today there is only a vmac implementation needed to support trusted
boot in the hypervisor. The other implementations you found are not
part of the hypervisor.

> Both implementations depend on libc, which is not present in xen. How would
> I port them to Xen? Is there a native RSA implementation for Xen?

Normally porting system code like encryption algorithms to Xen is
fairly straightforward, particularly if the original code is intended
for an embedded environment. The crypto implementation in iPXE might
look to depend on libc, but in fact all of the functions that it
requires are implemented in a minimal libc that is part of iPXE
itself. Similarly, Xen implements a subset of standard C functions
like string functions (see xen/common/string.c).

Several system libraries have been ported to Xen like LZO, lzma2,
etc. You can look to them to see what kind of glue is required for
running the code in the hypervisor.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.