TLS without cstruct

[dinosaure]

#493 rebased to include #495 & #496 plus an update of tls-async. The only remaining package about the no-cstruct move is tls-eio.

[art-w]

In case it helps, this patch 05b203e should provide the missing tls-eio :)

[hannesm]

this is great. I guess we need to rebase and wait for the x509 release. (plus then adapt lower bounds)

[art-w]

Nice rebase! The eio patch and a fix for the latest X509 breaking change (renaming of Authenticator functions) can be found at https://github.com/art-w/ocaml-tls/commits/no-cstruct/

[hannesm]

@dinosaure would you mind to pick @art-w commits here?

[hannesm]

it's likely I introduced this function, but from our learnings in MirageVPN, I guess we should re-visit the allocation and ownership stuff in this PR. The Strong.sub is super-expensive, and we should try to allocate the least possible.

This doesn't need to be in this PR, but before a release. We should as well benchmark the amount of handshakes and throughput before and after this change (with varying block sizes in send()). Not sure whether we have a suitable executable for this right now. Best to compare to OpenSSL on the same machine.

[hannesm]

allocation-wise likely a bad idea

[dinosaure]

What do you mean? We should use Bytes.to_string?

[hannesm]

no, the entire function and allocation discipline should be different. better to allocate a bytes once, and then filling it & passing offsets along. this requires, as mentioned, a pretty deep rewriting -- which brings the suggestion to first work on benchmarks (for the latest release - e2e, maybe similar to what @reynir worked on for MirageVPN -- but would be great if cstruct allocation could be part of the benchmark), to be able to compare with the changes in here and future changes.

[dinosaure]

better to allocate a bytes once

Not sure to understand again, the content of this buffer actually depends on the given argument (seq). We probably can pre-allocate a set of sequence_buf and use them then but not sure this is what you want. If I think in this way, it's related to the multicore usage than can be done with ocaml-tls. In such context, "allocate a bytes once" (globally? per-domain?) can be risky.

[hannesm]

oh, sorry for the misunderstanding. my intention is: we get some data to be sent out. now, instead of allocating a header for crypto, a header for tls, etc. - let's allocate once a buffer where the encrypted payload together with the protocol header has space. thus we won't need any other allocations, neither a concat or append. this is all local to a send_data operation, not global/per domain.

nothing for this pr, though.

[hannesm]

same, likely better without allocations, and xor_into

[hannesm]

do we need eqaf here?

[hannesm]

allocates, maybe we have a function in eqaf or define our own to have off and len params for eq?

[dinosaure]

I did a try about implementations of String.sub_equal (which does not guarantee the constant time as eqaf). My benchmark is available here: https://gist.github.com/dinosaure/7ef54e9431217435e3b81df890192b72. From my results (on AMD), the "naive" implementation (the Oracle one) is fast enough for the worst case. For readability, I will consider this implementation for ocaml-tls (into the lib/utils.ml file) than the other.

[dinosaure]

Actually, and according to my benchmark, it seems that an equal_sub which uses String.sub or an equal_sub which tries to iterate into given strings have the same performance. My conclusion is: even if we do a String.sub here, try to avoid this String.sub and try to directly read bytes and compare them is not faster than the String.sub...

[hannesm]

if I remember, we should be able to use a hash state since we never need the entire log data. this is for sure a separate PR.

[hannesm]

this is 10 string.sub. we can easily have fewer by using the offset and string.sub directly

[hannesm]

I think this is already pretty big, and we should work towards merging it. From my point of view, what is important:

• a benchmark comparing tls_version, ciphersuite, block size of write() calls of latest release and this PR (as a separate PR, to be merged before this PR
• have as well a script for that matrix using OpenSSL

Then we can compare and merge this PR and prepare performance improvements in subsequent changesets (e.g. allocate less). We as well have these decrypt/encrypt_into functions in mirage-crypto that we should use.

If someone would be eager to develop the benchmark, that'd speed up our release schedule:)

[hannesm]

I don't understand the tls-eio mdx failures... I see two options: remove it or someone who's into that stuff proposing a fix /cc @talex5 (who developed these bits)

[talex5]

I don't understand the tls-eio mdx failures

It doesn't seem to have much to do with tls-eio or mdx; just trying to load tls in utop no longer works:

$ utop
utop # #require "tls";;
Error: Reference to undefined compilation unit `Digestif'
Hint: This means that the interface of a module is loaded, but its implementation is not.
      Did you mean to load a compiled implementation of the module 
      using #load or by passing it as an argument to the toplevel?

[hannesm]

I don't understand the tls-eio mdx failures

It doesn't seem to have much to do with tls-eio or mdx; just trying to load tls in utop no longer works:

$ utop
utop # #require "tls";;
Error: Reference to undefined compilation unit `Digestif'
Hint: This means that the interface of a module is loaded, but its implementation is not.
      Did you mean to load a compiled implementation of the module 
      using #load or by passing it as an argument to the toplevel?

thanks for your investigation. @dinosaure is it known and is there a workaround for digestif not being loadable into ocaml toplevel (due to virtual library?)?

[dinosaure]

thanks for your investigation. @dinosaure is it known and is there a workaround for digestif not being loadable into ocaml toplevel (due to virtual library?)?

You need to load an implementation of digestif. digestif.c or digestif.ocaml. But in my opinion, maybe we should reconsider mdx in the tests. I've already seen mdx related errors in the release process of some libraries and it's a burden that shouldn't fall on the ocaml-tls maintainers.

[hannesm]

force-pushed on top of main (#500 was merged), and fixed speed.ml