I was borrowing ideas from Erlang/OTP for my X Erlang implementation as a matter of routine. Sometimes the shortcut did not work because I would not understand Erlang/OTP sources or would think they are too convoluted.
Erlang/OTP approach to crypto functions is a disappoinment. It uses external OpenSSL library through a port driver. Erlang has nice binary parsing, big numbers, hash function BIFs etc and all these are replicated in OpenSSL. Plus OpenSSL itlself is three times bigger than whole X Erlang.
Now I have a working TLS library with all cryptographic primitives implemented in Erlang. No OpenSSL or anything of its ilk. The exception are MD5 and SHA1 functions which are BIFs done in C. I barely believe when my TLS server makes its way through a jungle of TLS handshake calculations and starts shoveling application data.
I tesify, and give my oath, that TLS is implementable using RFC 2246 and RFC 2104 (and, of course, Wikipedia).
Erlang/OTP approach to crypto functions is a disappoinment. It uses external OpenSSL library through a port driver. Erlang has nice binary parsing, big numbers, hash function BIFs etc and all these are replicated in OpenSSL. Plus OpenSSL itlself is three times bigger than whole X Erlang.
Now I have a working TLS library with all cryptographic primitives implemented in Erlang. No OpenSSL or anything of its ilk. The exception are MD5 and SHA1 functions which are BIFs done in C. I barely believe when my TLS server makes its way through a jungle of TLS handshake calculations and starts shoveling application data.
I tesify, and give my oath, that TLS is implementable using RFC 2246 and RFC 2104 (and, of course, Wikipedia).
Posts
5 comments:
How's the performance vs OpenSSL?
I have not measured the performance as of yet. I had to move RC4 code to C because it created a fresh context structure for each byte received/sent. MD5,SHA1 and RC4 are in C now, RSA is still in Erlang. My goal was to create a TLS implementation with the smallest footprint. Performance was secondary. There is a room for improvement though. I heard RSA may be done quicker using something called Chinese Remainder Theorem. Need to have a look at it one day.
Thanks for your interest.
M
Maybe I need to look at older blogs, but what's up with the X Erlang implementation and why not just use OTP?
David, well, this is a million-dollar question... Why do people develop software when not paid to do so? Sometimes people implement a language to learn it. This is how X Erlang started.
I think OTP is bloated with many things needed only within narrow telecom domain. A complete X Erlang system is 2Mb in size.
I would claim it is more portable than OTP too. Recently, I have built it on my shiny new Mac. Nothing had to be changed except a couple of paths in Makefile.
Fair enough Max. OTP builds on a mac just fine for me. That said, you're correct, it's kind of big :-).
It apparently used to build on platforms with no MMU (well one, VxWorks), so it's pretty portable, (or used to be).
At any rate, it's a cool project, and I was just curious what motivated you to do this.
Post a Comment