UnsoundPureKES and DirectSerialise API #504
Open
+1,279
−36
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This introduces two changes that are needed for introducing mlocked KES into ouroboros-consensus and implementing a KES agent:
DirectSerialise
API, an abstraction that allows us to send key data over a socket connection directly from mlocked memory, without using any intermediate variables on the GHC heap that might leak secrets to diskUnsoundPureKES
; this is necessary for a minimally disruptive migration path in ouroboros-consensus. We will use this API to keep the existing code, loading KES keys from disk, available, while adding KES agent connectivity (which will use mlocked memory throughout) as an alternative. Until all non-mlocked KES usage has been phased out, we will need to keep theUnsoundPureKES
API around.Checklist
CHANGELOG.md
for the affected packages.New section is never added with the code changes. (See RELEASING.md)
.cabal
andCHANGELOG.md
files according to theversioning process.
.cabal
files for all affected packages are updated.If you change the bounds in a cabal file, that package itself must have a version increase. (See RELEASING.md)