➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2022-03-23 19:30 by gregory.p.smith, last changed 2022-04-11 14:59 by admin.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 32173 | open | christian.heimes, 2022-03-29 10:29 | |
| PR 32176 | open | christian.heimes, 2022-03-29 15:34 | |
| Messages (6) | |||
|---|---|---|---|
| msg415896 - (view) | Author: Gregory P. Smith (gregory.p.smith) *  |
Date: 2022-03-23 19:30 | |
Linux kernels provide a CryptoAPI. This is a common place for platform specific hardware accelerated hash algorithms to be exposed to the user (especially on SoCs which often have non-standard hardware). https://www.kernel.org/doc/html/v4.10/crypto/userspace-if.html https://www.kernel.org/doc/html/v5.17/crypto/userspace-if.html https://www.chronox.de/libkcapi.html hashlib currently uses OpenSSL when possible for performance. We could also look at querying the kernel API. How to decide between the two implementations when both are present is something TBD. This would probably be best done via a configure time check for libkcapi? |
|||
| msg415899 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2022-03-23 19:45 | |
We don't need libkcapi. I added AF_ALG support a while ago:
import binascii
import os
import socket
with socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0) as cfgsock:
cfgsock.bind(("hash", "sha256"))
opsock, _ = cfgsock.accept()
with opsock:
with open("/etc/os-release") as f:
st = os.fstat(f.fileno())
# blindly assumes that sendfile() exhausts the fd.
os.sendfile(
opsock.fileno(), f.fileno(), offset=0, count=st.st_size
)
res = opsock.recv(512)
print(binascii.hexlify(res))
|
|||
| msg415901 - (view) | Author: Gregory P. Smith (gregory.p.smith) * |
Date: 2022-03-23 19:49 | |
Neat. I've never used the API, just filing a breadcrumb suggesting we see if it makes sense. Being I/O based, that even takes care of GIL releasing from Python. :) |
|||
| msg415903 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2022-03-23 19:54 | |
test_socket has examples for HMAC, AES-CBC, and AES-GCM.
with self.create_alg('hash', 'hmac(sha1)') as algo:
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
op, _ = algo.accept()
with op:
op.sendall(b"what do ya want for nothing?")
self.assertEqual(op.recv(512), expected)
|
|||
| msg415904 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2022-03-23 19:55 | |
And sendfile() is zero-copy. Data does not have to leave Kernel space. |
|||
| msg416251 - (view) | Author: Christian Heimes (christian.heimes) * |
Date: 2022-03-29 10:38 | |
I figured out how to implement copy(). dup() does not work as expected, but accept() on an AF_ALG client socket creates an independent copy. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:57 | admin | set | github: 91258 |
| 2022-03-29 15:34:13 | christian.heimes | set | pull_requests: + pull_request30253 |
| 2022-03-29 10:38:52 | christian.heimes | set | messages: + msg416251 |
| 2022-03-29 10:29:36 | christian.heimes | set | keywords:
+ patch stage: patch review pull_requests: + pull_request30251 |
| 2022-03-23 19:55:18 | christian.heimes | set | messages: + msg415904 |
| 2022-03-23 19:54:20 | christian.heimes | set | messages: + msg415903 |
| 2022-03-23 19:49:29 | gregory.p.smith | set | messages: + msg415901 |
| 2022-03-23 19:45:38 | christian.heimes | set | messages: + msg415899 |
| 2022-03-23 19:30:13 | gregory.p.smith | create | |