Author christian.heimes
Recipients christian.heimes
Date 2016-08-12.10:21:30
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1470997290.77.0.995104201782.issue27744@psf.upfronthosting.co.za>
In-reply-to
Content
Linux has a netlink-based user-space interface for Kernel cryptography. Kernel based crypto has a couple of advantages that are explained at http://www.chronox.de/libkcapi/html/ch01s02.html . The document doesn't mention that a crypto socket also supports splicing and sendfile. Files no longer have to be copied to user-space.

My experimental branch https://github.com/tiran/cpython/commits/feature/af_alg implements af_alg support. Example:

from socket import socket, AF_ALG, SOCK_SEQPACKET, SOL_ALG, ALG_SET_KEY
from binascii import hexlify
with socket(AF_ALG, SOCK_SEQPACKET, 0) as alg:
    alg.bind(('hash', 'hmac(sha512)'))
    alg.setsockopt(SOL_ALG, ALG_SET_KEY, b'key')
    op, _ = alg.accept()
    with open('/etc/passwd', 'rb') as f:
        op.sendfile(f)
    print(hexlify(op.recv(64)))
    op.close()
History
Date User Action Args
2016-08-12 10:21:30christian.heimessetrecipients: + christian.heimes
2016-08-12 10:21:30christian.heimessetmessageid: <1470997290.77.0.995104201782.issue27744@psf.upfronthosting.co.za>
2016-08-12 10:21:30christian.heimeslinkissue27744 messages
2016-08-12 10:21:30christian.heimescreate