Message272516
Linux has a netlink-based user-space interface for Kernel cryptography. Kernel based crypto has a couple of advantages that are explained at http://www.chronox.de/libkcapi/html/ch01s02.html . The document doesn't mention that a crypto socket also supports splicing and sendfile. Files no longer have to be copied to user-space.
My experimental branch https://github.com/tiran/cpython/commits/feature/af_alg implements af_alg support. Example:
from socket import socket, AF_ALG, SOCK_SEQPACKET, SOL_ALG, ALG_SET_KEY
from binascii import hexlify
with socket(AF_ALG, SOCK_SEQPACKET, 0) as alg:
alg.bind(('hash', 'hmac(sha512)'))
alg.setsockopt(SOL_ALG, ALG_SET_KEY, b'key')
op, _ = alg.accept()
with open('/etc/passwd', 'rb') as f:
op.sendfile(f)
print(hexlify(op.recv(64)))
op.close() |
|
Date |
User |
Action |
Args |
2016-08-12 10:21:30 | christian.heimes | set | recipients:
+ christian.heimes |
2016-08-12 10:21:30 | christian.heimes | set | messageid: <1470997290.77.0.995104201782.issue27744@psf.upfronthosting.co.za> |
2016-08-12 10:21:30 | christian.heimes | link | issue27744 messages |
2016-08-12 10:21:30 | christian.heimes | create | |
|