subject:"\[issue47102\] explore hashlib use of the Linux Kernel CryptoAPI"

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-29 Thread Christian Heimes



Change by Christian Heimes :


--
pull_requests: +30253
pull_request: https://github.com/python/cpython/pull/32176

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-29 Thread Christian Heimes



Christian Heimes  added the comment:

I figured out how to implement copy(). dup() does not work as expected, but 
accept() on an AF_ALG client socket creates an independent copy.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-29 Thread Christian Heimes



Change by Christian Heimes :


--
keywords: +patch
pull_requests: +30251
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/32173

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-23 Thread Christian Heimes



Christian Heimes  added the comment:

And sendfile() is zero-copy. Data does not have to leave Kernel space.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-23 Thread Christian Heimes



Christian Heimes  added the comment:

test_socket has examples for HMAC, AES-CBC, and AES-GCM.

with self.create_alg('hash', 'hmac(sha1)') as algo:
algo.setsockopt(socket.SOL_ALG, socket.ALG_SET_KEY, b"Jefe")
op, _ = algo.accept()
with op:
op.sendall(b"what do ya want for nothing?")
self.assertEqual(op.recv(512), expected)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-23 Thread Gregory P. Smith



Gregory P. Smith  added the comment:

Neat. I've never used the API, just filing a breadcrumb suggesting we see if it 
makes sense. Being I/O based, that even takes care of GIL releasing from 
Python. :)

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-23 Thread Christian Heimes



Christian Heimes  added the comment:

We don't need libkcapi. I added AF_ALG support a while ago:

import binascii
import os
import socket

with socket.socket(socket.AF_ALG, socket.SOCK_SEQPACKET, 0) as cfgsock:
cfgsock.bind(("hash", "sha256"))
opsock, _ = cfgsock.accept()
with opsock:
with open("/etc/os-release") as f:
st = os.fstat(f.fileno())
# blindly assumes that sendfile() exhausts the fd.
os.sendfile(
opsock.fileno(), f.fileno(), offset=0, count=st.st_size
)
res = opsock.recv(512)
print(binascii.hexlify(res))

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

2022-03-23 Thread Gregory P. Smith



New submission from Gregory P. Smith :

Linux kernels provide a CryptoAPI. This is a common place for platform specific 
hardware accelerated hash algorithms to be exposed to the user (especially on 
SoCs which often have non-standard hardware).

https://www.kernel.org/doc/html/v4.10/crypto/userspace-if.html
https://www.kernel.org/doc/html/v5.17/crypto/userspace-if.html
https://www.chronox.de/libkcapi.html

hashlib currently uses OpenSSL when possible for performance.  We could also 
look at querying the kernel API.  How to decide between the two implementations 
when both are present is something TBD.

This would probably be best done via a configure time check for libkcapi?

--
messages: 415896
nosy: christian.heimes, gregory.p.smith
priority: normal
severity: normal
status: open
title: explore hashlib use of the Linux Kernel CryptoAPI
type: enhancement

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

[issue47102] explore hashlib use of the Linux Kernel CryptoAPI

8 matches

Site Navigation

Mail list logo

Footer information