Message 272516 - Python tracker (original) (raw)

Linux has a netlink-based user-space interface for Kernel cryptography. Kernel based crypto has a couple of advantages that are explained at http://www.chronox.de/libkcapi/html/ch01s02.html . The document doesn't mention that a crypto socket also supports splicing and sendfile. Files no longer have to be copied to user-space.

My experimental branch https://github.com/tiran/cpython/commits/feature/af_alg implements af_alg support. Example:

from socket import socket, AF_ALG, SOCK_SEQPACKET, SOL_ALG, ALG_SET_KEY from binascii import hexlify with socket(AF_ALG, SOCK_SEQPACKET, 0) as alg: alg.bind(('hash', 'hmac(sha512)')) alg.setsockopt(SOL_ALG, ALG_SET_KEY, b'key') op, _ = alg.accept() with open('/etc/passwd', 'rb') as f: op.sendfile(f) print(hexlify(op.recv(64))) op.close()