[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Change by Christian Heimes :


--
resolution:  -> fixed
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

By the way problem with AES-GCM is tracked in 
https://bugs.python.org/issue29324 . It was caused in a Kernel API change. Jan 
has provided a fix. I need to find some spare time to dig into Kernel sources 
and verify the patch.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

I'll look into the matter and push a fix after the migration to github today.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[STINNER Victor]

STINNER Victor added the comment:

What is the status of this issue? test_aead_aes_gcm() fails on my Fedora 25 
(Python: default branch).

haypo@selma$ cat /etc/fedora-release 
Fedora release 25 (Twenty Five)
haypo@selma$ uname -r
4.9.5-200.fc25.x86_64

test test_socket failed -- Traceback (most recent call last):
  File "/home/haypo/prog/python/default/Lib/test/support/__init__.py", line 
556, in wrapper
return func(*args, **kw)
  File "/home/haypo/prog/python/default/Lib/test/test_socket.py", line 5515, in 
test_aead_aes_gcm
res = op.recv(assoclen + len(plain) + taglen)
OSError: [Errno 22] Invalid argument

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian H]

Changes by Christian H :


--
nosy: +Christian H

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset a951f8f30922 by Victor Stinner in branch 'default':
Cleanup socketmodule.c
https://hg.python.org/cpython/rev/a951f8f30922

New changeset 3a6917c73857 by Victor Stinner in branch 'default':
socket: Fix memory leak in sendmsg() and sendmsg_afalg()
https://hg.python.org/cpython/rev/3a6917c73857

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset 55d77f5a7cb3 by Christian Heimes in branch 'default':
Issue 27744: test_aes_cbc is blocking x86-64 Ubuntu 15.10 Skylake CPU 3.x for a 
while. Require Kernel 4.3+ for now
https://hg.python.org/cpython/rev/55d77f5a7cb3

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

x86-64 Ubuntu 15.10 Skylake CPU 3.x is still blocking. It looks like I have to 
add another workaround for a Ubuntu quirk.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Xiang Zhang]

Xiang Zhang added the comment:

My PC is Ubuntu15.10, kernel 4.2, though CPU not Skylake. Everything works fine.

test_aead_aes_gcm (test.test_socket.LinuxKernelCryptoAPI) ... skipped "('[Errno 
2] No such file or directory', 'aead', 'gcm(aes)')"
test_aes_cbc (test.test_socket.LinuxKernelCryptoAPI) ... ok
test_drbg_pr_sha256 (test.test_socket.LinuxKernelCryptoAPI) ... ok
test_hmac_sha1 (test.test_socket.LinuxKernelCryptoAPI) ... ok
test_sendmsg_afalg_args (test.test_socket.LinuxKernelCryptoAPI) ... ok
test_sha256 (test.test_socket.LinuxKernelCryptoAPI) ... ok

--
nosy: +xiang.zhang

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

Some distributions mess with the Kernel or disable user-space crypto. I have 
added some tweaks and fixed a couple of buildbots. I don't know what is going 
on with x86-64 Ubuntu 15.10 Skylake CPU. It's a Kernel 4.2 machine and should 
support AES-CBC.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset e3b83bfa02c5 by Christian Heimes in branch 'default':
Issue 27744: skip test if AF_ALG socket bind fails
https://hg.python.org/cpython/rev/e3b83bfa02c5

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[STINNER Victor]

STINNER Victor added the comment:

> Also, the Gentoo buildbots fail:
> http://buildbot.python.org/all/builders/x86%20Gentoo%20Non-Debug%20with%20X%203.x/builds/1368/steps/test/logs/stdio
> ==
> ERROR: test_aead_aes_gcm (test.test_socket.LinuxKernelCryptoAPI)

It's Linux 4.4.6. configure says "checking for sockaddr_alg... yes".

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Martin Panter]

Martin Panter added the comment:

Also, the Gentoo buildbots fail:
http://buildbot.python.org/all/builders/x86%20Gentoo%20Non-Debug%20with%20X%203.x/builds/1368/steps/test/logs/stdio
==
ERROR: test_aead_aes_gcm (test.test_socket.LinuxKernelCryptoAPI)
--
Traceback (most recent call last):
  File 
"/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/support/__init__.py",
 line 523, in wrapper
return func(*args, **kw)
  File 
"/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/test_socket.py",
 line 5428, in test_aead_aes_gcm
with self.create_alg('aead', 'gcm(aes)') as algo:
  File 
"/buildbot/buildarea/3.x.ware-gentoo-x86.nondebug/build/Lib/test/test_socket.py",
 line 5346, in create_alg
sock.bind((typ, name))
FileNotFoundError: [Errno 2] No such file or directory

Similar failures for test_aes_cbc test_drbg_pr_sha256 test_hmac_sha1 
test_sha256.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Martin Panter]

Martin Panter added the comment:

Despite the last changes, test_aes_cbc() hangs for fifteen minutes:
http://buildbot.python.org/all/builders/x86-64%20Ubuntu%2015.10%20Skylake%20CPU%203.x/builds/1298/steps/test/logs/stdio
running: test_socket (900 sec)
0:28:47 [332/402] test_socket crashed
Timeout (0:15:00)!
Thread 0x7f2843d94700 (most recent call first):
  File 
"/home/buildbot/buildarea/3.x.intel-ubuntu-skylake/build/Lib/test/test_socket.py",
 line 5389 in test_aes_cbc
  File 
"/home/buildbot/buildarea/3.x.intel-ubuntu-skylake/build/Lib/test/support/__init__.py",
 line 523 in wrapper
  File 
"/home/buildbot/buildarea/3.x.intel-ubuntu-skylake/build/Lib/unittest/case.py", 
line 600 in run
  . . .

--
nosy: +martin.panter

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset 4ebe3ade6922 by Christian Heimes in branch 'default':
Issue 27744: AES-CBC and DRBG need Kernel 3.19+
https://hg.python.org/cpython/rev/4ebe3ade6922

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset ee32af890e27 by Christian Heimes in branch 'default':
Issue 27744: Check for AF_ALG support in Kernel
https://hg.python.org/cpython/rev/ee32af890e27

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset 52404f9596b5 by Christian Heimes in branch 'default':
Issue #27744: correct comment and markup
https://hg.python.org/cpython/rev/52404f9596b5

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Roundup Robot]

Roundup Robot added the comment:

New changeset 74ce062a0397 by Christian Heimes in branch 'default':
Issue #27744: Add AF_ALG (Linux Kernel crypto) to socket module.
https://hg.python.org/cpython/rev/74ce062a0397

--
nosy: +python-dev

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

I have removed binascii.(un)hexlify().

--
Added file: 
http://bugs.python.org/file44359/AF_ALG-kernel-crypto-support-for-socket-module-5.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Changes by Christian Heimes :


Added file: 
http://bugs.python.org/file44295/AF_ALG-kernel-crypto-support-for-socket-module-4.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Changes by Christian Heimes :


Added file: 
https://bugs.python.org/file44268/AF_ALG-kernel-crypto-support-for-socket-module-3.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

New patch with setsockopt(socket.SOL_ALG, socket.ALG_SET_AEAD_AUTHSIZE, None, 
taglen) instead of (None, taglen).

--
Added file: 
https://bugs.python.org/file44248/AF_ALG-kernel-crypto-support-for-socket-module-2.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

Thanks for your review, Victor. I have addressed most of your remarks.

* algset() is now called sendmsg_afalg(). It behaves more like a specialized 
version of sendmsg() and can optionally handle an array of iovec.

* I had to add another variant of setsockopt that sends NULL, int instead of 
(char*)int, sizeof(int) to get the AEAD GCM tests working. AEAD expects 
ALG_SET_AEAD_AUTHSIZE as (NULL, taglen). algo.setsockopt(SOL_ALG, 
ALG_SET_AEAD_AUTHSIZE, (None, taglen)) sends optval=NULL, optlen=taglen.

* Added tests for AES-CBC decryption, AEAD AES-GCM and DRBG.

--
Added file: 
http://bugs.python.org/file44140/AF_ALG-kernel-crypto-support-for-socket-module-1.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[STINNER Victor]

STINNER Victor added the comment:

I reviewed AF_ALG-kernel-crypto-support-for-socket-module.patch.

--
nosy: +haypo

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Christian Heimes added the comment:

Working patch with tests and documentation.

socket.algset() isn't strictly necessary but makes the feature much more 
pleasant to use. I accept ideas for a better name, though.

--
keywords: +patch
Added file: 
http://bugs.python.org/file44118/AF_ALG-kernel-crypto-support-for-socket-module.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

Changes by Christian Heimes :


Removed file: 
http://bugs.python.org/file44088/Microsoft_Screen_Sharing_for_Lumia_Phones_HD-10_UG_th_TH.pdf

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Pan Naekton]

Changes by Pan Naekton :


Added file: 
http://bugs.python.org/file44088/Microsoft_Screen_Sharing_for_Lumia_Phones_HD-10_UG_th_TH.pdf

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Cory Benfield]

Changes by Cory Benfield :


--
nosy: +Lukasa

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue27744] Add AF_ALG (Linux Kernel crypto) to socket module

[Christian Heimes]

New submission from Christian Heimes:

Linux has a netlink-based user-space interface for Kernel cryptography. Kernel 
based crypto has a couple of advantages that are explained at 
http://www.chronox.de/libkcapi/html/ch01s02.html . The document doesn't mention 
that a crypto socket also supports splicing and sendfile. Files no longer have 
to be copied to user-space.

My experimental branch https://github.com/tiran/cpython/commits/feature/af_alg 
implements af_alg support. Example:

from socket import socket, AF_ALG, SOCK_SEQPACKET, SOL_ALG, ALG_SET_KEY
from binascii import hexlify
with socket(AF_ALG, SOCK_SEQPACKET, 0) as alg:
alg.bind(('hash', 'hmac(sha512)'))
alg.setsockopt(SOL_ALG, ALG_SET_KEY, b'key')
op, _ = alg.accept()
with open('/etc/passwd', 'rb') as f:
op.sendfile(f)
print(hexlify(op.recv(64)))
op.close()

--
components: Extension Modules
messages: 272516
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: Add AF_ALG (Linux Kernel crypto) to socket module
type: enhancement
versions: Python 3.6

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com