Playing with Linux Kernel TLS in Python
Switch branches/tags
Nothing to show
Clone or download
Latest commit c1f4f97 Dec 6, 2017

README.md

Playing with Kernel TLS in Python

Build Status

ktls.py provides serveral tests and scripts to play linux kernel TLS in cpython. The idea was inspired from PLAYING WITH KERNEL TLS IN LINUX 4.13 AND GO.

Prerequisite

  1. Linux kernel 4.13 or above (option CONFIG_TLS=y or CONFIG_TLS=m)
  2. openssl 1.0.x
  3. The ktls patch of cpython

Install

Manual install cpython with supproting KTLS

# install cpython
$ git clone -b v3.6.3-ktls-patch https://github.com/crazyguitar/cpython
$ cd cpython
$ ./configure --prefix=/usr --enable-optimizations
$ make -j 9 && sudo make altinstall

# if CONFIG_TLS=m, run the following commands to check that tls.ko has been inserted.
$ lsmod | grep tls
$ modprobe tls

# run the https server with supporting ktls
$ git clone https://github.com/crazyguitar/ktls.py.git
$ cd ktls.py
$ python3.6 https.py &
$ wget -qO- https://localhost:4433 --no-check-certificate

Using vagrant

$ vagrant init crazyguitar/xenial64 --box-version 20171205.0.0
$ vagrant up
$ vagrant ssh
vagrant@vagrant:~$ git clone https://github.com/crazyguitar/ktls.py.git
vagrant@vagrant:~$ cd ktls.py
vagrant@vagrant:~/ktls.py$ python3.6 https.py &
[2] 7866
vagrant@vagrant:~/ktls.py$ wget -qO- https://localhost:4433 --no-check-certificate 

Run the tests

# insert tls kernel module if tls is built as module
$ sudo modprobe tls

# checking tls kernel module has been inserted
$ $ lsmod | grep tls
tls                    20480  0

# run lint
$ make lint

# run tests
$ make test

# run all tests and lint
$ make

Reference

  1. KTLS: Linux Kernel Transport Layer Security
  2. brno university of technology linux vpn performance and optimization
  3. Improving High-Bandwidth TLS in the FreeBSD kernel
  4. Optimizing TLS for High-Bandwidth Applications in FreeBSD
  5. TLS in the kernel
  6. djwatson/ktls
  7. ktls/af_ktls-tool
  8. torvalds/linux
  9. Playing with kernel TLS in Linux 4.13 and Go