Linux Kernel Crypto API User Space Interface Library
libkcapi allows user-space to access the Linux kernel crypto API.
libkcapi uses this Netlink interface and exports easy to use APIs so that a developer does not need to consider the low-level Netlink interface handling.
The library does not implement any cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API.
The kernel interface and therefore this library can be used by unprivileged processes.
The focus during the development of this library is put on speed. This library does not perform any memcpy for processing the cryptographic data! The library uses scatter / gather lists to eliminate the need for moving data around in memory.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
4
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Leap:15.2:FactoryCandidates/libkcapi && cd $_
- Create Badge
Source Files
Filename | Size | Changed |
---|---|---|
libkcapi-1.2.0.tar.xz | 0000318948 311 KB | |
libkcapi-1.2.0.tar.xz.asc | 0000000488 488 Bytes | |
libkcapi.changes | 0000011543 11.3 KB | |
libkcapi.keyring | 0000003541 3.46 KB | |
libkcapi.spec | 0000006941 6.78 KB |
Revision 7 (latest revision is 9)
- update to 1.2.0: * enhancement: kcapi-hasher: add madvise and 64 bit support by Brandur Simonsen * fix: fix clang warnding in KDF implementation by Khem Raj * fix: fix inverted logic in kcapi-main test logic reported by Ondrej Mosnáček * fix: return error when iteration count is zero for PBKDF as reported by Guido Vranken * enhancement: add function kcapi_cipher_stream_update_last to indicate the last block of a symmetric cipher stream operation * disable XTS multithreaded tests as it triggers a race discussed in https://github.com/smuellerDD/libkcapi/issues/92. The conclusion is the following: xts(aes) doesn't support chaining requests like for other ciphers such as CBC (at least as implemented in the kernel Crypto API). That can be seen in `crypto/testmgr.h` - the ciphers that are expected to return IVs usable for chaining have the `.iv_out` entries filled in in their test vectors (and those that don't support it do not). One can see that only CTR and CBC test vectors have them, not XTS. Looking again at how XTS is defined, it seems one could implement transparent chaining by simply decrypting the final tweak using the tweak key and return it as the output IV... but I believe this has never been mandated nor implemented in the Crypto API (likely because of the overhead of the final tweak decryption, which would be pointless if you're not going to use the output IV - and there is currently no way to signal to the driver that you are going to need it). * disable AIO parallel tests due to undefined behavior (forwarded request 830821 from dirkmueller)
Comments 0