Hi, The Linux kernel exports a network interface of type AF_ALG to allow user space to utilize the kernel crypto API. libkcapi uses this network interface and exports an easy to use API so that a developer does not need to consider the low-level network interface handling. The library does not implement any low level cipher algorithms. All consumer requests are sent to the kernel for processing. Results from the kernel crypto API are returned to the consumer via the library API. The kernel interface and therefore this library can be used by unprivileged processes. The library code archive also provides a drop-in replacement for the command line tools of sha*sum, fipscheck/fipshmac and sha512hmac. The source code and the documentation is available at [1]. [1] http://www.chronox.de/libkcapi.html Changes 0.14.0 * AIO: fix tracking of completed IOCBs * speed-test: fix AEAD handling * speed-test: fix time calculation * compiler now warns a user of deprecated API calls * AIO: handle kernel errors for algif_skcipher gracefully * AIO: using multiple IOCB if algif_aead interface supports it * ASYM: add PKCS1 tests * AIO: add ASYM AIO support * AIO: fix AEAD AIO fallback * AIO: add AIO fallback testing * replace enforcement of symmetric cipher limits with a log message only (the underlying kernel implementations should catch any errors) * add fuzzing tests * use autotools build system as provided by Georges Savoundararadj with additional considerations from Marcin Nowakowski (thanks a lot) * ALG_MAX_PAGES restriction is gone with current AF_ALG interface * add HKDF (RFC5869) * add apps/kcapi-rng * add support for multiple accepts where the caller maintains the opfd * fix memleak in error case in PBKDF * add multithreaded symmetric cipher tests * enable full AIO support for kernels 4.13 and higher (fallback AIO implementation using synchronous support for earlier kernels) -- this is due to the broken AIO support for earlier kernels * Add tests for the AAD copy operation to be supported for kernel 4.13 Ciao Stephan
