/usr/share/doc/libkcapi/html/ch01s02.html is in libkcapi-doc 1.0.3-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Purpose Of AF_ALG</title><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="index.html" title="Linux Kernel Crypto API User Space Interface Library"><link rel="up" href="Intro.html" title="Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library"><link rel="prev" href="Intro.html" title="Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library"><link rel="next" href="Usage.html" title="Chapter 2. Programming Guidelines"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Purpose Of AF_ALG</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Intro.html">Prev</a> </td><th width="60%" align="center">Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library</th><td width="20%" align="right"> <a accesskey="n" href="Usage.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idm34"></a>Purpose Of AF_ALG</h2></div></div></div><p>
With the presence of numerous user space cryptographic libraries,
one may ask why is there a need for the kernel to expose its kernel
crypto API to user space. As there are system calls and potentially
memory copies needed before a cipher can be invoked, it should be
typically slower than user space shared libraries.
</p><p>
There are several reasons for AF_ALG:
</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
The first and most important item is the access to hardware
accelerators and hardware devices whose technical interface can
only be accessed from the kernel mode / supervisor state of the
processor. Such support cannot be used from user space except
through AF_ALG.
</p></li><li class="listitem"><p>
When using user space libraries, all key material and other
cryptographic sensitive parameters remains in the calling
application's memory even when the application supplied the
information to the library. When using AF_ALG, the key material
and other sensitive parameters are handed to the kernel. The
calling application now can reliably erase that information
from its memory and just use the cipher handle to perform
the cryptographic operations. If the application is cracked
an attacker cannot obtain the key material.
</p></li><li class="listitem"><p>
On memory constrained systems like embedded systems, the additional
memory footprint of a user space cryptographic library may
be too much. As the kernel requires the kernel crypto API to be
present, reusing existing code should reduce the memory footprint.
</p></li></ul></div><p>
</p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Intro.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Intro.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Usage.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 2. Programming Guidelines</td></tr></table></div></body></html>
|