{"id":33152921,"url":"https://github.com/smuellerDD/libkcapi","last_synced_at":"2025-11-16T18:02:20.619Z","repository":{"id":23341336,"uuid":"26701892","full_name":"smuellerDD/libkcapi","owner":"smuellerDD","description":"Linux Kernel Crypto API User Space Interface Library","archived":false,"fork":false,"pushed_at":"2025-02-09T14:29:48.000Z","size":2997,"stargazers_count":176,"open_issues_count":5,"forks_count":73,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-02-09T15:30:39.566Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://www.chronox.de/libkcapi","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smuellerDD.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-11-16T03:02:22.000Z","updated_at":"2025-02-09T14:29:52.000Z","dependencies_parsed_at":"2023-01-13T23:09:41.941Z","dependency_job_id":"9ac83b8e-218f-46ee-b1a7-897559282941","html_url":"https://github.com/smuellerDD/libkcapi","commit_stats":{"total_commits":813,"total_committers":23,"mean_commits":35.34782608695652,"dds":"0.19188191881918815","last_synced_commit":"3d9958c374d96682e2b65b1f4ec36fe57e2a6c63"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"purl":"pkg:github/smuellerDD/libkcapi","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smuellerDD%2Flibkcapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smuellerDD%2Flibkcapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smuellerDD%2Flibkcapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smuellerDD%2Flibkcapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smuellerDD","download_url":"https://codeload.github.com/smuellerDD/libkcapi/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smuellerDD%2Flibkcapi/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284750955,"owners_count":27057456,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-16T02:00:05.974Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-11-15T19:00:46.108Z","updated_at":"2025-11-16T18:02:20.609Z","avatar_url":"https://github.com/smuellerDD.png","language":"C","funding_links":[],"categories":["Frameworks and Libs"],"sub_categories":["C"],"readme":"libkcapi -- Linux Kernel Crypto API User Space Interface Library [![Build Status](https://github.com/smuellerDD/libkcapi/workflows/checks/badge.svg)](https://github.com/smuellerDD/libkcapi/actions?query=branch%3Amaster)\n[![Code Quality: Cpp](https://img.shields.io/lgtm/grade/cpp/github/smuellerDD/libkcapi.svg?logo=lgtm\u0026logoWidth=18)](https://lgtm.com/projects/g/smuellerDD/libkcapi/context:cpp)\n================================================================\n\nlibkcapi allows user-space to access the Linux kernel crypto API.\n\nlibkcapi uses this Netlink interface and exports easy to use APIs so that\na developer does not need to consider the low-level Netlink interface handling.\n\nThe library does not implement any cipher algorithms. All consumer requests\nare sent to the kernel for processing. Results from the kernel crypto API\nare returned to the consumer via the library API.\n\nThe kernel interface and therefore this library can be used by unprivileged\nprocesses.\n\nThe focus during the development of this library is put on speed. This library\ndoes not perform any memcpy for processing the cryptographic data! The library\nuses scatter / gather lists to eliminate the need for moving data around in\nmemory.\n\nDirectory Structure\n===================\n\n`lib/` -- directory holding the library\n\n`apps/` -- directory holding the applications discussed below; these\n\t applications link the library code in.\n\n`test/` -- functional verification code\n\n`speed-test/` -- performance tests\n\n`kernel-patches/` -- Linux kernel patches providing the interfaces for the asymmetric ciphers (akcipher) and the DH/ECDH ciphers (KPP). These patches must be applied to the Linux kernel if the respective configure options of either `--enable-lib-asym` or `--enable-lib-kpp` are used.\n\nApplications\n============\n\nThe libkcapi distribution contains the following applications which are\nintended as a drop-in replacement for the respective applications commonly\navailable in all Linux distributions:\n\n* coreutils: sha512sum, sha384sum, sha256sum, sha224sum, sha1sum, md5sum\n\n* libfipscheck: fipscheck / fipshmac\n\n* hmaccalc: sha512hmac, sha384hmac, sha256hmac, sha224hmac, sha1hmac, sm3hmac\n\n* libdigest-sha3-perl: sha3sum\n\nThe output as well as the command line options are modeled according to the\ncommands found in the coreutils package.\n\nIn addition, the following tool is available:\n\n* `kcapi-rng`: This tool allows obtaining random numbers from the kernel\n  crypto API RNGs. It shall allow users a similar operation as a\n  `cat /dev/hwrand` call.\n\n* `kcapi-enc`: This tool provides command line access to the symmetric ciphers\n  of the kernel crypto API. It is conceptually similar to the openssl enc\n  tool.\n\n* `kcapi-dgst`: To generate message digests and keyed message digests using\n  the kernel crypto API ciphers, this command line tool can be used. It is\n  conceptually similar to openssl dgst.\n\nThese applications do not depend on any user space library other than the\nC-lib.\n\n\nVersion Numbers\n===============\nThe version numbers for this library have the following schema:\nMAJOR.MINOR.PATCHLEVEL\n\nChanges in the major number implies API and ABI incompatible changes, or\nfunctional changes that require consumer to be updated (as long as this\nnumber is zero, the API is not considered stable and can change without a\nbump of the major version).\n\nChanges in the minor version are API compatible, but the ABI may change.\nFunctional enhancements only are added. Thus, a consumer can be left\nunchanged if enhancements are not considered. The consumer only needs to\nbe recompiled.\n\nPatchlevel changes are API / ABI compatible. No functional changes, no\nenhancements are made. This release is a bug fixe release only. The\nconsumer can be left unchanged and does not need to be recompiled.\n\nBuild instructions\n==================\nThe build system is based on `autotools`. First of all, you have to run the\nfollowing command that will generate the `Makefile` and the `configure` script:\n```\n$ autoreconf -i\n```\nThe `configure` script supports the following options:\n* `--prefix=$PREFIX`: install the library and the applications to\n  `$PREFIX`\n* `--enable-kcapi-test`: compile and install the `kcapi` test program\n* `--enable-kcapi-speed`: compile and install `kcapi-speed` test program\n* `--enable-kcapi-hasher`: compile and install the drop-in replacement\n  applications\n* `--enable-kcapi-rngapp`: compile and install the kcapi-rng application\n* `--enable-kcapi-encapp`: compile and install the kcapi-enc application\n* `--enable-kcapi-dgstapp`: compile and install the kcapi-dgst application\n* The various `--disable-lib-*` options allows the disabling of different\n  library functions to allow minimizing the binary.\n* The various `--enable-lib-*` options allow the enabling of the different\n  library functions. All library functions referenced there do not have an\n  equivalent kernel support in the upstream Linux kernel. Yet, patches are\n  available in the `kernel-patches` directory that provide that interface\n  which need to be added to the kernel if desired.\n\nFor instance, to compile the library with the `kcapi` test program and to\ninstall them in `/usr/`:\n```\n$ ./configure --prefix=/usr/ --enable-kcapi-test\n```\n\nThen, run `make` to compile and `make install` to install in the folder\nspecified by the `--prefix` option.\n\nThe Makefile compiles libkcapi as a shared library and as a static library.\n\nBuild documentation\n-------------------\n`xmlto` is required to build the man pages and the documentation in doc/html.\n`db2pdf` and `db2ps` are required to build the documentation in PDF or in PS format.\n\nUse the following targets to generate the documentation in the appropriate format:\n* `make man`\n* `make pdf`\n* `make ps`\n* `make html`\n\nTo install the man pages run: `make install-man`.\n\nStatic Code analyzer\n--------------------\nIf `clang` or `cppcheck` are installed, you can use the following targets to\nrun them on the source code:\n* `make scan`\n* `make cppcheck`\n\nTest cases\n==========\n\nThe test/ directory contains test cases to verify the correct operation of\nthis library. In addition it allows the verification of the correct operation\nof the kernel crypto API.\n\nThe test cases are documented in test/README.\n\n\nIntegration of libkcapi into other projects\n===========================================\n\nThe libkcapi library does not have any dependencies except to the C-library\n(and the kernel, naturally). This allows developers to integrate the\nlibrary into their project either as a shared library or natively by simply\ncopying the required C and header files into the target project and compile\nthem along.\n\nWhen compiling them as part of a project, no special compile time flags are\nneeded as the library is written in clean C. Though, the project author should\nconsider the COMMON_CPPFLAGS and COMMON_LDFLAGS in Makefile.am as they\ncollectively provide additional security checks offered by the compiler or\nthe underlying platform.\n\nTo integrate the library source code directly into projects, the following\nfiles must always be copied into the target project irrespective of the cipher\noperations the project wants to use:\n\n* kcapi-kernel-if.c (this provides the basic kernel interface logic)\n\n* all header files\n\nNow, a project may selectively copy the following files as required for the\nrespective project. The listed files do not have mutual dependencies unless\nexplicitly noted:\n\n* kcapi-aead.c (AEAD cipher support providing kcapi_aead_* functions)\n\n* kcapi-asym.c (asymmetric cipher support providing all kcapi_akcipher_* functions)\n\n* kcapi-md.c (message digest and keyed message digest support providing all kcapi_md_* functions)\n\n* kcapi-rng.c (random number generator support providing all kcapi_rng_* functions)\n\n* kcapi-sym.c (symmetric cipher support providing all kcapi_cipher_* functions)\n\n* kcapi-kdf.c (depending on the presence of kcapi-md.c -- providing the KDF, HKDF and PBKDF implementations with the functions of kcapi_*kdf_*)\n\n* kcapi-utils.c (small helper functions providing, including versioning APIs)\n\n* kcapi-kpp.c (key protocol primitives (i.e. Diffie-Hellman and EC Diffie-Hellman) support providing all kcapi_kpp_* functions)\n\nAuthor\n======\nStephan Mueller \u003csmueller@chronox.de\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FsmuellerDD%2Flibkcapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FsmuellerDD%2Flibkcapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FsmuellerDD%2Flibkcapi/lists"}