The kernel crypto API interface operates with two types of file descriptors, the TFM file descriptor and
the OP file descriptor.
The TFM file descriptor receives the cipher-operation static information: the key, and the AEAD tag size.
The OP file descriptor receives the volatile data, such as the plaintext / ciphertext, the IV, or the
AEAD AD size.
The kernel crypto API AF_ALG interface supports the concept that one TFM file descriptor can operate with
multiple OP file descriptors. The different OP file descriptors can perform completely separate cipher
operations using the same key which can execute in parallel. The parallel execution can be performed in
the same or different process threads.
kcapi_handle_reinit function allows the allocation of a new cipher handle with a new OP file descriptor
but using the same TFM file descriptor. To obtain a reference to the TFM file descriptor, an existing
cipher handle is used as source. kcapi_handle_reinit can be invoked multiple times. Each resulting
cipher handle must be deallocated with kcapi_cipher_destroy. The deallocation ensures that the TFM
resource is only released if the last handle using this TFM resource is released.
return 0 upon success; -EINVAL - accept syscall failed -ENOMEM - cipher handle cannot be allocated
Install Now
PNG Icons