This file is indexed.

/usr/share/doc/libkcapi/html/ch01s02.html is in libkcapi-doc 1.0.3-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Purpose Of AF_ALG</title><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="index.html" title="Linux Kernel Crypto API User Space Interface Library"><link rel="up" href="Intro.html" title="Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library"><link rel="prev" href="Intro.html" title="Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library"><link rel="next" href="Usage.html" title="Chapter 2. Programming Guidelines"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Purpose Of AF_ALG</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="Intro.html">Prev</a> </td><th width="60%" align="center">Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library</th><td width="20%" align="right"> <a accesskey="n" href="Usage.html">Next</a></td></tr></table><hr></div><div class="sect1"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idm34"></a>Purpose Of AF_ALG</h2></div></div></div><p>
    With the presence of numerous user space cryptographic libraries,
    one may ask why is there a need for the kernel to expose its kernel
    crypto API to user space. As there are system calls and potentially
    memory copies needed before a cipher can be invoked, it should be
    typically slower than user space shared libraries.
   </p><p>
    There are several reasons for AF_ALG:
     </p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem"><p>
        The first and most important item is the access to hardware
        accelerators and hardware devices whose technical interface can
        only be accessed from the kernel mode / supervisor state of the
        processor. Such support cannot be used from user space except
        through AF_ALG.
       </p></li><li class="listitem"><p>
        When using user space libraries, all key material and other
        cryptographic sensitive parameters remains in the calling
        application's memory even when the application supplied the
        information to the library. When using AF_ALG, the key material
        and other sensitive parameters are handed to the kernel. The
        calling application now can reliably erase that information
        from its memory and just use the cipher handle to perform
        the cryptographic operations. If the application is cracked
        an attacker cannot obtain the key material.
       </p></li><li class="listitem"><p>
        On memory constrained systems like embedded systems, the additional
        memory footprint of a user space cryptographic library may
        be too much. As the kernel requires the kernel crypto API to be
        present, reusing existing code should reduce the memory footprint.
       </p></li></ul></div><p>
   </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="Intro.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="Intro.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="Usage.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 1. libkcapi - Linux Kernel Crypto API User Space Interface Library </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 2. Programming Guidelines</td></tr></table></div></body></html>