kcapi_handle_reinit - Man Page

re-initialize a new kernel interface


int kcapi_handle_reinit(struct kcapi_handle ** newhandle, struct kcapi_handle * existing, uint32_t flags);



[out] cipher handle filled during the call


[in] existing cipher handle from which a new handle shall be re-initialized


[in] flags specifying the type of cipher handle


The kernel crypto API interface operates with two types of file descriptors, the TFM file descriptor and the OP file descriptor.

The TFM file descriptor receives the cipher-operation static information: the key, and the AEAD tag size.

The OP file descriptor receives the volatile data, such as the plaintext / ciphertext, the IV, or the AEAD AD size.

The kernel crypto API AF_ALG interface supports the concept that one TFM file descriptor can operate with multiple OP file descriptors. The different OP file descriptors can perform completely separate cipher operations using the same key which can execute in parallel. The parallel execution can be performed in the same or different process threads.

kcapi_handle_reinit function allows the allocation of a new cipher handle with a new OP file descriptor but using the same TFM file descriptor. To obtain a reference to the TFM file descriptor, an existing cipher handle is used as source. kcapi_handle_reinit can be invoked multiple times. Each resulting cipher handle must be deallocated with kcapi_cipher_destroy. The deallocation ensures that the TFM resource is only released if the last handle using this TFM resource is released.

return 0 upon success; -EINVAL - accept syscall failed -ENOMEM - cipher handle cannot be allocated


Stephan Mueller <smueller@chronox.de>



January 2023 libkcapi Manual 1.4.0 Programming Interface