Cryproc — CryptoAPI access through the /proc filesystem

This homepage is under construction. Please see the project's sourceforge page for downloads etc.

Cryproc is module for the Linux 2.6 kernel which allows user space programs to access the kernel's cryptographic functions. When loaded, the module creates a file called "cryproc" in the /proc filesystem. Applications can open this file read-write and, using the protocol described below, instruct the kernel to perform some of the functions the CryptoAPI provides. A sample application for performing this operation, cryproc-tool, is provided.

The CryptoAPI provides three categories of algorithms, also called transforms or tfm's: message digests, ciphers and compression (see "Compression" for a list of caveats associated with compression algorithms). Support for the routines used must be compiled into the kernel or available as a module in order for Cryproc to work. Unfortunately, there seems to be no easy way of finding out which algorithms are supported on a particular machine, other than looking at the kernel's config file. The file /proc/crypto lists only those tranforms, which are compiled-in or whose modules are already loaded into the kernel.

Using cryptographic functions supported by the kernel instead of user space programs may be advantageous to security, since a running kernel is usually harder to tamper with than regular user-space software or libraries. Logo