Page MenuHomeFreeBSD
Differential D25288 Diff 73484 head/share/man/man9/crypto_request.9

Changeset View

Standalone View

View Options

head/share/man/man9/crypto_request.9

Show All 24 Lines
.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE. .\" POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" * Other names and brands may be claimed as the property of others. .\" * Other names and brands may be claimed as the property of others.
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd May 25, 2020 .Dd June 22, 2020
.Dt CRYPTO_REQUEST 9 .Dt CRYPTO_REQUEST 9
.Os .Os
.Sh NAME .Sh NAME
.Nm crypto_request .Nm crypto_request
.Nd symmetric cryptographic operations .Nd symmetric cryptographic operations
.Sh SYNOPSIS .Sh SYNOPSIS
.In opencrypto/cryptodev.h .In opencrypto/cryptodev.h
.Ft int .Ft int
▲ Show 20 LinesShow All 134 Lines▼ Show 20 Lines
or decryption result and any computed digest. or decryption result and any computed digest.
AAD and IV regions are not copied from the input buffer into the output AAD and IV regions are not copied from the input buffer into the output
buffer but are only used as inputs. buffer but are only used as inputs.
.Pp .Pp
The following regions are defined: The following regions are defined:
.Bl -column "Payload Output" "Input/Output" .Bl -column "Payload Output" "Input/Output"
.It Sy Region Ta Sy Buffer Ta Sy Description .It Sy Region Ta Sy Buffer Ta Sy Description
.It AAD Ta Input Ta .It AAD Ta Input Ta
Additional Authenticated Data Embedded Additional Authenticated Data
.It IV Ta Input Ta .It IV Ta Input Ta
Embedded IV or nonce Embedded IV or nonce
.It Payload Ta Input Ta .It Payload Ta Input Ta
Data to encrypt, decrypt, compress, or decompress Data to encrypt, decrypt, compress, or decompress
.It Payload Output Ta Output Ta .It Payload Output Ta Output Ta
Encrypted or decrypted data Encrypted or decrypted data
.It Digest Ta Input/Output Ta .It Digest Ta Input/Output Ta
Authentication digest, hash, or tag Authentication digest, hash, or tag
▲ Show 20 LinesShow All 58 Lines▼ Show 20 Lines
Calculate a digest over the AAD and payload regions of the data buffer. Calculate a digest over the AAD and payload regions of the data buffer.
Compare the calculated digest to the existing digest from the digest region. Compare the calculated digest to the existing digest from the digest region.
If the digests match, If the digests match,
decrypt the payload region. decrypt the payload region.
If the digests do not match, If the digests do not match,
fail the request with fail the request with
.Er EBADMSG . .Er EBADMSG .
.El .El
.Ss Request AAD
AEAD and Encrypt-then-Authenticate requests may optionally include
Additional Authenticated Data.
AAD may either be supplied in the AAD region of the input buffer or
as a single buffer pointed to by
.Fa crp_aad .
In either case,
.Fa crp_aad_length
always indicates the amount of AAD in bytes.
.Ss Request IV and/or Nonce .Ss Request IV and/or Nonce
Some cryptographic operations require an IV or nonce as an input. Some cryptographic operations require an IV or nonce as an input.
An IV may be stored either in the IV region of the data buffer or in An IV may be stored either in the IV region of the data buffer or in
.Fa crp_iv . .Fa crp_iv .
By default, By default,
the IV is assumed to be stored in the IV region. the IV is assumed to be stored in the IV region.
If the IV is stored in If the IV is stored in
.Fa crp_iv , .Fa crp_iv ,
▲ Show 20 LinesShow All 199 LinesShow Last 20 Lines