Page MenuHomeFreeBSD
Differential D24838 Diff 78301 head/share/man/man9/crypto_request.9

Changeset View

Standalone View

View Options

head/share/man/man9/crypto_request.9

Show First 20 LinesShow All 296 Lines▼ Show 20 Lines
AEAD and Encrypt-then-Authenticate requests may optionally include AEAD and Encrypt-then-Authenticate requests may optionally include
Additional Authenticated Data. Additional Authenticated Data.
AAD may either be supplied in the AAD region of the input buffer or AAD may either be supplied in the AAD region of the input buffer or
as a single buffer pointed to by as a single buffer pointed to by
.Fa crp_aad . .Fa crp_aad .
In either case, In either case,
.Fa crp_aad_length .Fa crp_aad_length
always indicates the amount of AAD in bytes. always indicates the amount of AAD in bytes.
.Ss Request ESN
IPsec requests may optionally include Extended Sequence Numbers (ESN).
ESN may either be supplied in
.Fa crp_esn
or as part of the AAD pointed to by
.Fa crp_aad .
.Pp
If the ESN is stored in
.Fa crp_esn ,
.Dv CSP_F_ESN
should be set in
.Fa csp_flags .
This use case is dedicated for encrypt and authenticate mode, since the
high-order 32 bits of the sequence number are appended after the Next Header
(RFC 4303).
.Pp
AEAD modes supply the ESN in a separate AAD buffer (see e.g. RFC 4106, Chapter 5
AAD Construction).
.Ss Request IV and/or Nonce .Ss Request IV and/or Nonce
Some cryptographic operations require an IV or nonce as an input. Some cryptographic operations require an IV or nonce as an input.
An IV may be stored either in the IV region of the data buffer or in An IV may be stored either in the IV region of the data buffer or in
.Fa crp_iv . .Fa crp_iv .
By default, By default,
the IV is assumed to be stored in the IV region. the IV is assumed to be stored in the IV region.
If the IV is stored in If the IV is stored in
.Fa crp_iv , .Fa crp_iv ,
▲ Show 20 LinesShow All 199 LinesShow Last 20 Lines