82785a3cc8
Add descriptions of AES-CCM, Camellia-CBC, and Chacha20. Reviewed by: cem (previous version) Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D24963
179 lines
4.7 KiB
Groff
179 lines
4.7 KiB
Groff
.\" Copyright (c) 2014 The FreeBSD Foundation
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This documentation was written by John-Mark Gurney under
|
|
.\" the sponsorship of the FreeBSD Foundation and
|
|
.\" Rubicon Communications, LLC (Netgate).
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd June 04, 2020
|
|
.Dt CRYPTO 7
|
|
.Os
|
|
.Sh NAME
|
|
.Nm crypto
|
|
.Nd OpenCrypto algorithms
|
|
.Sh SYNOPSIS
|
|
In the kernel configuration file:
|
|
.Cd "device crypto"
|
|
.Pp
|
|
Or load the crypto.ko module.
|
|
.Sh DESCRIPTION
|
|
The following cryptographic algorithms that are part of the OpenCrypto
|
|
framework have the following requirements.
|
|
.Pp
|
|
Cipher algorithms:
|
|
.Bl -tag -width "CRYPTO_AES_NIST_GCM_16"
|
|
.It Dv CRYPTO_AES_CBC
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
16
|
|
.It Block size :
|
|
16
|
|
.It Key size :
|
|
16, 24 or 32
|
|
.El
|
|
.Pp
|
|
This algorithm implements Cipher Block Chaining.
|
|
.It Dv CRYPTO_AES_CCM_16
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
12
|
|
.It Block size :
|
|
16
|
|
.It Key size :
|
|
16, 24 or 32
|
|
.It Digest size :
|
|
16
|
|
.El
|
|
.Pp
|
|
This algorithm implements Counter with CBC-MAC Mode.
|
|
This cipher uses AEAD
|
|
.Pq Authenticated Encryption with Associated Data
|
|
mode.
|
|
.Pp
|
|
The authentication tag will be read from or written to the offset
|
|
.Va crp_digest_start
|
|
specified in the request.
|
|
.Pp
|
|
Note: The nonce for each request must be provided in
|
|
.Fa crp_iv
|
|
via the
|
|
.Dv CRYPTO_F_IV_SEPARATE
|
|
flag.
|
|
.It Dv CRYPTO_AES_NIST_GCM_16
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
12
|
|
.It Block size :
|
|
1
|
|
.It Key size :
|
|
16, 24 or 32
|
|
.It Digest size :
|
|
16
|
|
.El
|
|
.Pp
|
|
This algorithm implements Galois/Counter Mode.
|
|
This cipher uses AEAD
|
|
.Pq Authenticated Encryption with Associated Data
|
|
mode.
|
|
.Pp
|
|
The authentication tag will be read from or written to the offset
|
|
.Va crp_digest_start
|
|
specified in the request.
|
|
.Pp
|
|
Note: The nonce for each request must be provided in
|
|
.Fa crp_iv
|
|
via the
|
|
.Dv CRYPTO_F_IV_SEPARATE
|
|
flag.
|
|
.It Dv CRYPTO_AES_ICM
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
16
|
|
.It Block size :
|
|
1
|
|
.It Key size :
|
|
16, 24 or 32
|
|
.El
|
|
.Pp
|
|
This algorithm implements Integer Counter Mode.
|
|
This is similar to what most people call counter mode, but instead of the
|
|
counter being split into a nonce and a counter part, then entire nonce is
|
|
used as the initial counter.
|
|
This does mean that if a counter is required that rolls over at 32 bits,
|
|
the transaction need to be split into two parts where the counter rolls over.
|
|
The counter incremented as a 128-bit big endian number.
|
|
.Pp
|
|
Note: The counter for each request must be provided in
|
|
.Fa crp_iv
|
|
via the
|
|
.Dv CRYPTO_F_IV_SEPARATE
|
|
flag.
|
|
.It Dv CRYPTO_AES_XTS
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
8
|
|
.It Block size :
|
|
16
|
|
.It Key size :
|
|
32 or 64
|
|
.El
|
|
.Pp
|
|
This algorithm implements XEX Tweakable Block Cipher with Ciphertext Stealing
|
|
as defined in NIST SP 800-38E.
|
|
.Pp
|
|
NOTE: The ciphertext stealing part is not implemented which is why this cipher
|
|
is listed as having a block size of 16 instead of 1.
|
|
.It Dv CRYPTO_CAMELLIA_CBC
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
16
|
|
.It Block size :
|
|
16
|
|
.It Key size :
|
|
16, 24 or 32
|
|
.El
|
|
.Pp
|
|
This algorithm implements Cipher Block Chaining.
|
|
.It Dv CRYPTO_CHACHA20
|
|
.Bl -tag -width "Block size :" -compact -offset indent
|
|
.It IV size :
|
|
16
|
|
.It Block size :
|
|
1
|
|
.It Key size :
|
|
16 or 32
|
|
.El
|
|
.El
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
manpage first appeared in
|
|
.Fx 10.1 .
|
|
.Sh SEE ALSO
|
|
.Xr crypto 4 ,
|
|
.Xr crypto 9
|
|
.Sh BUGS
|
|
Not all the implemented algorithms are listed.
|