freebsd-skq/share/man/man7/crypto.7
Gordon Bergling 182ae6ca30 crypto(7): Correct Sections out of conventional order error
Event:		September 2020 Bugathon
MFC after:	1 week
2020-09-19 15:08:57 +00:00

179 lines
4.7 KiB
Groff

.\" Copyright (c) 2014 The FreeBSD Foundation
.\" All rights reserved.
.\"
.\" This documentation was written by John-Mark Gurney under
.\" the sponsorship of the FreeBSD Foundation and
.\" Rubicon Communications, LLC (Netgate).
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd June 4, 2020
.Dt CRYPTO 7
.Os
.Sh NAME
.Nm crypto
.Nd OpenCrypto algorithms
.Sh SYNOPSIS
In the kernel configuration file:
.Cd "device crypto"
.Pp
Or load the crypto.ko module.
.Sh DESCRIPTION
The following cryptographic algorithms that are part of the OpenCrypto
framework have the following requirements.
.Pp
Cipher algorithms:
.Bl -tag -width "CRYPTO_AES_NIST_GCM_16"
.It Dv CRYPTO_AES_CBC
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
16
.It Block size :
16
.It Key size :
16, 24 or 32
.El
.Pp
This algorithm implements Cipher Block Chaining.
.It Dv CRYPTO_AES_CCM_16
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
12
.It Block size :
16
.It Key size :
16, 24 or 32
.It Digest size :
16
.El
.Pp
This algorithm implements Counter with CBC-MAC Mode.
This cipher uses AEAD
.Pq Authenticated Encryption with Associated Data
mode.
.Pp
The authentication tag will be read from or written to the offset
.Va crp_digest_start
specified in the request.
.Pp
Note: The nonce for each request must be provided in
.Fa crp_iv
via the
.Dv CRYPTO_F_IV_SEPARATE
flag.
.It Dv CRYPTO_AES_NIST_GCM_16
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
12
.It Block size :
1
.It Key size :
16, 24 or 32
.It Digest size :
16
.El
.Pp
This algorithm implements Galois/Counter Mode.
This cipher uses AEAD
.Pq Authenticated Encryption with Associated Data
mode.
.Pp
The authentication tag will be read from or written to the offset
.Va crp_digest_start
specified in the request.
.Pp
Note: The nonce for each request must be provided in
.Fa crp_iv
via the
.Dv CRYPTO_F_IV_SEPARATE
flag.
.It Dv CRYPTO_AES_ICM
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
16
.It Block size :
1
.It Key size :
16, 24 or 32
.El
.Pp
This algorithm implements Integer Counter Mode.
This is similar to what most people call counter mode, but instead of the
counter being split into a nonce and a counter part, then entire nonce is
used as the initial counter.
This does mean that if a counter is required that rolls over at 32 bits,
the transaction need to be split into two parts where the counter rolls over.
The counter incremented as a 128-bit big endian number.
.Pp
Note: The counter for each request must be provided in
.Fa crp_iv
via the
.Dv CRYPTO_F_IV_SEPARATE
flag.
.It Dv CRYPTO_AES_XTS
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
8
.It Block size :
16
.It Key size :
32 or 64
.El
.Pp
This algorithm implements XEX Tweakable Block Cipher with Ciphertext Stealing
as defined in NIST SP 800-38E.
.Pp
NOTE: The ciphertext stealing part is not implemented which is why this cipher
is listed as having a block size of 16 instead of 1.
.It Dv CRYPTO_CAMELLIA_CBC
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
16
.It Block size :
16
.It Key size :
16, 24 or 32
.El
.Pp
This algorithm implements Cipher Block Chaining.
.It Dv CRYPTO_CHACHA20
.Bl -tag -width "Block size :" -compact -offset indent
.It IV size :
16
.It Block size :
1
.It Key size :
16 or 32
.El
.El
.Sh SEE ALSO
.Xr crypto 4 ,
.Xr crypto 9
.Sh HISTORY
The
.Nm
manpage first appeared in
.Fx 10.1 .
.Sh BUGS
Not all the implemented algorithms are listed.