GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CRYPTO(9) FreeBSD Kernel Developer's Manual CRYPTO(9)

crypto
API for cryptographic services in the kernel

#include <opencrypto/cryptodev.h>

crypto is a framework for in-kernel cryptography. It permits in-kernel consumers to encrypt and decrypt data and also enables userland applications to use cryptographic hardware through the /dev/crypto device.

crypto supports two modes of operation: one mode for symmetric-keyed cryptographic requests and digest, and a second mode for asymmetric-key requests and modular arithmetic.

Symmetric-key operations include encryption and decryption operations using block and stream ciphers as well as computation and verification of message authentication codes (MACs). In this mode, consumers allocate sessions to describe a transform as discussed in crypto_session(9). Consumers then allocate request objects to describe each transformation such as encrypting a network packet or decrypting a disk sector. Requests are described in crypto_request(9).

Device drivers are responsible for processing requests submitted by consumers. crypto_driver(9) describes the interfaces drivers use to register with the framework, helper routines the framework provides to facilitate request processing, and the interfaces drivers are required to provide.

Assymteric-key operations do not use sessions. Instead, these operations perform individual mathematical operations using a set of input and output parameters. These operations are described in crypto_asym(9). Drivers that support asymmetric operations use additional interfaces described in crypto_asym(9) in addition to the base interfaces described in crypto_driver(9).

Since the consumers may not be associated with a process, drivers may not sleep(9). The same holds for the framework. Thus, a callback mechanism is used to notify a consumer that a request has been completed (the callback is specified by the consumer on a per-request basis). The callback is invoked by the framework whether the request was successfully completed or not. Errors are reported to the callback function.

Session initialization does not use callbacks and returns errors synchronously.

For symmetric-key operations, a specific error code, EAGAIN, is used to indicate that a session handle has changed and that the request may be re-submitted immediately with the new session. The consumer should update its saved copy of the session handle to the value of crp_session so that future requests use the new session.

More details on some algorithms may be found in crypto(7). These algorithms are used for symmetric-mode operations. Asymmetric-mode operations support operations described in crypto_asym(9).

The following authentication algorithms are supported:

The following encryption algorithms are supported:

The following authenticated encryption with additional data (AEAD) algorithms are supported:

The following compression algorithms are supported:

sys/opencrypto/crypto.c
most of the framework code

crypto(4), ipsec(4), crypto(7), crypto_asym(9), crypto_driver(9), crypto_request(9), crypto_session(9), sleep(9)

The cryptographic framework first appeared in OpenBSD 2.7 and was written by Angelos D. Keromytis <angelos@openbsd.org>.

The framework needs a mechanism for determining which driver is best for a specific set of algorithms associated with a session. Some type of benchmarking is in order here.
March 18, 2021 FreeBSD 13.1-RELEASE

Search for    or go to Top of page |  Section 9 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.