summaryrefslogtreecommitdiffstats
path: root/share/man/man9/crypto.9
diff options
context:
space:
mode:
Diffstat (limited to 'share/man/man9/crypto.9')
-rw-r--r--share/man/man9/crypto.926
1 files changed, 18 insertions, 8 deletions
diff --git a/share/man/man9/crypto.9 b/share/man/man9/crypto.9
index c2682af..2aaf130 100644
--- a/share/man/man9/crypto.9
+++ b/share/man/man9/crypto.9
@@ -175,17 +175,26 @@ Contains an algorithm identifier.
Currently supported algorithms are:
.Pp
.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact
+.It Dv CRYPTO_AES_128_NIST_GMAC
+.It Dv CRYPTO_AES_192_NIST_GMAC
+.It Dv CRYPTO_AES_256_NIST_GMAC
.It Dv CRYPTO_AES_CBC
+.It Dv CRYPTO_AES_ICM
+.It Dv CRYPTO_AES_NIST_GCM_16
+.It Dv CRYPTO_AES_NIST_GMAC
+.It Dv CRYPTO_AES_XTS
.It Dv CRYPTO_ARC4
.It Dv CRYPTO_BLF_CBC
.It Dv CRYPTO_CAMELLIA_CBC
.It Dv CRYPTO_CAST_CBC
+.It Dv CRYPTO_DEFLATE_COMP
.It Dv CRYPTO_DES_CBC
.It Dv CRYPTO_3DES_CBC
-.It Dv CRYPTO_SKIPJACK_CBC
.It Dv CRYPTO_MD5
.It Dv CRYPTO_MD5_HMAC
.It Dv CRYPTO_MD5_KPDK
+.It Dv CRYPTO_NULL_HMAC
+.It Dv CRYPTO_NULL_CBC
.It Dv CRYPTO_RIPEMD160_HMAC
.It Dv CRYPTO_SHA1
.It Dv CRYPTO_SHA1_HMAC
@@ -193,8 +202,7 @@ Currently supported algorithms are:
.It Dv CRYPTO_SHA2_256_HMAC
.It Dv CRYPTO_SHA2_384_HMAC
.It Dv CRYPTO_SHA2_512_HMAC
-.It Dv CRYPTO_NULL_HMAC
-.It Dv CRYPTO_NULL_CBC
+.It Dv CRYPTO_SKIPJACK_CBC
.El
.It Va cri_klen
Specifies the length of the key in bits, for variable-size key
@@ -207,7 +215,8 @@ Contains the key to be used with the algorithm.
.It Va cri_iv
Contains an explicit initialization vector (IV), if it does not prefix
the data.
-This field is ignored during initialization.
+This field is ignored during initialization
+.Pq Nm crypto_newsession .
If no IV is explicitly passed (see below on details), a random IV is used
by the device driver processing the request.
.It Va cri_next
@@ -296,8 +305,6 @@ The buffer pointed to by
is an
.Vt uio
structure.
-.It Dv CRYPTO_F_REL
-Must return data in the same place.
.It Dv CRYPTO_F_BATCH
Batch operation if possible.
.It Dv CRYPTO_F_CBIMM
@@ -363,7 +370,7 @@ The following flags are defined:
For encryption algorithms, this bit is set when encryption is required
(when not set, decryption is performed).
.It Dv CRD_F_IV_PRESENT
-For encryption algorithms, this bit is set when the IV already
+For encryption, this bit is set when the IV already
precedes the data, so the
.Va crd_inject
value will be ignored and no IV will be written in the buffer.
@@ -372,7 +379,7 @@ at the location pointed to by
.Va crd_inject .
The IV length is assumed to be equal to the blocksize of the
encryption algorithm.
-Some applications that do special
+Applications that do special
.Dq "IV cooking" ,
such as the half-IV mode in
.Xr ipsec 4 ,
@@ -403,6 +410,8 @@ field for the given operation.
Otherwise, the key is taken at newsession time from the
.Va cri_key
field.
+As calculating the key schedule may take a while, it is recommended that often
+used keys are given their own session.
.It Dv CRD_F_COMP
For compression algorithms, this bit is set when compression is required (when
not set, decompression is performed).
@@ -641,6 +650,7 @@ most of the framework code
.El
.Sh SEE ALSO
.Xr ipsec 4 ,
+.Xr crypto 7 ,
.Xr malloc 9 ,
.Xr sleep 9
.Sh HISTORY
OpenPOWER on IntegriCloud