diff options
author | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:46 +0000 |
---|---|---|
committer | John Baldwin <jhb@FreeBSD.org> | 2021-10-06 21:08:46 +0000 |
commit | 16676123fc85233334983e0071cb446357abec8d (patch) | |
tree | 3e2a4849b4b8c068941385698cc4a7071048b47a /share | |
parent | 5ae5ed5b8fd2955378ab67ba127cad8c981678ab (diff) | |
download | src-16676123fc85233334983e0071cb446357abec8d.tar.gz src-16676123fc85233334983e0071cb446357abec8d.zip |
cryptodev: Permit explicit IV/nonce and MAC/tag lengths.
Add 'ivlen' and 'maclen' fields to the structure used for CIOGSESSION2
to specify the explicit IV/nonce and MAC/tag lengths for crypto
sessions. If these fields are zero, the default lengths are used.
This permits selecting an alternate nonce length for AEAD ciphers such
as AES-CCM which support multiple nonce leengths. It also supports
truncated MACs as input to AEAD or ETA requests.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D32107
Diffstat (limited to 'share')
-rw-r--r-- | share/man/man4/crypto.4 | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/share/man/man4/crypto.4 b/share/man/man4/crypto.4 index 56fd4f484c3b..5617bacd904a 100644 --- a/share/man/man4/crypto.4 +++ b/share/man/man4/crypto.4 @@ -1,13 +1,16 @@ .\" $NetBSD: crypto.4,v 1.24 2014/01/27 21:23:59 pgoyette Exp $ .\" .\" Copyright (c) 2008 The NetBSD Foundation, Inc. -.\" Copyright (c) 2014 The FreeBSD Foundation +.\" Copyright (c) 2014-2021 The FreeBSD Foundation .\" All rights reserved. .\" .\" Portions of this documentation were written by John-Mark Gurney .\" under sponsorship of the FreeBSD Foundation and .\" Rubicon Communications, LLC (Netgate). .\" +.\" Portions of this documentation were written by Ararat River +.\" Consulting, LLC under sponsorship of the FreeBSD Foundation. +.\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Coyote Point Systems, Inc. .\" @@ -60,7 +63,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 12, 2021 +.Dd October 6, 2021 .Dt CRYPTO 4 .Os .Sh NAME @@ -251,14 +254,27 @@ struct session2_op { uint32_t ses; /* returns: ses # */ int crid; /* driver id + flags (rw) */ - int pad[4]; /* for future expansion */ + int ivlen; /* length of nonce/IV */ + int maclen; /* length of MAC/tag */ + int pad[2]; /* for future expansion */ }; .Ed -This request is similar to CIOGSESSION except that +This request is similar to CIOGSESSION but adds additional fields. +.Pp .Fa sessp-\*[Gt]crid requests either a specific crypto device or a class of devices (software vs hardware). +.Pp +.Fa sessp-\*[Gt]ivlen +specifies the length of the IV or nonce supplied with each request. +If this field is set to zero, the default IV or nonce length is used. +.Pp +.Fa sessp-\*[Gt]maclen +specifies the length of the MAC or authentication tag supplied or computed by +each request. +If this field is set to zero, the full MAC is used. +.Pp The .Fa sessp-\*[Gt]pad field must be initialized to zero. |