crypto.4 - OpenGrok cross reference for /freebsd/share/man/man4/crypto.4

Lines Matching +full:mac +full:- +full:mode
4 .\" Copyright (c) 2014-2021 The FreeBSD Foundation
7 .\" Portions of this documentation were written by John-Mark Gurney
70 .Nd user-mode access to hardware-accelerated cryptography
81 driver gives user-mode applications access to hardware-accelerated
84 in-kernel interface.
91 User-mode applications open the special device and
95 User-mode access to
102 then user-mode sessions are only permitted to use cryptography coprocessors.
105 .Bl -enum
116 Since cipher and MAC keys are tied to sessions, many
133 .Sh SYMMETRIC-KEY OPERATION
135 provides a context-based API
136 to traditional symmetric-key encryption (or privacy) algorithms,
137 keyed and unkeyed one-way hash (HMAC and MAC) algorithms,
138 encrypt-then-authenticate (ETA) fused operations,
141 drivers perform both a privacy algorithm and an integrity-check
143 encrypt/HMAC-generate operation, or a fused HMAC-verify/decrypt operation.
145 drivers perform either an encrypt/MAC-generate operation
146 or a MAC-verify/decrypt operation.
150 Individual requests are able to specify per-request initialization vectors
157 .Bl -tag -width CIOCGSESSION
160 .Bd -literal
169 is -1, then find the driver named
175 is not -1, return the name of the driver with
183 .Bd -literal
186     uint32_t mac;	/* e.g. CRYPTO_SHA2_256_HMAC */
190     int mackeylen;	/* mac key */
209 .Fa sessp-\*[Gt]ses
219 For non-zero privacy algorithms, the privacy algorithm
221 .Fa sessp-\*[Gt]cipher ,
223 .Fa sessp-\*[Gt]keylen ,
225 .Fa sessp-\*[Gt]key .
227 For keyed one-way hash algorithms, the one-way hash must be specified
229 .Fa sessp-\*[Gt]mac ,
231 .Fa sessp-\*[Gt]mackey ,
233 .Fa sessp-\*[Gt]mackeylen .
237 integrity-check algorithms depends on whether the underlying
241 stand-alone non-fused operation.
243 .Bd -literal
246     uint32_t mac;	/* e.g. CRYPTO_SHA2_256_HMAC */
250     int mackeylen;	/* mac key */
256     int maclen;		/* length of MAC/tag */
263 .Fa sessp-\*[Gt]crid
267 .Fa sessp-\*[Gt]ivlen
271 .Fa sessp-\*[Gt]maclen
272 specifies the length of the MAC or authentication tag supplied or computed by
274 If this field is set to zero, the full MAC is used.
277 .Fa sessp-\*[Gt]pad
280 .Bd -literal
288     void *mac;		/* must be large enough for result */
295 .Fa cr_op-\*[Gt]op
299 .Fa cr_op-\*[Gt]op
303 .Fa cr_op-\*[Gt]len
305 .Fa cr_op-\*[Gt]src ,
306 .Fa cr_op-\*[Gt]dst ,
307 .Fa cr_op-\*[Gt]mac ,
308 .Fa cr_op-\*[Gt]iv
310 one-way hash, and initialization vector, respectively.
312 If a session is using either fused encrypt-then-authenticate or
320 .Bd -literal
341 .Fa cr_aead-\*[Gt]aad
342 to include in the authentication mode.
368 The values specified for symmetric-key key sizes to
372 The output buffer and MAC buffers supplied to
376 .No non- Ns Dv NULL
377 algorithm, you must supply a suitably-sized buffer.