-.\" $OpenBSD: crypto.9,v 1.37 2014/08/20 11:23:42 mikeb Exp $
+.\" $OpenBSD: crypto.9,v 1.38 2015/05/05 11:17:34 mikeb Exp $
.\"
.\" The author of this man page is Angelos D. Keromytis (angelos@cis.upenn.edu)
.\"
.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
.\" PURPOSE.
.\"
-.Dd $Mdocdate: August 20 2014 $
+.Dd $Mdocdate: May 5 2015 $
.Dt CRYPTO 9
.Os
.Sh NAME
.Ft int
.Fn crypto_register "u_int32_t" "int *" "int (*)(u_int32_t *, struct cryptoini *)" "int (*)(u_int64_t)" "int (*)(struct cryptop *)"
.Ft int
-.Fn crypto_kregister "u_int32_t" "int *" "int (*)(struct cryptkop *)"
-.Ft int
.Fn crypto_unregister "u_int32_t" "int"
.Ft void
.Fn crypto_done "struct cryptop *"
-.Ft void
-.Fn crypto_kdone "struct cryptkop *"
.Ft int
.Fn crypto_newsession "u_int64_t *" "struct cryptoini *" "int"
.Ft int
.Fn crypto_freesession "u_int64_t"
.Ft int
.Fn crypto_dispatch "struct cryptop *"
-.Ft int
-.Fn crypto_kdispatch "struct cryptkop *"
.Ft struct cryptop *
.Fn crypto_getreq "int"
.Ft void
struct cryptop *crp_next;
caddr_t crp_mac;
};
-
-struct crparam {
- caddr_t crp_p;
- u_int crp_nbits;
-};
-
-#define CRK_MAXPARAM 8
-
-struct cryptkop {
- u_int krp_op; /* ie. CRK_MOD_EXP or other */
- u_int krp_status; /* return status */
- u_short krp_iparams; /* # of input parameters */
- u_short krp_oparams; /* # of output parameters */
- u_int32_t krp_hid;
- struct crparam krp_param[CRK_MAXPARAM]; /* kvm */
- int (*krp_callback)(struct cryptkop *);
- struct cryptkop *krp_next;
-};
.Ed
.Sh DESCRIPTION
.Nm
with it) of the operations that should be applied on the data (more
than one cryptographic operation can be requested).
.Pp
-Keying operations are supported as well.
-Unlike the symmetric operators described above,
-these sessionless commands perform mathematical operations using
-input and output parameters.
-.Pp
Since the consumers may not be associated with a process, drivers may
not use
.Xr tsleep 9 .
CRYPTO_MD5_HMAC
CRYPTO_SHA1_HMAC
CRYPTO_RIPEMD160_HMAC
-CRYPTO_MD5_KPDK
-CRYPTO_SHA1_KPDK
CRYPTO_AES_CBC
CRYPTO_AES_CTR
CRYPTO_AES_XTS
opaque field in the
.Fa cryptop
structure.
-.Pp
-.Fn crypto_kdispatch
-is called to perform a keying operation.
-The various fields in the
-.Fa cryptkop
-structure are:
-.Bl -tag -width crp_alloctype
-.It Fa krp_op
-Operation code, such as CRK_MOD_EXP.
-.It Fa krp_status
-Return code.
-This errno-style variable indicates whether there were lower level reasons
-for operation failure.
-.It Fa krp_iparams
-Number of input parameters to the specified operation.
-Note that each operation has a (typically hardwired) number of such parameters.
-.It Fa krp_oparams
-Number of output parameters from the specified operation.
-Note that each operation has a (typically hardwired) number of such parameters.
-.It Fa krp_kvp
-An array of kernel memory blocks containing the parameters.
-.It Fa krp_hid
-Identifier specifying which low-level driver is being used.
-.It Fa krp_callback
-Callback called on completion of a keying operation.
-.El
.Sh DRIVER-SIDE API
The
.Fn crypto_get_driverid ,
.Fn crypto_register ,
-.Fn crypto_kregister ,
.Fn crypto_unregister ,
and
.Fn crypto_done
int (*newsession) (u_int32_t *, struct cryptoini *);
int (*freesession) (u_int64_t);
int (*process) (struct cryptop *);
-int (*kprocess) (struct cryptkop *);
.Ed
.Pp
On invocation, the first argument to
routine should invoke
.Fn crypto_done .
Session migration may be performed, as mentioned previously.
-.Pp
-The
-.Fn kprocess
-routine is invoked with a request to perform crypto key processing.
-This routine must not block, but should queue the request and return
-immediately.
-Upon processing the request, the callback routine should be invoked.
-In case of error, the error indication must be placed in the
-.Fa krp_status
-field of the
-.Fa cryptkop
-structure.
-When the request is completed, or an error is detected, the
-.Fn kprocess
-routine should invoke
-.Fn crypto_kdone .
.Sh RETURN VALUES
.Fn crypto_register ,
-.Fn crypto_kregister ,
.Fn crypto_unregister ,
.Fn crypto_newsession ,
and
projects / openbsd / commitdiff