Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
CRYPTO(7)	   FreeBSD Miscellaneous Information Manual	     CRYPTO(7)

     crypto -- OpenCrypto algorithms

     The in-kernel OpenCrypto framework	supports several different encryption
     and authentication	algorithms.  This document describes the parameters
     and requirements of these algorithms.  Unless otherwise noted, all	sizes
     listed below are in bytes.

     Authenticators compute a value (also known	as a digest, hash, or tag)
     over an input of bytes.  In-kernel	requests can either compute the	value
     for a given input,	or verify if a given tag matches the computed tag for
     a given input.  The following authentication algorithms are supported:

     Name		       Nonce  Key Sizes	    Digest    Description
     CRYPTO_AES_CCM_CBC_MAC    12     16, 24,
							      32    16	      Authentication-only
							      mode of AES-CCM
     CRYPTO_AES_NIST_GMAC      12     16, 24, 32    16	      Galois message
     CRYPTO_BLAKE2B		      0, 64	    64	      Blake2b
     CRYPTO_BLAKE2S		      0, 32	    32	      Blake2s
     CRYPTO_NULL_HMAC				    12	      IPsec NULL HMAC
     CRYPTO_POLY1305		      32	    16	      Poly1305 authen-
     CRYPTO_RIPEMD160				    20	      RIPE Message Di-
     CRYPTO_RIPEMD160_HMAC	      64	    20	      RIPE Message Di-
							      gest-160 HMAC
     CRYPTO_SHA1				    20	      SHA-1
     CRYPTO_SHA1_HMAC		      64	    20	      SHA-1 HMAC
     CRYPTO_SHA2_224				    28	      SHA-2 224
     CRYPTO_SHA2_224_HMAC	      64	    28	      SHA-2 224	HMAC
     CRYPTO_SHA2_256				    32	      SHA-2 256
     CRYPTO_SHA2_256_HMAC	      64	    32	      SHA-2 256	HMAC
     CRYPTO_SHA2_384				    48	      SHA-2 384
     CRYPTO_SHA2_384_HMAC	      128	    48	      SHA-2 384	HMAC
     CRYPTO_SHA2_512				    64	      SHA-2 512
     CRYPTO_SHA2_512_HMAC	      128	    64	      SHA-2 512	HMAC

   Block Ciphers
     Block ciphers in OCF can only operate on messages whose length is an ex-
     act multiple of the cipher's block	size.  OCF supports the	following
     block ciphers:

     Name		    IV Size    Block Size    Key Sizes	   Description
     CRYPTO_AES_CBC	    16	       16	     16, 24, 32	   AES-CBC
     CRYPTO_AES_XTS	    8	       16	     32, 64	   AES-XTS
     CRYPTO_CAMELLIA_CBC    16	       16	     16, 24, 32	   Camellia
     CRYPTO_NULL_CBC	    0	       4	     0-256	   IPsec NULL

     CRYPTO_AES_XTS implements XEX Tweakable Block Cipher with Ciphertext
     Stealing as defined in NIST SP 800-38E.  OCF consumers provide the	first
     8 bytes of	the IV.	 The remaining 8 bytes are defined to be a block
     counter beginning at 0.

     NOTE: The ciphertext stealing part	is not implemented in all backends
     which is why this cipher requires input that is a multiple	of the block

   Stream Ciphers
     Stream ciphers can	operate	on messages with arbitrary lengths.  OCF sup-
     ports the following stream	ciphers:

     Name		IV Size	   Key Sizes	 Description
     CRYPTO_AES_ICM	16	   16, 24, 32	 AES Counter Mode
     CRYPTO_CHACHA20	16	   16, 32	 ChaCha20

     The IV for	each request must be provided in crp_iv	via the

     CRYPTO_AES_ICM uses the entire IV as a 128-bit big	endian block counter.
     The IV sets the initial counter value for a message.  If a	consumer
     wishes to use an IV whose value is	split into separate nonce and counter
     fields (e.g., IPsec), the consumer	is responsible for splitting requests
     to	handle counter rollover.

     CRYPTO_CHACHA20 accepts a 16 byte IV.  The	first 8	bytes are used as a
     nonce.  The last 8	bytes are used as a 64-bit little-endian block

   Authenticated Encryption with Associated Data Algorithms
     AEAD algorithms in	OCF combine a stream cipher with an authentication al-
     gorithm to	provide	both secrecy and authentication.  AEAD algorithms ac-
     cept additional authentication data (AAD) in addition to the ciphertext
     or	plaintext.  AAD	is passed to the authentication	algorithm as input in
     a method defined by the specific AEAD algorithm.

     AEAD algorithms in	OCF accept a nonce that	is combined with an algorithm-
     defined counter to	construct the IV for the underlying stream cipher.
     This nonce	must be	provided in crp_iv via the CRYPTO_F_IV_SEPARATE	flag.
     Some AEAD algorithms support multiple nonce sizes.	 The first size	listed
     is	the default nonce size.

     The following AEAD	algorithms are supported:

     Name		       Nonce	   Key Sizes	 Tag	Description
     CRYPTO_AES_NIST_GCM_16    12	   16, 24, 32	 16	AES Ga-
     CRYPTO_AES_CCM_16	       12, 7-13	   16, 24, 32	 16	AES Counter
								with CBC-MAC
     CRYPTO_CHACHA20_POLY1305  12,
								8	32	      16     ChaCha20-Poly1305

     crypto(4),	crypto(9)

     The crypto	manual page first appeared in FreeBSD 10.1.

FreeBSD	13.0			October	6, 2021			  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help