svn commit: r359384 - in projects/runtime-coverage-v2: . contrib/binutils/binutils etc gnu/usr.bin/binutils gnu/usr.bin/binutils/ld share/man/man4 share/man/man7 share/man/man9 share/mk stand stand...
Enji Cooper
ngie at FreeBSD.org
Sat Mar 28 00:42:01 UTC 2020
Author: ngie
Date: Sat Mar 28 00:41:47 2020
New Revision: 359384
URL: https://svnweb.freebsd.org/changeset/base/359384
Log:
MFhead at r359383
Added:
projects/runtime-coverage-v2/share/man/man9/crypto_asym.9
- copied unchanged from r359383, head/share/man/man9/crypto_asym.9
projects/runtime-coverage-v2/share/man/man9/crypto_driver.9
- copied unchanged from r359383, head/share/man/man9/crypto_driver.9
projects/runtime-coverage-v2/share/man/man9/crypto_request.9
- copied unchanged from r359383, head/share/man/man9/crypto_request.9
projects/runtime-coverage-v2/share/man/man9/crypto_session.9
- copied unchanged from r359383, head/share/man/man9/crypto_session.9
Deleted:
projects/runtime-coverage-v2/gnu/usr.bin/binutils/ld/
projects/runtime-coverage-v2/sys/opencrypto/cryptosoft.h
Modified:
projects/runtime-coverage-v2/Makefile.inc1
projects/runtime-coverage-v2/ObsoleteFiles.inc
projects/runtime-coverage-v2/contrib/binutils/binutils/objdump.c
projects/runtime-coverage-v2/etc/group
projects/runtime-coverage-v2/etc/master.passwd
projects/runtime-coverage-v2/gnu/usr.bin/binutils/Makefile
projects/runtime-coverage-v2/share/man/man4/crypto.4
projects/runtime-coverage-v2/share/man/man7/arch.7
projects/runtime-coverage-v2/share/man/man7/crypto.7
projects/runtime-coverage-v2/share/man/man9/Makefile
projects/runtime-coverage-v2/share/man/man9/bus_dma.9
projects/runtime-coverage-v2/share/man/man9/crypto.9
projects/runtime-coverage-v2/share/mk/bsd.compat.mk
projects/runtime-coverage-v2/share/mk/bsd.cpu.mk
projects/runtime-coverage-v2/share/mk/src.opts.mk
projects/runtime-coverage-v2/stand/defs.mk
projects/runtime-coverage-v2/stand/efi/libefi/efi_console.c
projects/runtime-coverage-v2/stand/forth/loader.4th
projects/runtime-coverage-v2/stand/forth/loader.rc
projects/runtime-coverage-v2/stand/forth/screen.4th
projects/runtime-coverage-v2/stand/lua/core.lua
projects/runtime-coverage-v2/stand/lua/loader.lua
projects/runtime-coverage-v2/sys/amd64/vmm/amd/amdvi_priv.h
projects/runtime-coverage-v2/sys/amd64/vmm/amd/ivrs_drv.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/changes.txt
projects/runtime-coverage-v2/sys/contrib/dev/acpica/common/ahtable.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/common/dmtable.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/common/dmtbdump2.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/common/dmtbinfo2.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/common/dmtbinfo3.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcompile.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcompiler.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslcompiler.l
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/asldefine.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslerror.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslglobal.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/aslload.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/asloptions.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/asltypes.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dtcompiler.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dtcompilerparser.l
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dtcompilerparser.y
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dtparser.l
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dttable1.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/dtutils.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/compiler/prparser.l
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/debugger/dbinput.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/debugger/dbxface.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/dispatcher/dswexec.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/dispatcher/dswload.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/dispatcher/dswload2.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/hardware/hwsleep.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/namespace/nsnames.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/utilities/utdecode.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/components/utilities/utdelete.c
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/acdisasm.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/acnamesp.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/acpixf.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/actbinfo.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/actbl2.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/actbl3.h
projects/runtime-coverage-v2/sys/contrib/dev/acpica/include/acuuid.h
projects/runtime-coverage-v2/sys/crypto/aesni/aesni.c
projects/runtime-coverage-v2/sys/crypto/aesni/aesni.h
projects/runtime-coverage-v2/sys/crypto/aesni/aesni_wrap.c
projects/runtime-coverage-v2/sys/crypto/armv8/armv8_crypto.c
projects/runtime-coverage-v2/sys/crypto/blake2/blake2_cryptodev.c
projects/runtime-coverage-v2/sys/crypto/ccp/ccp.c
projects/runtime-coverage-v2/sys/crypto/ccp/ccp.h
projects/runtime-coverage-v2/sys/crypto/ccp/ccp_hardware.c
projects/runtime-coverage-v2/sys/crypto/via/padlock.c
projects/runtime-coverage-v2/sys/crypto/via/padlock.h
projects/runtime-coverage-v2/sys/crypto/via/padlock_cipher.c
projects/runtime-coverage-v2/sys/crypto/via/padlock_hash.c
projects/runtime-coverage-v2/sys/dev/cesa/cesa.c
projects/runtime-coverage-v2/sys/dev/cesa/cesa.h
projects/runtime-coverage-v2/sys/dev/cxgbe/adapter.h
projects/runtime-coverage-v2/sys/dev/cxgbe/crypto/t4_crypto.c
projects/runtime-coverage-v2/sys/dev/cxgbe/crypto/t4_keyctx.c
projects/runtime-coverage-v2/sys/dev/cxgbe/tom/t4_tls.c
projects/runtime-coverage-v2/sys/dev/glxsb/glxsb.c
projects/runtime-coverage-v2/sys/dev/glxsb/glxsb.h
projects/runtime-coverage-v2/sys/dev/glxsb/glxsb_hash.c
projects/runtime-coverage-v2/sys/dev/hifn/hifn7751.c
projects/runtime-coverage-v2/sys/dev/hifn/hifn7751var.h
projects/runtime-coverage-v2/sys/dev/safe/safe.c
projects/runtime-coverage-v2/sys/dev/safe/safevar.h
projects/runtime-coverage-v2/sys/dev/sec/sec.c
projects/runtime-coverage-v2/sys/dev/sec/sec.h
projects/runtime-coverage-v2/sys/dev/sound/pcm/mixer.c
projects/runtime-coverage-v2/sys/dev/sound/usb/uaudio.c
projects/runtime-coverage-v2/sys/dev/ubsec/ubsec.c
projects/runtime-coverage-v2/sys/dev/ubsec/ubsecvar.h
projects/runtime-coverage-v2/sys/geom/eli/g_eli.c
projects/runtime-coverage-v2/sys/geom/eli/g_eli.h
projects/runtime-coverage-v2/sys/geom/eli/g_eli_crypto.c
projects/runtime-coverage-v2/sys/geom/eli/g_eli_integrity.c
projects/runtime-coverage-v2/sys/geom/eli/g_eli_privacy.c
projects/runtime-coverage-v2/sys/kern/subr_bus_dma.c
projects/runtime-coverage-v2/sys/kern/uipc_ktls.c
projects/runtime-coverage-v2/sys/kgssapi/krb5/kcrypto_aes.c
projects/runtime-coverage-v2/sys/kgssapi/krb5/kcrypto_des.c
projects/runtime-coverage-v2/sys/kgssapi/krb5/kcrypto_des3.c
projects/runtime-coverage-v2/sys/mips/cavium/cryptocteon/cavium_crypto.c
projects/runtime-coverage-v2/sys/mips/cavium/cryptocteon/cryptocteon.c
projects/runtime-coverage-v2/sys/mips/cavium/cryptocteon/cryptocteonvar.h
projects/runtime-coverage-v2/sys/mips/nlm/dev/sec/nlmrsa.c
projects/runtime-coverage-v2/sys/mips/nlm/dev/sec/nlmsec.c
projects/runtime-coverage-v2/sys/mips/nlm/dev/sec/nlmseclib.c
projects/runtime-coverage-v2/sys/mips/nlm/dev/sec/nlmseclib.h
projects/runtime-coverage-v2/sys/mips/nlm/hal/nlmsaelib.h
projects/runtime-coverage-v2/sys/netinet/ip_input.c
projects/runtime-coverage-v2/sys/netinet/sctp_pcb.h
projects/runtime-coverage-v2/sys/netinet/sctp_structs.h
projects/runtime-coverage-v2/sys/netinet/sctp_timer.c
projects/runtime-coverage-v2/sys/netinet/tcp_ratelimit.c
projects/runtime-coverage-v2/sys/netipsec/xform.h
projects/runtime-coverage-v2/sys/netipsec/xform_ah.c
projects/runtime-coverage-v2/sys/netipsec/xform_esp.c
projects/runtime-coverage-v2/sys/netipsec/xform_ipcomp.c
projects/runtime-coverage-v2/sys/opencrypto/criov.c
projects/runtime-coverage-v2/sys/opencrypto/crypto.c
projects/runtime-coverage-v2/sys/opencrypto/cryptodev.c
projects/runtime-coverage-v2/sys/opencrypto/cryptodev.h
projects/runtime-coverage-v2/sys/opencrypto/cryptodev_if.m
projects/runtime-coverage-v2/sys/opencrypto/cryptosoft.c
projects/runtime-coverage-v2/sys/opencrypto/ktls_ocf.c
projects/runtime-coverage-v2/sys/opencrypto/xform_gmac.c
projects/runtime-coverage-v2/sys/sys/bus_dma.h
projects/runtime-coverage-v2/sys/sys/param.h
projects/runtime-coverage-v2/tests/sys/opencrypto/cryptodev.py
projects/runtime-coverage-v2/tests/sys/opencrypto/cryptodevh.py
projects/runtime-coverage-v2/tests/sys/opencrypto/cryptotest.py
projects/runtime-coverage-v2/tools/build/mk/OptionalObsoleteFiles.inc
projects/runtime-coverage-v2/tools/build/options/WITHOUT_BINUTILS
projects/runtime-coverage-v2/tools/build/options/WITH_BINUTILS
projects/runtime-coverage-v2/tools/tools/crypto/cryptocheck.c
projects/runtime-coverage-v2/usr.sbin/bhyve/pci_nvme.c
Directory Properties:
projects/runtime-coverage-v2/ (props changed)
projects/runtime-coverage-v2/contrib/binutils/ (props changed)
projects/runtime-coverage-v2/gnu/usr.bin/binutils/ (props changed)
projects/runtime-coverage-v2/sys/contrib/dev/acpica/ (props changed)
Modified: projects/runtime-coverage-v2/Makefile.inc1
==============================================================================
--- projects/runtime-coverage-v2/Makefile.inc1 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/Makefile.inc1 Sat Mar 28 00:41:47 2020 (r359384)
@@ -1103,7 +1103,7 @@ _libraries:
${_+_}cd ${.CURDIR}; \
${WMAKE} -DNO_FSCHG -DNO_LINT \
MK_COVERAGE_SUPPORT=${MK_COVERAGE} MK_HTML=no MK_MAN=no \
- MK_PROFILE=no MK_TESTS=no MK_TESTS_SUPPORT=${MK_TESTS} \
+ MK_PROFILE=no MK_TESTS=no MK_TESTS_SUPPORT=${MK_TESTS_SUPPORT} \
libraries
everything: .PHONY
@echo
Modified: projects/runtime-coverage-v2/ObsoleteFiles.inc
==============================================================================
--- projects/runtime-coverage-v2/ObsoleteFiles.inc Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/ObsoleteFiles.inc Sat Mar 28 00:41:47 2020 (r359384)
@@ -36,6 +36,11 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20200327: OCF refactoring
+OLD_FILES+=usr/share/man/man9/crypto_find_driver.9
+OLD_FILES+=usr/share/man/man9/crypto_register.9
+OLD_FILES+=usr/share/man/man9/crypto_unregister.9
+
# 20200323: INTERNALLIB don't install headers anymore
OLD_FILES+=usr/include/libelftc.h
OLD_FILES+=usr/include/libifconfig.h
Modified: projects/runtime-coverage-v2/contrib/binutils/binutils/objdump.c
==============================================================================
--- projects/runtime-coverage-v2/contrib/binutils/binutils/objdump.c Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/contrib/binutils/binutils/objdump.c Sat Mar 28 00:41:47 2020 (r359384)
@@ -3248,6 +3248,8 @@ main (int argc, char **argv)
}
}
+ non_fatal (_("objdump 2.17.50 is deprecated in FreeBSD and will be removed"));
+
if (show_version)
print_version ("objdump");
Modified: projects/runtime-coverage-v2/etc/group
==============================================================================
--- projects/runtime-coverage-v2/etc/group Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/etc/group Sat Mar 28 00:41:47 2020 (r359384)
@@ -32,5 +32,6 @@ www:*:80:
ntpd:*:123:
_ypldap:*:160:
hast:*:845:
+tests:*:977:
nogroup:*:65533:
nobody:*:65534:
Modified: projects/runtime-coverage-v2/etc/master.passwd
==============================================================================
--- projects/runtime-coverage-v2/etc/master.passwd Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/etc/master.passwd Sat Mar 28 00:41:47 2020 (r359384)
@@ -25,5 +25,5 @@ www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/us
ntpd:*:123:123::0:0:NTP Daemon:/var/db/ntp:/usr/sbin/nologin
_ypldap:*:160:160::0:0:YP LDAP unprivileged user:/var/empty:/usr/sbin/nologin
hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
-tests:*:977:65534::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
+tests:*:977:977::0:0:Unprivileged user for tests:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
Modified: projects/runtime-coverage-v2/gnu/usr.bin/binutils/Makefile
==============================================================================
--- projects/runtime-coverage-v2/gnu/usr.bin/binutils/Makefile Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/gnu/usr.bin/binutils/Makefile Sat Mar 28 00:41:47 2020 (r359384)
@@ -17,15 +17,8 @@ SUBDIR.${MK_BINUTILS}+= objdump
SUBDIR.${MK_BINUTILS}+= as
.endif
-# All archs except powerpc either use lld or require external toolchain.
-# powerpc still needs binutils ld to link 32-bit binaries.
-.if ${TARGET} == "powerpc"
-SUBDIR.${MK_BINUTILS}+=ld
-.endif
-
SUBDIR_DEPEND_libbinutils=libbfd # for bfdver.h
SUBDIR_DEPEND_as=libbfd libiberty libopcodes
-SUBDIR_DEPEND_ld=libbfd libiberty
SUBDIR_DEPEND_objdump=libbfd libiberty libbinutils libopcodes
.if !make(install)
Modified: projects/runtime-coverage-v2/share/man/man4/crypto.4
==============================================================================
--- projects/runtime-coverage-v2/share/man/man4/crypto.4 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man4/crypto.4 Sat Mar 28 00:41:47 2020 (r359384)
@@ -60,7 +60,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 17, 2019
+.Dd March 27, 2020
.Dt CRYPTO 4
.Os
.Sh NAME
@@ -156,7 +156,7 @@ file desriptor.
The symmetric-key operation mode provides a context-based API
to traditional symmetric-key encryption (or privacy) algorithms,
or to keyed and unkeyed one-way hash (HMAC and MAC) algorithms.
-The symmetric-key mode also permits fused operation,
+The symmetric-key mode also permits encrypt-then-authenticate fused operation,
where the hardware performs both a privacy algorithm and an integrity-check
algorithm in a single pass over the data: either a fused
encrypt/HMAC-generate operation, or a fused HMAC-verify/decrypt operation.
@@ -314,16 +314,14 @@ supplies the length of the input buffer; the fields
.Fa cr_op-\*[Gt]iv
supply the addresses of the input buffer, output buffer,
one-way hash, and initialization vector, respectively.
-If a session is using both a privacy algorithm and a hash algorithm,
-the request will generate a hash of the input buffer before
-generating the output buffer by default.
-If the
-.Dv COP_F_CIPHER_FIRST
-flag is included in the
-.Fa cr_op-\*[Gt]flags
-field,
-then the request will generate a hash of the output buffer after
-executing the privacy algorithm.
+.Pp
+If a session is using either fused encrypt-then-authenticate or
+an AEAD algorithm,
+decryption operations require the associated hash as an input.
+If the hash is incorrect, the
+operation will fail with
+.Dv EBADMSG
+and the output buffer will remain unchanged.
.It Dv CIOCCRYPTAEAD Fa struct crypt_aead *cr_aead
.Bd -literal
struct crypt_aead {
Modified: projects/runtime-coverage-v2/share/man/man7/arch.7
==============================================================================
--- projects/runtime-coverage-v2/share/man/man7/arch.7 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man7/arch.7 Sat Mar 28 00:41:47 2020 (r359384)
@@ -311,8 +311,8 @@ This table shows the default tool chain for each archi
.It mips64el Ta Clang Ta lld
.It mips64elhf Ta Clang Ta lld
.It mips64hf Ta Clang Ta lld
-.It powerpc Ta Clang Ta GNU ld 2.17.50
-.It powerpcspe Ta Clang Ta GNU ld 2.17.50
+.It powerpc Ta Clang Ta lld
+.It powerpcspe Ta Clang Ta lld
.It powerpc64 Ta Clang Ta lld
.It riscv64 Ta Clang Ta lld
.It riscv64sf Ta Clang Ta lld
Modified: projects/runtime-coverage-v2/share/man/man7/crypto.7
==============================================================================
--- projects/runtime-coverage-v2/share/man/man7/crypto.7 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man7/crypto.7 Sat Mar 28 00:41:47 2020 (r359384)
@@ -27,7 +27,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd January 2, 2015
+.Dd March 27, 2020
.Dt CRYPTO 7
.Os
.Sh NAME
@@ -68,19 +68,13 @@ This algorithm implements Cipher-block chaining.
.El
.Pp
This algorithm implements Galois/Counter Mode.
-This is the cipher part of an AEAD
+This cipher uses AEAD
.Pq Authenticated Encryption with Associated Data
mode.
-This requires use of the use of a proper authentication mode, one of
-.Dv CRYPTO_AES_128_NIST_GMAC ,
-.Dv CRYPTO_AES_192_NIST_GMAC
-or
-.Dv CRYPTO_AES_256_NIST_GMAC ,
-that corresponds with the number of bits in the key that you are using.
.Pp
-The associated data (if any) must be provided by the authentication mode op.
-The authentication tag will be read/written from/to the offset crd_inject
-specified in the descriptor for the authentication mode.
+The authentication tag will be read/written from/to the offset
+.Va crp_digest_start
+specified in the request.
.Pp
Note: You must provide an IV on every call.
.It Dv CRYPTO_AES_ICM
@@ -117,22 +111,6 @@ as defined in NIST SP 800-38E.
.Pp
NOTE: The ciphertext stealing part is not implemented which is why this cipher
is listed as having a block size of 16 instead of 1.
-.El
-.Pp
-Authentication algorithms:
-.Bl -tag -width ".Dv CRYPTO_AES_256_NIST_GMAC"
-.It CRYPTO_AES_128_NIST_GMAC
-See
-.Dv CRYPTO_AES_NIST_GCM_16
-in the cipher mode section.
-.It CRYPTO_AES_192_NIST_GMAC
-See
-.Dv CRYPTO_AES_NIST_GCM_16
-in the cipher mode section.
-.It CRYPTO_AES_256_NIST_GMAC
-See
-.Dv CRYPTO_AES_NIST_GCM_16
-in the cipher mode section.
.El
.Sh SEE ALSO
.Xr crypto 4 ,
Modified: projects/runtime-coverage-v2/share/man/man9/Makefile
==============================================================================
--- projects/runtime-coverage-v2/share/man/man9/Makefile Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man9/Makefile Sat Mar 28 00:41:47 2020 (r359384)
@@ -71,6 +71,10 @@ MAN= accept_filter.9 \
cr_seeothergids.9 \
cr_seeotheruids.9 \
crypto.9 \
+ crypto_asym.9 \
+ crypto_driver.9 \
+ crypto_request.9 \
+ crypto_session.9 \
CTASSERT.9 \
DB_COMMAND.9 \
DECLARE_GEOM_CLASS.9 \
@@ -889,20 +893,33 @@ MLINKS+=cpuset.9 CPUSET_T_INITIALIZER.9 \
cpuset.9 CPU_COPY_STORE_REL.9
MLINKS+=critical_enter.9 critical.9 \
critical_enter.9 critical_exit.9
-MLINKS+=crypto.9 crypto_dispatch.9 \
- crypto.9 crypto_done.9 \
- crypto.9 crypto_freereq.9 \
- crypto.9 crypto_freesession.9 \
- crypto.9 crypto_get_driverid.9 \
- crypto.9 crypto_getreq.9 \
- crypto.9 crypto_kdispatch.9 \
- crypto.9 crypto_kdone.9 \
- crypto.9 crypto_kregister.9 \
- crypto.9 crypto_newsession.9 \
- crypto.9 crypto_register.9 \
- crypto.9 crypto_unblock.9 \
- crypto.9 crypto_unregister.9 \
- crypto.9 crypto_unregister_all.9
+MLINKS+=crypto_asym.9 crypto_kdispatch.9 \
+ crypto_asym.9 crypto_kdone.9 \
+ crypto_asym.9 crypto_kregister.9 \
+ crypto_asym.9 CRYPTODEV_KPROCESS.9
+MLINKS+=crypto_driver.9 crypto_apply.9 \
+ crypto_driver.9 crypto_contiguous_segment.9 \
+ crypto_driver.9 crypto_copyback.9 \
+ crypto_driver.9 crypto_copydata.9 \
+ crypto_driver.9 crypto_done.9 \
+ crypto_driver.9 crypto_get_driverid.9 \
+ crypto_driver.9 crypto_get_driver_session.9 \
+ crypto_driver.9 crypto_unblock.9 \
+ crypto_driver.9 crypto_unregister_all.9 \
+ crypto_driver.9 CRYPTODEV_FREESESSION.9 \
+ crypto_driver.9 CRYPTODEV_NEWSESSION.9 \
+ crypto_driver.9 CRYPTODEV_PROBESESSION.9 \
+ crypto_driver.9 CRYPTODEV_PROCESS.9 \
+ crypto_driver.9 hmac_init_ipad.9 \
+ crypto_driver.9 hmac_init_opad.9
+MLINKS+=crypto_request.9 crypto_dispatch.9 \
+ crypto_request.9 crypto_freereq.9 \
+ crypto_request.9 crypto_getreq.9
+MLINKS+=crypto_session.9 crypto_auth_hash.9 \
+ crypto_session.9 crypto_cipher.9 \
+ crypto_session.9 crypto_get_params.9 \
+ crypto_session.9 crypto_newsession.9 \
+ crypto_session.9 crypto_freesession.9
MLINKS+=DB_COMMAND.9 DB_SHOW_ALL_COMMAND.9 \
DB_COMMAND.9 DB_SHOW_COMMAND.9
MLINKS+=DECLARE_MODULE.9 DECLARE_MODULE_TIED.9
Modified: projects/runtime-coverage-v2/share/man/man9/bus_dma.9
==============================================================================
--- projects/runtime-coverage-v2/share/man/man9/bus_dma.9 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man9/bus_dma.9 Sat Mar 28 00:41:47 2020 (r359384)
@@ -53,7 +53,7 @@
.\" $FreeBSD$
.\" $NetBSD: bus_dma.9,v 1.25 2002/10/14 13:43:16 wiz Exp $
.\"
-.Dd August 11, 2018
+.Dd March 27, 2020
.Dt BUS_DMA 9
.Os
.Sh NAME
@@ -68,6 +68,7 @@
.Nm bus_dmamap_load ,
.Nm bus_dmamap_load_bio ,
.Nm bus_dmamap_load_ccb ,
+.Nm bus_dmamap_load_crp ,
.Nm bus_dmamap_load_mbuf ,
.Nm bus_dmamap_load_mbuf_sg ,
.Nm bus_dmamap_load_uio ,
@@ -118,6 +119,10 @@
"union ccb *ccb" "bus_dmamap_callback_t *callback" "void *callback_arg" \
"int flags"
.Ft int
+.Fn bus_dmamap_load_crp "bus_dma_tag_t dmat" "bus_dmamap_t map" \
+"struct crypto *crp" "bus_dmamap_callback_t *callback" "void *callback_arg" \
+"int flags"
+.Ft int
.Fn bus_dmamap_load_mbuf "bus_dma_tag_t dmat" "bus_dmamap_t map" \
"struct mbuf *mbuf" "bus_dmamap_callback2_t *callback" "void *callback_arg" \
"int flags"
@@ -387,9 +392,10 @@ the load of a
.Vt bus_dmamap_t
via
.Fn bus_dmamap_load ,
-.Fn bus_dmamap_load_bio
+.Fn bus_dmamap_load_bio ,
+.Fn bus_dmamap_load_ccb ,
or
-.Fn bus_dmamap_load_ccb .
+.Fn bus_dmamap_load_crp .
Callbacks are of the format:
.Bl -tag -width indent
.It Ft void
@@ -879,6 +885,15 @@ XPT_CONT_TARGET_IO
.It
XPT_SCSI_IO
.El
+.It Fn bus_dmamap_load_crp "dmat" "map" "crp" "callback" "callback_arg" "flags"
+This is a variation of
+.Fn bus_dmamap_load
+which maps buffers pointed to by
+.Fa crp
+for DMA transfers.
+The
+.Dv BUS_DMA_NOWAIT
+flag is implied, thus no callback deferral will happen.
.It Fn bus_dmamap_load_mbuf "dmat" "map" "mbuf" "callback2" "callback_arg" \
"flags"
This is a variation of
Modified: projects/runtime-coverage-v2/share/man/man9/crypto.9
==============================================================================
--- projects/runtime-coverage-v2/share/man/man9/crypto.9 Sat Mar 28 00:38:43 2020 (r359383)
+++ projects/runtime-coverage-v2/share/man/man9/crypto.9 Sat Mar 28 00:41:47 2020 (r359384)
@@ -17,7 +17,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd December 17, 2019
+.Dd March 27, 2020
.Dt CRYPTO 9
.Os
.Sh NAME
@@ -25,120 +25,50 @@
.Nd API for cryptographic services in the kernel
.Sh SYNOPSIS
.In opencrypto/cryptodev.h
-.Ft int32_t
-.Fn crypto_get_driverid "device_t dev" "size_t session_size" "int flags"
-.Ft int
-.Fn crypto_register "uint32_t driverid" "int alg" "uint16_t maxoplen" "uint32_t flags"
-.Ft int
-.Fn crypto_kregister "uint32_t driverid" "int kalg" "uint32_t flags"
-.Ft int
-.Fn crypto_unregister "uint32_t driverid" "int alg"
-.Ft int
-.Fn crypto_unregister_all "uint32_t driverid"
-.Ft void
-.Fn crypto_done "struct cryptop *crp"
-.Ft void
-.Fn crypto_kdone "struct cryptkop *krp"
-.Ft int
-.Fn crypto_find_driver "const char *match"
-.Ft int
-.Fn crypto_newsession "crypto_session_t *cses" "struct cryptoini *cri" "int crid"
-.Ft int
-.Fn crypto_freesession "crypto_session_t cses"
-.Ft int
-.Fn crypto_dispatch "struct cryptop *crp"
-.Ft int
-.Fn crypto_kdispatch "struct cryptkop *krp"
-.Ft int
-.Fn crypto_unblock "uint32_t driverid" "int what"
-.Ft "struct cryptop *"
-.Fn crypto_getreq "int num"
-.Ft void
-.Fn crypto_freereq "struct cryptop *crp"
-.Bd -literal
-#define CRYPTO_SYMQ 0x1
-#define CRYPTO_ASYMQ 0x2
-
-#define EALG_MAX_BLOCK_LEN 16
-
-struct cryptoini {
- int cri_alg;
- int cri_klen;
- int cri_mlen;
- caddr_t cri_key;
- uint8_t cri_iv[EALG_MAX_BLOCK_LEN];
- struct cryptoini *cri_next;
-};
-
-struct cryptodesc {
- int crd_skip;
- int crd_len;
- int crd_inject;
- int crd_flags;
- struct cryptoini CRD_INI;
-#define crd_iv CRD_INI.cri_iv
-#define crd_key CRD_INI.cri_key
-#define crd_alg CRD_INI.cri_alg
-#define crd_klen CRD_INI.cri_klen
- struct cryptodesc *crd_next;
-};
-
-struct cryptop {
- TAILQ_ENTRY(cryptop) crp_next;
- crypto_session_t crp_session;
- int crp_ilen;
- int crp_olen;
- int crp_etype;
- int crp_flags;
- caddr_t crp_buf;
- caddr_t crp_opaque;
- struct cryptodesc *crp_desc;
- int (*crp_callback) (struct cryptop *);
- caddr_t crp_mac;
-};
-
-struct crparam {
- caddr_t crp_p;
- u_int crp_nbits;
-};
-
-#define CRK_MAXPARAM 8
-
-struct cryptkop {
- TAILQ_ENTRY(cryptkop) krp_next;
- u_int krp_op; /* ie. CRK_MOD_EXP or other */
- u_int krp_status; /* return status */
- u_short krp_iparams; /* # of input parameters */
- u_short krp_oparams; /* # of output parameters */
- uint32_t krp_hid;
- struct crparam krp_param[CRK_MAXPARAM];
- int (*krp_callback)(struct cryptkop *);
-};
-.Ed
.Sh DESCRIPTION
.Nm
-is a framework for drivers of cryptographic hardware to register with
-the kernel so
-.Dq consumers
-(other kernel subsystems, and
-users through the
+is a framework for in-kernel cryptography.
+It permits in-kernel consumers to encrypt and decrypt data
+and also enables userland applications to use cryptographic hardware
+through the
.Pa /dev/crypto
-device) are able to make use of it.
-Drivers register with the framework the algorithms they support,
-and provide entry points (functions) the framework may call to
-establish, use, and tear down sessions.
-Sessions are used to cache cryptographic information in a particular driver
-(or associated hardware), so initialization is not needed with every request.
-Consumers of cryptographic services pass a set of
-descriptors that instruct the framework (and the drivers registered
-with it) of the operations that should be applied on the data (more
-than one cryptographic operation can be requested).
+device.
.Pp
-Keying operations are supported as well.
-Unlike the symmetric operators described above,
-these sessionless commands perform mathematical operations using
-input and output parameters.
+.Nm
+supports two modes of operation:
+one mode for symmetric-keyed cryptographic requests and digest,
+and a second mode for asymmetric-key requests and modular arithmetic.
+.Ss Symmetric-Key Mode
+Symmetric-key operations include encryption and decryption operations
+using block and stream ciphers as well as computation and verification
+of message authentication codes (MACs).
+In this mode,
+consumers allocate sessions to describe a transform as discussed in
+.Xr crypto_session 9 .
+Consumers then allocate request objects to describe each transformation
+such as encrypting a network packet or decrypting a disk sector.
+Requests are described in
+.Xr crypto_request 9 .
.Pp
+Device drivers are responsible for processing requests submitted by
+consumers.
+.Xr crypto_driver 9
+describes the interfaces drivers use to register with the framework,
+helper routines the framework provides to faciliate request processing,
+and the interfaces drivers are required to provide.
+.Ss Asymmetric-Key Mode
+Assymteric-key operations do not use sessions.
+Instead,
+these operations perform individual mathematical operations using a set
+of input and output parameters.
+These operations are described in
+.Xr crypto_asym 9 .
+Drivers that support asymmetric operations use additional interfaces
+described in
+.Xr crypto_asym 9
+in addition to the base interfaces described in
+.Xr crypto_driver 9 .
+.Ss Callbacks
Since the consumers may not be associated with a process, drivers may
not
.Xr sleep 9 .
@@ -148,88 +78,38 @@ to notify a consumer that a request has been completed
callback is specified by the consumer on a per-request basis).
The callback is invoked by the framework whether the request was
successfully completed or not.
-An error indication is provided in the latter case.
-A specific error code,
+Errors are reported to the callback function.
+.Pp
+Session initialization does not use callbacks and returns errors
+synchronously.
+.Ss Session Migration
+For symmetric-key operations,
+a specific error code,
.Er EAGAIN ,
is used to indicate that a session handle has changed and that the
request may be re-submitted immediately with the new session.
-Errors are only returned to the invoking function if not
-enough information to call the callback is available (meaning, there
-was a fatal error in verifying the arguments).
-For session initialization and teardown no callback mechanism is used.
+The consumer should update its saved copy of the session handle
+to the value of
+.Fa crp_session
+so that future requests use the new session.
+.Ss Supported Algorithms
+More details on some algorithms may be found in
+.Xr crypto 7 .
+These algorithms are used for symmetric-mode operations.
+Asymmetric-mode operations support operations described in
+.Xr crypto_asym 9 .
.Pp
-The
-.Fn crypto_find_driver
-returns the driver id of the device whose name matches
-.Fa match .
-.Fa match
-can either be the exact name of a device including the unit
-or the driver name without a unit.
-In the latter case,
-the id of the first device with the matching driver name is returned.
-If no matching device is found,
-the value -1 is returned.
+The following authentication algorithms are supported:
.Pp
-The
-.Fn crypto_newsession
-routine is called by consumers of cryptographic services (such as the
-.Xr ipsec 4
-stack) that wish to establish a new session with the framework.
-The
-.Fa cri
-argument points to a
-.Vt cryptoini
-structure containing all the necessary information for
-the driver to establish the session.
-The
-.Fa crid
-argument is either a specific driver id or a bitmask of flags.
-The flags are
-.Dv CRYPTOCAP_F_HARDWARE ,
-to select hardware devices,
-or
-.Dv CRYPTOCAP_F_SOFTWARE ,
-to select software devices.
-If both are specified, hardware devices are preferred over software
-devices.
-On success, the opaque session handle of the new session will be stored in
-.Fa *cses .
-The
-.Vt cryptoini
-structure pointed to by
-.Fa cri
-contains these fields:
-.Bl -tag -width ".Va cri_next"
-.It Va cri_alg
-An algorithm identifier.
-Currently supported algorithms are:
-.Pp
-.Bl -tag -width ".Dv CRYPTO_RIPEMD160_HMAC" -compact
-.It Dv CRYPTO_AES_128_NIST_GMAC
-.It Dv CRYPTO_AES_192_NIST_GMAC
-.It Dv CRYPTO_AES_256_NIST_GMAC
-.It Dv CRYPTO_AES_CBC
-.It Dv CRYPTO_AES_CCM_16
+.Bl -tag -offset indent -width CRYPTO_AES_CCM_CBC_MAC -compact
.It Dv CRYPTO_AES_CCM_CBC_MAC
-.It Dv CRYPTO_AES_ICM
-.It Dv CRYPTO_AES_NIST_GCM_16
.It Dv CRYPTO_AES_NIST_GMAC
-.It Dv CRYPTO_AES_XTS
-.It Dv CRYPTO_ARC4
.It Dv CRYPTO_BLAKE2B
.It Dv CRYPTO_BLAKE2S
-.It Dv CRYPTO_BLF_CBC
-.It Dv CRYPTO_CAMELLIA_CBC
-.It Dv CRYPTO_CAST_CBC
-.It Dv CRYPTO_CHACHA20
-.It Dv CRYPTO_DEFLATE_COMP
-.It Dv CRYPTO_DES_CBC
-.It Dv CRYPTO_3DES_CBC
.It Dv CRYPTO_MD5
.It Dv CRYPTO_MD5_HMAC
.It Dv CRYPTO_MD5_KPDK
.It Dv CRYPTO_NULL_HMAC
-.It Dv CRYPTO_NULL_CBC
.It Dv CRYPTO_POLY1305
.It Dv CRYPTO_RIPEMD160
.It Dv CRYPTO_RIPEMD160_HMAC
@@ -244,488 +124,38 @@ Currently supported algorithms are:
.It Dv CRYPTO_SHA2_384_HMAC
.It Dv CRYPTO_SHA2_512
.It Dv CRYPTO_SHA2_512_HMAC
-.It Dv CRYPTO_SKIPJACK_CBC
.El
-.It Va cri_klen
-For variable-size key algorithms, the length of the key in bits.
-.It Va cri_mlen
-If non-zero, truncate the calculated hash to this many bytes.
-.It Va cri_key
-The key to be used.
-.It Va cri_iv
-An explicit initialization vector if it does not prefix
-the data.
-This field is ignored during initialization
-.Pq Nm crypto_newsession .
-If no IV is explicitly passed (see below on details), a random IV is used
-by the device driver processing the request.
-.It Va cri_next
-Pointer to another
-.Vt cryptoini
-structure.
-This is used to establish dual-algorithm sessions, such as combining a
-cipher with a MAC.
-.El
.Pp
-The
-.Vt cryptoini
-structure and its contents will not be modified or referenced by the
-framework or any cryptographic drivers.
-The memory associated with
-.Fa cri
-can be released once
-.Fn crypto_newsession
-returns.
+The following encryption algorithms are supported:
.Pp
-.Fn crypto_freesession
-is called with the session handle returned by
-.Fn crypto_newsession
-to free the session.
-.Pp
-.Fn crypto_dispatch
-is called to process a request.
-The various fields in the
-.Vt cryptop
-structure are:
-.Bl -tag -width ".Va crp_callback"
-.It Va crp_session
-The session handle.
-.It Va crp_ilen
-The total length in bytes of the buffer to be processed.
-.It Va crp_olen
-On return, contains the total length of the result.
-For symmetric crypto operations, this will be the same as the input length.
-This will be used if the framework needs to allocate a new
-buffer for the result (or for re-formatting the input).
-.It Va crp_callback
-Callback routine invoked when a request is completed via
-.Fn crypto_done .
-The callback routine should inspect the
-.Va crp_etype
-to determine if the request was successfully completed.
-.It Va crp_etype
-The error type, if any errors were encountered, or zero if
-the request was successfully processed.
-If the
-.Er EAGAIN
-error code is returned, the session handle has changed (and has been recorded
-in the
-.Va crp_session
-field).
-The consumer should record the new session handle and use it in all subsequent
-requests.
-In this case, the request may be re-submitted immediately.
-This mechanism is used by the framework to perform
-session migration (move a session from one driver to another, because
-of availability, performance, or other considerations).
-.Pp
-This field is only valid in the context of the callback routine specified by
-.Va crp_callback .
-Errors are returned to the invoker of
-.Fn crypto_process
-only when enough information is not present to call the callback
-routine (i.e., if the pointer passed is
-.Dv NULL
-or if no callback routine was specified).
-.It Va crp_flags
-A bitmask of flags associated with this request.
-Currently defined flags are:
-.Bl -tag -width ".Dv CRYPTO_F_CBIFSYNC"
-.It Dv CRYPTO_F_IMBUF
-The buffer is an mbuf chain pointed to by
-.Va crp_mbuf .
-.It Dv CRYPTO_F_IOV
-The buffer is a
-.Vt uio
-structure pointed to by
-.Va crp_uio .
-.It Dv CRYPTO_F_BATCH
-Batch operation if possible.
-.It Dv CRYPTO_F_CBIMM
-Do callback immediately instead of doing it from a dedicated kernel thread.
-.It Dv CRYPTO_F_DONE
-Operation completed.
-.It Dv CRYPTO_F_CBIFSYNC
-Do callback immediately if operation is synchronous (that the driver
-specified the
-.Dv CRYPTOCAP_F_SYNC
-flag).
-.It Dv CRYPTO_F_ASYNC
-Try to do the crypto operation in a pool of workers
-if the operation is synchronous (that is, if the driver specified the
-.Dv CRYPTOCAP_F_SYNC
-flag).
-It aims to speed up processing by dispatching crypto operations
-on different processors.
-.It Dv CRYPTO_F_ASYNC_KEEPORDER
-Dispatch callbacks in the same order they are posted.
-Only relevant if the
-.Dv CRYPTO_F_ASYNC
-flag is set and if the operation is synchronous.
+.Bl -tag -offset indent -width CRYPTO_CAMELLIA_CBC -compact
+.It Dv CRYPTO_AES_CBC
+.It Dv CRYPTO_AES_ICM
+.It Dv CRYPTO_AES_XTS
+.It Dv CRYPTO_ARC4
+.It Dv CRYPTO_BLF_CBC
+.It Dv CRYPTO_CAMELLIA_CBC
+.It Dv CRYPTO_CAST_CBC
+.It Dv CRYPTO_CHACHA20
+.It Dv CRYPTO_DES_CBC
+.It Dv CRYPTO_3DES_CBC
+.It Dv CRYPTO_NULL_CBC
+.It Dv CRYPTO_SKIPJACK_CBC
.El
-.It Va crp_buf
-Data buffer unless
-.Dv CRYPTO_F_IMBUF
-or
-.Dv CRYPTO_F_IOV
-is set in
-.Va crp_flags .
-The length in bytes is set in
-.Va crp_ilen .
-.It Va crp_mbuf
-Data buffer mbuf chain when
-.Dv CRYPTO_F_IMBUF
-is set in
-.Va crp_flags .
-.It Va crp_uio
-.Vt struct uio
-data buffer when
-.Dv CRYPTO_F_IOV
-is set in
-.Va crp_flags .
-.It Va crp_opaque
-Cookie passed through the crypto framework untouched.
-It is
-intended for the invoking application's use.
-.It Va crp_desc
-A linked list of descriptors.
-Each descriptor provides
-information about what type of cryptographic operation should be done
-on the input buffer.
-The various fields are:
-.Bl -tag -width ".Va crd_inject"
-.It Va crd_iv
-When the flag
-.Dv CRD_F_IV_EXPLICIT
-is set, this field contains the IV.
-.It Va crd_key
-When the
-.Dv CRD_F_KEY_EXPLICIT
-flag is set, the
-.Va crd_key
-points to a buffer with encryption or authentication key.
-.It Va crd_alg
-An algorithm to use.
-Must be the same as the one given at newsession time.
-.It Va crd_klen
-The
-.Va crd_key
-key length.
-.It Va crd_skip
-The offset in the input buffer where processing should start.
-.It Va crd_len
-How many bytes, after
-.Va crd_skip ,
-should be processed.
-.It Va crd_inject
-The
-.Va crd_inject
-field specifies an offset in bytes from the beginning of the buffer.
-For encryption algorithms, this may be where the IV will be inserted
-when encrypting or where the IV may be found for
-decryption (subject to
-.Va crd_flags ) .
-For MAC algorithms, this is where the result of the keyed hash will be
-inserted.
-.It Va crd_flags
-The following flags are defined:
-.Bl -tag -width 3n
-.It Dv CRD_F_ENCRYPT
-For encryption algorithms, this bit is set when encryption is required
-(when not set, decryption is performed).
-.It Dv CRD_F_IV_PRESENT
-.\" This flag name has nothing to do w/ it's behavior, fix the name.
-For encryption, if this bit is not set the IV used to encrypt the packet
-will be written at the location pointed to by
-.Va crd_inject .
-The IV length is assumed to be equal to the blocksize of the
-encryption algorithm.
-For encryption, if this bit is set, nothing is done.
-For decryption, this flag has no meaning.
-Applications that do special
-.Dq "IV cooking" ,
-such as the half-IV mode in
-.Xr ipsec 4 ,
-can use this flag to indicate that the IV should not be written on the packet.
-This flag is typically used in conjunction with the
-.Dv CRD_F_IV_EXPLICIT
-flag.
-.It Dv CRD_F_IV_EXPLICIT
-This bit is set when the IV is explicitly
-provided by the consumer in the
-.Va crd_iv
-field.
-Otherwise, for encryption operations the IV is provided for by
-the driver used to perform the operation, whereas for decryption
-operations the offset of the IV is provided by the
-.Va crd_inject
-field.
-This flag is typically used when the IV is calculated
-.Dq "on the fly"
-by the consumer, and does not precede the data.
-.It Dv CRD_F_KEY_EXPLICIT
-For encryption and authentication (MAC) algorithms, this bit is set when the key
-is explicitly provided by the consumer in the
-.Va crd_key
-field for the given operation.
-Otherwise, the key is taken at newsession time from the
-.Va cri_key
-field.
-As calculating the key schedule may take a while, it is recommended that often
-used keys are given their own session.
-.It Dv CRD_F_COMP
-For compression algorithms, this bit is set when compression is required (when
-not set, decompression is performed).
-.El
-.It Va CRD_INI
-This
-.Vt cryptoini
-structure will not be modified by the framework or the device drivers.
-Since this information accompanies every cryptographic
-operation request, drivers may re-initialize state on-demand
-(typically an expensive operation).
-Furthermore, the cryptographic
-framework may re-route requests as a result of full queues or hardware
-failure, as described above.
-.It Va crd_next
-Point to the next descriptor.
-Linked operations are useful in protocols such as
-.Xr ipsec 4 ,
-where multiple cryptographic transforms may be applied on the same
-block of data.
-.El
-.El
.Pp
-.Fn crypto_getreq
-allocates a
-.Vt cryptop
-structure with a linked list of
-.Fa num
-.Vt cryptodesc
-structures.
+The following authenticated encryption with additional data (AEAD)
+algorithms are supported:
.Pp
-.Fn crypto_freereq
-deallocates a structure
-.Vt cryptop
-and any
-.Vt cryptodesc
-structures linked to it.
-Note that it is the responsibility of the
-callback routine to do the necessary cleanups associated with the
-opaque field in the
-.Vt cryptop
-structure.
-.Pp
-.Fn crypto_kdispatch
-is called to perform a keying operation.
-The various fields in the
-.Vt cryptkop
-structure are:
-.Bl -tag -width ".Va krp_callback"
-.It Va krp_op
-Operation code, such as
-.Dv CRK_MOD_EXP .
-.It Va krp_status
-Return code.
-This
-.Va errno Ns -style
-variable indicates whether lower level reasons
-for operation failure.
-.It Va krp_iparams
-Number of input parameters to the specified operation.
-Note that each operation has a (typically hardwired) number of such parameters.
-.It Va krp_oparams
-Number of output parameters from the specified operation.
-Note that each operation has a (typically hardwired) number of such parameters.
-.It Va krp_kvp
-An array of kernel memory blocks containing the parameters.
-.It Va krp_hid
-Identifier specifying which low-level driver is being used.
-.It Va krp_callback
-Callback called on completion of a keying operation.
+.Bl -tag -offset indent -width CRYPTO_AES_NIST_GCM_16 -compact
+.It Dv CRYPTO_AES_CCM_16
+.It Dv CRYPTO_AES_NIST_GCM_16
.El
-.Sh DRIVER-SIDE API
-The
-.Fn crypto_get_driverid ,
-.Fn crypto_get_driver_session ,
-.Fn crypto_register ,
-.Fn crypto_kregister ,
-.Fn crypto_unregister ,
-.Fn crypto_unblock ,
-and
-.Fn crypto_done
-routines are used by drivers that provide support for cryptographic
-primitives to register and unregister with the kernel crypto services
-framework.
.Pp
-Drivers must first use the
-.Fn crypto_get_driverid
-function to acquire a driver identifier, specifying the
-.Fa flags
-as an argument.
-One of
-.Dv CRYPTOCAP_F_SOFTWARE
-or
-.Dv CRYPTOCAP_F_HARDWARE
-must be specified.
-The
-.Dv CRYPTOCAP_F_SYNC
-may also be specified, and should be specified if the driver does all of
-it's operations synchronously.
-Drivers must pass the size of their session structure as the second argument.
-An appropriately sized memory will be allocated by the framework, zeroed, and
-passed to the driver's
-.Fn newsession
-method.
+The following compression algorithms are supported:
.Pp
-For each algorithm the driver supports, it must then call
-.Fn crypto_register .
-The first two arguments are the driver and algorithm identifiers.
-The next two arguments specify the largest possible operator length (in bits,
-important for public key operations) and flags for this algorithm.
-.Pp
-.Fn crypto_unregister
-is called by drivers that wish to withdraw support for an algorithm.
-The two arguments are the driver and algorithm identifiers, respectively.
-Typically, drivers for
-PCMCIA
-crypto cards that are being ejected will invoke this routine for all
-algorithms supported by the card.
-.Fn crypto_unregister_all
-will unregister all algorithms registered by a driver
-and the driver will be disabled (no new sessions will be allocated on
-that driver, and any existing sessions will be migrated to other
-drivers).
-The same will be done if all algorithms associated with a driver are
-unregistered one by one.
-After a call to
-.Fn crypto_unregister_all
-there will be no threads in either the newsession or freesession function
-of the driver.
-.Pp
-The calling convention for the driver-supplied routines are:
-.Pp
-.Bl -item -compact
-.It
-.Ft int
-.Fn \*[lp]*newsession\*[rp] "device_t" "crypto_session_t" "struct cryptoini *" ;
-.It
-.Ft void
-.Fn \*[lp]*freesession\*[rp] "device_t" "crypto_session_t" ;
-.It
-.Ft int
-.Fn \*[lp]*process\*[rp] "device_t" "struct cryptop *" "int" ;
-.It
-.Ft int
-.Fn \*[lp]*kprocess\*[rp] "device_t" "struct cryptkop *" "int" ;
+.Bl -tag -offset indent -width CRYPTO_DEFLATE_COMP -compact
+.It Dv CRYPTO_DEFLATE_COMP
.El
-.Pp
-On invocation, the first argument to
-all routines is the
-.Fa device_t
-that was provided to
-.Fn crypto_get_driverid .
-The second argument to
-.Fn newsession
-is the opaque session handle for the new session.
-The third argument is identical to that of
-.Fn crypto_newsession .
-.Pp
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-projects
mailing list