devcrypto
Access cryptographic accelerators
Syntax:
devcrypto [-D] [-o options] plugin
Runs on:
QNX OS
Options:
- -D
- (Optional) Don't daemonize.
- -o options
- (Optional) Options to pass to the specified plugin as a string.
- plugin
- The name of the plugin DLL (for example, devcr-plugin.so).
Description:
The devcrypto service provides access to cryptographic accelerators via the device entry /dev/crypto.
The service daemonizes itself automatically.
The devcrypto receives commands from clients via ioctl(). Commands are sent using regular message passing functionality. Clients require a link to libdevcr-ioctl.so to intercept ioctl() calls and redirect them to devcrypto.
The ioctl() function provides the following crypto-related commands:
- CIOCAUTHCRYPT
- Handle AEAD ciphers such as AES-GCM.
- CIOCCPHASH
- Copy a digest state from one session to another to continue the digest operation.
- CIOCCRYPT
- Request a symmetric-key (or unkeyed hash) operation.
- CIOCFSESSION
- Finish a session for crypto operations.
- CIOCGSESSION
- Set up a session for symmetric crypto operations.
- CRIOGET
- Get a cloned file descriptor of /dev/crypto by calling open() (see open() in the C Library Reference). This isn't necessary in QNX OS, but we've provided it for compatibility and portability.
For more information, see ioctl() in the C Library Reference.
For more information about devcrypto, see Cryptography
Support,
The devcrypto plugin API
(devcrypto_plugin.h),
and The
devcrypto I/O command API
(cryptodev.h)
in the Security Developer's Guide.