The
crypto driver gives user-mode applications access to hardware-accelerated cryptographic transforms, as implemented by the
opencrypto(9) in-kernel interface.
The
swcrypto driver is a software-only implementation of the
opencrypto(9) interface, and must be included to use the interface without hardware acceleration.
The
/dev/crypto special device provides an
ioctl(2) based interface. User-mode applications should open the special device, then issue
ioctl(2) calls on the descriptor. User-mode access to
/dev/crypto is generally controlled by three
sysctl(8) variables,
kern.usercrypto,
kern.userasymcrypto, and
kern.cryptodevallowsoft. See
sysctl(7) for additional details.
The
crypto device provides two distinct modes of operation: one mode for symmetric-keyed cryptographic requests, and a second mode for both asymmetric-key (public-key/private-key) requests, and for modular arithmetic (for Diffie-Hellman key exchange and other cryptographic protocols). The two modes are described separately below.