Changeset View
Changeset View
Standalone View
Standalone View
share/man/man4/aesni.4
Show All 18 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd December 14, 2015 | .Dd September 24, 2017 | ||||
.Dt AESNI 4 | .Dt AESNI 4 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm aesni | .Nm aesni | ||||
.Nd "driver for the AES accelerator on Intel CPUs" | .Nd "driver for the AES and SHA accelerator on x86 CPUs" | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
To compile this driver into the kernel, | To compile this driver into the kernel, | ||||
place the following lines in your | place the following lines in your | ||||
kernel configuration file: | kernel configuration file: | ||||
.Bd -ragged -offset indent | .Bd -ragged -offset indent | ||||
.Cd "device crypto" | .Cd "device crypto" | ||||
.Cd "device cryptodev" | .Cd "device cryptodev" | ||||
.Cd "device aesni" | .Cd "device aesni" | ||||
.Ed | .Ed | ||||
.Pp | .Pp | ||||
Alternatively, to load the driver as a | Alternatively, to load the driver as a | ||||
module at boot time, place the following line in | module at boot time, place the following line in | ||||
.Xr loader.conf 5 : | .Xr loader.conf 5 : | ||||
.Bd -literal -offset indent | .Bd -literal -offset indent | ||||
aesni_load="YES" | aesni_load="YES" | ||||
.Ed | .Ed | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
Starting with some models of Core i5/i7, Intel processors implement | Starting with Intel Westmere and AMD Bulldozer, some x86 processors implement a | ||||
a new set of instructions called AESNI. | new set of instructions called AESNI. | ||||
The set of six instructions accelerates the calculation of the key | The set of six instructions accelerates the calculation of the key | ||||
schedule for key lengths of 128, 192, and 256 of the Advanced | schedule for key lengths of 128, 192, and 256 of the Advanced | ||||
Encryption Standard (AES) symmetric cipher, and provides a hardware | Encryption Standard (AES) symmetric cipher, and provides a hardware | ||||
implementation of the regular and the last encryption and decryption | implementation of the regular and the last encryption and decryption | ||||
rounds. | rounds. | ||||
.Pp | .Pp | ||||
The processor capability is reported as AESNI in the Features2 line at boot. | The processor capability is reported as AESNI in the Features2 line at boot. | ||||
.Pp | |||||
Starting with the Intel Goldmont and AMD Ryzen microarchitectures, some x86 | |||||
processors implement a new set of SHA instructions. | |||||
The set of seven instructions accelerates the calculation of SHA1 and SHA256 | |||||
hashes. | |||||
.Pp | |||||
The processor capability is reported as SHA in the Structured Extended Features | |||||
line at boot. | |||||
.Pp | |||||
The | The | ||||
.Nm | .Nm | ||||
driver does not attach on systems that lack the required CPU capability. | driver does not attach on systems that lack both CPU capabilities. | ||||
On systems that support only one of AESNI or SHA extensions, the driver will | |||||
attach and support that one function. | |||||
.Pp | .Pp | ||||
The | The | ||||
.Nm | .Nm | ||||
driver registers itself to accelerate AES operations for | driver registers itself to accelerate AES and SHA operations for | ||||
.Xr crypto 4 . | .Xr crypto 4 . | ||||
Besides speed, the advantage of using the | Besides speed, the advantage of using the | ||||
.Nm | .Nm | ||||
driver is that the AESNI operation | driver is that the AESNI operation | ||||
is data-independent, thus eliminating some attack vectors based on | is data-independent, thus eliminating some attack vectors based on | ||||
measuring cache use and timings typically present in table-driven | measuring cache use and timings typically present in table-driven | ||||
implementations. | implementations. | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr crypt 3 , | .Xr crypt 3 , | ||||
.Xr crypto 4 , | .Xr crypto 4 , | ||||
.Xr intro 4 , | .Xr intro 4 , | ||||
.Xr ipsec 4 , | .Xr ipsec 4 , | ||||
.Xr padlock 4 , | .Xr padlock 4 , | ||||
.Xr random 4 , | .Xr random 4 , | ||||
.Xr crypto 9 | .Xr crypto 9 | ||||
.Sh HISTORY | .Sh HISTORY | ||||
The | The | ||||
.Nm | .Nm | ||||
driver first appeared in | driver first appeared in | ||||
.Fx 9.0 . | .Fx 9.0 . | ||||
SHA support was added in | |||||
.Fx 12.0 . | |||||
.Sh AUTHORS | .Sh AUTHORS | ||||
.An -nosplit | .An -nosplit | ||||
The | The | ||||
.Nm | .Nm | ||||
driver was written by | driver was written by | ||||
.An Konstantin Belousov Aq Mt kib@FreeBSD.org . | .An Konstantin Belousov Aq Mt kib@FreeBSD.org | ||||
and | |||||
.An Conrad Meyer Aq Mt cem@FreeBSD.org . | |||||
The key schedule calculation code was adopted from the sample provided | The key schedule calculation code was adopted from the sample provided | ||||
by Intel and used in the analogous | by Intel and used in the analogous | ||||
.Ox | .Ox | ||||
driver. | driver. | ||||
The hash step intrinsics implementations were supplied by Intel. |