diff --git a/share/man/man4/aesni.4 b/share/man/man4/aesni.4 index aacbe79cc337..08465bdf5e88 100644 --- a/share/man/man4/aesni.4 +++ b/share/man/man4/aesni.4 @@ -1,111 +1,112 @@ .\" Copyright (c) 2010 Konstantin Belousov .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd September 26, 2017 +.Dd July 29, 2020 .Dt AESNI 4 .Os .Sh NAME .Nm aesni .Nd "driver for the AES and SHA accelerator on x86 CPUs" .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device cryptodev" .Cd "device aesni" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent aesni_load="YES" .Ed .Sh DESCRIPTION Starting with Intel Westmere and AMD Bulldozer, some x86 processors implement a new set of instructions called AESNI. The set of six instructions accelerates the calculation of the key schedule for key lengths of 128, 192, and 256 of the Advanced Encryption Standard (AES) symmetric cipher, and provides a hardware implementation of the regular and the last encryption and decryption rounds. .Pp The processor capability is reported as AESNI in the Features2 line at boot. .Pp Starting with the Intel Goldmont and AMD Ryzen microarchitectures, some x86 processors implement a new set of SHA instructions. The set of seven instructions accelerates the calculation of SHA1 and SHA256 hashes. .Pp The processor capability is reported as SHA in the Structured Extended Features line at boot. .Pp The .Nm driver does not attach on systems that lack both CPU capabilities. On systems that support only one of AESNI or SHA extensions, the driver will attach and support that one function. .Pp The .Nm driver registers itself to accelerate AES and SHA operations for .Xr crypto 4 . Besides speed, the advantage of using the .Nm driver is that the AESNI operation is data-independent, thus eliminating some attack vectors based on measuring cache use and timings typically present in table-driven implementations. .Sh SEE ALSO .Xr crypt 3 , .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr padlock 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh HISTORY The .Nm driver first appeared in .Fx 9.0 . SHA support was added in .Fx 12.0 . .Sh AUTHORS .An -nosplit The .Nm driver was written by .An Konstantin Belousov Aq Mt kib@FreeBSD.org and .An Conrad Meyer Aq Mt cem@FreeBSD.org . The key schedule calculation code was adopted from the sample provided by Intel and used in the analogous .Ox driver. The hash step intrinsics implementations were supplied by Intel. diff --git a/share/man/man4/hifn.4 b/share/man/man4/hifn.4 index f9952ac153ad..a9a06c1fbd91 100644 --- a/share/man/man4/hifn.4 +++ b/share/man/man4/hifn.4 @@ -1,134 +1,134 @@ .\" $OpenBSD: hifn.4,v 1.32 2002/09/26 07:55:40 miod Exp $ .\" .\" Copyright (c) 2000 Theo de Raadt .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd May 11, 2020 +.Dd July 29, 2020 .Dt HIFN 4 .Os .Sh NAME .Nm hifn .Nd Hifn 7751/7951/7811/7955/7956 crypto accelerator .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device cryptodev" .Cd "device hifn" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent hifn_load="YES" .Ed .Sh DESCRIPTION The .Nm driver supports various cards containing the Hifn 7751, 7951, 7811, 7955, and 7956 chipsets. .Pp The .Nm driver registers itself to accelerate AES (7955 and 7956 only), SHA1, and SHA1-HMAC operations for .Xr ipsec 4 and .Xr crypto 4 . .Pp The Hifn .Tn 7951 , .Tn 7811 , .Tn 7955 , and .Tn 7956 will also supply data to the kernel .Xr random 4 subsystem. .Sh HARDWARE The .Nm driver supports various cards containing the Hifn 7751, 7951, 7811, 7955, and 7956 chipsets, such as: .Bl -tag -width namenamenamena -offset indent .It Invertex AEON No longer being made. Came as 128KB SRAM model, or 2MB DRAM model. .It Hifn 7751 Reference board with 512KB SRAM. .It PowerCrypt Comes with 512KB SRAM. .It XL-Crypt Only board based on 7811 (which is faster than 7751 and has a random number generator). .It NetSec 7751 Supports the most IPsec sessions, with 1MB SRAM. .It Soekris Engineering vpn1201 and vpn1211 See .Pa http://www.soekris.com/ . Contains a 7951 and supports symmetric and random number operations. .It Soekris Engineering vpn1401 and vpn1411 See .Pa http://www.soekris.com/ . Contains a 7955 and supports symmetric and random number operations. .El .Sh SEE ALSO -.Xr crypt 3 , .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh HISTORY The .Nm device driver appeared in .Ox 2.7 . The .Nm device driver was imported to .Fx 5.0 . .Sh CAVEATS The Hifn 9751 shares the same PCI ID. This chip is basically a 7751, but with the cryptographic functions missing. Instead, the 9751 is only capable of doing compression. Since we do not currently attempt to use any of these chips to do compression, the 9751-based cards are not useful. .Pp Support for the 7955 and 7956 is incomplete; the asymmetric crypto facilities are to be added and the performance is suboptimal. .Sh BUGS The 7751 chip starts out at initialization by only supporting compression. A proprietary algorithm, which has been reverse engineered, is required to unlock the cryptographic functionality of the chip. It is possible for vendors to make boards which have a lock ID not known to the driver, but all vendors currently just use the obvious ID which is 13 bytes of 0. diff --git a/share/man/man4/man4.aarch64/armv8crypto.4 b/share/man/man4/man4.aarch64/armv8crypto.4 index 5b91049d404e..a80b0801d722 100644 --- a/share/man/man4/man4.aarch64/armv8crypto.4 +++ b/share/man/man4/man4.aarch64/armv8crypto.4 @@ -1,83 +1,84 @@ .\" Copyright (c) 2016 The FreeBSD Foundation .\" All rights reserved. .\" .\" This software was developed by Andrew Turner under .\" sponsorship from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd October 20, 2016 +.Dd July 29, 2020 .Dt ARMV8CRYPTO 4 .Os .Sh NAME .Nm armv8crypto .Nd "driver for the AES accelerator on ARM CPUs" .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device armv8crypto" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent armv8crypto_load="YES" .Ed .Sh DESCRIPTION Starting with the ARMv8 architecture ARM Limited has added optional cryptography instructions to accelerate AES, SHA-1, SHA-2, and finite field arithmetic. .Pp The processor capability is reported as AES in the Instruction Set Attributes 0 line at boot. The .Nm driver does not attach on systems that lack the required CPU capability. .Pp The .Nm driver registers itself to accelerate AES operations for .Xr crypto 4 . .Sh SEE ALSO .Xr crypt 3 , .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh HISTORY The .Nm driver first appeared in .Fx 11.0 . .Sh AUTHORS .An -nosplit The .Nm driver was written by .An Andrew Turner Aq Mt andrew@FreeBSD.org . diff --git a/share/man/man4/man4.i386/glxsb.4 b/share/man/man4/man4.i386/glxsb.4 index d2a30352fe7f..c08d57906136 100644 --- a/share/man/man4/man4.i386/glxsb.4 +++ b/share/man/man4/man4.i386/glxsb.4 @@ -1,97 +1,98 @@ .\" $OpenBSD: glxsb.4,v 1.5 2007/05/31 19:19:54 jmc Exp $ .\" .\"Copyright (c) 2006 Tom Cosgrove .\" .\"Permission to use, copy, modify, and distribute this software for any .\"purpose with or without fee is hereby granted, provided that the above .\"copyright notice and this permission notice appear in all copies. .\" .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" $FreeBSD$ .\" -.Dd June 8, 2008 +.Dd July 29, 2020 .Dt GLXSB 4 i386 .Os .Sh NAME .Nm glxsb .Nd Geode LX Security Block crypto accelerator .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device glxsb" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent glxsb_load="YES" .Ed .Sh DESCRIPTION The .Nm driver supports the security block of the Geode LX series processors. The Geode LX is a member of the AMD Geode family of integrated x86 system chips. .Pp Driven by periodic checks for available data from the generator, .Nm supplies entropy to the .Xr random 4 driver for common usage. .Pp .Nm also supports acceleration of AES-128-CBC operations for .Xr crypto 4 . It also registers itself to accelerate other HMAC algorithms, although there is no hardware acceleration for those algorithms. This is only needed so .Nm can work with .Xr ipsec 4 . .Sh CAVEAT The .Xr crypto 9 framework will fail to open the crypto session on the device if the AES key's length is != 128 bits. This prevents the use of the .Nm device driver with AES keys of length != 128 bits. .Sh SEE ALSO .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr pci 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh HISTORY The .Nm device driver first appeared in .Ox 4.1 . The .Nm device driver was imported into .Fx 7.1 . .Sh AUTHORS .An -nosplit The .Nm device driver was written for .Ox by .An Tom Cosgrove . It was ported to .Fx by .An Patrick Lamaiziere Aq Mt patfbsd@davenulle.org . diff --git a/share/man/man4/padlock.4 b/share/man/man4/padlock.4 index ad648af9d946..44963d0fd140 100644 --- a/share/man/man4/padlock.4 +++ b/share/man/man4/padlock.4 @@ -1,97 +1,98 @@ .\" Copyright (c) 2005 Christian Brueffer .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd February 8, 2010 +.Dd July 29, 2020 .Dt PADLOCK 4 .Os .Sh NAME .Nm padlock .Nd "driver for the cryptographic functions and RNG in VIA C3, C7 and Eden processors" .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device padlock" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent padlock_load="YES" .Ed .Sh DESCRIPTION The C3 and Eden processor series from VIA include hardware acceleration for AES. The C7 series includes hardware acceleration for AES, SHA1, SHA256 and RSA. All of the above processor series include a hardware random number generator. .Pp The .Nm driver registers itself to accelerate AES operations and, if available, HMAC/SHA1 and HMAC/SHA256 for .Xr crypto 4 . It also registers itself to accelerate other HMAC algorithms, although there is no hardware acceleration for those algorithms. This is only needed so .Nm can work with .Xr ipsec 4 . .Pp The hardware random number generator supplies data for the kernel .Xr random 4 subsystem. .Sh SEE ALSO .Xr crypt 3 , .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh HISTORY The .Nm driver first appeared in .Ox . The first .Fx release to include it was .Fx 6.0 . .Sh AUTHORS .An -nosplit The .Nm driver with AES encryption support was written by .An Jason Wright Aq Mt jason@OpenBSD.org . It was ported to .Fx and then extended to support SHA1 and SHA256 by .An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org . This manual page was written by .An Christian Brueffer Aq Mt brueffer@FreeBSD.org . diff --git a/share/man/man4/safe.4 b/share/man/man4/safe.4 index 4680a9b3710f..3d5cbec03784 100644 --- a/share/man/man4/safe.4 +++ b/share/man/man4/safe.4 @@ -1,129 +1,130 @@ .\"- .\" Copyright (c) 2003 Sam Leffler, Errno Consulting .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\"/ -.Dd May 11, 2020 +.Dd July 29, 2020 .Dt SAFE 4 .Os .Sh NAME .Nm safe .Nd SafeNet crypto accelerator .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device cryptodev" .Cd "device safe" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent safe_load="YES" .Ed .Pp .Nm sysctl Va hw.safe.debug .Nm sysctl Va hw.safe.dump .Nm sysctl Va hw.safe.rnginterval .Nm sysctl Va hw.safe.rngbufsize .Nm sysctl Va hw.safe.rngmaxalarm .Sh DESCRIPTION The .Nm driver supports cards containing SafeNet crypto accelerator chips. .Pp The .Nm driver registers itself to accelerate AES, SHA1-HMAC, and NULL operations for .Xr ipsec 4 and .Xr crypto 4 . .Pp On all models, the driver registers itself to provide random data to the .Xr random 4 subsystem. Periodically the driver will poll the hardware RNG and retrieve data for use by the system. If the driver detects that the hardware RNG is resonating with any local signal, it will reset the oscillators that generate random data. Three .Xr sysctl 8 settings control this procedure: .Va hw.safe.rnginterval specifies the time, in seconds, between polling operations, .Va hw.safe.rngbufsize specifies the number of 32-bit words to retrieve on each poll, and .Va hw.safe.rngmaxalarm specifies the threshold for resetting the oscillators. .Pp When the driver is compiled with .Dv SAFE_DEBUG defined, two .Xr sysctl 8 variables are provided for debugging purposes: .Va hw.safe.debug can be set to a non-zero value to enable debugging messages to be sent to the console for each cryptographic operation, .Va hw.safe.dump is a write-only variable that can be used to force driver state to be sent to the console. Set this variable to .Dq Li ring to dump the current state of the descriptor ring, to .Dq Li dma to dump the hardware DMA registers, or to .Dq Li int to dump the hardware interrupt registers. .Sh HARDWARE The .Nm driver supports cards containing any of the following chips: .Bl -tag -width "SafeNet 1141" -offset indent .It SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto operations, RNG, public key operations, and full IPsec packet processing. .It SafeNet 1741 A faster version of the 1141. .El .Sh SEE ALSO .Xr crypt 3 , .Xr crypto 4 , .Xr intro 4 , .Xr ipsec 4 , .Xr random 4 , +.Xr crypto 7 , .Xr crypto 9 .Sh BUGS Public key support is not implemented. diff --git a/share/man/man4/safexcel.4 b/share/man/man4/safexcel.4 index 6751570713f9..774dfddfb053 100644 --- a/share/man/man4/safexcel.4 +++ b/share/man/man4/safexcel.4 @@ -1,84 +1,85 @@ .\"- .\" Copyright (c) 2020 Rubicon Communications, LLC (Netgate) .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd June 23, 2020 +.Dd July 29, 2020 .Dt SAFEXCEL 4 .Os .Sh NAME .Nm safexcel .Nd Inside Secure SafeXcel-IP-97 security packet engine .Sh SYNOPSIS To compile this driver into the kernel, place the following lines in your kernel configuration file: .Bd -ragged -offset indent .Cd "device crypto" .Cd "device cryptodev" .Cd "device safexcel" .Ed .Pp Alternatively, to load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : .Bd -literal -offset indent safexcel_load="YES" .Ed .Sh DESCRIPTION The .Nm driver implements .Xr crypto 4 support for the cryptographic acceleration functions of the EIP-97 device found on some Marvell systems-on-chip. The driver can accelerate the following AES modes: .Pp .Bl -bullet -compact .It AES-CBC .It AES-CTR .It AES-XTS .It AES-GCM .It AES-CCM .El .Pp .Nm also implements SHA1 and SHA2 transforms, and can combine AES-CBC and AES-CTR with SHA1-HMAC and SHA2-HMAC for encrypt-then-authenticate operations. .Sh SEE ALSO .Xr crypto 4 , .Xr ipsec 4 , .Xr random 4 , +.Xr crypto 7 , .Xr geli 8 , .Xr crypto 9 .Sh HISTORY The .Nm driver first appeared in .Fx 13.0 .