Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

safe(4) [debian man page]

SAFE(4) 						   BSD Kernel Interfaces Manual 						   SAFE(4)

NAME

     safe -- SafeNet crypto accelerator

SYNOPSIS

     To compile this driver into the kernel, place the following lines in your kernel configuration file:

	   device crypto
	   device cryptodev
	   device safe

     Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

	   safe_load="YES"

     sysctl hw.safe.debug
     sysctl hw.safe.dump
     sysctl hw.safe.rnginterval
     sysctl hw.safe.rngbufsize
     sysctl hw.safe.rngmaxalarm

DESCRIPTION

     The safe driver supports cards containing SafeNet crypto accelerator chips.

     The safe driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, SHA1-HMAC, and NULL operations for ipsec(4) and crypto(4).

     On all models, the driver registers itself to provide random data to the random(4) subsystem.  Periodically the driver will poll the hardware
     RNG and retrieve data for use by the system.  If the driver detects that the hardware RNG is resonating with any local signal, it will reset
     the oscillators that generate random data.  Three sysctl(8) settings control this procedure: hw.safe.rnginterval specifies the time, in sec-
     onds, between polling operations, hw.safe.rngbufsize specifies the number of 32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm
     specifies the threshold for resetting the oscillators.

     When the driver is compiled with SAFE_DEBUG defined, two sysctl(8) variables are provided for debugging purposes: hw.safe.debug can be set to
     a non-zero value to enable debugging messages to be sent to the console for each cryptographic operation, hw.safe.dump is a write-only vari-
     able that can be used to force driver state to be sent to the console.  Set this variable to ``ring'' to dump the current state of the
     descriptor ring, to ``dma'' to dump the hardware DMA registers, or to ``int'' to dump the hardware interrupt registers.

HARDWARE

     The safe driver supports cards containing any of the following chips:

	   SafeNet 1141  The original chipset.	Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto operations, RNG, public key opera-
			 tions, and full IPsec packet processing.

	   SafeNet 1741  A faster version of the 1141.

SEE ALSO

     crypt(3), crypto(4), intro(4), ipsec(4), random(4), crypto(9)

BUGS

     Public key support is not implemented.

BSD
								   April 1, 2006							       BSD

Check Out this Related Man Page

UBSEC(4)						   BSD Kernel Interfaces Manual 						  UBSEC(4)

NAME

     ubsec -- Broadcom and BlueSteel uBsec 5x0x crypto accelerator

SYNOPSIS

     ubsec* at pci? dev ? function ?

DESCRIPTION

     The ubsec driver supports cards containing any of the following chips:

	   Bluesteel 5501    The original chipset, no longer made.  This extremely rare unit was not very fast, lacked an RNG, and had a number of
			     other bugs.

	   Bluesteel 5601    A faster and fixed version of the original, with a random number unit and large number engine added.

	   Broadcom BCM5801  A BCM5805 without public key engine or random number generator.

	   Broadcom BCM5802  A slower version of the BCM5805.

	   Broadcom BCM5805  Faster version of Bluesteel 5601.

	   Broadcom BCM5820  64 bit version of the chip, and significantly more advanced.

	   Broadcom BCM5821  Faster version of the BCM5820.  (This is the chip found on the Sun Crypto Accelerator 1000.)

	   Broadcom BCM5822  Faster version of the BCM5820.

	   Broadcom BCM5823  Faster version of the BCM5822.

	   Broadcom BCM5823  Faster version of the BCM5821, with AES hardware.

     The ubsec driver registers itself to accelerate DES, Triple-DES, MD5, SHA1, MD5-HMAC, and SHA1-HMAC operations for opencrypto(9), and thus
     for fast_ipsec(4) and crypto(4).

     On those models which contain a public key engine (almost all of the more recent ones), this feature is registered with the crypto(4) subsys-
     tem.

     On all models except the Bluesteel 5501 and Broadcom 5801, the driver registers itself to provide random data to the rnd(4) subsystem.

SEE ALSO

     crypto(4), fast_ipsec(4), intro(4), rnd(4), opencrypto(9)

HISTORY

     The ubsec device driver appeared in OpenBSD 2.8.  The ubsec device driver was imported to FreeBSD 5.0, back-ported to FreeBSD 4.8, and subse-
     quently imported to NetBSD 2.0.

BUGS

     The BCM5801 and BCM5802 have not actually been tested.

     Whilst some of the newer chips support AES, AES is not supported by the driver.

BSD
								   June 10, 2000							       BSD
Man Page