aesni(4) [freebsd man page]
AESNI(4) BSD Kernel Interfaces Manual AESNI(4) NAME
aesni -- driver for the AES accelerator on Intel CPUs SYNOPSIS
To compile this driver into the kernel, place the following lines in your kernel configuration file: device crypto device aesni Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): aesni_load="YES" DESCRIPTION
Starting with some models of Core i5/i7, Intel processors implement a new set of instructions called AESNI. The set of six instructions accelerates the calculation of the key schedule for key lengths of 128, 192, and 256 of the Advanced Encryption Standard (AES) symmetric cipher, and provides a hardware implementation of the regular and the last encryption and decryption rounds. The processor capability is reported as AESNI in the Features2 line at boot. The aesni driver does not attach on systems that lack the required CPU capability. The aesni driver registers itself to accelerate AES operations for crypto(4). Besides speed, the advantage of using the aesni driver is that the AESNI operation is data-independent, thus eliminating some attack vectors based on measuring cache use and timings typically present in table-driven implementations. SEE ALSO
crypt(3), crypto(4), intro(4), ipsec(4), padlock(4), random(4), crypto(9) HISTORY
The aesni driver first appeared in FreeBSD 9.0. AUTHORS
The aesni driver was written by Konstantin Belousov <kib@FreeBSD.org>. The key schedule calculation code was adopted from the sample pro- vided by Intel and used in the analogous OpenBSD driver. BSD
September 6, 2010 BSD
Check Out this Related Man Page
SAFE(4) BSD Kernel Interfaces Manual SAFE(4) NAME
safe -- SafeNet crypto accelerator SYNOPSIS
To compile this driver into the kernel, place the following lines in your kernel configuration file: device crypto device cryptodev device safe Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): safe_load="YES" sysctl hw.safe.debug sysctl hw.safe.dump sysctl hw.safe.rnginterval sysctl hw.safe.rngbufsize sysctl hw.safe.rngmaxalarm DESCRIPTION
The safe driver supports cards containing SafeNet crypto accelerator chips. The safe driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, SHA1-HMAC, and NULL operations for ipsec(4) and crypto(4). On all models, the driver registers itself to provide random data to the random(4) subsystem. Periodically the driver will poll the hardware RNG and retrieve data for use by the system. If the driver detects that the hardware RNG is resonating with any local signal, it will reset the oscillators that generate random data. Three sysctl(8) settings control this procedure: hw.safe.rnginterval specifies the time, in sec- onds, between polling operations, hw.safe.rngbufsize specifies the number of 32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm specifies the threshold for resetting the oscillators. When the driver is compiled with SAFE_DEBUG defined, two sysctl(8) variables are provided for debugging purposes: hw.safe.debug can be set to a non-zero value to enable debugging messages to be sent to the console for each cryptographic operation, hw.safe.dump is a write-only vari- able that can be used to force driver state to be sent to the console. Set this variable to ``ring'' to dump the current state of the descriptor ring, to ``dma'' to dump the hardware DMA registers, or to ``int'' to dump the hardware interrupt registers. HARDWARE
The safe driver supports cards containing any of the following chips: SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto operations, RNG, public key opera- tions, and full IPsec packet processing. SafeNet 1741 A faster version of the 1141. SEE ALSO
crypt(3), crypto(4), intro(4), ipsec(4), random(4), crypto(9) BUGS
Public key support is not implemented. BSD
April 1, 2006 BSD