Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

safe(4) [freebsd man page]

SAFE(4) 						   BSD Kernel Interfaces Manual 						   SAFE(4)

NAME
safe -- SafeNet crypto accelerator SYNOPSIS
To compile this driver into the kernel, place the following lines in your kernel configuration file: device crypto device cryptodev device safe Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5): safe_load="YES" sysctl hw.safe.debug sysctl hw.safe.dump sysctl hw.safe.rnginterval sysctl hw.safe.rngbufsize sysctl hw.safe.rngmaxalarm DESCRIPTION
The safe driver supports cards containing SafeNet crypto accelerator chips. The safe driver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, SHA1-HMAC, and NULL operations for ipsec(4) and crypto(4). On all models, the driver registers itself to provide random data to the random(4) subsystem. Periodically the driver will poll the hardware RNG and retrieve data for use by the system. If the driver detects that the hardware RNG is resonating with any local signal, it will reset the oscillators that generate random data. Three sysctl(8) settings control this procedure: hw.safe.rnginterval specifies the time, in sec- onds, between polling operations, hw.safe.rngbufsize specifies the number of 32-bit words to retrieve on each poll, and hw.safe.rngmaxalarm specifies the threshold for resetting the oscillators. When the driver is compiled with SAFE_DEBUG defined, two sysctl(8) variables are provided for debugging purposes: hw.safe.debug can be set to a non-zero value to enable debugging messages to be sent to the console for each cryptographic operation, hw.safe.dump is a write-only vari- able that can be used to force driver state to be sent to the console. Set this variable to ``ring'' to dump the current state of the descriptor ring, to ``dma'' to dump the hardware DMA registers, or to ``int'' to dump the hardware interrupt registers. HARDWARE
The safe driver supports cards containing any of the following chips: SafeNet 1141 The original chipset. Supports DES, Triple-DES, AES, MD5, and SHA-1 symmetric crypto operations, RNG, public key opera- tions, and full IPsec packet processing. SafeNet 1741 A faster version of the 1141. SEE ALSO
crypt(3), crypto(4), intro(4), ipsec(4), random(4), crypto(9) BUGS
Public key support is not implemented. BSD
April 1, 2006 BSD

Check Out this Related Man Page

UBSEC(4)						   BSD Kernel Interfaces Manual 						  UBSEC(4)

NAME
ubsec -- Broadcom and BlueSteel uBsec 5x0x crypto accelerator SYNOPSIS
ubsec* at pci? dev ? function ? DESCRIPTION
The ubsec driver supports cards containing any of the following chips: Bluesteel 5501 The original chipset, no longer made. This extremely rare unit was not very fast, lacked an RNG, and had a number of other bugs. Bluesteel 5601 A faster and fixed version of the original, with a random number unit and large number engine added. Broadcom BCM5801 A BCM5805 without public key engine or random number generator. Broadcom BCM5802 A slower version of the BCM5805. Broadcom BCM5805 Faster version of Bluesteel 5601. Broadcom BCM5820 64 bit version of the chip, and significantly more advanced. Broadcom BCM5821 Faster version of the BCM5820. (This is the chip found on the Sun Crypto Accelerator 1000.) Broadcom BCM5822 Faster version of the BCM5820. Broadcom BCM5823 Faster version of the BCM5822. Broadcom BCM5823 Faster version of the BCM5821, with AES hardware. The ubsec driver registers itself to accelerate DES, Triple-DES, MD5, SHA1, MD5-HMAC, and SHA1-HMAC operations for opencrypto(9), and thus for fast_ipsec(4) and crypto(4). On those models which contain a public key engine (almost all of the more recent ones), this feature is registered with the crypto(4) subsys- tem. On all models except the Bluesteel 5501 and Broadcom 5801, the driver registers itself to provide random data to the rnd(4) subsystem. SEE ALSO
crypto(4), fast_ipsec(4), intro(4), rnd(4), opencrypto(9) HISTORY
The ubsec device driver appeared in OpenBSD 2.8. The ubsec device driver was imported to FreeBSD 5.0, back-ported to FreeBSD 4.8, and subse- quently imported to NetBSD 2.0. BUGS
The BCM5801 and BCM5802 have not actually been tested. Whilst some of the newer chips support AES, AES is not supported by the driver. BSD
June 10, 2000 BSD
Man Page