Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

hifn(4) [netbsd man page]

HIFN(4) 						   BSD Kernel Interfaces Manual 						   HIFN(4)

NAME
hifn -- Hifn 7751/7951/7811/7955/7956 crypto accelerator SYNOPSIS
hifn* at pci? dev ? function ? DESCRIPTION
The hifn driver supports various cards containing the Hifn 7751, 7951, 7811, 7955, and 7956 chipsets, such as Invertex AEON No longer being made. Came as 128KB SRAM model, or 2MB DRAM model. Hifn 7751 Reference board with 512KB SRAM. PowerCrypt See http://www.powercrypt.com/. Comes with 512KB SRAM. XL-Crypt See http://www.powercrypt.com/. Only board based on 7811 (which is faster than 7751 and has a random number genera- tor). NetSec 7751 See http://www.netsec.net/. Supports the most IPsec sessions, with 1MB SRAM. Soekris Engineering vpn1201 and vpn1211 See http://www.soekris.com/. Contains a 7951 and supports symmetric and random number operations. Soekris Engineering vpn1401 and vpn1411 See http://www.soekris.com/. Contains a 7955 and supports symmetric and random number operations. The hifn driver registers itself to accelerate DES, Triple-DES, AES (7955 and 7956 only), ARC4, MD5, MD5-HMAC, SHA1, and SHA1-HMAC operations for opencrypto(9), and thus for fast_ipsec(4) and crypto(4). The Hifn 7951, 7811, 7955, and 7956 may also supply data to the kernel rnd(4) subsystem. SEE ALSO
crypto(4), fast_ipsec(4), intro(4), rnd(4), opencrypto(9) HISTORY
The hifn device driver appeared in OpenBSD 2.7. The hifn device driver was imported to FreeBSD 5.0, back-ported to FreeBSD 4.8, and subse- quently imported into NetBSD 2.0. CAVEATS
The Hifn 9751 shares the same PCI ID. This chip is basically a 7751, but with the cryptographic functions missing. Instead, the 9751 is only capable of doing compression. Since we do not currently attempt to use any of these chips to do compression, the 9751-based cards are not useful. Support for the 7955 and 7956 is incomplete; the asymmetric crypto facilities are to be added and the performance is suboptimal. Supplying data to the kernel rnd(4) subsystem has been disabled, pending verification that the on-chip RNG is statistically adequate. BUGS
The 7751 chip starts out at initialization by only supporting compression. A proprietary algorithm, which has been reverse engineered, is required to unlock the cryptographic functionality of the chip. It is possible for vendors to make boards which have a lock ID not known to the driver, but all vendors currently just use the obvious ID which is 13 bytes of 0. BSD
October 8, 2003 BSD

Check Out this Related Man Page

FAST_IPSEC(4)						   BSD Kernel Interfaces Manual 					     FAST_IPSEC(4)

NAME
fast_ipsec -- Fast IPsec hardware-accelerated IP Security Protocols SYNOPSIS
options IPSEC options IPSEC_DEBUG options IPSEC_NAT_T DESCRIPTION
IPsec is a set of protocols, ESP (for Encapsulating Security Payload) AH (for Authentication Header), and IPComp (for IP Payload Compression Protocol) that provide security services for IP datagrams. Fast IPsec is an implementation of these protocols that uses the opencrypto(9) subsystem to carry out cryptographic operations. This means, in particular, that cryptographic hardware devices are employed whenever possi- ble to optimize the performance of these protocols. In general, the Fast IPsec implementation is intended to be compatible with the KAME IPsec implementation. The user should refer to ipsec(4) for basic information on setting up and using these protocols. System configuration requires the opencrypto(9) subsystem. When the Fast IPsec protocols are configured for use, all protocols are included in the system. To selectively enable/disable protocols, use sysctl(8). DIAGNOSTICS
To be added. SEE ALSO
kame_ipsec(4), setkey(8), sysctl(8), opencrypto(9) HISTORY
The protocols draw heavily on the OpenBSD implementation of the IPsec protocols. The policy management code is derived from the KAME imple- mentation found in their IPsec protocols. The Fast IPsec protocols are based on code which appeared in FreeBSD 4.7. The NetBSD version is a close copy of the FreeBSD original, and first appeared in NetBSD 2.0. Support for IPv6 and IPcomp protocols has been added in NetBSD 4.0. Support for IPSEC_NAT_T (Network Address Translator Traversal as described in RFCs 3947 and 3948) has been added in NetBSD 5.0. BUGS
Certain legacy authentication algorithms are not supported because of issues with the opencrypto(9) subsystem. This documentation is incomplete. BSD
January 23, 2012 BSD
Man Page