1*25638cf4SSascha Wildner.\"- 2*25638cf4SSascha Wildner.\" Copyright (c) 2003 Sam Leffler, Errno Consulting 3*25638cf4SSascha Wildner.\" All rights reserved. 4*25638cf4SSascha Wildner.\" 5*25638cf4SSascha Wildner.\" Redistribution and use in source and binary forms, with or without 6*25638cf4SSascha Wildner.\" modification, are permitted provided that the following conditions 7*25638cf4SSascha Wildner.\" are met: 8*25638cf4SSascha Wildner.\" 1. Redistributions of source code must retain the above copyright 9*25638cf4SSascha Wildner.\" notice, this list of conditions and the following disclaimer. 10*25638cf4SSascha Wildner.\" 2. Redistributions in binary form must reproduce the above copyright 11*25638cf4SSascha Wildner.\" notice, this list of conditions and the following disclaimer in the 12*25638cf4SSascha Wildner.\" documentation and/or other materials provided with the distribution. 13*25638cf4SSascha Wildner.\" 14*25638cf4SSascha Wildner.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15*25638cf4SSascha Wildner.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16*25638cf4SSascha Wildner.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17*25638cf4SSascha Wildner.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18*25638cf4SSascha Wildner.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19*25638cf4SSascha Wildner.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20*25638cf4SSascha Wildner.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21*25638cf4SSascha Wildner.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22*25638cf4SSascha Wildner.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23*25638cf4SSascha Wildner.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24*25638cf4SSascha Wildner.\" SUCH DAMAGE. 25*25638cf4SSascha Wildner.\" 26*25638cf4SSascha Wildner.\" $FreeBSD: src/share/man/man4/safe.4,v 1.7 2006/04/01 10:56:36 brueffer Exp $ 27*25638cf4SSascha Wildner.\" 28*25638cf4SSascha Wildner.Dd August 28, 2011 29*25638cf4SSascha Wildner.Dt SAFE 4 30*25638cf4SSascha Wildner.Os 31*25638cf4SSascha Wildner.Sh NAME 32*25638cf4SSascha Wildner.Nm safe 33*25638cf4SSascha Wildner.Nd SafeNet crypto accelerator 34*25638cf4SSascha Wildner.Sh SYNOPSIS 35*25638cf4SSascha WildnerTo compile this driver into the kernel, 36*25638cf4SSascha Wildnerplace the following lines in your 37*25638cf4SSascha Wildnerkernel configuration file: 38*25638cf4SSascha Wildner.Bd -ragged -offset indent 39*25638cf4SSascha Wildner.Cd "device crypto" 40*25638cf4SSascha Wildner.Cd "device cryptodev" 41*25638cf4SSascha Wildner.Cd "device safe" 42*25638cf4SSascha Wildner.Ed 43*25638cf4SSascha Wildner.Pp 44*25638cf4SSascha WildnerAlternatively, to load the driver as a 45*25638cf4SSascha Wildnermodule at boot time, place the following line in 46*25638cf4SSascha Wildner.Xr loader.conf 5 : 47*25638cf4SSascha Wildner.Bd -literal -offset indent 48*25638cf4SSascha Wildnersafe_load="YES" 49*25638cf4SSascha Wildner.Ed 50*25638cf4SSascha Wildner.Pp 51*25638cf4SSascha Wildner.Nm sysctl Va hw.safe.debug 52*25638cf4SSascha Wildner.Nm sysctl Va hw.safe.dump 53*25638cf4SSascha Wildner.Nm sysctl Va hw.safe.rnginterval 54*25638cf4SSascha Wildner.Nm sysctl Va hw.safe.rngbufsize 55*25638cf4SSascha Wildner.Nm sysctl Va hw.safe.rngmaxalarm 56*25638cf4SSascha Wildner.Sh DESCRIPTION 57*25638cf4SSascha WildnerThe 58*25638cf4SSascha Wildner.Nm 59*25638cf4SSascha Wildnerdriver supports cards containing SafeNet crypto accelerator chips. 60*25638cf4SSascha Wildner.Pp 61*25638cf4SSascha WildnerThe 62*25638cf4SSascha Wildner.Nm 63*25638cf4SSascha Wildnerdriver registers itself to accelerate DES, Triple-DES, AES, MD5-HMAC, 64*25638cf4SSascha WildnerSHA1-HMAC, and NULL operations for 65*25638cf4SSascha Wildner.Xr ipsec 4 66*25638cf4SSascha Wildnerand 67*25638cf4SSascha Wildner.Xr crypto 4 . 68*25638cf4SSascha Wildner.Pp 69*25638cf4SSascha WildnerOn all models, the driver registers itself to provide random data to the 70*25638cf4SSascha Wildner.Xr random 4 71*25638cf4SSascha Wildnersubsystem. 72*25638cf4SSascha WildnerPeriodically the driver will poll the hardware RNG and retrieve 73*25638cf4SSascha Wildnerdata for use by the system. 74*25638cf4SSascha WildnerIf the driver detects that the hardware RNG is resonating with any local 75*25638cf4SSascha Wildnersignal, it will reset the oscillators that generate random data. 76*25638cf4SSascha WildnerThree 77*25638cf4SSascha Wildner.Xr sysctl 8 78*25638cf4SSascha Wildnersettings control this procedure: 79*25638cf4SSascha Wildner.Va hw.safe.rnginterval 80*25638cf4SSascha Wildnerspecifies the time, in seconds, between polling operations, 81*25638cf4SSascha Wildner.Va hw.safe.rngbufsize 82*25638cf4SSascha Wildnerspecifies the number of 32-bit words to retrieve on each poll, 83*25638cf4SSascha Wildnerand 84*25638cf4SSascha Wildner.Va hw.safe.rngmaxalarm 85*25638cf4SSascha Wildnerspecifies the threshold for resetting the oscillators. 86*25638cf4SSascha Wildner.Pp 87*25638cf4SSascha WildnerWhen the driver is compiled with 88*25638cf4SSascha Wildner.Dv SAFE_DEBUG 89*25638cf4SSascha Wildnerdefined, two 90*25638cf4SSascha Wildner.Xr sysctl 8 91*25638cf4SSascha Wildnervariables are provided for debugging purposes: 92*25638cf4SSascha Wildner.Va hw.safe.debug 93*25638cf4SSascha Wildnercan be set to a non-zero value to enable debugging messages to be sent 94*25638cf4SSascha Wildnerto the console for each cryptographic operation, 95*25638cf4SSascha Wildner.Va hw.safe.dump 96*25638cf4SSascha Wildneris a write-only variable that can be used to force driver state to be sent 97*25638cf4SSascha Wildnerto the console. 98*25638cf4SSascha WildnerSet this variable to 99*25638cf4SSascha Wildner.Dq Li ring 100*25638cf4SSascha Wildnerto dump the current state of the descriptor ring, 101*25638cf4SSascha Wildnerto 102*25638cf4SSascha Wildner.Dq Li dma 103*25638cf4SSascha Wildnerto dump the hardware DMA registers, 104*25638cf4SSascha Wildneror 105*25638cf4SSascha Wildnerto 106*25638cf4SSascha Wildner.Dq Li int 107*25638cf4SSascha Wildnerto dump the hardware interrupt registers. 108*25638cf4SSascha Wildner.Sh HARDWARE 109*25638cf4SSascha WildnerThe 110*25638cf4SSascha Wildner.Nm 111*25638cf4SSascha Wildnerdriver supports cards containing any of the following chips: 112*25638cf4SSascha Wildner.Bl -tag -width "SafeNet 1141" -offset indent 113*25638cf4SSascha Wildner.It SafeNet 1141 114*25638cf4SSascha WildnerThe original chipset. 115*25638cf4SSascha WildnerSupports DES, Triple-DES, AES, MD5, and SHA-1 116*25638cf4SSascha Wildnersymmetric crypto operations, RNG, public key operations, and full IPsec 117*25638cf4SSascha Wildnerpacket processing. 118*25638cf4SSascha Wildner.It SafeNet 1741 119*25638cf4SSascha WildnerA faster version of the 1141. 120*25638cf4SSascha Wildner.El 121*25638cf4SSascha Wildner.Sh SEE ALSO 122*25638cf4SSascha Wildner.Xr crypt 3 , 123*25638cf4SSascha Wildner.Xr crypto 4 , 124*25638cf4SSascha Wildner.Xr intro 4 , 125*25638cf4SSascha Wildner.Xr ipsec 4 , 126*25638cf4SSascha Wildner.Xr random 4 , 127*25638cf4SSascha Wildner.Xr crypto 9 128*25638cf4SSascha Wildner.Sh BUGS 129*25638cf4SSascha WildnerPublic key support is not implemented. 130