Remove nsp(4) documentation following the removal of code.
This commit is contained in:
parent
a0a7b72761
commit
0b570ac92d
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: mi,v 1.1605 2018/08/03 06:07:02 kamil Exp $
|
||||
# $NetBSD: mi,v 1.1606 2018/08/08 21:15:42 maya Exp $
|
||||
#
|
||||
# Note: don't delete entries from here - mark them as "obsolete" instead.
|
||||
#
|
||||
|
@ -1494,7 +1494,7 @@
|
|||
./usr/share/man/cat4/nside.0 man-sys-catman .cat
|
||||
./usr/share/man/cat4/nsip.0 man-obsolete obsolete
|
||||
./usr/share/man/cat4/nsmb.0 man-sys-catman .cat
|
||||
./usr/share/man/cat4/nsp.0 man-sys-catman .cat
|
||||
./usr/share/man/cat4/nsp.0 man-obsolete .cat
|
||||
./usr/share/man/cat4/nsphy.0 man-sys-catman .cat
|
||||
./usr/share/man/cat4/nsphyter.0 man-sys-catman .cat
|
||||
./usr/share/man/cat4/ntwo.0 man-sys-catman .cat
|
||||
|
@ -4601,7 +4601,7 @@
|
|||
./usr/share/man/html4/nsclpcsio.html man-sys-htmlman html
|
||||
./usr/share/man/html4/nside.html man-sys-htmlman html
|
||||
./usr/share/man/html4/nsmb.html man-sys-htmlman html
|
||||
./usr/share/man/html4/nsp.html man-sys-htmlman html
|
||||
./usr/share/man/html4/nsp.html man-obsolete html
|
||||
./usr/share/man/html4/nsphy.html man-sys-htmlman html
|
||||
./usr/share/man/html4/nsphyter.html man-sys-htmlman html
|
||||
./usr/share/man/html4/ntwo.html man-sys-htmlman html
|
||||
|
@ -7566,7 +7566,7 @@
|
|||
./usr/share/man/man4/nside.4 man-sys-man .man
|
||||
./usr/share/man/man4/nsip.4 man-obsolete obsolete
|
||||
./usr/share/man/man4/nsmb.4 man-sys-man .man
|
||||
./usr/share/man/man4/nsp.4 man-sys-man .man
|
||||
./usr/share/man/man4/nsp.4 man-obsolete .man
|
||||
./usr/share/man/man4/nsphy.4 man-sys-man .man
|
||||
./usr/share/man/man4/nsphyter.4 man-sys-man .man
|
||||
./usr/share/man/man4/ntwo.4 man-sys-man .man
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $NetBSD: Makefile,v 1.662 2018/07/31 19:30:19 rjs Exp $
|
||||
# $NetBSD: Makefile,v 1.663 2018/08/08 21:15:41 maya Exp $
|
||||
# @(#)Makefile 8.1 (Berkeley) 6/18/93
|
||||
|
||||
MAN= aac.4 ac97.4 acardide.4 aceride.4 acphy.4 \
|
||||
|
@ -43,7 +43,7 @@ MAN= aac.4 ac97.4 acardide.4 aceride.4 acphy.4 \
|
|||
micphy.4 midi.4 mii.4 mk48txx.4 mlx.4 mly.4 mpls.4 mpii.4 mpt.4 \
|
||||
mpu.4 mtd.4 mtio.4 msm6242b.4 multicast.4 mvsata.4 \
|
||||
nadb.4 ne.4 neo.4 netintro.4 nfe.4 nfsmb.4 njata.4 njs.4 \
|
||||
nsclpcsio.4 nside.4 nsp.4 nsphy.4 nsphyter.4 ntwoc.4 null.4 nsmb.4 \
|
||||
nsclpcsio.4 nside.4 nsphy.4 nsphyter.4 ntwoc.4 null.4 nsmb.4 \
|
||||
nvme.4 \
|
||||
oak.4 oosiop.4 opl.4 options.4 optiide.4 osiop.4 otus.4 \
|
||||
pad.4 pas.4 pcdisplay.4 pcf8563rtc.4 pciide.4 pckbc.4 pckbd.4 pcn.4 \
|
||||
|
|
|
@ -1,195 +0,0 @@
|
|||
.\" $NetBSD: nsp.4,v 1.4 2018/06/15 23:11:56 wiz Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" This code is derived from software contributed to The NetBSD Foundation
|
||||
.\" by Coyote Point Systems, Inc.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
||||
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
||||
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||||
.\" POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd June 13, 2018
|
||||
.Dt NSP 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm nsp
|
||||
.Nd NBMK/CyberGuard/NetOctave NSP2000 crypto accelerator
|
||||
.Sh SYNOPSIS
|
||||
.Cd "nsp* at pci? dev ? function ?"
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
driver supports cards using the NSP2000 cryptographic processor,
|
||||
originally manufactured and sold by NetOctave, then CyberGuard, and
|
||||
presently (late 2008) by NBMK Encryption Technologies.
|
||||
.Pp
|
||||
The NSP2000 is a cryptographic
|
||||
.Dq packet processor
|
||||
or
|
||||
.Dq macro processor
|
||||
featuring extensive support for protocol handshake acceleration
|
||||
and protocol record operations (e.g. single-pass pad-encrypt-and-hash
|
||||
for SSL or ESP messages).
|
||||
It also provides various cryptographic and mathematical primitives
|
||||
such as random number generation, encryption/decryption (DES, 3DES, and RC4),
|
||||
hash computation (MD5, SHA1, and HMAC), and an extensive set of operations
|
||||
for arbitrary precision arithmetic.
|
||||
It contains a tamper-resistant write-only memory region for storage
|
||||
of cryptographic keys.
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
driver registers support for the following operations with
|
||||
.Xr opencrypto 9 :
|
||||
.Bl -tag -width "CRK_DH_COMPUTE_KEY" -offset indent
|
||||
.It Dv CRYPTO_DES_CBC
|
||||
DES in CBC mode.
|
||||
.It Dv CRYPTO_3DES_CBC
|
||||
Triple-DES in CBC mode.
|
||||
.It Dv CRYPTO_MD5
|
||||
The MD5 hash algorithm.
|
||||
.It Dv CRYPTO_SHA1
|
||||
The SHA-1 hash algorithm.
|
||||
.It Dv CRYPTO_SHA1_HMAC
|
||||
The HMAC message authentication code using SHA-1 as the hash function.
|
||||
.It Dv CRYPTO_MD5_HMAC
|
||||
The HMAC message authentication code using MD5 as the hash function.
|
||||
.It Dv CRK_MOD
|
||||
Compute x modulo y.
|
||||
.It Dv CRK_MOD_ADD
|
||||
Modular addition.
|
||||
.It Dv CRK_MOD_ADDINV
|
||||
Modular additive inversion.
|
||||
.It Dv CRK_MOD_SUB
|
||||
Modular subtraction.
|
||||
.It Dv CRK_MOD_MULT
|
||||
Modular multiplication.
|
||||
.It Dv CRK_MOD_MULTINV
|
||||
Modular multiplicative inversion.
|
||||
.It Dv CRK_MOD_EXP
|
||||
Modular exponentiation.
|
||||
.It Dv CRK_DSA_SIGN
|
||||
DSA signature creation.
|
||||
.It Dv CRK_DSA_VERIFY
|
||||
DSA signature verification.
|
||||
.It Dv CRK_DH_COMPUTE_KEY
|
||||
Diffie-Hellman key computation.
|
||||
.El
|
||||
.Sh PERFORMANCE
|
||||
The
|
||||
.Nm
|
||||
driver can perform several hundred 1024-bit RSA operations per second,
|
||||
and can encrypt and hash about 200Mbit/sec of data with symmetric
|
||||
operations.
|
||||
Each figure is approximately 1/3 the rated throughput for
|
||||
the device.
|
||||
.Pp
|
||||
Several restrictions limit the performance of this driver:
|
||||
.Bl -enum -compact
|
||||
.It
|
||||
The
|
||||
.Dv CRK_MOD_EXP_CRT
|
||||
operation (modular exponentiation with operands in Chinese Remainder
|
||||
Theorem form) is unfortunately not supported because the
|
||||
.Xr opencrypto 9
|
||||
interface specifies this operation in a way which may only be
|
||||
compatible with the
|
||||
.Xr ubsec 4
|
||||
accelerator.
|
||||
.It
|
||||
The handshake operations and record transforms are not supported as they
|
||||
are a poor fit for the current
|
||||
.Xr opencrypto 9
|
||||
API.
|
||||
Support for either would require a method of passing record-transform
|
||||
contexts between layers of the framework, likely in both directions across
|
||||
the user-kernel boundary.
|
||||
Without record operations, the host CPU will almost always
|
||||
perform RC4 faster than the NSP2000, so RC4 support is disabled in the
|
||||
.Nm
|
||||
driver.
|
||||
.It
|
||||
The on-board key memory is not supported.
|
||||
It would be relatively easy to add support for this feature to
|
||||
.Xr opencrypto 9 ,
|
||||
but the interface for supporting this functionality in OpenSSL in
|
||||
OpenSSL is complex and poorly documented, which makes kernel support
|
||||
useless.
|
||||
.It
|
||||
The OpenSSL
|
||||
.Dq engine
|
||||
for
|
||||
.Xr crypto 4
|
||||
does not yet support the HMAC forms of the hash operations, which roughly
|
||||
halves performance for many workloads.
|
||||
.El
|
||||
.Pp
|
||||
On a more positive note, the NSP2000 and
|
||||
.Nm
|
||||
driver offer excellent performance for small modular arithmetic operations,
|
||||
achieving 75,000 or more such operations per second.
|
||||
.Sh SEE ALSO
|
||||
.Xr crypto 4 ,
|
||||
.Xr intro 4 ,
|
||||
.Xr ipsec 4 ,
|
||||
.Xr rnd 4 ,
|
||||
.Xr opencrypto 9
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
device driver is descended from the NetOctave SDK for
|
||||
.Fx 4.11 ,
|
||||
where it was called
|
||||
.Dq noct .
|
||||
It is unrelated to the driver of that
|
||||
name which appeared in
|
||||
.Ox 3.2 ,
|
||||
which does not support the public-key (or other bignum) functions of the
|
||||
device.
|
||||
The
|
||||
.Nm
|
||||
driver was ported to
|
||||
.Nx 5.0
|
||||
by Coyote Point Systems, Inc and generously made available under
|
||||
a BSD-style license by NBMK Encryption Technologies, Inc, the
|
||||
corporate successor of NetOctave.
|
||||
.Pp
|
||||
The
|
||||
.Nm
|
||||
device driver does not currently support the device node interface
|
||||
provided by the original NetOctave
|
||||
.Dq noct
|
||||
driver (which offers handshake acceleration, record operations,
|
||||
memory-mapped handling of packet payloads, and several other useful
|
||||
features) but most of the code to do so is still present, albeit
|
||||
in untested form.
|
||||
.Sh BUGS
|
||||
Support for limitations of the NSP2000 PCI interface (broken burst-mode
|
||||
operation, lack of scatter-gather support) is present but tested only on
|
||||
a fairly small range of host systems.
|
||||
.Pp
|
||||
It appears that most if not all NSP2000 cards ever manufactured were
|
||||
designed to carry either one or two accelerator chips, which suggests
|
||||
that cards exist with both chips populated.
|
||||
The
|
||||
.Nm
|
||||
driver has never been tested with more than one instance present at a time.
|
Loading…
Reference in New Issue