196 lines
6.3 KiB
Groff
196 lines
6.3 KiB
Groff
.\" $NetBSD: nsp.4,v 1.2 2008/11/03 08:48:41 wiz Exp $
|
|
.\"
|
|
.\" Copyright (c) 2008 The NetBSD Foundation, Inc.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" This code is derived from software contributed to The NetBSD Foundation
|
|
.\" by Coyote Point Systems, Inc.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
.\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
|
|
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
|
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
|
.\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
.\" POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd November 2, 2008
|
|
.Dt NSP 4
|
|
.Os
|
|
.Sh NAME
|
|
.Nm nsp
|
|
.Nd NBMK/CyberGuard/NetOctave NSP2000 crypto accelerator
|
|
.Sh SYNOPSIS
|
|
.Cd "nsp* at pci? dev ? function ?"
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
driver supports cards using the NSP2000 cryptographic processor,
|
|
originally manufactured and sold by NetOctave, then CyberGuard, and
|
|
presently (late 2008) by NBMK Encryption Technologies.
|
|
.Pp
|
|
The NSP2000 is a cryptographic
|
|
.Dq packet processor
|
|
or
|
|
.Dq macro processor
|
|
featuring extensive support for protocol handshake acceleration
|
|
and protocol record operations (e.g. single-pass pad-encrypt-and-hash
|
|
for SSL or ESP messages).
|
|
It also provides various cryptographic and mathematical primitives
|
|
such as random number generation, encryption/decryption (DES, 3DES, and RC4),
|
|
hash computation (MD5, SHA1, and HMAC), and an extensive set of operations
|
|
for arbitrary precision arithmetic.
|
|
It contains a tamper-resistant write-only memory region for storage
|
|
of cryptographic keys.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
driver registers support for the following operations with
|
|
.Xr opencrypto 9 :
|
|
.Bl -tag -width "CRK_DH_COMPUTE_KEY" -offset indent
|
|
.It Dv CRYPTO_DES_CBC
|
|
DES in CBC mode.
|
|
.It Dv CRYPTO_3DES_CBC
|
|
Triple-DES in CBC mode.
|
|
.It Dv CRYPTO_MD5
|
|
The MD5 hash algorithm.
|
|
.It Dv CRYPTO_SHA1
|
|
The SHA-1 hash algorithm.
|
|
.It Dv CRYPTO_SHA1_HMAC
|
|
The HMAC message authentication code using SHA-1 as the hash function.
|
|
.It Dv CRYPTO_MD5_HMAC
|
|
The HMAC message authentication code using MD5 as the hash function.
|
|
.It Dv CRK_MOD
|
|
Compute x modulo y.
|
|
.It Dv CRK_MOD_ADD
|
|
Modular addition.
|
|
.It Dv CRK_MOD_ADDINV
|
|
Modular additive inversion.
|
|
.It Dv CRK_MOD_SUB
|
|
Modular subtraction.
|
|
.It Dv CRK_MOD_MULT
|
|
Modular multiplication.
|
|
.It Dv CRK_MOD_MULTINV
|
|
Modular multiplicative inversion.
|
|
.It Dv CRK_MOD_EXP
|
|
Modular exponentiation.
|
|
.It Dv CRK_DSA_SIGN
|
|
DSA signature creation.
|
|
.It Dv CRK_DSA_VERIFY
|
|
DSA signature verification.
|
|
.It Dv CRK_DH_COMPUTE_KEY
|
|
Diffie-Hellman key computation.
|
|
.El
|
|
.Sh PERFORMANCE
|
|
The
|
|
.Nm
|
|
driver can perform several hundred 1024-bit RSA operations per second,
|
|
and can encrypt and hash about 200Mbit/sec of data with symmetric
|
|
operations.
|
|
Each figure is approximately 1/3 the rated throughput for
|
|
the device.
|
|
.Pp
|
|
Several restrictions limit the performance of this driver:
|
|
.Bl -enum -compact
|
|
.It
|
|
The
|
|
.Dv CRK_MOD_EXP_CRT
|
|
operation (modular exponentiation with operands in Chinese Remainder
|
|
Theorem form) is unfortunately not supported because the
|
|
.Xr opencrypto 9
|
|
interface specifies this operation in a way which may only be
|
|
compatible with the
|
|
.Xr ubsec 4
|
|
accelerator.
|
|
.It
|
|
The handshake operations and record transforms are not supported as they
|
|
are a poor fit for the current
|
|
.Xr opencrypto 9
|
|
API.
|
|
Support for either would require a method of passing record-transform
|
|
contexts between layers of the framework, likely in both directions across
|
|
the user-kernel boundary.
|
|
Without record operations, the host CPU will almost always
|
|
perform RC4 faster than the NSP2000, so RC4 support is disabled in the
|
|
.Nm
|
|
driver.
|
|
.It
|
|
The on-board key memory is not supported.
|
|
It would be relatively easy to add support for this feature to
|
|
.Xr opencrypto 9 ,
|
|
but the interface for supporting this functionality in OpenSSL in
|
|
OpenSSL is complex and poorly documented, which makes kernel support
|
|
useless.
|
|
.It
|
|
The OpenSSL
|
|
.Dq engine
|
|
for
|
|
.Xr crypto 4
|
|
does not yet support the HMAC forms of the hash operations, which roughly
|
|
halves performance for many workloads.
|
|
.El
|
|
.Pp
|
|
On a more positive note, the NSP2000 and
|
|
.Nm
|
|
driver offer excellent performance for small modular arithmetic operations,
|
|
achieving 75,000 or more such operations per second.
|
|
.Sh SEE ALSO
|
|
.Xr crypto 4 ,
|
|
.Xr fast_ipsec 4 ,
|
|
.Xr intro 4 ,
|
|
.Xr rnd 4 ,
|
|
.Xr opencrypto 9
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
device driver is descended from the NetOctave SDK for
|
|
.Fx 4.11 ,
|
|
where it was called
|
|
.Dq noct .
|
|
It is unrelated to the driver of that
|
|
name which appeared in
|
|
.Ox 3.2 ,
|
|
which does not support the public-key (or other bignum) functions of the
|
|
device.
|
|
The
|
|
.Nm
|
|
driver was ported to
|
|
.Nx 5.0
|
|
by Coyote Point Systems, Inc and generously made available under
|
|
a BSD-style license by NBMK Encryption Technologies, Inc, the
|
|
corporate successor of NetOctave.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
device driver does not currently support the device node interface
|
|
provided by the original NetOctave
|
|
.Dq noct
|
|
driver (which offers handshake acceleration, record operations,
|
|
memory-mapped handling of packet payloads, and several other useful
|
|
features) but most of the code to do so is still present, albeit
|
|
in untested form.
|
|
.Sh BUGS
|
|
Support for limitations of the NSP2000 PCI interface (broken burst-mode
|
|
operation, lack of scatter-gather support) is present but tested only on
|
|
a fairly small range of host systems.
|
|
.Pp
|
|
It appears that most if not all NSP2000 cards ever manufactured were
|
|
designed to carry either one or two accelerator chips, which suggests
|
|
that cards exist with both chips populated.
|
|
The
|
|
.Nm
|
|
driver has never been tested with more than one instance present at a time.
|