xref: /freebsd/share/man/man4/aesni.4 (revision fa9896e082a1046ff4fbc75fcba4d18d1f2efc19)

.\" Copyright (c) 2010 Konstantin Belousov <kib@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd July 29, 2020
.Dt AESNI 4
.Os
.Sh NAME
.Nm aesni
.Nd "driver for the AES and SHA accelerator on x86 CPUs"
.Sh SYNOPSIS
To compile this driver into the kernel,
place the following lines in your
kernel configuration file:
.Bd -ragged -offset indent
.Cd "device crypto"
.Cd "device cryptodev"
.Cd "device aesni"
.Ed
.Pp
Alternatively, to load the driver as a
module at boot time, place the following line in
.Xr loader.conf 5 :
.Bd -literal -offset indent
aesni_load="YES"
.Ed
.Sh DESCRIPTION
Starting with Intel Westmere and AMD Bulldozer, some x86 processors implement a
new set of instructions called AESNI.
The set of six instructions accelerates the calculation of the key
schedule for key lengths of 128, 192, and 256 of the Advanced
Encryption Standard (AES) symmetric cipher, and provides a hardware
implementation of the regular and the last encryption and decryption
rounds.
.Pp
The processor capability is reported as AESNI in the Features2 line at boot.
.Pp
Starting with the Intel Goldmont and AMD Ryzen microarchitectures, some x86
processors implement a new set of SHA instructions.
The set of seven instructions accelerates the calculation of SHA1 and SHA256
hashes.
.Pp
The processor capability is reported as SHA in the Structured Extended Features
line at boot.
.Pp
The
.Nm
driver does not attach on systems that lack both CPU capabilities.
On systems that support only one of AESNI or SHA extensions, the driver will
attach and support that one function.
.Pp
The
.Nm
driver registers itself to accelerate AES and SHA operations for
.Xr crypto 4 .
Besides speed, the advantage of using the
.Nm
driver is that the AESNI operation
is data-independent, thus eliminating some attack vectors based on
measuring cache use and timings typically present in table-driven
implementations.
.Sh SEE ALSO
.Xr crypt 3 ,
.Xr crypto 4 ,
.Xr intro 4 ,
.Xr ipsec 4 ,
.Xr padlock 4 ,
.Xr random 4 ,
.Xr crypto 7 ,
.Xr crypto 9
.Sh HISTORY
The
.Nm
driver first appeared in
.Fx 9.0 .
SHA support was added in
.Fx 12.0 .
.Sh AUTHORS
.An -nosplit
The
.Nm
driver was written by
.An Konstantin Belousov Aq Mt kib@FreeBSD.org
and
.An Conrad Meyer Aq Mt cem@FreeBSD.org .
The key schedule calculation code was adopted from the sample provided
by Intel and used in the analogous
.Ox
driver.
The hash step intrinsics implementations were supplied by Intel.