Hardware Crypto Support In OpenBSD

As seen on the OpenBSD -announce list, OpenBSD now has hardware cryptographic support to boost IPSEC performance. "Currently, only cards using the HiFn 7751 chip can be used. This Hifn chip is an IPSEC-oriented DES/3DES and SHA1/MD5 hmac engine; ie. only symmetric cryptography..&nbsp.we are getting 63.12Mb/s 3des/sha1 ESP IPSEC. That's documented as the top performance the chip can provide. In other words, we're pretty damn impressed at ourselves." Read on for more from the message, or go straight to the OpenBSD Hardware Crypto page.

"Further work will now happen. We wish to support other products (ie. IRE, Bluesteelnet, perhaps even 3COM or PCC-ISES if they would open their minds). Some crypto chip vendors are being extremely friendly to us. If anyone wants to help write drivers, get in touch."

We also hope to add more parts to our cryptography framework so that it can supply RSA/DSA type operations for chips that support that, so that OpenSSL can use the framework, and thus enhancing everything from https to ssh performance. We have grand schemes in mind."

"If you order a card from www.powercrypt.com, tell them you intend to use it with OpenBSD. I have heard rumours they are allowed to export it."

"Most of this work was done by Jason Wright and Angelos Keromytis."