version 1.68, 2000/11/08 21:24:54 |
version 1.69, 2000/11/08 21:57:50 |
|
|
<p> |
<p> |
<li><b>HiFn 7751</b><br> |
<li><b>HiFn 7751</b><br> |
Cards using the <a href="http://www.hifn.com/products/7751.html">HiFn 7751</a> |
Cards using the <a href="http://www.hifn.com/products/7751.html">HiFn 7751</a> |
can be used as a cryptographic accelerator (ie. |
can be used as a symmetric cryptographic accelerator (ie. |
<a href="http://www.powercrypt.com">PowerCrypt</a>). |
<a href="http://www.powercrypt.com">PowerCrypt</a>). |
Current performance using a single Hifn 7751 on each end of a tunnel |
Current performance using a single Hifn 7751 on each end of a tunnel |
is 63Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over |
is 63Mbit/sec for 3DES/SHA1 ESP, nearly a 600% improvement over |
|
|
threatened to sue us over our non-USA reverse engineering of their |
threatened to sue us over our non-USA reverse engineering of their |
crypto unlock algorithm). |
crypto unlock algorithm). |
<p> |
<p> |
|
|
|
<li><b>Hifn 6500</b><br> |
|
This device is an assymetric crypto unit. It has support for RSA, DSA, |
|
and DH algorithms, as well as other major big number functions. It also |
|
contains a very high performance random number generator. We have one |
|
device, full documention, and sample code. Development has not yet |
|
started. |
|
<p> |
|
|
<li><b>Broadcom BCM5805 (or beta chip Bluesteelnet 5501)</b><br> |
<li><b>Broadcom BCM5805 (or beta chip Bluesteelnet 5501)</b><br> |
Just after the OpenBSD 2.7 release, we succeeded at adding preliminary |
Just after the OpenBSD 2.7 release, we succeeded at adding preliminary |
support for these early release parts provided to us by the vendor, |
support for these early release parts provided to us by the vendor, |
specifically starting with the test chip |
specifically starting with the test chip |
<a href="http://www.bluesteelnet.com/product.html">5501</a>. |
<a href="http://www.bluesteelnet.com/product.html">5501</a>. |
|
These devices provide the highest performance symmetric cryptography |
|
we have seen. |
|
<p> |
Bluesteelnet was bought by Broadcom and started making real parts. |
Bluesteelnet was bought by Broadcom and started making real parts. |
Their new BCM5805 is similar, except that they also add an asymetric |
Their new BCM5805 is similar, except that they also add an asymetric |
engine for running DSA, RSA, and other such algorithms. With approximate |
engine for running DSA, RSA, and other such algorithms. With approximate |
|
|
hopefully this chip will become more common soon. |
hopefully this chip will become more common soon. |
<p> |
<p> |
The Broadcom/Bluesteelnet people have been great to deal with. They gave |
The Broadcom/Bluesteelnet people have been great to deal with. They gave |
us complete documentation for their chips and a sufficient number of cards |
us complete documentation and sample code for their chips and a |
to test with. |
sufficient number of cards to test with. |
<p> |
<p> |
|
|
<li><b>Pijnenburg PCC-ISES</b><br> |
<li><b>Pijnenburg PCC-ISES</b><br> |
|
|
<li><b>IRE 2141</b><br> |
<li><b>IRE 2141</b><br> |
We have received documentation and sample hardware for the |
We have received documentation and sample hardware for the |
<a href="http://www.ire.com/OEM/OEMTechnologyDefault.htm">IRE</a> crypto |
<a href="http://www.ire.com/OEM/OEMTechnologyDefault.htm">IRE</a> crypto |
cards based on the SafeNet chipset. We would like to get started on |
cards based on the SafeNet chipset. Work to support at least the |
supporting these soon. |
symmetric cryptography of these devices has started. |
<p> |
<p> |
|
|
<li><b>Other cards</b><br> |
<li><b><a href="http://www.3com.com/promotions/3c990promo/index.html"> |
We would like to move towards supporting other chips such as: |
3com 3c990</a></b><br> |
<ul> |
3com don't yet fully understand how they could benefit from giving |
|
us documentation for their cryptography cards, so feel free to contact |
|
them independently and encourage them. We had good conversations with |
|
them, but then the people we talked to change positions. We have given |
|
up talking to them, since it appears to be a waste of time. |
|
<p> |
|
|
<li><a href="http://www.3com.com/promotions/3c990promo/index.html">3com 3c990</a> |
<li><b>Intel IPSEC card</b><br> |
<li>An unnamed Intel card |
Much like 3COM, Intel has been refusing to get us documentation. We |
<li>and others |
have talked to about five technical people who are involved in the |
</ul> |
development of those products. They all wanted us to have documentation. |
|
They commend us on what we have done. But their hands are tied by |
|
management who does not perceive a benefit to themselves for providing |
|
documentation. |
<p> |
<p> |
Intel (and 3com to a lesser degree) don't yet fully understand how |
|
they could benefit from giving us documentation for their cryptography |
|
cards, so feel free to contact them independently and encourage them. |
|
We have given up talking to them, since it appears to be a waste of time. |
|
<p> |
|
<b>If people wish to help with writing drivers, |
|
<a href=#people>come and help us</a>.</b> |
|
<p> |
|
<li><b>Intel 82802AB/82802AC Firmware Hub RNG</b><br> |
<li><b>Intel 82802AB/82802AC Firmware Hub RNG</b><br> |
The 82802 FWH chip (found on i810, i820, and i840 motherboards) contains |
The 82802 FWH chip (found on i810, i820, and i840 motherboards) contains |
a random number generator (RNG). High-performance IPSEC requires more |
a random number generator (RNG). High-performance IPSEC requires more |
random number entropy. As of April 10, 2000, we support the RNG. We |
random number entropy. As of April 10, 2000, we support the RNG. We |
will add support for other RNG's found on crypto chips. |
will add support for other RNG's found on crypto chips. |
<p> |
<p> |
|
|
<li><b>OpenSSL</b><br> |
<li><b>OpenSSL</b><br> |
We have grand schemes for supporting crypto cards that can do RSA or DSA, |
We have grand schemes for supporting crypto cards that can do RSA or DSA, |
and exporting the functions of all crypto cards to OpenSSL so that |
and exporting the functions of all crypto cards to OpenSSL so that |
|
|
<a href="http://www.modssl.org/">apache https</a>, etc) |
<a href="http://www.modssl.org/">apache https</a>, etc) |
can benefit. |
can benefit. |
</ul> |
</ul> |
|
|
|
<p> |
|
<b>If people wish to help with writing drivers, |
|
<a href=#people>come and help us</a>.</b> |
|
|
<p> |
<p> |
<a name=people></a> |
<a name=people></a> |