NAME
hifn
—
Hifn 7751/7811/7951/7955/7956/9751
crypto accelerator
SYNOPSIS
hifn* at pci?
DESCRIPTION
The hifn
driver supports various cards
containing the Hifn 7751, Hifn 7811, Hifn 7951, Hifn 7955, Hifn 7956, or
Hifn 9751 chipsets, such as
- Invertex AEON
- Comes as 128KB SRAM model, or 2MB DRAM model.
- Hifn 7751
- Reference board with 512KB SRAM.
- PowerCrypt
- Comes with 512KB SRAM.
- PowerCrypt 5x
- Contains a 7956 and supports symmetric encryption (including AES), random number, and modular exponentiation operations.
- XL-Crypt
- Only board based on 7811 (which is faster than 7751 and has a random number generator).
- NetSec 7751
- 7751 board with 1MB of SRAM.
- Soekris Engineering vpn1201 and vpn1211
- Contains a 7951 and supports symmetric encryption and random number operations.
- Soekris Engineering vpn1401 and vpn1411
- Contains a 7955 and supports symmetric encryption (including AES), random number, and modular exponentiation operations.
- Hifn 9751
- Reference board with 512KB SRAM. This is really a Hifn 7751 which only supports compression.
The Hifn 7751, Hifn 7811, Hifn 7951, Hifn 7955, and Hifn 7956 chips all support acceleration of DES, Triple-DES, ARC4, MD5, MD5-HMAC, SHA1, SHA1-HMAC, and LZS operations for ipsec(4) and crypto(4). The Hifn 7955 and Hifn 7956 chips additionally support AES-CBC. The Hifn 9751 only supports LZS.
The Hifn 7811, Hifn 7951, Hifn 7955, and Hifn 7956 will also supply data to the kernel random(4) subsystem.
SEE ALSO
crypt(3), crypto(4), intro(4), ipsec(4), pci(4), random(4), crypto(9)
HISTORY
The hifn
device driver appeared in
OpenBSD 2.7.
BUGS
The 7751 chip starts out at initialization by only supporting compression. A proprietary algorithm, which has been reverse engineered, is required to unlock the cryptographic functionality of the chip. It is possible for vendors to make boards which have a lock ID not known to the driver, but all vendors currently just use the obvious ID which is 13 bytes of 0.
The 7951, 7955 and 7956 have support for public key operations which are not yet supported.