<div dir="ltr">Hi,<div><br></div><div>i am looking for ways to improve the throughput while using the strongswan IPSEC. </div><div><br></div><div>I read that AES-GCM provides excellent throughput over default <span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">AES-CBC-128 </span>when used with AES-NI support in intel processors.<br></div><div><br></div><div>i want to enable AES-GCM128 cipher in my xeon E5 processor, and from looking at the Intel white paper, it mentioned about using "Linux AES-NI-GCM Crypto Plug-in" to enable this support. </div><div>It described about a patch to existing AES-NI driver file, called
aesni-intel_glue.c and aesni-intel_asm.s.<br></div><div><br></div><div><div><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="font-family:Arial,sans-serif">Paper: <a href="http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html">http://www.intel.com/content/www/us/en/intelligent-systems/wireless-infrastructure/aes-ipsec-performance-linux-paper.html</a></span></p></div><div><br></div><div>1. There is strongswan plugin for intel AES-NI, Can somebody confirm/tell me a way to find if this is the same plugin as the one mentioned in intel Doc ? To me it looks like that, but i wanted to check with someone who might be already using this.</div><div>2. Is there some other way to get higher throughput ? </div><div>pcrypt module is available, will it work with AES-GCM ?</div><div><br></div><div><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="font-family:Arial,sans-serif"><b>libstrongswan plugin : </b></span></p>
<p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="font-family:Arial,sans-serif">aesni - Intel AES-NI crypto plugin (since <a href="https://wiki.strongswan.org/versions/56" style="word-wrap:break-word"><span style="font-family:Calibri,sans-serif;color:rgb(34,34,34);text-decoration:none">5.3.1</span></a>)</span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px"><br></span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">The new </span><em style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">aesni</em><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px"> </span><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto </span><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">primitives for AES-128/192/256.</span></p><p class="MsoNormal" style="background-image:initial;background-repeat:initial"><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">The plugin requires AES-NI and PCLMULQDQ </span><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">instructions and works on both x86 and x64 architectures. It provides </span><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;line-height:16.2px">superior crypto performance in userland without any external libraries.</span></p></div><div><br></div><div>Thanks</div><div>kapil.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div>