[strongSwan] difference between 'aes128' and 'aes128gcm8' notation in 'esp' cypher algo
sahmed at adax.co.uk
Thu Jul 17 15:23:04 CEST 2014
I am trying to use aes-gcm crypto algorithm in my setup where the cpu
has 'aes' instruction enabled and the relevant drivers are loaded:
lsmod | grep -e aes -e gcm
gcm 10857 0
aesni_intel 12915 4
cryptd 8006 4 ghash_clmulni_intel,aesni_intel
aes_x86_64 7961 1 aesni_intel
aes_generic 27609 2 aesni_intel,aes_x86_64
I compiled Strongswan with --enable-gcm and added the 'gcm' plugin in
the strongswan.conf file.
If I use 'aes128gcm8' as 'esp' in ipsec.conf I get poor performance (60%
less throughput on UDP traffic) than using only 'aes128'.
My question is :
1) with only 'aes128' what integrity algo does it actually use?
2) To enable and use 'aes128gcm8' effectively (as expecting better
throughput) do I need to take any extra steps than the above?
I tried with using PRF for GCM resulting no improvement.
Shahreen Noor Ahmed
Network Support Department
Adax Europe Ltd
e-mail: sahmed at adax.co.uk
Direct line: +44(0)118 952 2804
More information about the Users