[strongSwan] Enabling AES-NI in strongswan

Kapil Adhikesavalu kapil20084 at gmail.com
Mon Jun 20 08:36:35 CEST 2016


i am looking for ways to improve the throughput while using the strongswan

I read that AES-GCM provides excellent throughput over default AES-CBC-128 when
used with AES-NI support in intel processors.

i want to enable AES-GCM128 cipher in my xeon E5 processor, and from
looking at the Intel white paper, it mentioned about using "Linux
AES-NI-GCM Crypto Plug-in" to enable this support.
It described about a patch to existing AES-NI driver file, called
aesni-intel_glue.c and aesni-intel_asm.s.


1. There is strongswan plugin for intel AES-NI, Can somebody confirm/tell
me a way to find if this is the same plugin as the one mentioned in intel
Doc ? To me it looks like that, but i wanted to check with someone who
might be already using this.
2.  Is there some other way to get higher throughput ?
pcrypt module is available, will it work with AES-GCM ?

*libstrongswan plugin : *

aesni - Intel AES-NI crypto plugin (since 5.3.1

The new *aesni* plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM
crypto primitives
for AES-128/192/256.

The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86
and x64 architectures. It provides superior crypto performance in userland
without any external libraries.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160620/dbc05f67/attachment.html>

More information about the Users mailing list