[strongSwan] Enabling AES-NI in strongswan
kapil20084 at gmail.com
Mon Jun 20 08:36:35 CEST 2016
i am looking for ways to improve the throughput while using the strongswan
I read that AES-GCM provides excellent throughput over default AES-CBC-128 when
used with AES-NI support in intel processors.
i want to enable AES-GCM128 cipher in my xeon E5 processor, and from
looking at the Intel white paper, it mentioned about using "Linux
AES-NI-GCM Crypto Plug-in" to enable this support.
It described about a patch to existing AES-NI driver file, called
aesni-intel_glue.c and aesni-intel_asm.s.
1. There is strongswan plugin for intel AES-NI, Can somebody confirm/tell
me a way to find if this is the same plugin as the one mentioned in intel
Doc ? To me it looks like that, but i wanted to check with someone who
might be already using this.
2. Is there some other way to get higher throughput ?
pcrypt module is available, will it work with AES-GCM ?
*libstrongswan plugin : *
aesni - Intel AES-NI crypto plugin (since 5.3.1
The new *aesni* plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM
The plugin requires AES-NI and PCLMULQDQ instructions and works on both x86
and x64 architectures. It provides superior crypto performance in userland
without any external libraries.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users