[Pkg-swan-devel] plugin aesni ?

Yves-Alexis Perez corsac at debian.org
Mon Mar 14 15:55:56 UTC 2016


On lun., 2016-03-14 at 16:51 +0100, Yves-Alexis Perez wrote:
> On lun., 2016-03-14 at 16:47 +0100, Arnaud Gavara wrote:
> > 
> > In 5.3.1 Changelog:
> > "
> > The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
> > primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
> > instructions and works on both x86 and x64 architectures. It provides
> > superior crypto performance in userland without any external libraries.
> > "
> > I don't think that aesni plugin is using libipsec, but perhaps I'm wrong.
> It's the other way around. libipsec uses aesni plugin when needed. Read the
> above paragraph, emphasis on *userland*. We don't build/use userland IPsec,
> everything is done in the kernel.

Actually you're right, it does make sense. The IKE_SA will use some symmetric
encryption and is maintained by charon, not the kernel.

Regards,
-- 
Yves-Alexis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-swan-devel/attachments/20160314/a50ca7d4/attachment.sig>


More information about the Pkg-swan-devel mailing list