[Pkg-swan-devel] plugin aesni ?
corsac at debian.org
Mon Mar 14 15:55:56 UTC 2016
On lun., 2016-03-14 at 16:51 +0100, Yves-Alexis Perez wrote:
> On lun., 2016-03-14 at 16:47 +0100, Arnaud Gavara wrote:
> > In 5.3.1 Changelog:
> > "
> > The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
> > primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
> > instructions and works on both x86 and x64 architectures. It provides
> > superior crypto performance in userland without any external libraries.
> > "
> > I don't think that aesni plugin is using libipsec, but perhaps I'm wrong.
> It's the other way around. libipsec uses aesni plugin when needed. Read the
> above paragraph, emphasis on *userland*. We don't build/use userland IPsec,
> everything is done in the kernel.
Actually you're right, it does make sense. The IKE_SA will use some symmetric
encryption and is maintained by charon, not the kernel.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: This is a digitally signed message part
More information about the Pkg-swan-devel