[Openswan dev] Accelerating IPSec
david_mccullough at au.securecomputing.com
Sat Mar 4 10:18:48 CET 2006
Jivin Panayotis Tziaros lays it down ...
> Hi all,
> I develop a software that expoits the MPC's 8248 Security Engine
> capabilities in order to use it in openswan. I want to ask you if the
> connection of this software and openswan should be done through
> CryptoAPI making a "new" encryption algorithm or by modifying the
> built-in crypto and hashing functions that exist in openswan ? It seems
> (is that true ?) that CryptoAPI can be used from openswan only for
> cipher algorithms and not for hashing. For example I didn't see anywhere
CryptoAPI is used for both ciphers and hashes (auth), check in
ipsec_alg.c for the code.
> in ipsec_alg_cryptoapi.c a function that assigns a hashing algorithm.
> Also I saw that in ipsec_esp.c or in ipsec_ah.c that only built-in 3DES
> or MD5 or SHA1 algorithms are used (e.g. in ipsec_xmit_esp_setup).
No, it can use either the builtin ones or the CryptoAPI (ALG) ones.
Look for the various ifdef CONFIG_KLIPS_ALG's to find the code.
If you are implementing a HW solution, and it is capable of
asynchronous (ie., interrupt driven) operation perhaps you should look
It gives you a framework for accelerating OpenSwan, OpenSSL and OpenSSH
and other things,
David McCullough, david_mccullough at au.securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear http://www.uCdot.org http://www.cyberguard.com
More information about the Dev