[Openswan dev] Accelerating IPSec

David McCullough david_mccullough at au.securecomputing.com
Sat Mar 4 10:18:48 CET 2006

Jivin Panayotis Tziaros lays it down ...
> Hi all,
> I develop a software that expoits the MPC's 8248 Security Engine 
> capabilities in order to use it in openswan. I want to ask you if the 
> connection of this software and openswan should be done through 
> CryptoAPI making a "new" encryption algorithm or by modifying the 
> built-in crypto and hashing functions that exist in openswan ? It seems 
> (is that true ?) that CryptoAPI can be used from openswan only for 
> cipher algorithms and not for hashing. For example I didn't see anywhere 

CryptoAPI is used for both ciphers and hashes (auth),  check in
ipsec_alg.c for the code.

> in ipsec_alg_cryptoapi.c a function that assigns a hashing algorithm. 
> Also I saw that in ipsec_esp.c or in ipsec_ah.c that only built-in 3DES 
> or MD5 or SHA1 algorithms are used (e.g. in ipsec_xmit_esp_setup).

No,  it can use either the builtin ones or the CryptoAPI (ALG) ones.
Look for the various ifdef CONFIG_KLIPS_ALG's to find the code.

If you are implementing a HW solution,  and it is capable of
asynchronous (ie., interrupt driven) operation perhaps you should look


It gives you a framework for accelerating OpenSwan, OpenSSL and OpenSSH
and other things,


David McCullough, david_mccullough at au.securecomputing.com, Ph:+61 734352815
Secure Computing - SnapGear  http://www.uCdot.org http://www.cyberguard.com

More information about the Dev mailing list