Hi Jan Just, Tony, On 07/12/2020 10:10, Jan Just Keijser wrote: > Thank you very much for adding this so quickly; it won't help Tony He > though, as he is stuck using a rather old AL314 + R9000 chip which does > not support CCM or GCM. I just checked the driver code and indeed there > is no HW support for GCM. They *do* support some AEAD algorithms: > > authenc-hmac-sha256-cbc-aes > authenc-hmac-sha384-cbc-aes > > which are listed as the (true) AEAD equivalent of AES+SHA ; the question > is : how hard would it be to add support for this (and would it be worth > it?)
I would ask the same question to the vendor: how hard would it be to support AES-GCM in the current HW engine? Any info about that? They are the best recipient for such feature request I think. As far as I understood the HW engine is also open source, so actually anybody with the right motivation could take up that task. Forcing ourselves to sticking to legacy algorithms is not the right move, imho (especially when there are solutions - see above). To answer your question: my feeling is that working on it is not worth the benefit. Regards, -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
