On Tue, 31 May 2016, Michael Furman wrote: [ skipped everything Andrew already answered ]
2) According to the following link not all AES-NI hardware accelerators support AES_GCM: https://libreswan.org/wiki/Benchmarking_and_Performance_testing#x86_64_NUMA_Xeon_with_Intel_QuickAssist_PCIe We run on RHEL6. Do you expect any issue with AES-NI hardware accelerators and AES_GCM?
If the acceleration isn't supported, the kernel will automatically fall back to software. So you shouldn't ever run into issues. If your hardware does not support the GHASH acceleration, then aes_ctr and aes_gcm are not especially accelerated. You should do a meassurement of aes_gcm versus aes on your hardware to determine which is faster for you. (I think aes_gcm might still be partially accelerated without ghash, but I'm not 100% sure of that) Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
