You have to differentiate between IKE which relies on userland crypto and ESP which requires kernel crypto. For kernel crypto only the kernel crypto API of the Linux 2.6 kernel (k) can be used.
For userland crypto there are several alternatives. I personally prefer the combination "gmp" and "openssl" which uses the very fast GNU Multi-Precision library for big number operations and openssl for everything else including elliptic curve cryptography. Gcrypt is about two times slower for big number operations than gmp and AF_ALG which offers a userland interface to the Linux 2.6 kernel crypto API has quite a large overhead in calling kernel functions but has the advantage that e.g. only one crypto library has to be certified and the userland might profit from hardware acceleration made available by special kernel drivers. Regards Andreas On 09/25/2011 03:45 PM, nima chavooshi wrote: > Hi > I have found some details on different crypto library on this page: > http://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites > > On this page there some explanation about supported crypto library as below: > x default built-in crypto library > o OpenSSL crypto library > g Gcrypt crypto library > a AF_ALG userland crypto API for Linux 2.6.38 kernel or newer > k Linux 2.6 kernel > > It means that every library itself implemented cryptography algorithm. > Now my question is: > Which crypto library is fast and more reliable? and which one do I use? > > Thanks in advance ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
