From: Kimmo K. <ko...@gm...> - 2006-11-25 21:51:30
|
On Saturday 25 November 2006 22:38, Marcelo Marleta wrote: > Ipsec-tools calls an cryptographyc algorithm to do authentication and > encryption/decryption of the packets. Only true for IKE but not for encrypting or decrypting ESP data, and ESP is what you want. Read Matthew's post and try to understand what racoon and setkey do and what kernel does in IPsec. > I want that Ipsec-tools calls MY cryptographic algorithm. Wrong, you want to kernel use your function (that uses hardware) when doing AES operations. > For example, in setkey.conf: > Instead of use "-E 3des-cbc" I will put "- E hwaes" and the setkey will > call my cryptographic algorithm. Setkey does not call any cryptographic algorithms. It just tells kernel what to do when kernel sees traffic from A to B. Racoon does encryption and decryption, but not for ESP, only for IKE. Kernel handles ESP encryption and decryption. For more information, read this: http://www.freescale.com/files/technology_publications/doc/Papers/Eintell5076PAPER.pdf Best Regards Kimmo Koivisto > > 2006/11/25, Matthew Grooms <mg...@sh...>: > > Marcelo Marleta wrote: > > > Thanks for the answers. > > > But I think I was not very clear. > > > I have an AES implemented in hardware and I call it using C. I just > > > want to make a branch in the ipsec-tools to call my AES instead of the > > > one that comes with ipsec-tools. > > > I'm changing the parser and I want to know what all the things I have > > > to change in setkey and racoon. > > > For example: which function calls the cryptographyc algorithm? > > > I'm looking at the struct m_sa. I have to use it to make the branch? > > > > Marcelo, > > > > What do you need to accelerate using your AES hardware? The > > ipsec-tools > > package only includes an internet key exchange daemon and the pfkey > > utilities. If you want to accelerate ipsec packet processing, you need > > to look at the kernel sources as Emmanuel suggested. If you want to > > accelerate key exchange, racoon uses the openssl libcrypto which has a > > framework for hardware acceleration. > > > > -Matthew |