> On Dec 9, 2017, at 6:36 PM, Erik Anderson <erike...@gmail.com> wrote: > > On Sat, Dec 9, 2017 at 2:56 PM, Chris L <c...@viptalk.net> wrote: >> AES-GCM with all hashes disabled in the ESP/Phase 2. > > I'm curious why you recommend this. I'm not being contrary, just > curious. I've always had hashing enabled for both P1 and P2s. Is this > something unique to AES-GCM?
AES-GCM is an AEAD algorithm. https://en.wikipedia.org/wiki/Authenticated_encryption <https://en.wikipedia.org/wiki/Authenticated_encryption> That means you don’t need the AH with AES-GCM (you can still use it, but it’s only going to slow you down.) The HMAC-SHA1 is a complete second pass over the packet when using AH. Also, until Goldmont (e.g. C3000) there aren’t any instructions to speed up SHA. You can leave the hashes enabled on the P1s without great consequence. (I tend to use AES-CBC + HMAC-SHA1 for the P1, and AES-GCM for the P2.) Speaking to the original thread: Using OpenSSL, AES-GCM is over twice as fast as AES-CBC on an E5 Xeon https://software.intel.com/en-us/articles/aes-gcm-encryption-performance-on-intel-xeon-e5-v3-processors <https://software.intel.com/en-us/articles/aes-gcm-encryption-performance-on-intel-xeon-e5-v3-processors> That paper also shows the total gain of AES-GCM .vs AES-CBC + HMAC-SHA1 is 4.5x On a 4860 AES-GCM is about 2.33X AES-CBC for 1024 byte packets. OpenSSL 1.0.2m-freebsd 2 Nov 2017 built on: date not available options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: clang The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes aes-128-gcm 115071.69k 228127.15k 318135.73k 358155.93k 367813.84k aes-128-cbc 4877.33k 18806.89k 63629.80k 153355.25k 258233.02k aes-128-cbc-hmac-sha1 69219.79k 131366.66k 166310.72k 182410.40k 188056.86k Anyway, the speedup is why we did the work to put AES-GCM support for IPsec in FreeBSD. Jim _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
