Use of AES-NI Intel instruction set

onoff · Post by **onoff** » Mon Feb 23, 2015 6:33 pm

Hello,

I'm wondering if on Intel CPUs (like recent i5, i7 and Xeon) SoftEther checks the presence of the AES-NI instruction set and, if so, exploit if for AES en/decryption. According to some estimates, AES-NI can encrypt at a rate of 3.5 cycles/byte.

Regards
Michel Onoff

dajhorn · Post by **dajhorn** » Wed Feb 25, 2015 3:01 pm

Yes, SoftEther has AES-NI support:

* https://github.com/SoftEtherVPN/SoftEth ... qua.h#L215

SoftEther for Linux uses libssl for most cryptography, which is bundled as a static object in the official release.

If SoftEther for Linux is recompiled to use the system library, and the system library is configured to use hardware acceleration, then performance can be further improved. The OpenSSL documentation applies here.

However, network capacity is the limiting factor for throughput in most VPN deployments. For example, I have a 300 MHz ARM SoC that can saturate a 10Mbps port with a vanilla OpenSSL build, and one core on a modern desktop CPU can easily do 100Mbps.

PacoBell · Post by **PacoBell** » Mon Mar 30, 2015 2:03 am

Does this also hold true as the number of concurrent users increase? Also, why do we continue to use AES-CBC when we should be moving to AES-GCM?

http://googleonlinesecurity.blogspot.co ... esses.html

https://software.intel.com/en-us/blogs/ ... ementation

Use of AES-NI Intel instruction set

Use of AES-NI Intel instruction set

Re: Use of AES-NI Intel instruction set

Re: Use of AES-NI Intel instruction set