SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.vpngate.net/

Use of AES-NI Intel instruction set

https://forum.vpngate.net/viewtopic.php?f=7&t=4291

Page 1 of 1

Use of AES-NI Intel instruction set

Posted: Mon Feb 23, 2015 6:33 pm
by onoff
Hello,

I'm wondering if on Intel CPUs (like recent i5, i7 and Xeon) SoftEther checks the presence of the AES-NI instruction set and, if so, exploit if for AES en/decryption. According to some estimates, AES-NI can encrypt at a rate of 3.5 cycles/byte.

Regards
Michel Onoff

Re: Use of AES-NI Intel instruction set

Posted: Wed Feb 25, 2015 3:01 pm
by dajhorn
Yes, SoftEther has AES-NI support:

* https://github.com/SoftEtherVPN/SoftEth ... qua.h#L215

SoftEther for Linux uses libssl for most cryptography, which is bundled as a static object in the official release.

If SoftEther for Linux is recompiled to use the system library, and the system library is configured to use hardware acceleration, then performance can be further improved. The OpenSSL documentation applies here.

However, network capacity is the limiting factor for throughput in most VPN deployments. For example, I have a 300 MHz ARM SoC that can saturate a 10Mbps port with a vanilla OpenSSL build, and one core on a modern desktop CPU can easily do 100Mbps.

Re: Use of AES-NI Intel instruction set

Posted: Mon Mar 30, 2015 2:03 am
by PacoBell
Does this also hold true as the number of concurrent users increase? Also, why do we continue to use AES-CBC when we should be moving to AES-GCM?

http://googleonlinesecurity.blogspot.co ... esses.html

https://software.intel.com/en-us/blogs/ ... ementation
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/