next up previous
Next: 4.23.2 023: response Up: 4.23 023: standard crypto Previous: 4.23 023: standard crypto

4.23.1 023: Definition of requirement

The current KLIPS1 encapsulation and decapsulation routines make explicit synchronous calls to the 3DES encrypt and decrypt functions. This causes three problems:

  1. it makes it difficult to add new algorithms, both at compile time and at runtime.
  2. it fails to make use of multiprocessor systems effectively
  3. it fails to interface nicely to hardware acceleration devices

A standard API from FreeSWAN KLIPS to algorithm functions (e.g. 3DES-MD5-ESP) would provide for plug and play capabilities for algorithms.

An asynchronous interface would permit multiple processors or hardware accelerators to interface easily as well.

Despite this, the packets must still emerge from the system in the same order that they arrived. That is, they must not be reordered, as this causes inefficiencies for TCP.

Michael Richardson