Skip to content

hzhuang1/uadk_engine

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OpenSSL engine for uadk
=================

- [Prerequisites](#prerequisites)
- [Installation Instruction](#installation-instruction)
	- [Build & Install OpenSSL](#build-&-install-openssl)
	- [Build & Install UADK](#build-&-install-uadk)
	- [Build & Install OpenSSL UADK engine](#build-&-install-openssl-uadk-engine)
	- [Testing](#testing)

Prerequisites
=============
* CPU: aarch64
* OpenSSL: 1.1.1f
* libnuma
* zlib

Installation Instruction
========================

Build & Install OpenSSL
-----------------------

```
    git clone https://github.com/openssl/openssl.git
    cd openssl
    git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
    ./config -Wl,-rpath=/usr/local/lib
    make
    make test
    sudo make install
    openssl version
```

Build & Install UADK
--------------------

```
    git clone https://github.com/Linaro/uadk.git
    cd uadk
    ./cleanup.sh
    ./autogen.sh
    ./conf.sh
    make
    sudo make install
```
* If get error:"cannot find -lnuma", please install the libnuma-dev
* If get error:"fatal error: zlib.h: No such file or directory", please install zlib.

Build & Install OpenSSL UADK Engine
-----------------------------------
```
    git clone https://github.com/Linaro/openssl-uadk.git
    cd openssl-uadk
    autoreconf -i
    ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae
    make
    sudo make install

    Option --enable-kae can be chosen to enable KAE for non-sva version
```

Testing
-------
```
    sudo test/sanity_test.sh
```
1. Cipher
```
openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456  -K abc -iv abc -engine uadk_engine -p
openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc
openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc
openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc
```
2. RSA
```
openssl genrsa -out prikey.pem -engine uadk_engine 2048
openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine
openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine
openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine
openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine
openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine
openssl speed -elapsed -engine uadk_engine rsa2048
openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048
```
3. SM3
```
openssl sm3 -engine uadk_engine data
```
4. MD5
```
openssl speed -engine uadk_engine -async_jobs 1 -evp md5
```
5. SHA
```
openssl sha1 -engine uadk_engine data
openssl sha256 -engine uadk_engine data
openssl sha512 -engine uadk_engine data
```
6. DH

[step 1] Generate global public parameters, and save them in the file
dhparam.pem:
```
openssl dhparam -out dhparam.pem 2048
```
[step 2] Generate own private key:
```
openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
```
[step 3] Generate public key:
```
openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
```
[step 4] After exchanging public key, each user can derive the shared secret:
```
openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
secret1.bin -engine uadk_engine
openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
secret2.bin -engine uadk_engine
```
[step 5] Check secret1.bin and secret2.bin:
```
cmp secret1.bin secret2.bin
xxd secret1.bin
xxd secret2.bin
```
secret1.bin and secret2.bin should be the same.

7. SM2
```
openssl speed -elapsed -engine uadk_engine sm2
openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2
openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
```
8. ECDSA
```
openssl speed -elapsed -engine uadk_engine ecdsap256
openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256
```

Environment variable of uadk engine
===================================
Introduction
------------
Through the environment variable function, users can configure the number of
queue resources that can be applied by different algorithms by setting the
algorithm switch in the openssl.cnf file.

Usage
-----
1. Firstly, modify the openssl.cnf file, add the following settings at the beginning of this file:

```
openssl_cnf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
uadk_engine = uadk_section
[uadk_section]
UADK_CMD_ENABLE_RSA_ENV = 1
UADK_CMD_ENABLE_DH_ENV = 1
UADK_CMD_ENABLE_CIPHER_ENV = 1
UADK_CMD_ENABLE_DIGEST_ENV = 1
UADK_CMD_ENABLE_ECC_ENV = 1
```
Note: * The number 1 for enable environment variable, and 0 for disable environment variable.
      * By default, you can find openssl.cnf file under /usr/local/ssl/ path.

2. Secondly, use "export" command to set queue number.
For example,
```
export WD_RSA_CTX_NUM="sync:2@0,async:4@0"
export WD_DH_CTX_NUM="sync:2@0,async:4@0"
export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2"
export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2"
export WD_ECC_CTX_NUM="sync:2@0,async:4@0"
```
Note: * You can write these commands into ~/.bashrc file and source it, or just
      input temporarily.
      * "sync" indicates synchronous mode, "async" indicates asynchronous mode.
      * "sync:2@0" means request 2 queues on numa-0 node, under synchronous mode.
      * "async:2@0" means request 2 queues on numa-0 node, under asynchronous mode.
      * If you do not perform the second step, the engine will use the default
      setting:"sync:2@0, async:2@0" to request queues from hardware.

About

OpenSSL engine for uadk.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 98.6%
  • Other 1.4%