forked from Linaro/uadk_engine
-
Notifications
You must be signed in to change notification settings - Fork 0
OpenSSL engine for uadk.
License
hzhuang1/uadk_engine
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
OpenSSL engine for uadk ================= - [Prerequisites](#prerequisites) - [Installation Instruction](#installation-instruction) - [Build & Install OpenSSL](#build-&-install-openssl) - [Build & Install UADK](#build-&-install-uadk) - [Build & Install OpenSSL UADK engine](#build-&-install-openssl-uadk-engine) - [Testing](#testing) Prerequisites ============= * CPU: aarch64 * OpenSSL: 1.1.1f * libnuma * zlib Installation Instruction ======================== Build & Install OpenSSL ----------------------- ``` git clone https://github.com/openssl/openssl.git cd openssl git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f ./config -Wl,-rpath=/usr/local/lib make make test sudo make install openssl version ``` Build & Install UADK -------------------- ``` git clone https://github.com/Linaro/uadk.git cd uadk ./cleanup.sh ./autogen.sh ./conf.sh make sudo make install ``` * If get error:"cannot find -lnuma", please install the libnuma-dev * If get error:"fatal error: zlib.h: No such file or directory", please install zlib. Build & Install OpenSSL UADK Engine ----------------------------------- ``` git clone https://github.com/Linaro/openssl-uadk.git cd openssl-uadk autoreconf -i ./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae make sudo make install Option --enable-kae can be chosen to enable KAE for non-sva version ``` Testing ------- ``` sudo test/sanity_test.sh ``` 1. Cipher ``` openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk_engine -p openssl speed -engine uadk_engine -async_jobs 1 -evp aes-128-cbc openssl speed -engine uadk_engine -async_jobs 1 -evp sm4-cbc openssl speed -engine uadk_engine -async_jobs 1 -evp des-ede3-cbc ``` 2. RSA ``` openssl genrsa -out prikey.pem -engine uadk_engine 2048 openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk_engine openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk_engine openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk_engine openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk_engine openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk_engine openssl speed -elapsed -engine uadk_engine rsa2048 openssl speed -elapsed -engine uadk_engine -async_jobs 10 rsa2048 ``` 3. SM3 ``` openssl sm3 -engine uadk_engine data ``` 4. MD5 ``` openssl speed -engine uadk_engine -async_jobs 1 -evp md5 ``` 5. SHA ``` openssl sha1 -engine uadk_engine data openssl sha256 -engine uadk_engine data openssl sha512 -engine uadk_engine data ``` 6. DH [step 1] Generate global public parameters, and save them in the file dhparam.pem: ``` openssl dhparam -out dhparam.pem 2048 ``` [step 2] Generate own private key: ``` openssl genpkey -paramfile dhparam.pem -out privatekey1.pem openssl genpkey -paramfile dhparam.pem -out privatekey2.pem ``` [step 3] Generate public key: ``` openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk ``` [step 4] After exchanging public key, each user can derive the shared secret: ``` openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out secret1.bin -engine uadk_engine openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out secret2.bin -engine uadk_engine ``` [step 5] Check secret1.bin and secret2.bin: ``` cmp secret1.bin secret2.bin xxd secret1.bin xxd secret2.bin ``` secret1.bin and secret2.bin should be the same. 7. SM2 ``` openssl speed -elapsed -engine uadk_engine sm2 openssl speed -elapsed -engine uadk_engine -async_jobs 1 sm2 openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem ``` 8. ECDSA ``` openssl speed -elapsed -engine uadk_engine ecdsap256 openssl speed -elapsed -engine uadk_engine -async_jobs 1 ecdsap256 ``` Environment variable of uadk engine =================================== Introduction ------------ Through the environment variable function, users can configure the number of queue resources that can be applied by different algorithms by setting the algorithm switch in the openssl.cnf file. Usage ----- 1. Firstly, modify the openssl.cnf file, add the following settings at the beginning of this file: ``` openssl_cnf = openssl_def [openssl_def] engines = engine_section [engine_section] uadk_engine = uadk_section [uadk_section] UADK_CMD_ENABLE_RSA_ENV = 1 UADK_CMD_ENABLE_DH_ENV = 1 UADK_CMD_ENABLE_CIPHER_ENV = 1 UADK_CMD_ENABLE_DIGEST_ENV = 1 UADK_CMD_ENABLE_ECC_ENV = 1 ``` Note: * The number 1 for enable environment variable, and 0 for disable environment variable. * By default, you can find openssl.cnf file under /usr/local/ssl/ path. 2. Secondly, use "export" command to set queue number. For example, ``` export WD_RSA_CTX_NUM="sync:2@0,async:4@0" export WD_DH_CTX_NUM="sync:2@0,async:4@0" export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2" export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2" export WD_ECC_CTX_NUM="sync:2@0,async:4@0" ``` Note: * You can write these commands into ~/.bashrc file and source it, or just input temporarily. * "sync" indicates synchronous mode, "async" indicates asynchronous mode. * "sync:2@0" means request 2 queues on numa-0 node, under synchronous mode. * "async:2@0" means request 2 queues on numa-0 node, under asynchronous mode. * If you do not perform the second step, the engine will use the default setting:"sync:2@0, async:2@0" to request queues from hardware.
About
OpenSSL engine for uadk.
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- C 98.6%
- Other 1.4%