forked from Linaro/uadk_engine
-
Notifications
You must be signed in to change notification settings - Fork 0
OpenSSL engine for uadk.
License
Liulongfang/uadk_engine
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
OpenSSL engine for uadk
=================
- [Prerequisites](#prerequisites)
- [Installation Instruction](#installation-instruction)
- [Build & Install OpenSSL](#build-&-install-openssl)
- [Build & Install UADK](#build-&-install-uadk)
- [Build & Install OpenSSL UADK engine](#build-&-install-openssl-uadk-engine)
- [Testing](#testing)
Prerequisites
=============
* CPU: aarch64
* OpenSSL: 1.1.1f
* libnuma
* zlib
Installation Instruction
========================
Build & Install OpenSSL
-----------------------
```
git clone https://github.com/openssl/openssl.git
cd openssl
git checkout -b OpenSSL_1_1_1f OpenSSL_1_1_1f
./config -Wl,-rpath=/usr/local/lib
make
make test
sudo make install
openssl version
```
Build & Install UADK
--------------------
```
git clone https://github.com/Linaro/uadk.git
cd uadk
./cleanup.sh
./autogen.sh
./conf.sh
make
sudo make install
```
* If get error:"cannot find -lnuma", please install the libnuma-dev
* If get error:"fatal error: zlib.h: No such file or directory", please install zlib.
Build & Install OpenSSL UADK Engine
-----------------------------------
```
git clone https://github.com/Linaro/openssl-uadk.git
cd openssl-uadk
autoreconf -i
./configure --libdir=/usr/local/lib/engines-1.1/ --enable-kae
make
sudo make install
Option --enable-kae can be chosen to enable KAE for non-sva version
```
Testing
-------
```
sudo test/sanity_test.sh
```
1. Cipher
```
openssl enc -aes-128-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-128-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-128-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-128-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-128-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-128-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-192-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-ctr -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -aes-256-ctr -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -sm4-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -sm4-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -sm4-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -sm4-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -des-ede3-cbc -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -des-ede3-cbc -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -des-ede3-ecb -a -in data -out data.en -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl enc -des-ede3-ecb -a -d -in data.en -out data.de -pass pass:123456 -K abc -iv abc -engine uadk -p
openssl speed -engine uadk -async_jobs 1 -evp aes-128-cbc
openssl speed -engine uadk -async_jobs 1 -evp sm4-cbc
openssl speed -engine uadk -async_jobs 1 -evp des-ede3-cbc
```
2. RSA
```
openssl genrsa -out prikey.pem -engine uadk 2048
openssl rsa -in prikey.pem -pubout -out pubkey.pem -engine uadk
openssl rsautl -encrypt -in plain.txt -inkey pubkey.pem -pubin -out enc.txt -engine uadk
openssl rsautl -decrypt -in enc.txt -inkey prikey.pem -out dec.txt -engine uadk
openssl rsautl -sign -in msg.txt -inkey prikey.pem -out signed.txt -engine uadk
openssl rsautl -verify -in signed.txt -inkey pubkey.pem -pubin -out verified.txt -engine uadk
openssl speed -elapsed -engine uadk rsa2048
openssl speed -elapsed -engine uadk -async_jobs 10 rsa2048
```
3. SM3
```
openssl sm3 -engine uadk data
```
4. MD5
```
openssl speed -engine uadk -async_jobs 1 -evp md5
```
5. SHA
```
openssl sha1 -engine uadk data
openssl sha256 -engine uadk data
openssl sha512 -engine uadk data
```
6. DH
[step 1] Generate global public parameters, and save them in the file
dhparam.pem:
```
openssl dhparam -out dhparam.pem 2048
```
[step 2] Generate own private key:
```
openssl genpkey -paramfile dhparam.pem -out privatekey1.pem
openssl genpkey -paramfile dhparam.pem -out privatekey2.pem
```
[step 3] Generate public key:
```
openssl pkey -in privatekey1.pem -pubout -out publickey1.pem -engine uadk
openssl pkey -in privatekey2.pem -pubout -out publickey2.pem -engine uadk
```
[step 4] After exchanging public key, each user can derive the shared secret:
```
openssl pkeyutl -derive -inkey privatekey1.pem -peerkey publickey2.pem -out
secret1.bin -engine uadk
openssl pkeyutl -derive -inkey privatekey2.pem -peerkey publickey1.pem -out
secret2.bin -engine uadk
```
[step 5] Check secret1.bin and secret2.bin:
```
cmp secret1.bin secret2.bin
xxd secret1.bin
xxd secret2.bin
```
secret1.bin and secret2.bin should be the same.
7. SM2
```
openssl speed -elapsed -engine uadk sm2
openssl speed -elapsed -engine uadk -async_jobs 1 sm2
openssl ecparam -genkey -name SM2 -out SM2PrivateKey.pem
openssl ec -in SM2PrivateKey.pem -pubout -out SM2PublicKey.pem
```
8. ECDSA
```
openssl speed -elapsed -engine uadk ecdsap256
openssl speed -elapsed -engine uadk -async_jobs 1 ecdsap256
```
Environment variable of uadk engine
===================================
Introduction
------------
Through the environment variable function, users can configure the number of
queue resources that can be applied by different algorithms by setting the
algorithm switch in the openssl.cnf file.
Usage
-----
1. Firstly, modify the openssl.cnf file, add the following settings at the beginning of this file:
```
openssl_cnf = openssl_def
[openssl_def]
engines = engine_section
[engine_section]
uadk = uadk_section
[uadk_section]
UADK_CMD_ENABLE_RSA_ENV = 1
UADK_CMD_ENABLE_DH_ENV = 1
UADK_CMD_ENABLE_CIPHER_ENV = 1
UADK_CMD_ENABLE_DIGEST_ENV = 1
UADK_CMD_ENABLE_ECC_ENV = 1
```
Note: * The number 1 for enable environment variable, and 0 for disable environment variable.
* By default, you can find openssl.cnf file under /usr/local/ssl/ path.
2. Secondly, use "export" command to set queue number.
For example,
```
export WD_RSA_CTX_NUM="sync:2@0,async:4@0"
export WD_DH_CTX_NUM="sync:2@0,async:4@0"
export WD_CIPHER_CTX_NUM="sync:2@2,async:4@2"
export WD_DIGEST_CTX_NUM="sync:2@2,async:4@2"
export WD_ECC_CTX_NUM="sync:2@0,async:4@0"
```
Note: * You can write these commands into ~/.bashrc file and source it, or just
input temporarily.
* "sync" indicates synchronous mode, "async" indicates asynchronous mode.
* "sync:2@0" means request 2 queues on numa-0 node, under synchronous mode.
* "async:2@0" means request 2 queues on numa-0 node, under asynchronous mode.
* If you do not perform the second step, the engine will use the default
setting:"sync:2@0, async:2@0" to request queues from hardware.
About
OpenSSL engine for uadk.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- C 98.6%
- Other 1.4%