Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Overview

Kunpeng Accelerator Engine (KAE) is a hardware acceleration solution based on Kunpeng 920 series processors. It includes KAE encryption and decryption as well as KAEzip. This document describes KAE encryption and description, its installation and test procedures, as well as use cases.

KAE encryption and decryption and KAEzip are used to accelerate SSL/TLS applications and data compression, respectively. They can significantly reduce processor consumption and improve processor efficiency. In addition, KAE shields the internal processing details from the application layer. You can quickly migrate services by using the standard OpenSSL, zstd, LZ4, and zlib interfaces.

KAE Version Description

KAE is an accelerator developed based on the Kunpeng 920 processor. It uses two driver frameworks: Warpdriver (WD) and User Space Accelerator Development Kit (UADK). It has two sets of code for different kernel versions: KAE 1.0 and KAE 2.0. Table 1 describes the differences.

Table 1 Differences between two KAE code branches

Code Branch

KAE 1.0

KAE 2.0

Supported Kernel Version

4.19

5.10

Corresponding KAE Version

1.x.x

2.x.x

Modules Contained in the Source Code

Kernel driver, user-mode driver, OpenSSL-based KAE, and zlib library

KAE kernel driver, UADK framework, KAEOpensslEngine, KAEZstd, KAELz4, and KAEZlib

KAE Encryption and Decryption

The KAE encryption and decryption module uses the Kunpeng hardware acceleration engine to implement the RSA, SM2, SM3, SM4, DH, MD5, and AES algorithms. It provides high-performance symmetric and asymmetric encryption and decryption based on the lossless user-mode driver framework. It is compatible with OpenSSL 1.1.1x, OpenSSL 3.0.x, and Tongsuo 8.4.0, and supports synchronous and asynchronous mechanisms.

  • OpenSSL 1.1.1x supports the following algorithms:
    • Digest algorithms SM3 and MD5, supporting asynchronous models
    • Symmetric encryption algorithm SM4, supporting asynchronous models and CTR, XTS, CBC, ECB, and OFB modes
    • Symmetric encryption algorithm AES, supporting asynchronous models and ECB, CTR, XTS, OFB, CFB, and CBC modes
    • Asymmetric algorithm RSA, supporting asynchronous models and key sizes 1024, 2048, 3072, and 4096
    • Asymmetric algorithm SM2, supporting the asynchronous mode
    • Key negotiation algorithm DH, supporting asynchronous models and key sizes 768, 1024, 1536, 2048, 3072, and 4096.
  • OpenSSL 3.0.x offers encryption and decryption algorithm implementations through the engine mechanism and supports the SM3, MD5, SM4, AES, and RSA algorithms.
  • Tongsuo 8.4.0 offers encryption and decryption algorithm implementations through the engine mechanism and supports the SM3, SM4, AES, and RSA algorithms.
  • Only OpenSSL 1.1.1x supports the asymmetric algorithm SM2 and key negotiation algorithm DH.
  • The provider mechanism and later OpenSSL versions are not supported.
  • For details about the operations and applications of KAE encryption and decryption, see the following sections.
  • Tongsuo is an encryption and decryption library derived from OpenSSL. Its interfaces and usage comply with OpenSSL.