Using KAE Through the OpenSSL/Tongsuo Configuration File

To use the OpenSSL configuration file to invoke KAE, you need to add KAE-related configuration parameters to the openssl.cnf configuration file. Using KAE in configuration file mode enables user applications to use the accelerator function with just a few modifications.

The initialization API needs to be called only once.

OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); // Load and initialize the configuration file.

If Tongsuo is used for encryption and decryption, the configuration method is the same as that of OpenSSL.

If the openssl req -new -x509 command is used to generate a certificate, configure the openssl.cnf file by referring to Method 2 in What Should I Do If Certificates Fail to Be Generated After Running openssl req -new -x509?

Add the following configuration information to openssl.cnf:

openssl_conf=openssl_def
[openssl_def]
engines=engine_section
[engine_section]
kae=kae_section
[kae_section]
engine_id=kae
# For OpenSSL 1.1.1x, use the following path:
dynamic_path=/usr/local/lib/engines-1.1/kae.so
# For OpenSSL 3.0.x, use the following path:
#dynamic_path=/usr/local/lib/engines-3.0/kae.so
KAE_CMD_ENABLE_ASYNC=1
KAE_CMD_ENABLE_SM3=1
KAE_CMD_ENABLE_SM4=1
default_algorithms=ALL
init=1

KAE_CMD_ENABLE_ASYNC is optional. The value 0 indicates that the asynchronization function is disabled, and the value 1 indicates that the asynchronization function is enabled. By default, the asynchronization function is enabled.
KAE_CMD_ENABLE_SM3 is optional. The value 0 indicates that the SM3 acceleration function is disabled, and the value 1 indicates that the SM3 acceleration function is enabled. By default, the SM3 acceleration function is enabled.
KAE_CMD_ENABLE_SM4 is optional. The value 0 indicates that the SM4 acceleration function is disabled, and the value 1 indicates that the SM4 acceleration function is enabled. By default, the SM4 acceleration function is enabled.
default_algorithms=ALL indicates that all algorithms preferentially search for the KAE. If the engine does not support the algorithm, switch to OpenSSL for computing.

Export the OPENSSL_CONF environment variable.

export OPENSSL_CONF=/home/app/openssl.cnf #Path for storing the openssl.cnf file

The following is an example of using the OpenSSL configuration file:

#include <stdio.h> 
#include <stdlib.h> 

/* OpenSSL headers */ 
#include <openssl/bio.h> 
#include <openssl/err.h> 
#include <openssl/engine.h> 
int main(int argc, char **argv) 
{ 
    /* Initializing OpenSSL */  

    ERR_load_BIO_strings(); 
    /* Load openssl configure */
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
    ENGINE *e = ENGINE_by_id("kae");
    /*Specify the KAE for RSA-based encryption and decryption. If ENGINE_set_default_RSA(ENGINE *e) is used during initialization, e does not need to be transferred.*/
    RSA *rsa = RSA_new_method(e);
    /*The user code*/ 
    ...

    ENGINE_free(e);

}

Parent topic: Application Scenarios of KAE