Concepts
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a secure transmission protocol over a computer network. On a computer network, HTTPS uses HTTP for communication and uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to encrypt data packets to be transferred. The asymmetric encryption algorithm is much less efficient than the symmetric encryption algorithm. Therefore, the asymmetric encryption algorithm is used only in the SSL/TLS handshakes of HTTPS rather than in the entire HTTPS interaction process. The RSA2048 algorithm is the most commonly used asymmetric data encryption algorithm in SSL/TLS handshakes. It uses general-purpose CPUs, the computing efficiency of which is low. The computing overhead of a physical core of an x86 CPU is about 650 operations per second. The processing capability of an x86 high-end server is lower than 20,000 operations per second. The CPU performance is the bottleneck. Generally, hardware acceleration is widely used in the industry to offload the encryption algorithm processing to improve the performance of a single server to 80,000 to 100,000 operations per second.
Kunpeng 920 Processor
The Kunpeng 920 processor is a high-performance data center processor launched by Huawei in January 2019. It is developed and designed by Huawei to meet the requirements of diversified computing and green computing in data centers. The Kunpeng 920 processor is compatible with the ARM-based architecture and is manufactured using the 7 nm process. It supports 32, 48, or 64 cores with a clock speed of 2.6 GHz and supports 8-channel DDR4 memory,
KAE
The KAE provides a hardware acceleration solution for Kunpeng servers powered by Kunpeng 920 processors. The acceleration engine supports compression and decompression, symmetric encryption and asymmetric encryption, and digital signature algorithms. It is ideal for accelerating SSL/TLS applications and data compression and can significantly reduce processor workload and improve processor efficiency. In addition, the KAE shields the internal processing details from the application layer. Users can quickly migrate services by using the standard OpenSSL and zlib interfaces. Currently, the KAE supports the following algorithms:
- Digest algorithms SM3 and MD5, supporting asynchronous models.
- Symmetric encryption algorithm SM4, supporting asynchronous models and CTR, XTS, CBC, EBC, and OFB modes.
- Symmetric encryption algorithm AES, supporting asynchronous models and ECB, CTR, XTS, and CBC modes.
- Asymmetric algorithm RSA, supporting asynchronous models and key sizes 1024, 2048, 3072, and 4096.
Key negotiation algorithm DH, supporting asynchronous models and key sizes 768, 1024, 1536, 2048, 3072, and 4096.- Compression and decompression algorithms, supporting zlib and gzip formats.
The KAE improves application performance in different scenarios. For example, in web service applications, the KAE accelerates handshake connections by using the RSA algorithm; in smart security applications, the KAE accelerates the SM4 symmetric encryption and decryption algorithm to accelerate video stream data storage; in distributed storage applications, the zlib acceleration library accelerates data compression and decompression.
Nginx
Nginx is a lightweight web server that can act as a web server, reverse proxy, or mail (IMAP/POP3) proxy. It provides high level concurrency with a low memory footprint. Nginx supports FastCGI,
Tengine
Tengine is a web server project initiated by Taobao, an e-commerce website in China. Tengine provides many advanced functions and features based on Nginx to meet the requirements of websites with large access traffic. It aims to build an efficient, secure web platform.
Tengine supports RSA encryption and decryption in asynchronous mode and adapts to the asynchronous mode of RSA acceleration of the KAE.