├── .github └── dependabot.yml ├── .gitignore ├── .gitmodules ├── LICENSE ├── LICENSE.BORINGSSL ├── LICENSE.OPENSSL ├── LICENSE.PLOCK ├── Makefile.am ├── README.md ├── SECURITY.md ├── atomic-ops.h ├── autogen.sh ├── configure.ac ├── dockerfiles ├── README.md ├── haproxy │ ├── Dockerfile │ └── haproxy.cfg └── qat_crypto_base │ └── Dockerfile ├── docs ├── apps.md ├── async_job.md ├── bssl_support.md ├── config_options.md ├── engine_specific_messages.md ├── features.md ├── hardware_requirements.md ├── images │ ├── async.png │ ├── qat_coex.png │ └── qat_engine.png ├── install.md ├── legal.md ├── licensing.md ├── limitations.md ├── openssl_config.md ├── qat_coex.md ├── qat_common.md ├── qat_hw.md ├── qat_hw_algo.md ├── qat_hw_kpt.md ├── qat_sw.md ├── software_requirements.md └── troubleshooting.md ├── driver_install.sh ├── e_qat.c ├── e_qat.h ├── fips ├── driver_install.sh └── qatprovider-fips.spec ├── fips_install.sh ├── intkat.sh ├── kpt ├── apps │ ├── kpt_dev_pp.c │ ├── kpt_dev_pp.h │ ├── kpt_ecc_key.c │ ├── kpt_key.h │ ├── kpt_rsa_key.c │ ├── kpt_swk.c │ ├── kpt_swk.h │ └── main.c └── lib │ ├── KPT_Library.PNG │ ├── README.md │ ├── kpt.c │ ├── kpt.h │ └── kpt_utils.h ├── plock.c ├── plock.h ├── qae_mem_utils.h ├── qat.ec ├── qat.txt ├── qat_bssl.c ├── qat_bssl.h ├── qat_bssl_err.c ├── qat_bssl_err.h ├── qat_common.h ├── qat_constant_time.h ├── qat_err.c ├── qat_err.h ├── qat_events.c ├── qat_events.h ├── qat_evp.c ├── qat_evp.h ├── qat_fips.c ├── qat_fips.h ├── qat_fork.c ├── qat_fork.h ├── qat_hw_asym_common.c ├── qat_hw_asym_common.h ├── qat_hw_callback.c ├── qat_hw_callback.h ├── qat_hw_ccm.c ├── qat_hw_ccm.h ├── qat_hw_chachapoly.c ├── qat_hw_chachapoly.h ├── qat_hw_ciphers.c ├── qat_hw_ciphers.h ├── qat_hw_config ├── 200xx │ ├── multi_process │ │ └── 200xx_dev0.conf │ └── multi_thread │ │ └── 200xx_dev0.conf ├── 4xxx │ ├── multi_process │ │ └── 4xxx_dev0.conf │ └── multi_thread │ │ └── 4xxx_dev0.conf ├── LICENSE.GPL ├── c3xxx │ ├── multi_process │ │ └── c3xxx_dev0.conf │ └── multi_thread │ │ └── c3xxx_dev0.conf ├── c4xxx │ ├── multi_process │ │ └── c4xxx_dev0.conf │ └── multi_thread │ │ └── c4xxx_dev0.conf ├── c6xx │ ├── multi_process │ │ └── c6xx_dev0.conf │ └── multi_thread │ │ └── c6xx_dev0.conf └── dh895xcc │ ├── multi_process │ └── dh895xcc_dev0.conf │ └── multi_thread │ └── dh895xcc_dev0.conf ├── qat_hw_dh.c ├── qat_hw_dh.h ├── qat_hw_dsa.c ├── qat_hw_dsa.h ├── qat_hw_ec.c ├── qat_hw_ec.h ├── qat_hw_ecx.c ├── qat_hw_gcm.c ├── qat_hw_gcm.h ├── qat_hw_hkdf.c ├── qat_hw_hkdf.h ├── qat_hw_init.c ├── qat_hw_kpt.c ├── qat_hw_kpt.h ├── qat_hw_polling.c ├── qat_hw_polling.h ├── qat_hw_prf.c ├── qat_hw_prf.h ├── qat_hw_rsa.c ├── qat_hw_rsa.h ├── qat_hw_sha3.c ├── qat_hw_sha3.h ├── qat_hw_sm2.c ├── qat_hw_sm2.h ├── qat_hw_sm3.c ├── qat_hw_sm3.h ├── qat_hw_sm4_cbc.c ├── qat_hw_sm4_cbc.h ├── qat_hw_usdm_inf.c ├── qat_hw_usdm_inf.h ├── qat_prov_aes_ccm.c ├── qat_prov_aes_ccm.h ├── qat_prov_bio.c ├── qat_prov_bio.h ├── qat_prov_capabilities.c ├── qat_prov_cbc.c ├── qat_prov_cbc.h ├── qat_prov_chachapoly.c ├── qat_prov_chachapoly.h ├── qat_prov_ciphers.c ├── qat_prov_ciphers.h ├── qat_prov_cmvp.c ├── qat_prov_cmvp.h ├── qat_prov_dh.c ├── qat_prov_dh.h ├── qat_prov_dsa.c ├── qat_prov_dsa.h ├── qat_prov_ec.h ├── qat_prov_ecdh.c ├── qat_prov_ecdsa.c ├── qat_prov_ecx.h ├── qat_prov_exch_ecx.c ├── qat_prov_hkdf.c ├── qat_prov_hkdf.h ├── qat_prov_hkdf_packet.c ├── qat_prov_hkdf_packet.h ├── qat_prov_init.c ├── qat_prov_kmgmt_dh.c ├── qat_prov_kmgmt_dsa.c ├── qat_prov_kmgmt_ec.c ├── qat_prov_kmgmt_ecx.c ├── qat_prov_kmgmt_rsa.c ├── qat_prov_prf.c ├── qat_prov_prf.h ├── qat_prov_rsa.c ├── qat_prov_rsa.h ├── qat_prov_rsa_enc_dec.c ├── qat_prov_sha2.c ├── qat_prov_sha3.c ├── qat_prov_sign_rsa.c ├── qat_prov_sign_sm2.c ├── qat_prov_sign_sm2.h ├── qat_prov_sm3.c ├── qat_prov_sm4_cbc.c ├── qat_prov_sm4_cbc.h ├── qat_prov_sm4_ccm.c ├── qat_prov_sm4_ccm.h ├── qat_prov_sm4_gcm.c ├── qat_prov_sm4_gcm.h ├── qat_provider.cnf ├── qat_provider.h ├── qat_self_test_data.inc ├── qat_self_test_kats.c ├── qat_self_test_tls_prf.c ├── qat_sw_ec.c ├── qat_sw_ec.h ├── qat_sw_ecx.c ├── qat_sw_ecx.h ├── qat_sw_freelist.c ├── qat_sw_freelist.h ├── qat_sw_gcm.c ├── qat_sw_gcm.h ├── qat_sw_init.c ├── qat_sw_ipsec_inf.c ├── qat_sw_polling.c ├── qat_sw_polling.h ├── qat_sw_queue.c ├── qat_sw_queue.h ├── qat_sw_request.h ├── qat_sw_rsa.c ├── qat_sw_rsa.h ├── qat_sw_sha2.c ├── qat_sw_sha2.h ├── qat_sw_sm2.c ├── qat_sw_sm2.h ├── qat_sw_sm3.c ├── qat_sw_sm3.h ├── qat_sw_sm4_cbc.c ├── qat_sw_sm4_cbc.h ├── qat_sw_sm4_ccm.c ├── qat_sw_sm4_ccm.h ├── qat_sw_sm4_gcm.c ├── qat_sw_sm4_gcm.h ├── qat_utils.c ├── qat_utils.h ├── qatengine-oot.spec ├── qatengine.spec ├── test.am ├── test ├── main.c ├── tests.c ├── tests.h ├── tests_aes128_ccm.c ├── tests_aes128_gcm.c ├── tests_aes192_ccm.c ├── tests_aes256_ccm.c ├── tests_aes256_gcm.c ├── tests_aes_cbc_hmac_sha.c ├── tests_chacha20_poly1305.c ├── tests_dh.c ├── tests_dsa.c ├── tests_ecdh.c ├── tests_ecdsa.c ├── tests_ecx.c ├── tests_hkdf.c ├── tests_prf.c ├── tests_rsa.c ├── tests_sha2.c ├── tests_sha3.c ├── tests_sm2.c ├── tests_sm3.c ├── tests_sm4_cbc.c ├── tests_sm4_ccm.c └── tests_sm4_gcm.c ├── test_bssl ├── main.c ├── test_bssl_ecdsa.c ├── test_bssl_ecdsa.h ├── test_bssl_rsa.c ├── test_bssl_rsa.h ├── test_bssl_utils.c └── test_bssl_utils.h └── testapp.sh /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "github-actions" # See documentation for possible values 9 | directory: "/" # Location of package manifests 10 | schedule: 11 | interval: "weekly" 12 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Object files 2 | *.o 3 | *.obj 4 | *.ko 5 | *.lo 6 | *.m4 7 | *.d 8 | 9 | # Editor artefacts 10 | *.swp 11 | *.bak 12 | .#* 13 | \#*# 14 | *~ 15 | tags 16 | TAGS 17 | cscope.out 18 | /.dir-locals.el 19 | testapp.log 20 | QAT_HW.tar.gz 21 | QAT_HW/ 22 | 23 | # Top level and qat_contig_mem excludes 24 | *.mod* 25 | *.cmd 26 | *.symvers 27 | *.order 28 | *.old 29 | *.tmp_versions 30 | qat_contig_mem_test 31 | 32 | # Shared objects 33 | *.so* 34 | *.so.* 35 | *.dylib* 36 | *.dll* 37 | *.exe 38 | *.lib 39 | *.la 40 | testapp 41 | qatengine_test 42 | kpttool 43 | 44 | # Autotools generated files 45 | *.deps 46 | *.dirstamp 47 | *.libs 48 | /m4 49 | /aclocal.m4 50 | /autom4te.cache/ 51 | /config.log 52 | /Makefile 53 | /Makefile.in 54 | /Makefile.save 55 | /config.h 56 | /config.h.in 57 | /config.status 58 | /config.guess 59 | /config.sub 60 | /configure 61 | /install-sh 62 | /missing 63 | /libtool 64 | /stamp-h1 65 | /ar-lib 66 | /compile 67 | /depcomp 68 | /ltmain.sh 69 | /rpmbuild 70 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "openssl"] 2 | path = openssl 3 | url = https://github.com/openssl/openssl.git 4 | [submodule "intel-ipsec-mb"] 5 | path = intel-ipsec-mb 6 | url = https://github.com/intel/intel-ipsec-mb.git 7 | [submodule "cryptography-primitives"] 8 | path = cryptography-primitives 9 | url = https://github.com/intel/cryptography-primitives 10 | [submodule "haproxy"] 11 | path = dockerfiles/haproxy/haproxy 12 | url = https://github.com/haproxy/haproxy 13 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD-3-Clause License 2 | 3 | Copyright(c) 2016-2025 Intel Corporation. 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions 8 | are met: 9 | 10 | * Redistributions of source code must retain the above copyright 11 | notice, this list of conditions and the following disclaimer. 12 | * Redistributions in binary form must reproduce the above copyright 13 | notice, this list of conditions and the following disclaimer in 14 | the documentation and/or other materials provided with the 15 | distribution. 16 | * Neither the name of Intel Corporation nor the names of its 17 | contributors may be used to endorse or promote products derived 18 | from this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 23 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 24 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 25 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 26 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 30 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 | -------------------------------------------------------------------------------- /LICENSE.PLOCK: -------------------------------------------------------------------------------- 1 | /* plock - progressive locks 2 | * 3 | * Copyright (C) 2012-2025 Willy Tarreau 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining 6 | * a copy of this software and associated documentation files (the 7 | * "Software"), to deal in the Software without restriction, including 8 | * without limitation the rights to use, copy, modify, merge, publish, 9 | * distribute, sublicense, and/or sell copies of the Software, and to 10 | * permit persons to whom the Software is furnished to do so, subject to 11 | * the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be 14 | * included in all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 18 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 20 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 21 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 22 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 23 | * OTHER DEALINGS IN THE SOFTWARE. 24 | */ -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | Intel® is committed to rapidly addressing security vulnerabilities 3 | affecting our customers and providing clear guidance on the solution, 4 | impact, severity and mitigation. 5 | 6 | ## Reporting a Vulnerability 7 | Please report any security vulnerabilities in this project utilizing 8 | the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html). 9 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ ! -d "m4" ] 4 | then 5 | mkdir m4 6 | fi 7 | 8 | autoreconf -ivf 9 | 10 | chmod +x configure 11 | -------------------------------------------------------------------------------- /dockerfiles/README.md: -------------------------------------------------------------------------------- 1 | # Intel® QuickAssist Technology(QAT) OpenSSL\* Engine Container support 2 | 3 | Supports below Dockerfiles which can be built into docker images on the platforms 4 | with [Intel® QuickAssist 4xxx Series](https://www.intel.com/content/www/us/en/products/details/processors/xeon/scalable.html) 5 | QAT device. 6 | 7 | * [QAT crypto base](#qat-crypto-base) 8 | * [HAproxy with QAT crypto base](#haproxy-with-qat-crypto-base) 9 | 10 | ## QAT crypto base 11 | This Dockerfile(qat_crypto_base/Dockerfile) with qatengine is built on top of latest OpenSSL, QAT_HW(qatlib intree driver) 12 | and QAT_SW with software versions mentioned in [software_requirements](../docs/software_requirements.md) section. 13 | This contains QAT_HW and QAT_SW co-existence build and works as defined in [co-existence section](../docs/qat_coex.md#qat_hw-and-qat_sw-co-existence) 14 | 15 | ## Haproxy with QAT crypto base 16 | This Dockerfile(haproxy/Dockerfile) is built with Haproxy release version v2.8.0 along 17 | with QAT crypto base mentioned above. Sample Haproxy configuration file is located at `haproxy/haproxy.cfg` 18 | which can be modified as per the required use case and to be mounted from the host to the container using 19 | `-v /usr/local/etc/haproxy/haproxy.cfg`. 20 | 21 | ## Docker setup and testing 22 | 23 | Refer [here](https://intel.github.io/quickassist/AppNotes/Containers/setup.html) 24 | for setting up the host for QAT_HW (qatlib intree) if the platform has QAT 4xxx Hardware 25 | device. Stop QAT service if any running on the host. 26 | 27 | ### QAT_HW settings 28 | Follow the below steps to enable required service. The service can be asym only, sym only or both 29 | in step 2 depending on the particular use case. Configure the required service only to get best performance. 30 | 31 | 1. Bring down the QAT devices 32 | ``` 33 | for i in `lspci -D -d :4940| awk '{print $1}'`; do echo down > /sys/bus/pci/devices/$i/qat/state;done 34 | ``` 35 | 36 | 2. Set up the required crypto service(s) 37 | ``` 38 | for i in `lspci -D -d :4940| awk '{print $1}'`; do echo “sym;asym“ > /sys/bus/pci/devices/$i/qat/cfg_services;done 39 | ``` 40 | 41 | 3. Bring up the QAT devices 42 | ``` 43 | for i in `lspci -D -d :4940| awk '{print $1}'`; do echo up> /sys/bus/pci/devices/$i/qat/state;done 44 | ``` 45 | 46 | 4. Check the status of the QAT devices 47 | ``` 48 | for i in `lspci -D -d :4940| awk '{print $1}'`; do cat /sys/bus/pci/devices/$i/qat/state;done 49 | ``` 50 | 51 | 5. Enable VF for the PF in the host 52 | ``` 53 | for i in `lspci -D -d :4940| awk '{print $1}'`; do echo 16|sudo tee /sys/bus/pci/devices/$i/sriov_numvfs; done 54 | ``` 55 | 56 | 6. Add QAT group and Permission to the VF devices in the host 57 | ``` 58 | chown root:qat /dev/vfio/* 59 | chmod 660 /dev/vfio/* 60 | ``` 61 | 62 | ### Image creation 63 | 64 | Docker images can be built using the below command with appropriate image name. 65 | 66 | ``` 67 | docker build --build-arg GID=$(getent group qat | cut -d ':' -f 3) -t --no-cache 68 | ``` 69 | Note: GID is the group id of qat group in the host. 70 | 71 | ### Testing QAT Crypto base using OpenSSL\* speed utility 72 | 73 | ``` 74 | docker run -it --cap-add=IPC_LOCK --security-opt seccomp=unconfined --security-opt apparmor=unconfined $(for i in `ls /dev/vfio/*`; do echo --device $i; done) --cpuset-cpus <2-n+1> --env QAT_POLICY=1 --ulimit memlock=524288000:524288000 < docker_image_name> openssl speed -engine qatengine -elapsed -async_jobs 72 -multi 75 | ``` 76 | 77 | ### Testing Haproxy 78 | 79 | ``` 80 | Server command: docker run --rm -it --cpuset-cpus <2-n+1> --cap-add=IPC_LOCK --security-opt seccomp=unconfined --security-opt apparmor=unconfined $(for i in `ls /dev/vfio/*`; do echo --device $i; done) --env QAT_POLICY=1 --ulimit memlock=524288000:524288000 -v /usr/local/etc/haproxy/:/usr/local/etc/haproxy/ -d -p 8080:8080 < docker_image_name> haproxy -f /usr/local/etc/haproxy/haproxy.cfg 81 | 82 | Client command: openssl s_time -connect :8080 -cipher AES128-SHA256 -www /20b-file.html -time 5 83 | ``` 84 | 85 | Note: n is number of process or thread. 8080 port to be used for starting the haproxy service. HAproxy config file mounted from the host to the container using -v /usr/local/etc/haproxy/haproxy.cfg. 86 | -------------------------------------------------------------------------------- /dockerfiles/haproxy/haproxy.cfg: -------------------------------------------------------------------------------- 1 | global 2 | insecure-fork-wanted 3 | nbthread 16 4 | cpu-map 1/all 1-16 5 | tune.bufsize 32768 6 | ssl-engine qatengine algo ALL 7 | ssl-mode-async 8 | tune.ssl.cachesize 0 9 | stats socket /tmp/sock1 mode 666 level admin #thread 1/1 10 | ssl-default-bind-ciphers ALL 11 | #ssl-default-bind-curves 12 | tune.ssl.default-dh-param 2048 13 | 14 | defaults 15 | timeout client 10s 16 | timeout server 10s 17 | timeout connect 1s 18 | backlog 10000 19 | mode http 20 | 21 | listen test 22 | mode http 23 | option httpclose 24 | #tcp-request session reject 25 | 26 | bind :8080 ssl force-tlsv12 crt /opt/atf/environments/server/install/haproxy-qat/haproxy_install/conf/haproxy.certs/server-rsa2k.cert.pem 27 | # monitor-uri / 28 | 29 | -------------------------------------------------------------------------------- /docs/apps.md: -------------------------------------------------------------------------------- 1 | ## Application Integration 2 | ### Asynchronous Mode Nginx\* with QAT 3 | NGINX\* with asynchronous mode for Intel® OpenSSL QAT Engine provides 4 | significant performance improvement with QAT acceleration. 5 | The asynchronous fork of NGINX\* can be found at the following Github\* 6 | repository: 7 | 8 | * [Intel® QuickAssist Technology (QAT) Async Mode NGINX\*](https://github.com/intel/asynch_mode_nginx) 9 | 10 | Follow the below link on how to enable Async mode Nginx\* with QAT Hardware and software 11 | Aceeleration using best known configuration. 12 | [Async mode for Nginx\*](https://intel.github.io/quickassist/qatlib/asynch_nginx.html) 13 | 14 | ### NGINX\* QUIC with QAT 15 | Experimental QUIC support for NGINX\* with Intel® QAT Engine for 16 | BoringSSL\* Library can be found [here](https://www.intel.com/content/www/us/en/content-details/737522/experimental-quic-support-for-nginx.html) 17 | 18 | ### HAProxy\* with QAT 19 | HAProxy\* is a free, very fast and reliable reverse-proxy offering high availability, 20 | load balancing, and proxying for TCP and HTTP-based applications. 21 | 22 | Follow the instructions from HAProxy [Install](https://github.com/haproxy/haproxy/blob/master/INSTALL) 23 | to build and install Haproxy. Use `USE_PTHREAD_EMULATION=1` option in the make command which improves performance 24 | utilizing HAProxy's much lighter locks replacing OpensSL\* Pthread locks. 25 | 26 | Add the following options along with other standard settings in the 27 | HAProxy\* [Configuration File](https://www.haproxy.com/documentation/haproxy-configuration-manual/latest) 28 | to utilize QAT Acceleration. 29 | 30 | ```bash 31 | ssl-engine qatengine algo ALL 32 | ssl-mode-async 33 | ``` 34 | 35 | ## Case Studies 36 | * [Intel® QuickAssist Technology and OpenSSL-1.1.0:Performance](https://www.intel.com/content/www/us/en/content-details/709581/intel-quickassist-technology-and-openssl-1-1-0-performance.html) 37 | * [Intel® QuickAssist Technology - NGINX\* Performance White Paper](https://networkbuilders.intel.com/solutionslibrary/intel-quickassist-technology-nginx-performance-white-paper) 38 | * [Accelerate HAProxy\* with Intel QAT](https://www.intel.com/content/www/us/en/content-details/814574/accelerating-haproxy-with-intel-quickassist-technology.html) 39 | 40 | Other Application Integration and more case studies can be found at QAT link below 41 | * [Intel® QuickAssist Technology (Intel® QAT)](https://www.intel.com/content/www/us/en/developer/topic-technology/open/quick-assist-technology/overview.html) 42 | -------------------------------------------------------------------------------- /docs/async_job.md: -------------------------------------------------------------------------------- 1 | # Using the OpenSSL\* asynchronous mode 'ASYNC_JOB' infrastructure 2 | 3 | Asynchronous operation utilizes the OpenSSL\* asynchronous mode (`ASYNC_JOB` 4 | infrastructure) introduced in OpenSSL\* version 1.1.0. In the 5 | OpenSSL\* master branch this infrastructure was augmented to provide an 6 | additional `callback` method by which the OpenSSL\* Engine can be notified 7 | of crypto operation request completions by the hardware accelerator. This 8 | additional method can be used if you think that using the alternative 9 | `file descriptor` method descriptor is too costly in terms of CPU cycles 10 | or in some context where a file descriptor is not appropriate. 11 | 12 | The QAT OpenSSL\* Engine build system will automatically detect whether the 13 | OpenSSL\* version being built against supports this additional `callback` method. 14 | If so, the QAT OpenSSL\* Engine code will use the `callback` 15 | mechanism for job completion rather than the `file descriptor` 16 | mechanism if a `callback` function has been set. If a `callback` has not 17 | been set then the `file descriptor` method will be used. 18 | 19 |

20 | drawing 21 |

22 | 23 | For further details on using the OpenSSL\* asynchronous mode infrastructure please 24 | see the OpenSSL\* online documentation located at: 25 | - 26 | - . 27 | -------------------------------------------------------------------------------- /docs/bssl_support.md: -------------------------------------------------------------------------------- 1 | # Intel® QuickAssist Technology(QAT) BoringSSL\* Library 2 | Intel® QuickAssist Technology BoringSSL\* Library is a prototype accelerating asymmetric cryptographic algorithms for BoringSSL\*, the Google\*'s OpenSSL\* fork which doesn't support engine mechanism. It checks the type of user input SSL library during configuration time and builds out a traditional engine library if OpenSSL\* is detected or a library fitting in with BoringSSL\* private key method if BoringSSL\* is applied. 3 | 4 | This document details the capabilities, interfaces and limitations of the BoringSSL\* based library. Both the hardware and software requirements are explained followed by detailed instructions on how to install and use the library. 5 | 6 | ## Features 7 | - Asynchronous and Synchronous PKE QAT_HW Acceleration 8 | - RSA Support for Key Sizes 1024/2048/3072/4096. 9 | - ECDSA Support for NIST Prime Curves: P-256/P-384/P-521.(Disabled by default) 10 | - Asynchronous PKE QAT_SW Acceleration 11 | - RSA Support for Key Sizes 2048/3072/4096. 12 | - ECDSA Support for NIST Prime Curves: P-256/P-384.(Disabled by default) 13 | 14 | ## Limitations 15 | Some limitations specific for the current BoringSSL\* Library: 16 | * NIST Binary Curves and NIST Koblitz Curves are not supported by BoringSSL\. 17 | * QAT_HW and QAT_SW Co-existence is not supported. 18 | * `RSA_padding_add_PKCS1_OAEP` function is exported by BoringSSL\* `libdecrepit.so`, 19 | so it needs to be linked in the BoringSSL\* Library. It may cause linking error while 20 | building with the system lack of that library. 21 | 22 | ## Requirements 23 | - [Hardware Requirements](hardware_requirements.md) 24 | - [Software Requirements](software_requirements.md) 25 | 26 | ## Installation 27 | ### Build BoringSSL 28 | 29 | ``` 30 | git clone https://github.com/google/boringssl.git 31 | cd boringssl 32 | mkdir -p build 33 | cd build/ 34 | ``` 35 | 36 | Note: BoringSSL\* builds static library by default. To align with the QAT_Engine use case within NGINX\*, an explicit option is added to build it as a dynamic library. 37 | ``` 38 | cmake .. -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release 39 | make 40 | ``` 41 | 42 | BoringSSL\* doesn't support "make install" to consolidate build output to an appropriate location. Here is a solution to integrate all output libraries into one customized path 'lib' by symbol links. 43 | ``` 44 | cd .. 45 | mkdir -p lib 46 | ln -sf $(pwd)/build/libboringssl_gtest.so lib/ 47 | ln -sf $(pwd)/build/crypto/libcrypto.so lib/ 48 | ln -sf $(pwd)/build/ssl/libssl.so lib/ 49 | ln -sf $(pwd)/build/decrepit/libdecrepit.so lib/ 50 | ``` 51 | 52 | Note: RSA Padding schemes are handled by BoringSSL\* rather than accelerated, so the engine supports the same padding schemes as BoringSSL\* does natively. 53 | 54 | ### Build the Intel® QuickAssist Technology BoringSSL\* Library 55 | 56 | The prerequisite to run autogen.sh is to have autotools (autoconf, automake, libtool and pkg-config) installed in the system. 57 | ``` 58 | cd 59 | ./autogen.sh 60 | ``` 61 | 62 | To build and install the Intel® QAT_HW BoringSSL\* Library: 63 | ``` 64 | ./configure --with-openssl_install_dir= --with-qat_hw_dir= 65 | make 66 | install 67 | ``` 68 | To build and install the Intel® QAT_SW BoringSSL\* Library: 69 | ``` 70 | ./configure --enable-qat_sw --with-openssl_install_dir= 71 | make 72 | make install 73 | ``` 74 | In the above example, `--disable-qat_hw` needs to be provided if the system 75 | has qatlib installed. 76 | Note : `--enable-qat_sw` checks crypto_mb and IPSec_MB libraries in its 77 | respective default path (/usr/local/lib and /usr/lib) or in the path provided 78 | in the config flag `--with-qat_sw_crypto_mb_install_dir` (for crypto_mb) and 79 | `--with-qat_sw_ipsec_mb_install_dir` (for ipsec_mb). If any of the libraries 80 | is not installed then their corresponding algorithm support is disabled. 81 | By here, the QAT BoringSSL\* Library `libqatengine.so` is installed to 82 | system path `/usr/local/lib`. Set the `--prefix` if specific install path is expected. 83 | 84 | ### Test the Intel® QuickAssist Technology BoringSSL\* Library 85 | 86 | The test code is under `test_bssl/` directory and will be compiled along with this library. 87 | 88 | - Get usage help by running `qatengine_test` with `-h` option 89 | ``` 90 | # ./qatengine_test -h 91 | Usage: ./qatengine_test [-h/-d/-a] <-k> 92 | -a : Enable async mode 93 | -d : Test on rsa private decrypt 94 | -h : Print all available options 95 | -k : Set private key file path for test purpose e.g. /opt/rsa_key.pmem 96 | Test command lines for reference: 97 | ./qatengine_test -k /opt/rsa_private_2k.key 98 | ./qatengine_test -k /opt/rsa_private_2k.key -a 99 | ./qatengine_test -k /opt/rsa_private_2k.key -d 100 | ./qatengine_test -k /opt/rsa_private_4k.key 101 | ./qatengine_test -k /opt/ec-secp384r1-priv-key.pem 102 | ./qatengine_test -k /opt/ec-secp384r1-priv-key.pem -a 103 | ``` 104 | `Note:` All private keys mentioned here are just for example, pls instead by your locally generated or existing one. 105 | `Note:` Async mode can't be applied to the BoringSSL default method when QAT_HW and QAT_SW are disabled. 106 | 107 | - Tip: to get more debug information, enable QATEngine option: --enable-qat_debug when configuring QATEngine before compiling. 108 | 109 | All example codes provided here are __exclusively__ used for functional tests on QATEngine APIs with BoringSSL enabled. 110 | -------------------------------------------------------------------------------- /docs/features.md: -------------------------------------------------------------------------------- 1 | # Features 2 | 3 | ## qat_hw Features 4 | * Asymmetric PKE 5 | * RSA for Key Sizes 512/1024/2048/4096/8192. 6 | * DH for Key Sizes 768/1024/1536/2048/3072/4096/8192. 7 | * DSA for Key Sizes 160/1024, 224/2048, 256/2048, 256/3072. 8 | * ECDH for the following curves: 9 | * NIST Prime Curves: P-192/P-224/P-256/P-384/P-521. 10 | * NIST Binary Curves: B-163/B-233/B-283/B-409/B-571. 11 | * NIST Koblitz Curves: K-163/K-233/K-283/K-409/K-571. 12 | * Montgomery EC Curves: X25519/X448 (ECX). 13 | * ECDSA for the following curves: 14 | * NIST Prime Curves: P-192/P-224/P-256/P-384/P-521. 15 | * NIST Binary Curves: B-163/B-233/B-283/B-409/B-571. 16 | * NIST Koblitz Curves: K-163/K-233/K-283/K-409/K-571. 17 | * SM2 18 | * Symmetric Ciphers 19 | * AES128-CBC-HMAC-SHA1/AES256-CBC-HMAC-SHA1. 20 | * AES128-CBC-HMAC-SHA256/AES256-CBC-HMAC-SHA256. 21 | * AES128-CCM, AES192-CCM, AES256-CCM. 22 | * AES128-GCM, AES256-GCM. 23 | * ChaCha20-Poly1305 24 | * SM4-CBC 25 | * Key Derivation 26 | * PRF 27 | * HKDF 28 | * Hashing 29 | * SHA3-224/256/384/512 30 | * SM3 31 | * Synchronous and [Asynchronous](async_job.md) Operation 32 | * [Pipelined Operations](qat_hw.md#using-the-openssl-pipelining-capability) 33 | * [Intel® QAT OpenSSL\* Engine Software Fallback](qat_hw.md#intel-qat-openssl-engine-software-fallback-feature) 34 | * [Key Protection Technology (KPT) Support using QAT_HW driver v2.0](qat_hw_kpt.md) 35 | 36 | Please refer [here](qat_hw_algo.md) for applicable QAT Hardware versions and algorithms enabled by default. 37 | 38 | ## qat_sw Features 39 | * [Intel® QAT Software Acceleration](qat_sw.md) 40 | * Asymmetric PKE 41 | * RSA for Key size 2048, 3072, 4096 42 | * ECDH for the following curves: 43 | * Montgomery EC Curve: X25519 44 | * NIST Prime Curves: P-256/P-384 45 | * SM2 46 | * ECDSA for the following curves: 47 | * NIST Prime Curves: P-256/P-384 48 | * SM2 49 | * Symmetric Ciphers 50 | * AES128-GCM, AES192-GCM and AES256-GCM 51 | * SM4-CBC using 16 Multibuffer requests (Tongsuo only) 52 | * SM4-GCM using 16 Multibuffer requests (Tongsuo only) 53 | * SM4-CCM using 16 Multibuffer requests (Tongsuo only) 54 | * Hashing 55 | * SM3 Hash using 16 Multibuffer requests (Experimental) 56 | 57 | ## Common Features to qat_hw & qat_sw 58 | * [BoringSSL Support](bssl_support.md) 59 | * [OpenSSL 3.0 Provider Support](qat_common.md#openssl-30-provider-support) 60 | * [QAT_HW & QAT_SW Co-existence](qat_coex.md#qat-hw-and-qat-sw-co-existence) 61 | * [FIPS 140-3 Certification](qat_common.md#fips-140-3-certification) 62 | 63 | Note: RSA Padding schemes are handled by OpenSSL\* or BoringSSL\* rather than accelerated, so the 64 | engine supports the same padding schemes as OpenSSL\* or BoringSSL\* does natively. 65 | -------------------------------------------------------------------------------- /docs/hardware_requirements.md: -------------------------------------------------------------------------------- 1 | # Hardware Requirements 2 | 3 | QAT_HW acceleration is supported on the platforms with the following QAT devices 4 | * [Intel® QuickAssist 4xxx Series][1] 5 | * [Intel® QuickAssist Adapter 8970][2] 6 | * [Intel® QuickAssist Adapter 8960][3] 7 | * [Intel® QuickAssist Adapter 8950][4] 8 | * [Intel® Atom™ Processor C3000][5] 9 | 10 | QAT_SW acceleration is supported in the platforms starting with [3rd Generation Intel® Xeon® Scalable Processors family][6] and later. 11 | 12 | [1]:https://www.intel.com/content/www/us/en/products/details/processors/xeon.html 13 | [2]:https://www.intel.com/content/www/us/en/products/sku/125200/intel-quickassist-adapter-8970/downloads.html 14 | [3]:https://www.intel.com/content/www/us/en/products/sku/125199/intel-quickassist-adapter-8960/downloads.html 15 | [4]:https://www.intel.com/content/www/us/en/products/sku/80371/intel-communications-chipset-8950/specifications.html 16 | [5]:https://www.intel.com/content/www/us/en/design/products-and-solutions/processors-and-chipsets/denverton/ns/atom-processor-c3000-series.html 17 | [6]:https://www.intel.com/content/www/us/en/products/docs/processors/xeon/3rd-gen-xeon-scalable-processors-brief.html 18 | -------------------------------------------------------------------------------- /docs/images/async.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/QAT_Engine/910240d9c79510206b2c17728d8caf07e10a6f10/docs/images/async.png -------------------------------------------------------------------------------- /docs/images/qat_coex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/QAT_Engine/910240d9c79510206b2c17728d8caf07e10a6f10/docs/images/qat_coex.png -------------------------------------------------------------------------------- /docs/images/qat_engine.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/QAT_Engine/910240d9c79510206b2c17728d8caf07e10a6f10/docs/images/qat_engine.png -------------------------------------------------------------------------------- /docs/legal.md: -------------------------------------------------------------------------------- 1 | # Legal 2 | 3 | Intel, Intel Atom, and Xeon are trademarks of 4 | Intel Corporation in the U.S. and/or other countries. 5 | 6 | \*Other names and brands may be claimed as the property of others. 7 | 8 | Copyright © 2016-2025, Intel Corporation. All rights reserved. 9 | -------------------------------------------------------------------------------- /docs/licensing.md: -------------------------------------------------------------------------------- 1 | # Licensing 2 | 3 | The Licensing of the files within this project is split as follows: 4 | 5 | | Component |License | Details | 6 | |---|---|---| 7 | | Intel® QuickAssist Technology(QAT) OpenSSL* Engine | BSD-3-Clause | This product includes software except qat_hw_config dir. 8 | | Example Intel® QuickAssist Technology Driver Configuration Files contained within the folder `qat_hw_config` | Dual BSD/GPLv2 License | Please see the file headers of the configuration files, and the full GPLv2 license contained in the file `LICENSE.GPL` within the `qat_hw_config` folder. | 9 | -------------------------------------------------------------------------------- /docs/openssl_config.md: -------------------------------------------------------------------------------- 1 | # Using the OpenSSL\* Configuration File to Load/Initialize Engines 2 | 3 | OpenSSL\* includes support for loading and initializing engines via the 4 | openssl.cnf file. The openssl.cnf file is contained in the `ssl` subdirectory of 5 | the path you install OpenSSL\* to. By default OpenSSL\* does not load the 6 | openssl.cnf file at initialization time. In order to load the file you need to 7 | make the following function call from your application as the first call to the 8 | OpenSSL\* library: 9 | 10 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); 11 | 12 | The second parameter determines the name of the section containing the 13 | application specific initialization settings. If you set the parameter to NULL 14 | as in the example above it will default to look for the `openssl_conf` section. 15 | If you want to use your own section you should declare a structure of type 16 | `OPENSSL_INIT_SETTINGS` and set the `appname` field to a string containing the 17 | section name you wish to use. The example config file sections below assume you 18 | are using the default `openssl_conf` section name. 19 | 20 | If converting an existing application to use the Intel® QAT OpenSSL\* Engine 21 | you may find that the application instead makes the now deprecated call to: 22 | 23 | OPENSSL_config(NULL); 24 | 25 | Where the parameter is a const char\* pointer to the `appname` section you want 26 | to use, or NULL to use the default `openssl_conf` section. 27 | 28 | Currently this will give the same behaviour as the 29 | `OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)` call but as it is 30 | deprecated it should not be relied upon for future use. 31 | 32 | For further details on using the OPENSSL_init_crypto function please see the 33 | OpenSSL\* online documentation located at: 34 | 35 | 36 | In order to start using the openssl.cnf file it needs some additional lines 37 | adding. You should add the following statement in the global section (this is 38 | the section before the first bracketed section header): 39 | 40 | openssl_conf = openssl_init 41 | 42 | The string `openssl_init` is the name of the section in the configuration file 43 | which describes the application specific settings. You do not need to stick to 44 | the naming convention here if you prefer to use a different name. 45 | 46 | The `openssl_init` section can be located at the end of the global section (as 47 | the first bracketed section), or further down the configuration file. It should 48 | have the following added: 49 | 50 | [ openssl_init ] 51 | engines = engine_section 52 | 53 | The `engines` string is a keyword that OpenSSL\* recognises as a configuration 54 | module. It should be set to a string which is the section name containing a list 55 | of the engines to be loaded. So for the Intel® QAT OpenSSL\* Engine the 56 | section should contain: 57 | 58 | [ engine_section ] 59 | qat = qat_section 60 | 61 | The `qat_section` contains all the settings relating to that particular engine. 62 | For instance it may contain: 63 | 64 | [ qat_section ] 65 | engine_id = qatengine 66 | dynamic_path = /usr/local/ssl/lib/engines-3/qatengine.so 67 | # Add engine specific messages here 68 | default_algorithms = ALL 69 | 70 | Where `engine_id` specifies the name of engine to load (should be `qatengine`). 71 | 72 | Where `dynamic_path` is the location of the loadable shared library implementing 73 | the engine. There is no need to specify this line if the engine is located 74 | within the standard path that OpenSSL\* was installed to. 75 | 76 | Where `default_algorithms` specifies which algorithms supplied by the engine 77 | should be used by default. Specify `ALL` to make all algorithms supplied by the 78 | engine be used by default. 79 | 80 | In addition the `qat_section` may contain settings that call custom engine 81 | specific messages. For instance: 82 | 83 | ENABLE_EVENT_DRIVEN_MODE = EMPTY 84 | 85 | is functionally equivalent of making the following engine specific message 86 | function call: 87 | 88 | ENGINE_ctrl_cmd(e, "ENABLE_EVENT_DRIVEN_MODE", 0, NULL, NULL, 0); 89 | 90 | You should set the setting to `EMPTY` if there are no parameters to pass, or 91 | assign the value that would be passed as the 4th parameter of the equivalent 92 | `ENGINE_ctrl_cmd` call. It should be noted that this mechanism is only useful 93 | for passing simple values at engine initialization time. You cannot pass 3rd 94 | parameter values, pass complex structures or deal with return values via this 95 | mechanism. 96 | 97 | Engine specific messages should be specified before the `default_algorithms` 98 | setting or incorrect behaviour may result. The following [messages](engine_specific_messages.md) are supported: 99 | 100 | * `ENABLE_EVENT_DRIVEN_POLLING_MODE` 101 | * `ENABLE_EXTERNAL_POLLING` 102 | * `ENABLE_INLINE_POLLING` 103 | * `ENABLE_SW_FALLBACK` 104 | * `SET_INTERNAL_POLL_INTERVAL` 105 | * `SET_EPOLL_TIMEOUT` 106 | * `SET_MAX_RETRY_COUNT` 107 | 108 | In case of forking, the custom values are inherited by the child process. 109 | 110 | By default the engine will get initialized at the end of this section (after all 111 | the custom engine specific messages have been sent). This can be controlled via 112 | an additional `init` setting that is out of scope of the documentation here. 113 | 114 | For further details on using the OpenSSL\* configuration file please see the 115 | OpenSSL\* online documentation located at: 116 | 117 | 118 | By setting up the configuration file as above it is possible for instance to run 119 | the OpenSSL\* speed application to use the Intel® QAT OpenSSL\* Engine 120 | without needing to specify `-engine qatengine` as a command line option. 121 | -------------------------------------------------------------------------------- /docs/qat_common.md: -------------------------------------------------------------------------------- 1 | # OpenSSL 3.0 Provider Support 2 | 3 | Intel® QAT OpenSSL\* Engine supports Provider interface for OpenSSL 3.0. 4 | The qatprovider support can be enabled using configure flag `--enable-qat_provider` 5 | and the default if not specified will use engine interface. 6 | 7 | This support is added as an experimental feature and tested with 8 | OpenSSL Speed and testapp only and not tested with any application. 9 | 10 | Example OpenSSL Speed command to test using qatprovider: 11 | 12 | * QAT_HW 13 | ./openssl speed -provider qatprovider -elapsed -async_jobs 72 rsa2048 14 | * QAT_SW 15 | ./openssl speed -provider qatprovider -elapsed -async_jobs 8 rsa2048 16 | 17 | # FIPS 140-3 Certification 18 | 19 | Intel® QAT OpenSSL\* Engine contains changes to comply with FIPS 140-3 Level-1 20 | Certification requirements using QAT Provider against OpenSSL 3.0.8. The FIPS 21 | support can be enabled using the configure flag `--enable-qat_fips` only with 22 | OpenSSL 3.0 using provider interface which needs to be enabled using `--enable-qat_provider`. 23 | 24 | When FIPS flag is enabled along with provider for OpenSSL3.0, it will run 25 | self tests, integrity tests and will satisfy other FIPS 140-3 CMVP & CAVP 26 | requirements. The FIPS is build as RPM using the specfile fips/qatengine_fips.spec 27 | with QAT_HW & QAT_SW Coexistence enabled along with other flags enabled. 28 | 29 | Please note that the version v1.3.1 is only satisfying FIPS 140-3 Level-1 30 | certification requirements and not FIPS certified yet. 31 | The FIPS 140-3 certification is under process. 32 | 33 | ## Support Algorithms in FIPS mode 34 | 35 | | Mode | Algorithms | 36 | | :---: | :---: | 37 | | QAT_HW | RSA, ECDSA, ECDH, ECDHX25519, ECDHX448, DSA, DH, TLS1.2-KDF(PRF), TLS1.3-KDF(HKDF), SHA3 & AES-GCM | 38 | | QAT_SW | RSA, ECDSA, ECDH, ECDHX25519, SHA2 & AES-GCM | 39 | 40 | # Binary RPM Package 41 | 42 | QAT_Engine supports Binary Package via RPM which can be found in the Release page (Assests section) 43 | The Current Binary RPM Package is created for the distros RHEL 9.2, Ubuntu 22.04 and SUSE SLES15 SP3 with 44 | with default Kernel and other dependent packages from the system default. 45 | The RPM is generated using QAT2.0 OOT driver with QAT_SW Co-existence which means 46 | it will accelerate via QAT_HW for asymmetic PKE and QAT_SW for AES-GCM and supported only on 47 | [Intel® Xeon® Scalable Processor family with Intel® QAT Gen4/Gen4m][1] with default build configuration 48 | in QAT Engine against OpenSSL 3.0 engine and can be build using `make rpm` target. 49 | Dependent library versions used for building binary package are mentioned in Software requirements section. 50 | 51 | Example commands below to install and uninstall RPM Package 52 | 53 | ``` 54 | install: 55 | RHEL & SUSE: rpm -ivh QAT_Engine-.x86_64.rpm --target noarch 56 | Ubuntu: alien -i QAT_Engine-.x86_64.rpm --scripts 57 | uninstall 58 | RHEL & SUSE: rpm -e QAT_Engine 59 | Ubuntu: apt-get remove QAT_Engine 60 | ``` 61 | 62 | The binary RPM Package will take care of installing dependent libraries and kernel modules in the 63 | default path and OpenSSL being installed in `/usr/local/ssl` 64 | Since it is using different OpenSSL version(refer Software requirements for version) than what is 65 | present in the system. LD_LIBRARY_PATH must be set to this path below. 66 | 67 | ``` 68 | export LD_LIBRARY_PATH=/usr/local/ssl/lib64 69 | ``` 70 | 71 | [1]:https://www.intel.com/content/www/us/en/products/docs/processors/xeon-accelerated/4th-gen-xeon-scalable-processors.html 72 | -------------------------------------------------------------------------------- /docs/qat_hw_algo.md: -------------------------------------------------------------------------------- 1 | # QAT_HW Algorithms list, its supported platforms and default behaviour 2 | 3 | | QAT_HW Algorithms | v1.7 | v1.8 | v2.0 | qatlib(intree) | 4 | | :---: | :---: | :---: | :---: | :---: | 5 | | RSA Key size < 2048 | ** | ** | ** | ** | 6 | | RSA Key size >= 2048 <= 4096 | * | * | * | * | 7 | | RSA Key size 8192 | | | * | * | 8 | | ECDSA Curves with bitlen < 256 | ** | ** | ** | ** | 9 | | ECDSA Curves with bitlen >= 256 | * | * | * | * | 10 | | ECDH Curves with bitlen < 256| ** | ** | ** | ** | 11 | | ECDH Curves with bitlen >= 256 | * | * | * | * | 12 | | ECDH X25519 & X448(ECX)| * | * | * | * | 13 | | DSA | ** | ** | ** | ** | 14 | | DH key size < 8192 | ** | ** | ** | ** | 15 | | DH key size >=8192 | | | ** | ** | 16 | | HKDF | *** | *** | *** | *** | 17 | | PRF | * | * | * | * | 18 | | AES-128-GCM | ** | ** | ** | ** | 19 | | AES-256-GCM | *** | *** | *** | *** | 20 | | AES-128-CCM | ** | ** | ** | ** | 21 | | AES-192-CCM | | | ** | ** | 22 | | AES-256-CCM | | | * | * | 23 | | AES128_CBC_HMAC_SHA1 | ** | ** | ** | ** | 24 | | AES256_CBC_HMAC_SHA1 | ** | ** | ** | ** | 25 | | AES128_CBC_HMAC_SHA256 | ** | ** | ** | ** | 26 | | AES256_CBC_HMAC_SHA256 | * | * | * | * | 27 | | SHA3-224 | | ** | ** | ** | 28 | | SHA3-256/384/512 | | *** | *** | *** | 29 | | ChachaPoly | | *** | *** | *** | 30 | | SM4-CBC | | # | # | | 31 | | SM3 | | *** | *** | | 32 | | SM2 | | *** | *** | | 33 | 34 | \* Enabled in the default build of qatengine for the specified platforms when `--with-qat_hw_dir` is provided in qatengine/qatprovider build configure.
35 | \** Insecure algorithms which are disabled by default in QAT_HW driver and qatengine/qatprovider. Can be enabled using configure flag `--enable-qat_insecure_algorithms`. Driver will also needs to be built with the flag `./configure --enable-legacy-algorithms` to enable these algorithms at driver.
36 | \*** Algorithms disabled by default as those are experimental.
37 | \# Disabled by default as it is specific to Tongsuo and not applicable to OpenSSL. To be enabled when qatengine is built with Tongsuo. 38 | 39 | Please refer [config_options](config_options.md) on details about algorithm enable/disable flags. 40 | -------------------------------------------------------------------------------- /docs/qat_hw_kpt.md: -------------------------------------------------------------------------------- 1 | ## Introduction 2 | 3 | Key Protection Technology (KPT) enables customers to securely deliver their 4 | networking security sensitive credentials to IA platforms. IA platforms with 5 | Intel QuickAssist (QAT) IP will deliver this capability. Once, customer keys 6 | are securely delivered to the QAT on IA platform, the customer keys are 7 | protected within the QAT IP while in transport or in use. 8 | 9 | The QAT_Engine with KPT feature can expose the KPT2.0 asymmetric capability 10 | to the other applications e.g. Nginx, OpenSSL, etc. 11 | 12 | ### Supported Algorithms 13 | * Asymmetric Cryptography: 14 | * RSA 512/1024/2048/4096/8192 15 | * ECDSA 256r1/384r1/521r1 16 | 17 | ## Requirements 18 | ### Hardware 19 | The Key Protection Technology(KPT) feature in the Intel® QAT OpenSSL\* Engine needs 20 | QAT acceleration devices with KPT capability on platform with Intel® Xeon® with 21 | QAT 4XXX Series Chipset. 22 | 23 | ### **Key Protection Technology Library** 24 | 25 | This library provides the key protection services for applications upon various Intel® 26 | security hardware technology, like QuickAssist Technology, etc. The Intel® QAT OpenSSL\* 27 | Engine comes with the KPT library in its subdirectory `kpt/lib`. 28 | Please refer [here](../kpt/lib/README.md) for detailed information. 29 | 30 | ## Build Instruction for enabling KPT 31 | 32 | To build and install the Intel® QAT OpenSSL\* Engine with add `--enable-qat_hw_kpt` 33 | to enable KPT configure flag to the qat_hw target build instructions as below 34 | 35 | ``` 36 | cd QAT_Engine 37 | ./autogen.sh 38 | ./configure \ 39 | --enable-qat_hw_kpt \ 40 | --with-qat_hw_dir=/{driver_package_dir} \ 41 | --with-openssl_install_dir=/{openssl_install_dir} 42 | 43 | make clean -j 44 | make -j && make install -j 45 | ``` 46 | 47 | ### KPT Tool 48 | Wrapped private key(WPK) file is a customized PEM file used by the KPT feature. 49 | Sample code of KPT Tool is provided to create or parse the standard WPK file 50 | according to WPK format definition. This tool can be built using `make kpttool` 51 | in the top directory. 52 | **NOTE**: Re-generate the WPK file while the platform is changed. 53 | 54 | * KPT Tool Usage 55 | ``` 56 | Usage of kpttool: 57 | kpttool -act [gen|par] -alg [rsa|ecc] -in [|] -out 58 | -act (action): gen (generate wpk (wrap private key)), par (parse wpk (wrap private key)) 59 | -alg (algorithm): rsa (-in rsa private key file), ecc (-in ecc private key) 60 | -in: -act gen input cpk (customer private key) file 61 | -act par input wpk (wrap private key) file 62 | -out: -act gen output wpk (wrap private key) file 63 | e.g. kpttool -act gen -alg ecc -in ec_secp256r1_private.key -out ec_secp256r1_wpk.key 64 | e.g. kpttool -act par -alg ecc -in ec_secp256r1_wpk.key 65 | e.g. kpttool -act gen -alg rsa -in rsa_2k_private.key -out rsa_2k_wpk.key 66 | e.g. kpttool -act par -alg rsa -in rsa_2k_wpk.key 67 | ``` 68 | 69 | ## Test the KPT Feature 70 | 71 | ### OpenSSL Command 72 | * RSA 73 | 74 | ``` 75 | RSA ENCRYPTION 76 | # echo 123123123123 > plain.txt 77 | # openssl rsautl --encrypt -in plain.txt -out cipher.txt -inkey rsa2k.pem 78 | 79 | RSA DECRYPTION 80 | # openssl rsautl --decrypt -in cipher.txt -out decrypt.txt -keyform engine -engine qatengine -inkey wpk_rsa2k.pem 81 | 82 | RSA SIGN 83 | # openssl dgst -sign wpk_rsa2k.pem -keyform ENGINE -engine qatengine plain.txt > digest.txt 84 | 85 | RSA VERIFY 86 | # openssl dgst -verify rsa2k_pub.pem -signature digest.txt verify.txt 87 | ``` 88 | 89 | * ECDSA 90 | 91 | ``` 92 | ECDSA SIGN 93 | # openssl dgst -sign wpk_secp521r1.pem -keyform ENGINE -engine qatengine plain.txt > digest.txt 94 | 95 | ECDSA VERIFY 96 | # openssl dgst -verify secp521r1_pub.pem -signature digest.txt verify.txt 97 | ``` 98 | 99 | ### Nginx 100 | In Nginx use case, `engine:qat_engine` needs to be prefixed before the WPK file 101 | path for `ssl_certification_key`, which will tell Nginx to load the WPK file 102 | using the QAT Engine instead of the original function. 103 | 104 | For example: 105 | 106 | ``` 107 | server{ 108 | ssl_certificate cert.crt; 109 | ssl_certificate_key engine:qatengine:wpk_file.pem; 110 | } 111 | ``` 112 | 113 | ## Known Issues & Limitation 114 | 1. The worker-instance model is not aligned with previous usage. Since the 115 | KPT needs to get the instance in master node to load the WPK file, the maximum 116 | worker number will change from 64 to 63 while each worker being assigned 1 117 | instance. If 64 workers are used, `nginx -s xxx` will fail and need 118 | to kill all nginx processes forcedly. 119 | 120 | 2. Non-shared mode is implemented by default, and shared mode is not supported yet. 121 | 122 | 3. SWK provision number limitation for each device is 128, otherwise, the QAT Driver will return with error code -3 (CPA_CY_KPT_LOADKEY_FAIL_QUOTA_EXCEEDED). 123 | 124 | It means that: `num_instance * num_server_block(use WPK file) <= 128`. 125 | * If 64 workers are used, the maximum number of server block that uses the WPK file is 2. 126 | * In case only 1 server block used the WPK file, the maximum number of worker is 128. 127 | 128 | 4. Directive sw_fallback will not be supported while KPT capability is enabled. 129 | -------------------------------------------------------------------------------- /docs/qat_sw.md: -------------------------------------------------------------------------------- 1 | ## Intel® QAT Software Acceleration 2 | 3 | This Intel® QAT OpenSSL\* Engine supports Multi-buffer based software 4 | acceleration for asymmetric PKE algorithms RSA, ECDH X25519, ECDH P-256/P-384 5 | and ECDSA P-256/P-384, SM2, SM3, SM4-CBC, SM4-GCM, SM4-CCM using the 6 | Intel® Crypto Multi-buffer library based on Intel® AVX-512 Integer 7 | Fused Multiply Add (IFMA) operations. 8 | 9 | This Support, when enabled by the user using the 10 | [build instructions](install.md#build-qat-engine-for-qat_sw) for qat_sw target 11 | performs operation by batching up multiple requests maintained in queues 12 | and uses the OpenSSL asynchronous infrastructure to submit the batched requests 13 | up to 8 to Crypto Multi-buffer API which processes them in parallel using AVX512 14 | vector instructions. QAT SW Multi-buffer acceleration will be beneficial to 15 | use only in asynchronous mode where there are many parallel connections to fully 16 | utilize multibuffer operation. 17 | 18 | Software based acceleration for AES-GCM is supported via the Intel® 19 | Multi-Buffer Crypto for IPsec Library. The implementation at engine for AES-GCM 20 | follows synchronous mechanism to submit requests to the IPSec_MB library which 21 | processes requests in multiple blocks using vectorized AES,AVX2 and AVX512 22 | instructions from the processor. 23 | 24 | Software acceleration features are only supported in the system that supports 25 | Intel® AVX-512 with the following instruction set extensions: 26 | 27 | ` 28 | AVX512F 29 | AVX512_IFMA 30 | VAES 31 | VPCLMULQDQ 32 | AVX2 33 | ` 34 | -------------------------------------------------------------------------------- /docs/software_requirements.md: -------------------------------------------------------------------------------- 1 | # Software Requirements 2 | 3 | Successful operation of QAT Hardware(QAT_HW) acceleration requires a 4 | [QAT Hardware driver][1] depending on the platform and OS mentioned below. 5 | QAT Software(QAT_SW) acceleration requires optimized software libraries 6 | [Intel® Crypto Multi-buffer library][2] and [intel-ipsec-mb][3]. Depending on the use 7 | case crypto library like OpenSSL, TongSuo(BabaSSL) and BoringSSL needs to be installed along 8 | with a QAT_HW driver or QAT_SW libraries or both. 9 | 10 | This release was validated on the following versions and expected to work on all Linux distributions 11 | and also from the latest versions from the links below. 12 | 13 | ## QAT_HW Drivers: 14 | * [Intel® QuickAssist Technology Driver for Linux\* HW Version 2.0][4] - **QAT20.L.1.2.30-00078** 15 | * [Intel® QuickAssist Technology Driver for Linux\* HW Version 1.x][5] - **QAT.L.4.27.0-00006** 16 | * Intel® QuickAssist Technology Driver for FreeBSD\* HW Version 1.x and 2.0 - **QAT.B.3.14.31-00003** (FreeBSD 13.2) 17 | * [Intel® QATlib for Linux with intree driver][7] - **QATlib 24.09.0** & **QATlib 24.02.0** (for Dockerfile only) 18 | * [Intel® QATlib for FreeBSD with intree driver(FreeBSD 14)][8] - **FreeBSD QATlib 23.09.0** (FreeBSD 14) 19 | 20 | ## QAT_SW Libraries: 21 | * [Intel® Crypto Multi-buffer library][2] - **IPP Crypto v1.1.0** & **IPP Crypto 2021.10** (for BoringSSL only) 22 | * [Intel® Multi-Buffer crypto for IPsec Library release version][3] **v2.0** 23 | 24 | ## Crypto Libraries: 25 | * [OpenSSL\*][9] 3.0.16, 3.2.4, 3.3.3 & 3.4.1 26 | * BoringSSL\* commit - [23ed9d3][10] 27 | * [Tongsuo][11] - 8.4.0 (BabaSSL) 28 | 29 | [1]:https://www.intel.com/content/www/us/en/developer/topic-technology/open/quick-assist-technology/overview.html 30 | [2]:https://github.com/intel/cryptography-primitives/tree/develop/sources/ippcp/crypto_mb 31 | [3]:https://github.com/intel/intel-ipsec-mb 32 | [4]:https://www.intel.com/content/www/us/en/download/765501/intel-quickassist-technology-driver-for-linux-hw-version-2-0.html 33 | [5]:https://www.intel.com/content/www/us/en/download/19734/intel-quickassist-technology-driver-for-linux-hw-version-1-x.html 34 | [6]:https://www.intel.com/content/www/us/en/download/19735/intel-quickassist-technology-driver-for-freebsd-hw-version-1-x.html 35 | [7]:https://github.com/intel/qatlib 36 | [8]:https://github.com/intel/qatlib-freebsd 37 | [9]:https://github.com/openssl/openssl 38 | [10]:https://github.com/google/boringssl/commit/23ed9d3852bbc738bebeaa0fe4a0782f91d7873c 39 | [11]:https://github.com/Tongsuo-Project/Tongsuo 40 | -------------------------------------------------------------------------------- /docs/troubleshooting.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting 2 | 3 | The most likely failure point is that the Intel® QAT OpenSSL\* Engine is not 4 | loading successfully. If this occurs some of the things to check are: 5 | 6 | * Enabling debug settings with QAT_Engine is valuable tool when debugging issues 7 | with QAT_Engine using `--enable-qat_debug`. The debug messages would be logged in 8 | the console(Eg: OpenSSL Speed) or to a file depending on the application(Eg: Nginx 9 | would be on `path_to_nginx_install/logs/error.log`). If you prefer to write to a 10 | file use Eg:`--with-qat_debug_file=/opt/engine.log`. 11 | * When using qat_hw OOT driver package, Has the correct driver config file 12 | from `qat_hw_config` been copied to `/etc`? Check it has a `[SHIM]` section and 13 | that the Intel® QAT Driver was restarted so that it picked up the new 14 | config file. Otherwise below error would be reported during the test. 15 | ```bash 16 | ADF_UIO_PROXY err: icp_adf_userProcessToStart: Error reading /dev/qat_dev_processes file 17 | QAT HW initialization Failed. 18 | ``` 19 | * In case of qat_hw OOT driver, has the driver config file(`/etc/qatdev_id/conf`) 20 | is configured with enough number of process in the setting `NumProcesses = ` 21 | where n is the number of process your application would be using. Otherwise 22 | the below error would be reported for the process that is not getting qat_hw 23 | instance. If QAT_SW is enabled, the process would be using qat_sw as a fallback 24 | mechanism. 25 | ```bash 26 | icp sal userstart fail:qat_hw_init.c 27 | ``` 28 | * In case of qat_hw qatlib intree driver, refer [install](https://github.com/intel/qatlib/blob/main/INSTALL) 29 | page for the policy settings to configure the Numprocess and service required as 30 | per the use case for better performance. 31 | * Is the Intel® QAT Driver up and running for qat_hw? Check by running `adf_ctl`, 32 | device details along with the state should be `state: up`. Also check the 33 | Intel® QAT Driver software has been started. 34 | * Were the paths set correctly so that the `qatengine.so` for engine and `qatprovider.so` 35 | for provider was copied to the correct location? Check they really are there. 36 | * Has the environment variable `OPENSSL_ENGINES` been correctly defined and 37 | exported to the shell? Also check it is really pointing to the correct location. 38 | * If building from OpenSSL prebuilt RPM Package, has the OpenSSL development 39 | packages (openssl-devel for Redhat\* based distribution and libssl-devel 40 | for Debian\* based distribution) been installed ? 41 | * In case of qat_sw acceleration, has the dependent libraries are installed in 42 | the default path or provide the path via `--with-qat_sw_crypto_mb_install_dir` 43 | (for crypto_mb) and `--with-qat_sw_ipsec_mb_install_dir` (for ipsec_mb) if 44 | installed in the path other than default. 45 | * On certain systems, it might be possible that `qatengine.so` or `qatprovider.so` 46 | is not able to locate `libcrypto.so` & `libssl.so` if built from OpenSSL\* source. 47 | It is recommended to add the OpenSSL\* install dir to LD_LIBRARY_PATH as per th 48 | example below 49 | ```bash 50 | export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/ssl/lib64 51 | ``` 52 | * If seeing failures with USDM memory allocation, either with non-root or root user 53 | check memlock limit with `ulimit -l` and increase the memlock limit to 54 | desired value if it is low. 55 | * Algorithms like DH, DSA, SHA1, RSA keysizes < 2048, EC curves < 256 bits are 56 | considered insecure and disabled by default at QAT_HW driver and QAT Engine. 57 | If you prefer to use these algorithms, Rebuild QAT_HW using `--enable-legacy-algorithms` 58 | and QAT Engine using `--enable-qat_insecure_algorithms` configure option. 59 | -------------------------------------------------------------------------------- /driver_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | #QAT_HW OOT driver Location 4 | QAT17_DRIVER=https://downloadmirror.intel.com/838409/QAT.L.4.27.0-00006.tar.gz 5 | QAT20_DRIVER=https://downloadmirror.intel.com/843052/QAT20.L.1.2.30-00078.tar.gz 6 | 7 | #Supported Devices 8 | numC62xDevice=`lspci -vnd 8086: | grep -c "37c8\|37c9"` 9 | numDh895xDevice=`lspci -vnd 8086: | grep -c "0435\|0443"` 10 | numC3xxxDevice=`lspci -vnd 8086: | grep -c "19e2\|19e3"` 11 | num200xxDevice=`lspci -vnd 8086: | grep -c "18ee\|18ef"` 12 | numC4xxxDevice=`lspci -vnd 8086: | grep -c "18a0\|18a1"` 13 | num4xxxDevice=`lspci -vnd 8086: | grep -c "4940\|4942"` 14 | 15 | QAT_ENGINE_ROOT=$PWD 16 | 17 | #Install QAT_HW OOT Driver and copy config files 18 | if [ "$numC62xDevice" -gt 0 -o "$numDh895xDevice" -gt 0 -o "$numC3xxxDevice" -gt 0 -o "$numC4xxxDevice" -gt 0 -o "$num200xxDevice" -gt 0 -o "$num4xxxDevice" -gt 0 ] 19 | then 20 | if [ "$num4xxxDevice" -gt 0 ] 21 | then 22 | echo "QAT2.0 Driver" 23 | wget -O QAT_HW.tar.gz $QAT20_DRIVER 24 | else 25 | echo "QAT1.7 Driver" 26 | wget -O QAT_HW.tar.gz $QAT17_DRIVER 27 | fi 28 | mkdir -p $1 29 | tar -zxvf QAT_HW.tar.gz -C $1 30 | unset ICP_ROOT 31 | unset ICP_BUILD_OUTPUT 32 | cd $1 33 | ./configure 34 | make uninstall; make clean; make install -j 35 | if [ "$numC62xDevice" -gt 0 ] 36 | then 37 | for(( i=0; i<$numC62xDevice; i++ )) 38 | do 39 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/c6xx/multi_process/c6xx_dev0.conf /etc/c6xx_dev$i.conf 40 | done 41 | elif [ "$numDh895xDevice" -gt 0 ] 42 | then 43 | for(( i=0; i<"$numDh895xDevice"; i++ )) 44 | do 45 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/dh895xcc/multi_process/dh895xcc_dev0.conf /etc/dh895xcc_dev$i.conf 46 | done 47 | elif [ "$numC3xxxDevice" -gt 0 ] 48 | then 49 | for(( i=0; i<"$numC3xxxDevice"; i++ )) 50 | do 51 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/c3xxx/multi_process/c3xxx_dev0.conf /etc/c3xxx_dev$i.conf 52 | done 53 | elif [ "$numC4xxxDevice" -gt 0 ] 54 | then 55 | for(( i=0; i<"$numC4xxxDevice"; i++ )) 56 | do 57 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/c4xxx/multi_process/c4xxx_dev0.conf /etc/c4xxx_dev$i.conf 58 | done 59 | elif [ "$num200xxDevice" -gt 0 ] 60 | then 61 | for(( i=0; i<"$num200xxDevice"; i++ )) 62 | do 63 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/200xx/multi_process/200xx_dev0.conf /etc/200xx_dev$i.conf 64 | done 65 | elif [ "$num4xxxDevice" -gt 0 ] 66 | then 67 | for(( i=0; i<$num4xxxDevice; i++ )) 68 | do 69 | sudo cp -rf $QAT_ENGINE_ROOT/qat_hw_config/4xxx/multi_process/4xxx_dev0.conf /etc/4xxx_dev$i.conf 70 | done 71 | fi 72 | adf_ctl restart 73 | echo "QAT_HW Driver installed successfully!" 74 | else 75 | echo "QAT_HW Device not supported to install from make depend ! Install driver manually" 76 | fi 77 | -------------------------------------------------------------------------------- /fips/driver_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Script to install driver modules during the RPM installation 3 | set -e 4 | 5 | if ( lsmod | grep qat >/dev/null ); then 6 | echo "QAT driver already installed and removing existing modules ......." 7 | if (lsmod | grep usdm >/dev/null); then 8 | rmmod usdm_drv 9 | rmmod qat_4xxx 10 | rmmod intel_qat 11 | echo "Removed existing driver" 12 | elif (lsmod | grep intel_qat >/dev/null); then 13 | rmmod qat_4xxx 14 | rmmod intel_qat 15 | echo "Removed existing driver" 16 | fi 17 | else 18 | echo "Shutdown qat services" 19 | cd /usr/lib64/build 20 | ./qat_service shutdown 21 | fi 22 | 23 | 24 | if [ $? -ne 0 ]; then 25 | sudo insmod /usr/lib64/build/intel_qat.ko 26 | fi 27 | sudo modprobe authenc 28 | sudo modprobe mdev 29 | sudo modprobe uio 30 | 31 | cp -rf /usr/lib64/build/qat_4xxx.bin /lib/firmware/ 32 | cp -rf /usr/lib64/build/qat_4xxx_mmp.bin /lib/firmware/ 33 | 34 | echo "Installing QAT Kernel Modules" 35 | 36 | sudo insmod /usr/lib64/build/intel_qat.ko 37 | sudo insmod /usr/lib64/build/usdm_drv.ko 38 | sudo insmod /usr/lib64/build/qat_4xxx.ko 39 | 40 | for(( i=0; i< 8; i++ )) 41 | do 42 | cp -rf /usr/lib64/build/4xxx_dev0.conf /etc/4xxx_dev$i.conf 43 | done 44 | 45 | cp -rf /usr/lib64/build/4xxx_dev* /etc/ 46 | cp /usr/lib64/build/adf_ctl /usr/local/bin 47 | cp /usr/lib64/build/adf_ctl /usr/bin 48 | 49 | cd /usr/lib64/build 50 | 51 | sudo adf_ctl restart 52 | -------------------------------------------------------------------------------- /fips_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ./autogen.sh 3 | if [ "$QAT_HW_ENABLED" = "1" ] && [ "$QAT_SW_ENABLED" = "1" ] 4 | then 5 | cp -f /usr/lib64/build/qat_4xxx.ko $OPENSSL_ENGINES/ 6 | cp -f /usr/lib64/build/usdm_drv.ko $OPENSSL_ENGINES/ 7 | cp -f /usr/lib64/build/intel_qat.ko $OPENSSL_ENGINES/ 8 | cp -f /usr/lib64/libusdm_drv_s.so $OPENSSL_ENGINES/ 9 | cp -f /usr/lib64/libqat_s.so $OPENSSL_ENGINES/ 10 | cp -f /lib/firmware/qat_4xxx.bin $OPENSSL_ENGINES/ 11 | cp -f /lib/firmware/qat_4xxx_mmp.bin $OPENSSL_ENGINES/ 12 | cp -f /usr/lib64/libIPSec_MB.so $OPENSSL_ENGINES/ 13 | cp -f /usr/lib64/libcrypto_mb.so $OPENSSL_ENGINES/ 14 | ./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_sw --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_hw_hkdf --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_sw_sm2 --disable-qat_hw_ciphers 15 | make clean 16 | make -j 30 17 | make install 18 | make intkat 19 | cp -f $OPENSSL_ENGINES/qatprovider.so /usr/lib64/ossl-modules/ 20 | echo "==================================================================================" 21 | echo "* Note: 22 | * Before running the script, Please ensure below files are available in below paths. 23 | * If not, Please Copy them Manually. 24 | * qat_4xxx.ko, usdm_drv.ko, intel_qat.ko files to '/usr/lib64/build/' 25 | * qat_4xxx.bin, qat_4xxx_mmp.bin to '/lib/firmware/' 26 | * libusdm_drv_s.so, libqat_s.so, libIPSec_MB.so, libcrypto_mb.so files to '/usr/lib64/' 27 | * export 'SYS_OPENSSL_PATH' as openssl install path which contains bin. 28 | * eg. SYS_OPENSSL_PATH=/root/openssl_install/ " 29 | else 30 | if [ "$QAT_HW_ENABLED" = "1" ] 31 | then 32 | cp -f /usr/lib64/build/qat_4xxx.ko $OPENSSL_ENGINES/ 33 | cp -f /usr/lib64/build/usdm_drv.ko $OPENSSL_ENGINES/ 34 | cp -f /usr/lib64/build/intel_qat.ko $OPENSSL_ENGINES/ 35 | cp -f /usr/lib64/libusdm_drv_s.so $OPENSSL_ENGINES/ 36 | cp -f /usr/lib64/libqat_s.so $OPENSSL_ENGINES/ 37 | cp -f /lib/firmware/qat_4xxx.bin $OPENSSL_ENGINES/ 38 | cp -f /lib/firmware/qat_4xxx_mmp.bin $OPENSSL_ENGINES/ 39 | ./configure --with-qat_hw_dir=$ICP_ROOT --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_provider --enable-qat_hw_sha3 --enable-qat_hw_gcm --enable-qat_hw_hkdf --enable-qat_fips --enable-qat_insecure_algorithms --disable-qat_hw_ciphers 40 | else 41 | cp -f /usr/lib64/libIPSec_MB.so $OPENSSL_ENGINES/ 42 | cp -f /usr/lib64/libcrypto_mb.so $OPENSSL_ENGINES/ 43 | ./configure --with-openssl_install_dir=$OPENSSL_LIB --enable-qat_sw --enable-qat_provider --enable-qat_fips --disable-qat_sw_sm2 44 | fi 45 | make clean 46 | make -j 30 47 | make install 48 | make intkat 49 | cp -f $OPENSSL_ENGINES/qatprovider.so /usr/lib64/ossl-modules/ 50 | echo "==================================================================================" 51 | if [ "$QAT_HW_ENABLED" = "1" ] 52 | then 53 | echo "* Note: 54 | * Before running the script, Please ensure below files are available in below paths. 55 | * If not, Please Copy them Manually. 56 | * qat_4xxx.ko, usdm_drv.ko, intel_qat.ko files to '/usr/lib64/build/' 57 | * libusdm_drv_s.so, libqat_s.so to '/usr/lib64/' 58 | * qat_4xxx.bin, qat_4xxx_mmp.bin to '/lib/firmware/' 59 | * export 'SYS_OPENSSL_PATH' as openssl install path which contains bin. 60 | * eg. SYS_OPENSSL_PATH=/root/openssl_install/ " 61 | else 62 | echo "* Note: 63 | * Before running the script, Please ensure below files are available in below path. 64 | * If not, Please Copy them Manually. 65 | * libIPSec_MB.so, libcrypto_mb.so files to '/usr/lib64/' 66 | * export 'SYS_OPENSSL_PATH' as openssl install path which contains bin. 67 | * eg. SYS_OPENSSL_PATH=/root/openssl_install/ " 68 | fi 69 | fi 70 | 71 | -------------------------------------------------------------------------------- /kpt/apps/kpt_dev_pp.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | #ifndef __KPT_DEV_PP_H__ 40 | #define __KPT_DEV_PP_H__ 41 | 42 | #include 43 | #include 44 | #include 45 | 46 | #define MAX_SOCKET (32) 47 | #define KPT_PER_PART_KEY_N_LEN (384) 48 | #define KPT_PER_PART_KEY_E_LEN (8) 49 | #define KPT_PER_PART_SIG_LEN (384) 50 | 51 | typedef struct { 52 | unsigned char pub_n[KPT_PER_PART_KEY_N_LEN]; 53 | int len_pub_n; 54 | unsigned char pub_e[KPT_PER_PART_KEY_E_LEN]; 55 | int len_pub_e; 56 | unsigned char sig[KPT_PER_PART_SIG_LEN]; 57 | int len_sig; 58 | } kpt_per_part_context; 59 | 60 | extern kpt_per_part_context kpt_per_part_context_ptr[MAX_SOCKET]; 61 | 62 | extern int cpu_socket_num; 63 | 64 | extern int kpt_get_per_part_key(void); 65 | 66 | enum log_level { 67 | LOG_ERR = 0, 68 | LOG_DEBUG, 69 | LOG_PRINT 70 | }; 71 | 72 | const char *log_level_str(int level); 73 | int xlog(int level, const char *fmt, ...); 74 | 75 | #define log_err(fmt, ...) xlog(LOG_ERR, fmt, ##__VA_ARGS__) 76 | #define log_debug(fmt, ...) xlog(LOG_DEBUG, fmt, ##__VA_ARGS__) 77 | #define log_print(fmt, ...) xlog(LOG_PRINT, fmt, ##__VA_ARGS__) 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /kpt/apps/kpt_key.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | #ifndef __KPT_KEY_H__ 40 | #define __KPT_KEY_H__ 41 | 42 | #define MAX_ECC_KEY_SIZE (1024) 43 | #define MAX_ESWK_SIZE (512) 44 | #define MAX_KPT_RSA_KEY_TYPE1_SIZE (2064) 45 | #define MAX_KPT_RSA_KEY_TYPE2_SIZE (3600) 46 | #define MAX_KPT_RSA_KEY_N_SIZE (1024) 47 | #define MAX_KPT_RSA_KEY_E_SIZE (1024) 48 | #define MAX_CPU_SOCKET (32) 49 | 50 | typedef enum kpt_gen_s { 51 | KPT_GEN1 = 1, 52 | KPT_GEN2 53 | } kpt_gen_t; 54 | 55 | typedef struct kpt_ecc_wpk_st { 56 | long version; 57 | unsigned char swkSec[MAX_CPU_SOCKET][MAX_ESWK_SIZE]; 58 | unsigned char swkPub[MAX_CPU_SOCKET][MAX_ESWK_SIZE]; 59 | unsigned char wpk[MAX_ECC_KEY_SIZE]; 60 | unsigned char pub_key[MAX_ECC_KEY_SIZE]; 61 | int swkSec_size[MAX_CPU_SOCKET]; 62 | int swkPub_size[MAX_CPU_SOCKET]; 63 | int wpk_size; 64 | int pub_key_size; 65 | int curve_nid; /* optional NID for named curve */ 66 | int wrapping_alg_nid; 67 | } kpt_ecc_wpk; 68 | 69 | typedef struct kpt_rsa_wpk_st { 70 | long version; 71 | long size; 72 | unsigned char swkSec[MAX_CPU_SOCKET][MAX_ESWK_SIZE]; 73 | unsigned char swkPub[MAX_CPU_SOCKET][MAX_ESWK_SIZE]; 74 | unsigned char wpk_type1[MAX_KPT_RSA_KEY_TYPE1_SIZE]; 75 | unsigned char wpk_type2[MAX_KPT_RSA_KEY_TYPE2_SIZE]; 76 | unsigned char n[MAX_KPT_RSA_KEY_N_SIZE]; 77 | unsigned char e[MAX_KPT_RSA_KEY_E_SIZE]; 78 | int swkSec_size[MAX_CPU_SOCKET]; 79 | int swkPub_size[MAX_CPU_SOCKET]; 80 | int wpk_type1_size; 81 | int wpk_type2_size; 82 | int n_size; 83 | int e_size; 84 | int rsa_nid; 85 | int wrapping_alg_nid; 86 | } kpt_rsa_wpk; 87 | 88 | int kpt_ecc_wpk_gen(unsigned char *cpk_file, unsigned char *wpk_file); 89 | int kpt_ecc_wpk_parse(kpt_ecc_wpk *ecc_wpk, unsigned char *wpk_file); 90 | int kpt_rsa_wpk_gen(unsigned char *cpk_file, unsigned char *wpk_file); 91 | int kpt_rsa_wpk_parse(kpt_rsa_wpk *rsa_wpk, unsigned char *wpk_file); 92 | 93 | #endif 94 | -------------------------------------------------------------------------------- /kpt/apps/kpt_swk.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | #ifndef __KPT_SWK_H__ 40 | #define __KPT_SWK_H__ 41 | #include 42 | #include 43 | #include 44 | 45 | #define MAX_KPT1_PUB_LEN (2048) 46 | #define MAX_KPT1_PRIV_LEN (2048) 47 | 48 | typedef struct e_swk{ 49 | ASN1_OCTET_STRING *devSig; 50 | ASN1_OCTET_STRING *secSWK; 51 | } ESWK; 52 | DEFINE_STACK_OF(ESWK) 53 | DECLARE_ASN1_FUNCTIONS(ESWK) 54 | 55 | typedef struct wrapping_metadata { 56 | ASN1_OCTET_STRING *aesNonce; 57 | ASN1_OBJECT *wrappingAlg; 58 | STACK_OF(ESWK) *eSWKs; 59 | } WRAPPINGMETADATA; 60 | DECLARE_ASN1_FUNCTIONS(WRAPPINGMETADATA) 61 | 62 | #define AES_GCM_256_KEY_SIZE (32) 63 | #define AES_GCM_IV_SIZE (12) 64 | #define AES_GCM_TAG_SIZE (16) 65 | #define RSA3K_ENCRYPTION_OUTPUT_SIZE (384) 66 | int wrap_key_with_gcm256(unsigned char *ck, int ck_len, unsigned char *pk, 67 | int *pk_len, unsigned char *swk, unsigned char *iv, 68 | int iv_len, unsigned char *aad, int aad_len); 69 | 70 | int encrypt_swk_with_per_part_key(unsigned char *swk, unsigned char *eswk, 71 | unsigned char *n, int n_len, 72 | unsigned char *e, int e_len); 73 | 74 | int seal_swk_with_ptt_srk(unsigned char *swk, unsigned char *priv, 75 | unsigned int *priv_len, unsigned char *pub, 76 | unsigned int *pub_len); 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /kpt/apps/main.c: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include "kpt_key.h" 45 | #include "kpt_dev_pp.h" 46 | 47 | void tool_usage(void) 48 | { 49 | log_print("kpttool generate or parse wpk\n"); 50 | log_print("Usage of kpttool:\n"); 51 | log_print("kpttool -act [gen|par] -alg [rsa|ecc] -in [|] -out \n"); 52 | log_print(" -act (action): gen (generate wpk (wrap private key)), par (parse wpk (wrap private key))\n"); 53 | log_print(" -alg (algorithm): rsa (-in rsa private key file), ecc (-in ecc private key)\n"); 54 | log_print(" -in: -act gen input cpk (customer private key) file\n"); 55 | log_print(" -act par input wpk (wrap private key) file\n"); 56 | log_print(" -out: -act gen output wpk (wrap private key) file\n"); 57 | log_print("e.g. kpttool -act gen -alg ecc -in ec_secp256r1_private.key -out ec_secp256r1_wpk.key\n"); 58 | log_print("e.g. kpttool -act par -alg ecc -in ec_secp256r1_wpk.key\n"); 59 | log_print("e.g. kpttool -act gen -alg rsa -in rsa_2k_private.key -out rsa_2k_wpk.key\n"); 60 | log_print("e.g. kpttool -act par -alg rsa -in rsa_2k_wpk.key\n"); 61 | } 62 | 63 | int main(int argc, char** argv) 64 | { 65 | unsigned char *input_file = NULL; 66 | unsigned char *output_file = NULL; 67 | unsigned char *action = NULL; 68 | unsigned char *algo = NULL; 69 | int ret = 0; 70 | 71 | argc--; 72 | argv++; 73 | 74 | while (argc >= 1) { 75 | if (strcmp(*argv, "-act") == 0) { 76 | if (--argc < 1) { 77 | tool_usage(); 78 | return 0; 79 | } 80 | action = *(++argv); 81 | } else if (strcmp(*argv, "-alg") == 0) { 82 | if (--argc < 1) { 83 | tool_usage(); 84 | return 0; 85 | } 86 | algo = *(++argv); 87 | } else if (strcmp(*argv, "-in") == 0) { 88 | if (--argc < 1) { 89 | tool_usage(); 90 | return 0; 91 | } 92 | input_file = *(++argv); 93 | } else if (strcmp(*argv, "-out") == 0) { 94 | if (--argc < 1) { 95 | tool_usage(); 96 | return 0; 97 | } 98 | output_file = *(++argv); 99 | } else { 100 | tool_usage(); 101 | return 0; 102 | } 103 | argc--; 104 | argv++; 105 | } 106 | 107 | if (!action || !algo) { 108 | tool_usage(); 109 | exit(1); 110 | } 111 | log_print("input file %s \n",input_file); 112 | log_print("output file %s \n",output_file); 113 | log_print("alg %s \n",algo); 114 | log_print("action %s \n",action); 115 | 116 | if (strcmp(algo, "ecc") == 0) { 117 | if (strcmp(action, "gen") == 0) { 118 | ret = kpt_ecc_wpk_gen(input_file, output_file); 119 | } else if (strcmp(action, "par") == 0) { 120 | kpt_ecc_wpk ecc_wpk; 121 | ret = kpt_ecc_wpk_parse(&ecc_wpk, input_file); 122 | } else { 123 | tool_usage(); 124 | } 125 | } else if (strcmp(algo, "rsa") == 0) { 126 | if (strcmp(action, "gen") == 0) { 127 | ret = kpt_rsa_wpk_gen(input_file, output_file); 128 | } else if (strcmp(action, "par") == 0) { 129 | kpt_rsa_wpk rsa_wpk; 130 | ret = kpt_rsa_wpk_parse(&rsa_wpk, input_file); 131 | } else { 132 | tool_usage(); 133 | } 134 | } else { 135 | tool_usage(); 136 | } 137 | 138 | return ret; 139 | } 140 | -------------------------------------------------------------------------------- /kpt/lib/KPT_Library.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/intel/QAT_Engine/910240d9c79510206b2c17728d8caf07e10a6f10/kpt/lib/KPT_Library.PNG -------------------------------------------------------------------------------- /kpt/lib/README.md: -------------------------------------------------------------------------------- 1 | # Key Protection Technology Library 2 | 3 | The KPT2.0 capability is delivered through the KPT Library which is placed in the QAT_Engine repository. It can provide KPT2.0 functionalities, like special key file parse, KPT init/finish, asymmetric crypto offload etc. And the library will leverage other Intel security technologies, e.g. Software Guard Extensions(SGX) to provide more security services in the future. 4 | 5 |

6 | drawing 7 |

8 | 9 | ## **Division of the work** 10 | * QAT_ENGINE: Control Path 11 | * Async job control 12 | * QAT resource management 13 | * KPT Layer between QAT_Engine and KPT Library: qat_hw_kpt.c 14 | 15 | * KPT_LIB: Data Path 16 | * WPK load and parse 17 | * KPT initialization/finish 18 | * Crypto offload 19 | 20 | ## **Environment Setup** 21 | ### Requirements 22 | * QuickAssist Technology Driver for Intel® Xeon® Scalable Processor family with Intel® QAT Gen4/Gen4m Platform 23 | * OpenSSL 1.1.1x & 3.0.x 24 | 25 | ### Build 26 | This Library is built along with qatengine build when KPT is enabled using the configure flag `--enable-qat_hw_kpt`. KPT debugs can be enabled by passing "KPT_DEBUG" or "KPT_WARN" in the CFLAGS. 27 | -------------------------------------------------------------------------------- /plock.c: -------------------------------------------------------------------------------- 1 | /* pthread_rwlock emulation (version without exponential back-off) 2 | * 3 | * Copyright (C) 2022-2025 Willy Tarreau 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining 6 | * a copy of this software and associated documentation files (the 7 | * "Software"), to deal in the Software without restriction, including 8 | * without limitation the rights to use, copy, modify, merge, publish, 9 | * distribute, sublicense, and/or sell copies of the Software, and to 10 | * permit persons to whom the Software is furnished to do so, subject to 11 | * the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be 14 | * included in all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 18 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT 20 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 21 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 22 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 23 | * OTHER DEALINGS IN THE SOFTWARE. 24 | */ 25 | 26 | 27 | /* Pthread rwlock emulation using plocks (to avoid expensive futexes). 28 | * 29 | * These are a direct mapping on Progressive Locks, with the exception that 30 | * since there's a common unlock operation in pthreads, we need to know if 31 | * we need to unlock for reads or writes, so we set the topmost bit to 1 when 32 | * a write lock is acquired to indicate that a write unlock needs to be 33 | * performed. This only divides by two the maximum number of threads that 34 | * may be supported compared to the default plock implementation, which is 35 | * generally OK. In order to ease integration into existing code, the storage 36 | * here is the provided pthread_rwlock_t cast as a unsigned long. It is 37 | * expected to be zero when unlocked so that code that would forget to 38 | * call pthread_rwlock_init() after a calloc() and that would happen to work 39 | * by pure luck would continue to work. 40 | * 41 | * This variant does NOT use exponential backoff as it was found to 42 | * significantly reduce performance on some platforms when the application 43 | * makes excessive use of pthread_rwlocks but contention remains low (which 44 | * is often the case when using rwlocks). If this is needed in the future, 45 | * please do not do it in this file and provide it in an alternate one 46 | * instead so that users can choose the one they want. 47 | * 48 | * It is recommended to link this code statically into the target executable 49 | * to make sure that the redefined symbols have precedence over the ones 50 | * provided by an external shared pthread library. It has no other dependency 51 | * beyond pthread and plock.h, so the build process is trivial: 52 | * 53 | * $ cc -O2 -c pth_rwl.c -pthread 54 | * # link the resulting .o into the final executable 55 | * 56 | * This source file (and its required dependencies) may be directly copied into 57 | * the target project as long as its license is compatible with this one (which 58 | * should generally be the case). 59 | */ 60 | 61 | #include 62 | #include "plock.h" 63 | 64 | int pthread_rwlock_init(pthread_rwlock_t *restrict rwlock, const pthread_rwlockattr_t *restrict attr) 65 | { 66 | unsigned long *lock = (unsigned long *)rwlock; 67 | 68 | *lock = 0; 69 | return 0; 70 | } 71 | 72 | int pthread_rwlock_destroy(pthread_rwlock_t *rwlock) 73 | { 74 | unsigned long *lock = (unsigned long *)rwlock; 75 | 76 | *lock = 0; 77 | return 0; 78 | } 79 | 80 | int pthread_rwlock_rdlock(pthread_rwlock_t *rwlock) 81 | { 82 | pl_lorw_rdlock((unsigned long *)rwlock); 83 | return 0; 84 | } 85 | 86 | int pthread_rwlock_tryrdlock(pthread_rwlock_t *rwlock) 87 | { 88 | return !!pl_cmpxchg((unsigned long *)rwlock, 0, PLOCK_LORW_SHR_BASE); 89 | } 90 | 91 | int pthread_rwlock_timedrdlock(pthread_rwlock_t *restrict rwlock, const struct timespec *restrict abstime) 92 | { 93 | return pthread_rwlock_tryrdlock(rwlock); 94 | } 95 | 96 | int pthread_rwlock_wrlock(pthread_rwlock_t *rwlock) 97 | { 98 | pl_lorw_wrlock((unsigned long *)rwlock); 99 | return 0; 100 | } 101 | 102 | int pthread_rwlock_trywrlock(pthread_rwlock_t *rwlock) 103 | { 104 | return !!pl_cmpxchg((unsigned long *)rwlock, 0, PLOCK_LORW_EXC_BASE); 105 | } 106 | 107 | int pthread_rwlock_timedwrlock(pthread_rwlock_t *restrict rwlock, const struct timespec *restrict abstime) 108 | { 109 | return pthread_rwlock_trywrlock(rwlock); 110 | } 111 | 112 | int pthread_rwlock_unlock(pthread_rwlock_t *rwlock) 113 | { 114 | pl_lorw_unlock((unsigned long *)rwlock); 115 | return 0; 116 | } 117 | -------------------------------------------------------------------------------- /qat.ec: -------------------------------------------------------------------------------- 1 | L QAT qat_err.h qat_err.c 2 | -------------------------------------------------------------------------------- /qat_common.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_common.h 41 | * 42 | * This file provides the common data structure for QAT_HW & QAT_SW 43 | * 44 | *****************************************************************************/ 45 | #ifndef QAT_COMMON_H 46 | # define QAT_COMMON_H 47 | 48 | /* Begin of ECX common data structures */ 49 | # define X25519_KEYLEN 32 50 | # define X448_KEYLEN 56 51 | # define QAT_X448_DATALEN 64 52 | # define X448_DATA_KEY_DIFF 8 53 | # define ED448_KEYLEN 57/* This is used for OpenSSL 3.0 ECX_KEY */ 54 | 55 | # define MAX_KEYLEN 57 56 | 57 | # if OPENSSL_VERSION_NUMBER < 0x30200000 58 | typedef int CRYPTO_REF_COUNT; 59 | # else 60 | typedef struct { 61 | int val; 62 | } CRYPTO_REF_COUNT; 63 | # endif 64 | 65 | /* Only for QAT_HW built with OpenSSL 1.1.1 Engine */ 66 | # ifndef QAT_OPENSSL_3 67 | typedef struct { 68 | unsigned char pubkey[QAT_X448_DATALEN]; 69 | unsigned char *privkey; 70 | } ECX_KEY; 71 | # endif 72 | 73 | # if defined(QAT_OPENSSL_3) && !defined(QAT_OPENSSL_PROVIDER) 74 | typedef enum { 75 | ECX_KEY_TYPE_X25519, 76 | ECX_KEY_TYPE_X448, 77 | ECX_KEY_TYPE_ED25519, 78 | ECX_KEY_TYPE_ED448 79 | } ECX_KEY_TYPE; 80 | 81 | typedef struct ecx_key_st { 82 | OSSL_LIB_CTX *libctx; 83 | char *propq; 84 | unsigned int haspubkey:1; 85 | unsigned char pubkey[ED448_KEYLEN]; 86 | unsigned char *privkey; 87 | size_t keylen; 88 | ECX_KEY_TYPE type; 89 | CRYPTO_REF_COUNT references; 90 | #if OPENSSL_VERSION_NUMBER < 0x30200000 91 | CRYPTO_RWLOCK *lock; 92 | #endif 93 | } QAT_SW_ECX_KEY, ECX_KEY; 94 | # else 95 | typedef struct { 96 | unsigned char pubkey[MAX_KEYLEN]; 97 | unsigned char *privkey; 98 | } QAT_SW_ECX_KEY; 99 | # endif 100 | /* End of ECX common data structures */ 101 | 102 | #endif 103 | -------------------------------------------------------------------------------- /qat_events.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_events.h 41 | * 42 | * This file provides an interface for async events in engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_EVENTS_H 47 | # define QAT_EVENTS_H 48 | 49 | # include 50 | # include 51 | 52 | 53 | /* This value is defined as one possible return value 54 | * of qat_pause_job() which means paused async job is 55 | * not resumed by async event but some other events 56 | * such as socket events. 57 | * NOTE THAT the unexpected event will be thrown away 58 | * effectively and quietly. The application should be 59 | * aware of this case. 60 | */ 61 | #define QAT_JOB_RESUMED_UNEXPECTEDLY -1 62 | #define QAT_CHK_JOB_RESUMED_UNEXPECTEDLY(x) \ 63 | (x == QAT_JOB_RESUMED_UNEXPECTEDLY) 64 | 65 | /* 66 | * These #defines ensure backward compatibility with OpenSSL versions 1.1.0 67 | * and 1.1.1 which do not have asynchronous callback mode. 68 | */ 69 | #ifndef OPENSSL_3 70 | # define ASYNC_STATUS_UNSUPPORTED 0 71 | # define ASYNC_STATUS_ERR 1 72 | # define ASYNC_STATUS_OK 2 73 | # define ASYNC_STATUS_EAGAIN 3 74 | #endif 75 | 76 | #ifdef __FreeBSD__ 77 | # define QAT_EVENT_NUM 1 78 | #endif 79 | 80 | int qat_is_event_driven(); 81 | int qat_setup_async_event_notification(volatile ASYNC_JOB *job); 82 | int qat_clear_async_event_notification(volatile ASYNC_JOB *job); 83 | int qat_pause_job(volatile ASYNC_JOB *job, int jobStatus); 84 | int qat_wake_job(volatile ASYNC_JOB *job, int jobStatus); 85 | 86 | #endif /* QAT_EVENTS_H */ 87 | -------------------------------------------------------------------------------- /qat_hw_asym_common.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_asym_common.h 41 | * 42 | * This file contains the interface to common asymmetric functions 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_ASYM_COMMON_H 47 | # define QAT_HW_ASYM_COMMON_H 48 | 49 | # include 50 | 51 | # include "cpa.h" 52 | 53 | int qat_BN_to_FB(CpaFlatBuffer * fb, const BIGNUM *bn, int qat_svm); 54 | int qat_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 55 | int *fallback); 56 | # ifdef ENABLE_QAT_HW_SM2 57 | int qat_BN_to_FB_for_sm2(CpaFlatBuffer * fb, const BIGNUM *bn, int qat_svm); 58 | # endif 59 | 60 | # ifdef ENABLE_QAT_HW_ECX 61 | void qat_ecx_cb(void *pCallbackTag, CpaStatus status, 62 | void *pOpData, CpaBoolean multiplyStatus, 63 | CpaFlatBuffer *pXk, CpaFlatBuffer *pYk); 64 | int reverse_bytes(unsigned char *tobuffer, unsigned char *frombuffer, 65 | unsigned int tosize, unsigned int fromsize); 66 | # endif 67 | #endif /* QAT_HW_ASYM_COMMON_H */ 68 | -------------------------------------------------------------------------------- /qat_hw_config/200xx/multi_process/200xx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # 31 | # Redistribution and use in source and binary forms, with or without 32 | # modification, are permitted provided that the following conditions 33 | # are met: 34 | # 35 | # * Redistributions of source code must retain the above copyright 36 | # notice, this list of conditions and the following disclaimer. 37 | # * Redistributions in binary form must reproduce the above copyright 38 | # notice, this list of conditions and the following disclaimer in 39 | # the documentation and/or other materials provided with the 40 | # distribution. 41 | # * Neither the name of Intel Corporation nor the names of its 42 | # contributors may be used to endorse or promote products derived 43 | # from this software without specific prior written permission. 44 | # 45 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 46 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 47 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 48 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 49 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 50 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 51 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 52 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 53 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 54 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 55 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 56 | # 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | # Set the service profile to determine available features 63 | # ===================================================================== 64 | # DEFAULT CRYPTO COMPRESSION CUSTOM1 65 | # Asymmetric Crypto * * * 66 | # Symmetric Crypto * * * 67 | # Hash * * * * 68 | # Cipher * * * 69 | # MGF KeyGen * * 70 | # SSL/TLS KeyGen * * * 71 | # HKDF * * 72 | # Compression * * * 73 | # Decompression (stateless) * * * 74 | # Decompression (stateful) * * 75 | # Service Chaining * 76 | # Device Utilization * * * 77 | # Rate Limiting * * * 78 | # ===================================================================== 79 | ServicesProfile = DEFAULT 80 | 81 | ConfigVersion = 2 82 | 83 | #Default values for number of concurrent requests*/ 84 | CyNumConcurrentSymRequests = 512 85 | CyNumConcurrentAsymRequests = 64 86 | 87 | #Statistics, valid values: 1,0 88 | statsGeneral = 1 89 | statsDh = 1 90 | statsDrbg = 1 91 | statsDsa = 1 92 | statsEcc = 1 93 | statsKeyGen = 1 94 | statsDc = 1 95 | statsLn = 1 96 | statsPrime = 1 97 | statsRsa = 1 98 | statsSym = 1 99 | 100 | # This flag is to enable device auto reset on heartbeat error 101 | AutoResetOnError = 0 102 | 103 | ############################################## 104 | # Kernel Instances Section 105 | ############################################## 106 | [KERNEL] 107 | NumberCyInstances = 0 108 | NumberDcInstances = 0 109 | 110 | ############################################## 111 | # User Process Instance Section 112 | ############################################## 113 | [SHIM] 114 | NumberCyInstances = 1 115 | NumberDcInstances = 0 116 | NumProcesses = 16 117 | LimitDevAccess = 1 118 | 119 | # Crypto - User instance #0 120 | Cy0Name = "UserCY0" 121 | Cy0IsPolled = 1 122 | # List of core affinities 123 | Cy0CoreAffinity = 0 124 | -------------------------------------------------------------------------------- /qat_hw_config/c3xxx/multi_process/c3xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # 31 | # Redistribution and use in source and binary forms, with or without 32 | # modification, are permitted provided that the following conditions 33 | # are met: 34 | # 35 | # * Redistributions of source code must retain the above copyright 36 | # notice, this list of conditions and the following disclaimer. 37 | # * Redistributions in binary form must reproduce the above copyright 38 | # notice, this list of conditions and the following disclaimer in 39 | # the documentation and/or other materials provided with the 40 | # distribution. 41 | # * Neither the name of Intel Corporation nor the names of its 42 | # contributors may be used to endorse or promote products derived 43 | # from this software without specific prior written permission. 44 | # 45 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 46 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 47 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 48 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 49 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 50 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 51 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 52 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 53 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 54 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 55 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 56 | # 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | # Set the service profile to determine available features 63 | # ===================================================================== 64 | # DEFAULT CRYPTO COMPRESSION CUSTOM1 65 | # Asymmetric Crypto * * * 66 | # Symmetric Crypto * * * 67 | # Hash * * * * 68 | # Cipher * * * 69 | # MGF KeyGen * * 70 | # SSL/TLS KeyGen * * * 71 | # HKDF * * 72 | # Compression * * * 73 | # Decompression (stateless) * * * 74 | # Decompression (stateful) * * 75 | # Service Chaining * 76 | # Device Utilization * * * 77 | # Rate Limiting * * * 78 | # ===================================================================== 79 | ServicesProfile = DEFAULT 80 | 81 | ConfigVersion = 2 82 | 83 | #Default values for number of concurrent requests*/ 84 | CyNumConcurrentSymRequests = 512 85 | CyNumConcurrentAsymRequests = 64 86 | 87 | #Statistics, valid values: 1,0 88 | statsGeneral = 1 89 | statsDh = 1 90 | statsDrbg = 1 91 | statsDsa = 1 92 | statsEcc = 1 93 | statsKeyGen = 1 94 | statsDc = 1 95 | statsLn = 1 96 | statsPrime = 1 97 | statsRsa = 1 98 | statsSym = 1 99 | 100 | # This flag is to enable device auto reset on heartbeat error 101 | AutoResetOnError = 0 102 | 103 | ############################################## 104 | # Kernel Instances Section 105 | ############################################## 106 | [KERNEL] 107 | NumberCyInstances = 0 108 | NumberDcInstances = 0 109 | 110 | ############################################## 111 | # User Process Instance Section 112 | ############################################## 113 | [SHIM] 114 | NumberCyInstances = 1 115 | NumberDcInstances = 0 116 | NumProcesses = 32 117 | LimitDevAccess = 1 118 | 119 | # Crypto - User instance #0 120 | Cy0Name = "UserCY0" 121 | Cy0IsPolled = 1 122 | # List of core affinities 123 | Cy0CoreAffinity = 0 124 | -------------------------------------------------------------------------------- /qat_hw_config/c3xxx/multi_thread/c3xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # 31 | # Redistribution and use in source and binary forms, with or without 32 | # modification, are permitted provided that the following conditions 33 | # are met: 34 | # 35 | # * Redistributions of source code must retain the above copyright 36 | # notice, this list of conditions and the following disclaimer. 37 | # * Redistributions in binary form must reproduce the above copyright 38 | # notice, this list of conditions and the following disclaimer in 39 | # the documentation and/or other materials provided with the 40 | # distribution. 41 | # * Neither the name of Intel Corporation nor the names of its 42 | # contributors may be used to endorse or promote products derived 43 | # from this software without specific prior written permission. 44 | # 45 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 46 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 47 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 48 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 49 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 50 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 51 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 52 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 53 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 54 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 55 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 56 | # 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | # Set the service profile to determine available features 63 | # ===================================================================== 64 | # DEFAULT CRYPTO COMPRESSION CUSTOM1 65 | # Asymmetric Crypto * * * 66 | # Symmetric Crypto * * * 67 | # Hash * * * * 68 | # Cipher * * * 69 | # MGF KeyGen * * 70 | # SSL/TLS KeyGen * * * 71 | # HKDF * * 72 | # Compression * * * 73 | # Decompression (stateless) * * * 74 | # Decompression (stateful) * * 75 | # Service Chaining * 76 | # Device Utilization * * * 77 | # Rate Limiting * * * 78 | # ===================================================================== 79 | ServicesProfile = DEFAULT 80 | 81 | ConfigVersion = 2 82 | 83 | #Default values for number of concurrent requests*/ 84 | CyNumConcurrentSymRequests = 512 85 | CyNumConcurrentAsymRequests = 64 86 | 87 | #Statistics, valid values: 1,0 88 | statsGeneral = 1 89 | statsDh = 1 90 | statsDrbg = 1 91 | statsDsa = 1 92 | statsEcc = 1 93 | statsKeyGen = 1 94 | statsDc = 1 95 | statsLn = 1 96 | statsPrime = 1 97 | statsRsa = 1 98 | statsSym = 1 99 | 100 | # This flag is to enable device auto reset on heartbeat error 101 | AutoResetOnError = 0 102 | 103 | ############################################## 104 | # Kernel Instances Section 105 | ############################################## 106 | [KERNEL] 107 | NumberCyInstances = 0 108 | NumberDcInstances = 0 109 | 110 | ############################################## 111 | # User Process Instance Section 112 | ############################################## 113 | [SHIM] 114 | NumberCyInstances = 2 115 | NumberDcInstances = 0 116 | NumProcesses = 1 117 | LimitDevAccess = 0 118 | 119 | # Crypto - User instance #0 120 | Cy0Name = "UserCY0" 121 | Cy0IsPolled = 1 122 | # List of core affinities 123 | Cy0CoreAffinity = 0 124 | 125 | # Crypto - User instance #1 126 | Cy1Name = "UserCY1" 127 | Cy1IsPolled = 1 128 | # List of core affinities 129 | Cy1CoreAffinity = 0 130 | -------------------------------------------------------------------------------- /qat_hw_config/c4xxx/multi_process/c4xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # All rights reserved. 31 | # 32 | # Redistribution and use in source and binary forms, with or without 33 | # modification, are permitted provided that the following conditions 34 | # are met: 35 | # 36 | # * Redistributions of source code must retain the above copyright 37 | # notice, this list of conditions and the following disclaimer. 38 | # * Redistributions in binary form must reproduce the above copyright 39 | # notice, this list of conditions and the following disclaimer in 40 | # the documentation and/or other materials provided with the 41 | # distribution. 42 | # * Neither the name of Intel Corporation nor the names of its 43 | # contributors may be used to endorse or promote products derived 44 | # from this software without specific prior written permission. 45 | # 46 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 47 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 48 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 49 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 50 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 51 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 52 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 53 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 54 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 55 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 56 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | ConfigVersion = 2 63 | 64 | #Default values for allocating accel units to services 65 | #Please ensure that that the number of accel units 66 | #for an enabled service are not 0 67 | NumCyAccelUnits = 6 68 | NumDcAccelUnits = 0 69 | #Inline feature is not supported 70 | NumInlineAccelUnits = 0 71 | 72 | #Default values for number of concurrent requests 73 | CyNumConcurrentSymRequests = 512 74 | CyNumConcurrentAsymRequests = 64 75 | DcNumConcurrentRequests = 512 76 | 77 | #Statistics, valid values: 1,0 78 | statsGeneral = 1 79 | statsDh = 1 80 | statsDrbg = 1 81 | statsDsa = 1 82 | statsEcc = 1 83 | statsKeyGen = 1 84 | statsDc = 1 85 | statsLn = 1 86 | statsPrime = 1 87 | statsRsa = 1 88 | statsSym = 1 89 | statsMisc = 1 90 | 91 | # This flag is to enable device auto reset on fatal error 92 | AutoResetOnError = 0 93 | 94 | ############################################## 95 | # Kernel Instances Section 96 | ############################################## 97 | [KERNEL] 98 | NumberCyInstances = 0 99 | NumberDcInstances = 0 100 | 101 | ############################################## 102 | # User Process Instance Section 103 | ############################################## 104 | [SHIM] 105 | NumberCyInstances = 1 106 | NumberDcInstances = 0 107 | NumProcesses = 16 108 | LimitDevAccess = 1 109 | 110 | # Crypto - User instance #0 111 | Cy0Name = "UserCY0" 112 | Cy0IsPolled = 1 113 | Cy0AcceleratorNumber = 0 114 | # List of core affinities 115 | Cy0CoreAffinity = 0 116 | 117 | # Crypto - User instance #0 118 | Cy1Name = "UserCY1" 119 | Cy1IsPolled = 1 120 | Cy1AcceleratorNumber = 0 121 | # List of core affinities 122 | Cy1CoreAffinity = 0 123 | -------------------------------------------------------------------------------- /qat_hw_config/c4xxx/multi_thread/c4xxx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # All rights reserved. 31 | # 32 | # Redistribution and use in source and binary forms, with or without 33 | # modification, are permitted provided that the following conditions 34 | # are met: 35 | # 36 | # * Redistributions of source code must retain the above copyright 37 | # notice, this list of conditions and the following disclaimer. 38 | # * Redistributions in binary form must reproduce the above copyright 39 | # notice, this list of conditions and the following disclaimer in 40 | # the documentation and/or other materials provided with the 41 | # distribution. 42 | # * Neither the name of Intel Corporation nor the names of its 43 | # contributors may be used to endorse or promote products derived 44 | # from this software without specific prior written permission. 45 | # 46 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 47 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 48 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 49 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 50 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 51 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 52 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 53 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 54 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 55 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 56 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | ConfigVersion = 2 63 | 64 | #Default values for allocating accel units to services 65 | #Please ensure that that the number of accel units 66 | #for an enabled service are not 0 67 | NumCyAccelUnits = 6 68 | NumDcAccelUnits = 0 69 | NumInlineAccelUnits = 0 70 | 71 | #Default values for number of concurrent requests 72 | CyNumConcurrentSymRequests = 512 73 | CyNumConcurrentAsymRequests = 64 74 | #DcNumConcurrentRequests = 512 75 | 76 | #Statistics, valid values: 1,0 77 | statsGeneral = 1 78 | statsDh = 1 79 | statsDrbg = 1 80 | statsDsa = 1 81 | statsEcc = 1 82 | statsKeyGen = 1 83 | statsDc = 1 84 | statsLn = 1 85 | statsPrime = 1 86 | statsRsa = 1 87 | statsSym = 1 88 | statsMisc = 1 89 | 90 | # This flag is to enable device auto reset on fatal error 91 | AutoResetOnError = 0 92 | 93 | ############################################## 94 | # Kernel Instances Section 95 | ############################################## 96 | [KERNEL] 97 | NumberCyInstances = 0 98 | NumberDcInstances = 0 99 | 100 | ############################################## 101 | # User Process Instance Section 102 | ############################################## 103 | [SHIM] 104 | NumberCyInstances = 2 105 | NumberDcInstances = 0 106 | NumProcesses = 1 107 | LimitDevAccess = 0 108 | 109 | # Crypto - User instance #0 110 | Cy0Name = "UserCY0" 111 | Cy0IsPolled = 1 112 | Cy0AcceleratorNumber = 0 113 | # List of core affinities 114 | Cy0CoreAffinity = 0 115 | 116 | # Crypto - User instance #0 117 | Cy1Name = "UserCY1" 118 | Cy1IsPolled = 1 119 | Cy1AcceleratorNumber = 0 120 | # List of core affinities 121 | Cy1CoreAffinity = 0 122 | -------------------------------------------------------------------------------- /qat_hw_config/c6xx/multi_process/c6xx_dev0.conf: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # This file is provided under a dual BSD/GPLv2 license. When using or 3 | # redistributing this file, you may do so under either license. 4 | # 5 | # GPL LICENSE SUMMARY 6 | # 7 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 8 | # 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of version 2 of the GNU General Public License as 11 | # published by the Free Software Foundation. 12 | # 13 | # This program is distributed in the hope that it will be useful, but 14 | # WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 | # General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 21 | # The full GNU General Public License is included in this distribution 22 | # in the file called LICENSE.GPL. 23 | # 24 | # Contact Information: 25 | # Intel Corporation 26 | # 27 | # BSD LICENSE 28 | # 29 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 30 | # 31 | # Redistribution and use in source and binary forms, with or without 32 | # modification, are permitted provided that the following conditions 33 | # are met: 34 | # 35 | # * Redistributions of source code must retain the above copyright 36 | # notice, this list of conditions and the following disclaimer. 37 | # * Redistributions in binary form must reproduce the above copyright 38 | # notice, this list of conditions and the following disclaimer in 39 | # the documentation and/or other materials provided with the 40 | # distribution. 41 | # * Neither the name of Intel Corporation nor the names of its 42 | # contributors may be used to endorse or promote products derived 43 | # from this software without specific prior written permission. 44 | # 45 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 46 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 47 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 48 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 49 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 50 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 51 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 52 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 53 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 54 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 55 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 56 | # 57 | # 58 | ################################################################ 59 | [GENERAL] 60 | ServicesEnabled = cy 61 | 62 | # Set the service profile to determine available features 63 | # ===================================================================== 64 | # DEFAULT CRYPTO COMPRESSION CUSTOM1 65 | # Asymmetric Crypto * * * 66 | # Symmetric Crypto * * * 67 | # Hash * * * * 68 | # Cipher * * * 69 | # MGF KeyGen * * 70 | # SSL/TLS KeyGen * * * 71 | # HKDF * * 72 | # Compression * * * 73 | # Decompression (stateless) * * * 74 | # Decompression (stateful) * * 75 | # Service Chaining * 76 | # Device Utilization * * * 77 | # Rate Limiting * * * 78 | # ===================================================================== 79 | ServicesProfile = DEFAULT 80 | 81 | ConfigVersion = 2 82 | 83 | #Default values for number of concurrent requests*/ 84 | CyNumConcurrentSymRequests = 512 85 | CyNumConcurrentAsymRequests = 64 86 | 87 | #Statistics, valid values: 1,0 88 | statsGeneral = 1 89 | statsDh = 1 90 | statsDrbg = 1 91 | statsDsa = 1 92 | statsEcc = 1 93 | statsKeyGen = 1 94 | statsDc = 1 95 | statsLn = 1 96 | statsPrime = 1 97 | statsRsa = 1 98 | statsSym = 1 99 | 100 | 101 | # Specify size of intermediate buffers for which to 102 | # allocate on-chip buffers. Legal values are 32 and 103 | # 64 (default is 64). Specify 32 to optimize for 104 | # compressing buffers <=32KB in size. 105 | DcIntermediateBufferSizeInKB = 64 106 | 107 | # This flag is to enable device auto reset on heartbeat error 108 | AutoResetOnError = 0 109 | 110 | ############################################## 111 | # Kernel Instances Section 112 | ############################################## 113 | [KERNEL] 114 | NumberCyInstances = 0 115 | NumberDcInstances = 0 116 | 117 | ############################################## 118 | # User Process Instance Section 119 | ############################################## 120 | [SHIM] 121 | NumberCyInstances = 1 122 | NumberDcInstances = 0 123 | NumProcesses = 16 124 | LimitDevAccess = 1 125 | 126 | # Crypto - User instance #0 127 | Cy0Name = "UserCY0" 128 | Cy0IsPolled = 1 129 | # List of core affinities 130 | Cy0CoreAffinity = 0 131 | -------------------------------------------------------------------------------- /qat_hw_config/dh895xcc/multi_process/dh895xcc_dev0.conf: -------------------------------------------------------------------------------- 1 | ######################################################################### 2 | # 3 | # @par 4 | # This file is provided under a dual BSD/GPLv2 license. When using or 5 | # redistributing this file, you may do so under either license. 6 | # 7 | # GPL LICENSE SUMMARY 8 | # 9 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 10 | # 11 | # This program is free software; you can redistribute it and/or modify 12 | # it under the terms of version 2 of the GNU General Public License as 13 | # published by the Free Software Foundation. 14 | # 15 | # This program is distributed in the hope that it will be useful, but 16 | # WITHOUT ANY WARRANTY; without even the implied warranty of 17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | # General Public License for more details. 19 | # 20 | # You should have received a copy of the GNU General Public License 21 | # along with this program; if not, write to the Free Software 22 | # Foundation, Inc., 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA. 23 | # The full GNU General Public License is included in this distribution 24 | # in the file called LICENSE.GPL. 25 | # 26 | # Contact Information: 27 | # Intel Corporation 28 | # 29 | # BSD LICENSE 30 | # 31 | # Copyright(c) 2007-2025 Intel Corporation. All rights reserved. 32 | # 33 | # Redistribution and use in source and binary forms, with or without 34 | # modification, are permitted provided that the following conditions 35 | # are met: 36 | # 37 | # * Redistributions of source code must retain the above copyright 38 | # notice, this list of conditions and the following disclaimer. 39 | # * Redistributions in binary form must reproduce the above copyright 40 | # notice, this list of conditions and the following disclaimer in 41 | # the documentation and/or other materials provided with the 42 | # distribution. 43 | # * Neither the name of Intel Corporation nor the names of its 44 | # contributors may be used to endorse or promote products derived 45 | # from this software without specific prior written permission. 46 | # 47 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 48 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 49 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 50 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 51 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 52 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 53 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 54 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 55 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 56 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 57 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 58 | # 59 | # 60 | ######################################################################### 61 | [GENERAL] 62 | ServicesEnabled = cy 63 | 64 | # Set the service profile to determine available features 65 | # ===================================================================== 66 | # DEFAULT CRYPTO COMPRESSION CUSTOM1 67 | # Asymmetric Crypto * * * 68 | # Symmetric Crypto * * * 69 | # Hash * * * * 70 | # Cipher * * * 71 | # MGF KeyGen * * 72 | # SSL/TLS KeyGen * * * 73 | # HKDF * * 74 | # Compression * * * 75 | # Decompression (stateless) * * * 76 | # Decompression (stateful) * * 77 | # Device Utilization * * * 78 | # Rate Limiting * * * 79 | # ===================================================================== 80 | ServicesProfile = DEFAULT 81 | 82 | ConfigVersion = 2 83 | 84 | #Default values for number of concurrent requests*/ 85 | CyNumConcurrentSymRequests = 512 86 | CyNumConcurrentAsymRequests = 64 87 | 88 | #Statistics, valid values: 1,0 89 | statsGeneral = 1 90 | statsDh = 1 91 | statsDrbg = 1 92 | statsDsa = 1 93 | statsEcc = 1 94 | statsKeyGen = 1 95 | statsDc = 1 96 | statsLn = 1 97 | statsPrime = 1 98 | statsRsa = 1 99 | statsSym = 1 100 | 101 | # This flag is to enable device auto reset on heartbeat error 102 | AutoResetOnError = 0 103 | 104 | ############################################## 105 | # Kernel Instances Section 106 | ############################################## 107 | [KERNEL] 108 | NumberCyInstances = 0 109 | NumberDcInstances = 0 110 | 111 | ############################################## 112 | # User Process Instance Section 113 | ############################################## 114 | [SHIM] 115 | NumberCyInstances = 1 116 | NumberDcInstances = 0 117 | NumProcesses = 32 118 | LimitDevAccess = 1 119 | 120 | # Crypto - User space 121 | Cy0Name = "UserCY0" 122 | Cy0IsPolled = 1 123 | Cy0CoreAffinity = 0-31 124 | -------------------------------------------------------------------------------- /qat_hw_dh.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_dh.h 41 | * 42 | * This file provides an interface to Diffie Hellman operations 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_DH_H 47 | # define QAT_HW_DH_H 48 | 49 | # include 50 | 51 | /* Qat engine DH methods declaration */ 52 | 53 | DH_METHOD *qat_get_DH_methods(void); 54 | 55 | void qat_free_DH_methods(void); 56 | 57 | # ifdef ENABLE_QAT_HW_DH 58 | int qat_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, 59 | DH *dh); 60 | int qat_dh_generate_key(DH *dh); 61 | # endif 62 | 63 | #endif /* QAT_HW_DH_H */ 64 | -------------------------------------------------------------------------------- /qat_hw_dsa.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | *==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_dsa.h 41 | * 42 | * This file provides an interface for DSA operation 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_DSA_H 47 | # define QAT_HW_DSA_H 48 | 49 | # include 50 | 51 | /* Qat engine DSA methods declaration */ 52 | 53 | DSA_METHOD *qat_get_DSA_methods(void); 54 | 55 | void qat_free_DSA_methods(void); 56 | 57 | # ifndef DISABLE_QAT_HW_DSA 58 | int qat_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 59 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 60 | DSA_SIG *qat_dsa_do_sign(const unsigned char *dgst, int dlen, 61 | DSA *dsa); 62 | int qat_dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 63 | int qat_dsa_do_verify(const unsigned char *dgst, int dgst_len, 64 | DSA_SIG *sig, DSA *dsa); 65 | int qat_dsa_init(DSA *dsa); 66 | int qat_dsa_finish(DSA *dsa); 67 | # endif 68 | 69 | #endif /* QAT_HW_DSA_H */ 70 | -------------------------------------------------------------------------------- /qat_hw_ec.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_ec.h 41 | * 42 | * This file provides an interface to ECDH & ECDSA operations 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_EC_H 47 | # define QAT_HW_EC_H 48 | 49 | # include 50 | 51 | # ifdef ENABLE_QAT_HW_ECDSA 52 | # ifndef QAT_BORINGSSL 53 | int qat_ecdsa_sign(int type, const unsigned char *dgst, int dlen, 54 | unsigned char *sig, unsigned int *siglen, 55 | const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); 56 | # else 57 | int qat_ecdsa_sign_bssl(const uint8_t *digest, size_t digest_len, uint8_t *sig, 58 | unsigned int *sig_len, EC_KEY *eckey); 59 | # endif /* QAT_BORINGSSL */ 60 | 61 | ECDSA_SIG *qat_ecdsa_do_sign(const unsigned char *dgst, int dlen, 62 | const BIGNUM *in_kinv, const BIGNUM *in_r, 63 | EC_KEY *eckey); 64 | int qat_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, 65 | const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); 66 | int qat_ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 67 | const ECDSA_SIG *sig, EC_KEY *eckey); 68 | # endif 69 | 70 | # ifdef ENABLE_QAT_HW_ECDH 71 | /* Qat engine ECDH methods declaration */ 72 | int qat_ecdh_compute_key(unsigned char **outX, size_t *outlenX, 73 | unsigned char **outY, size_t *outlenY, 74 | const EC_POINT *pub_key, const EC_KEY *ecdh, 75 | int *fallback); 76 | int qat_engine_ecdh_compute_key(unsigned char **out, size_t *outlen, 77 | const EC_POINT *pub_key, const EC_KEY *ecdh); 78 | int qat_ecdh_generate_key(EC_KEY *ecdh); 79 | # endif 80 | 81 | # ifdef ENABLE_QAT_HW_SM2 82 | EVP_PKEY_METHOD *qat_sm2_pmeth(void); 83 | # endif 84 | 85 | #endif /* QAT_HW_EC_H */ 86 | -------------------------------------------------------------------------------- /qat_hw_hkdf.h: -------------------------------------------------------------------------------- 1 | #ifndef QAT_HW_HKDF_H 2 | # define QAT_HW_HKDF_H 3 | #endif 4 | 5 | #ifdef ENABLE_QAT_HW_HKDF 6 | 7 | # ifdef QAT_OPENSSL_3 8 | # include 9 | # include 10 | # include 11 | # include 12 | # include "qat_prov_hkdf_packet.h" 13 | # endif 14 | 15 | # include "openssl/ossl_typ.h" 16 | # include "openssl/kdf.h" 17 | # include "openssl/evp.h" 18 | # include "openssl/ssl.h" 19 | 20 | # include "qat_evp.h" 21 | # include "qat_utils.h" 22 | # include "e_qat.h" 23 | 24 | # include "cpa.h" 25 | # include "cpa_types.h" 26 | # include "cpa_cy_key.h" 27 | 28 | /* These limits are based on QuickAssist limits. 29 | * OpenSSL is more generous but better to restrict and fail 30 | * early on here if they are exceeded rather than later on 31 | * down in the driver. 32 | */ 33 | # define QAT_HKDF_INFO_MAXBUF 1024 34 | #ifdef QAT_OPENSSL_3 35 | # define QAT_KDF_MAX_INFO_SZ 80 36 | # define QAT_KDF_MAX_SEED_SZ 48 37 | # define QAT_KDF_MAX_KEY_SZ 80 38 | #endif 39 | 40 | # define EVP_KDF_HKDF_MODE_EXPAND_LABEL 2 41 | #define EVP_PKEY_ALG_CTRL 0x1000 42 | #define EVP_PKEY_CTRL_HKDF_PREFIX (EVP_PKEY_ALG_CTRL + 14) 43 | #define EVP_PKEY_CTRL_HKDF_LABEL (EVP_PKEY_ALG_CTRL + 15) 44 | #define EVP_PKEY_CTRL_HKDF_DATA (EVP_PKEY_ALG_CTRL + 16) 45 | 46 | extern char *kdf_name; 47 | 48 | /* QAT TLS pkey context structure */ 49 | typedef struct { 50 | /* Mode: Extract, Expand or both */ 51 | int mode; 52 | /* Digest to use for HKDF */ 53 | const EVP_MD *qat_md; 54 | void *sw_hkdf_ctx_data; 55 | /* Struct that contains salt, key and info */ 56 | CpaCyKeyGenHKDFOpData *hkdf_op_data; 57 | /* HKDF cipherSuite */ 58 | CpaCyKeyHKDFCipherSuite cipher_suite; 59 | /* fallback: SW offload */ 60 | unsigned int fallback; 61 | int qat_svm; 62 | 63 | /* Below are used for SW fallback when compiled 64 | * with openssl 3.0 engine API. It uses the openssl 65 | * default provider. */ 66 | #ifdef QAT_OPENSSL_3 67 | /* input keying material */ 68 | unsigned char sw_ikm[QAT_KDF_MAX_KEY_SZ]; 69 | size_t sw_ikm_size; 70 | /* application specific information */ 71 | unsigned char sw_info[QAT_KDF_MAX_INFO_SZ]; 72 | size_t sw_info_size; 73 | /* salt */ 74 | unsigned char sw_salt[QAT_KDF_MAX_SEED_SZ]; 75 | size_t sw_salt_size; 76 | #endif 77 | #ifdef QAT_OPENSSL_PROVIDER 78 | unsigned char *prefix; 79 | size_t prefix_len; 80 | unsigned char *label; 81 | size_t label_len; 82 | unsigned char *data; 83 | size_t data_len; 84 | #endif 85 | } QAT_HKDF_CTX; 86 | 87 | typedef struct { 88 | int mode; 89 | const EVP_MD *md; 90 | unsigned char *salt; 91 | size_t salt_len; 92 | unsigned char *key; 93 | size_t key_len; 94 | unsigned char info[QAT_HKDF_INFO_MAXBUF]; 95 | size_t info_len; 96 | } QAT_HKDF_PKEY_CTX; 97 | 98 | /* Function Declarations */ 99 | int qat_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 100 | int qat_hkdf_init(EVP_PKEY_CTX *ctx); 101 | void qat_hkdf_cleanup(EVP_PKEY_CTX *ctx); 102 | #ifndef QAT_OPENSSL_PROVIDER 103 | int qat_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *olen); 104 | #else 105 | int qat_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *olen, 106 | const OSSL_PARAM params[]); 107 | #endif 108 | #endif /* ENABLE_QAT_HW_HKDF */ 109 | -------------------------------------------------------------------------------- /qat_hw_polling.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_polling.h 41 | * 42 | * This file provides an interface for polling in QAT engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_POLLING_H 47 | # define QAT_HW_POLLING_H 48 | 49 | # include "cpa.h" 50 | # include "cpa_types.h" 51 | 52 | # include "e_qat.h" 53 | # include "qat_fork.h" 54 | 55 | # ifndef __FreeBSD__ 56 | # include 57 | # endif 58 | # define MAX_EVENTS 32 59 | 60 | /* Globals */ 61 | typedef struct { 62 | int eng_fd; 63 | int inst_index; 64 | } ENGINE_EPOLL_ST; 65 | 66 | # ifndef __FreeBSD__ 67 | extern struct epoll_event eng_epoll_events[QAT_MAX_CRYPTO_INSTANCES]; 68 | extern ENGINE_EPOLL_ST eng_poll_st[QAT_MAX_CRYPTO_INSTANCES]; 69 | # endif 70 | extern int internal_efd; 71 | 72 | int getQatMsgRetryCount(); 73 | useconds_t getQatPollInterval(); 74 | int getEnableInlinePolling(); 75 | 76 | /****************************************************************************** 77 | * function: 78 | * void *qat_timer_poll_func(void *ih) 79 | * 80 | * @param ih [IN] - NULL 81 | * 82 | * description: 83 | * Poll the QAT instances (nanosleep version) 84 | * NB: Delay in this function is set by default at runtime by an engine 85 | * specific message. If not set then the default is QAT_POLL_PERIOD_IN_NS. 86 | * This function uses pthread signals to wait for a signal 87 | * that there is traffic to process and therefore that QAT engine polling 88 | * needs to be started/resumed. 89 | * 90 | ******************************************************************************/ 91 | void *qat_timer_poll_func(void *ih); 92 | 93 | # ifndef __FreeBSD__ 94 | void *event_poll_func(void *ih); 95 | # endif 96 | CpaStatus poll_instances(void); 97 | CpaStatus poll_heartbeat(void); 98 | 99 | #endif /* QAT_HW_POLLING_H */ 100 | -------------------------------------------------------------------------------- /qat_hw_prf.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2022-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_prf.h 41 | * 42 | * This file provides an interface of the PRF operations for an 43 | * OpenSSL engine 44 | * 45 | *****************************************************************************/ 46 | 47 | #ifndef QAT_HW_PRF_H 48 | #define QAT_HW_PRF_H 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #include "openssl/ossl_typ.h" 56 | #include "openssl/kdf.h" 57 | #include "openssl/evp.h" 58 | #include "openssl/ssl.h" 59 | #include "qat_evp.h" 60 | #include "qat_utils.h" 61 | #include "qat_hw_asym_common.h" 62 | #include "e_qat.h" 63 | #include "qat_hw_callback.h" 64 | #include "qat_hw_polling.h" 65 | #include "qat_events.h" 66 | 67 | /* These limits are based on QuickAssist limits. 68 | * OpenSSL is more generous but better to restrict and fail 69 | * early on here if they are exceeded rather than later on 70 | * down in the driver. 71 | */ 72 | # ifdef ENABLE_QAT_HW_PRF 73 | # define QAT_TLS1_PRF_SECRET_MAXBUF 1024 74 | # define QAT_TLS1_PRF_SEED_MAXBUF 64 75 | # define QAT_TLS1_PRF_LABEL_MAXBUF 136 76 | 77 | /* QAT TLS pkey context structure */ 78 | typedef struct { 79 | /* Buffer of concatenated seeds from seed2 to seed5 data */ 80 | unsigned char qat_seed[QAT_TLS1_PRF_SEED_MAXBUF]; 81 | size_t qat_seedlen; 82 | unsigned char *qat_userLabel; 83 | size_t qat_userLabel_len; 84 | /* Digest to use for PRF */ 85 | const EVP_MD *qat_md; 86 | /* Secret value to use for PRF */ 87 | unsigned char *qat_sec; 88 | size_t qat_seclen; 89 | void *sw_prf_ctx_data; 90 | int qat_svm; 91 | } QAT_TLS1_PRF_CTX; 92 | 93 | /* Function Declarations */ 94 | int qat_tls1_prf_init(EVP_PKEY_CTX *ctx); 95 | void qat_prf_cleanup(EVP_PKEY_CTX *ctx); 96 | int qat_prf_tls_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 97 | size_t *olen); 98 | int qat_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 99 | # endif /* ENABLE_QAT_HW_PRF */ 100 | 101 | #endif /* QAT_HW_PRF_H */ 102 | -------------------------------------------------------------------------------- /qat_hw_rsa.h: -------------------------------------------------------------------------------- 1 | 2 | /* ==================================================================== 3 | * 4 | * 5 | * BSD LICENSE 6 | * 7 | * Copyright(c) 2016-2025 Intel Corporation. 8 | * All rights reserved. 9 | * 10 | * Redistribution and use in source and binary forms, with or without 11 | * modification, are permitted provided that the following conditions 12 | * are met: 13 | * 14 | * * Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * * Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in 18 | * the documentation and/or other materials provided with the 19 | * distribution. 20 | * * Neither the name of Intel Corporation nor the names of its 21 | * contributors may be used to endorse or promote products derived 22 | * from this software without specific prior written permission. 23 | * 24 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 25 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 26 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 27 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 28 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 29 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 30 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 34 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 | * 36 | * 37 | * ==================================================================== 38 | */ 39 | 40 | /***************************************************************************** 41 | * @file qat_hw_rsa.h 42 | * 43 | * This file provides an RSA interface for an OpenSSL engine 44 | * 45 | *****************************************************************************/ 46 | 47 | #ifndef QAT_HW_RSA_H 48 | # define QAT_HW_RSA_H 49 | 50 | # include 51 | 52 | #ifdef ENABLE_QAT_HW_RSA 53 | /* Qat engine RSA methods declaration */ 54 | int qat_rsa_priv_enc(int flen, const unsigned char *from, 55 | unsigned char *to, RSA *rsa, int padding); 56 | int qat_rsa_priv_dec(int flen, const unsigned char *from, 57 | unsigned char *to, RSA *rsa, int padding); 58 | int qat_rsa_pub_enc(int flen, const unsigned char *from, 59 | unsigned char *to, RSA *rsa, int padding); 60 | int qat_rsa_pub_dec(int flen, const unsigned char *from, 61 | unsigned char *to, RSA *rsa, int padding); 62 | #ifndef QAT_BORINGSSL 63 | int qat_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); 64 | int qat_rsa_init(RSA *rsa); 65 | int qat_rsa_finish(RSA *rsa); 66 | #else /* QAT_BORINGSSL */ 67 | int qat_rsa_priv_sign(RSA *rsa, size_t *out_len, uint8_t *out, 68 | size_t max_out, const uint8_t *in, size_t in_len, 69 | int padding); 70 | int qat_rsa_priv_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, 71 | size_t max_out, const uint8_t *in, size_t in_len, 72 | int padding); 73 | #endif /* QAT_BORINGSSL */ 74 | #endif 75 | 76 | #endif /* QAT_HW_RSA_H */ 77 | -------------------------------------------------------------------------------- /qat_hw_sm2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_sm2.h 41 | * 42 | * This file provides HW driver support interface for SM2 ECDSA 43 | * 44 | *****************************************************************************/ 45 | #ifndef QAT_HW_SM2_H 46 | # define QAT_HW_SM2_H 47 | 48 | # include 49 | # include 50 | # include 51 | # include 52 | # include 53 | # include 54 | # include 55 | # include 56 | # include 57 | 58 | /* Local includes */ 59 | # include "e_qat.h" 60 | # include "qat_utils.h" 61 | # include "qat_events.h" 62 | # include "qat_fork.h" 63 | # include "qat_evp.h" 64 | # include "qat_hw_callback.h" 65 | # include "qat_hw_polling.h" 66 | # include "qat_hw_asym_common.h" 67 | # if defined(QAT_OPENSSL_3)|| defined(QAT_OPENSSL_PROVIDER) 68 | # include "qat_prov_sign_sm2.h" 69 | # endif 70 | 71 | # include "cpa.h" 72 | # include "cpa_types.h" 73 | # include "cpa_cy_ec.h" 74 | # if defined(ENABLE_QAT_HW_SM2) && !defined( __FreeBSD__) 75 | # include "cpa_cy_ecsm2.h" 76 | # endif 77 | # include "cpa_dev.h" 78 | 79 | /* The default user id as specified in GM/T 0009-2012 */ 80 | # define SM2_DEFAULT_USERID "1234567812345678" 81 | # define SM2_DEFAULT_USERID_LEN sizeof(SM2_DEFAULT_USERID) - 1 82 | # define SM3_DIGEST_LENGTH 32 83 | # define QAT_GFP_SM2_SIZE_IN_BITS 32 84 | 85 | # ifdef ENABLE_QAT_HW_SM2 86 | # ifdef QAT_OPENSSL_PROVIDER 87 | int qat_hw_sm2_compute_z_digest(uint8_t *out, 88 | const EVP_MD *digest, 89 | const uint8_t *id, 90 | const size_t id_len, const EC_KEY *key); 91 | 92 | int qat_sm2_sign(QAT_PROV_SM2_CTX * ctx, 93 | unsigned char *sig, size_t *siglen, 94 | size_t sigsize, const unsigned char *tbs, size_t tbslen); 95 | int qat_sm2_verify(QAT_PROV_SM2_CTX * ctx, 96 | const unsigned char *sig, size_t siglen, 97 | const unsigned char *tbs, size_t tbslen); 98 | # else 99 | 100 | /* 101 | * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2 102 | */ 103 | ECDSA_SIG *qat_sm2_do_sign(const EC_KEY *key, 104 | const EVP_MD *digest, 105 | const uint8_t *id, 106 | const size_t id_len, 107 | const uint8_t *msg, size_t msg_len); 108 | 109 | int qat_sm2_do_verify(const EC_KEY *key, 110 | const EVP_MD *digest, 111 | const ECDSA_SIG *signature, 112 | const uint8_t *id, 113 | const size_t id_len, const uint8_t *msg, size_t msg_len); 114 | 115 | /* 116 | * SM2 signature generation. 117 | */ 118 | int qat_sm2_sign(EVP_PKEY_CTX *ctx, 119 | unsigned char *sig, size_t *siglen, 120 | const unsigned char *tbs, size_t tbslen); 121 | 122 | /* 123 | * SM2 signature verification. 124 | */ 125 | int qat_sm2_verify(EVP_PKEY_CTX *ctx, 126 | const unsigned char *sig, size_t siglen, 127 | const unsigned char *tbs, size_t tbslen); 128 | 129 | # endif 130 | # ifndef QAT_OPENSSL_PROVIDER 131 | int qat_sm2_init(EVP_PKEY_CTX *ctx); 132 | # ifdef QAT_OPENSSL_3 133 | int qat_sm2_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 134 | # else 135 | int qat_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); 136 | # endif 137 | int qat_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 138 | void qat_sm2_cleanup(EVP_PKEY_CTX *ctx); 139 | int qat_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 140 | # endif 141 | 142 | # endif /* ENABLE_QAT_HW_SM2 */ 143 | 144 | #endif /* QAT_HW_SM2_H */ 145 | -------------------------------------------------------------------------------- /qat_hw_sm3.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_sm3.h 41 | * 42 | * This file provides a interface for SM3 operations 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_HW_SM3_H 47 | # define QAT_HW_SM3_H 48 | 49 | #ifndef QAT_OPENSSL_PROVIDER 50 | # include 51 | #endif 52 | # include 53 | 54 | # include "cpa.h" 55 | # include "cpa_types.h" 56 | # include "cpa_cy_sym.h" 57 | # include "cpa_cy_drbg.h" 58 | 59 | # ifdef ENABLE_QAT_HW_SM3 60 | 61 | /* Digest Size */ 62 | # define QAT_SM3_DIGEST_SIZE 32 63 | /*Block Size */ 64 | # define QAT_SM3_BLOCK_SIZE 64 65 | /* State Size */ 66 | # define QAT_SM3_STATE_SIZE 32 67 | 68 | /* Min 260x to met 16k record offload, 16461 bytes in bulk crypto test */ 69 | # define QAT_SM3_OFFLOAD_THRESHOLD (260 * QAT_SM3_BLOCK_SIZE) 70 | 71 | # define SM3_DIGEST_LENGTH 32 72 | # define SM3_WORD unsigned int 73 | 74 | # define SM3_CBLOCK 64 75 | # define SM3_LBLOCK (SM3_CBLOCK/4) 76 | 77 | typedef struct SM3state_st { 78 | SM3_WORD A, B, C, D, E, F, G, H; 79 | SM3_WORD Nl, Nh; 80 | SM3_WORD data[SM3_LBLOCK]; 81 | unsigned int num; 82 | } SM3_CTX; 83 | 84 | typedef struct { 85 | int inst_num; 86 | int context_params_set; /* True if init called */ 87 | int qat_offloaded; /* True if there was an offload. */ 88 | 89 | int *rc_refs; /* The count of the resource reference */ 90 | 91 | int *data_refs; /* The count of the resource reference */ 92 | unsigned char *data; /* The buffer */ 93 | unsigned int num; /* The data left in buffer */ 94 | unsigned int rcv_count; /* The data received */ 95 | 96 | CpaCySymSessionSetupData *session_data; 97 | CpaCySymSessionCtx session_ctx; 98 | CpaCySymOpData *pOpData; 99 | CpaBufferList pSrcBufferList; /* For QAT metadata */ 100 | unsigned char *digest_data; 101 | EVP_MD *sw_md; 102 | EVP_MD_CTX *sw_md_ctx; 103 | int qat_svm; 104 | } QAT_SM3_CTX; 105 | 106 | /* Totally 3 memory sections in application data, common EVP_MD, 107 | SM3_CTX used for SM3 software, and QAT_SM3_CTX for QAT_HW */ 108 | # define QAT_SM3_GET_CTX(ctx) \ 109 | ((QAT_SM3_CTX *) (EVP_MD_CTX_md_data(ctx) + sizeof(SM3_CTX))) 110 | 111 | const EVP_MD *qat_hw_create_sm3_meth(int nid, int key_type); 112 | 113 | # ifndef QAT_OPENSSL_PROVIDER 114 | int qat_hw_sm3_init(EVP_MD_CTX *ctx); 115 | int qat_hw_sm3_update(EVP_MD_CTX *ctx, const void *in, size_t len); 116 | int qat_hw_sm3_final(EVP_MD_CTX *ctx, unsigned char *md); 117 | # else 118 | int qat_hw_sm3_init(void *ctx); 119 | int qat_hw_sm3_update(void *ctx, const void *in, size_t len); 120 | int qat_hw_sm3_copy(QAT_SM3_CTX *to, const QAT_SM3_CTX *from); 121 | int qat_hw_sm3_final(void *ctx, unsigned char *md); 122 | int qat_hw_sm3_cleanup(QAT_SM3_CTX *ctx); 123 | # endif /* QAT_OPENSSL_PROVIDER */ 124 | # endif /* ENABLE_QAT_HW_SM3 */ 125 | #endif /* QAT_HW_SM3_H */ 126 | -------------------------------------------------------------------------------- /qat_hw_usdm_inf.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2016-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_hw_usdm_inf.h 41 | * 42 | * This file provides an interface to USDM memory driver that supplies contig 43 | * pinned memory. 44 | * 45 | *****************************************************************************/ 46 | 47 | #ifndef USDM_MEM_DRV_INF_H 48 | # define USDM_MEM_DRV_INF_H 49 | 50 | # include 51 | # include 52 | # include "cpa.h" 53 | 54 | extern FILE* qatDebugLogFile; 55 | 56 | #ifdef QAT_MEM_DEBUG 57 | # define MEM_DEBUG(fmt_str, ...) \ 58 | do { \ 59 | fprintf(qatDebugLogFile,"[MEM_DEBUG][%s:%d:%s()] "fmt_str, \ 60 | __FILE__, __LINE__, __func__, ##__VA_ARGS__); \ 61 | fflush(qatDebugLogFile); \ 62 | } while(0) 63 | #else 64 | # define MEM_DEBUG(...) 65 | #endif 66 | 67 | # define MEM_ERROR(fmt_str, ...) \ 68 | do { \ 69 | fprintf(qatDebugLogFile,"[MEM_ERROR][%s:%d:%s()] "fmt_str, \ 70 | __FILE__, __LINE__, __func__, ##__VA_ARGS__); \ 71 | fflush(qatDebugLogFile); \ 72 | } while(0) 73 | 74 | #if defined(QAT_MEM_WARN) || defined(QAT_MEM_DEBUG) 75 | # define MEM_WARN(fmt_str, ...) \ 76 | do { \ 77 | fprintf(qatDebugLogFile,"[MEM_WARN][%s:%d:%s()] "fmt_str, \ 78 | __FILE__, __LINE__, __func__, ##__VA_ARGS__); \ 79 | fflush(qatDebugLogFile); \ 80 | } while(0) 81 | #else 82 | # define MEM_WARN(...) 83 | #endif 84 | 85 | void qaeCryptoMemFree(void *ptr); 86 | void qaeCryptoMemFreeNonZero(void *ptr); 87 | void *qaeCryptoMemAlloc(size_t memsize, const char *file, int line); 88 | void *qaeCryptoMemRealloc(void *ptr, size_t memsize, const char *file, 89 | int line); 90 | void *qaeCryptoMemReallocClean(void *ptr, size_t memsize, 91 | size_t original_size, const char *file, 92 | int line); 93 | CpaPhysicalAddr qaeCryptoMemV2P(void *v); 94 | void qaeCryptoAtFork(); 95 | void *copyAllocPinnedMemory(void *ptr, size_t size, const char *file, 96 | int line); 97 | void *copyAllocPinnedMemoryClean(void *ptr, size_t size, size_t original_size, 98 | const char *file, int line); 99 | int copyFreePinnedMemory(void *uptr, void *kptr, int size); 100 | 101 | #endif /* USDM_MEM_DRV_INF_H */ 102 | -------------------------------------------------------------------------------- /qat_prov_bio.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "qat_provider.h" 5 | 6 | int ossl_prov_bio_from_dispatch(const OSSL_DISPATCH *fns); 7 | 8 | OSSL_CORE_BIO *ossl_prov_bio_new_file(const char *filename, const char *mode); 9 | OSSL_CORE_BIO *ossl_prov_bio_new_membuf(const char *filename, int len); 10 | int ossl_prov_bio_read_ex(OSSL_CORE_BIO *bio, void *data, size_t data_len, 11 | size_t *bytes_read); 12 | int ossl_prov_bio_write_ex(OSSL_CORE_BIO *bio, const void *data, size_t data_len, 13 | size_t *written); 14 | int ossl_prov_bio_gets(OSSL_CORE_BIO *bio, char *buf, int size); 15 | int ossl_prov_bio_puts(OSSL_CORE_BIO *bio, const char *str); 16 | int ossl_prov_bio_ctrl(OSSL_CORE_BIO *bio, int cmd, long num, void *ptr); 17 | int ossl_prov_bio_up_ref(OSSL_CORE_BIO *bio); 18 | int ossl_prov_bio_free(OSSL_CORE_BIO *bio); 19 | int ossl_prov_bio_vprintf(OSSL_CORE_BIO *bio, const char *format, va_list ap); 20 | int ossl_prov_bio_printf(OSSL_CORE_BIO *bio, const char *format, ...); 21 | 22 | BIO_METHOD *ossl_bio_prov_init_bio_method(void); 23 | BIO *ossl_bio_new_from_core_bio(QAT_PROV_CTX *provctx, OSSL_CORE_BIO *corebio); 24 | BIO_METHOD *ossl_prov_ctx_get0_core_bio_method(QAT_PROV_CTX *ctx); 25 | -------------------------------------------------------------------------------- /qat_prov_cmvp.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_prov_cmvp.h 41 | * 42 | * This file provides an interface to qatprovider FIPs CMVP features. 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef _GNU_SOURCE 47 | # define _GNU_SOURCE 48 | #endif 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | #include "qat_utils.h" 57 | #include "qat_prov_ec.h" 58 | #include "qat_fips.h" 59 | 60 | #define QAT_FIPS_PROVIDER_NAME "QAT Provider FIPS" 61 | #define QAT_FIPS_PROVIDER_ID "qatprovider" 62 | #define QAT_FIPS_PROVIDER_VERSION "QAT Engine v1.3.1" 63 | #ifdef QAT_HW 64 | #define QAT_HW_DRIVER_version "QAT20.l.1.0.40-00004" 65 | #endif 66 | #ifdef QAT_SW 67 | #define QAT_FIPS_IPSec_mb_QAT_SW_VERSION "v1.3" 68 | #define QAT_FIPS_IPP_crypto_QAT_SW_VERSION "ippcp_2021.7.1" 69 | #endif 70 | 71 | #define FIPS_RSA_SIGN_MIN_SIZE 2048 72 | #define FIPS_RSA_VER_MIN_SIZE 1024 73 | #define FIPS_RSA_MAX_SIZE 4096 74 | #define FIPS_DSA_VER_MIN_SIZE 1024 75 | 76 | extern int qat_provider_info(void); 77 | int qat_fips_ec_check_approved_curve(const EC_KEY *eckey); 78 | #ifdef QAT_HW 79 | int qat_fips_dh_safe_group(const DH *dh); 80 | #endif 81 | int qat_fips_ec_key_simple_check_key(const EC_KEY *eckey); 82 | int qat_fips_get_key_zeroize_status(void); 83 | int qat_fips_get_approved_status(void); 84 | #ifdef QAT_HW 85 | int dsa_fips_range_check(int plen, int qlen); 86 | #endif 87 | -------------------------------------------------------------------------------- /qat_prov_sign_sm2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2021-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_prov_sign_sm2.h 41 | * 42 | * This file is for structures and functions declarations for SM2 PROVIDER. 43 | * 44 | *****************************************************************************/ 45 | #ifndef QAT_PROV_SIGN_SM2_H 46 | # define QAT_PROV_SIGN_SM2_H 47 | # include "qat_prov_ec.h" 48 | # include "qat_prov_hkdf_packet.h" 49 | # ifdef QAT_OPENSSL_3 50 | 51 | # define OSSL_MAX_NAME_SIZE 50 /* Algorithm name */ 52 | # define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ 53 | # define OSSL_MAX_ALGORITHM_ID_SIZE 256 /* AlgorithmIdentifier DER */ 54 | 55 | #define DER_OID_V_sm2_with_SM3 QAT_DER_P_OBJECT, 8, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75 56 | #define DER_OID_SZ_sm2_with_SM3 10 57 | 58 | 59 | typedef struct { 60 | OSSL_LIB_CTX *libctx; 61 | char *propq; 62 | EC_KEY *ec; 63 | 64 | /* 65 | * Flag to termine if the 'z' digest needs to be computed and fed to the 66 | * hash function. 67 | * This flag should be set on initialization and the compuation should 68 | * be performed only once, on first update. 69 | */ 70 | unsigned int flag_compute_z_digest : 1; 71 | 72 | char mdname[OSSL_MAX_NAME_SIZE]; 73 | 74 | /* The Algorithm Identifier of the combined signature algorithm */ 75 | unsigned char aid_buf[OSSL_MAX_ALGORITHM_ID_SIZE]; 76 | #if OPENSSL_VERSION_NUMBER < 0x30400000 77 | unsigned char *aid; 78 | #endif 79 | size_t aid_len; 80 | 81 | /* main digest */ 82 | EVP_MD *md; 83 | EVP_MD_CTX *mdctx; 84 | size_t mdsize; 85 | 86 | /* SM2 ID used for calculating the Z value */ 87 | unsigned char *id; 88 | size_t id_len; 89 | const unsigned char *tbs; 90 | size_t tbs_len; 91 | } QAT_PROV_SM2_CTX; 92 | int qat_sm2sig_compute_z_digest(QAT_PROV_SM2_CTX *ctx); 93 | #ifdef ENABLE_QAT_HW_SM2 94 | int qat_hw_sm2_compute_z_digest(uint8_t *out, 95 | const EVP_MD *digest, 96 | const uint8_t *id, 97 | const size_t id_len, 98 | const EC_KEY *key); 99 | #endif 100 | #ifdef ENABLE_QAT_SW_SM2 101 | int qat_sm2_compute_z_digest(uint8_t *out, 102 | const EVP_MD *digest, 103 | const uint8_t *id, 104 | const size_t id_len, 105 | const EC_KEY *key); 106 | #endif 107 | 108 | # endif 109 | #endif /* QAT_PROV_SIGN_SM2_H */ 110 | -------------------------------------------------------------------------------- /qat_provider.cnf: -------------------------------------------------------------------------------- 1 | [qatengine_sect] 2 | activate = 1 3 | enable_external_polling = 0 4 | enable_heuristic_polling = 0 5 | enable_sw_fallback = 0 6 | enable_inline_polling = 0 7 | qat_poll_interval = 10000 8 | qat_epoll_timeout = 1000 9 | enable_event_driven_polling = 0 10 | enable_instance_for_thread = 0 11 | qat_max_retry_count = 5 12 | -------------------------------------------------------------------------------- /qat_sw_ec.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2021-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_ec.h 41 | * 42 | * This file provides an interface to ECDH & ECDSA Multi-buffer operations 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_SW_EC_H 47 | # define QAT_SW_EC_H 48 | 49 | # define EC_P256 1 50 | # define EC_P384 2 51 | # define EC_SM2 3 52 | 53 | # include 54 | 55 | # ifdef ENABLE_QAT_SW_SM2 56 | EVP_PKEY_METHOD *mb_sm2_pmeth(void); 57 | void process_ecdsa_sm2_sign_reqs(mb_thread_data *tlv); 58 | void process_ecdsa_sm2_verify_reqs(mb_thread_data *tlv); 59 | # endif 60 | 61 | # ifdef ENABLE_QAT_SW_ECDSA 62 | int mb_ecdsa_sign(int type, const unsigned char *dgst, int dlen, 63 | unsigned char *sig, unsigned int *siglen, 64 | const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey); 65 | int mb_ecdsa_do_verify(const unsigned char *dgst, 66 | int dlen, const ECDSA_SIG *sig, 67 | EC_KEY *eckey); 68 | int mb_ecdsa_verify(int type, const unsigned char *dgst, 69 | int dgst_len, const unsigned char *sigbuf, 70 | int sig_len, EC_KEY *eckey); 71 | #ifndef QAT_BORINGSSL 72 | int mb_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, 73 | BIGNUM **kinvp, BIGNUM **rp); 74 | ECDSA_SIG *mb_ecdsa_sign_sig(const unsigned char *dgst, int dlen, 75 | const BIGNUM *in_kinv, const BIGNUM *in_r, 76 | EC_KEY *eckey); 77 | #else /* QAT_BORINGSSL */ 78 | int mb_ecdsa_sign_bssl(const uint8_t *digest, size_t digest_len, uint8_t *sig, 79 | unsigned int *sig_len, EC_KEY *eckey); 80 | #endif /* QAT_BORINGSSL */ 81 | void process_ecdsa_sign_reqs(mb_thread_data *tlv, int bits); 82 | void process_ecdsa_sign_setup_reqs(mb_thread_data *tlv, int bits); 83 | void process_ecdsa_sign_sig_reqs(mb_thread_data *tlv, int bits); 84 | void process_ecdsa_verify_reqs(mb_thread_data *tlv, int bits); 85 | # endif 86 | 87 | # ifdef ENABLE_QAT_SW_ECDH 88 | int mb_ecdh_compute_key(unsigned char **out, size_t *outlen, 89 | const EC_POINT *pub_key, const EC_KEY *ecdh); 90 | int mb_ecdh_generate_key(EC_KEY *ecdh); 91 | void process_ecdh_keygen_reqs(mb_thread_data *tlv, int bits); 92 | void process_ecdh_compute_reqs(mb_thread_data *tlv, int bits); 93 | # endif 94 | 95 | #endif /* QAT_SW_EC_H */ 96 | -------------------------------------------------------------------------------- /qat_sw_ecx.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2020-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_ecx.h 41 | * 42 | * This file provides an X25519 interface for an OpenSSL engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_SW_ECX_H 47 | # define QAT_SW_ECX_H 48 | 49 | # ifndef QAT_OPENSSL_PROVIDER 50 | # include 51 | # endif 52 | # include 53 | 54 | 55 | /* Multibuff X25519 methods declaration */ 56 | void process_x25519_keygen_reqs(mb_thread_data *tlv); 57 | void process_x25519_derive_reqs(mb_thread_data *tlv); 58 | 59 | #endif /* QAT_SW_ECX_H */ 60 | -------------------------------------------------------------------------------- /qat_sw_polling.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2020-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_polling.h 41 | * 42 | * This file provides an interface for multibuff polling in QAT engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_SW_POLLING_H 47 | # define QAT_SW_POLLING_H 48 | 49 | #include "e_qat.h" 50 | 51 | /****************************************************************************** 52 | * function: 53 | * void *timer_poll_func(void *ih) 54 | * 55 | * @param ih [IN] - NULL 56 | * 57 | * description: 58 | * Poll the multibuff request (nanosleep version) 59 | * NB: Delay in this function is set by default at runtime by an engine 60 | * specific message. If not set then the default is QAT_POLL_PERIOD_IN_NS. 61 | * 62 | ******************************************************************************/ 63 | void *multibuff_timer_poll_func(void *ih); 64 | 65 | int qat_sw_poll(); 66 | 67 | #endif /* QAT_SW_POLLING_H */ 68 | -------------------------------------------------------------------------------- /qat_sw_rsa.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2020-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_rsa.h 41 | * 42 | * This file provides an RSA interface for Multi-buffer implementation of an 43 | * OpenSSL engine 44 | * 45 | *****************************************************************************/ 46 | 47 | #ifndef QAT_SW_RSA_H 48 | # define QAT_SW_RSA_H 49 | 50 | # include 51 | 52 | /* RSA key sizes */ 53 | # define RSA_2K_LENGTH 2048 54 | # define RSA_3K_LENGTH 3072 55 | # define RSA_4K_LENGTH 4096 56 | 57 | #ifdef ENABLE_QAT_SW_RSA /* ENABLE_QAT_SW_RSA */ 58 | 59 | #ifdef QAT_BORINGSSL 60 | typedef struct { 61 | int status; 62 | unsigned int length; 63 | unsigned char *data; 64 | mb_async_ctx async_ctx; 65 | } mb_bssl_rsa_async_ctx; 66 | #endif /* QAT_BORINGSSL */ 67 | 68 | void process_RSA_priv_reqs(mb_thread_data *tlv, int rsa_bits); 69 | void process_RSA_pub_reqs(mb_thread_data *tlv, int rsa_bits); 70 | 71 | int multibuff_rsa_priv_enc(int flen, const unsigned char *from, 72 | unsigned char *to, RSA *rsa, int padding); 73 | int multibuff_rsa_priv_dec(int flen, const unsigned char *from, 74 | unsigned char *to, RSA *rsa, int padding); 75 | int multibuff_rsa_pub_enc(int flen, const unsigned char *from, 76 | unsigned char *to, RSA *rsa, int padding); 77 | int multibuff_rsa_pub_dec(int flen, const unsigned char *from, 78 | unsigned char *to, RSA *rsa, int padding); 79 | 80 | #ifdef QAT_BORINGSSL 81 | int mb_bssl_rsa_priv_sign(RSA *rsa, size_t *out_len, uint8_t *out, 82 | size_t max_out, const uint8_t *in, 83 | size_t in_len, int padding); 84 | 85 | int mb_bssl_rsa_priv_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, 86 | size_t max_out, const uint8_t *in, 87 | size_t in_len, int padding); 88 | 89 | void mb_bssl_rsa_priv_enc_callback_fn(void *async_ctx, 90 | unsigned char *out_buffer, 91 | unsigned long *size, 92 | unsigned long max_size); 93 | 94 | void mb_rsa_sign_sync_call_back_fn(void *async_ctx, unsigned char *out_buffer, 95 | unsigned long *size, unsigned long max_size); 96 | #else /* OpenSSL */ 97 | int multibuff_rsa_init(RSA *rsa); 98 | 99 | int multibuff_rsa_finish(RSA *rsa); 100 | #endif /* QAT_BORINGSSL */ 101 | 102 | #endif /* ENABLE_QAT_SW_RSA */ 103 | 104 | #endif /* QAT_SW_RSA_H */ 105 | -------------------------------------------------------------------------------- /qat_sw_sha2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_prov_sha2.h 41 | * 42 | * This file provides an interface to Qat provider SHA2 operations 43 | * 44 | *****************************************************************************/ 45 | #ifndef QAT_SW_SHA2_H 46 | # define QAT_SW_SHA2_H 47 | 48 | /* Standard Includes */ 49 | # include 50 | # include 51 | 52 | /* OpenSSL Includes */ 53 | # include 54 | # include 55 | # include 56 | # include 57 | # include 58 | # include 59 | 60 | /* Intel IPsec library include */ 61 | # if defined(ENABLE_QAT_FIPS) && defined(ENABLE_QAT_SW_SHA2) 62 | # include 63 | # endif 64 | /* Internal flags that can be queried */ 65 | # define PROV_DIGEST_FLAG_XOF 0x0001 66 | # define PROV_DIGEST_FLAG_ALGID_ABSENT 0x0002 67 | 68 | # define SHA2_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT 69 | 70 | # define QAT_SHA224_DIGEST_LENGTH 28 71 | # define QAT_SHA256_DIGEST_LENGTH 32 72 | # define QAT_SHA384_DIGEST_LENGTH 48 73 | # define QAT_SHA512_DIGEST_LENGTH 64 74 | 75 | # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) 76 | typedef __int64 i64; 77 | typedef unsigned __int64 u64; 78 | # define U64(C) C##UI64 79 | # elif defined(__arch64__) 80 | typedef long i64; 81 | typedef unsigned long u64; 82 | # define U64(C) C##UL 83 | # else 84 | typedef long long i64; 85 | typedef unsigned long long u64; 86 | # define U64(C) C##ULL 87 | # endif 88 | /*- 89 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 90 | * ! SHA_LONG has to be at least 32 bits wide. ! 91 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 92 | */ 93 | # define QAT_SHA_LONG unsigned long long int 94 | 95 | # define QAT_SHA_LBLOCK 16 96 | 97 | # define QAT_SHA_MAX_SIZE 99999999 98 | 99 | /* SHA-256 treats input data as a contiguous array of 32 bit wide 100 | * big-endian values. 101 | */ 102 | # define QAT_SHA256_CBLOCK (QAT_SHA_LBLOCK*4)//original value is *4 103 | 104 | /* SHA-512 treats input data as a contiguous array of 64 bit wide 105 | * big-endian values. 106 | */ 107 | # define QAT_SHA512_CBLOCK (QAT_SHA_LBLOCK*8) 108 | 109 | typedef struct qat_sha2_st { 110 | QAT_SHA_LONG h[8]; 111 | QAT_SHA_LONG Nl, Nh; 112 | size_t block_size; 113 | size_t md_size; /* output length, variable in XOF */ 114 | size_t data_bufsz; /* used bytes in below buffer */ 115 | union { 116 | /*used for 224 & 256 block sizes */ 117 | unsigned char small_data[QAT_SHA_MAX_SIZE]; 118 | 119 | /*used for 384 & 512 block sizes */ 120 | unsigned char large_data[QAT_SHA_MAX_SIZE]; 121 | } u; 122 | unsigned int num; 123 | unsigned int md_len; 124 | int md_type; 125 | unsigned char *name1; 126 | unsigned char *data22; 127 | unsigned char digest_data1[EVP_MAX_MD_SIZE]; 128 | 129 | EVP_MD *sw_md; 130 | EVP_MD_CTX *sw_md_ctx; 131 | } QAT_SHA2_CTX; 132 | 133 | int mb_qat_SHA2_init(QAT_SHA2_CTX * ctx); 134 | int mb_qat_SHA2_update(QAT_SHA2_CTX * ctx, const void *actual_data, size_t len); 135 | int mb_qat_SHA2_final(QAT_SHA2_CTX * ctx, unsigned char *md); 136 | int mb_qat_sha2_cleanup(QAT_SHA2_CTX * ctx); 137 | int qat_sha2_ctx_get_nid(QAT_SHA2_CTX * ctx); 138 | int sha_init_ipsec_mb_mgr(); 139 | void sha_free_ipsec_mb_mgr(); 140 | #endif /* QAT_SW_SHA2_H */ 141 | -------------------------------------------------------------------------------- /qat_sw_sm2.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2021-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_sm2.h 41 | * 42 | * This file provides multibuffer support interface for SM2 ECDSA 43 | * 44 | *****************************************************************************/ 45 | #ifndef QAT_SW_SM2_H 46 | # define QAT_SW_SM2_H 47 | 48 | # include 49 | # include 50 | # include 51 | # include 52 | # include 53 | 54 | /* Local includes */ 55 | # include "e_qat.h" 56 | # include "qat_utils.h" 57 | # include "qat_events.h" 58 | # include "qat_fork.h" 59 | # include "qat_evp.h" 60 | # include "qat_sw_request.h" 61 | # include "qat_sw_ec.h" 62 | # if defined(QAT_OPENSSL_3) || defined(QAT_OPENSSL_PROVIDER) 63 | # include "qat_prov_sign_sm2.h" 64 | # endif 65 | 66 | /* Crypto_mb includes */ 67 | # include "crypto_mb/ec_sm2.h" 68 | # include "crypto_mb/cpu_features.h" 69 | 70 | /* The default user id as specified in GM/T 0009-2012 */ 71 | # define SM2_DEFAULT_USERID "1234567812345678" 72 | # define SM2_DEFAULT_USERID_LEN sizeof(SM2_DEFAULT_USERID) - 1 73 | # define SM3_DIGEST_LENGTH 32 74 | 75 | 76 | # ifdef ENABLE_QAT_SW_SM2 77 | 78 | int qat_sm2_compute_z_digest(uint8_t *out, 79 | const EVP_MD *digest, 80 | const uint8_t *id, 81 | const size_t id_len, 82 | const EC_KEY *key); 83 | 84 | # ifdef QAT_OPENSSL_PROVIDER 85 | int mb_ecdsa_sm2_sign(QAT_PROV_SM2_CTX *ctx, 86 | unsigned char *sig, size_t *siglen, 87 | size_t sigsize, const unsigned char *tbs, 88 | size_t tbslen); 89 | int mb_ecdsa_sm2_verify(QAT_PROV_SM2_CTX *ctx, 90 | const unsigned char *sig, size_t siglen, 91 | const unsigned char *tbs, 92 | size_t tbslen); 93 | 94 | # else 95 | int mb_ecdsa_sm2_sign(EVP_MD_CTX *ctx, 96 | unsigned char *sig, size_t *siglen, 97 | const unsigned char *tbs, 98 | size_t tbslen); 99 | int mb_ecdsa_sm2_verify(EVP_MD_CTX *ctx, 100 | const unsigned char *sig, size_t siglen, 101 | const unsigned char *tbs, 102 | size_t tbslen); 103 | # endif /* QAT_OPENSSL_PROVIDER */ 104 | 105 | #ifndef QAT_OPENSSL_PROVIDER 106 | # ifdef ENABLE_QAT_SW_SM2 107 | int mb_sm2_init(EVP_PKEY_CTX *ctx); 108 | int mb_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 109 | void mb_sm2_cleanup(EVP_PKEY_CTX *ctx); 110 | int mb_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 111 | # endif 112 | #endif 113 | 114 | # endif /* ENABLE_QAT_SW_SM2 */ 115 | 116 | #endif /* QAT_SW_SM2_H */ 117 | -------------------------------------------------------------------------------- /qat_sw_sm3.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2021-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_sm3.h 41 | * 42 | * This file provides an SM3 interface for an OpenSSL engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_SW_SM3_H 47 | # define QAT_SW_SM3_H 48 | 49 | # ifndef QAT_OPENSSL_PROVIDER 50 | # include 51 | # endif 52 | # include 53 | # include 54 | 55 | /* QAT_SW SM3 methods declaration */ 56 | const EVP_MD *qat_sw_create_sm3_meth(int nid , int key_type); 57 | 58 | void process_sm3_init_reqs(mb_thread_data *tlv); 59 | void process_sm3_update_reqs(mb_thread_data *tlv); 60 | void process_sm3_final_reqs(mb_thread_data *tlv); 61 | 62 | #endif /* QAT_SW_SM3_H */ 63 | -------------------------------------------------------------------------------- /qat_sw_sm4_cbc.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2023-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file qat_sw_sm4_cbc.h 41 | * 42 | * This file provides an SM4 interface for an OpenSSL engine 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef QAT_SW_SM4_CBC_H 47 | # define QAT_SW_SM4_CBC_H 48 | 49 | # ifndef QAT_OPENSSL_PROVIDER 50 | # include 51 | # endif 52 | # include 53 | # include 54 | 55 | /* BabaSSL includes needed for sw method */ 56 | # include 57 | 58 | /* QAT_SW SM4 methods declaration */ 59 | #ifdef ENABLE_QAT_SW_SM4_CBC 60 | #define SM4_IV_LEN 16 61 | 62 | /* BabaSSL flags needed for sw method */ 63 | # define SM4_CBC_CUSTOM_FLAGS ( EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 ) 64 | 65 | /* Guarantee the compatibility of OPENSSL1.1 */ 66 | #ifndef ecb128_f 67 | typedef void (*ecb128_f) (const unsigned char *in, unsigned char *out, 68 | size_t len, const void *key, 69 | int enc); 70 | #endif 71 | 72 | typedef struct { 73 | sm4_key key; 74 | int8u iv[SM4_IV_LEN]; 75 | int iv_set; 76 | int enc; 77 | void *sw_ctx_cipher_data; 78 | } SM4_CBC_CTX; 79 | 80 | /* sm4 key struct from BabaSSL */ 81 | # define SM4_KEY_SCHEDULE 32 82 | typedef struct SM4_KEY_st { 83 | uint32_t rk[SM4_KEY_SCHEDULE]; 84 | } SM4_KEY; 85 | 86 | typedef struct { 87 | union { 88 | SM4_KEY ks; 89 | } ks; 90 | block128_f block; 91 | union { 92 | ecb128_f ecb; 93 | cbc128_f cbc; 94 | ctr128_f ctr; 95 | } stream; 96 | } EVP_SM4_KEY; 97 | 98 | #ifndef QAT_OPENSSL_PROVIDER 99 | int qat_sw_sm4_cbc_key_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 100 | const unsigned char *iv, int enc); 101 | int qat_sw_sm4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, 102 | const unsigned char *in, size_t len); 103 | int qat_sw_sm4_cbc_cleanup(EVP_CIPHER_CTX *ctx); 104 | #else 105 | int qat_sw_sm4_cbc_cipher(void *ctx, unsigned char *out, 106 | size_t *outl, size_t outsize, 107 | const unsigned char *in, size_t len); 108 | int qat_sw_sm4_cbc_key_init(void *ctx, const unsigned char *inkey, 109 | int keylen, const unsigned char *iv, 110 | int ivlen, int enc); 111 | int qat_sw_sm4_cbc_cleanup(void *ctx); 112 | #endif 113 | void process_mb_sm4_cbc_key_init_reqs(mb_thread_data *tlv); 114 | void process_mb_sm4_cbc_cipher_enc_reqs(mb_thread_data *tlv); 115 | void process_mb_sm4_cbc_cipher_dec_reqs(mb_thread_data *tlv); 116 | #endif /* ENABLE_QAT_SW_SM4_CBC */ 117 | #endif /* QAT_SW_SM4_CBC_H */ 118 | -------------------------------------------------------------------------------- /test.am: -------------------------------------------------------------------------------- 1 | ################################################################ 2 | # BSD LICENSE 3 | # 4 | # Copyright(c) 2021-2025 Intel Corporation. All rights reserved. 5 | # All rights reserved. 6 | # 7 | # Redistribution and use in source and binary forms, with or without 8 | # modification, are permitted provided that the following conditions 9 | # are met: 10 | # 11 | # * Redistributions of source code must retain the above copyright 12 | # notice, this list of conditions and the following disclaimer. 13 | # * Redistributions in binary form must reproduce the above copyright 14 | # notice, this list of conditions and the following disclaimer in 15 | # the documentation and/or other materials provided with the 16 | # distribution. 17 | # * Neither the name of Intel Corporation nor the names of its 18 | # contributors may be used to endorse or promote products derived 19 | # from this software without specific prior written permission. 20 | # 21 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 | # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 | # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 24 | # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 25 | # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 26 | # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 27 | # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 28 | # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 29 | # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 30 | # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 | # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 | # 33 | ################################################################ 34 | QAT_TEST_SRC = test/main.c \ 35 | test/tests.c \ 36 | test/tests_rsa.c \ 37 | test/tests_ecx.c \ 38 | test/tests_ecdh.c \ 39 | test/tests_ecdsa.c \ 40 | test/tests_aes128_gcm.c \ 41 | test/tests_aes256_gcm.c \ 42 | test/tests_aes128_ccm.c \ 43 | test/tests_aes192_ccm.c \ 44 | test/tests_aes256_ccm.c \ 45 | test/tests_sm2.c \ 46 | test/tests_sm3.c \ 47 | test/tests_sm4_cbc.c \ 48 | test/tests_sm4_gcm.c \ 49 | test/tests_sm4_ccm.c \ 50 | test/tests_sha2.c 51 | 52 | if QAT_PROVIDER 53 | QAT_HW_TEST_SRC = test/tests_dsa.c \ 54 | test/tests_dh.c \ 55 | test/tests_prf.c \ 56 | test/tests_hkdf.c \ 57 | test/tests_sha3.c \ 58 | test/tests_aes_cbc_hmac_sha.c \ 59 | test/tests_chacha20_poly1305.c 60 | endif 61 | 62 | if QAT_HW 63 | QAT_HW_TEST_SRC = test/tests_dsa.c \ 64 | test/tests_dh.c \ 65 | test/tests_prf.c \ 66 | test/tests_hkdf.c \ 67 | test/tests_sha3.c \ 68 | test/tests_aes_cbc_hmac_sha.c \ 69 | test/tests_chacha20_poly1305.c 70 | endif 71 | 72 | testapp_SOURCES = ${QAT_TEST_SRC} \ 73 | ${QAT_HW_TEST_SRC} 74 | 75 | testapp_CFLAGS = $(includes_qat_hw) $(includes_openssl) \ 76 | $(cflags) $(cflags_openssl_3) $(cflags_qat_hw) \ 77 | $(cflags_qat_sw) $(cflags_qat_sw_ipsec) \ 78 | $(cflags_common) 79 | 80 | testapp_LDADD = -ldl -lrt -lpthread $(OPENSSL_LIB) $(QAT_SW_CRYPTO_MB_LIB) 81 | 82 | test: testapp 83 | -------------------------------------------------------------------------------- /test_bssl/test_bssl_ecdsa.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2022-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file test_bssl_ecdsa.h 41 | * 42 | * This file provides a QAT Engine test functions. 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef TEST_BSSL_ECDSA_H 47 | # define TEST_BSSL_ECDSA_H 48 | 49 | #define ECDSA_ASYNC_MODE 1 50 | 51 | int qat_ecdsa_test(const EVP_PKEY *pkey, int flag); 52 | 53 | #endif /* TEST_BSSL_ECDSA_H */ 54 | -------------------------------------------------------------------------------- /test_bssl/test_bssl_rsa.h: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2022-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file test_bssl_rsa.h 41 | * 42 | * This file provides a QAT Engine test functions. 43 | * 44 | *****************************************************************************/ 45 | 46 | #ifndef TEST_BSSL_RSA_H 47 | # define TEST_BSSL_RSA_H 48 | 49 | enum { 50 | RSA_ASYNC_MODE = 1, 51 | RSA_DECRYPT_TEST = 2, 52 | }; 53 | 54 | int qat_rsa_test(const EVP_PKEY *pkey, int async_mode); 55 | 56 | #endif /* TEST_BSSL_RSA_H */ 57 | -------------------------------------------------------------------------------- /test_bssl/test_bssl_utils.c: -------------------------------------------------------------------------------- 1 | /* ==================================================================== 2 | * 3 | * 4 | * BSD LICENSE 5 | * 6 | * Copyright(c) 2022-2025 Intel Corporation. 7 | * All rights reserved. 8 | * 9 | * Redistribution and use in source and binary forms, with or without 10 | * modification, are permitted provided that the following conditions 11 | * are met: 12 | * 13 | * * Redistributions of source code must retain the above copyright 14 | * notice, this list of conditions and the following disclaimer. 15 | * * Redistributions in binary form must reproduce the above copyright 16 | * notice, this list of conditions and the following disclaimer in 17 | * the documentation and/or other materials provided with the 18 | * distribution. 19 | * * Neither the name of Intel Corporation nor the names of its 20 | * contributors may be used to endorse or promote products derived 21 | * from this software without specific prior written permission. 22 | * 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 | * 35 | * 36 | * ==================================================================== 37 | */ 38 | 39 | /***************************************************************************** 40 | * @file test_bssl_utils.c 41 | * 42 | * This file provides a QAT Engine test functions. 43 | * 44 | *****************************************************************************/ 45 | 46 | /* macros defined to allow use of the cpu get and set affinity functions */ 47 | #ifndef _GNU_SOURCE 48 | # define _GNU_SOURCE 49 | #endif 50 | 51 | #ifndef __USE_GNU 52 | # define __USE_GNU 53 | #endif 54 | 55 | #ifndef QAT_DEBUG 56 | # define TEST_DEBUG 57 | #endif 58 | 59 | #include 60 | 61 | #include "qat_utils.h" 62 | 63 | /* OpenSSL Includes */ 64 | #include 65 | #include 66 | #include 67 | 68 | void *qat_load_priv_key(const char *key_path) 69 | { 70 | EVP_PKEY *pkey = NULL; 71 | BIO *bp; 72 | 73 | if (access(key_path, F_OK)) { 74 | printf("-- File %s does not exist\n", key_path); 75 | return NULL; 76 | } 77 | 78 | bp = BIO_new_file(key_path, "r"); 79 | if (!bp) { 80 | printf("-- BIO new failed\n"); 81 | return NULL; 82 | } 83 | 84 | pkey = PEM_read_bio_PrivateKey(bp, NULL, 0, NULL); 85 | if (!pkey) { 86 | printf("-- Error in PEM_read_bio_PrivateKey\n"); 87 | return NULL; 88 | } 89 | 90 | return pkey; 91 | } 92 | 93 | void qat_hex_dump2(const unsigned char p[], int l) 94 | { 95 | int i; 96 | 97 | if (NULL != p && l > 0) { 98 | for (i = 0; i < l; i++) { 99 | if (i > 0 && i % 16 == 0) 100 | puts(""); 101 | else if (i > 0 && i % 8 == 0) { 102 | putc('-', stdout); 103 | putc(' ', stdout); 104 | } 105 | printf("%02x ", p[i]); 106 | } 107 | } 108 | puts(""); 109 | } 110 | -------------------------------------------------------------------------------- /testapp.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #run testapp 3 | date > testapp.log 4 | 5 | echo $1 6 | if [ -z $1 ] 7 | then 8 | echo "Parameter QAT_SW or QAT_HW required." 9 | echo "usage : ./testapp.sh QAT_HW | QAT_SW" 10 | exit 1 11 | fi 12 | 13 | if [ ! -f "testapp" ]; then 14 | echo "testapp does not exist. make test" 15 | make test 16 | fi 17 | 18 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa2048 -sign >> testapp.log 19 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa2048 -verify >> testapp.log 20 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa2048 -encrypt >> testapp.log 21 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa2048 -decrypt >> testapp.log 22 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa3072 -sign >> testapp.log 23 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa3072 -verify >> testapp.log 24 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa3072 -encrypt >> testapp.log 25 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa3072 -decrypt >> testapp.log 26 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa4096 -sign >> testapp.log 27 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa4096 -verify >> testapp.log 28 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa4096 -encrypt >> testapp.log 29 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v rsa4096 -decrypt >> testapp.log 30 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdhp256 >> testapp.log 31 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdhp384 >> testapp.log 32 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdhx25519 >> testapp.log 33 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdhx448 >> testapp.log 34 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdsap256 >> testapp.log 35 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdsap384 >> testapp.log 36 | if [ $1 = QAT_SW ] 37 | then 38 | ./testapp -engine qatengine -c 1 -n 1 -nc 1 -v aes128gcm >> testapp.log 39 | ./testapp -engine qatengine -c 1 -n 1 -nc 1 -v aes256gcm >> testapp.log 40 | fi 41 | 42 | if [ $1 = QAT_HW ] 43 | then 44 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdhp521 >> testapp.log 45 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v ecdsap521 >> testapp.log 46 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v dsa1024 -sign >> testapp.log 47 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v dsa2048 -verify >> testapp.log 48 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v dsa4096 -verify >> testapp.log 49 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v dh >> testapp.log 50 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v prf >> testapp.log 51 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v aes128_cbc_hmac_sha1 >> testapp.log 52 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v aes256_cbc_hmac_sha1 >> testapp.log 53 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v aes128_cbc_hmac_sha256 >> testapp.log 54 | ./testapp -engine qatengine -async_jobs 8 -c 1 -n 1 -nc 1 -v aes256_cbc_hmac_sha256 >> testapp.log 55 | fi 56 | --------------------------------------------------------------------------------