Skip to content
/ QAT_Engine Public

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist

License

BSD-3-Clause and 3 other licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
LICENSE.BORINGSSL
Unknown
LICENSE.OPENSSL
Unknown
LICENSE.PLOCK
404 stars 127 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

intel/QAT_Engine

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

444 Commits
.github
.github
 
 
dockerfiles
dockerfiles
 
 
docs
docs
 
 
fips
fips
 
 
intel-ipsec-mb @ 1c3c559
intel-ipsec-mb @ 1c3c559
 
 
ipp-crypto @ d02611e
ipp-crypto @ d02611e
 
 
kpt
kpt
 
 
openssl @ 85cf92f
openssl @ 85cf92f
 
 
qat_contig_mem
qat_contig_mem
 
 
qat_hw_config
qat_hw_config
 
 
test
test
 
 
test_bssl
test_bssl
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
LICENSE.BORINGSSL
LICENSE.BORINGSSL
 
 
LICENSE.OPENSSL
LICENSE.OPENSSL
 
 
LICENSE.OPENSSL3.0
LICENSE.OPENSSL3.0
 
 
LICENSE.PLOCK
LICENSE.PLOCK
 
 
Makefile.am
Makefile.am
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
atomic-ops.h
atomic-ops.h
 
 
autogen.sh
autogen.sh
 
 
configure.ac
configure.ac
 
 
driver_install.sh
driver_install.sh
 
 
e_qat.c
e_qat.c
 
 
e_qat.ec
e_qat.ec
 
 
e_qat.h
e_qat.h
 
 
e_qat.txt
e_qat.txt
 
 
e_qat_err.c
e_qat_err.c
 
 
e_qat_err.h
e_qat_err.h
 
 
fips_install.sh
fips_install.sh
 
 
intkat.sh
intkat.sh
 
 
plock.c
plock.c
 
 
plock.h
plock.h
 
 
qae_mem_utils.c
qae_mem_utils.c
 
 
qae_mem_utils.h
qae_mem_utils.h
 
 
qat_bssl.c
qat_bssl.c
 
 
qat_bssl.h
qat_bssl.h
 
 
qat_bssl_err.c
qat_bssl_err.c
 
 
qat_bssl_err.h
qat_bssl_err.h
 
 
qat_common.h
qat_common.h
 
 
qat_constant_time.h
qat_constant_time.h
 
 
qat_events.c
qat_events.c
 
 
qat_events.h
qat_events.h
 
 
qat_evp.c
qat_evp.c
 
 
qat_evp.h
qat_evp.h
 
 
qat_fips.c
qat_fips.c
 
 
qat_fips.h
qat_fips.h
 
 
qat_fork.c
qat_fork.c
 
 
qat_fork.h
qat_fork.h
 
 
qat_hw_asym_common.c
qat_hw_asym_common.c
 
 
qat_hw_asym_common.h
qat_hw_asym_common.h
 
 
qat_hw_callback.c
qat_hw_callback.c
 
 
qat_hw_callback.h
qat_hw_callback.h
 
 
qat_hw_ccm.c
qat_hw_ccm.c
 
 
qat_hw_ccm.h
qat_hw_ccm.h
 
 
qat_hw_chachapoly.c
qat_hw_chachapoly.c
 
 
qat_hw_chachapoly.h
qat_hw_chachapoly.h
 
 
qat_hw_ciphers.c
qat_hw_ciphers.c
 
 
qat_hw_ciphers.h
qat_hw_ciphers.h
 
 
qat_hw_dh.c
qat_hw_dh.c
 
 
qat_hw_dh.h
qat_hw_dh.h
 
 
qat_hw_dsa.c
qat_hw_dsa.c
 
 
qat_hw_dsa.h
qat_hw_dsa.h
 
 
qat_hw_ec.c
qat_hw_ec.c
 
 
qat_hw_ec.h
qat_hw_ec.h
 
 
qat_hw_ecx.c
qat_hw_ecx.c
 
 
qat_hw_gcm.c
qat_hw_gcm.c
 
 
qat_hw_gcm.h
qat_hw_gcm.h
 
 
qat_hw_hkdf.c
qat_hw_hkdf.c
 
 
qat_hw_hkdf.h
qat_hw_hkdf.h
 
 
qat_hw_init.c
qat_hw_init.c
 
 
qat_hw_kpt.c
qat_hw_kpt.c
 
 
qat_hw_kpt.h
qat_hw_kpt.h
 
 
qat_hw_multi_thread_inf.c
qat_hw_multi_thread_inf.c
 
 
qat_hw_polling.c
qat_hw_polling.c
 
 
qat_hw_polling.h
qat_hw_polling.h
 
 
qat_hw_prf.c
qat_hw_prf.c
 
 
qat_hw_prf.h
qat_hw_prf.h
 
 
qat_hw_rsa.c
qat_hw_rsa.c
 
 
qat_hw_rsa.h
qat_hw_rsa.h
 
 
qat_hw_sha3.c
qat_hw_sha3.c
 
 
qat_hw_sha3.h
qat_hw_sha3.h
 
 
qat_hw_sm2.c
qat_hw_sm2.c
 
 
qat_hw_sm2.h
qat_hw_sm2.h
 
 
qat_hw_sm3.c
qat_hw_sm3.c
 
 
qat_hw_sm3.h
qat_hw_sm3.h
 
 
qat_hw_sm4_cbc.c
qat_hw_sm4_cbc.c
 
 
qat_hw_sm4_cbc.h
qat_hw_sm4_cbc.h
 
 
qat_hw_usdm_inf.c
qat_hw_usdm_inf.c
 
 
qat_hw_usdm_inf.h
qat_hw_usdm_inf.h
 
 
qat_prov.ec
qat_prov.ec
 
 
qat_prov.txt
qat_prov.txt
 
 
qat_prov_aes_ccm.c
qat_prov_aes_ccm.c
 
 
qat_prov_aes_ccm.h
qat_prov_aes_ccm.h
 
 
qat_prov_bio.c
qat_prov_bio.c
 
 
qat_prov_bio.h
qat_prov_bio.h
 
 
qat_prov_capabilities.c
qat_prov_capabilities.c
 
 

Repository files navigation

Intel® QuickAssist Technology(QAT) OpenSSL* Engine

Intel® QuickAssist Technology OpenSSL* Engine (QAT_Engine) supports acceleration through the QAT hardware (via the QAT_HW path) and through Optimized Software using the Intel instruction set (via the QAT_SW Path from 3rd Generation Intel® Xeon® Scalable Processors family).

The image below illustrates the high-level software architecture of the QAT_Engine. Applications such as NGINX and HAProxy are common applications which interfaces to crypto libraries like OpenSSL* and its fork like Tongsuo(BabaSSL)*, BoringSSL*, etc. OpenSSL* is a toolkit for TLS/SSL protocols and has developed a modular system to plugin device-specific engines and provider. Depending on the particular use case, the QAT_Engine can be configured to accelerate via the QAT Hardware or QAT Software or both based on the platform to meet your specific acceleration needs.

drawing

Features

Features of the QAT_Engine are described here.

Limitations and Known Issues

Limitations and known issues for the QAT_Engine are described here.

Requirements

Installation Instructions

Installation instructions are described here

Testing

Test using OpenSSL Engine command

Test using OpenSSL* Engine command

Run this command to verify the Intel® QAT OpenSSL* Engine is loaded correctly: This should not be used to determine QAT Engine capabilities as it will not display all the algorithms that are supported in QAT Engine.

cd /path/to/openssl_install/bin
./openssl engine -t -c -v qatengine

qat_hw target output will be:

(qatengine) Reference implementation of QAT crypto engine(qat_hw) <qatengine version>
 [RSA, DSA, DH, AES-128-CBC-HMAC-SHA1, AES-128-CBC-HMAC-SHA256,
 AES-256-CBC-HMAC-SHA1, AES-256-CBC-HMAC-SHA256, TLS1-PRF, HKDF, X25519, X448]
    [ available ]
    ENABLE_EXTERNAL_POLLING, POLL, SET_INSTANCE_FOR_THREAD,
    GET_NUM_OP_RETRIES, SET_MAX_RETRY_COUNT, SET_INTERNAL_POLL_INTERVAL,
    GET_EXTERNAL_POLLING_FD, ENABLE_EVENT_DRIVEN_POLLING_MODE,
    GET_NUM_CRYPTO_INSTANCES, DISABLE_EVENT_DRIVEN_POLLING_MODE,
    SET_EPOLL_TIMEOUT, SET_CRYPTO_SMALL_PACKET_OFFLOAD_THRESHOLD,
    ENABLE_INLINE_POLLING, ENABLE_HEURISTIC_POLLING,
    GET_NUM_REQUESTS_IN_FLIGHT, INIT_ENGINE, SET_CONFIGURATION_SECTION_NAME,
    ENABLE_SW_FALLBACK, HEARTBEAT_POLL, DISABLE_QAT_OFFLOAD

qat_sw target output will be:

(qatengine) Reference implementation of QAT crypto engine(qat_sw) <qatengine version>
 [RSA, id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, X25519]
     [ available ]
     ENABLE_EXTERNAL_POLLING, POLL, ENABLE_HEURISTIC_POLLING,
     GET_NUM_REQUESTS_IN_FLIGHT, INIT_ENGINE

Detailed information about the engine specific messages is available here. Also ./openssl engine -t -c -vvvv qatengine gives brief description about each ctrl command.

Test using OpenSSL speed utility

Test using OpenSSL* speed utility

cd /path/to/openssl_install/bin

qat_hw

* RSA 2K Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 72 rsa2048
* ECDH Compute Key
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 72 ecdh
* ECDSA Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 72 ecdsa
* AES-128-CBC-HMAC-SHA256
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 72 -evp aes-128-cbc-hmac-sha256

qat_sw

* RSA 2K Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 rsa2048
* ECDH X25519 Compute Key
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdhx25519
* ECDH P-256 Compute Key
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdhp256
* ECDSA P-256 Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdsap256
* ECDH P-384 Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdhp384
* ECDSA P-384 Sign/Verify
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -async_jobs 8 ecdsap384
* AES-128-GCM
  taskset -c 1 ./openssl speed -engine qatengine -elapsed -evp aes-128-gcm

Note: Run the test without "-engine qatengine" for each algorithm to see the performance against OpenSSL. This only covers key algorithms, additional algorithms can be tested by changing algo parameter.

Test using inbuilt testapp utility

Test using inbuilt testapp utility

cd /path/to/qat_engine
make test
./testapp.sh QAT_HW (For testing algorithms supported by QAT_HW)
./testapp.sh QAT_SW (For testing algorithms supported by QAT_SW)

The testapp.sh script will run the corresponding functional tests supported by QAT_HW and QAT_SW. Please note that the QAT Engine should be built with that support for the tests.

Additional information for testapp tests available with the help option ./testapp -help

Application integration & Case studies

Links to additional content is available here.

Troubleshooting

Troubleshooting information is available here.

Licensing Information

Licensing information is available here.

Legal

Legal information is available here.

About

Intel QuickAssist Technology( QAT) OpenSSL Engine (an OpenSSL Plug-In Engine) which provides cryptographic acceleration for both hardware and optimized software using Intel QuickAssist Technology enabled Intel platforms. https://developer.intel.com/quickassist

Topics

openssl-engine

Resources

Readme

License

BSD-3-Clause and 3 other licenses found

Licenses found

BSD-3-Clause
LICENSE
Unknown
LICENSE.BORINGSSL
Unknown
LICENSE.OPENSSL
Unknown
LICENSE.PLOCK

Security policy

Security policy
Activity
Custom properties

Stars

404 stars

Watchers

83 watching

Forks

127 forks
Report repository

Releases 76

v1.6.2 Latest
Aug 28, 2024
+ 75 releases

Packages

No packages published

Contributors 46

+ 32 contributors

Languages