Baidu cloud RSA compilation and performance and security testing

The RSA algorithm is one of the most widely used "asymmetric encryption algorithms". The longer the general public/private key length, the better the security and the more complicated the calculation. The RSA 2048 encryption and decryption algorithm is applied in the Baidu cloud https transformation. For the high computational complexity RSA decryption task, we use the parallel computing resources on the FPGA and the customized data path to provide up to 45000 QPS decryption capability (CPU single thread). More than 75 times the throughput rate, comparable to the throughput of commercial ASIC encryption and decryption cards), and will also provide a unique private key management solution, so that the system security has been improved.

百度云RSA编译和性能及安全测试

Software call API execution

Compile

Execute lspci | grep -i Xilinx, the output is not empty, confirming that the FPGA has been correctly transparently transmitted to the virtual machine.

Compile the driver, enter the rsa-driver directory, and execute make.

If the prompt "No such file or directory", please modify the KERNELDIR variable in the Makefile to point to the correct kernel compilation directory, usually /usr/src/kernels/$(uname -r).

If the prompt symbol is redefined during compilation, delete the symbols such as PDE_DATA, file_inode, kvalloc, and kvfree in the source file.

Load the driver and execute insmod fpga_drive.ko.

Check if the permissions of /dev/fpga0 are 0666. If not, please execute chmod 666 /dev/fpga0.

Create a soft link to rsa-api/output/so/libfpga_rsa_cpp.so in the engine directory of the openssl system, ie execute ln -s /path/to/rsa-api/so/libfpga_rsa_cpp.so /usr/lib64/openssl/engines/ Libfpga_rsa_cpp.so.

The RSA acceleration function is used by the openssl standard engine interface. After the engine is properly loaded and initialized, the RSA private key can be encrypted and decrypted by RSA_private_encrypt and RSA_private_decrypt.

The FPGA supports RSA private key encryption and decryption with a key length below 2048 bits. If the given key length is outside this range, the engine will forward the CPU calculation, and the performance is equivalent to directly using the CPU.

#include‹openssl/rsa.h›
#include ‹openssl/engine.h›
#include‹openssl/err.h›

OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ENGINE_load_dynamic();

/* load engine */
ENGINE *engine = ENGINE_by_id("fpga_rsa_cpp");
If (engine == NULL) {
LOG(WARNING) ‹‹ "Could not Load fpga_rsa_cpp Engine!";
Return 1;
}
LOG(INFO) ‹‹ "fpga_rsa_cpp Engine successfully loaded";

/* init engine */
Int init_ret = ENGINE_init(engine);
Int set_ret = ENGINE_set_default_RSA(engine);
LOG(INFO) ‹‹ "engine name = " ‹‹ ENGINE_get_name(engine);
LOG(INFO) ‹‹ "init_ret = " ‹‹ init_ret;
LOG(INFO) ‹‹ "set_ret = " ‹‹ set_ret;

If ((init_ret != 1) || (set_ret != 1)) {
LOG(WARNING) ‹‹ "Failed to init engine";
Return 1;
}

/* use engine */
RSA_private_decrypt(flen, from, to, rsa, padding);

Performance Testing

Qps

Execute openssl speed rsa2048 -engine fpga_rsa_cpp -mulTI 36, you can see qps in the "sign/s" column. Normal conditions should be above 40000/s.

Baidu cloud RSA compilation and performance and security testing

Delay

Execute openssl speed rsa2048 -engine fpga_rsa_cpp -mulTI 1. You can see the latency in the "sign" column. The normal situation should be around 700us.

Baidu cloud RSA compilation and performance and security testing

RSA private key decryption QPS comparison

The FPGA solution has a significant performance advantage over pure CPU calculations using a dual Intel Xeon E5-2620 v2 server (hyperthreading enabled, a total of 24 cores), as shown in the following figure. When the RSA key length is 512 bits, 1024 bits and 2048 bits, the former private key decryption QPS is 2.13, 4.52 and 9.36 times of the latter, respectively, and the latency is only 89%, 50% and 27% of the latter.

Baidu cloud RSA compilation and performance and security testing

Baidu cloud RSA compilation and performance and security testing

HD Slip Ring

HD Slip Ring is an electromechanical device. It allows the transmission of power and signals from a stationary to a rotating structure. It consists of an electrically conductive rotating ring, with one or more stationary contacts. They are called "stations" or "spokes". Electrical signals (power and/or data) are transmitted through the slip ring. This is done by means of brushes that make contact with the ring.


It is typically used where there is a need to rotate one object relative to another. Especially for passing power and/or signals from the stationary object to the rotating object.


Regarding it's application in conjunction with other equipment, we'll need high-quality production. Oubaibo uses components imported from the United States and high-frequency signal processing. Which has the characteristics of small size, lightweight, good insulation performance, stable transmission, and so on. Its unique design makes it an ideal choice for many applications.


Hd Slip Ring,Slip Ring Power,Fiber Optic Slip Rings,Small Slip Rings

Dongguan Oubaibo Technology Co., Ltd. , https://www.sliproubos.com