Chinaunix

标题: 如何查看CPU是否支持硬件SSL加速？ [打印本页]

作者: fluke888 时间: 2009-07-29 10:30
标题: 如何查看CPU是否支持硬件SSL加速？
About the UltraSPARC T1 Processor

Asymmetric Cryptography is also commonly called Public Key Infrastructure (PKI) cryptography. PKI cryptography is up to 1000 times more CPU intensive than symmetric cryptography. The Rivest, Shamir, Adelman (RSA) algorithm uses modular arithmetic to enable the concept of public and private keys. Typically, only the RSA operations that use public key cryptography are offloaded to a hardware accelerator. So the accelerator card performs the asymmetric cryptography operations and the symmetric cryptography operations are performed by the server's main processor.

RSA operations are an important component of the SSL full handshake. Each core of the UltraSPARC T1 Processor has a MAU (Modular Arithmetic Unit), which supports RSA and DSA operations. RSA operations utilize a compute-intensive algorithm that can be offloaded to the MAU. The MAU is capable of sustaining 14000 RSA operations per second. Moving RSA operations to the MAU speeds full handshake performance and frees the CPU. In terms of the Solaris Cryptographic Framework, the MAU is implemented as a Service Provider (ncp(7D)-Niagara crypto provider device driver). There is a great deal of performance improvement with a hardware accelerator.

About the UltraSPARC T2 Processor

Although the MAU (Modular Arithmetic Unit) provided in the UltraSPARC T1 helped to reduce the overhead of the computationally expensive SSL handshake, the role of encrypting/decrypting and hashing the data transferred between the client and the server was still performed by the CPU cores. The UltraSPARC T2 adds a per-core Streams Processing Unit (SPU) which offers an Encryption/Decryption and Hash-Operations offload engine. The SPU can be used to offload DES, 3DES, AES-128, AES-192, AES-256, RC4, MD5, SHA1, SHA256 operations. It also offers ECCp-160 and ECCb-163 used in Public Key exchange.

In addition to Encryption/Decryption/Hash functionality, the UltraSPARC T2 processor added an on-chip Random Number Generator which is normally used by cryptographic applications for entropy data.

这MAU是不是T1/T2处理器缺省内置的SSL硬件加速模块？功能上就相当于SSL硬件加速卡？
其它CPU是否有SSL硬件加速功能呢，比如SPARC64-VI或SPARC64-VII ，或UltraSPARC-III+
请各位兄弟指点，thanks!

[ 本帖最后由 fluke888 于 2009-7-29 10:31 编辑 ]

作者: easybegin 时间: 2009-07-29 11:03
这个我也想学习一下,哪位兄弟指教一下.

作者: bxwz2004 时间: 2009-07-29 11:23
同意楼主的理解，MAU是T1/T2处理器内置的SSL硬件加速模块，功能上就相当于SSL硬件加速卡。

但是前提是你的应用程序是使用了“Solaris Cryptographic Framework”里的 ncp（Niagara crypto provider device driver），这样才能利用到MAU的这个硬件加速的功能。比如，使用与solaris捆绑的 openssl 才能看到硬件加速，而如果自己下载openssl安装则没有性能提升。我感觉用最新版的Java SE 开发的app 应该可以使用到MAU。

至于其他CPU，不太清楚，需要高手解答

作者: 山野村夫 时间: 2009-07-29 12:01
没研究过这个，等高手分析

作者: fluke888 时间: 2009-07-30 09:47
各位FE呢，帮忙查查资料，指引下～～
大家发表见解丫～～

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)