Research On Application Of ARM Crypto-engine In WebServer

In recent years,with the development of big data technology,the demand for largescale data center is growing.This demand has driven the development of the server market.The cost of building and running large-scale data centers is huge which is determined by the the price and energy consumption of the servers.Although Intel monopolized the server market,ARM has been made great progress in the field of server chips.ARM servers have advantages in energy consumption and prices which are in line with the cost reduction demand of large-scale data center.In terms of applications,ARM servers have advantages in transaction-intensive applications.Therefore,ARM servers have broad prospects in the WebServer application scenario.At present,HTTPS is widely used when users access WebServer.HTTPS is a securityoriented HTTP connection whose security foundation is the SSL / TLS protocol.When the user connects to the server using the HTTPS protocol,the data that the server sends to the client needs to be encrypted.However,the encryption operation will cause a lot of computing burden to the CPU.Therefore,this paper will use the hardware CryptoEngine to perform encryption and decryption operations.We have done a lot of prophase research on ARM hardware Crypto-Engine.During the process,we found that most of the work are focused on the embedded field and the hardware design.We will study the hardware Crypto-Engine on the ARM server for WebServer applications.This paper designes an ARM hardware Crypto-Engine acceleration system which is consist of OpenSSL,CryptoDev,hardware Crypto-Engine driver and hardware Crypto-Engine.According to the system design,this paper firstly implements the hardware Crypto-Engine driver which is the key to call the hardware Crypto-Engine.Then,this paper implements the interactive interface between OpenSSL and CryptoDev.Base on this,the request can be transferred from the user space to the kernel space.Eventually,the WebServer is able to call the hardware Crypto-Engine.On the basis of realizing the system,we construct the test environment of 40 Gbps network bandwidth.We have tested the system performance from both OpenSSL and end-to-end levels.During the end-to-end test,the server has been taken a stress test by simulating the actual application scenario which has high concurrent requests on the test machine.OpenSSL layer test data show that,when the test process number is 1 and blocksize is 64 KB,for the performance of the hardware executing the algorithms,compared with the performance of the software executing the algorithms,the performance of AES-128-GCM,AES-256-GCM,AES-128-CBC,AES-256-CBC improved by 6-7 times,3DES performance improved by about 18 times,SHA1 performance improved by about 2.5 times,SHA256 performance improved by about 6 times;for the performance of the acceleration instructions executing the algorithms,compared with the performance of the software executing the algorithms,AES-128-GCM,AES-256-GCM,AES-128-CBC,AES-256-CBC performance improved by 9-11 times,SHA1 performance improved by about 3.5 times,SHA256 performance improved by about 7 times.Among the algoritms,3DES has no acceleration instructions.End-to-end test data show that,for ECDHE-RSA-AES128-SHA256,ECDHERSA-AES256-SHA384,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSAAES256-GCM-SHA384,when the pagesize is greater than 32 KB,the RPS(Request per Second)for crypto-engine is higher than the RPS for software.The RPS for cryptoengine and software are lower than the RPS for the acceleration instructions.For ECDHE-RSA-DES-CBC3-SHA,when the pagesize is greater than 4KB,the RPS for crypto-engine is higher than the RPS for software.Based on the test results,in the future work,we will combinate the crypto-engine and acceleration instrucions to optimize the hardware crypto-engine acceleration system to boost the performance of the server.