[go: up one dir, main page]

CN1658550A - Apparatus and method for performing cryptographic operations - Google Patents

Apparatus and method for performing cryptographic operations Download PDF

Info

Publication number
CN1658550A
CN1658550A CN2005100568326A CN200510056832A CN1658550A CN 1658550 A CN1658550 A CN 1658550A CN 2005100568326 A CN2005100568326 A CN 2005100568326A CN 200510056832 A CN200510056832 A CN 200510056832A CN 1658550 A CN1658550 A CN 1658550A
Authority
CN
China
Prior art keywords
cryptographic
block
cipher
password
operations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2005100568326A
Other languages
Chinese (zh)
Inventor
G·葛林·亨利
汤姆斯·A·克林斯潘
泰瑞派克
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Via Technologies Inc
Original Assignee
Via Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/826,428 external-priority patent/US7529367B2/en
Application filed by Via Technologies Inc filed Critical Via Technologies Inc
Publication of CN1658550A publication Critical patent/CN1658550A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to an apparatus and method for performing cryptographic operations. Apparatus and methods for performing cryptographic operations on a plurality of input data blocks in a microprocessor. An apparatus may be used to perform cryptographic operations. The device includes: cipher instruction circuit, cipher feedback block mode logic circuit and execution logic circuit. The cryptographic instruction circuit provides a cryptographic instruction that is received by the computing device as part of executing an instruction stream in the computing device. The cryptographic instruction may specify one of a plurality of cryptographic operations. The designated cryptographic operation includes performing a plurality of cryptographic feedback block cryptographic operations on a corresponding plurality of input text blocks. The cipher feedback block mode logic is coupled to the cipher instruction. The cipher feedback block mode logic directs the computing device to update the pointer register and the intermediate result of each cipher feedback block cipher operation. The execution logic is coupled to the cipher feedback block mode logic. The execution logic is to perform the specified cryptographic operation.

Description

Be used to carry out the apparatus and method of Password Operations
Technical field
The present invention relates to a kind of microelectronic, particularly relate to a kind of saturating apparatus and method of leading to the Password Operations of cipher feedback pattern that are used for carrying out at microprocessor or other devices.
Background technology
Early stage computing system is to be independent of the running of other computing systems, is built in computing system because carry out needed all input data of application program in the computing system in early days in being, or is provided when program is carried out by the programmer.The output data that application program is produced after execution is the result who carries out as application program, and these output data are generally the form that prints in black and white, or are written to the file in the storage device of a part of computing system of disk, CD or other types.Output file can be as the input file of an individual successor applications of carrying out in the identical calculations system then, perhaps, if the output data saves as the file in the removable or portable storage device in advance, it can offer a different still compatible computing system so, and can be used by the application program in the system.People recognize; in the computing system in early days; responsive message needs protection; thereby in other message safety measure; produced cryptographic application; to protect responsive message still disclosing under the undelegated situation, generally speaking, these password programs are encrypted and are deciphered the output data that is stored in storage device.After several years, the user begins to find computing system is linked to be the benefit that the networking provides the shared access of message.So network construction, operating system and data transfer protocol develop into the ability that not only can support access to share data equally, and become its important feature.For example, nowadays, the user of a computer workstation can be at another different work station or networking file server accessing file, utilize the networking to obtain news and other messages, perhaps from up to a hundred other computer transmission and reception electric message (for example Email), be connected also or with the supplier computing system and provide credit card or bank's message to come to buy product, also or at the restaurant, airport or other public place use Wi-Fi to carry out any aforesaid activity from this supplier.Therefore, the protection sensitive data and transmit uncommitted open source information more seem important.During using computing system, the user must protect the example of his/her sensitive data to increase considerably.Now, top news as spam, hacker, usurp status, reverse engineering (reverse engineering), deception and credit card is stolen brush or the like, makes masses be alerted to the safe subject under discussion of computing system message.Sometimes for not being in the mood for fault, some then is to have planned good networking terrorist activity beforehand to the motivation of these infringement privacy actions.Departments of government has been formulated new law, strict execution and has been carried out public education as reaction, can't stop to invade the tide of computer data effectively but so take action.As a result, nowadays the problem that allows government unit, financial institution, the military and intelligence department worry has in the past become each and has been in and reads Email or use one of problem that the society of networking bank transaction comparatively worries.In addition, in commercial field, know this operator as can be known, existing big little company all need bet in the business transaction in the quite most protection of resource in its privately owned information.
In the field of message safety, developed the technology and the measure that many data passwords, it can only be deciphered by special personnel (being called the cryptographist).When this kind cryptographic technique (cryptography) is when being used for protecting the message that is stored in computing system or transmits especially between computing system, it is converted to the form (being called " ciphertext (ciphertext) ") that can not discern with password with responsive message (being called " expressly (plaintext or cleartext) ") usually.The conversion process that expressly converts ciphertext to is called " encrypting (encryption) ", is called " deciphering (decryption, deciphering or inverse ciphering) " and convert ciphertext to expressly reciprocal transformation process.
In the password field, produced some programs and agreement, allow the user need be with too many knowledge or the effort of Hua Taida, can send or offer data to different user with the form of password.Along with the transmission of password message, the sender can give one of recipient " key (cryptographickey) " usually, and the recipient can be deciphered the password message, thereby can the preceding original message of reading encrypted.Know this skill person as can be known, these programs and agreement usually can be protected with the form of password, mathematical algorithm, application program, and design is used for the encryption and decryption sensitive data especially.
There is the algorithm of numerous species to can be used for the encryption and decryption data at present, wherein a kind of algorithm (for example be public key algorithm (public key cryptographic algorithms), an one example is a RSA Algorithm) is to use two keys (Public key (public key) and a private key (private key)) to encrypt or decrypted data.According to some public key algorithms, recipient's Public key is should be used for data is encrypted by the sender, to be transferred to the recipient.Because have certain specific mathematics pass to be between Public key and a private key, the recipient must come the keying material that is transmitted is deciphered with its private key, to go back raw data.Though this now cryptographic algorithm is extensive use of, but the computing of its encryption and decryption is slow excessively, even also is the same very slow for a spot of data computing only.Second kind of algorithm is symmetric key algorithm (symmetric key algorithms), not only provide the data security with first kind of algorithm same levels, and execution speed is faster.So this algorithm be called symmetric key algorithm, be because it uses single key to come simultaneously to the message encryption and decryption.In some public sectors, generally use three kinds of single key cryptographic algorithms at present: data encryption standard (DataEncryption Standard, DES) algorithm, triple data encryption standard (Triple DES) algorithm and advance rank encryption standard (Advanced Encryption Standard, AES) algorithm.Because these algorithms can be protected sensitive data effectively, thereby are adopted by mechanism of U.S. government, but know this operator as can be known, in the near future, these algorithms will become commerce or private placement placing's use standard.According to these symmetric key algorithms, with expressly and the ciphertext block that is divided into a certain size carry out the action of encryption and decryption.For example, advance rank encryption standard algorithm and on the block of 128 bit sizes, carry out Password Operations, and can to use size be the key of 128,192,256 bits.Other symmetric key algorithms such as Rijndael Cipher similarly can be used for the data blocks of 192,256 bits.Therefore, for a block Password Operations, the plaintext of 1024 bits can be advanced the block that the rank encryption standard is divided into 8 128 bits.
All symmetric key algorithms are to use the child-operation (sub-operations) of identical type to come block password expressly.According to some symmetric key algorithms commonly used, be most keys (as key list) with an initial cipher key spreading, wherein each key as corresponding password " bout " is to carry out in the plaintext block.For example, first key of key list is the first password bout that is used for carrying out child-operation in the plaintext block.The execution result of first leg is the input data as second leg, and second leg is to use second key of key list to produce the result of second leg, carries out result's (that is ciphertext itself) that ensuing several specific bout produces last bout then.According to advancing rank encryption standard algorithm, the child-operation in each bout of being mentioned in pertinent literature is time bit (SubByte (or S-box)) for example, moves row (ShiftRows), mixes hurdle (MixColums) and add bout key (AddRoundKey).The deciphering of ciphertext block is to expressly the block encryption is similar, except ciphertext is passed to reverse encryption as input value, and in each bout, carry out outside the reverse child-operation (as: oppositely mix hurdle (Inverse MixColums), oppositely move row (Inverse ShiftRows)), and the final result of bout is the plaintext block.
Data encryption standard algorithm all uses different specific sub-computings with triple data encryption standard algorithms, but this a little computing is to advance the rank sub-computing of encryption standard algorithm similar because they all with similar manner expressly block be transformed into the ciphertext block.
In order to carry out Password Operations on a plurality of continuous this paper blocks, all symmetric key algorithms are to use the pattern of identical type.These patterns comprise code book (electronic code book) pattern, password area block chaining (cipher block chaining) pattern, cipher feedback (cipher feedback) pattern and output feedback (output feedback) pattern, the some of them pattern need be used extra initialization vector when carrying out child-operation, and other patterns are used the ciphertext output of carrying out the first password bout collection on the first plaintext block, and it can be used as the additional input value of the second performed password bout of second plaintext block.As for each cryptographic algorithm and the further discussion of the applied child-operation of symmetric key algorithm at present, then not within the scope of the invention.About data encryption standard algorithm and the concrete implementation criteria of triple data encryption standard algorithms, the reader can consult the FederalInformation Processing Standards Publication 46-3 (FIPS-46-3) that was published on October 25th, 1999, about advancing explaining of rank encryption standard algorithm, can consult Federal Information Processing Standards Publication 197 (FIPS-197) that published November 26 calendar year 2001 in Christian era, it is by National Institute of Standards and Technology (NIST) distribution and safeguards.Aforesaid standard is drawn at this and to be the data of consulting.Except above-mentioned standard, can obtain computer security resource center (Computer SecurityResource Center, website CSRS) by the networking at NIST Http:// csrs.nist.gov/The teaching by units that is provided, white paper (white papers), external member (toolkits) and related article etc.
Know this skill person as can be known, be used for to carry out Password Operations (as encryption and decryption) in the performed a plurality of application programs of computing system.In fact, the certain operations system is (as Microsoft , WindowsXP , Linux) be by password primitive (cryptographic primitives), cryptographic application interface and other similar interfaces etc., the service of direct encrypt/decrypt is provided.But the technology of computing system password still has many shortcomings aspect several now, and as the being seen Fig. 1 of readers, its shortcoming can be in following discussion.
Seeing also shown in Figure 1ly, is the schematic diagram used of computing system password now.Signal Figure 100 describes the first evaluation work station 101 to be connected to local-area network 105, wherein be connected to the second evaluation work station (workstation) 102, networking file storage device 106, the first router (router) 107 or wide area networking (the wide area network) 110 and the other forms of interface in addition of local-area network (localarea network) 105, for example be the Internet and Wi-Fi router one 08 (for example, adapting to IEE standard 802.11 standards) etc.104 of kneetop computers pass through Wi-Fi 109 and are connected with wireless router 108.And the second router 111 provides interface in the 3rd evaluation work station 103 one of on another aspect at wide area networking 110.
As discussed previously, the user can repeatedly run into the problem of computer message safety when using a computer now.For example, under the control of current multiple task operating system, the user at evaluation work station 101 can carry out the multi-task simultaneously, and every sample task all needs Password Operations.The user at evaluation work station 101 need carry out encrypt/decrypt and use 112 (calling (invoked) as the part of operating system or by operating system), to store local file (local file) in networking file storage device 106.In store files, the user can be transferred to the message of a password second user on the evaluation work station 102, and second user on the evaluation work station 102 also needs to carry out encrypt/decrypt application 112, and wherein the message of this password (message) may be instant (real-time) (as instant messaging) or non-instant (non-real-time) (as Email).In addition, the user can 103 obtain or provide his/her financial data (as credit card number, financial transaction or the like) or other sensitive datas from the evaluation work station by wide area networking 110.Workstation1 03 can be one family office or other far-end evaluation work stations 103 (when user's out of office at evaluation work station 101, it can obtain workstation1 01,102, storage device 106, the router one 07,108 of local-area network 105, the shared resource of Wi-Fi 109).Aforesaid each action need be called the corresponding example of encrypt/decrypt application program 112.In addition, Wi-Fi 109 appears at coffee shop, airport, school and other public place now usually, the user of kneetop computer not only needs the data that sends other user to is encrypted, or to outside the data deciphering that receives from other user, and all will carry out encryption and decryption by Wi-Fi 109 to the conversation of Wi-Fi router one 08.
Know this skill person and understand, when each given workstation1 01-104 needs Password Operations movable, then need to call an encrypt/decrypt and use 112 example.Therefore, in the near future, evaluation work station 101-104 will probably can carry out hundreds of Password Operations simultaneously.
The present inventor notices, calls the example of at least one encrypt/decrypt application 112 on the evaluation work station 102-104 and carries out Password Operations, has some limitation.For example, compare with the specialised hardware that is used for carrying out specific function, can be slower via the processing speed of software than speed via hardware handles.When each needs execution encrypt/decrypt uses 112, will suspend in current carrying out of the task of workstation1 01-104, and the parameter of Password Operations (as plaintext, ciphertext, pattern, key or the like) must pass to the example of encrypt/decrypt application 112 by operating system, finishes Password Operations.Because Password Operations needs to call the sub-computing of many bouts in special data blocks, therefore, it is so many that encrypt/decrypt is used 112 number of instructions that will carry out, is enough to allow the speed of whole operation system handles be adversely affected.Know this skill person and understand, at Microsoft Outlook In transmit an envelope encrypted E-mail time can be five times of time that transmit an envelope unencryption Email.
In addition, the time-delay about calculating operation system intervention (intervention) also can influence present technology.Big multiple utility program does not provide complete key to produce (integral key generation) or encryption/decryption functionality, these application programs are to utilize operating system assembly or plug-in applications (plug-in application) to finish these tasks, and operating system thereby meeting are disperseed (distracted) and are interrupted, in addition, and need the application program of other current execution.
In addition, the present inventor notices, the floating-point mathematics computing before the quite similar specific floating-point unit that is occurred in microprocessor of Password Operations that is finished in the 101-104 of evaluation work station.Early stage floating-point operation is to be carried out by software, so the speed of its execution is very slow.Identical with floating-point operation, also very slow via the Password Operations speed that software is carried out.Along with the development of floating-point technology, floating point instruction can be carried out in current floating-point coprocessor (co-processor).These floating-point operations of carrying out the floating-point coprocessor are more faster than the speed of software realization, yet it can increase the cost of system.Thereby password coprocessor now is with additional card (add-on boards), perhaps via parallel port (parallel ports) or other interface bus-bars (be bus, below all claim bus-bar) (interfacebuses) (for example USB) form and exist.Certainly, these coprocessors can make finishing than pure software of Password Operations realize that speed is also fast.But the password coprocessor has increased the cost of system configuration, needs extra power supply, and can reduce the global reliability (reliability) of system.In addition, (snooping) intercepted in the enforcement of password coprocessor easily, because the data channel of data channel of coprocessor (data channel) and host microprocessors is not on same wafer (die).
Therefore, the present inventor knows, need use (dedicated) cryptographic hardware of the special use in the microprocessor now, and making needs the application program of Password Operations to indicate microprocessor and to carry out Password Operations by single, elementary cell cipher instruction.The present inventor also recognizes, should provide this ability to limit the demand that operating system is got involved (intervention) and management.In addition, the instruction that can access to your password makes this special (dedicated) cryptographic hardware consistent with main (prevailing) framework of current microprocessor in the priority (privilege level) of application program.In addition, also need to provide cryptographic hardware and relevant cipher instruction, to meet the compatibility of previous (legacy) operating system and application program.More need to provide a kind of apparatus and method that are used for to resist the Password Operations of peeping, it can support multiple cryptographic algorithm, and can support the proof and the test of the specific crypto-operation that it comprises, and allow to use the user to provide key and self to produce key (self-generated key), and support the block size and the cipher key size of a plurality of data, so that block able to programme (programmable block) password/decryption mode to be provided, code book for example, the password area block chaining, cipher feedback block and output feedback, and use the block password password function of aforesaid block encryption/decryption modes able to programme, make a plurality of data blocks to carry out effectively.
This shows that the apparatus and method of above-mentioned existing execution cryptographic function obviously still have inconvenience and defective, and demand urgently further being improved.In order to solve the problem of the apparatus and method existence of carrying out cryptographic function, relevant manufacturer there's no one who doesn't or isn't seeks solution painstakingly, but do not see always that for a long time suitable design finished by development, and common product does not have appropriate structure to address the above problem, and this obviously is the problem that the anxious desire of relevant dealer solves.
Because the defective that the apparatus and method of above-mentioned existing execution cryptographic function exist, the inventor is based on being engaged in this type of product design manufacturing abundant for many years practical experience and professional knowledge, and the utilization of cooperation scientific principle, actively studied innovation, in the hope of founding a kind of apparatus and method that are used to carry out the cryptographic function that leads to the cipher feedback pattern of new structure, can improve the apparatus and method of general existing execution cryptographic function, make it have more practicality.Through constantly research, design, and after studying sample and improvement repeatedly, create the present invention who has practical value finally.
Summary of the invention
The present invention is in order to solve problem and the defective on the prior art.The invention provides a kind of superior technology of in microprocessor, carrying out Password Operations.
In one embodiment, the present invention provides a device to finish Password Operations in microprocessor.This device comprises: cipher instruction circuit, cipher feedback block mode logical circuit and execution logic circuit.The cipher instruction circuit provides a cipher instruction, and this cipher instruction is to be received by computer installation, as the part of the instruction stream of carrying out in computer installation, and is to specify one of them of multiple Password Operations.Appointed Password Operations comprises most the cipher feedback block Password Operations that are executed in corresponding majority input this paper block, and cipher feedback block mode logical circuit is to be couple to the cipher instruction circuit in operation.Cipher feedback block mode logical circuit indication calculation element comes that the two upgrades to the intermediate object program of index buffer and each cipher feedback block Password Operations.Execution logic circuit is to be couple to cipher feedback block mode logical circuit in operation.Execution logic circuit is to carry out appointed Password Operations.
The present invention proposes a kind of device in addition and carries out Password Operations.This device comprises cipher feedback block mode logical circuit and the password unit in a device.Password unit is one of them of execution Password Operations, and it is responsible for receiving the cipher instruction by in the specified instruction stream of appointed Password Operations.Password Operations is included in and carries out a plurality of cipher feedback blocks on corresponding a plurality of input this paper block.Cipher feedback block mode logical circuit is to be couple to password unit in operation.Cipher feedback block mode logical circuit is that indicating device comes that the two upgrades to the intermediate object program of index buffer and each cipher feedback block Password Operations.
The present invention more comprises a kind of method of carrying out Password Operations in device.This kind carried out Password Operations in device method comprises one of them that carry out the Password Operations of being responsible for receiving cipher instruction, and wherein this cipher instruction is specified this Password Operations.The execution of Password Operations is included in and carries out a plurality of cipher feedback block mode block operations on corresponding a plurality of input this paper blocks.This kind carried out Password Operations in device method more is included in the initialization vector position and writes current input this paper block, make and to use current input this paper block with equivalent (equivalent) by the next one of importing those performed in the next one of this paper block cipher feedback pattern blocks at those as an initialization vector.
The object of the invention to solve the technical problems realizes by the following technical solutions.A kind of device that is used to carry out Password Operations according to the present invention's proposition, it comprises: a cipher instruction circuit, provide a cipher instruction, this cipher instruction is to be received as a part of one of carrying out instruction stream in this calculation element by a calculation element, wherein this cipher instruction is specified one of them of most Password Operations, and appointed this Password Operations comprises: most cipher feedback block Password Operations, on corresponding most input this paper blocks, carry out; One cipher feedback block mode logical circuit is connected to this cipher instruction circuit, and it disposes indicates this calculation element the two upgrades to the intermediate object program of most index buffers and each those cipher feedback block Password Operations; And an execution logic circuit, being connected to this cipher feedback block index logical circuit, it disposes carries out appointed Password Operations
The object of the invention to solve the technical problems also can be applied to the following technical measures to achieve further.
The aforesaid device that is used to carry out Password Operations, wherein said appointed Password Operations more comprises following may change at least a: a cipher feedback block mode cryptographic operation, this cipher feedback block mode cryptographic operation comprises most expressly onblock executing encryptions, produces corresponding most ciphertext blocks; And a cipher feedback block mode decryption oprerations, this cipher feedback block mode decryption oprerations comprises most ciphertext onblock executing deciphering, produces corresponding most blocks expressly.
The aforesaid device that is used to carry out Password Operations, wherein said cipher instruction are specified a cipher feedback pattern, to be used for finishing appointed Password Operations.
The aforesaid device that is used to carry out Password Operations, it more comprises:
One bit buffer is couple to this execution logic circuit, and it disposes and stores a bit to represent whether designated Password Operations is interrupted by an interrupt event.
The aforesaid device that is used to carry out Password Operations, wherein said interrupt event comprises changes into a program flow with a program control, and this program flow disposes and handles this interrupt event, and performed appointed Password Operations is to be interrupted on current input this paper block.
The aforesaid device that is used to carry out Password Operations, wherein said when when this program control rotates back into this cipher instruction, just on this current input this paper block, carry out appointed Password Operations.
The aforesaid device that is used to carry out Password Operations, it more comprises following may change at least a:
When each the most individual cipher feedback block Password Operations on each this paper of the individual input of majority were accordingly finished, this cipher feedback block mode logical circuit was to indicate this calculation element to revise this index buffer to point to next input and output this paper block; And
This cipher feedback block mode logical circuit indicates this calculation element that one current output this paper block is stored into by one of the indicated memory body position of an initialization vector buffer.
The aforesaid device that is used to carry out Password Operations, wherein said cipher instruction are most the buffers of consulting in this calculation element with containing.
The aforesaid device that is used to carry out Password Operations, wherein said buffer comprise following may change at least a:
One first buffer, the content of this first buffer comprises points to one of one first memory address first index, this first memory address one of specifies in the memory body primary importance to come those inputs of access this paper block, finishes one of them of those Password Operations in those inputs this paper block;
One second buffer, the content of this second buffer comprises points to one of one second memory address second index, this second memory address one of specifies in the memory body second place to store corresponding most output this paper blocks, and produce those output this paper blocks, with as importing the results that finish appointed Password Operations on this paper blocks at most;
One the 3rd buffer, wherein the content of the 3rd buffer is meant and is shown in most most this paper blocks in input this paper block;
One the 4th buffer, wherein the content of the 4th buffer comprises and points to one of one the 3rd memory address the 3rd index, the 3rd memory address one of specifies in the memory body the 3rd position to come the access keys data, uses when finishing appointed Password Operations;
One the 5th buffer, wherein the content of the 5th buffer comprises and points to one of one the 4th memory address four-index, the 4th memory address one of specifies in the memory body the 4th position to come access one initialization vector, uses when finishing appointed Password Operations; And
One the 6th buffer, wherein the content of the 6th buffer comprises that pointing to one of one the 5th memory address the five fingers marks, the 5th memory address one of specifies in the memory body the 5th position to come access one control word, use when finishing appointed Password Operations, this control word is specified most cryptographic parameter that are used for appointed Password Operations.
The aforesaid device that is used to carry out Password Operations, wherein said this execution logic circuit comprises:
One password unit is disposed on each those inputs this paper block and carries out most password bouts, produce corresponding each those output this paper block, and those password bouts is provided a control word specified by this password unit.
The object of the invention to solve the technical problems also adopts following technical scheme to realize.A kind of device that is used to carry out Password Operations according to the present invention's proposition, it comprises: one the device in one of password unit, one of them of most Password Operations carried out in configuration, one of be responsible for to receive in the instruction stream cipher instruction, this instruction stream is specified appointed Password Operations, and appointed Password Operations comprises: carry out most cipher feedback block Password Operations on corresponding most input this paper blocks; And a cipher feedback block mode logical circuit, being couple to this password unit, this device is indicated in configuration, and the two upgrades to the most individual intermediate object programs of most index buffers and each those cipher feedback block Password Operations.
The object of the invention to solve the technical problems also can be applied to the following technical measures to achieve further.
The aforesaid device that is used to carry out Password Operations, a wherein said interrupt event cause that a program control is converted to configuration and handles one of this interrupt event program flow, and wherein carrying out at the appointed Password Operations of current input this paper block is to be interrupted.
The aforesaid device that is used to carry out Password Operations, wherein said when this program control rotates back into this cipher instruction, just on this current input this paper block, carry out appointed Password Operations.
The aforesaid device that is used to carry out Password Operations, it more comprises following may change at least a: this cipher feedback block mode logical circuit is indicated this device, during each those cipher feedback block Password Operations on finishing corresponding each those inputs this paper block, revise those index buffers and point to next those input and output this paper block; And this cipher feedback block mode logical circuit indicates this calculation element, and current this output this paper block is stored into by initialization vector buffer memory body position one of pointed.
The object of the invention to solve the technical problems also adopts following technical scheme to realize.A kind of method of in device, carrying out Password Operations according to the present invention's proposition, it may further comprise the steps: one of them of most Password Operations of execution, one of received cipher instruction to respond, wherein this cipher instruction is specified appointed Password Operations, and the step of this execution comprises: carry out most cipher feedback block mode Password Operations in corresponding most input this paper blocks; And current input this paper block is written to an initialization vector position, make one of them of those cipher feedback block mode blocks operations subsequently on one of them of subsequently those input this paper blocks use this current input this paper block, with equivalent as an initialization vector.
The object of the invention to solve the technical problems also can be applied to the following technical measures to achieve further.
The aforesaid method of carrying out Password Operations in device, it more comprises: a program control is converted to configuration handles one of interrupt event program flow, and interrupt the execution of appointed Password Operations on this current input this paper block.
The aforesaid method of carrying out Password Operations in device, it more comprises: then after the step of this conversion, when this program control rotates back into this cipher instruction, carry out the step of this execution on this current input this paper block.
The aforesaid method of carrying out Password Operations in device, the step of wherein said reception comprises: specify a cipher feedback pattern decryption oprerations, with as appointed Password Operations.
The aforesaid method of carrying out Password Operations in device, the step of wherein said reception comprises: specify a cipher feedback pattern in this cipher instruction, to be used to finish appointed Password Operations.
The present invention compared with prior art has tangible advantage and beneficial effect.By above technical scheme as can be known, in order to reach aforementioned goal of the invention, major technique of the present invention thes contents are as follows: the invention relates to a kind of apparatus and method that are used for carrying out Password Operations on a plurality of input data blocks of microprocessor.A kind of device, it can be used for carrying out Password Operations.This device comprises: cipher instruction circuit, cipher feedback block mode logical circuit and execution logic circuit.The cipher instruction circuit provides a cipher instruction, is to be received by calculation element, with the part as execution command stream in calculation element.Cipher instruction can be specified one of them of a plurality of Password Operations.Appointed Password Operations is included in and carries out a plurality of cipher feedback block Password Operations on corresponding a plurality of input this paper block.Cipher feedback block mode logical circuit is to be couple on the cipher instruction.Cipher feedback block mode logical circuit indication calculation element is with the intermediate object program of New Set buffer and each cipher feedback block Password Operations more.Execution logic circuit is to be couple to cipher feedback block mode logical circuit.Execution logic circuit is to carry out appointed Password Operations.
Description of drawings
Fig. 1 is the schematic diagram of known password application mode.
Fig. 2 is the schematic diagram that is used to carry out the Password Operations technology.
Fig. 3 is used for Password Operations micro processor, apparatus schematic diagram of the present invention.
Fig. 4 is the schematic diagram of one of one of the present invention elementary cell (atomic) cipher instruction embodiment.
Fig. 5 is the chart of embodiment block cipher mode field value of elementary cell (atomic) cipher instruction of Fig. 4.
Fig. 6 is the calcspar of a password unit one of in the compatible microprocessor of the present invention one x86.
Fig. 7 is the field schematic diagram that is used in reference in the microcommand of the codon operation (sub-operations) in the microprocessor that is shown in Fig. 6.
Fig. 8 is used for Fig. 7 form (format)-be written into chart of the buffer field value of microcommand.
Fig. 9 is the chart that one of Fig. 7 form (format) stores the buffer field value of microcommand.
Figure 10 is the schematic diagram of control word format of the present invention, and it is to be used to specify cryptographic parameter, and this cryptographic parameter is one Password Operations and getting according to the present invention.
Figure 11 is the schematic diagram of password unit of the present invention.
Figure 12 is one of block cryptologic circuit calcspar according to the present invention, and wherein block cryptologic circuit is to be used to carry out Password Operations, and Password Operations is to carry out according to advancing rank password standard algorithm.
Figure 13 is that the present invention is during interrupt event, in order to keep the method flow diagram of cryptographic parameter state.
Figure 14 is the present invention when at least one interrupt event occurring, carries out the flow chart of a concrete cipher feedback pattern Password Operations on most input data blocks.
100 square Figure 101,102,103,104 work stations
104 kneetop computers, 105 local-area networks
106 storage devices, 107,108,111 routers
109 Wi-Fis, 110 wide area networkings
112 application programs
200 calcspars, 201 microprocessors
202 operating systems, 203 memory bodys
204 keys produce application program 205 key lists
206 cryptographic application, 207 decryption application
208 initialization vectors, 209 cryptographic parameter
210 plaintexts, 211 ciphertexts
300 calcspars, 301 microprocessors
302 buffers, 303 translation logic circuit
304 microcommand queues, 305,306 microcommands
307 buffer groups, 308,309,310,311,312,313 buffers
314 are written into logical circuit 315 data gets soon
316 password units, 317 stored logic circuit
318 write back logical circuit 319 bus-bars
320 operating systems, 321 memory bodys
322 cipher instructions, 323 control words
324 keys, 325 initialization vectors
326 input this paper, 327 output this paper
328 execution logic circuit
400 cipher instructions, 401 selectivity are heavy preposition
402 repeat preposition 403 operation code fields
404 block cipher mode fields
500 field value tables
600 microprocessors, 601 extraction logic circuit
602 change a logical circuit 603 transfer interpreters
The 605 buffer stages of 604 memory bodys
606 address phases 607 are written into the stage
608 execution phases 609 microcommand queues
611,613,615 microcommand queues
616,626,640 logical circuits, 617 password units
618 storage stages 619 write back the stage
620 are written into bus-bar 622 stores bus-bar
625,629,631 bits, 626 interrupt logic circuit
627 interrupt signals, 640 cipher feedback mode logic circuit
700 microcommands, 701 data buffer fields
702 data buffer fields, 703 little operation code fields
704 data fields
800 tables 900 table
1000 control words 1001 keep field
1002 keys sizes fields, 1003 encrypt/decrypt fields
1004 intermediate object program fields, 1005 keys produce field
1006 algorithm fields, 1007 bouts counting field
1100 password units, 1102 memory bodys
1101,1103,1104,1105,1106,1107,1108,1109,1110 buffers
1111,1112,1114 bus-bars, 1113 halt signals
1200 block cryptologic circuit 1201, microcommand buffer
1202 control word buffer 1203 keys-0 buffers
1204 keys-1 buffer, 1205,1206 input buffers
1207,1208 output buffers, 1210 bout engine controllers
1211,1212,1213,1214,1216,1217,1218 bus-bars
1220 bout engines, 1221,1223,1224,1226 logical circuits
1222,1225,1227 buffers
Are 1302 beginnings 1304 interrupted?
1306 empty X bit 1308 preserves the framework buffer
1310 handling interrupt 1312 are finished
1402 beginnings 1404 are written into the input block and begin
Are 1406 provided with the X bit? 1408 are written into control word and replacement
1410 loading secrete key data are written into input block (once more) and beginning
Do 1412 encrypt or deciphering? 1414 store the input block to buffer
1416 produce output block 1418 initial vector index buffers
1420 produce output block 1422 stores the output block to memory body
1424 update blocks counters and index buffer
1426 block count devices are 0 1428 to be written into input block and beginning
1430 finish
Embodiment
Reach technological means and the effect that predetermined goal of the invention is taked for further setting forth the present invention, below in conjunction with accompanying drawing and preferred embodiment, to its embodiment of apparatus and method, structure, method, step, feature and the effect thereof that are used to carry out Password Operations that foundation the present invention proposes, describe in detail as after.
Following description is in order to allow the ordinary person in this area can make and use special applications provided by the present invention and its content that needs.Yet, for the personnel that know this technology, the various modifications of preferred embodiment be apparent it, and the present invention one of define as principle can also be used for other embodiment.Thereby the present invention is not limited by hereinafter specific embodiments.But its explainable maximum magnitude is consistent with following principle of the present invention and new feature (novel feature).
With regard to above-mentioned Password Operations and be used for computing system now, the background of related of encryption and decryption of discussion and its limitation carry out to(for) data are to be described in Fig. 2, in addition, Fig. 3-the 14th, then Fig. 2 comes the present invention is set forth.The invention provides a kind of apparatus and method of in current computing system, carrying out Password Operations, current computing system is to present superior performance characteristics by main mechanism (prevailingmechanism), and can satisfy above-mentioned restriction purpose: the intervention of operating system (intervention), elementary cell (atomicity), previous computing system and framework compatibility (architectural compatibility), the programmability of algorithm and pattern (modeprogrammability), resist hacker (hack resistance) and testability (testability).
See also shown in Figure 2ly, signal Figure 200 is a technology of describing as be used for the Password Operations that current computing system carries out.Square Figure 200 comprises microprocessor 201, its can be from one of systematic memory body of using memory body 203 zone the access data relevant with application program.Program control in application program and data access are managed by the software of the operating system 202 of the protected area that is positioned at the systematic memory body usually.As mentioned above, if when a Password Operations need to be carried out in an executive utility (for example Email or file stored routine), application program must be carried out a large amount of instructions by indication microprocessor 201 finish Password Operations.These instructions can be the subprograms (subroutine) of an executive utility part itself, and it can use (plug-in applications) for the insertion that is connected to executive utility, perhaps can be the service that is provided by operating system 202.When not considering correlation, know present technique person as can be known, this instruction can be positioned at some appointment or that distributed memory body zones.For the ease of discussing, these memory body zones are that the position is in using memory body 203, and comprise that a key produces application program (cryptographic key generationapplication) 204, it can produce or receive key, and key developed into key list (keyschedule) 205, to be used for password bout operation (cryptographic round operation).The Password Operations of a multi-tiling (multi-block) comprises and calls a block cryptographic application 206.Cryptographic application 206 can be carried out a plurality of instructions, with block (block), key list 205, the cryptographic parameter 209 (more specifically explanation, Password Operations for example is the position of pattern, key list etc.) of access plaintext (plaintext) 210.If concrete pattern needs, but cryptographic application 206 access one initialization vector (initialization vector) 208 also.Password is used the block that 206 execution instructions wherein produce ciphertext 211, and similarly, block decryption application 207 can be in order to carry out the block decryption oprerations.Decryption application 207 can be carried out a plurality of instructions, with the block of access ciphertext 211, key list 205, more specifically the cryptographic parameter 209 of the particularity of block decryption oprerations is described, and, if pattern needs, also need access one initialization vector 208.It is that the instruction of carrying out wherein produces a corresponding expressly block of 210 that deciphering uses 207.
It should be noted that in order to produce key, and come onblock executing encryption and decryption, must carry out a large amount of instructions this paper (text).Aforesaid FIPS standard comprises many pseudo-codes (pseudocode) example, can estimate needed instruction general number.Thereby, know this operator as can be known, finish up to a hundred instructions of single block Cryptographic action need.And carry out each those instruction of Password Operations by microprocessor 201, be considered as the redundance (for example being file management (file management), instant message (instantmessaging), Email, far-end file access (remote file access), credit card trade) of basic purpose of the application program of current execution usually.As a result, because use the cause of unit or plug-in type encryption and decryption application program 206,207, so the user of a current executive utility can feel that the efficient of current executive utility execution is very low.These application programs 206,207 call other dominations that also must be subjected to operating system 202 with keyholed back plate, for example for supporting to interrupt (supporting interrupts), unusual (exception) and the similar incident that makes the problem aggravation etc.And for needed each simultaneous Password Operations in the computing system, the example of the separation of these application programs 204,206,207 must be distributed in the memory body 203.And, from the above mentioned, can predict, the number that is moved the Password Operations that takes place by microprocessor 201 simultaneously will continue along with the time to increase.
The present inventor notices the limitation (limitation) of current computing system cryptographic technique, and thereby have recognized the need to provide a kind of apparatus and method to come in microprocessor, to carry out Password Operations, this microprocessor will can not provide the user disadvantageous Program time delay.Thereby the present invention provides a kind of micro processor, apparatus and relevant method and carries out Password Operations by one of them of these special password units.Above-mentioned password unit is to carry out Password Operations by the programming (programming) of single password instruction.The present invention will consult Fig. 5-12 and illustrate.
Seeing also shown in Figure 3ly, is the schematic diagram 300 of micro processor, apparatus of the present invention.Schematic diagram 300 is by memory body bus-bar (memory bus) 319, and is connected to the microprocessor 301 of systematic memory body (systemmemory) 321.Microprocessor 301 comprises translation logic circuit (translationlogic) 303, and it receives instruction from instruction registor (instruction register) 302.Translation logic circuit 303 (for example comprises logical circuit, equipment (devices) or microcode (microcode), microcommand (micro instruction) or native instructions (native instruction)), or the assembly of logical circuit, equipment, microcode, or be used for instruction is translated to the equivalent unit (equivalent element) of microcommand correlated series.Be used for carrying out the element (element) of translating at translation logic circuit 303, also can be shared with other circuit, microcode etc. of in microprocessor 301, carrying out other functions.According to range of application of the present invention, microcode is a wording with a plurality of microcommands, and a microcommand (being also referred to as native instructions) is in the performed instruction of a unit level (level).For example, microcommand is directly calculated (Reduced Instruction SetComputer, RISC) directly execution in the microprocessor by a reduced instruction set computer.Calculate (ComplexInstruction Set Computer for a sophisticated vocabulary, CISC) microprocessor, the compatible microprocessor of an x86 for example, it translates to relevant microcommand with the x86 instruction, and these relevant microcommands are directly to be carried out by at least one unit that sophisticated vocabulary calculates in the microprocessor.Translation logic circuit 303 is to be connected in the microcommand queue (micro instruction queue) 304.Microcommand queue 304 has a plurality of microcommands 305,306.Microcommand queue 304 can provide microcommand, and with buffer phase logic circuit, it comprises a buffer group (register file) 307.This buffer group 307 has a plurality of buffer 308-313, and the content of buffer is set before the Password Operations of carrying out an appointment.Buffer 308-312 points to corresponding position 323-327 in the memory body 321.Memory body 321 comprises the needed data of the Password Operations of carrying out appointment, the buffer stage (register stage) is connected to and is written into logical circuit 314, it is got (data cache) 315 soon and engages (interface) with recovery (retrieval) data (data) with data, and carries out the Password Operations of appointment.Data is got 315 soon and is connected to memory body 321 via memory body bus-bar 319.Execution logic circuit (execution logic) 328 is connected to and is written in the logical circuit 314, and wherein this execution logic circuit 328 is to carry out from earlier stage to hand down and by the operation of microcommand appointment.Execution logic circuit 328 (for example comprises logical circuit, equipment or microcode, microcommand (micro instruction) or local instruction (local instruction)), also or the assembly of logical circuit, equipment, microcode, or the equivalent unit (equivalent element) of the assigned operation that is provided by instruction.The unit that is used for executable operations in execution logic circuit 328 can be shared with other circuit of other instructions that are used for carrying out microprocessor 301, microcode etc.Execution logic circuit 328 comprises a password unit 316.Needed data when password unit 316 receives the Password Operations of carrying out appointment from be written into logical circuit 314.Microcommand indication password unit 316 is carried out concrete Password Operations, and produces the block of corresponding a plurality of output this paper (output text) 327 on a plurality of input this paper 326.Password unit 316 comprises logical circuit, equipment or microcode (for example, instruction or local instruction), also or the assembly of logical circuit, equipment, microcode, or is used to carry out the equivalent unit (equivalent element) of Password Operations.The unit that in password unit 316, is used for carrying out Password Operations also can by be used to carry out microprocessor 301 other can other circuit, microcode etc. share.In one embodiment, password unit 316 and other performance element (not shown) parallel work-flows in execution logic circuit 328, these performance elements for example are integer unit (integer unit), floating point unit (floating point unit) etc.In one of application of the present invention embodiment, so-called " unit " (for example comprises logical circuit, equipment or microcode, microcommand or local instruction), also or the combination of logical circuit, equipment, microcode, or be used to carry out the equivalent unit of specific function or specific operation.In discrete cell, being used for carrying out concrete function or concrete operation can be waited to share by other functions that are used to carry out microprocessor 301 or other circuit, microcode.For example in one embodiment, integer unit comprises logical circuit, equipment or microcode (for example, instruction or local instruction), also or the assembly of logical circuit, equipment, microcode, or is used for carrying out the equivalent unit of integer instructions.One floating point unit comprises logical circuit, equipment or microcode (for example, instruction or local instruction), also or the assembly of logical circuit, equipment, microcode, or is used for carrying out the equivalent unit of floating point instruction.The unit that is used for carrying out integer instructions can be shared with other circuit, microcode etc. that are used to carry out the floating point instruction of floating point unit.In one embodiment, it is compatible with the x86 framework, a password unit 316 and an x86 integer unit (integral unit), an x86 floating point unit, an x86 multimedia are extended collection (Multi-media Extensions, MMX) unit, an x86 crossfire extend collection (Streaming SIMD Extensions, SSE) unit parallel work-flow.According to scope of the present invention, if can correctly carrying out, an embodiment specifies in a plurality of application programs of carrying out in the x86 microprocessor, this embodiment is compatible with the x86 framework so.If an application program can obtain expected results, this application program has just correctly been carried out so.The compatible embodiment of interchangeable x86 can think the password unit with subclass (subset) parallel work-flow of aforesaid x86 performance element.Password unit 316 is connected to stored logic circuit (store logic) 317, and the block of corresponding a plurality of output this paper 327 is provided.Stored logic circuit 317 is also connected to data and gets 315 soon, and its data that will export this paper 327 directs into systematic memory body 321 and stores.Along with after the Password Operations of appointment finishes, write back logical circuit (write back logic) 318 and be updated in the buffer 308-313 in the buffer group 307.In one embodiment, microcommand flows through each aforesaid logical circuit stage 302,303,304,307,314,316,318, and synchronous with a clock signal (not shown), make operation can be simultaneously with on distribution very the mode of similar operation carry out.
In systematic memory body 321, one needs the Password Operations of appointment can indicate the application program of microprocessor 301 via a single cipher instruction (cryptographic instruction) 322 executable operations, and being used as tell-tale cipher instruction 322 here is cipher instructions (XCRYPT) 322.Calculate among the microprocessor embodiment at a sophisticated vocabulary, cipher instruction 322 comprises that one specifies the instruction of a Password Operations.Calculate among the microprocessor embodiment at reduced instruction set computer, above-mentioned cipher instruction 322 comprises that one specifies the microcommand of a Password Operations.In one embodiment, above-mentioned cipher instruction one of uses in the instruction set architecture (instruction set architecture) that exists idle (spare) or untapped ordering calculation sign indicating number (instruction opcode).In the compatible embodiment of an x86, above-mentioned cipher instruction 322 (for example repeats preposition (REP prefix) for comprising an x86,4 bytes (byte) instruction 0xF3), then for 2 byte oriented operands (opcode) of untapped x86 (for example, 0x0FA7), then be to be described in detail in one of the used concrete block cipher mode of the Password Operations of carrying out appointment.In one embodiment, cipher instruction 322 of the present invention can preferentially be weaved in the system of the application program that is provided and be instruction repertorie stream (program flow), and it is directly by application program or under the control of operating system 320 and offer microprocessor 301.Indicate microprocessor 301 to carry out the Password Operations of appointment owing to only need an instruction 322, so finishing of this computing can be entirely known to the operating system 320.In operation, operating system 320 is called an application program and is carried out in microprocessor 301.The part of the instruction stream the term of execution of as application program, the extraction logic circuit 302 in the memory body 321 provides a cipher instruction 322.But, before carrying out cipher instruction 322, indication microprocessor 301 in program flow comes the content among the initialization buffer 308-312, make its point to memory body 321 in position 323-327, memory body 321 comprises a cipher control word (cryptographic control word) 323, one initialization key or a key list 324, an initialization vector 325 (if desired), the input this paper (input text) 326 that is used to operate and output this paper (output text) 327.Need be before carrying out cipher instruction 322 initialization buffer 308-312, because cipher instruction 322 is the buffer 308-312 that consult with additional buffer 313 with containing, wherein additional buffer 313 comprises a block count (block count), and it is the data blocks number in the input this paper zone 326 that will encrypt or decipher.Thereby translation logic circuit 303 obtains cipher instruction 322 from extraction logic circuit 302, and it is translated to corresponding microinstruction sequence (sequence), and microinstruction sequence indication microprocessor 301 is carried out the password edit operation of appointment.Especially, first a plurality of microcommand 305-306 indication password units 316 in corresponding microinstruction sequence are written into data from be written into logical circuit 314, and beginning the specifying number of password bout, to produce a corresponding output data blocks, and above-mentioned corresponding output data is provided for stored logic circuit 317, gets soon in the 315 output this paper zones (output text area) 327 that are stored in the memory body 321 via data.Other operations that other performance element (not shown) one of in corresponding microinstruction sequence in second a plurality of microcommand (not shown) indication microprocessors 301 come the Password Operations of complete appointment, non-framework buffer (non-architectural registers) (not shown) that for example comprises interim sum counter as a result (counter), the renewal of input and output index buffer (pointer register) 311-312, the renewal of the initialization vector index buffer 310 (if desired) of the encrypt/decrypt of the block of input this paper 326, the processing of interruption etc.In one embodiment, buffer 308-313 is the framework buffer, and framework buffer 308-313 is that (Instruction Set Architecture, ISA) buffer of middle definition is used for the special microprocessor that it will be implemented at instruction set architecture.
In one embodiment, password unit 316 is divided into a plurality of stages, thereby allows the continuous input this paper block 326 of pipelineization (pipelining).
The schematic diagram 300 of Fig. 3 is to be used for illustrating necessary unit of the present invention, yet for the sake of clarity, a plurality of logical circuits in microprocessor 301 are now ignored from calcspar 300.But the personnel that know this technology can understand that all according to this concrete enforcement, little now processing 301 comprises many stages and logic circuit unit (logic element), for the sake of clarity, is to have summarized some herein.For example, be written into logical circuit 314 and can integrate the address generation stage (addressgeneration stage), it is and then one to get the interface stage (cache interface stage) soon, then is a fast line taking collection calibration phase (cache line alignment stage) again.But, the major issue of noting is the complete Password Operations on the block of a plurality of input this paper 326, indicate a single instrction 322 by the present invention, the operation of this single instrction 322 is led to (transparent) more thoroughly for operating system 320, and its execution is to finish via the password unit 316 of an appointment, and wherein password unit 316 can be operated with other performance elements in the microprocessor 301 parallel and harmoniously.The present inventor thinks that the password unit 316 that is provided in an embodiment is similar to the special-purpose floating point unit hardware in the known microprocessor.The operation of password unit 316 and relevant cipher instruction 322 fully with former operating system 320 and when using operation compatible fully, following meeting is described in more detail.
Seeing also shown in Figure 4ly now, is the embodiment schematic diagram of one of the present invention elementary cell cipher instruction 400.Cipher instruction 400 comprise the preposition field of a selectivity (optional prefix field) 401, then for repeat preposition field (repeat prefix field) 402, its then for operation code field (opcode field) 403, it then is block cipher mode field (block cipher modefield) 404 again, in an embodiment, the content of field 401-404 is compatible with the x86 instruction set architecture, and other embodiment are compatible with other instruction set architectures.
During operation, the master microprocessor (host microprocessor) that the preposition field 401 of selectivity can be used in many instruction set architectures has certain processing feature (procssing feature), for example indicates the concrete memory body fragment (memory segment) of the operation of 16 bits (16-bit) or 32 bits, indication processing (directing processing) or access etc.Repeating preposition field 402 expressions is reached at a plurality of input data blocks (for example plaintext or ciphertext) by the Password Operations of cipher instruction 400 appointments.Repeat preposition field 402 also with containing indication one suitable (comporting) microprocessor use wherein a plurality of framework buffers, with index (pointer), wherein comprise in this systematic memory body and finish needed keying material of concrete Password Operations and parameter as the systematic memory body position.As mentioned above, in the compatible embodiment of an x86, the value that repeats preposition field 402 is 0XF3.And according to x86 framework agreement (protocol), cipher instruction is (for example, REP.MOVS.) very similar with x86 repeated strings instruction (repeat string instruction) in form.For example, when by the compatible microprocessor of x86 of preferred embodiment of the present invention when performed, this repeats preposition field (repeat prefix) is to consult a block count variable (block count variable), an one source address indicator (source address pointer) and a destination address index (destination addresspointer), wherein the block count variable is to be stored among the framework buffer ECX, and source address indicator (pointing to the input data that (pointing) is used for Password Operations) is to be stored in buffer ESI, and destination address index (pointing to the output data zone of memory body) is to be stored among the buffer EDI.In the compatible embodiment of an x86, the present invention consults the control word index (control word pointer) that is stored among the buffer EDX, is stored in the key index (cryptographic key pointer) among the buffer EBX and is stored in initialization vector (if the cipher mode of appointment needs) index among the buffer EAX.
Operation code field 403 specifies (specified) microprocessors finishing a Password Operations, is when further indicating in the control word one of in being stored in memory body, and wherein this memory body is consulted by the control word index with containing.The present invention preferably operation code field 403 as idle one of in an existing instruction set architecture or do not use opcode value, so that compatible with previous operating system (legacy operating system) in a compatible little processing operation field with the application software maintenance.For example, as mentioned above, the compatible embodiment of one of operation code field 403 x86 uses numerical value 0x0FA7 to carry out concrete Password Operations.Block cipher mode field 404 specifies in the applied special block cipher mode of concrete (specified) Password Operations therebetween, illustrates below in conjunction with Fig. 5.
Fig. 5 is the block cipher mode field value table 500 of one of the elementary cell cipher instruction of Fig. 4 embodiment.But the operation of numerical value 0xC8 designated pin is so that finish with the code book pattern.But the operation of numerical value 0xD0 designated pin is finished to use password area block chaining pattern.But the edit operation of numerical value 0xE0 designated pin realizes to use the cipher feedback pattern.But and numerical value 0xE8 designated pin operation, (Output Feedback, OFB) pattern realizes to use the output feedback.The every other value of block cipher mode field 404 keeps.In the FIPS file of mentioning in front these patterns had been described.
Seeing also shown in Figure 6ly now, is the calcspar that one of describes in the compatible microprocessor 600 of x86 of the present invention password unit 617 in detail.Microprocessor 600 comprises extraction logic circuit (fetchlogic) 601, and it can take out instruction and carry out from the memory body (not shown).Extraction logic circuit 601 is connected to translation logic circuit 602.Translation logic circuit 602 comprises logical circuit, device or microcode (for example: microcommand or local instruction), and perhaps the assembly of logical circuit, circuit, device or microcode or other are used for instruction is translated to the equivalent unit of relevant microinstruction sequence.Be used for can sharing with other circuit, microcode etc. in the unit that translation logic circuit 602 is translated, these circuit, microcode are used for carrying out other functions of microprocessor 600.Translation logic circuit 602 comprises transfer interpreter 603, is connected to microcode ROM (microcode ROM) 604, cipher feedback mode logic circuit 640, is connected in transfer interpreter 603 and the microcode ROM 604.Interrupt logic circuit (interrupt logic) 616 is connected to translation logic circuit 602 via bus-bar (bus) 628.A plurality of software and hardware interrupt signals (interrupt signal) 627 handled by interrupt logic circuit 626, and interrupt logic circuit 626 can be indicated the unsettled interruption (pending interrupts) of translation logic circuit 602.Translation logic circuit 602 is connected to the successive stages of microprocessor, comprises buffer stage (register stage) 605, address phase (address stage) 606, is written into the stage (load stage) 607, execution phase (execute stage) 608, storage stage (store stage) 618 and write back the stage (write back stage) 619.Each successive stages comprises the logical circuit of realizing special function, those logical circuits of finishing special function are relevant with the execution of the instruction that extraction logic circuit 601 provides, as for the unit of same name in the microprocessor of consulting among Fig. 3, discussed the front.The embodiment 600 that x86 described in Fig. 6 is compatible is characterized in the execution logic circuit 632 in the execution phase 608, and wherein the execution phase 608 comprises parallel execution unit (execution units) 610,612,614,616,617.One integer unit (integer unit) 610 receives integer microcommand (integer micro instruetions) and carries out from microcommand queue (micro instruction queue) 609.One floating point unit (floating point unit) 612 receives floating point microinstruction (floating point micro instructions) and carries out from microcommand queue 611.One multimedia extension collection unit 614 receives multimedia extension collection microcommand and carries out from microcommand queue 613.A string curtain coating is stretched collection unit 616 and is received crossfire extend to collect microcommand and carry out from microcommand queue 615.In embodiment x86 embodiment, password unit (cryptography unit) 617 is written into bus-bar (load bus) 620, one halt signal (stall signal) 621 and one storage bus-bar (store bus) 622 via one and is connected to crossfire extension collection unit 616.Password unit 617 is shared the microcommand queue 615 that crossfire extends the collection unit.In an interchangeable embodiment, password unit 617 can use the mode similar to unit 610,612,614 and carry out unit parallel work-flow (stand-alone parallel operation).Integer unit 610 is connected in x86 flag (EFLAGS) buffer 624.The flag buffer comprises an X bit (bit) 625, this moment the flag buffer can be considered as be a bit buffer, its state can be set to the current Password Operations of whether handling, and in one embodiment, X bit 625 is the 30th bits of an x86 flag buffer 624.In addition, but the special buffer of integer unit 610 accesses, one machine (machine specific register) 628 is estimated the state of an E bit 629.Whether the state of E bit 629 refers to password unit 617 and appears in the microprocessor 600.Integer unit 610 access-D bit 631 also in-feature control buffer 630 is controlled the running (can operate or decommission) of password unit 617.As the microprocessor embodiment 301 among Fig. 3,600 characterization units of microprocessor among Fig. 6 are explanation the present invention necessary members in the compatible embodiment of x86, and for brevity, summarize or ignore other unit of microprocessor, certainly, knowing this operator can understand, also need other unit to finish interface (interface), for example, data is got (datacache) (not shown) soon, bus-bar interface unit (bus interface unit) (not shown), clock pulse produces (clock generation) and distributed logic circuit (distribution logic) (not shown) etc.
During operation, instruction is to provide from the memory body (not shown) by extraction logic circuit 601, and will synchronously offer translation logic circuit 602 with a clock pulse signal (not shown).Translation logic circuit 602 translates to a corresponding microinstruction sequence (sequence) with each instruction, and this microinstruction sequence synchronously offers later stages (subsequentstage) 605-608,618,619 of microprocessor 600 then with clock signal.Each microcommand in microinstruction sequence can be indicated the execution of finishing one of required child-operation of whole operation, above-mentioned whole operation can (for example be specified by a corresponding instruction, the buffer (not shown) that one of is produced address, appointment from the buffer stage 605 by address phase 606 obtains, is added on two operands (operands) in the integer unit 610, in memory body, performance element 610,612,614,616,617 one of them result that produced by stored logic circuit 618 in memory body) etc.When instructing when translating, translation logic circuit 602 is used transfer interpreter 603 and is directly produced microinstruction sequence, perhaps it can take out microinstruction sequence from microcode ROM 604, also or its can use transfer interpreter 603 and directly produce the part of microinstruction sequence, from microcode ROM 604, take out remaining part then.Microcommand then the successive stages 605-608,618 in microprocessor 600,619 and clock pulse carry out synchronously.When microcommand arrives execution phase 608, by microcommand is inserted in the corresponding microinstruction sequence 609,611,613,615, microcommand can be by the performance element 610,612,614,616,617 of execution logic circuit 632 along operand guiding (buffer from the buffer stage 605 obtains, logical circuit from address phase 606 produces or by being written into logical circuit 607 acquisition from data is got soon) to an appointment.In one embodiment, microcommand comprises whether the expression microcommand can operate the field of executed in parallel with other.
As mentioned above, one of take out cipher instruction in order to respond, translation logic circuit 602 can produce relevant microcommand, carries out the Password Operations of appointment with the logical circuit of indication in the later stages 605-608,618,619 of microprocessor 600.One first a plurality of relevant microcommands directly are directed to password unit (cryptographic unit) 617, and indication password unit 617 is written into by being written into the data that bus-bar 620 provides, perhaps be written into the block (block) of an input data, and carry out a password bout that specifies number (cryptographic rounds) and produce an output data blocks, the one output data blocks that produces perhaps is provided, is stored in the memory body via storing bus-bar 622.One second a plurality of relevant microcommands are directed to other performance elements 610,612, needed other child-operations of the Password Operations of 614 complete appointments, for example, test E bit 629, D bit 631, the value that X bit 625 is set represents that Password Operations handles, be updated in buffer (for example, the counting buffer (count register) in the buffer stage 605, input this paper index buffer (inputtext pointer register), output this paper index buffer (output text pointerregister)), by the processing of the interruption 627 of interrupt logic circuit 626 expression etc.Relevant microcommand can be by the staggered integer unit microcommand of handling in (interlacing) password unit microinstruction sequence, and systematically Password Operations specific on a plurality of input data blocks is carried out optimized performance, make integer operation to finish with the password unit operation is parallel.The microcommand that the microcommand that relevant microcommand comprises allows unsettled interruption (pending interrupts) 627 and recovers from unsettled interruption 627.Because all indexs (pointer) of pointing to cryptographic parameter and data provide at x86 framework buffer, when handling interrupt, its state keeps, and when when interrupting returning, its state stores again.Thereby when an interruption took place, program control was converted to a corresponding interrupt service routine (interrupt serviceroutine).As the part of programme controlled conversion, it is no longer valid to remove X bit 625 expression keying materials (key data) and control word data (control word data).When one interrupts returning, it is cipher instruction and as the part of its microcommand of being correlated with that program control change backed, and the state that special microcommand is tested X bit 625 determines whether keying material and control word data be effective.If effectively, when operating in the interruption generation, it can repeat on special (particular) of the input data of handling block, if the state representation keying material of X bit 625 and control word data are no longer valid, when keying material and control word and interruption take place so, can from memory body, be written into (reloaded) again with the special input data block of handling.Generally speaking, the execution of one of the present invention cipher instruction initialization test (initial testing) that always can comprise X bit 625 is determined the keying material in the password unit 617 and the validity of control word data.If keying material and control word data are no longer valid, loading secrete key data and control word data again from memory body so.Be written into then by the content of input pointer buffer and one of point to the input data block, and in data blocks, carry out the Password Operations of appointment.Otherwise the input data block is written into, and carries out the Password Operations of appointment, and does not have the first loading secrete key data and control word data.
If a new keying material or a new control word is provided, need before carrying out a new cipher instruction, X bit 625 be emptied so.Also consider to use the identical keying material and the continuous cipher instruction of control word data to carry out.In this case, after initial key data and control word data are written into, do not need to empty X bit 625.For example, for the performance of optimization storage bus-bar, the user can be divided into the encrypt/decrypt of 500 input data blocks 5 cipher instructions, and each cipher instruction is handled 100 input data blocks.
Cipher feedback block mode logical circuit 640 is used to carry out the Password Operations of feedback model of accessing to your password.Cipher feedback block mode logical circuit 640 allows to guarantee the microcommand that order is relevant before handling interrupt 627, and the two upgrades to the intermediate object program of index buffer and block Password Operations sequence.Cipher feedback block mode logical circuit 640 indication microcommands are inserted (inserted) in relevant micro instruction flow (flow), when making Password Operations on first block of input data finish, revise the input and output data blocks index in the memory body, point to next input and output data blocks.In addition, cipher feedback block mode logical circuit 640 indication microcommands are inserted in the relevant micro instruction flow, revise block count device (block counter), and the operation of expression Password Operations on current input data block finished.Know this operator as can be known, the Password Operations under the cipher feedback block mode can be used an initialization vector, makes with one first plaintext block to be used for producing one first ciphertext block.One forward direction Password Operations (forward cipher operation) is used for initialization vector (initialization vector) and produces one first output block.Then, carry out mutual exclusion (exclusiveoring) operation by s Must Significant Bit unit (most significant bits) and produce one first ciphertext fragment the first plaintext fragment and the first output block.The b-s bit of the first remaining output block abandons (discarded).Then, the s bit amalgamation (concatenate) with the initialization vector b-s least significant bit unit (leastsignificant bits) and the first ciphertext fragment forms one second input block etc.For (for example equaling concrete (specified) block size, 128 bits, 192 bits or 256 bits) the s value, by to the one first expressly block and first output onblock executing mutual exclusion (exclusive-oring) operation, produce one first ciphertext block.And do not lose any bit, and the first ciphertext block is as an initialization vector equivalent (equivalent), to form one second input block etc.Like this, cipher feedback block mode 640 recognition codes feedback block mode password, and be provided as the microinstruction sequence of the index in the new architecture buffer more, to guarantee that suitable ciphertext block is as the initialization vector equivalent for ensuing first block of block expressly.
For the deciphering of cipher feedback block mode, know this operator as can be known, be used for producing with the first plaintext block with making with initialization vector with the first ciphertext block.One forward direction Password Operations (forwardcipher operation) is used for initialization vector and produces with the first output block.By carrying out mutually exclusive operation, produce one first plaintext fragment then by s highest significant position unit to the first ciphertext fragment and the first output block.The b-s least significant bit unit of the first remaining output block abandons.Subsequently, the s bit of the b-s least significant bit of the initialization vector unit and the first ciphertext fragment is carried out the family scold or operate and form second and import block, or the like.() s value for example, 128 bits, 192 bits or 256 bits is by scolding the first ciphertext block and the first output onblock executing family or producing one second input block etc. for equaling a concrete block size.Correspondingly, the deciphering of cipher feedback block mode logical circuit 640 recognition codes feedback block mode, and when its corresponding plaintext block produces, the microinstruction sequence of temporary each ciphertext block is provided, and then, temporary ciphertext block is write the memory body zone of being pointed to by initialization vector index buffer, make it can during producing next block expressly, be used as the equivalent of an initialization vector.
See also shown in Figure 7ly now, be shown in field in the embodiment microcommand 700 and indicate codon operation in the microprocessor in Fig. 6.Microcommand 700 comprises a little operation code field (micro opcode field) 701, one data buffer field (data register dield) 702 and one buffer field (register field) 703.Little operation code field 701 specifies one of will carry out special child-operation, and specifies in the microprocessor 600 at least one logical circuit to carry out child-operation.The occurrence of little operation code field 701 (specific values) specifies the indication microcommand to be carried out by password unit of the present invention.In one embodiment, two concrete values are arranged.One first value is written into (XLOAD) and specifies the data that will obtain from a memory body position, and this memory body location address is illustrated by the content of (denoted) framework buffer of the content representation of a data buffer field 702.Data is loaded into one by in the buffer in the password unit of the content appointment of buffer field 703.The data that is obtained (for example, keying material, control word, input this paper data, initialization vector) offers password unit.Second value of little operation code field 701 stores (XSTOR) and specifies the data that is produced by password unit to deposit a memory body position in, and the address of this memory body position is specified by the content of one of the represented framework buffer of the content of a data buffer field 702.In the multistage of password unit embodiment, the content of buffer field 703 specifies one of them a plurality of output data blocks to be stored in the memory body.The output data blocks that is provided by the password unit in the data field 704 is used for the access of stored logic circuit.Carry out by password unit of the present invention about being written into and storing microcommand, more specifically consult Fig. 8 and Fig. 9 explanation below the details.
See also shown in Figure 8ly, table 800 is to describe the value that one of the form 700 be used for Fig. 7 is written into the buffer field 703 of microcommand.As previously mentioned, the reaction of translating as cipher instruction produces a microinstruction sequence.This microinstruction sequence is made of one first a plurality of microcommands and one second a plurality of microcommands.First a plurality of microcommands are carried out by password unit indication, and second a plurality of microcommands are by at least one the parallel function element in the microprocessor, rather than password unit is carried out.Second a plurality of microcommands indication child-operations (for example, refresh counter, buffer, framework buffer) and test and state bit in the machine-specific buffer etc. is set.First a plurality of instructions provide keying material, cryptographic parameter and input data to password unit, indicate password unit to produce key list (perhaps being written into the key list that obtains from memory body) then, be written into input this paper data or its enciphering/deciphering and storage are exported this paper data.Provide one to be written into microcommand and to be written into control word data, loading secrete key or key list, to be written into the initialization vector data, to be written into input this paper data, to be written into input this paper data and to indicate password unit to begin the Password Operations of an appointment to password unit.At a value 0b010 indication password unit that is written in the buffer field 703 of microcommand one control word is written into its internal control word buffer.Along with the processing of this microcommand in pipeline (pipeline), access one buffer one of in the stage framework control word index buffer obtain control word and be stored in address in the memory body.For the memory body access, address logic circuit is a physical address (physical address) with address translation.Be written into logical circuit and from get soon, take out control word and control word is placed in the data field 704, then data field 704 is passed to password unit.Equally, the input data that provides in the data field 704 is provided buffer field value 0b100 indication password unit, and, after it is written into, begin the Password Operations of appointment.Identical with control word, input data comes access via an index that is stored in the framework buffer.Value 0b101 indication is loaded into inner buffer 1 input-1 (IN-1) with the input data that provides in the data field 704.The data that is loaded in the buffer of input-1 can be an input this paper data (as pipelineization (pipelining)) or an initialization vector.Value 0b110 and 0b111 indicate the low bit (lower bits) and the high bit (upper bits) of one of them key in the key list that a password unit loading secrete key or a user produced respectively, according to the present invention, the user is defined as and carries out a concrete function or concrete operation.The user can be application program, operating system, machine or people.Thereby in one embodiment, be to produce by application program by the key list that the user produced.In an interchangeable embodiment, the user produces key and is produced by the people.
In one embodiment, buffer field value 0b100 and 0b101 consider that one has two stage password unit, can carry out the pipeline processing via continuous input this paper data blocks.Thereby, want two continuous input data blocks of pipelineization, need to carry out first and be written into microcommand, produce one of input-1 first input this paper data blocks, then be written into microcommand for carrying out second, produce one of input-0 second input this paper data blocks, and the indication password unit is carried out the Password Operations of appointment.
Be used to carry out Password Operations if the user produces key list, produce number of keys in the key list corresponding to the user so, some are written into microcommand are directed to password unit, indicate each the bout key in this unit loading secrete key table.
Keep in an every other value that is written into the buffer field 703 in the microcommand.
See also Fig. 9, table 900 is depicted as the value that buffer field 703 is used for storing according to one of Fig. 7 form 700 the buffer field 703 of microcommand.One storage microcommand is that issue (issued) indicates it that (for example, encrypt or decipher) output this paper block that produces is provided in password unit, locates with the address that is provided in the address field 702 of stored logic circuit in being stored in memory body.Correspondingly, one of corresponding input this paper block be written into the microcommand issue after, translation logic circuit issue one of the present invention stores microcommand and is used for special output this paper block.The value 0b100 indication password unit of buffer field 703 provides output this paper block, is used for the stored logic circuit with relevant inside output-0, output-0 buffer and stores.Equally, the content of inner output-1 buffer is to be consulted by buffer field value 0b101 conduct, and is relevant with the input this paper data that offers input-1.Correspondingly, control word data and key be written into after, one a plurality of input this paper blocks can be by the releasing pin microcommand and by password unit and by pipelineization, it is in proper order for to be written into. input-1, be written into. input-0 (be written into. input-0 also indicates password unit to begin Password Operations), store. output-1, store. output-0, be written into. input-1, be written into. input-0 (beginning following two operations of importing this paper blocks) etc.
Seeing also Figure 10 now, is the schematic diagram that is used for specifying one of the cryptographic parameter embodiment control word format (control word format) 1000 of Password Operations of the present invention.Control word 1000 is gone in the memory body by user program (programmed), and before carrying out Password Operations, and its index (pointer) one of is offered in one compatible (conforming) microprocessor in the framework buffer.Correspondingly, as with the part of a corresponding microinstruction sequence of supplying with of cipher instruction, one be written into microcommand issue the framework buffer of indicating microprocessor to read to comprise index, with index be converted to entity memory address (physical memory address), from memory body (memory) (getting (cache) soon) acquisition control word 1000, and the internal control word buffer that control word 1000 is loaded into password unit.Control word 1000 comprises that one keeps (RSVD) field 1001, keys sizes (KSIZE) field 1002, an encrypt/decrypt (E/D) field 1003, an intermediate object program (IRSLT) field 1004, key generation (KGEN) field 1005, an algorithm (ALG) field 1006 and bout counting (RCNT) field 1007.
The all values that is used to keep field 1001 all keeps.The content of keys sizes field 1002 is specified and is used for finishing the cipher key size of encrypting or deciphering.In one embodiment, keys sizes field 1002 is specified one 128 bit keys, one 192 bit keys or one 256 bit keys.Encrypt/decrypt field 1003 designated pins are operating as encryption or are decryption oprerations.Key produces in the field 1005 expression memory bodys whether produce key list (key schedule) by the user, and whether a single key is perhaps arranged in the memory body.If a single key is arranged, microcommand is along with key is published to password unit together so, and according to the cryptographic algorithm that the content by algorithm field 1006 specifies, the indication password unit is a key list with cipher key spreading.In one embodiment, algorithm field 1006 detail file encryption standard algorithms, triple data encryption standard algorithm or advance rank encryption standard algorithm as shown here.Interchangeable embodiment considers other cryptographic algorithms, for example Rijndael Cipher, Twofish Cipher etc.The content of bout counting field 1007 specifies specific algorithm will finish the number of the password bout of each input this paper block.Though above-mentioned standard is specified the number of the password bout of each input this paper block,, the permission programmer (programmer) that provides of bout counting field 1007 changes the number of bout by standard.In one embodiment, parameter can be appointed as each block 0 to 15 bout.At last, the description of contents of intermediate object program field 1004, standard according to the cryptographic algorithm of appointment in ALG1006, whether explanation will carry out the password/deciphering of input this paper block, perhaps for the bout number of the appointment in RCNT1007, for the bout of the appointment in RCNT1007 (wherein, the last bout that carries out produces an intermediate object program, rather than the end product of the algorithm of appointment in the algorithm field 1006) number, whether to carry out encrypt/decrypt.Know this operator as can be known, except performed Password Operations in the one bout in the end, many Password Operations are carried out identical child-operation during each bout.Thereby what intermediate object program field 1004 programming was produced is not an end product but intermediate object program allows the programmer to verify the intermediate steps of the algorithm of enforcement like this.For example, increase the implementation status that intermediate object program is come verification algorithm, its can by at this paper onblock executing one password bout, carry out two bouts in same block then, three bouts or the like obtain then.Provide the ability of bout able to programme and intermediate object program make the user can the authentication password implementation status, fault solves with investigation alternate key framework and bout counting.
Consult now shown in Figure 11, the calcspar of expression the present invention one password unit 1100.Password unit 1100 comprises a little operation code buffer (micro opcode register) 1103, receives password microcommand (for example being written into and storing microcommand) via a microcommand bus-bar (micro instruction bus) 1114.Password unit 1100 also has a control word buffer (control wordregister) 1104, one input-0 buffer 1105 and imports-1 buffer 1106, a key-0 buffer 1107, and a key-1 buffer 1108.Data is written into bus-bar 1111 via one and supplies with buffer 1104-1108, and is specified as the content that is written into microcommand in microcommand buffer 1103.Password unit 1100 more comprises block cryptologic circuit (block cipher logic) 1101, be connected on all buffers of 1103-1108, and it is also connected in the key random access memory (RAM) 1102.Block cryptologic circuit provides a halt signal (stall signal) 1113 and block result for output-0 buffer 1109 and output-1 buffer 1101.Output buffer 1109-1110 guiding (route) aforementioned content stores continuous stages in bus-bar 1112 to compatible (conforming) microprocessor via one.In one embodiment, microcommand buffer 1103 is 32 bit sizes, and each remaining buffer 1104-1110 is 128 bit buffers.
During operation, the password microcommand offers microcommand buffer 1103 with the data for control word memory body 1104, input buffer 1105-1106 one of them or one of them appointment of key buffer 1107-1108.Among the embodiment that is discussed in Fig. 8 and Fig. 9, control word at first is written into microcommand via one and is loaded in the control word buffer 1104.Then, via continuous microcommand loading secrete key or the key list of being written into.If be written into 128 bit keys, provide one to be written into and to specify buffer key-01107 so.If the key that is written into is greater than 128 bits, so,, provide one to be written into microcommand and to specify buffer key-01107 with a buffer key-11108 that is written into the microcommand appointment.Produce key list if be written into a user, provide the continuous microcommand that is written into to specify buffer key-0 1107 so.Each key that is written into from key list is placed in order in the key random access memory 1102 and uses during its corresponding password bout.Next, input this paper data (if not needing initialization vector) is written into input-1 buffer 1106.
Initialization vector if desired, initialization vector is loaded in input-1 buffer 1106 via being written into microcommand so.One of input-0 buffer 1105 is written into microcommand indication password unit and is written into input this paper data to input-0 buffer 1105, and begin to carry out the password bout of the input this paper data in the buffer input-1105, according to the parameter that content provided, use in input-1 or at input buffer 1105-1106 among both (if input data pipelineization) by control word buffer 1104.One receives the microcommand that is written into of specifying input-01105, and block cryptologic circuit begins to carry out the Password Operations by the appointment of control word content.If desired single key is expanded (expansion), so above-mentioned block cryptologic circuit produces each key in key list, and these keys are deposited in the key random access memory 1102.No matter whether block cryptologic circuit 1101 produces a key list, perhaps whether key list is written into from memory body, the key that is used for first leg is got (cached) soon at block cryptologic circuit 1101, make and to handle the first block password bout, and needn't carry out access key random access memory 1102.In case be triggered (initiated), block cryptologic circuit continues to carry out the designated pin operation at least one input block, up to finishing of operation, and from key random access memory 1102, take out the bout key continuously by accessing to your password algorithm.Password unit 1100 is carried out at one of input this paper of appointment block concrete block Password Operations.The execution that is written into and stores microcommand continuously by correspondence comes continuous input onblock executing is encrypted or deciphering.After a storage microcommand is carried out, if the output data of appointment (for example output-0 or output-1) is not also finished generation (generation), block cryptologic circuit will be judged (asserts) halt signal 1113 so.In case the output data generates and insert a corresponding output buffer 1109-1110, the content of buffer 1109-1110 will be transferred to and store bus-bar 1112 so.
Seeing also shown in Figure 12ly now, is that block cryptologic circuit of the present invention 1200 is according to advancing the embodiment calcspar that rank encryption standard algorithm is carried out Password Operations.Block cryptologic circuit 1200 comprises bout engine (round engine) 1220, via bus-bar 1211-1214 and bus-bar 1216-1218, is connected to bout engine controller (round engine controller) 1210.1210 pairs of microcommand buffers 1201 of controller, control word buffer 1202, key-0 buffer 1203 and key-1 buffer 1204 carry out access, come access keys data, microcommand and indicated Password Operations parameter.The content of input buffer 1205-1206 offers bout engine 1220, and simultaneously, bout engine 1220 provides a corresponding output this paper (output text) for output buffer 1207-1208.Output buffer 1207-1208 is also via bus-bar 1216-1217, be connected to bout engine controller 1210, make the bout engine controller carry out access to the result of each continuous password bout, this result offers bout engine 1220 via bus-bar NEXTIN 1218 and carries out the Next Password bout.Key in the key random access memory (not shown) comes access via bus-bar 1215.Encrypt/decrypt signal 1211 indication bout engines are used child-operation and are carried out password (for example, S-BOX) or deciphering (for example, anti-S-BOX).Rank encryption standard bout is advanced in content indication bout engine 1220 execution one first of bout counting bus-bar 1212, a centre is advanced rank encryption standard bout or and finally advanced rank encryption standard bout.One of produced key list according to the key that is provided by bus-bar 1213, the signal key generates 1214 and will be determined (asserted) and indicate bout engine 1220.When the corresponding bout of key bus-bar 1213 was carried out, key bus-bar 1213 also was used for providing each bout key to bout engine 1220.
Bout engine 1220 comprises the first key xor logic circuit 1221, is connected to one first buffer temporary-0 1222.First buffer 1222 is connected to S-BOX logical circuit 1223, and it is connected to and moves column logic circuitry (shift row logic) 1224, and this moves column logic circuitry 1224 and is connected to one second buffer temporary-11225.Second buffer 1225 is connected to and mixes hurdle logical circuit (mixcolumn logic) 1226, and it is connected to one the 3rd buffer temporary-2 1227.Dispose the first cipher key logic circuit 1221, S-BOX logical circuit 1223, move column logic circuitry 1224 and mixed hurdle logical circuit 1226 carry out (like-named) child-operation of the same name in input this paper data, foregoing to advance rank encryption standard algorithm FIPS standard illustrated.In addition, the mixed hurdle logical circuit 1226 of configuration carries out rank encryption standard algorithm mutual exclusion function on input data during middle bout, and bout key that is provided by key bus-bar 1213 is provided for it.Also specify the first cryptologic circuit 1221, S-BOX logical circuit 1223, to move column logic circuitry 1224 and mixed hurdle logical circuit 1226 between the decryption period, via the indication of the state of encrypt/decrypt signal 1211, instead accordingly advance rank encryption standard algorithm child-operation and carry out it.Know this operator as can be known,,, middle bout data is fed back to bout engine 1220 via the content of control word buffer 1202 according to the special block cipher mode of appointment.Initialization vector data (if desired) offers the bout engine via bus-bar NEXTIN 1218.
In the embodiment shown in fig. 12, the bout engine is divided into two stages: the second stage between the phase I between temporary-0 1222 and temporary-1 1225 and temporary-1 1225 and temporary-2 1227.Middle bout data and clock signal (clock signal) (not shown) between two stages with pipelineization (pipelined).When the Password Operations of input data block is finished, relevant output data is put into a corresponding output buffer 1207-1208.One execution that stores microcommand is called one and is specified the content of output buffer 1207-1208 to offer storage bus-bar (store bus) (not shown).
Seeing also shown in Figure 13ly now, is the present invention keeps the cryptographic parameter state during an interrupt event method flow diagram.Flow chart starts from square 1302, at this moment, and microprocessor execution command stream of the present invention.As described herein, instruction stream is not to comprise a cipher instruction.Flow process proceeds to decision block 1304 then.
In decision block 1304, make an estimate and determine whether an interrupt event to take place (for example, (maskable interrupt) interrupted in shielding, (non-maskable interrupt), page fault (page fault), Task Switching (task switch) etc. are interrupted in non-shielding), need the change instruction to flow to an instruction stream (" interrupt handler (interrupt handler) ") and come the handling interrupt incident.If flow process proceeds to square 1306 so.If not, flow process jumps to decision block 1304 so.Wherein instruction continues to carry out, up to an interrupt event takes place.
At square 1306 places, because before program control is converted to corresponding interrupt handler, an interrupt event takes place, so interrupt logic circuit of the present invention indication empties the X bit in the flag buffer (flag register).The emptying of X bit guaranteed when interrupt handler returns, if a block Password Operations is handled, it can represent that (transpired) takes place at least one interrupt event, and control word data and keying material must be in continuing current input pointer buffer be written into (reloaded) before the block Password Operations work on the input data block of content indication again.Flow process proceeds to decision block 1308 then.
At square 1308, all framework buffers that comprise index (pointers) sum counter (counters) relevant with block password execution of the present invention are to deposit memory body in.Know this operator as can be known, the depositing in of framework buffer typically, is that control transformation is finished at a data calculation element that provides before for interrupt handler.Thereby this aspect of the data framework that utilization of the present invention provides is provided at the transparency of carrying out in the whole interrupt event process.Buffer deposit in after, instruction stream proceeds to square 1310.
At square 1310, program flow forwards interrupt handler to.Program proceeds to square 1312 then.
At square 1312, this method is finished.Know this operator as can be known, when when interrupt handler returns, the method for Figure 13 starts from square 1302 again.
Consult Figure 14 now, describe the present invention when at least one interrupt event takes place, the method flow diagram of the concrete cipher feedback pattern Password Operations of execution one on a plurality of input data blocks.
Flow process starts from square 1402, and wherein, the cipher instruction of the present invention's one applied cryptography feedback model indication Password Operations begins to carry out.The execution of cipher instruction can at first be carried out, perhaps can be in the back execution of first execution, with the interruption result who carries out as interrupt event (for example, after carrying out an interrupt handler, program control goes back to and is cipher instruction).Flow chart proceeds to square 1404 then.
At square 1404, the data blocks in memory body by the content indication of one of the present invention input pointer buffer is to take out from memory body, and begins the Password Operations of an appointment.Employed concrete input pointer buffer is to be determined by special Password Operations (for example, encrypt or decipher).And by the block cipher mode of appointment (for example, code book, password block serial connection, cipher feedback block or output feedback block) decision.For example, the output feedback block mode of designated pin operation usefulness, the input pointer buffer that is used for the data that is written into so is for pointing to the buffer of memory body initialization vector.If the code book pattern of specifying a decryption oprerations to use, so, the input pointer buffer that is used for the data that is written into is for pointing to the next block of memory body ciphertext.If specify a cipher feedback block mode Password Operations, so, point to next expressly block buffer as the input pointer buffer, and the data blocks that is pointed to by initialization vector index buffer is used to produce a corresponding ciphertext block.If specify a cipher feedback block mode decryption oprerations, the buffer that points to next ciphertext block so will can be used as the input pointer buffer, and the data blocks that is pointed to by initialization vector index buffer can be used to produce a corresponding expressly block.Proceed to decision block 1406 then.
In decision block 1406, do an estimation and determine whether in a flag buffer, to be provided with an X bit.If be provided with the X bit, represent that so current control word and the key list that is loaded into password unit of the present invention is effective.If empty the X bit, represent that so current control word and the key list that is loaded into password unit of the present invention is invalid.As shown in figure 13, when an interrupt event took place, the X bit emptied.In addition, as mentioned above, when needs are written into a new control word or a password table, perhaps two when all being written into, need before the releasing pin instruction, execution command empty the X bit.In the compatible embodiment of an x86, use in one of the 30th bit x86 flag buffer, the X bit can by carry out one one of before the POPFD instruction PUSHFD instruct and empty.Yet, know this operator as can be known, in interchangeable embodiment, must use other to instruct and empty the X bit, if be provided with the X bit, instruction stream proceeds to square 1412 so.If the X bit empties, instruction stream proceeds to square 1408 so.
In square 1408,, need from memory body, to be written into a control word so because the X bit that has emptied represents to have taken place an interrupt event, or need be written into a new control word and/or a keying material.In one embodiment, being written into of control word stops password unit to carry out the Password Operations that square 1404 is stated in appointment before.Square 1404 in this implements one of begin Password Operations, and its supposition current control word that is written into of use and keying material are with a plurality of block Password Operations of optimization.Correspondingly, be written into the current block of input data, and begin Password Operations before the state of the X bit in checking decision block 1406.Flow chart proceeds to square 1410 then.
At square 1410, loading secrete key data from memory body (for example a key or a complete key list).In addition, input block of consulting in the square 1404 and initialization vector (or being equivalent to initialization vector) are and are written into, and begin Password Operations according to control word that newly is written into and key list.Then, flow process proceeds to square 1412.
At square 1412, do an estimation determine whether to specify a cipher feedback block mode Password Operations or-decryption oprerations of cipher feedback block mode.If specify a Password Operations, flow process proceeds to square 1420 so.If the appointment decryption oprerations, flow process proceeds to square 1414 so.
At square 1420,, produce an output block (ciphertext) according to the input block (expressly) that is written into.Flow process proceeds to square 1422 then.
At square 1414, the input data block (current ciphertext block) that is loaded into block 1404 or block 1410 is stored into an inner buffer TEMP.Flow process proceeds to square 1416 then.
At square 1416,, produce an output block (expressly) according to the input block (ciphertext) that is written into.Flow process proceeds to square 1418 then.
At square 1418, the content (current ciphertext block) of inner integer buffer TEMP is written to the memory body position of being pointed to by the content of initialization vector index buffer, makes the secret meeting of separating of subsequently ciphertext block apply to current ciphertext block with as being equivalent to-initialization vector.Flow process proceeds to square 1422 then.
Needs described in square 1414,1416 and 1418 steps are guaranteed a state, and the execution of the cipher instruction of the cipher feedback block mode of its block that allows to access to your password can at any time be interrupted.For example, in one embodiment, on any point the term of execution of a cipher instruction, page fault may take place.
At square 1422, the output block of generation is stored in the memory body.Flow process proceeds to square 1424 then.
At square 1424, revise the content of input and output block index buffer, point to next input and output block.In addition, the content of revising the block count buffer is represented the finishing of Password Operations of current input data block.In the embodiment that Figure 14 discussed, reduce the block count buffer.But, know this operator as can be known, in one embodiment, operation of the content of block count buffer (manipulation) and test (testing) can allow to import the pipeline execution of this paper block.Flow process proceeds to square 1426 then.
In decision block 1426, make an estimation and determine whether still will operate an input data onblock executing.In the present embodiment, for the purpose of illustrating, the estimation block counter determines whether it is zero.If the block that will operate not, flow process proceeds to square 1430 so.If leave the block that will operate, flow process proceeds to square 1428 so.
At square 1428, be written into the next block of input data, as the content of input pointer buffer indication.Flow process proceeds to square 1412.
At square 1430, finish this method.
Know this operator as can be known, consult square 1416,1418,1420,1422 and 1424 steps of being discussed, can come with different occurring in sequence or parallel the generation along its special flow process.
Though the present invention and purpose thereof, feature and advantage are at length to disclose as above, the present invention also comprises other embodiment.For example the present embodiment of the present invention all with the x86 framework as benchmark because the x86 framework is a framework that everybody all knew, special comparatively convenient with the explanation of x86 framework.The present invention also can be applicable on other frameworks, as PowerPC , MIPS On other diverse frameworks.
Except microprocessor itself, the present invention more can be applicable to carry out the Password Operations in the operating system components of a computer system.For example, cipher instruction of the present invention can be executed in the entity of a password unit at an easy rate, and this entity is not the part of the integrated circuit identical with microprocessor, but the part of computing system.This entity of the present invention is used for the peripheral wafer group (chipset) (as north bridge, south bridge) of microprocessor or as being exclusively used in the microprocessor of carrying out Password Operations, wherein forwards cipher instruction to (handed off) processor from host microprocessors (host microprocessor).The present invention also may be used on carrying out embedded controller (embedded controller), industrial controller (industrial controller), signal processor (signal processors), matrix processor (array processors) and any similar device of handling data.The present invention also comprises and includes only one of the element that can carry out above-mentioned Password Operations entity.Such device can be used as low cost really, lower powered standby (alternative) device is carried out Password Operations, that is, and and as the encryption/decryption process device in the communication system.For the sake of clarity, the standby processing unit described in the literary composition is a finger processor.
In addition, though the present invention discusses it with 128 bit blocks, the size that can only change buffer is used for the big block of cells of various differences, and above-mentioned buffer can have input data, output data, control word.
In addition, though the present invention uses is data encryption standard algorithm, triple data encryption standard algorithm and advances rank encryption standard algorithm, but, the present inventor states that foregoing invention comprises more lost block cryptographic algorithm, for example MARS cipher, Rijndael cipher, Twofish cipher, Blowfish Cipher, Serpent Cipher and RC6 cipher.The invention provides special-purpose block encryption apparatus and the method for supporting in microprocessor, wherein elementary cell block Password Operations can call via the execution of single instruction.
Though the scope of discussing at present all shows the present invention with the correlation technique of block Password Operations and other block cryptographic functions.Note that at this present invention can be applied to other Password Operations outside the block password fully, as long as can carry out a Password Operations as encrypting or deciphering, and microprocessor comprises the password unit of a special use, after it receives cipher instruction, can carry out cryptographic function.
In addition, at the above-mentioned bout computing engines of discussing, provide two stage apparatus to come two input data blocks of pipelineization.The inventor states that the pipeline input data was not limited to for two stages in this bout computing engines, determines how many stages to decide on the stage of being cut apart in the microprocessor.
At last, support the plurality of blocks cryptographic algorithm though only limit to the single password unit at discussion of the present invention at present.Need state that at this present invention comprises a plurality of parallel password units, be connected with other executable units in the microprocessor.Wherein a plurality of password units can handle the different blocks algorithm respectively, and for example first unit is responsible for handling rank encryption standard algorithm, and second unit is responsible for handling data encryption standard algorithm or the like by that analogy.
The above, it only is preferred embodiment of the present invention, be not that the present invention is done any pro forma restriction, though the present invention discloses as above with preferred embodiment, yet be not in order to limit the present invention, any those skilled in the art, in not breaking away from the technical solution of the present invention scope, when the method that can utilize above-mentioned announcement and technology contents are made a little change or be modified to the equivalent embodiment of equivalent variations, but every content that does not break away from technical solution of the present invention, according to technical spirit of the present invention to any simple modification that above embodiment did, equivalent variations and modification all still belong in the scope of technical solution of the present invention.

Claims (19)

1、一种用于执行密码操作的装置,其特征在于其包括:1. An apparatus for performing cryptographic operations, characterized in that it comprises: 一密码指令电路,是提供一密码指令,该密码指令是由一计算装置接收作为在该计算装置中执行之一指令流之一部分,其中该密码指令指定多数个密码操作的其中之一,而被指定的该密码操作包括:A cryptographic instruction circuit for providing a cryptographic instruction received by a computing device as part of a stream of instructions executed in the computing device, wherein the cryptographic instruction specifies one of a plurality of cryptographic operations to be The cryptographic operations specified include: 多数个密码反馈区块密码操作,在相应的多数个输入本文区块上执行;Multiple cryptographic feedback block cryptographic operations are performed on corresponding multiple input text blocks; 一密码反馈区块模式逻辑电路,连接到该密码指令电路,其配置来指示该计算装置对多数个指标暂存器和每一该些密码反馈区块密码操作的中间结果二者进行更新;以及a cryptographic feedback block mode logic circuit, coupled to the cryptographic command circuit, configured to instruct the computing device to update both the plurality of pointer registers and the intermediate results of each of the cryptographic feedback block cryptographic operations; and 一执行逻辑电路,连接到该密码反馈区块指标逻辑电路,其配置来执行被指定的密码操作。An execution logic circuit, coupled to the cryptographic feedback block pointer logic circuit, is configured to perform the specified cryptographic operation. 2、根据权利要求1所述的用于执行密码操作的装置,其特征在于其中所述的被指定的密码操作更包括下列可能变化的至少一种:2. The device for performing cryptographic operations according to claim 1, wherein the specified cryptographic operations further include at least one of the following possible changes: 一密码反馈区块模式加密操作,该密码反馈区块模式加密操作包括对多数个明文区块执行加密,来产生一相应的多数个密文区块;以及a cipher-feedback block-mode encryption operation, the cipher-feedback block-mode encryption operation comprising performing encryption on a plurality of plaintext blocks to generate a corresponding plurality of ciphertext blocks; and 一密码反馈区块模式解密操作,该密码反馈区块模式解密操作包括对多数个密文区块执行解密,来产生一相应的多数个明文区块。A cipher feedback block mode decryption operation, the cipher feedback block mode decryption operation includes performing decryption on a plurality of ciphertext blocks to generate a corresponding plurality of plaintext blocks. 3、根据权利要求1所述的用于执行密码操作的装置,其特征在于其中所述的密码指令指定一密码反馈模式,以用来完成被指定的密码操作。3. The device for performing cryptographic operations as claimed in claim 1, wherein said cryptographic command specifies a cryptographic feedback mode for completing the specified cryptographic operation. 4、根据权利要求1项所述的用于执行密码操作的装置,其特征在于其更包括:4. The device for performing cryptographic operations according to claim 1, further comprising: 一位元暂存器,耦接到该执行逻辑电路,其配置来储存一位元以表示被指定密码操作是否已被一中断事件中断。A bit register, coupled to the execution logic circuit, is configured to store a bit indicating whether a designated cryptographic operation has been interrupted by an interrupt event. 5、根据权利要求4所述的用于执行密码操作的装置,其特征在于其中所述的中断事件包括将一程序控制改变为一程序流,而该程序流配置来处理该中断事件,及在一当前输入本文区块上所执行被指定的密码操作是被中断。5. The apparatus for performing cryptographic operations according to claim 4, wherein said interrupt event includes changing a program control to a program flow, and the program flow is configured to handle the interrupt event, and in A specified cryptographic operation performed on the current input text block is interrupted. 6、根据权利要求5所述的用于执行密码操作的装置,其特征在于其中所述的当从该程序控制转回到该密码指令时,就在该当前输入本文区块上执行被指定的密码操作。6. The device for performing cryptographic operations according to claim 5, wherein when the program control is transferred back to the cryptographic instruction, the specified text is executed on the current input text block. Cryptographic operations. 7、根据权利要求1所述的用于执行密码操作的装置,其特征在于其更包括下列可能变化的至少一种:7. The device for performing cryptographic operations according to claim 1, further comprising at least one of the following possible changes: 在每个该相应的多数个输入本文上的每个多数个密码反馈区块密码操作完成时,该密码反馈区块模式逻辑电路是指示该计算装置来修改该指标暂存器指向下一个输入和输出本文区块;以及Upon completion of each plurality of cipher feedback block cryptographic operations on each of the corresponding plurality of inputs, the cipher feedback block mode logic instructs the computing device to modify the pointer register to point to the next input and output this text block; and 该密码反馈区块模式逻辑电路指示该计算装置将一当前输出本文区块储存到由一初始化向量暂存器所指示之一记忆体位置。The cryptographic feedback block mode logic instructs the computing device to store a current output text block in a memory location indicated by an initialization vector register. 8、根据权利要求1所述的用于执行密码操作的装置,其特征在于其中所述的密码指令是蕴含地参阅该计算装置中的多数个暂存器。8. The device for performing cryptographic operations of claim 1, wherein said cryptographic instructions implicitly refer to a plurality of registers in the computing device. 9、根据权利要求8的用于执行密码操作的装置,其特征在于其中所述的暂存器包括下列可能变化的至少一种:9. The apparatus for performing cryptographic operations according to claim 8, wherein said register includes at least one of the following possible variations: 一第一暂存器,该第一暂存器的内容包括指向一第一记忆位址之一第一指标,该第一记忆位址指定一记忆体中之一第一位置来存取该些输入本文区块,在该些输入本文区块中来完成该些密码操作的其中之一;a first register, the content of the first register includes a first pointer pointing to a first memory address specifying a first location in a memory to access the input text blocks, and complete one of the cryptographic operations in these input text blocks; 一第二暂存器,该第二暂存器的内容包括指向一第二记忆位址之一第二指标,该第二记忆位址指定一记忆体中之一第二位置来储存一相应的多数个输出本文区块,而产生该些输出本文区块,以作为在多数个输入本文区块上完成被指定的密码操作的结果;a second register, the contents of which include a second pointer pointing to a second memory address specifying a second location in a memory to store a corresponding a plurality of output text blocks generated as a result of performing specified cryptographic operations on the plurality of input text blocks; 一第三暂存器,其中该第三暂存器的内容是指示在多数个输入本文区块中的多数个本文区块;a third register, wherein the content of the third register is indicative of a plurality of text blocks in a plurality of input text blocks; 一第四暂存器,其中该第四暂存器的内容包括指向一第三记忆位址之一第三指标,该第三记忆位址指定一记忆体中之一第三位置来存取密钥资料,在完成被指定的密码操作时使用;a fourth register, wherein the contents of the fourth register include a third pointer pointing to a third memory address specifying a third location in a memory to access the encrypted Key material, used when completing the specified cryptographic operation; 一第五暂存器,其中该第五暂存器的内容包括指向一第四记忆位址之一第四指标,该第四记忆位址指定一记忆体中之一第四位置来存取一初始化向量,在完成被指定的密码操作时使用;以及a fifth register, wherein the contents of the fifth register include a fourth pointer pointing to a fourth memory address specifying a fourth location in a memory to access a an initialization vector, to be used when performing the specified cryptographic operation; and 一第六暂存器,其中该第六暂存器的内容包括指向一第五记忆位址之一第五指标,该第五记忆位址指定一记忆体中之一第五位置来存取一控制字,在完成被指定的密码操作时使用,该控制字指定用于被指定的密码操作的多数个密码参数。A sixth register, wherein the content of the sixth register includes a fifth pointer pointing to a fifth memory address specifying a fifth location in a memory to access a A control word, which is used when performing the specified cryptographic operation, specifies a plurality of cryptographic parameters for the specified cryptographic operation. 10、根据权利要求1所述的用于执行密码操作的装置,其特征在于其中所述的该执行逻辑电路包括:10. The device for performing cryptographic operations according to claim 1, wherein said execution logic circuit comprises: 一密码单元,配置于每一该些输入本文区块上执行多数个密码回合,来产生一相应的每一该些输出本文区块,而该些密码回合是由该密码单元所提供一控制字所指定。a cryptographic unit configured to execute a plurality of cryptographic rounds on each of the input text blocks to generate a corresponding each of the output text blocks, and the cryptographic rounds are a control word provided by the cryptographic unit specified. 11、一种用于执行密码操作的装置,其特征在于其包括:11. An apparatus for performing cryptographic operations, characterized in that it comprises: 在一装置中之一密码单元,配置来执行多数个密码操作的其中之一,负责接收一指令流中之一密码指令,该指令流指定被指定的密码操作,而被指定的密码操作包括:A cryptographic unit in a device, configured to perform one of a plurality of cryptographic operations, is responsible for receiving a cryptographic instruction in an instruction stream specifying a designated cryptographic operation, the designated cryptographic operation comprising: 在一相应的多数个输入本文区块上执行多数个密码反馈区块密码操作;以及performing cryptographic feedback block cryptographic operations on a corresponding plurality of input text blocks; and 一密码反馈区块模式逻辑电路,耦接到该密码单元,配置来指示该装置对多数个指标暂存器和每一该些密码反馈区块密码操作的多数个中间结果二者进行更新。A cryptographic feedback block mode logic circuit, coupled to the cryptographic unit, configured to instruct the device to update both a plurality of pointer registers and a plurality of intermediate results of each of the cryptographic feedback block cryptographic operations. 12、根据权利要求11所述的用于执行密码操作的装置,其特征在于其中所述的一中断事件引起一程序控制转换为配置来处理该中断事件之一程序流,其中在一当前输入本文区块的被指定的密码操作执行是被中断。12. The apparatus for performing cryptographic operations according to claim 11, wherein said an interrupt event causes a program control transfer to a program flow configured to handle the interrupt event, wherein a current input text The execution of the specified cryptographic operations for the block is interrupted. 13、根据权利要求12所述的用于执行密码操作的装置,其特征在于其中所述的当该程序控制转回到该密码指令时,就在该当前输入本文区块上执行被指定的密码操作。13. The device for performing cryptographic operations according to claim 12, wherein when said program control is transferred back to the cryptographic instruction, the designated cryptographic code is executed on the current input text block operate. 14、根据权利要求11项所述的用于执行密码操作的装置,其特征在于其更包括下列可能变化的至少一种:14. The device for performing cryptographic operations according to claim 11, further comprising at least one of the following possible changes: 该密码反馈区块模式逻辑电路指示该装置,在完成相应的每一该些输入本文区块上的每一该些密码反馈区块密码操作时,修改该些指标暂存器指向下一个该些输入和输出本文区块;以及The cipher feedback block mode logic circuit instructs the device to modify the index registers to point to the next cipher feedback block cipher operations on each of the corresponding input text blocks. input and output text blocks; and 该密码反馈区块模式逻辑电路指示该计算装置,将当前该输出本文区块储存到由一初始化向量暂存器所指向之一记忆体位置。The cryptographic feedback block mode logic instructs the computing device to store the current output text block in a memory location pointed to by an initialization vector register. 15、一种在装置中执行密码操作的方法,其特征在于其包括以下步骤:15. A method of performing cryptographic operations in a device, characterized in that it comprises the steps of: 执行多数个密码操作的其中之一,以回应所接收之一密码指令,其中该密码指令指定被指定的密码操作,而该执行的步骤包括:executing one of a plurality of cryptographic operations in response to a received cryptographic command, wherein the cryptographic command specifies the designated cryptographic operation, and the steps of performing include: 在一相应的多数个输入本文区块中执行多数个密码反馈区块模式密码操作;以及performing a plurality of cryptographic feedback block mode cryptographic operations in a corresponding plurality of input text blocks; and 将一当前输入本文区块写入到一初始化向量位置,使得在随后的该些输入本文区块的其中之一上的随后该些密码反馈区块模式区块操作的其中之一使用该当前的输入本文区块,以作为一初始化向量的等效物。writing a current input text block to an initialization vector location such that one of the subsequent cipher feedback block mode block operations on a subsequent one of the input text blocks uses the current Enter this text block as the equivalent of an initialization vector. 16、根据权利要求15所述的在装置中执行密码操作的方法,其特征在于其更包括:16. The method for performing cryptographic operations in a device according to claim 15, further comprising: 将一程序控制转换为配置来处理一中断事件之一程序流,并且中断在该当前输入本文区块上被指定的密码操作的执行。Converts a program control to a program flow configured to handle an interrupt event and interrupt execution of the cryptographic operation specified on the current input text block. 17、根据权利要求16所述的在装置中执行密码操作的方法,其特征在于其更包括:17. The method for performing cryptographic operations in a device according to claim 16, further comprising: 接着该转换的步骤后,当该程序控制转回到该密码指令时,在该当前输入本文区块上实行该执行的步骤。Following the converting step, when the program control is transferred back to the cryptographic instruction, the executing step is performed on the current input text block. 18、根据权利要求15所述的在装置中执行密码操作的方法,其特征在于其中所述的接收的步骤包括:18. The method for performing cryptographic operations in a device according to claim 15, wherein the step of receiving includes: 指定一密码反馈模式解密操作,以作为被指定的密码操作。Specifies a cipher feedback mode decryption operation as the specified cipher operation. 19、根据权利要求15所述的在装置中执行密码操作的方法,其特征在于其中所述的接收的步骤包括:19. The method for performing cryptographic operations in a device according to claim 15, wherein the step of receiving includes: 在该密码指令中指定一密码反馈模式,以用于完成被指定的密码操作。A password feedback mode is specified in the password command for completing the specified password operation.
CN2005100568326A 2004-04-16 2005-03-22 Apparatus and method for performing cryptographic operations Pending CN1658550A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/826,428 2004-04-16
US10/826,428 US7529367B2 (en) 2003-04-18 2004-04-16 Apparatus and method for performing transparent cipher feedback mode cryptographic functions

Publications (1)

Publication Number Publication Date
CN1658550A true CN1658550A (en) 2005-08-24

Family

ID=35007825

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2005100568326A Pending CN1658550A (en) 2004-04-16 2005-03-22 Apparatus and method for performing cryptographic operations

Country Status (2)

Country Link
CN (1) CN1658550A (en)
TW (1) TWI268689B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017185413A1 (en) * 2016-04-29 2017-11-02 北京中科寒武纪科技有限公司 Device and method for executing hessian-free training algorithm
WO2018032379A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Untrusted remote transaction file secure storage system for block chain
CN108027867A (en) * 2015-07-14 2018-05-11 Fmr有限责任公司 Calculate efficient transfer accounts processing, audit and searcher, method and system
CN112134703A (en) * 2014-10-02 2020-12-25 华邦电子股份有限公司 Electronic device protected by improved key entropy bus
US12288064B2 (en) 2022-08-10 2025-04-29 International Business Machines Corporation Hardware-based message block padding for hash algorithms
US12411996B2 (en) 2022-08-10 2025-09-09 International Business Machines Corporation Hardware-based implementation of secure hash algorithms

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101435832B1 (en) 2007-03-19 2014-08-29 엘지전자 주식회사 Wireless protocol processing method and mobile communication transmitter in mobile communication system

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134703A (en) * 2014-10-02 2020-12-25 华邦电子股份有限公司 Electronic device protected by improved key entropy bus
CN112134703B (en) * 2014-10-02 2024-04-05 华邦电子股份有限公司 Electronic device using improved key entropy bus protection
CN108027867A (en) * 2015-07-14 2018-05-11 Fmr有限责任公司 Calculate efficient transfer accounts processing, audit and searcher, method and system
WO2017185413A1 (en) * 2016-04-29 2017-11-02 北京中科寒武纪科技有限公司 Device and method for executing hessian-free training algorithm
CN107341540A (en) * 2016-04-29 2017-11-10 北京中科寒武纪科技有限公司 A kind of apparatus and method for performing Hessian-Free training algorithms
CN107341540B (en) * 2016-04-29 2021-07-20 中科寒武纪科技股份有限公司 An apparatus and method for executing a Hessian-Free training algorithm
WO2018032379A1 (en) * 2016-08-13 2018-02-22 深圳市樊溪电子有限公司 Untrusted remote transaction file secure storage system for block chain
US12288064B2 (en) 2022-08-10 2025-04-29 International Business Machines Corporation Hardware-based message block padding for hash algorithms
US12411996B2 (en) 2022-08-10 2025-09-09 International Business Machines Corporation Hardware-based implementation of secure hash algorithms

Also Published As

Publication number Publication date
TWI268689B (en) 2006-12-11
TW200536335A (en) 2005-11-01

Similar Documents

Publication Publication Date Title
CN1838140A (en) Apparatus and method for generating information digest using encryption function
CN1684412A (en) Apparatus and method using secure hash algorithm
CN107667499B (en) Keyed hash message authentication code processor, method, system, and instructions
CN1254726C (en) Information processing device and information processing method
TWI303936B (en) Apparatus and method for generating a cryptographic key schedule in a microprocessor
TWI336858B (en) Microprocessor apparatus and method for modular exponentiation
CN1728634A (en) Method and device for multiplication in Galois field and device for inversion and device for byte replacement
CN1410876A (en) Microprocessor
CN1387642A (en) Branch instruction for procesor architecture
CN101034424A (en) Date safety storing system, device and method
CN1208193A (en) Information processing apparatus and method and recording medium
CN1233016A (en) Context controller having event-dependent vector selection and processor employing the same
CN1245922A (en) Context controller with time slice task switching capability and its application processor
TWI842912B (en) Processing system, system-on-chip and method for performing arithmetic operations
CN1658550A (en) Apparatus and method for performing cryptographic operations
US7502943B2 (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
CN1186901C (en) Cipher processor, IC card and cipher processing method
CN100391145C (en) Method and device for recombining transparent block code compilation
See et al. RISC32‐E: Field programmable gate array based sensor node with queue system to support fast encryption in Industrial Internet of Things applications
US8930681B2 (en) Enhancing performance by instruction interleaving and/or concurrent processing of multiple buffers
US7900055B2 (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US20050147239A1 (en) Method for implementing advanced encryption standards using a very long instruction word architecture processor
US7519833B2 (en) Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
CN1538656A (en) Method and apparatus for performing microprocessor block cipher coding decoding
CN1652163A (en) Method and device for implementing password function of permeability output feedback mode

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20050824