CN104065486A - Encryption strategy matching algorithm module verification platform and realizing method thereof - Google Patents
Encryption strategy matching algorithm module verification platform and realizing method thereof Download PDFInfo
- Publication number
- CN104065486A CN104065486A CN201410316888.XA CN201410316888A CN104065486A CN 104065486 A CN104065486 A CN 104065486A CN 201410316888 A CN201410316888 A CN 201410316888A CN 104065486 A CN104065486 A CN 104065486A
- Authority
- CN
- China
- Prior art keywords
- algorithm module
- matching algorithm
- verification platform
- encryption
- encryption policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the field of IPsec communication encryption and logic verification, in particular to an encryption strategy matching algorithm module verification platform and a realizing method of the encryption strategy matching algorithm module verification platform. According to the technical scheme, an encryption strategy is configured automatically and randomly, various IP package message readers are sent to a detected algorithm module randomly, and strategies matched out by a detected object are automatically collected and compared with a reference model of an encryption strategy matching algorithm module. By means of the encryption strategy matching algorithm module verification platform and the realizing method of the encryption strategy matching algorithm module verification platform, a UVM verification environment for the encryption strategy matching algorithm module in Ethernet communication encryption is achieved, the structure of a standard UVM verification platform is modified and simplified, the complexity of the verification platform is lowered on the premise of not affecting verification quality, and the development efficiency of the verification platform is improved.
Description
Technical field
The present invention relates to IPsec communication encryption and logic checking field, particularly a kind of encryption policy matching algorithm module verification platform and its implementation.
Background technology
Internet protocol (Internet Protocol) is a kind of data-oriented agreement for message switching network.It is the main agreement of network layer in ICP/IP protocol, and task is to transmit data according to the address of source host and destination host.For this purpose, IP has defined the encapsulating structure of addressing method and data.The main version of first framework, is called IPv4 now, is topmost Internet protocol.
IPsec(Internet Protocol Security---Internet protocol safety), be by the grouping of IP agreement (Internet protocol) being encrypted and authenticating to protect the network transmission protocol family (set of some agreements that are mutually related) of IP agreement.
IPsec is comprised of two large divisions: (1) sets up the IKE of security packet stream; (2) agreement of protection stream of packets.The former is Internet protocol key exchange (IKE) agreement.The latter comprises encapsulating security payload (esp) (ESP agreement) or authentication header agreement (AH agreement) agreement of encrypting stream of packets, for guaranteeing confidentiality, the reliability of source of data, the integrality of connection anti-replay service is provided.
Starting have IP message to enter before encryption equipment, encryption equipment can read an encryption policy list, lists the IP message of which type and address is carried out to which kind of encryption in table.Each IP message, after entering encryption equipment, need to be searched according to the type of message and address in table, determines to carry out the encryption of which kind of method.This search procedure is just completed by encryption policy matching algorithm module.
The header that is input as Policy List and IP message of this module.Policy List is comprised of many strategies, and every strategy is again by protocol type, destination address, and source address, encrypts direction, and a plurality of fields such as encryption policy form.The header of IP message is by protocol type, destination address, and source address, port numbers forms.The logical complexity of strategy matching is very high, so need a set of effective verification method to guarantee the correctness of matching algorithm.
UVM is a kind of verification methodology of the up-to-date research and development of chip checking industry.It can create Verification Components and verification platform solid, reusable, tool interoperability Utility Engineers.UVM provides a set of built-in function based on SystemVerilog language development, and engineer can save the trouble of the exploitation verification environment of oneself starting from scratch by calling storehouse.But for the exploitation and the checking personnel that there is no SystemVerilog language basis and there is no UVM use experience, the UVM verification platform too bulky complex that seems.Although some logical design is applicable to using UVM to verify, engineer, owing to fearing too complicated new things, often abandons attempting.
Summary of the invention
In order to solve the problem of prior art, the invention provides a kind of encryption policy matching algorithm module verification platform and its implementation.
The technical solution adopted in the present invention is as follows:
A kind of encryption policy matching algorithm module verification platform, comprise random generator, memory model, logic realization unit and behavior model, described random generator is for random arrangement encryption policy information and heading information, and described memory model is used for depositing encryption policy information; Described logic realization unit and behavior model are used for receiving heading information, the encryption policy information in read memory model.
An implementation method for encryption policy matching algorithm module verification platform, its method comprises the following steps:
A, random generator random arrangement encryption policy information, and send at random heading information to logic realization unit and behavior model;
B, described encryption policy information are put into memory model, by logic realization unit and behavior model, are therefrom read;
C, after the computing of logic realization unit and behavior model completes, both output is compared, determine that whether both logic behaviors identical.
The heading Information preservation of every input of logic realization unit and behavior model is identical.
Random generator is partly used SystemVerilog language to realize.
The beneficial effect that technical scheme provided by the invention is brought is:
A kind of encryption policy matching algorithm module verification platform of the present invention and its implementation, its whole verification environment only random generator is partly used SystemVerilog language to realize, and do not use the period behavior of UVM environmental standard, other parts are all that basic Verilog code is realized.The random generator of the technical program, has completed the function of serial device and driver in standard UV M environment, and the comparison function of behavior model and logic realization has completed the function of scoreboard in UVM environment.Make so whole environment when can reaching UVM environment verification efficiency, guaranteed that whole environment is very succinctly understandable.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is encryption policy matching algorithm module frame chart;
Fig. 2 is the structured flowchart of standard UV M verification platform;
Fig. 3 is the simplification version UVM environment block diagram of the encryption policy matching algorithm module of the technical program.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
As Fig. 1, the input of strategy matching module mainly contains two parts.The left side is the header of IP message, comprises the protocol type of message, destination address, source address, destination interface, source port.The right is input as Policy List, and it is comprised of many strategies, and every strategy is again by protocol type, destination address, and source address, encrypts direction, and a plurality of fields such as encryption policy form.Policy List is loaded into module after electrification reset completes, and after the header of each IP message occurs, module starts strategy wherein to compare one by one, until comparison is to the strategy that meets the header of IP message, at this moment exports encryption type, for other modules.
Here each field of each field in the header of IP message and matching strategy, has the combination of various complexity, and matching strategy forms by many again.Use common logic verification method, be difficult to cover all combined situation, also with regard to being difficult to, guarantee that the functions of modules of design meets expection.The UVM verification method of the present embodiment can greatly improve the verification efficiency of this type of logical design, and its constraint produces function and OO programmed method at random, makes the logic checking can Fast Convergent.But use UVM verification method need to possess use basis and the OO programming idea of SystemVerilog, this uses the Logic Engineer of Verilog or VHDL to custom, be a larger challenge.In order to facilitate, in team, to lack SystemVerilog and use basic member to be familiar with gradually the using method of this language, and complete as soon as possible the validation task to complex modules, developed a kind of UVM verification environment of simplifying version here.
The composition of the UVM verification environment of standard comprises these parts as Fig. 2.The picture left side is the measurand (DUT) in UVM verification platform.Mid portion is environment main uvm env, comprising a plurality of entity uvm agent.Each uvm agent comprises serial device sequencer, driver driver, detector monitor.Each uvm agent connects with measurand by an interface.Serial device is responsible for producing cycle tests, and driver is responsible for cycle tests to change the data flow above signal into, and is loaded into measurand, and detector is responsible for the data flow above signal to be converted to sequence.Virtual sequence device (virtual sequencer) can arrange each subsequence device to carry out in certain sequence.The message that scoreboard (scoreboard) can be collected each entity records relatively.Each UVM parts are all indispensable in standard UV M verification environment above.In each parts, comprise again different variablees, function, task and complicated inheritance.
The verification environment of the strategy matching module that the present embodiment is realized only policy information has been used the sequent in UVM storehouse with header information, and these sequents are sent by random generator.
Policy information is placed into memory model, by logic realization unit and behavior model from wherein reading.Header information is directly delivered to logic realization unit and behavior model.Every input of logic realization and behavior model keeps identical.After the computing of logic realization and behavior model completes, both output is compared, determine that whether both logic behaviors are identical.Whole verification environment only random generator is partly used SystemVerilog language to realize, and not use the period behavior of UVM environmental standard, other parts be all that basic Verilog code is realized.The random generator here, has completed the function of serial device and driver in standard UV M environment.The comparison function of behavior model and logic realization, has completed the function of scoreboard in UVM environment.Make so whole environment when can reaching UVM environment verification efficiency, guaranteed that whole environment is very succinctly understandable.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (4)
1. an encryption policy matching algorithm module verification platform, comprise random generator, memory model, logic realization unit and behavior model, described random generator is for random arrangement encryption policy information and heading information, and described memory model is used for depositing encryption policy information; Described logic realization unit and behavior model are used for receiving heading information, the encryption policy information in read memory model.
2. an implementation method for encryption policy matching algorithm module verification platform, its method comprises the following steps:
A, random generator random arrangement encryption policy information, and send at random heading information to logic realization unit and behavior model;
B, described encryption policy information are put into memory model, by logic realization unit and behavior model, are therefrom read;
C, after the computing of logic realization unit and behavior model completes, both output is compared, determine that whether both logic behaviors identical.
3. the implementation method of a kind of encryption policy matching algorithm module verification platform according to claim 2, is characterized in that, the heading Information preservation of described logic realization unit and every input of behavior model is identical.
4. the implementation method of a kind of encryption policy matching algorithm module verification platform according to claim 2, is characterized in that, described random generator is partly used SystemVerilog language to realize.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410316888.XA CN104065486A (en) | 2014-07-04 | 2014-07-04 | Encryption strategy matching algorithm module verification platform and realizing method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410316888.XA CN104065486A (en) | 2014-07-04 | 2014-07-04 | Encryption strategy matching algorithm module verification platform and realizing method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104065486A true CN104065486A (en) | 2014-09-24 |
Family
ID=51553030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410316888.XA Pending CN104065486A (en) | 2014-07-04 | 2014-07-04 | Encryption strategy matching algorithm module verification platform and realizing method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104065486A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462693A (en) * | 2014-12-09 | 2015-03-25 | 中国航空工业集团公司第六三一研究所 | 1394 link layer transaction-level model built on basis of UVM (universal verification methodology) |
| CN106294895A (en) * | 2015-05-19 | 2017-01-04 | 上海华虹集成电路有限责任公司 | HDCP transponder controller module level function verification method and verification environment platform |
| CN106326056A (en) * | 2016-08-26 | 2017-01-11 | 中国电子科技集团公司第三十八研究所 | Reusable WISHBONE bus protocol verification platform and verification method thereof |
| CN110618929A (en) * | 2019-08-01 | 2019-12-27 | 广东工业大学 | Verification platform and verification method of symmetric encryption algorithm based on UVM |
| WO2024068498A1 (en) * | 2022-09-29 | 2024-04-04 | Orange | Methods for proving and verifying the use of a cipher suite, and associated verification entity, communication devices, terminal and computer program |
-
2014
- 2014-07-04 CN CN201410316888.XA patent/CN104065486A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104462693A (en) * | 2014-12-09 | 2015-03-25 | 中国航空工业集团公司第六三一研究所 | 1394 link layer transaction-level model built on basis of UVM (universal verification methodology) |
| CN104462693B (en) * | 2014-12-09 | 2017-10-20 | 中国航空工业集团公司第六三一研究所 | One kind builds 1394 link-level transactions level model based on UVM |
| CN106294895A (en) * | 2015-05-19 | 2017-01-04 | 上海华虹集成电路有限责任公司 | HDCP transponder controller module level function verification method and verification environment platform |
| CN106294895B (en) * | 2015-05-19 | 2019-11-12 | 上海华虹集成电路有限责任公司 | HDCP transponder controller module grade function verification method and verification environment platform |
| CN106326056A (en) * | 2016-08-26 | 2017-01-11 | 中国电子科技集团公司第三十八研究所 | Reusable WISHBONE bus protocol verification platform and verification method thereof |
| CN110618929A (en) * | 2019-08-01 | 2019-12-27 | 广东工业大学 | Verification platform and verification method of symmetric encryption algorithm based on UVM |
| CN110618929B (en) * | 2019-08-01 | 2023-03-21 | 广东工业大学 | Verification platform and verification method of symmetric encryption algorithm based on UVM |
| WO2024068498A1 (en) * | 2022-09-29 | 2024-04-04 | Orange | Methods for proving and verifying the use of a cipher suite, and associated verification entity, communication devices, terminal and computer program |
| FR3140503A1 (en) * | 2022-09-29 | 2024-04-05 | Orange | Methods for proving and verifying the use of a cipher suite, verification entity, communication devices, terminal, and associated computer program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6099802B2 (en) | Network communication system, fraud detection electronic control unit, and fraud handling method | |
| CN102932141B (en) | Add order-preserving method and the system of deciphering chip parallel processing message encryption and decryption | |
| CN107004097B (en) | Security plug-in for system-on-chip platform | |
| CN104065486A (en) | Encryption strategy matching algorithm module verification platform and realizing method thereof | |
| CN106487719A (en) | The system and method making network function externalizing via packet relaying | |
| CN110535653A (en) | A kind of safe distribution terminal and its means of communication | |
| CN106341404A (en) | IPSec VPN system based on many-core processor and encryption and decryption processing method | |
| CN106301793B (en) | A kind of method of PLC certifications and secure communication | |
| CN102970228B (en) | A kind of message transmitting method based on IPsec and equipment | |
| CN106453314B (en) | The method and device of data encrypting and deciphering | |
| US20200128042A1 (en) | Communication method and apparatus for an industrial control system | |
| CN104038505A (en) | Method and device for preventing IPSec (internet protocol security) replaying | |
| CN105790927A (en) | Hierarchical bus encryption system | |
| CN109039591A (en) | The implementation method of internet of things information encryption system based on FPGA | |
| CN105610872B (en) | Internet-of-things terminal encryption method and internet-of-things terminal encryption device | |
| CN103457952A (en) | IPSec processing method and device based on encrypting engine | |
| CN104468519B (en) | A kind of embedded electric power security protection terminal encryption device | |
| CN107248910A (en) | Method for security protection and equipment | |
| CN106161386A (en) | A kind of method and apparatus realizing that IPsec shunts | |
| CN110191028A (en) | It can the test device of interconnection equipment of software definition, system and method | |
| CN115509917A (en) | Method, system, equipment and storage medium for verifying encryption and decryption algorithm | |
| CN111914267B (en) | Soc framework data isolation system based on FPGA | |
| CN109145620A (en) | Data flow diversion processing method and device | |
| CN107786411A (en) | Inter-application communication tunnel connection/verification method/system, medium and equipment | |
| CN114065302A (en) | Data processing method, device, equipment, medium and block chain network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140924 |
|
| WD01 | Invention patent application deemed withdrawn after publication |