CN113065150B - Encryption algorithm module testing method and device - Google Patents
Encryption algorithm module testing method and device Download PDFInfo
- Publication number
- CN113065150B CN113065150B CN202110489917.2A CN202110489917A CN113065150B CN 113065150 B CN113065150 B CN 113065150B CN 202110489917 A CN202110489917 A CN 202110489917A CN 113065150 B CN113065150 B CN 113065150B
- Authority
- CN
- China
- Prior art keywords
- test
- request
- key
- tested
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 307
- 230000008521 reorganization Effects 0.000 claims abstract description 74
- 238000000034 method Methods 0.000 claims abstract description 38
- 238000005215 recombination Methods 0.000 claims abstract description 31
- 230000006798 recombination Effects 0.000 claims abstract description 31
- 238000012546 transfer Methods 0.000 claims abstract description 14
- 238000004590 computer program Methods 0.000 claims description 17
- 238000010998 test method Methods 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 238000012163 sequencing technique Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000005538 encapsulation Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/06—Asset management; Financial planning or analysis
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a method and a device for testing an encryption algorithm module, and relates to the field of finance or other technical fields. The method comprises the following steps: acquiring a test request of an encryption algorithm module; invoking a target recombination rule corresponding to the request type of the test request to recombine all parameters in the test request to generate a recombination test request; performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext, and performing re-protection by using a master key of test equipment to generate a target test request; and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request. The device is used for executing the method. The method and the device for testing the encryption algorithm module can greatly reduce the testing workload.
Description
Technical Field
The invention relates to the technical field of finance or other technologies, in particular to a method and a device for testing an encryption algorithm module.
Background
At present, the requirements of security functions of applications in the financial industry are increasing, a large number of encryption algorithm modules need to be developed to support the security requirements of services, while the financial industry generally uses multiple platforms or multiple sets of environments at the same time, each platform may use different encryption devices, each set of environments may use different master keys of the encryption devices, so that the encryption algorithm modules of the multiple platforms and environments need to be tested, thereby meeting the purpose of security online, but the testing workload is greatly increased due to the difference between the different encryption devices and the master keys.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a testing method of an encryption algorithm module, which can at least partially solve the problems in the prior art.
In one aspect, the present invention provides a method for testing an encryption algorithm module, including: obtaining a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs; searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule; recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request; performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key; re-protecting the intermediate key according to a master key of test equipment to generate a test key; replacing the working key in the reorganization test request with the test key to generate a target test request; and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
Optionally, the request types of the test request include: a card password test request, a card security code test request, a chip card test request, and a complete protection test request.
Optionally, the reorganization rule includes a sequencing rule of the request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the step of recombining the request type and each parameter to be tested according to the target recombination rule, and the step of generating a recombination test request comprises the following steps: re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested; and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
Optionally, before searching the target reorganization rule corresponding to the request type in the reorganization rule base, the method further includes: if the request type and the parameter to be tested in the test request are abnormal, notifying the encryption algorithm module that the test request is in error.
Optionally, after the sending the target test request to the test device, the method further includes: and sending a result obtained by the test equipment according to the target test request to the encryption algorithm module.
In another aspect, the present invention provides a test device for an encryption algorithm module, including: the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring a test request of an encryption algorithm module, the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs; the searching module is used for searching a target reorganization rule corresponding to the request type in the reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule; the recombination module is used for recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request; the transfer protection module is used for transferring and protecting the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key; the re-protection module is used for re-protecting the intermediate key according to the master key of the test equipment and generating a test key; the generating module is used for replacing the working key in the reorganization test request with the test key to generate a target test request; and the first sending module is used for sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
Optionally, the reorganization rule includes a sequencing rule of the request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the recombination module is specifically used for: re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested; and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
Optionally, the apparatus further includes: and the second sending module is used for sending the result obtained by the test equipment according to the target test request to the encryption algorithm module.
In yet another aspect, the present invention provides an electronic device including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method for testing an encryption algorithm module according to any of the embodiments described above when the program is executed by the processor.
In yet another aspect, the present invention provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method for testing an encryption algorithm module described in any of the above embodiments.
The method and the device for testing the encryption algorithm module can call the corresponding recombination rule according to the type of the test request to recombine each request parameter in the test request, overcome the difference of algorithm packages of different encryption algorithm modules and adapt to the requirements of test equipment; the working key of the encryption algorithm module can be protected through the protection key of the known plaintext, and then the main key of the testing equipment is used for re-protection to be changed into the testing key which can be identified by the testing equipment, so that the difference of keys of different encryption algorithm modules is overcome; therefore, the encryption algorithm modules of the encryption equipment under different platforms or environments can meet the test requirements by using the same set of test methods and test equipment without designing a set of special test methods and test equipment for each encryption algorithm module, and the test workload is greatly reduced.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
fig. 1 is a flowchart of a testing method of an encryption algorithm module according to an embodiment of the present invention.
Fig. 2 is a partial flow chart of a testing method of an encryption algorithm module according to another embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a testing device for an encryption algorithm module according to another embodiment of the present invention.
Fig. 4 is a schematic physical structure of an electronic device according to still another embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention will be described in further detail with reference to the accompanying drawings. The exemplary embodiments of the present invention and their descriptions herein are for the purpose of explaining the present invention, but are not to be construed as limiting the invention. It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be arbitrarily combined with each other.
In order to facilitate understanding of the technical scheme provided in the present application, the following description will be given for simplicity:
the encryption algorithm module is used for supporting the application security function requirement of the financial industry, belongs to the component part of encryption equipment in a financial system and is related to application encryption security; the encryption algorithms used by the encryption algorithm modules under different platforms and environments have differences in algorithm encapsulation, the requirements of respective encryption equipment are met, the keys also have differences, the application of the password security system requires the use of a multi-level key system, the encryption algorithm modules use all working keys, and the working keys are protected by the master keys of the respective encryption equipment.
The method and the device for testing the encryption algorithm module mainly test whether the codes related to the encryption algorithm in the encryption algorithm module have problems or not, and the test request can be actively generated by the encryption algorithm module and sent by the encryption equipment to which the encryption algorithm module belongs, namely the encryption algorithm module can actively request the test. The method is applied to the scene that multiple platforms and environments are used simultaneously in the financial industry and encryption algorithm function module testing is needed, a general, extensible and process-safe processing scheme is provided, test cases can be reused, and the input cost of IT resources is saved.
The execution main body of the test method of the encryption algorithm module provided by the embodiment of the invention comprises a computer.
Fig. 1 is a flow chart of a testing method of an encryption algorithm module according to an embodiment of the present invention, as shown in fig. 1, the testing method of an encryption algorithm module according to an embodiment of the present invention includes:
s101, acquiring a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs;
the request type of the test request may include a card password test request, a card An Quanma (CVV) test request, a chip card test request, a complete protection test request, etc.; the working key of the encryption algorithm module comprises a transmission key and a storage key of the encryption algorithm module.
Because the application of the cipher security system requires the use of a multi-level key system, the working key used by the encryption algorithm module is protected by the master key of the encryption equipment to which the encryption algorithm module belongs, and therefore the working key in the test request is ciphertext.
For different request types, the parameters to be tested included in the test request may also be different; for example, when the request type is a card password test request, the parameters to be tested include a password ciphertext to be checked, a stored password ciphertext, a transmission key, a stored key, a card number, a storage element, and an algorithm parameter; when the request type is a card security Code (CVV) test request, the parameters to be tested comprise a transmission key, a storage key, a card number, a validity period, a service code and a CVV to be checked.
S102, searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule;
in this step, each request type may correspond to a reorganization rule, and multiple request types may also correspond to the same reorganization rule, specifically according to requirements of the test device on various test requests, where the reorganization rules corresponding to the same request type are the same.
S103, recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request;
in this step, the content of the test request obtained each time may have a difference in format because the test request may come from different encryption devices under different platforms or environments, so that the content of the test request under the same request type is unified in format through the target reorganization rule, thereby overcoming the difference of different encryption algorithm modules in algorithm encapsulation and enabling the content to meet the requirements of the test device.
S104, performing transfer protection on the working key in the reorganization test request by using a protection key of a known plaintext to generate an intermediate key;
the step, the protection key of the known plaintext can be randomly generated, and the step of performing the transfer protection on the working key by using the protection key means that after the working key protected by the main key of the encryption equipment is decrypted, the protection key is used for performing encryption protection on the key plaintext of the working key again; in the process of carrying out transfer protection on the working key by the protection key, directly carrying out encryption protection without storing a key plaintext of the working key in a landing way; the specific protection process may refer to the encryption machine to perform the protection process of the key by using the transmission key of the known plaintext, which is not described herein.
S105, re-protecting the intermediate key according to a master key of the test equipment to generate a test key;
in this step, the test key generated after the encryption of the master key of the test device can be identified by the test device.
S106, replacing the working key in the reorganization test request with the test key to generate a target test request;
and S107, sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
In this step, the test device may prepare different test cases for different types of test requests to perform the test, where the test cases mask the differences between the platform and the encryption device, so that the same type of test request can use the same test case to perform the test. Optionally, the test device may be an encryptor, and the test cases and specific test procedures may refer to specific test cases and specific test procedures when the encryptor tests the encryption algorithm module, which are not described herein.
The test method of the encryption algorithm module provided by the embodiment of the invention can call the corresponding recombination rule according to the type of the test request to recombine each request parameter in the test request, overcomes the difference of algorithm packages of different encryption algorithm modules and adapts to the requirements of test equipment; the working key of the encryption algorithm module can be protected through the protection key of the known plaintext, and then the main key of the testing equipment is used for re-protection to be changed into the testing key which can be identified by the testing equipment, so that the difference of keys of different encryption algorithm modules is overcome; therefore, the encryption algorithm modules of the encryption equipment under different platforms or environments can meet the test requirements by using the same set of test methods and test equipment without designing a set of special test methods and test equipment for each encryption algorithm module, and the test workload is greatly reduced.
As shown in fig. 2, optionally, in the above embodiment, the reorganization rule includes an ordering rule of a request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the step of recombining the request type and each parameter to be tested according to the target recombination rule, and the step of generating a recombination test request comprises the following steps:
1031. re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested;
1032. and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
In this embodiment, for the same type of test request, because the algorithm packages of the encryption algorithm modules are different, there may be a difference in the naming of each parameter and the ordering between the parameters in the test request sent by each encryption algorithm module, so after the parameters in each test request are recombined by using a unified ordering rule and a unified naming rule, the generated recombined test request can meet the test requirement of the test device, and the difference in the algorithm packages of different encryption algorithm modules is overcome.
Optionally, before searching the reassembly rule library for the target reassembly rule corresponding to the request type, the method may further include: if the request type and the parameter to be tested in the test request are abnormal, notifying the encryption algorithm module that the test request is in error.
In this embodiment, after the test request of the encryption algorithm module is obtained, a request type of the test request and a parameter to be tested are further determined, if the parameter to be tested is abnormal, an error is returned, otherwise, a target reorganization rule corresponding to the request type is searched in a reorganization rule base. Specifically, whether the parameter to be tested is abnormal or not may be determined by the format, the number, etc. of the parameter to be tested.
Optionally, after the sending the target test request to the test device, the method may further include: and sending a result obtained by the test equipment according to the target test request to the encryption algorithm module. In this embodiment, after the test result is obtained, the test result is also fed back to the corresponding encryption algorithm module, so that the encryption algorithm module determines whether the related code has a problem according to the test result.
In order to better understand the present invention, a test method of the encryption algorithm module provided by the present invention is described below through a specific embodiment.
(1) Taking card password test as an example:
test request data:
test instruction = PASSPOV
Cipher text to be verified = 1407C306CAC55B91,
the cipher text= 463529 is stored,
transmission key = 2ABCBD12358D2a123C
Storage key=434 ED879536BD2ABCBD12352ABCBD123
Card number = 1265646879123467
Algorithm parameter = PAN WITH CARDNO
Storage element= 0123456789012345
Processing the test request data according to the ordering rule and naming standard corresponding to the card password test request to generate data with the following format:
test instruction = des_pov
Cipher text to be verified = 1407C306CAC55B91,
the cipher text= 463529 is stored,
transmission key = 2ABCBD12358D2a123C
Storage key=434 ED879536BD2ABCBD12352ABCBD123
Card number = 1265646879123467
Storage element= 0123456789012345
Algorithm parameter=10
After the work key (transmission key and storage key) of the encryption algorithm module in the data is subjected to transfer protection and re-protection, the data is changed into:
test instruction = des_pov
Cipher text to be verified = 1407C306CAC55B91,
the cipher text= 463529 is stored,
transmission key
=01030050000000004A4F19D7A0D79E74943FAF44D701127E60A4167AE32869A00B261929
Storing keys
=0103006000000000C58338ED2F25D1780CC8606EBD5E75C1737112BF153D340F948AEE3A
Card number = 1265646879123467
Storage element= 0123456789012345
Algorithm parameter=10
(2) Taking the card CVV test as an example:
test request data:
test instruction = CARDCVV
Transmission key = 2ABCBD12358D2a123C
Storage key=434 ED879536BD2ABCBD12352ABCBD123
Card number = 1265646879123467
Validity period=1212
Service code=101
To-be-verified cvv=838
Processing the test request data according to the ordering rule and naming standard corresponding to the card security code test request to generate data with the following format:
test instruction = des_cvv
Transmission key = 2ABCBD12358D2a123C
Storage key=434 ED879536BD2ABCBD12352ABCBD123
Card number = 1265646879123467
Validity period=1212
Service code=101
To-be-verified cvv=838
After the work key (transmission key and storage key) of the encryption algorithm module in the data is subjected to transfer protection and re-protection, the data is changed into:
test instruction = des_cvv
Transmission key
=0103002000000000817934354EA36C850736225032C36EADD07CCD405772BB8468C5B1F6
Storing keys
=0103002000000000C3C5ECB9FD64D5413483B6E86129789EC5DD688722357D51AE0FE9D1
Card number = 1265646879123467
Validity period=1212
Service code=101
To-be-verified cvv=838
The embodiment of the invention provides a set of efficient and general testing method for the encryption algorithm module, which shields the difference between a platform and encryption equipment, uniformly processes test requests after the algorithm package and the working key of the encryption algorithm module are converted, realizes effective integration of test resources, and has the characteristics of strong universality, wide expandability and safe and controllable processing process.
Fig. 3 is a schematic structural diagram of a testing device for an encryption algorithm module according to an embodiment of the present invention, and as shown in fig. 3, the testing device for an encryption algorithm module according to an embodiment of the present invention includes: the obtaining module 201 is configured to obtain a test request of an encryption algorithm module, where the test request includes a request type and parameters to be tested, and the parameters to be tested include a working key of the encryption algorithm module, and the working key is protected by a master key of an encryption device to which the encryption algorithm module belongs; a searching module 202, configured to search a reorganization rule library for a target reorganization rule corresponding to the request type, where the reorganization rule library includes a correspondence between the request type and the reorganization rule; a reorganizing module 203, configured to reorganize the request type and each parameter to be tested according to the target reorganizing rule, so as to generate a reorganizing test request; a transfer protection module 204, configured to transfer-protect the working key in the reassembly test request by using a protection key with a known plaintext, and generate an intermediate key; the re-protection module 205 is configured to re-protect the intermediate key according to a master key of the test device, and generate a test key; a generating module 206, configured to replace the working key in the reorganization test request with the test key, and generate a target test request; and the first sending module 207 is configured to send the target test request to the test device, so that the test device tests the parameter to be tested according to the test type in the target test request.
Optionally, the reorganization rule includes a sequencing rule of the request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the recombination module is specifically used for: re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested; and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
Optionally, the apparatus further includes: and the second sending module is used for sending the result obtained by the test equipment according to the target test request to the encryption algorithm module.
The embodiment of the server provided in the embodiment of the present invention may be specifically used to execute the processing flow of each method embodiment, and the functions thereof are not described herein again, and may refer to the detailed description of the method embodiments.
It should be noted that, the method and the device for testing the encryption algorithm module provided by the embodiment of the invention can be used in the financial field and also can be used in any technical field except the financial field, and the application field of the method and the device for testing the encryption algorithm module is not limited.
Fig. 4 is a schematic physical structure of an electronic device according to an embodiment of the present invention, as shown in fig. 4, the electronic device may include: processor 301, communication interface (Communications Interface) 302, memory (memory) 303 and communication bus 304, wherein processor 301, communication interface 302, memory 303 accomplish the communication between each other through communication bus 304. The processor 301 may call logic instructions in the memory 303 to perform the following method: obtaining a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs; searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule; recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request; performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key; re-protecting the intermediate key according to a master key of test equipment to generate a test key; replacing the working key in the reorganization test request with the test key to generate a target test request; and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
Further, the logic instructions in the memory 303 may be implemented in the form of software functional units and stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The present embodiment discloses a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, are capable of performing the methods provided by the above-described method embodiments, for example comprising: obtaining a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs; searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule; recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request; performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key; re-protecting the intermediate key according to a master key of test equipment to generate a test key; replacing the working key in the reorganization test request with the test key to generate a target test request; and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
The present embodiment provides a computer-readable storage medium storing a computer program that causes the computer to execute the methods provided by the above-described method embodiments, for example, including: obtaining a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs; searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule; recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request; performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key; re-protecting the intermediate key according to a master key of test equipment to generate a test key; replacing the working key in the reorganization test request with the test key to generate a target test request; and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the description of the present specification, reference to the terms "one embodiment," "one particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A method for testing an encryption algorithm module, comprising:
obtaining a test request of an encryption algorithm module, wherein the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs;
searching a target reorganization rule corresponding to the request type in a reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule;
recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request;
performing transfer protection on the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key;
re-protecting the intermediate key according to a master key of test equipment to generate a test key;
replacing the working key in the reorganization test request with the test key to generate a target test request;
and sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
2. The test method of claim 1, wherein the request type of the test request comprises: a card password test request, a card security code test request, a chip card test request, or a full protection test request.
3. The test method according to claim 1, wherein the reorganization rule includes a sequencing rule of a request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the step of recombining the request type and each parameter to be tested according to the target recombination rule, and the step of generating a recombination test request comprises the following steps:
re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested;
and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
4. The test method of claim 1, wherein prior to searching a reassembly rule library for a target reassembly rule corresponding to the request type, the method further comprises:
if the request type and the parameter to be tested in the test request are abnormal, notifying the encryption algorithm module that the test request is in error.
5. The method of testing according to claim 1, wherein after said sending said target test request to said test device, said method further comprises:
and sending a result obtained by the test equipment according to the target test request to the encryption algorithm module.
6. A test device for an encryption algorithm module, comprising:
the system comprises an acquisition module, a verification module and a verification module, wherein the acquisition module is used for acquiring a test request of an encryption algorithm module, the test request comprises a request type and parameters to be tested, the parameters to be tested comprise a working key of the encryption algorithm module, and the working key is protected by a master key of encryption equipment to which the encryption algorithm module belongs;
the searching module is used for searching a target reorganization rule corresponding to the request type in the reorganization rule base, wherein the reorganization rule base comprises a corresponding relation between the request type and the reorganization rule;
the recombination module is used for recombining the request type and each parameter to be tested according to the target recombination rule to generate a recombination test request;
the transfer protection module is used for transferring and protecting the working key in the reorganization test request by using a protection key with a known plaintext to generate an intermediate key;
the re-protection module is used for re-protecting the intermediate key according to the master key of the test equipment and generating a test key;
the generating module is used for replacing the working key in the reorganization test request with the test key to generate a target test request;
and the first sending module is used for sending the target test request to the test equipment so that the test equipment tests the parameters to be tested according to the test type in the target test request.
7. The test device according to claim 6, wherein the reorganization rule includes a sequencing rule of a request type and each parameter to be tested, and a naming specification of the request type and each parameter to be tested; the recombination module is specifically used for:
re-ordering the request type and the parameters to be tested in the test request according to the request type and the ordering rule of the parameters to be tested;
and continuing renaming the reordered request type and each parameter to be tested according to the naming specifications of the request type and each parameter to be tested, and generating a reorganization test request.
8. The test device of claim 6, wherein the device further comprises:
and the second sending module is used for sending the result obtained by the test equipment according to the target test request to the encryption algorithm module.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110489917.2A CN113065150B (en) | 2021-05-06 | 2021-05-06 | Encryption algorithm module testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110489917.2A CN113065150B (en) | 2021-05-06 | 2021-05-06 | Encryption algorithm module testing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113065150A CN113065150A (en) | 2021-07-02 |
| CN113065150B true CN113065150B (en) | 2024-03-01 |
Family
ID=76568131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110489917.2A Active CN113065150B (en) | 2021-05-06 | 2021-05-06 | Encryption algorithm module testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113065150B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102576432A (en) * | 2009-10-08 | 2012-07-11 | 国际商业机器公司 | Automated test execution plan generation |
| CN103095513A (en) * | 2011-11-02 | 2013-05-08 | 中国银联股份有限公司 | Simulation testing device and method of Encryption equipment |
| CN107861877A (en) * | 2017-11-21 | 2018-03-30 | 中国银行股份有限公司 | The encryption method and device of banking system automatic test message |
| CN107908541A (en) * | 2017-07-26 | 2018-04-13 | 平安壹钱包电子商务有限公司 | Interface test method, device, computer equipment and storage medium |
| CN110609785A (en) * | 2018-06-15 | 2019-12-24 | 中移(杭州)信息技术有限公司 | Software interface testing method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10248553B2 (en) * | 2017-07-14 | 2019-04-02 | International Business Machines Corporation | Test methodology for detection of unwanted cryptographic key destruction |
-
2021
- 2021-05-06 CN CN202110489917.2A patent/CN113065150B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102576432A (en) * | 2009-10-08 | 2012-07-11 | 国际商业机器公司 | Automated test execution plan generation |
| CN103095513A (en) * | 2011-11-02 | 2013-05-08 | 中国银联股份有限公司 | Simulation testing device and method of Encryption equipment |
| CN107908541A (en) * | 2017-07-26 | 2018-04-13 | 平安壹钱包电子商务有限公司 | Interface test method, device, computer equipment and storage medium |
| CN107861877A (en) * | 2017-11-21 | 2018-03-30 | 中国银行股份有限公司 | The encryption method and device of banking system automatic test message |
| CN110609785A (en) * | 2018-06-15 | 2019-12-24 | 中移(杭州)信息技术有限公司 | Software interface testing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113065150A (en) | 2021-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110189121B (en) | Data processing method and device, block chain client and block chain link point | |
| CN109714350A (en) | The authority control method and device of application program, storage medium, computer equipment | |
| CN111478961A (en) | Multi-tenant service calling method and device | |
| CN112508722B (en) | Policy information verification method and device based on zero knowledge proof | |
| CN101404056A (en) | Software protection method, apparatus and equipment | |
| CN108876689A (en) | Order processing method, apparatus, equipment and computer readable storage medium | |
| US20210135869A1 (en) | Using ip heuristics to protect access tokens from theft and replay | |
| CN110391895B (en) | Data preprocessing method, ciphertext data acquisition method, device and electronic equipment | |
| CN112182488B (en) | Distributed outsourcing calculation processing method and device based on edge calculation | |
| CN110826052A (en) | Method and device for protecting server password security | |
| CN114339745A (en) | Key distribution method, system and related equipment | |
| CN107977581A (en) | Data processing method, device and computer-readable recording medium | |
| CN113065150B (en) | Encryption algorithm module testing method and device | |
| CN109787754A (en) | A kind of data encryption/decryption method, computer readable storage medium and server | |
| CN103336918B (en) | Electronic hard disk system authorization method and device | |
| CN111680325A (en) | Data escorting method and device | |
| CN111311261A (en) | Security processing method, device and system for online transaction | |
| CN115766064A (en) | Password application method, device, equipment and storage medium | |
| CN105184173A (en) | Method and device for request processing | |
| CN110597786A (en) | Structured data management method and device | |
| CN105245347A (en) | Encryption system realizing method matched with multiple kinds of storage products | |
| CN112055005B (en) | Identity authentication method, device, system, electronic equipment and medium | |
| CN109617895A (en) | Access safety control method and system | |
| CN1993959B (en) | Load balancing of safety in network | |
| CN113328848B (en) | Parameterized S box generation method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |