CN100391145C - Apparatus and method for performing transparent block cipher cryptographic functions - Google Patents

Apparatus and method for performing transparent block cipher cryptographic functions Download PDF

Info

Publication number
CN100391145C
CN100391145C CNB2004100590645A CN200410059064A CN100391145C CN 100391145 C CN100391145 C CN 100391145C CN B2004100590645 A CNB2004100590645 A CN B2004100590645A CN 200410059064 A CN200410059064 A CN 200410059064A CN 100391145 C CN100391145 C CN 100391145C
Authority
CN
China
Prior art keywords
cryptographic
block
computing
register
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2004100590645A
Other languages
Chinese (zh)
Other versions
CN1558591A (en
Inventor
汤玛斯·A·克利斯宾
G·葛兰·亨利
奥图罗·马丁-德-尼古拉
泰瑞·派克斯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
INTELLIGENCE FIRST CO
IP First LLC
Original Assignee
INTELLIGENCE FIRST CO
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/727,973 external-priority patent/US7532722B2/en
Application filed by INTELLIGENCE FIRST CO filed Critical INTELLIGENCE FIRST CO
Publication of CN1558591A publication Critical patent/CN1558591A/en
Application granted granted Critical
Publication of CN100391145C publication Critical patent/CN100391145C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Input From Keyboards Or The Like (AREA)

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device, wherein the cryptographic instruction prescribes one of the cryptographic operations. The execution logic is operatively coupled to the cryptographic instruction and executes the one of the cryptographic operations. The one of the cryptographic operations includes indicating whether the one of the cryptographic operations has been interrupted by an interrupting event.

Description

Reorganization transparence block Cryptographic method and device
Technical field
The present invention relates to a kind of microelectronic field, relate in particular to a kind of method and device of in microprocessor or other device, carrying out the computing of reorganization transparence block Cryptographic.
Background technology
Operation between early stage computer system all is independently working, because run that the needed input data of application program are built in being in the early stage computer system or imported when the program running by the software engineer.Application program is carried out dateout that the back produces and is then normally presented with in black and white printing type, or is written into tape, hard disk or other belongs in the storage device of computer system some with the pattern of a file.The application program of being carried out in same computer system by the next one is used as the input file use or this file is deposited in a storage interface that can be moved formula if the file of this output can be followed, and it just can be used by the application software in other different but compatible computer system.These early stage systems are existing cognitive to protecting responsive data.One kind of data confidentiality measure, Cryptographic application software also are developed the responsive data of protection in order to avoid unauthorized being disclosed.These Cryptographic softwares are done the action of encrypting or deciphering to the file on the storage device usually.
For many years, users just find to share by many computers of network on-line this advantage of data.So, the development that the network architecture, operating system, data transfer protocol are also relative.So far, except supporting that data are shared, the additional function that they provided is also very powerful and influential.For example say, present user use a computer operation platform reach on another workbench or the file on another webserver, obtain news and other data by the internet, the computer different with other hundreds of transmits and receives electronic information, as Email, or the computer system that connects the supplier provides credit card or bank data to buy article, or in the dining room, airport and other public place do above-mentioned action by wireless network, be accustomed to.So very important that the transmission of protection sensitive data also becomes.Also day hurriedly increases the frequency that the user needs protection by the data that computer spread out of.Normal the exposing of news headlines distributed mail indiscriminately to society, the hacker, and status is usurped, reverse engineering, IP (InternetProtocol) takes advantage of the position Computer Data Security problems such as pseudo-and credit card deception.The behind motivation of the action of these infringement privacies is the mistake of sheerly not being in the mood for unexpectedly sometimes, then is the terrified attack action of deliberate network sometimes.Correlation unit to be formulating new law, strictly carries out standard and action such as educate the masses responds.But these actions all still can't successfully stop to encroach on the tide of computer data so far.Only allow government, financial institution, the problem of the military and information unit worry become each in the past and be in and check e-mails, used one of problem that the common people of Internet banking worry most.
In this field of information security one with data encryption, and the protection skill of specific personage's decoded mode only is provided is exactly that Cryptographic is learned.In the protection transmission of computer to the intercomputer data, Cryptographic normally adopt with sensitive data (being called expressly plaintext or cleartext again) change into can't identification pattern (be called ciphertext again, ciphertext).The program that expressly converts ciphertext to is called as " encryption " (encryption, enciphering or ciphering), ciphertext is gone back to program expressly then be called as " deciphering " (decryption, deciphering or inverse ciphering).
In this field of Cryptographic, several modes are developed out with agreement so that the user does not need too many Cryptographic knowledge or spend too many strength just data can be sent to different users with the pattern of encrypting.Except ciphered data, the user can provide one of receiver to be used for deciphering usually " cryptographic key ".Cryptographic key allows the recipient can restore enciphered data or obtains the unencrypted initial data.Above-described step, normally by cryptoguard, the methods such as application program of mathematical algorithm and encrypting and decrypting are the sensitive data encryption and decryption.
There is the algorithm of number of different types to be applied on the encrypting and decrypting of data at present.An algorithm in certain type is (as public key encryption algorithm, be one of RSA Rivest-Shamir-Adelman class of algorithms) used two keys (cryptographic key), a public-key cryptography (Public Key) and a private cipher key (private key) to be used for encrypting or deciphering.According to some public key algorithms then, recipient's public-key cryptography is used for data encryption so that give the recipient by the person of sending.Because between user's open and private cipher key certain specific mathematical relationship is arranged, the recipient must untie the data of receiving with private cipher key, reduction data originally.Though this type of cryptographic algorithm is subjected to using widely, very slow of the speed that its handles encryption and decryption is even handle all very slow of data in a small amount.Also have a class algorithm, be called symmetric key encryption algorithm (symmetric key algorithms), the data security with first kind algorithm ad eundem is not only arranged, and the speed of carrying out goes up soon many.The reason that this class algorithm can be called symmetric key encryption algorithm be exactly it be to come encryption and decryption with same group encryption compiling key.Mainly contain three kinds of single secret key cryptographic algorithms (single-key cryptographic algorithms) at present: data encryption standard (Data Encryption Standard, DES), three degrees of data encryption standards (TripleData Encryption Standard, Triple-DES) and the high-order encryption standard (AdvancedEncryption Standard, AES).Because the protection intensity of these algorithms, the correlation unit of U.S. government all adopts these three kinds of algorithms to come private data now.Believe that in the near future this wherein also can become the standard of using among commercial and the private placement placing more than one or one.According to these symmetric key encryption algorithms then, expressly and ciphertext all be cut into a certain size block to carry out encryption and decryption.For example high-order encryption standard (AES) is encrypted the block of 128 sizes, and uses the encryption compiling key of 128,192 and 256 sizes.
All symmetric key encryption algorithms (symmetric key algorithms) all are identical with less important computing (sub-operation) step of plain text encryption.According to those relatively more normal symmetric key encryption algorithms that uses, initial Cryptographic key can be expanded to several key (cipher key procedures table just, when key schedule), each key all can be used in Cryptographic with the wherein bout (round) in the less important computing in one section plain text encryption program.It is the input data (input text) of second leg that the intact result of first leg computing becomes.The second leg computing just uses in the cipher key procedures table second key to do computing, produces second result then.Expressly just becoming ciphertext through behind specific several bouts.In high-order encryption standard (AES) operation method, computing in the less important computing in each bout can be called as son position (SubByte in the pertinent literature data, or S-box), move row (ShiftRows), mix hurdle (MixColums) and bout key (round key) and add (AddRoundKey).Be that the step that one section ciphertext is separated Code is very similar with encryption in fact, be used as add ciphertext as input value exactly, and oppositely decipher and oppositely computing at each bout, the output valve of last bout is exactly a plaintext.
Data encryption standard (DES) is not too identical on little details with the less important computing that three degrees of data encryption standards (Triple-DES) are used, but they and high-order encryption standard (AES) operation method are very similar basically, because they transfer the plaintext fragment to similar manner a section ciphertext.
All symmetric key encryption algorithms all are the same with the pattern of a plurality of serialgram phase data encryptions.These comprised the cryptographic block chain pattern (cipher block chaining mode, CBC), electronic codebook mode (electronic code book, ECB), encrypt feedback model (cipher feedback mode, CFB) and output feedback mode (output feedback mode, OFB).Wherein some pattern needs an other initialization vector (initialization vector) just can carry out a time computing, and some then is the ciphertext after the compiling of first group encryption can be added in the computing of second group of plain text encryption.If deeply inquire into each Cryptographic algorithm and instantly in the symmetric key encryption algorithm each time calculation step then just exceeded the scope of the present invention's application.Inquire into about DES Cipher and the detailed implementation specification of three degrees of data encryption standard Triple-DES, readers can then have the detailed discussion of AES among the Federal Information Processing Standards Publication197 (FIPS-197) in November 26 calendar year 2001 with reference to the FederalInformation Processing Standards Publication 46-3 (FIPS-46-3) on October 25th, 1999.Above-mentioned publication is issued compiling by NationalInstitute of Standards and Technology (NIST), and attached at this is collateral reading, the intimate scope that is contained.Except these publications, also provide teaching by units, white paper, toolkits and related article etc. in Computer SecurityResource Center (CSRC) the website http://csrc.nist.gov/ of NIST.
Those skilled in the art should understand the action (encryption and decryption just) that has a lot of softwares can both be used for carrying out Cryptographic on the computer system.In fact, some operating system (Microsft Windows XP for example, Linux) by Cryptographic primitive (cryptographic primitives), Cryptographic application software interface (cryptographic application program interface) and other similar interface provide direct encrypt/decrypt service.But in many-side many defectives are arranged on the computer encryption skill now.Please refer to Fig. 1, indicate these defectives among the figure, below will inquire into these problems.
The block diagram that Fig. 1 uses for the known computer Cryptographic.Block diagram 1 shown first computer 101 be connected to LAN 105, in addition be connected to LAN 105 also have second computer 102, network file storage device 106, first router one 07 or with the interface of other form, such as network, be connected to Wide Area Network 110 (wide area network, WAN), with a wireless network router one 08, for example meet the wireless router of IEEE 802.11 standards.
Another termination of Wide Area Network 110 (wide area network) be second router one 11, be used to provide interface with the 3rd computer 103.
As mentioned before, the user is more and more frequent in the meeting need to be keep secret computer data when generally using a computer now.For example say that under operating system control, the user of first computer 101 may carry out various work simultaneously, and every sample work all needs the Cryptographic operation.The user of first computer 101 needs executive utility 112 to come encrypt/decrypt (exercising by operating system service or operating system) to deposit a file in network file storage device 106.In store files, the user also may pass to the information of encrypting the user of second computer 102, and this action will also need application program 112 to carry out the work of encryption and decryption.The information that encryption spreads out of might be real-time (for example real time information) or be not real-time (for example Email).In addition, the user may be by Wide Area Network 110 finance data (for example credit card number, financial transaction etc.) or other significant data the access individual on the 3rd computer 103.The 3rd computer 103 also can be represented one family office or remote computer 103, wherein in user's out of office of first computer 101, then can use Wide Area Network 110 to come the internal data of shared resource 101,102,106,107,108 on the access LAN 105 and 109.Above-described behavior all needs calling appl. 112 to carry out the action of associated encryption and deciphering.In addition, wireless network 109 by layout widely in public places such as coffee shop, airport, schools, so the user of laptop computer 104 is except the data encryption or deciphering that must receive or send to other user, all data of passing to wireless network router one 08 by wireless network 109 are encrypt/decrypts in addition all also.
Those skilled in the art can understand when computer 101-104 need carry out the action of Cryptographic, and application program 112 can be called out the action of encrypting then or deciphering.So following computer 101-104 might carry out up to a hundred Cryptographic computings simultaneously.
The inventor finds that the way that computer system 101-104 calls out one or more encryptions or decryption application 112 simultaneously has following shortcoming, for example say, if can use a special hardware to handle these functions, the speed of hardware handles can be than fast with software.When each application program 112 need be carried out encrypting and decrypting, the work that computer 101-104 is carrying out just must transmit the required parameter (for example plaintext, ciphertext, pattern and key etc.) of Cryptographic action to computer operating system by elder generation's time-out, and computer operating system is passed to these data application program 112 again and finished the Cryptographic action then.Because application program 112 need be carried out the sub-computing of many bouts when the compiling one piece of data, therefore, the number of instructions that computer will be carried out is various and allow the speed of whole operation system handles significantly descend.Those skilled in the art can be appreciated that what sends in the Outlook of Microsoft environment that the required transmission time can be more than five times of unencryption mail behind the envelope encrypted E-mail.
The delay time at stop of getting involved computer operating system also can influence this technology of present use.There is not complete key to produce or encryption/decryption functionality at present in the application software mostly, so all be to finish these operations by operating system or plug-in software (plug-in software).And to obtain operating-system resources, send interrupt instruction (interrupt) or operating system is claimed to operating system by the application software of carrying out.
The inventor also find to handle in computer system 101-104 Cryptographic operating type and the early stage microprocessor Float Point Unit also do not set up before the special disposal unit the spitting image of.Early stage floating-point operation is by software processes, so execution speed is very slow.Cryptographic also is very slow by the speed of software processes.Along with the technology evolution of floating-point operation, the floating-point operation instruction is integrated into the auxiliary processor of central processing unit.Make the price of whole system raise though add the floating number auxiliary processor, the speed of handling floating number is fast more many than software.The central processing unit aid in treatment hardware of Cryptographic is also arranged now, is by parallel port or other bus interface (as the versatility universal serial bus) card insert type or external hanging type device mostly.The auxiliary processor of this type of central processing unit can shorten the work disposal time of computer system Cryptographic.But except the price and power consumption that increase system, not only the stability of whole system reduces, and Information Security becomes consideration, because not the existing on the same chip with microprocessor of auxiliary processor, so the connecting tube between them may be eavesdropped.
So the Cryptographic hardware that is built in the microprocessor in one is necessary.This hardware should allow application software only need send out an instruction just can finish Cryptographic.The inventor thinks that this hardware can reduce the necessity that gets involved computer operating system.This invention can provide the priority that application software is carried out the Cryptographic instruction in the ideal, except need with more general on the market microprocessor architecture design compatibility at present, also want can support more old operating system and application software, more to prevent to eavesdrop machine-processed.This hardware should be supported multiple different Cryptographic algorithm, and can authenticate with testing hardware on the Cryptographic algorithm.This invention needs can the operating mode of switching own, for example allows the user to select the key that provides own or selects by hardware distribution key and support to switch different big or small data slot and cipher key size.At last, the employed encryption/decryption modes of this hardware should be selected, for example whether use electronic codebook mode (electroniccode book, ECB), (cipher block chaining mode CBC), encrypts feedback model (cipher feedback mode to the cryptographic block chain pattern, CFB) or output feedback mode (output feedbackmode OFB) does Cryptographic.
Summary of the invention
Purpose of the present invention provides a built-in Cryptographic technology of outstanding microprocessor for solving the problem that faces on the prior art.
To achieve these goals, the invention provides a kind of device, comprising in order to the computing of execution Cryptographic: the actuating logic device, be positioned at microprocessor, receive the instruction flow that this microprocessor is carried out, this instruction flow comprises the Cryptographic instruction; This actuating logic device comprises: calculation element, in order to receive this Cryptographic instruction, carry out the indicated Cryptographic computing of this Cryptographic instruction, and wherein this Cryptographic computing comprises: show whether this Cryptographic computing is interrupted by an interrupt event; And a block pointer device logic device, be coupled to this actuating logic device, carry out one of following action in order to indicate this calculation element: revise the content of a block count register, this Cryptographic computing of this present input block piece is finished with expression; And make and be derived from the data that the data of this present block are carried out this Cryptographic computing and keep or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of a block data that is right after being carried out this Cryptographic computing be continued.
It is a kind of in order to carry out the device of crypto-operation that the present invention also provides, and be built in an actuating logic device of a microprocessor in having, this device comprises: a Cryptographic unit, be positioned at this microprocessor, be used to receive the Cryptographic instruction that belongs in the instruction flow, respond this this microprocessor of Cryptographic instruction indication and carry out a specific Cryptographic computing; And a flag register that is coupled to this Cryptographic unit, it comprises an information bit, this position is in order to show whether this Cryptographic computing is interrupted by an interrupt event; One block pointer device logic device, be coupled to this actuating logic device, one of following in order to indicate a calculation element to carry out: as when a present input block piece is finished this Cryptographic computing, the pointer device of input in the internal memory and dateout block to be revised as to point to next input and dateout block; Revise the content of a block count register, this Cryptographic computing of this present input block piece is finished with expression; And make and be derived from the data that the data of this present block are carried out this Cryptographic computing and keep or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of a block data that is right after being carried out this Cryptographic computing be continued.
The present invention provides the method for the Cryptographic computing in a kind of final controlling element again, and this method includes: carried out a Cryptographic computing of this Cryptographic instruction appointment in the Cryptographic instruction that is received by the Cryptographic cell response in the actuating logic device; Show whether this Cryptographic computing is interrupted by an interrupt event; And indicate this device to make to be derived from the data that the data of a present block are carried out this Cryptographic computing to keep or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of ensuing data being carried out this Cryptographic computing be continued.
That is to say that the present invention is the device of Cryptographic in the microprocessor among the embodiment.Cryptographic instruction and actuating logic device have been comprised in the device.Cryptographic instruction is received by a calculation element, and as the some in order to the instruction flow carried out on this calculation element, wherein this Cryptographic instruction is carried out in these Cryptographic computings one in order to appointment.Be coupled to this Cryptographic instruction in the running of actuating logic device, to carry out the specified Cryptographic computing of this Cryptographic instruction.The Cryptographic computing of this appointment comprises whether the Cryptographic computing that shows this appointment is interrupted by interrupt event.
One embodiment of the invention are a micro processor, apparatus of handling the Cryptographic program, and this device comprises the password unit that is positioned at a device, and are positioned at an of register.Password unit response one is by the Cryptographic instruction in the instruction flow of this device reception, to carry out this specified Cryptographic computing of this Cryptographic instruction.This position in register is coupled to this password unit in running.This execution in order to the Cryptographic computing that shows this appointment is interrupted by interrupt event.
The another embodiment of this invention is a method of carrying out Cryptographic in microprocessor.This method has comprised the instruction of response one Cryptographic, and carries out the specified Cryptographic computing of this Cryptographic instruction; And whether interrupt event taken place be presented at this term of execution.
Cooperate the following description and accompanying drawing, other purpose of the present invention, characteristic and advantage can be understood by more deep work one.
Description of drawings
Fig. 1 describes the block diagram that known Cryptographic is used.
Fig. 2 describes the block diagram that computer system is carried out Cryptographic.
Fig. 3 is the block diagram of the micro processor, apparatus of one processing Cryptographic computing according to the present invention.
Fig. 4 is the block diagram of the one independent Cryptographic instruction set according to the present invention.
Fig. 5 is the table of comparisons of the one block decryption mode field value according to the present invention.
Fig. 6 is the block diagram of Cryptographic unit in the X86 compatible microprocessors according to the present invention.
Fig. 7 is the exemplary view that comprises field according to the present invention in the Cryptographic instruction, and microprocessor carries out the relevant time computing of Cryptographic in this instruction indicator diagram 6.
Fig. 8 is the table of comparisons that register words segment value and computing are moved in the XLOAD microcommand according to the present invention, and the form of XLOAD microcommand as shown in Figure 7.
Fig. 9 is the table of comparisons that register words segment value and computing are moved in the XSTOR microcommand according to the present invention, and the form of XSTOR microcommand as shown in Figure 7.
Figure 10 is the example of the control character form according to the present invention.The Cryptographic parameter of control character indication Cryptographic computing.
Figure 11 is the block diagram of the Cryptographic unit according to the present invention.
Figure 12 is the block diagram of the AES block decryption logic device according to the present invention.
Figure 13 is a flow chart of the present invention, and it describes a method in order to the cryptographic parameter state during the maintenance interrupt event.
Figure 14 is a flow chart of the present invention, and it is described in when having one or more interrupt event, to several input block pieces, carries out the method for specific cryptosystem coding computing.
Wherein, description of reference numerals is as follows:
101,102,103 computer workstations, 104 mobile computers
105 LAN, 106 storage devices
107 first router one 08 wireless routers
109 wireless networks, 110 Wide Area Networks
111 second router one 12 encryption/decryption software
201 microprocessors, 202 operating systems
203 application storage districts 204 produce the software of key
205 cipher key procedures table 206 encryption softwares
207 decryption softwares, 208 initialization vectors
209 Cryptographic parameters 210 expressly
211 ciphertexts
301 microprocessors, 302,322 XCRYPT instruction
The 304 microcommand formations of 303 translation logic devices
305,306 microcommands, 307 register files
308,309,310,311,312,313 registers
314 load logic devices, 315 data high-speed buffer memorys
316 Cryptographic unit, 317 stored logic devices
318 write back logic device 319 rambus
320 operating systems, 321 Installed System Memories
323 control characters, 325 initialization vectors
324 initialization key/cipher key procedures table 326 input characters
327 output characters
400 Cryptographics instruct 401 selectivity preamble field
402 repeat preamble field 403 operation code fields
404 block decryption mode fields
The 500 block password field selection values and the microprocessor computing action table of comparisons
600 microprocessors
601 extraction logic devices, 602 translation logic devices
603 transfer interpreters, 604 microinstruction code read-only memorys
605 register stages 606 address phases
608 execution phases of 607 load phase
609,611,613,615 microcommand formations
610 integer units, 612 floating point units
616SSE unit, 614MMX unit
617 Cryptographic unit, 618 storage stages
619 write back stages 620 load bus
621 idle signals, 622 memory bus
624EFLAGS register 625X position
626 interrupt logic devices, 627 microcommands
628MSR register 629E position
630FCR register 631D position
632 actuating logic devices, 623 buses
700 microcommands, 701 little operation code fields
702 data register fields, 703 register fields 703
The 800XLOAD value table of comparisons 900XSTOR value table of comparisons
1000 control character 1001RSVD fields
The KSIZE field 1003 encrypt/decrypt E/D fields of 1002 cipher key size
1004 intermediate object program IRSLT fields, 1005 keys produce the KGEN field
1006 algorithm ALG fields, 1007 rounds counting RCNT field
1100 Cryptographic unit, 1101 block decryption logic devices
1102 key random access memorys, 1103 microprogram sign indicating number registers
1104 control character registers
1105input-0 register 1106input-1 register
1107key-0 register 1108key-1 register
1109output-0 register 1110ouput-1 register
1111 load bus, 1112 memory bus
1113 stop signals, 1114 microinstruction bus
1200AES algorithm block decryption logic device
1201 microinstruction register 1202CW registers
1203KEY-0 register 1204KEY-1 register
1205IN-0 register 1206IN-1 register
1207OUT-0 1208OUT-1
1210 add up to calculation engine controller 1211 encrypt/decrypt buses
1212RNDCON bus 1213 key buses
1214 keys produce signal 1215,1216,1217 buses
1218NEXTIN bus 1220 bout computing engines
1,221 first key xor logic devices, 1222 register REG-0
1223S-Box logic device 1224 moves the row logic device
1225 register REG-1 1226 mix hurdle logic device
1227 register REG-2
Embodiment
Following content will with reference to the background of related of the preceding Cryptographic computing of figure 2 continuity with and defective inquire into.Next please refer to Fig. 3 to Figure 14.The invention provides a usefulness and carry out the Cryptographic running with the superior apparatus and method of mechanism.This invention reduces the necessity of interventional procedure system.In addition, other requirement has also been satisfied in this invention, as independent completion, with old framework compatibility, operation method and mode switch, hacker's property resisted, and testability.
Please see Figure 2 now, what Fig. 2 described is the block diagram of the Cryptographic of computer system execution now.Comprised a microprocessor 201 in Fig. 2, this microprocessor 201 is responsible for obtaining in the application storage district 203 instruction relevant with application program and the relevant data of access from Installed System Memory.Software control in the application storage district 203 and data access mechanism all are to be handled by operating system 202 in system's storage usually.Operating system 202 is stored in the block that is protected in system's storage.As describing in the preamble, when an application program in commission needs to do the action of deciphering compiling (for example saying an e-mail program or the software of store files), must notify microprocessor 201, finish the huge instruction of a succession of quantity by microprocessor 201 then and just can finish Cryptographic.These instruct some to be the subprogram in the application program during this is carried out, and some is the software package program that is connected to this executive program, perhaps also might be the service that operating system 202 is provided.No matter these command source wherefrom, all the position is in internal memory in specific zone.Discuss for convenient, all be enclosed in the application storage district 203 in the fragment figure of these zoness of different in the internal memory.Also comprised a software 204 that produces key in the application storage district 203.This key produces the work that software is responsible for producing and accepting key usually, also key is launched into cipher key procedures table 205.If the encryption mode that uses needs, encryption software 206 can remove to read initialization vector 208.Encryption software is carried out the action that built-in command is finished plain text encryption, exports ciphertext 211 at last.The flow process of deciphering is the same haply, and when needs were understood one section ciphertext, decryption software 207 was called out.Decryption software 207 is carried out specific instruction and is obtained ciphertext 211, cipher key procedures table 205 and Cryptographic parameter 209.Wherein Cryptographic parameter 209 can provide the detail of Cryptographic.If the decryption mode of use has needs, decryption software 207 can go to read initialization vector 208 and carry out the action that decrypt ciphertext is finished in the instruction of face there, output plaintext 210.
Encrypt, the action of deciphering and generation key should just be finished with instruction still less.Just having in the standard that before proposes to be published by FIPS provides several different pseudo-codes to estimate the instruction number of finishing the required execution of a simple password compiling work micro processor.And the instruction number of the required processing encryption of technology that uses now is up to more than up to a hundred.In addition, from the angle of those executory application software (file management, news in brief, Email, remote file access, credit card trade software), neither the main purposes of software itself and very consuming time again of carrying out these Cryptographics.Even can make user's illusion application software of software efficient inadequately.If encryption software 206, decryption software 207 is frameworks of software package, and then situation can be even worse, because the job of computer operating system has increased support call and managing encrypted software 206 again, and decryption software 207 softwares.Operating system must be supported other situations such as interruption, exception.In addition, each ongoing Cryptographic of while all can arrange some spaces to give the software 204 that produces key in application storage district 203 on the computer system, encryption software 206 and decryption software 207, and the Cryptographic working quantity of following microprocessor 201 required processing only can be growing on and on.
The inventor is in view of this defective of computer system processor Cryptographic now, and knowing from experience needs a built-in microprocessor, and can improve the necessity of the device and method of Cryptographic processing speed.This element just starts compiler by a single Cryptographic instruction.About this invention, we do more deep explanation with reference to Fig. 3 to Figure 12.
Please see Figure 3 now, Fig. 3 is the microprocessor Cryptographic arithmetic unit block diagram according to the principle of the invention.Fig. 3 shows that microprocessor 301 combines with Installed System Memory 321 by rambus 319.Microprocessor 301 has comprised translation logic device 303.Translation logic device 303 receives instruction from command register 302.The formation of password translation logic device 303 can be that a logic device, circuit, device, microinstruction code (being exactly microcommand or primary instruction) or logic device, circuit, device, microinstruction code or other can reach same effect combination of components, instruction is changed into the assembly of the microinstruction code of contrast.Constitute Cryptographic logic device 303 assembly can with microprocessor 301 in carry out other functions assemblies such as circuit, microinstruction code share.According to using scope, microinstruction code refers to several microcommands.Microcommand (also can be known as primary instruction) refers to the executable instruction of Cryptographic unit level.For example, the reduced instruction set computing processor is all directly carried out microcommand, and strengthens the instruction set arithmetic processor, and as the processor of x86 compatibility, then elder generation becomes microcommand with instruction translation and then carried out by one or more unit, inside.Translation logic device 303 and instruction queue 304 couple.Several microcommands 305,306 are arranged in the instruction queue 304, and these microcommands are given register phase logic device by microcommand formation 304.Wherein register phase logic device has comprised register file 307.Microcommand moves to from instruction queue and deposits logic device district.Deposit the logic device and comprised a registry file 307, several register 308-313 is arranged in the registry file 307.These registers can be with the needed data load of computing before the compiling computing of encoding.Each register points to all that 323-327 wherein contains the needed data of encryption computing in the internal memory 321.Register mode area logic device and load logic device 314 couple.Load logic device and data high-speed buffer memory 315 couple, and read the needed data of Cryptographic computing from data high-speed buffer memory 315.The data high-speed buffer memory couples and carries out the instruction of receiving by rambus 319 and internal memory.The formation of actuating logic device 328 can be that a logic device, circuit, device, microinstruction code (being exactly microcommand or primary instruction) or logic device, circuit, device, microinstruction code or other can reach same effect combination of components, the indicated computing of executing instruction.Constitute actuating logic device 328 assemblies can with other function sharings in the microprocessor 301.Actuating logic device 328 has comprised a Cryptographic unit 316.Cryptographic unit 316 receives Cryptographic computing desired data from load logic device 314.Microcommand indication Cryptographic unit 316 carries out Cryptographic to several input characters 326 fragments, and several corresponding output character 327 fragments of output.The formation of Cryptographic unit 316 can be a logic device, circuit, and device, microinstruction code (being exactly microcommand or primary instruction) or a logic device, circuit, device, microinstruction code or other can reach same effect combination of components, handle Cryptographic.Constitute Cryptographic logic device 316 assemblies and can be with microprocessor 301 in carry out other functions circuit, microinstruction code, etc. assembly share.Among one embodiment in Cryptographic unit 316 and the actuating logic device 328 as parallel execution (not shown)s of performance element such as floating point unit and integer units.The formation of the embodiment of one " unit " can be that a logic device, circuit, device, microinstruction code (being exactly microcommand or primary instruction) or logic device, circuit, device, microinstruction code or other can reach same effect combination of components.The assembly that constitutes this element can be with microprocessor 301 in carry out other functions circuit, microinstruction code, etc. assembly share.Among one embodiment, the formation of integer unit can be that a logic device, circuit, device, microinstruction code (being exactly microcommand or primary instruction) or logic device, circuit, device, microinstruction code or other can reach same effect combination of components, carries out integer instructions.The formation of a floating point unit can be that a logic device, circuit, device, microinstruction code (being exactly microcommand or primary instruction) or logic device, circuit, device, microinstruction code or other can reach same effect combination of components, carries out floating point instruction.Constitute the assembly of carrying out integer instructions in the integer unit and can be with Float Point Unit in handle the assembly of floating-point operation instruction circuit, microinstruction code, etc. share.One with the embodiment of x86 framework compatibility in, a Cryptographic unit 316 and an x86 integer unit, an x86 floating point unit, an x86MMX unit and a parallel running in x86 SSE unit.According to the present invention, one can support the software that great majority are write for the x86 processor with the embodiment of x86 compatible structure.Judge whether the method whether software correctly is performed obtains correct result after checking executive software.The embodiment of other and x86 compatibility is considered as a subelement in the x86 performance element with the Cryptographic unit.Cryptographic unit 316 couples and provides output several corresponding literal 327 fragments with stored logic device 317.The stored logic device couples 315 with the data high-speed buffer memory again.Data high-speed buffer memory 315 is delivered to output character 327 data branches in the internal memory 321 and is stored.Stored logic device 317 with write back logic device 318 and couple.After finishing, the Cryptographic computing writes back the content that logic device 318 upgrades register 308-313 in the register file 307.Microcommand cooperates the frequency signal (not shown) to flow to aforesaid each logic device stage 302,303,304,307,317,316-318 among one embodiment, and computing can be carried out a plurality of computings simultaneously as production line operation like this.
In the Installed System Memory 321, an application program can be sent a crypto-operation instruction 322 to microprocessor 301, hereinafter referred to as XCRYPT instruction 322 if need to carry out the Cryptographic computing.In strengthening instruction set computing embodiment, XCRYPT instruction 322 has comprised the microcommand of indication Cryptographic computing.In reduced instruction set computing embodiment, XCRYPT instruction 322 has comprised the microcommand of indication Cryptographic computing.Among one embodiment, have more or ordering calculation sign indicating number in existing instruction set that XCRYPT has instructed 322 usefulness for using.Among the embodiment of one x86 compatibility, XCRYPT instruction 322 is that to comprise an x86 preposition (prefix) ((be exactly 0 * 0FA7) and position block decryption mode one by one for the 2 bit arithmetic sign indicating numbers that were used in 0 * F3), one instruction set just for one 4 bit instruction.The level that XCRYPT instruction 322 is allowed to carry out according to application software among one embodiment can directly write with the instruction flow of XCRYPT instruction 322 direct microprocessors 301 or by operating system 320.Because software or operating system only need next instruction 322 just can finish Cryptographic, so the operation details of Cryptographic all is transparent to operating system.
The operating mode of computer system is to be called out by operating system 320 to carry out each application software.Application software is ordered to carry out XCRYPT and was instructed 322 o'clock, and according to general instruction flow in the computer system, this instruction meeting is passed in the extraction logic device from internal memory 321.Certainly, also have the Cryptographic control character 323 of other instruction indication microprocessor 301 elder generations in the software, initialization key or cipher key procedures table 324, initialization vector 325 (if the words that need) with 323-327 in the internal memory 321.Waiting processed input characters 326 and output character 327 can be copied among the corresponding register 323-327.The action of this initialization register 308-312 must be finished before carrying out XCRYPT instruction 322.Because instructing, execution XCRYPT can use data all among the register 308-312 at 322 o'clock.Also has a register in addition, a register of being responsible for the encrypted/deciphering that has several fragments also to need of record input characters.Translation logic device 303 gets instruction from the extraction logic device, is translated into corresponding microcommand, and indication microprocessor 301 is finished the Cryptographic computing.First instruction among the microcommand 305-306 can load data indication Cryptographic unit 316 from the load logic device, begin to carry out the Cryptographic of predetermined number of times then.Complete result's output file can deposit literal 327 districts of the stored logic device 317 in the internal memory 321 by data high-speed buffer memory 315 in.Other performance element (not shown)s in second group of several instruction (not shown) indication microprocessor 301.Non-architectural registers comprises interim sum counter as a result usually and upgrades input and output pointer register 311-312.If the more new data that is applied to the initial vector register is arranged.Wherein an embodiment is that register 308-313 is an architectural registers.
Among one embodiment, Cryptographic unit 316 is divided into several stages, allows continuous input characters 326 fragments by pipelineization.
The shown assembly of Fig. 3 is explanation necessary assembly of the present invention.The logic device of many microprocessor 301 inside now is middle demonstration the in Fig. 3 not.Those skilled in the art can find that in order to clearly demonstrate invention, the logic device that comprises in many microprocessors 301 all has been simplified in Fig. 3.This is narration for convenience.Can comprise that as load logic device 314 address produces step, cache interface stage of the person of connecing.And then then high-speed cache align stage.But have a bit very important, the present invention carries out Cryptographic to several input characters 326 fragments, and operating system is as long as just can finish by single instruction.The begin details of Cryptographic work of the present invention is moved complete transparence, and and microprocessor 301 in other actuating logic devices carry out computing simultaneously.Cryptographic unit 316 and relevant XCRYPT instruction 322 runnings are more old operating system computing compatibility fully and now.
Now please refer to Fig. 4, this is the block diagram of Cryptographic instruction.Cryptographic instruction 400 has comprised 401, one of preamble field and has repeated 403, one block decryption modes of 402, one operation code fields of preamble field field 404.Among one embodiment, the content of field 401-404 and x86 order structure compatibility.
During computing, many instruction set architectures all take to have added an optionally preamble field 401.This field contents is used to refer to processor and opens or close some calculation functions.For example directly make 16 or the function of 20 bit arithmetics and the function of direct processing or the specific fragment of access etc.The number of times that on behalf of the Cryptographic action, the content of repetition preamble field 402 need be repeated to carry out.Repeat preamble field 402 and also impliedly indicate the microprocessor that meets, use the content of several framework registers of wherein being used as the pointer device, and deliver to the position that comprises in the Installed System Memory of finishing required code data of designated pin computing and parameter.As mentioned above, in the embodiment of x86 compatibility, the value that repeats preamble field 402 is 0xF3.And according to the x86 framework agreement, the form and the x86 repeat character string instruction (as RFP.MOVS) of Cryptographic instruction are very similar.For example, when carrying out, repeat preamble field and impliedly relate to the variable region block count that is stored among the framework register ECX, be stored in the source address pointer device (pointing to the input data of crypto-operation) among the register ESI and be stored in destination address pointer device (pointing to the dateout district in the internal memory) among the register EDI by x86 compatible microprocessors embodiment of the present invention.In the compatible embodiment of x86, the present invention further can extend to traditional repeat character string instruction notion and relate to the control word group pointer device that is stored among the register EDX, the pointer device (if by the needed words of prescribed password pattern) that is stored in the cryptographic key pointer device among the register EBX and is stored in the initialization vector among the register EAX further.
Operation code field 403 refers to that microprocessor goes to carry out the Cryptographic computing of control character indication, and this control character is actually and is existed in the internal memory, the position of control word pointed control word in internal memory.The value of operation code can be set to the value of few usefulness in the existing instruction set.Thus, more old operating system and application software also can be used.For example say that an x86 compatible system just can be made as 0x0FA7 with this value.404 which the crypto-operation operation of indication of block decryption mode field need be performed.Please see Figure 5.
Fig. 5 is a block password field selection values and microprocessor computing action table of comparisons example.As shown in the figure, when being 0xC8 as if the value in the block password field, microprocessor will be finished the Cryptographic action with electronic codebook mode (ECB) pattern.When the value in the field was 0xD0, microprocessor will be with cryptographic block chain (CBC) pattern.0xE0 represents that microprocessor should use encryption feedback model (CFB), and 0xE8 represents to use output feedback mode (OFB).The above each pattern all has detailed description in the FIPS document.
Please see Figure 6.What Fig. 6 will show is the inventive embodiments of a Cryptographic unit 617 in the microprocessor 600 of X86 compatibility.An extraction logic device 601 is arranged in the microprocessor 600.Extraction logic device 601 gets instruction from the internal memory (not shown).Translation logic device 602 is by a logic device, circuit, microinstruction code (microcode) (be exactly microcommand, micro instructions or native code, nativeinstruction) device or other can change into instruction the assembly of the microinstruction code of contrast.Translation component in the translation logic device 602 can be shared with other functional unit in the microprocessor 600.As shown in the figure, a transfer interpreter that couples mutually 603, microinstruction code read-only memory 604 and sector pointer device logic device 640 have been comprised in the translation logic device 602.Interrupt logic device 626 couples translation logic device 602 by bus 628.The interrupt request signal 627 that software/hardware sent is all handled by interrupt logic device 626.Interrupt logic device 626 is pass on instruction translation logic device 602 and is interrupted.As shown in Figure 6, instruction translation logic device and following consecutive sexual stage couple.Comprise the register stage 605, address phase 606, load phase 607, execution phase 608, storage stage 618 and write back the stage 619.Comprised an actuating logic device 632 in the execution phase 608 that Fig. 6 described.The performance element that a plurality of while operations are arranged in the actuating logic device 632, unit 610,612,614,616 and 617.Integer unit 610 is responsible for carrying out the integer microcommand in the microcommand formation 609, floating point unit 612 is responsible for carrying out the floating point microinstruction in the microcommand formation 611, the MMX microcommand in the microcommand formation 613 is responsible for carrying out in MMX unit 614, and the SSE microcommand in the microcommand formation 615 is responsible for carrying out in SSE unit 616.SSE unit 616 and Cryptographic unit 617 couple.620, one idle signals 621 of a load bus and a memory bus 622 are arranged in the middle of Unit two.Same microcommand formation 615 is shared in Cryptographic unit 617 and SSE unit.The way of another embodiment is that Cryptographic unit 617 is made as one as unit 610,612 and 614 identical fully independently unit.Integer unit 610 and x86EFLAGS register couple.The EFLAGS register has comprised an X position 625.Whether the value indication in this X position has the Cryptographic computing at present just in operation.Among 625 embodiment of X position wherein one be the 30th position in the x 86EFLAGS register 624.In addition, integer unit 610 can read the state that data in the register 628 are analyzed an E position 629.Whether the value indication Cryptographic unit 617 in the E position is present in the microprocessor 600.Integer unit 610 also can read a D position 631.This position is positioned at feature control register 630, is used for opening and closing Cryptographic unit 617.As Fig. 3 microprocessor 301 embodiment, the microprocessor 600 of Fig. 6 is expressed inventive features in order to know, only demonstrates the structure of some microprocessors among the figure, and other parts are then pooled together or are omitted.It will be appreciated by those skilled in the art that assembly, for example be responsible for the interface of data high-speed buffer memory (not shown), the unit of other microprocessors such as Bus Interface Unit (not shown) and clock generator and dispersion logic device all is omitted.
In the calculating process, extraction logic device cooperation clock signal (not shown) will be instructed and be carried to translation logic device 602 from the internal memory (not shown).Translation logic device 602 will instruct change to be compiled to corresponding microcommand cooperates clock signal to change to supply with 605-608 in the microprocessor 600 then, unit such as 618 and 619.Corresponding a succession of this son done of microcommand indication microprocessor of each instruction moves finishes this instruction.For example an address of being carried out by address phase 606 produces instruction, and just comprise elder generation and in specific two register (not shown)s of register stage 605, obtained two operands, and then in two operands of integer unit 610 additions.All performance elements 610,612,614,616 and 617 results that produced are responsible for depositing in the internal memory by stored logic device 618.Translation logic device 602 can decision instructions type, use transfer interpreter 603 directly to produce a microcommand that links up then, or translation logic device 602 can be by extracting a microcommand that links up in the microinstruction code read-only memory 604.Perhaps translation logic device 602 can produce the microcommand of part, and remaining proposes from the read-only storage of microinstruction code again.Microcommand is followed 605-608 according to clock speed in microprocessor 600, the order in 618 and 619 each stage is carried out.When microcommand moved to execution phase 608, actuating logic device 632 was sent to performance element 610,612,614,616 with microcommand, and the result that 617 performed computings produce then enters storage stage 618.In one embodiment, instruction that microcommand has comprised the scope of indicating is no matter can carry out simultaneously with other computing.
After translation logic device 602 receives the XCRYPT instruction, produce the corresponding instruction that is, other logic device 605-608 in commander's microprocessor 600,618, the 619 Cryptographic operational orders of carrying out.The several microcommand in front can directly be dispatched to commands unit 617 to load the data that need from load bus in the Cryptographic unit 617.Or load the input data of a fragment, begin to indicate the Cryptographic bout of number of times.Also might be that one section output stream is passed to stored logic device 618 by memory bus 622, and then deposit in the internal memory.Next second group of several instruction can be distributed to performance element 610,612, and 614 and 616 carry out the sub-computing of other necessity.For example test E position 629, set D position 631, the value of X position 625 is set at display password compiling computing just in commission, the value of X position 625 is set at display password compiling computing just in commission.Upgrade content of registers (as counter register, input characters pointer register, output character pointer register) and deposit the interior work of stages 605 scope, handle interrupt request 627 work of sending here by interrupt logic device 626 such as grade.In order to realize the Cryptographic dependent instruction of full blast, the order of microcommand can be arranged in especially the integer unit microcommand is interspersed in the Cryptographic microcommand, has reached integer arithmetic and the parallel execution of Cryptographic computing.Comprised in the microcommand and from interrupt request 627, recovered needed microcommand.All pointers that point to Cryptographic parameter (cryptographic parameter) and data all are positioned at the x86 architectural registers, and when receiving interrupt request, pointer all can be stored, and behind the EOI, data meter parameter can be resumed.Therefore, when central broken hair was given birth to, corresponding interrupt service routine was transferred in program control meeting.As the some of this program control transfer, can remove X position 625, no longer valid with expression key data and control word group data.After from interrupt, returning, program controlly can rotate back into the XCRYPT instruction immediately, and as the some of its corresponding microcommand, specific microcommand can be tested the state of X position 625, whether serves as effective to judge key data and control word group data.If so, when central broken hair is given birth to, the input operation of data of the particular block that can repeat just handling.If the state representation key data of X position 625 and control word group data no longer are effectively, then can from internal memory, reload the key data and the control word group of the input data that are accompanied by the particular block of just handling.In a word, always can relate to the initial testing of X position 625, to judge the key data in the Cryptographic unit 617 and the validity of control word group data according to the instruction of XCRYPT of the present invention instruction.If key data and control word group data are not that effectively then key data and control word group data can load from internal memory.Then, can load content input block piece pointed, and can carry out the prescribed password computing the input block piece by the input pointer register.Other mode is can load the input block piece, and can not load key data and control word group data earlier, and carry out the prescribed password computing.
If produce new key data or new control word group, then before carrying out new XCRYPT instruction, need to remove X position 625.Also can take into account and to use identical key data and control word group data to carry out continuous XCRYPT instruction.In this kind situation, after loading initial key data and control word group data, need not remove X position 625.For example, for the optimization purpose relevant with rambus speed, the user can be resolved into the encrypt/decrypt that for example is 500 input block pieces 5 XCRYPT instructions, deals with the input block piece of each separately.
Block pointer device logic device 640 can be sure of that corresponding microcommand can do arrangement, allowing to be used for pointer register, and before handling interrupt 627, upgrades the intermediate object program to a sequence area block encryption computing of a sequence input characters block.Block pointer device logic device 640 can be indicated the flow process of microcommand being inserted corresponding microcommand, to such an extent as to when the crypto-operation of finishing the input data of first block, the pointer device of input in the internal memory and dateout block can be modified as and point to next input and dateout block.In addition, block pointer device logic device 640 can be indicated the flow process of microcommand being inserted corresponding microcommand, to revise the block count device, with expression the crypto-operation of the input data of present block is finished.Have again, in the incident of using block scrambler pattern, when the block data that is right after is carried out crypto-operation, the needs use results to the data of the data execution crypto-operation of present block, block pointer device logic device 640 also can be indicated the flow process of microcommand being inserted corresponding microcommand then, to keep or to produce and keep resulting from data to the data execution crypto-operation of present block in the zone of the specified internal memory of initialization vector, to such an extent as to after returning from interrupt event, it is sustainable that the block data that is right after is carried out crypto-operation.
Please see Figure 7, Fig. 7 is the example of a microcommand structure.This microcommand 700 is exactly to be used to refer to the instruction that image pattern 6 being seen microprocessors are carried out the Cryptographic computing.Microcommand 700 has comprised 701, one data register fields 702 of a little operation code field and a register field 703.Little operation code field 701 provides the logic device that those sub-operation programs of microprocessor 600 these execution and per stage will use.In the present invention, specific value is to be assigned to microcommand to use for the decoding unit running.The data of first value (XLOAD) indication from the position that data in EMS memory register field 702 points to.These data should be loaded the position of register field 703 bes in the Cryptographic unit.The data of this proposition (for example Cryptographic key data, control word, input characters data, initialization vector) provide to be used to the Cryptographic unit.The value of second little operation code field 701 (XSTOR), the result that indication Cryptographic unitary operation produces should deposit data in EMS memory register field 702 position pointed in.At the Cryptographic unit of multiple-rank arrangement, that should be deposited in the internal memory indication of the content of register field 703 in several dateout fragments.The dateout fragment is placed in data field position 704, supplies with the stored logic device and reads.Next, with reference to figure 8 and Fig. 9, XLOAD and the XSTOR execution flow process in the Cryptographic unit will be inquired into further.
Please refer to Fig. 8, form 800 is as discussed previously, and microprocessor is translated the XCRPYT instruction and obtained one group for instructing.First group of several microcommand in front in this group microcommand are directly carried out by the Cryptographic unit, and next several microcommands of second group then are by one or the parallel execution in a plurality of other unit.The action that second group of several microcommand carried out comprises refresh counter, temporary register, and the position state of mechanical particular register etc. is tested and set to structure register.First group of several microcommand then provides key data, the Cryptographic parameter, give the Cryptographic unit with the input data, and commander's Cryptographic unit produces cipher key procedures table (or loading by the cipher key procedures table that proposes in the internal memory), load or input characters is encrypted or deciphering, store the output character data.One XLOAD microcommand indication Cryptographic unit Loading Control digital data, loading pin compiled key or cipher key procedures table load the initialization vector data, load input characters data and indication and begin to carry out the Cryptographic computing.When the little XLOAD of microcommand, the value 0b010 indication Cryptographic unit in the register field 703 is with control word Loading Control word pointer register.Advance in pipeline with this instruction of finger, wherein can run into a register memory control word pointer.The position of control word in this pointed internal memory.The load logic device proposes this control word from cache memory, put into data field position 704.Identical, the input characters data in the register words segment value 0b100 indication position, loading data territory, Cryptographic unit 704.And then carry out the Cryptographic computing.As control character, the input data are to exist the pointer in the structure register to propose by one.
Among one embodiment, register field 0b100 and 0b101 can be regarded as a two stage Cryptographic unit.Continuous input characters data can be by pipelineization.First XLOAD microcommand is put into IN-1 with first section input characters, and second XLOAD microcommand put into IN-0 with second section input characters, and second XLOAD microcommand also can start the Cryptographic unit and carry out the Cryptographic computing.
If the cipher key procedures table that the employed person of being to use of Cryptographic computing produces voluntarily, then the number of XLOAD microcommand is corresponding with the number of key in the cipher key procedures table that the user produces voluntarily.The cipher key procedures table that the user produces voluntarily can be distributed in the Cryptographic unit, and this element can load the employed key of this bout according to the situation that Cryptographic carries out from the cipher key procedures table.
Other value all is a retention in the XLOAD microinstruction register field 703.
Please see Figure 9, show the table of comparisons of XSTOR microinstruction register field 703 in Fig. 9 form.Position in the indicated internal memory of position field 702 is deposited with the output character fragment of handling well (encrypted or deciphered) in XSTORE instruction indication Cryptographic unit.According to the present invention, the translation logic device produces earlier an XLOAD microcommand and loads one section input characters, and then sends XSTOR the corresponding output character that this input characters produced is stored.The value 0b100 indication Cryptographic unit of register field 703 provides internal register output-0, and the output character fragment among the OUT-0 is supplied with the stored logic device and done storage.The content of OUT-0 is the correspondence of input characters fragment among the IN-0.Identical, deposit the internal register output-1 that field 0b101 points to, its content is the correspondence of input data among the IN-1.After loading key and control word data, following XLOAD.IN-1, several input characters fragments can be by the loading pin compilation unit of pipelineization.XLOAD.IN-0 microcommand (XLOAD.IN-0 also is that indication Cryptographic unit begins to carry out the Cryptographic computing), XSTOR.OUTPUT-1, XSTOR.OUT-0, XLOAD.IN-1, XLOAD.IN-0 (beginning to carry out computing) or the like for next input characters fragment.
Please see Figure 10, Figure 10 is the form example of a control character 1000.Comprised the used Cryptographic parameter of indication Cryptographic computing in the control character.Control character 1000 is to be worked out in the internal memory by the user.Before carrying out the Cryptographic computing, the pointer that points to control character is positioned at a structure register.So in one group of microcommand of XCRYPT instruction correspondence, LOAD microcommand indication microprocessor reads the architectural registers that contains this pointer, and pointer changed into physical address, and take out control character 1000 from internal memory (high-speed cache), put into the control word register of inside, Cryptographic unit.Control character 1000 has comprised the RSVD field 1001 of a reservation, the KSIZE field 2002 of one expression cipher key size, one encrypt/decrypt E/D field 1003, one intermediate object program IRSLT field 1004, one key produces KGEN field 1005, one algorithm ALG fields 1006 and bout counting number RCNT field 1007.
The value of all reserved fields 1001 all will be retained.The size that the value representation of KSIZE field 1002 is encrypted or deciphered used key.Among one embodiment, actually KSIZE field 1002 is indicated 128 of keys, Hai Shi 192 256.E/D field 1003 is indicated this Cryptographic expression formula and is encrypted or decrypt operation.The cipher key procedures table that the key person of being to use produces in the KGEN field 1005 indication internal memories still is a single key.If in the internal memory is single key, then microcommand can be launched into a cipher key procedures table to this Cryptographic key according to ALG field 1006 content designated pin compiler algorithms.Among one embodiment, ALG field 1006 is specified aes algorithm, so up to now, the discussion that we did all is at Triple-DES and aes algorithm.Other uses the embodiment of different Cryptographic algorithms, as RijndaelCipher, and Twofish Ciper, etc.When indicating Cryptographic, the content of RCNT field 1007 follows used algorithm to the required rounds that repeat Cryptographic of each literal fragment.Though the standard of above-described Cryptographic algorithm is indicated the Cryptographic that different input characters fragments is carried out the fixed number of times bout, RCNT field 1007 allows programmers that the value of RCNT field 1007 is made as and can changes according to the algorithm that uses.The programmer specifies and will carry out 0 to 15 bout Cryptographic to every section literal among one embodiment.At last, IRSLT field 1004 contents are indicated algorithm that whether the bout number of times of input characters encrypt/decrypt is indicated with reference to RCNT field 1007 and ALG field 1006 or according to the algorithm that indicates in the ALG field 1006, just intermediate object program that the calculation number that RCNT field 1007 is done produces not is end product.Those skilled in the art can understand, and many Cryptographic algorithms can repeat same sub-computing, do different computings during last bout again.So IRSLT field 1004 intermediate object program that provides, and allow the programmer before carrying out next step action, to be confirmed earlier to this intermediate object program.For example end product rises in value to intermediate result, and can carry out bout to literal earlier and encrypt, and then a same literal fragment is carried out the Cryptographic of two bouts, and then carry out three bouts, or the like.Cryptographic bout set-up function that this can be set and intermediate object program function beginning user can assess the usefulness of Cryptographic, deal with problems, and also be the instrument of different key structures of research and bout number of times.
Please see Figure the block diagram of 11, one Cryptographic unit 1100.The Cryptographic unit has comprised a microprogram sign indicating number register 1103.Microprogram sign indicating number register 1103 receives microcommand by microinstruction bus 1114.(as microcommands such as XLOAD and XSTOR) Cryptographic unit 1100 has also comprised a control character register 1104, one input-0 register 1105, one input-1 registers, 1106, one key-0 registers 1107 and key-1 registers 1108.Load bus 1111 is abideed by the content of XLOAD microcommand in microinstruction register 1103 with among the data load storage 1104-1108.Cryptographic unit 1100 has also comprised a block decryption logic device 1101 that couples with all register 1103-1108 and key random access memory 1102.Block decryption logic device provides a stop signal 1113 and a block result to output-0 register 1109 and ouput-1 register 1110.Output register 1109-1110 can deliver to microprocessor with the inner content memory bus 1112 of passing through in proper order.Microinstruction register 1103 is 32 among one embodiment, and other register 1104-1110 then is 128.
In computing, the Cryptographic microcommand in regular turn be sent to microinstruction register 1103, in addition, one of them or cipher key register 1107-1108 of control word register 1104 and input register 1105-1106 one of them also can and then be delivered in the microinstruction register together.One cooperates among the embodiment that Fig. 8 and Fig. 9 discussed, and control word is earlier in the XLOAD microcommand is sent reserve Loading Control character register 1104.Next Cryptographic key or cipher key procedures table also are being loaded under the commander under the ensuing XLOAD microcommand.If loading is the Cryptographic key of 128 sizes, then the XLOAD microcommand can arrange KEY-01107 to store this key.If cipher key size is greater than 128, then XLOAD can arrange KEY-01107 and KEY-11108 to store this key.If what load is that a user produces key, ensuing XLOAD microcommand can be arranged KEY-01107.Key in each cipher key procedures table all can be arranged in the key random access memory 1102 in regular turn, for using in each Cryptographic bout.Next input characters data (if not needing initialization vector) can be loaded IN-1 register 1106.A microcommand among the XLOAD can indicate IN-0 register 1105 will import data load and according to the content in the control word register 1104, is applied in the IN-1 register or the initialization vector in two input register 1105-1106 begins the data in the register are carried out Cryptographic work.If after (the input data are by pipelineization) receives XLOAD microcommand assigned I N-0 register 1005, begin to carry out Cryptographic just block decryption logic device is followed the content of control word.Launch the single password compiled key if desired, block decryption logic device just can produce each key in the cipher key procedures table so, and they are existed in the key random access memory 1102.No matter whether block decryption logic device needs to produce the cipher key procedures table or the cipher key procedures table loads in internal memory, the used key of password to decipher first leg must be existed in the high speed in the block decryption logic device 1101 deposits, the password decipher bout of such first block just can directly carry out, and need not obtain from key random access memory 1102 again.Once block decryption logic device begins action, just can carry out the Cryptographic computing, the key that extraction will be used from the key random memory one by one to the input characters more than one or.The input fragment literal of the 1100 pairs of appointments in Cryptographic unit carries out specific Cryptographic computing.Assigning XLOAD and XSTOR microcommand comes input characters is encrypted or deciphered.When carrying out the XSTOR microcommand, if dateout (OUT-0 or OUT-1) also is not ready to, then block decryption logic device can be established a stop signal 1113.Finish and deposited in the corresponding register 1109-1110 once dateout produces, the content in the register will be changed over to memory bus 1112 so.
Please see Figure 12.Figure 12 is the block diagram of an aes algorithm block decryption logic device 1200.Block decryption logic device 1200 has comprised one bout computing engines (round engine) 1220, one bout computing engines controller 1210.Bout computing engines 1220 couples by bus 1211-1214 and bus 1216-1218 and bout computing engines controller 1210.Bout computing engines controller can access microinstruction register 1201, and KEY-1 register 1204 reads key data, microcommand and Cryptographic computing parameter.Content among the register 1205-1206 is supplied with bout computing engines 1220, and bout computing engines 1220 passes to the output character of correspondence in the output register 1207-1208 more then.Output register 1207-1208 couples by bus 1216-1217 and bout computing engines controller 1210.Bout computing engines controller just can read the result of each Cryptographic bout like this, resupplies bout computing engines 1220, allows bout computing engines 1220 can carry out the Cryptographic computing of second leg by bus NEXTIN1218.The Cryptographic key reads at random the internal memory (not shown) from key by bus 1215 and is suggested.ENC/DEC 1211 signals indication bout computing engines is encrypted (S-Box) or deciphering (oppositely S-Box).RNDCON bus 1212 indication bout computing engines carry out an AES bout or the intermediate AES bout or the AES of last bout.GENKEY signal 1214 is set interval scale bout computing engines 1220 to be needed to be launched into the cipher key procedures table from the key that bus 1213 obtains.Key bus 1213 also is used to provide key, and it can offer bout computing engines 1220 with the key of the required usefulness of each bout.
Bout computing engines 1220 couples with first register REG-01222, in comprised the first key xor logic device 1221.First register 1222 couples with S-Box logic device 1223.S-Box logic device 1223 with move row logic device 1224 (Shift Row logic) and couple.Move row logic device 1224 and second register REG-11225 couples.Second register REG-11225 and mixed hurdle (MixColumn) logic device 1226 couple.And mixed hurdle logic device and the 3rd register REG-21227 couple.The first cipher key logic device 1221, S-Box logic device 1223 moves row logic device 1224 and mixes hurdle logic device 1226 as carrying out the computing of title phase subprogram.Mix hurdle logic device 1226 purposes and carry out the AESXOR computing, the bout key that uses key bus 1213 to be provided for the data that time in the underway level crypto-operation bout is added.The first cipher key logic device 1221 when the indication of ENC/DNC state is decrypted, S-Box logic device 1223 moves row logic device 1224 and mixes the contrary AES subprogram computing that hurdle logic device 1226 also is used for carrying out correspondence.Those skilled in the art can understand that data can feed back to bout computing engines 1220 with data according to the indicated block decryption mode of control character register 1202 contents when carrying out intermediate bout.If when needing the initialization vector data, initialization vector can be passed back bout computing engines 1220 by bus NEXTIN1218.
Figure 12 is an embodiment.The bout computing engines is split into phase I between two stage: REG-01222 and REG-11225 and the second stage between REG-11225 and REG-21227 as shown in the figure.The data of scala media bout were placed in two stages, cooperated clock signal (position shows) to move.Finish input data when the Cryptographic computing, dateout is deposited in corresponding output register 1207-1208.Execution XSTOR microcommand can make register 1207-1208 will include data and be sent to the memory bus (not shown).
With reference to Figure 13, shown flow chart has the characteristic in order to the method according to this invention of the state of the cryptographic parameter during the maintenance interrupt event.When the flow process of instruction was carried out by microprocessor according to the present invention, flow process can be from square frame 1302.The flow process of instruction comprises that the XCRYPT instruction is unnecessary, as said.Flow process can be proceeded decisional block 1304 then.
In decisional block 1304, can estimate, (for example to judge interrupt event, maskable interrupts, maskable interruption, branch page fault, work switching etc.) whether just taking place, and this flow process of instruction need be changed over a kind of flow process (" interrupt handling routine ") of instruction, with the handling interrupt incident, if so, then flow process can be proceeded square frame 1306.If not, then the flow process loop on the decisional block 1304 of instruction execution can continue, and takes place up to interrupt event.
At square frame 1306 because interrupt event takes place, so program control transfer to corresponding interrupt handling routine before, interrupt logic device according to the present invention can be indicated the X position of removing in the flag register.Removing the X position can be sure of after returning from interrupt handling routine, if the computing of block scrambler is still being carried out, then it will show the one or more interrupt events of generation, and to input data by indicated this block of content of input pointer register, continue to reload control word group data and key data before the computing of block scrambler.Then, flow process can be proceeded square frame 1308.
At square frame 1308, comprise corresponding to the pointer device of the usefulness of block scrambler according to the present invention computing and all framework registers of counter and can be stored into internal memory.What those skilled in the art will recognize is that the action that finish is understood in saving as before interrupt handling routine is transferred in control of framework register usually in present data computation device.Therefore the present invention utilizes this kind viewpoint of present data framework, and the execution that spreads all over interrupt event transparency is provided.After register stored, flow process can be proceeded square frame 1310 then.
At square frame 1310, program circuit can be transferred to interrupt handling routine.Then, flow process can be proceeded square frame 1312.
At square frame 1312, the method can be finished.What those skilled in the art will recognize is that after returning from interrupt handling routine, the method for Figure 13 can be once more from square frame 1302.
Please see Figure 14, when the flow chart that is provided illustrates the method according to this invention and one or more interrupt event occurs,, carry out the specific cryptosystem computing several input block pieces.
Flow process can be from square frame 1402, and wherein, XCRYPT instruction according to the present invention can begin to carry out.The execution meeting override of XCRYPT instruction is carried out, or because the execution of the interruption of interrupt event is next to override execution execution afterwards so it can be, so that after the executed interrupt handling routine, program control meeting rotates back into the XCRYPT instruction.Flow process can be proceeded square frame 1404 then.
At square frame 1404, can from internal memory, load by the block data in the indicated internal memory of the content of input pointer register according to the present invention, and prescribed password computing meeting begins.Employed specific input pointer register is by the specific cryptosystem computing of appointment (for example, encrypting or deciphering), and decided by the block scrambler pattern (for example, ECB, CBC, CFB or OFB) of appointment.For example, if the cryptographic calculation of appointment uses the OFB pattern, then be used for the input pointer register of loading data and be the register of the initialization vector in the indication internal memory.If the decrypt operation of appointment uses ecb mode, then be used for the input pointer register of loading data and be the register of the ciphertext of the next block in the indication internal memory.Then, flow process can be proceeded decisional block 1406.
In decisional block 1406, can estimate whether set with the X position in the judge mark register.If the X position sets, then its expression loads on according to the control word group in the password unit of the present invention unit and key inventory at present to effectively.If remove the X position, then it represents that the control word group and the key inventory that load at present in the password unit are invalid.Mentioned as above cooperation Figure 13, when the interruption incident takes place, can remove the X position.In addition, as mentioned, when need load new control word group or key inventory, or the two the time, before sending the XCRYPT instruction, need to carry out the instruction of removing the X position.In the compatible embodiment of the x-86 of the position 30 of using the x86EFLAGS register, the X position can be instructed by the PUSHFD that is next to the POPFD instruction and be carried out removing.Yet those skilled in the art will be appreciated that, in other embodiment, must use other to instruct and remove the X position.If the X position is set, then flow process can be proceeded square frame 1412.If remove the X position, then flow process can be proceeded square frame 1408.
At square frame 1408, because the X position of removing represented interrupt event has taken place, or new control word group and/or key data have been loaded, from internal memory so the control speech can load.In one embodiment, Loading Control word group can stop password unit to carry out the above mentioned prescribed password computing of square frame 1404 that cooperates.In the embodiment of this example, the beginning crypto-operation in the square frame 1404 can make by hypothesis and use the control word group of loading at present and a plurality of block scrambler computing optimizations of key data.Therefore, before the state of the inspection X position in decisional block 1406, can load the input data of present block, and can begin crypto-operation.Then, flow process can be proceeded square frame 1410.
At square frame 1410, key data (that is, cryptographic key or complete cipher key procedures table) can from internal memory, load.In addition, input block mentioned in the square frame 1404 can load once more, and can be according to the control word group and the cipher key procedures table of up-to-date loading, and crypto-operation is begun.Then, flow process can be proceeded square frame 1412.
At square frame 1412, can produce output block corresponding to the input block that loads.Then, flow process can be proceeded square frame 1414.
At square frame 1414,, then can produce the input data of next block as if required by block scrambler pattern and prescribed password computing.For example, be used for the embodiment that OFB encrypts in configuration, in order to produce the input data of next block, need the ciphertext block that will produce at present and the plaintext of block at present carry out mutual exclusion or.Carry out this computing meeting and produce the input data that are used for next block computing (that is, be used for " the equivalent initialization vector " of all blocks after the first input block).Described step need be sure of the state of the execution of XCRYPT instruction that will allow can interrupt at any time in this square frame.For example, in one embodiment, term of execution XCRYPT instructs, divide page fault can take place at any time.Therefore, when the prescribed password computing finished present input block piece, need to set equivalent initialization vector (if required) by block scrambler pattern in order to handle next input block piece.When by the particular block scrambler pattern of using when required, equivalent initialization vector can be stored into the internal memory by the indicated position of the content of initialization vector pointer register.Then, flow process can be proceeded square frame 1418.
At square frame 1416, the output block of generation can deposit internal memory in.Then, flow process can be proceeded square frame 1418.
At square frame 1418, the content of input and output area block pointer register can change into points to next input and dateout block.In addition, the content of block count register can change into and show the crypto-operation of finishing present input block piece.In cooperating the embodiment that Figure 14 discussed, the block count register can reduce.Yet those skilled in the art will be appreciated that embodiment will consider controlling and testing of block count register in addition, and also can make the execution pipelineization of input characters block.Then, flow process can be proceeded decisional block 1420.
In decisional block 1420, can estimate whether still carry out computing to judge the input block piece.In the characteristic that this had, for illustrative purposes, can estimate the block count device at this embodiment, whether equal 0 to judge it.If there is not block still to carry out computing, then flow process can be proceeded square frame 1424.If there is block still to carry out computing, then flow process can be proceeded square frame 1422.
At square frame 1422, can load the input data of next block, as indicated by the content of input pointer register.Then, flow process can be proceeded square frame 1412.
At square frame 1424, the method can be finished.
Those skilled in the art will be appreciated that, cooperate square frame 1412,1414,1416 and 1418 steps of being discussed to produce in regular turn, and can produce out of order or concurrently.
Though the present invention discloses as above with preferred embodiment.For example the present embodiment of the present invention all with the x86 framework as benchmark therefore because the x86 framework is a framework that more people is familiar with, tell about more convenient with the x86 framework.The present invention also can be used on other framework equally, as PowerPC, and MIPS, or in the diverse system of other instruction set architecture.
The present invention can be applied in the microprocessor computer system Cryptographic computing in addition.Instruction mode used in the present invention can be converted easily and be used on other kind of the microprocessor computer processing system in addition.The present invention can be contained in the peripheral chipset of microprocessor, as north bridge, and south bridge, or being made into one links to each other with microprocessor, is responsible for the Cryptographic microprocessor of handling Cryptographic specially.When seeing the relevant action of Cryptographic, microprocessor just gives this Cryptographic microprocessor work.The present invention can be applicable to embedded controller, industrial controller, and signal processor, array processor, and in the processor used of other deal with data.The present invention can be realized as one and only comprise the required necessary original paper of enforcement Cryptographic computing, and becomes the Cryptographic computing actuator of a low cost and low power consumption.For example handle the processor of encrypt/decrypt in the communication system.Without exception claim microprocessor more than other the processing components for asking for the purpose of clear and definite.
In addition, though the present invention all consider so far with the block of 128-position size, but blocks of other different sizes also can be used.As long as will import data, dateout, the size of key and control character register adjusts and gets final product.
Though the present range of application of the present invention all belongs to the DES than extensive use, Triple-DES and aes algorithm, but block cipher mode more rarely known by the people, as MARS Cipher, Rijndeal cipher, Twofish cipher, Blowfish Cipher, Serpant Cipher and RC6 cipher also are the possible ranges of application of the present invention.
Though the scope of discussing at present all shows Cryptographic function of the present invention with the relevant skill with its algorithm of block Cryptographic algorithm, need state that at this present invention can be applied on other Cryptographic algorithm completely.So long as can carry out a Cryptographic computing, encrypt or deciphering, and comprise one in the microprocessor and after receiving the Cryptographic instruction, carry out the Cryptographic function specially and get final product.
In addition, at bout computing engines discussed above, but in this bout computing engines the stage of pipeline processing input fragment be not limited to above-described two stages.The pipeline stage of this bout computing engines can be two or more.
At last,, need state that at this present invention can comprise a plurality of parallel Cryptographics unit, with other performance element coupling knot in the microprocessor though be limited to several block Cryptographic algorithms of single Cryptographic cell processing at present at discussion of the present invention at present.Wherein several Cryptographic unit can be to handle the different blocks algorithm respectively.For example high-order Encryption Standard AES algorithm is responsible for handling in first unit, and second cell processing DES Cipher algorithm or the like by that analogy.
The above only is preferred embodiment of the present invention, is not to be used for limiting scope of the invention process.Be all, be all claim of the present invention and contain according to equalization variation and modification that the present invention did.

Claims (30)

1. one kind in order to carry out the device of Cryptographic computing, comprising:
The actuating logic device is positioned at microprocessor, receives the instruction flow that this microprocessor is carried out, and this instruction flow comprises the Cryptographic instruction; This actuating logic device comprises:
Calculation element in order to receive this Cryptographic instruction, is carried out the indicated Cryptographic computing of this Cryptographic instruction, and wherein this Cryptographic computing comprises and shows whether this Cryptographic computing is interrupted by an interrupt event; And
One block pointer device logic device is coupled to this actuating logic device, carries out one of following action in order to indicate this calculation element:
Revise the content of a block count register that is connected with described block pointer device logic device consecutive, this Cryptographic computing of this present input block piece is finished with expression; And
The data that will come from this present block are carried out data after this Cryptographic computing and are kept or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of a block data that is right after being carried out this Cryptographic computing be continued.
2. device according to claim 1, wherein, this Cryptographic computing comprises one of following or its combination at least:
One cryptographic calculation changes into several corresponding ciphertext fragments with several plaintext fragments;
One decrypt operation changes into several corresponding plaintext fragments with several ciphertext fragments.
3. device according to claim 1, wherein, this Cryptographic instruction can be specified a block scrambler pattern, and this block scrambler pattern is used to finish this Cryptographic computing.
4. device according to claim 3, wherein, this block scrambler pattern is selected from one of following or its combination: electronic codebook mode pattern, cryptographic block chain pattern, encrypt feedback model, output feedback mode.
5. device according to claim 1, wherein, Cryptographic instruction indication is carried out this Cryptographic computing to several letter plate sections.
6. device according to claim 5 wherein, comprises that also one is connected to the flag register of this actuating logic device, and this flag register comprises an information bit, and this position is in order to show whether this Cryptographic computing is interrupted by an interrupt event.
7. device according to claim 6, wherein, this flag register comprises the EFLAGS register in the x86-compatible microprocessors, and wherein this comprises in this EFLAGS register the 30th.
8. device according to claim 1, wherein, this interrupt event comprises a program control transfer process, so that program control transferring in order to handling a program circuit of this interrupt event, and wherein this performed Cryptographic computing meeting is interrupted to a present input block piece.
9. device according to claim 8, wherein, program control return the instruction of this Cryptographic after, to this present input block piece, can carry out this Cryptographic computing immediately.
10. device according to claim 1, wherein this block pointer device logic device is more in order to indicating this calculation element when a present input block piece is finished this Cryptographic computing, the pointer device of input in the internal memory and dateout block is revised as points to next input and dateout block.
11. device according to claim 1, wherein, this interrupt event comprises that an interruption, makes an exception, page fault, the work that reaches in one minute are switched.
12. device according to claim 1, wherein, several registers in the microprocessor are pointed in this Cryptographic instruction indirectly.
13. device according to claim 12, wherein, these registers comprise one of following or its combination at least:
One first register wherein contains first core position of first pointed, and this first core position is the position of first literal fragment in several input characters fragments;
One second register wherein contains second core position of second pointed, and this second core position is the position that stores several output character fragments in the internal memory, and these output character fragments are results that the input characters fragment lives through the Cryptographic computing;
One the 3rd register wherein is the sum of indication input characters fragment;
One the 4th register, wherein the content of the 4th register has comprised the 3rd pointer, points to the 3rd core position, and this core position is the position of Cryptographic key in internal memory;
One the 5th register has comprised the 4th pointer in wherein in the 5th register, points to the 4th core position, and this core position is the position of initialization vector in internal memory; And
One the 6th register has comprised the five fingers pin in wherein in the 6th register, points to the 5th core position, and this core position is the position of control character, and this control character is one of Cryptographic parameter.
14. device according to claim 13, wherein, this Cryptographic key comprises one of following or its combination: a cryptographic key and a cryptographic key program table.
15. device according to claim 1, wherein, this actuating logic device also comprises:
One Cryptographic unit, be used to receive first group of several microcommand, to this Cryptographic instruction of actual figure bout respectively of several input characters fragments, produce several output character fragments, wherein several Cryptographic bouts are controlled by control character in this Cryptographic unit.
16. the device in order to the execution crypto-operation comprises:
One Cryptographic unit is positioned at this microprocessor, is used to receive the Cryptographic instruction that belongs in the instruction flow, responds this this microprocessor of Cryptographic instruction indication and carries out a specific Cryptographic computing;
One is coupled to the flag register of this Cryptographic unit, and it comprises an information bit, and this position is in order to show whether this Cryptographic computing is interrupted by an interrupt event; And
One block pointer device logic device, carry out one of following action in order to indicate a calculation element:
When a present input block piece is finished this Cryptographic computing, the pointer device of input in the internal memory and dateout block is revised as points to next input and dateout block;
Revise the content of a block count register that is connected with described block pointer device logic device consecutive, this Cryptographic computing of this present input block piece is finished with expression; And
The data that will come from this present block are carried out data after this Cryptographic computing and are kept or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of a block data that is right after being carried out this Cryptographic computing be continued.
17. device according to claim 16, wherein, this interrupt event comprise one interrupt, an exception, one fen page fault and a job switches.
18. device according to claim 16, wherein, this interrupt event comprises a program control transfer process, so that program control transferring in order to handling a program circuit of this interrupt event, and wherein this performed Cryptographic computing meeting is interrupted to a present input block piece.
19. device according to claim 18, wherein, program control return the instruction of this Cryptographic after, can carry out this Cryptographic computing immediately to this present input block piece.
20. a method that is used for the crypto-operation in the final controlling element, this final controlling element comprise actuating logic device and block pointer device logic device and the Cryptographic unit that is positioned at this actuating logic device, this method includes:
Carry out a Cryptographic computing of this Cryptographic instruction appointment in the Cryptographic instruction that is received by the Cryptographic cell response;
By execution other the sub-computings except that the Cryptographic computing of other performance elements except the Cryptographic unit in the actuating logic device in response to the Cryptographic instruction that is received;
Show by this actuating logic device whether this Cryptographic computing is interrupted by an interrupt event; And
The data of indicating this final controlling element will come from a present block by this block pointer device logic device are carried out data after this Cryptographic computing and are kept or produce and remain in the specified region of memory of initialization vector, with can be after this interrupt event returns, the work of ensuing data being carried out this Cryptographic computing be continued.
21. whether method according to claim 20 wherein, the term of execution that this display action being included in this, is pointed out to take place one to interrupt, one of an exception, one fen page fault or a work change action.
22. method according to claim 21, wherein, this display action comprises one state in the register of revising in this device.
23. method according to claim 21 wherein, also comprises:
Transfer in order to handling a program circuit of this interrupt event from program control, and make this execution action of this Cryptographic computing of a present input block piece is interrupted.
24. method according to claim 23 wherein, also comprises:
Program control return this Cryptographic instruction that is next to this transfer after, can carry out immediately this executions of this present input block piece is moved.
25. method according to claim 20 wherein, also comprises:
Indicate this device when a present input block piece is finished this Cryptographic computing by this block pointer device logic device, the pointer device of input in the internal memory and dateout block is revised as points to next input and dateout block.
26. method according to claim 20 wherein, also comprises:
Indicate this device to revise the content of a block count register by this block pointer device logic device, a present input block piece is finished this Cryptographic computing with expression.
27. method according to claim 20, wherein, this reception comprises:
Specify a cryptographic calculation to be used as this Cryptographic computing, wherein this cryptographic calculation comprises the plain text encryption with the logarithm fragment, becomes a plurality of ciphertext fragments.
28. method according to claim 20, wherein, this reception comprises:
Specify a decrypt operation to be used as this Cryptographic computing, wherein this decrypt operation comprises the decrypt ciphertext to several pieces, becomes several pieces plaintext.
29. method according to claim 20, wherein this reception comprises:
In this Cryptographic instruction, specify a block scrambler pattern that is used to finish this Cryptographic computing.
30. method according to claim 29, wherein this block scrambler pattern is selected from one of following or its combination: electronic codebook mode pattern, cryptographic block chain pattern, encrypt feedback model, output feedback mode.
CNB2004100590645A 2003-12-04 2004-07-29 Apparatus and method for performing transparent block cipher cryptographic functions Active CN100391145C (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/727,973 2003-12-04
US10/727,973 US7532722B2 (en) 2003-04-18 2003-12-04 Apparatus and method for performing transparent block cipher cryptographic functions

Publications (2)

Publication Number Publication Date
CN1558591A CN1558591A (en) 2004-12-29
CN100391145C true CN100391145C (en) 2008-05-28

Family

ID=34377722

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100590645A Active CN100391145C (en) 2003-12-04 2004-07-29 Apparatus and method for performing transparent block cipher cryptographic functions

Country Status (2)

Country Link
CN (1) CN100391145C (en)
TW (1) TWI274281B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7539876B2 (en) * 2003-04-18 2009-05-26 Via Technologies, Inc. Apparatus and method for generating a cryptographic key schedule in a microprocessor
TWI272815B (en) * 2004-04-16 2007-02-01 Via Tech Inc Apparatus and method for performing transparent output feedback mode cryptographic functions
JP5404030B2 (en) * 2008-12-26 2014-01-29 デジタルア−ツ株式会社 Electronic file transmission method
CN101583122A (en) * 2009-03-26 2009-11-18 郭长来 Method for avoiding wireless dialing-up internet roaming in other places
CN106888082B (en) * 2015-12-16 2019-09-10 北京京航计算通讯研究所 A kind of method and processor for encrypting and decrypting
US11463236B2 (en) * 2016-12-09 2022-10-04 Cryptography Research, Inc. Programmable block cipher with masked inputs
CN109949463B (en) * 2019-03-29 2021-08-24 天津经纬恒润科技有限公司 Decryption method and device
US11264063B2 (en) * 2019-08-21 2022-03-01 Macronix International Co., Ltd. Memory device having security command decoder and security logic circuitry performing encryption/decryption commands from a requesting host
US11960769B2 (en) 2022-02-14 2024-04-16 Macronix International Co., Ltd. High performance secure read in secure memory providing a continuous output of encrypted information and specific context
CN117668326B (en) * 2024-01-30 2024-04-30 深圳柯赛标识智能科技有限公司 Intelligent identification data processing method, system and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4250546A (en) * 1978-07-31 1981-02-10 Motorola, Inc. Fast interrupt method
WO2000076119A1 (en) * 1999-06-08 2000-12-14 General Instrument Corporation Cryptographic processing system
CN1309351A (en) * 2000-02-14 2001-08-22 株式会社东芝 Interference-free microprocessor

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4250546A (en) * 1978-07-31 1981-02-10 Motorola, Inc. Fast interrupt method
WO2000076119A1 (en) * 1999-06-08 2000-12-14 General Instrument Corporation Cryptographic processing system
CN1309351A (en) * 2000-02-14 2001-08-22 株式会社东芝 Interference-free microprocessor

Also Published As

Publication number Publication date
CN1558591A (en) 2004-12-29
TWI274281B (en) 2007-02-21
TW200519738A (en) 2005-06-16

Similar Documents

Publication Publication Date Title
CN1655496B (en) Apparatus and method for providing configurable cryptographic key size
EP1596530B1 (en) Apparatus and method for employing cryptographic functions to generate a message digest
US7321910B2 (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
EP1538510B1 (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
EP1496421B1 (en) Apparatus and method for performing transparent block cipher cryptographic functions
EP1519509B1 (en) Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7502943B2 (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
CN100391145C (en) Apparatus and method for performing transparent block cipher cryptographic functions
US7529368B2 (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
US7536560B2 (en) Microprocessor apparatus and method for providing configurable cryptographic key size
US7900055B2 (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US7542566B2 (en) Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
CN1332526C (en) Method and apparatus for performing microprocessor block cipher coding decoding
US7519833B2 (en) Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
TW200531494A (en) Microprocessor apparatus and method for optimizing block cipher cryptographic functions
CN1658548B (en) Microprocessor apparatus and method for configuring cryptographic engine data block
US7529367B2 (en) Apparatus and method for performing transparent cipher feedback mode cryptographic functions
CN1652163B (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
CN100539495C (en) The micro processor, apparatus of providing configurable cryptographic key size and method
CN100527664C (en) Microprocessor apparatus and method for optimizing block cipher cryptographic functions
CN1684408B (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant