CN105373738A - Data encryption/decryption processing method and data encryption/decryption processing apparatus - Google Patents
Data encryption/decryption processing method and data encryption/decryption processing apparatus Download PDFInfo
- Publication number
- CN105373738A CN105373738A CN201510667588.0A CN201510667588A CN105373738A CN 105373738 A CN105373738 A CN 105373738A CN 201510667588 A CN201510667588 A CN 201510667588A CN 105373738 A CN105373738 A CN 105373738A
- Authority
- CN
- China
- Prior art keywords
- data
- level
- enciphering
- dma
- deciphering
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/20—Handling requests for interconnection or transfer for access to input/output bus
- G06F13/28—Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access DMA, cycle steal
Abstract
The invention provides a data encryption/decryption processing method and a data encryption/decryption processing apparatus. The processing method comprises the steps that a processor obtains a storage address of secrete key data and input data storage addresses of n layers, and the processor generates DMA link tables of the n layers according to the storage address of secrete key data and the input data storage addresses of the n layers; a direct memory access device obtains secret key data of a current layer, input data of the current layer and control data according to the DMA link table of a current layer, and performs output; and an encryption/decryption module performs encryption/decryption processing on the input data of the current layer according to the secret data of the current layer, and when the control data is a starting signal, output data of the current layer is obtained. According to the data encryption/decryption processing method, data subjected to encryption processing of specified layers has higher security level in comparison with a result of one-time encryption operation, and the security demand of a specific application scene can be met.
Description
Technical field
The present invention relates to information safety system field, particularly relate to a kind of disposal route of data enciphering/deciphering and the treating apparatus of data enciphering/deciphering.
Background technology
Along with the high speed development of infotech, information security issue grows in intensity, and no matter is internet electronic business, bank finance business, or personal consumption electronic equipment, all relates to information security issue.How to solve important private data in internet, equipment and equipment, SOC and peripheral components, SOC internal module and intermodule safe transmission, storage and verifying identify, not being tampered, illegally stealing, is the severe problem of society one of facing.At the application scenarios of some information security sensitivities, the transmission process of security information must possess reliable security feature, and to guarantee that private data is not attacked and reveals, otherwise whole system can exist potential safety hazard.
For strengthening the security of private data, common way be private data is encrypted after, carry out again transmitting, the operation such as storage, it is decrypted reduction, to resist various assault behavior needing to use the occasion of private data to re-use and specify double secret key.But along with improving constantly of breaking techniques, simple single encryption technology can not meet the demand for security of specific occasion, needs the efficient protection mechanisms that a kind of level of security is higher.
Summary of the invention
Object of the present invention is intended at least solve one of above-mentioned technological deficiency, provides a kind of disposal route of data enciphering/deciphering and the treating apparatus of data enciphering/deciphering.
The invention provides a kind of disposal route of data enciphering/deciphering, the treating method comprises following steps:
Processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Direct memory access device is according to the DMA chained list of current level, and the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module uses the key data of described current level to carry out enciphering/deciphering process when described control data is for enabling signal to described input data, obtains the output data of level up till now;
Processor judges whether the progression of current level is less than n, if so, exports first and judges signal, if not, export secondary signal;
Direct memory access device obtains the DMA chained list of next level, and according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
The output data of current level are saved in safe storage as final key by direct memory access device.
As can be seen from the scheme of said method, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the input data of described current level to described key data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out.In described disposal route, the key data of the 1st level is described initial key, and when n is greater than 1, the 2nd level to the key data of n-th layer level is the output data of last layer level.That is, the application, by carrying out progressive encryption to original private data, introduces new key data in every one-level encryption process, and ensures that the encrypted result of every one-level not can read, and only exports final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
The present invention also provides a kind of disposal route of data enciphering/deciphering, the treating method comprises following steps:
Processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Direct memory access device is according to the DMA chained list of current level, and the key data and the current level that transport current level input data to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module uses the input data of key data to described current level of described current level to carry out enciphering/deciphering process when described control data is for enabling signal, obtains the output data of level up till now;
Processor judges whether the DMA chained list getting next level, if so, exports first and judges signal, if not, export secondary signal;
Direct memory access device according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
The output data of current level are saved in safe storage as final key by direct memory access device.
As can be seen from the scheme of said method, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the key data of described current level to described input data, obtain level up till now and export data, the enciphering/deciphering process of at least one level can be carried out, in described disposal route, the key data of the 1st level is initial key, when n is greater than 1, the 2nd level to the key data of n-th layer level is the output data of last layer level.That is, the application, by carrying out progressive encryption to original private data, introduces new key data in every one-level encryption process, and ensures that the encrypted result of every one-level not can read, and only exports final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
The present invention also provides a kind for the treatment of apparatus of data enciphering/deciphering, described treating apparatus comprises: described treating apparatus comprises: processor, direct memory access device, enciphering/deciphering module and safe storage, wherein said direct memory access device is electrically connected with described processor and enciphering/deciphering module respectively by bus, described direct memory access device and safe storage electrical connection;
Described processor, for the input address data memory of the memory address and n level that obtain key data, wherein n be more than or equal to 1 positive integer, and according to the memory address of described key data and the input address data memory of n level, generate the DMA chained list of n level, and by the DMA linked list data of current level write direct memory access device, and start the work of direct memory access device;
Described direct memory access device, for the DMA chained list according to current level, the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module, when described control data is enabling signal, uses the key data of described current level to carry out enciphering/deciphering process to described input data, obtains the output data of level up till now;
Described processor, for judging whether the DMA chained list getting next level, if so, exporting first and judging signal, if not, exports second and judges signal;
Described direct memory access device, for receive described first judge signal time, according to the DMA chained list of next level, the output data of current level are exported to described enciphering/deciphering module to carry out enciphering/deciphering process as the key data of next level, and receive described second when judging signal, the output data of current level are saved in described safe storage as final key.
As can be seen from the scheme of said apparatus, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the key data of described current level to described input data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out, in addition, the key data of the 1st level is initial key, when n is greater than 1, the 2nd level to the key data of n-th layer level is the output data of last layer level, that is, the application is by carrying out progressive encryption to original private data, new key data is introduced in every one-level encryption process, and ensure that the encrypted result of every one-level not can read, only export final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
The present invention also provides a kind for the treatment of apparatus of data enciphering/deciphering, described treating apparatus comprises: processor, direct memory access device, enciphering/deciphering module and safe storage, wherein said direct memory access device is electrically connected with described processor and enciphering/deciphering module respectively by bus, described direct memory access device and safe storage electrical connection;
Described processor, for the input address data memory of the memory address and n level that obtain key data, wherein n be more than or equal to 1 positive integer, and for according to the memory address of described key data and the input address data memory of n level, generate the DMA chained list of n level;
Described direct memory access device, for the DMA chained list according to current level, obtains input data and the control data of key data, at present level;
Enciphering/deciphering module, when described control data is enabling signal, the input data according to described current level carry out enciphering/deciphering process to described key data, obtain the output data of level up till now;
Described processor, for judging whether the progression of current level is less than n, if so, exporting first and judging signal, if not, exports second and judges signal;
Described direct memory access device, for receive described first judge signal time, according to the DMA chained list of next level, the output data of current level are exported to described enciphering/deciphering module to carry out enciphering/deciphering process as the key data of next level, and receive described second when judging signal, the output data of current level are saved in described safe storage as final key.
As can be seen from the scheme of said apparatus, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the key data of described current level to described input data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out, in addition, the key data of the 1st level is initial key, when n is greater than 1, the 2nd level to the key data of n-th layer level is the output data of last layer level, that is, the application is by carrying out progressive encryption to original private data, new key data is introduced in every one-level encryption process, and ensure that the encrypted result of every one-level not can read, only export final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of disposal route first embodiment of data enciphering/deciphering of the present invention;
Fig. 2 is the process flow diagram of disposal route second embodiment of data enciphering/deciphering of the present invention;
Fig. 3 is the process flow diagram of disposal route the 3rd embodiment of data enciphering/deciphering of the present invention;
Fig. 4 is the process flow diagram of disposal route the 4th embodiment of data enciphering/deciphering of the present invention;
Fig. 5 is the process flow diagram of a kind of embodiment for the treatment of apparatus of data enciphering/deciphering of the present invention;
Fig. 6 is the structured flowchart of a kind of embodiment for the treatment of apparatus of data enciphering/deciphering of the present invention;
Fig. 7 is the structured flowchart of a kind of embodiment of enciphering/deciphering module of the present invention.
Embodiment
In order to make technical matters solved by the invention, technical scheme and beneficial effect clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The invention provides a kind of disposal route of data enciphering/deciphering of embodiment, as shown in Figure 1, said method comprising the steps of:
Step S01, processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Step S02, processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Step S03, processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Step S04, direct memory access device is according to the DMA chained list of current level, and the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Step S05, enciphering/deciphering module uses the key data of described current level to carry out enciphering/deciphering process when described control data is for enabling signal to described input data, obtains the output data of level up till now;
Step S06, processor judges whether the progression of current level is less than n, if so, exports first and judges signal, enter step S07, if not, export secondary signal, enter step S08;
Step S07, direct memory access device obtains the DMA chained list of next level, and according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
Step S08, the output data of current level are saved in safe storage as final key by direct memory access device.
As can be seen from the scheme of said method, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the input data of described current level to described key data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out.In described disposal route, the key data of the 1st level is described initial key, and when n is greater than 1, the 2nd level to the key data of n-th layer level is the output data of last layer level.That is, the application, by carrying out progressive encryption to original private data, introduces new key data in every one-level encryption process, and ensures that the encrypted result of every one-level not can read, and only exports final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
In concrete enforcement, by Keyladder (being all called for short KL below) the enciphering/deciphering treatment mechanism of the computing number of plies can be increased and decreased arbitrarily with the enciphering/deciphering process to key data, the function wherein realizing KL is the input data to specifying, adopt multiple input key to carry out enciphering/deciphering operation, and export final close/a kind for the treatment of scheme of clear data; The composition of KL be combined by a kind of enciphering/deciphering module of enciphering/deciphering function of the AES/DES/TDES of realization algorithm (being called for short ADES module) and a kind of direct memory access device (being called for short DMA) that can be operated by the carrying of hardware requests triggering startup data.KL flow process both can be used as crypto engine and had been encrypted data, also can be used as decryption engine to decrypt data, and one deck KL flow process refers to the encryption or decryption oprerations of carrying out once complete a certain layer data in addition.
As shown in Figure 2, one has the KL flow process that N (N>=1) layer inputs data, and be realized by N continuous print ADES arithmetic operation, this N time continuous print ADES arithmetic operation is controlled by the DMA chained list pre-defined.DMA chained list defines the data carrying task required for every one deck KL computing and starts the configuration of ADES module and computing, and N layer KL flow process is then corresponding to be controlled by N group DMA chained list.In addition, direct memory access and DMA possess automatic loading linked list data and perform the function of data conveyance task.
In concrete enforcement, the KL number of plies is determined by the operation times of configuration enciphering/deciphering arithmetic element, can increase and decrease arbitrarily, therefore can realize the KL engine of any number of plies, and not by the restriction of hardware resource, have higher dirigibility.Secondly, the algorithm of ADES module can flexible configuration, can realize the KL engine that a kind of different levels adopt algorithms of different, improve data encryption complexity, thus improve the security of data.In addition, KL net result can transport secure address to specifying by DMA.Adopt chained list configuration DMA, the flexible use to KL result can be realized.
In concrete enforcement, before step S06, further comprising the steps of:
Step S050, whether processor judges to carry out enciphering/deciphering process to described key data accurate, when obtaining the output data of current level;
If so, processor performs step S06;
If not, processor performs step S051;
Step S051, the process of enciphering/deciphering terminates.
In concrete enforcement, one has in each layer ADES computing of N (N>=1) layer KL, is realized the carrying of every one deck ADES enciphering/deciphering result by DMA.Except last one deck KL flow process, after the ADES enciphering/deciphering process of every one deck completes, produce ADES computing and complete interruption, trigger ADES interrupt service routine.In this interrupt service routine, the status register of processor inquiry ADES module, if error-free information, then configures DMA and is loaded into the DMA chained list of lower one deck KL computing and starts DMA execution, start lower one deck KL flow process; If inquire ADES computing to make mistakes, then terminate this KL flow process and corresponding software error state is set.During the KL flow performing of last one deck, the DMA chained list of its correspondence, except performing above-mentioned flow process, when KL computing completes and be errorless, performs an extra chained list by the conveyance of KL net result to the secure address of specifying, so far, whole KL flow performing is complete.
In concrete enforcement, step S05 is specially: described enciphering/deciphering module key data according to the input data of described current level carries out the enciphering/deciphering process of aes algorithm, DES algorithm or TDES algorithm, obtains the output data of level up till now.
In concrete enforcement, the DMA chained list of described each level comprises conveyance data length, data source address, data destination address and next chain table address;
The DMA chained list of last level comprises conveyance data length, data source address and data destination address.
In concrete enforcement, as shown in Figure 3, the DMA chained list of described first level comprises a DMA child list for obtaining described key data from the memory address of key data, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of each level of described intermediate level comprises a DMA child list for obtaining the key data of output data as current level of described last layer level from the output data register of enciphering/deciphering module, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of last level described comprises a DMA child list for obtaining the key data of output data as last level of described last layer level from the output data register of enciphering/deciphering module, 2nd DMA child list is used for obtaining the input data of described last level from the input address data memory of n level, and the 3rd DMA child list is for obtaining control data and the 4th DMA child list for the output data of last level being saved in safe storage as final key.
The invention provides the disposal route of the data enciphering/deciphering of another kind of embodiment, as shown in Figure 4, said method comprising the steps of:
Step S11, processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Step S12, processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Step S13, processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Step S14, direct memory access device, according to the DMA chained list of current level, obtains the input data of key data, at present level and control data and exports;
Step S15, enciphering/deciphering module carries out enciphering/deciphering process when described control data is enabling signal according to the input data of described current level to described key data, obtains the output data of level up till now;
Step S16, processor judges whether the DMA chained list getting next level, if so, exports first and judges signal, enter step S17, if not, export secondary signal, enter step S18;
Step S17, direct memory access device according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
Step S18, receive described second when judging signal, the output data of current level are saved in safe storage as final key by direct memory access device.
As can be seen from the scheme of said method, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the input data of described current level to described key data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out, that is, the application is by carrying out progressive encryption to original private data, new key data is introduced in every one-level encryption process, and ensure that the encrypted result of every one-level not can read, only export final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
In concrete enforcement, before step S16, further comprising the steps of:
Step S150, whether processor judges to carry out enciphering/deciphering process to described key data accurate, when obtaining the key of current level;
If so, processor performs step S16;
If not, processor performs step S151;
Step S151, the process of enciphering/deciphering terminates.
In concrete enforcement, step S14 is specially: described enciphering/deciphering module key data according to the input data of described current level carries out the enciphering/deciphering process of aes algorithm, DES algorithm or TDES algorithm, obtains the output data of level up till now.
In concrete enforcement, the DMA chained list of described each level comprises conveyance data length, data source address, data destination address and next chain table address;
The DMA chained list of last level comprises conveyance data length, data source address and data destination address.
In concrete enforcement, the DMA chained list of described first level comprises a DMA child list for obtaining described key data from the memory address of key data, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of each level of described intermediate level comprises a DMA child list for obtaining the key data of output data as current level of described last layer level from the output data register of enciphering/deciphering module, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of last level described comprises a DMA child list for obtaining the key data of output data as last level of described last layer level from the output data register of enciphering/deciphering module, 2nd DMA child list is used for obtaining the input data of described last level from the input address data memory of n level, and the 3rd DMA child list is for obtaining control data and the 4th DMA child list for the output data of last level being saved in safe storage as final key.
In concrete enforcement, the data that needs obtain are: the key data of KL, the input data (ciphertext) needed for three layers of KL computing, and wherein: key data is stored in safe storage, three layers of input encrypt data are stored in static memory.Suppose, the address of key data in safe storage is the address of the final decrypted result of A0, KL in safe storage is B1, and it is A1, A2, A3 respectively that three layers of KL input the address of ciphertext in static memory.So, as shown in Figure 5, the process of three layers of KL deciphering of realization is as follows:
Step 501: key data H is stored in the address A0 determined in safe storage, 3 layers of input ciphertext are stored in the address A1 determined in static memory, A2, A3, the control register of configuration ADES module the Configuration Values starting decryption oprerations stores the address B0 determined in 104, processor obtains the memory address of key data and the input address data memory of n level.
Step 502: generate the DMA chained list needed for 3 layers of KL computing according to the value of A0, A1, A2, A3, wherein: ground floor KL computing comprises 3 chained lists, wherein: Article 1 chained list source address is A0, destination address is 201; Article 2 chained list source address is A1, and destination address is 202; Article 3 chained list source address is B0, and destination address is 203.These three chained lists are in turn connected into a chained list, and this chained list realizes the operation of KL ground floor decrypt operation.Second layer KL computing comprises 3 chained lists, and wherein: Article 1 chained list source address is 205, destination address is 201; Article 2 chained list source address is A2, and destination address is 202; Article 3 chained list source address is B0, and destination address is 203.These three chained lists are in turn connected into a chained list, and this chained list realizes the operation of KL second layer decrypt operation.Third layer KL computing comprises 4 chained lists, and wherein: Article 1 chained list source address is 205, destination address is 201; Article 2 chained list source address is A3, and destination address is 202; Article 3 chained list source address is B0, and destination address is 203; Article 4 chained list source address is 205, and destination address is B1.These four chained lists are in turn connected into a chained list, and this chained list realizes the operation of KL third layer decrypt operation and transports final KL decrypted result to destination.
Step 503: configuration DMA is loaded into the first chained list of off-the-shelf ground floor KL computing DMA chained list.
Step 504: start DMA and perform the chained list task of defining, enciphering/deciphering module carries out after ground floor KL decrypt operation completes, triggering ADES process and completing interruption, enter step 5.
Step 505: the value checking the register of ADES module, if there is mistake, then enters step 507, otherwise, perform step 506.
Step 506: check that whether 3 layers of KL computing flow process are all complete, namely processor judges whether the progression of current level is less than n, or processor judges whether the DMA chained list getting next level, if complete, then enters step 509; Otherwise enter step 508.
Step 507: the process of enciphering/deciphering terminates.
Step 508: according to the DMA chained list of next level, using the key data of the output data of current level as next level, after such as completing the first level, the output data H1 of level is kept at destination address is up till now in 201, then according to the DMA chained list of next level, the output data H1 of current level being preserved Article 2 chained list source address is using the key data as next level in A2.
Step 509:3 layer KL arithmetic operation completes, and the output data of current level are saved in safe storage as final key by direct memory access device, and namely KL result is in B1 address.
In concrete enforcement, the present invention also provides a kind for the treatment of apparatus of data enciphering/deciphering of embodiment, as shown in Figure 6, described treating apparatus comprises: processor 101, direct memory access device 103, enciphering/deciphering module 102 and safe storage 105, wherein said direct memory access device 102 is electrically connected with described processor 101 and enciphering/deciphering module 102 respectively by bus 106, and described direct memory access device 103 and safe storage 105 are electrically connected;
Described processor 101, for the input address data memory of the memory address and n level that obtain key data, wherein n be more than or equal to 1 positive integer, and according to the memory address of described key data and the input address data memory of n level, generate the DMA chained list of n level, and by the DMA linked list data of current level write direct memory access device, and start the work of direct memory access device;
Described direct memory access device 103, for the DMA chained list according to current level, the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module 102, when described control data is enabling signal, carries out enciphering/deciphering process according to the input data of described key data to described current level, obtains the output data of level up till now;
Described processor 101; for judging whether the DMA chained list getting next level; if so, export first and judge signal, if not; export second and judge whether signal or the progression for judging current level are less than n; if so, export first and judge signal, if not; export second and judge signal, whether all complete to check n layer KL computing flow process;
Described direct memory access device 103, for receive described first judge signal time, according to the DMA chained list of next level, the output data of current level are exported to described enciphering/deciphering module to carry out enciphering/deciphering process as the key data of next level, and receive described second when judging signal, the output data of current level are saved in described safe storage as final key.
Can be found out by the scheme of said apparatus, first processor is according to the input address data memory of the memory address of described key data and n level, generate the DMA chained list of n level, then direct memory access device is according to the DMA chained list of current level, obtain key data, the input data of current level and control data, then when described control data is enabling signal, enciphering/deciphering module carries out enciphering/deciphering process according to the input data of described current level to described key data, obtain the output data of level up till now, the enciphering/deciphering process of at least one level can be carried out, that is, the application is by carrying out progressive encryption to original private data, new key data is introduced in every one-level encryption process, and ensure that the encrypted result of every one-level not can read, only export final encrypted result.Data after specifying the encryption of the number of plies, compared with only carrying out the result of a cryptographic operation, have higher level of security, can meet the demand for security of application-specific scene.
In concrete enforcement, by Keyladder (being all called for short KL below) the enciphering/deciphering treatment mechanism of the computing number of plies can be increased and decreased arbitrarily with the enciphering/deciphering process to key data, the function wherein realizing KL is the input data to specifying, adopt multiple input key to carry out enciphering/deciphering operation, and export final close/a kind for the treatment of scheme of clear data; The composition of KL be combined by a kind of enciphering/deciphering module 102 (being called for short ADES module) of enciphering/deciphering function of the AES/DES/TDES of realization algorithm and a kind of direct memory access device 103 (being called for short DMA) that can be operated by the carrying of hardware requests triggering startup data.KL flow process both can be used as crypto engine and had been encrypted data, also can be used as decryption engine to decrypt data, and one deck KL flow process refers to the encryption or decryption oprerations of carrying out once complete a certain layer data in addition.
One has the KL flow process that N (N>=1) layer inputs data, is to be realized by N continuous print ADES arithmetic operation, and this N time continuous print ADES arithmetic operation is controlled by the DMA chained list pre-defined.DMA chained list defines the data carrying task required for every one deck KL computing and starts the configuration of ADES module 102 and computing, and N layer KL flow process is then corresponding to be controlled by N group DMA chained list.In addition, direct memory access device 103 i.e. DMA possesses automatic loading linked list data and performs the function of data conveyance task.
In concrete enforcement, the KL number of plies is determined by the operation times of configuration enciphering/deciphering arithmetic element, can increase and decrease arbitrarily, therefore can realize the KL engine of any number of plies, and not by the restriction of hardware resource, have higher dirigibility.Secondly, the algorithm of ADES module 102 can flexible configuration, can realize the KL engine that a kind of different levels adopt algorithms of different, improve data encryption complexity, thus improve the security of data.In addition, KL net result can transport secure address to specifying by DMA103.Adopt chained list configuration DMA, the flexible use to KL result can be realized.
In concrete enforcement, when obtaining the output data of current level, whether processor 101 is also accurate for judging to carry out enciphering/deciphering process to described key data, and if so, processor 101 term judges whether the step of the DMA chained list getting next level; If not, the process of enciphering/deciphering terminates.
In concrete enforcement, described enciphering/deciphering module 102 also carries out the enciphering/deciphering process of aes algorithm, DES algorithm or TDES algorithm for key data according to the input data of described current level.
In concrete enforcement, described treating apparatus also comprises: static memory 104, for storing the input data of n level.The data that needs obtain are: the key data of KL, the input data (ciphertext) needed for three layers of KL computing, and wherein: key data is stored in safe storage, three layers of input encrypt data are stored in static memory.Suppose, the address of key data in safe storage is the address of the final decrypted result of A0, KL in safe storage is B1, and it is A1, A2, A3 respectively that three layers of KL input the address of ciphertext in static memory.Such as, when needing to carry out three layers of KL deciphering, the data that processor 101 needs obtain are: the key data of KL, the input data (ciphertext) needed for three layers of KL computing, wherein: key data is stored in safe storage 105, three layers of input encrypt data are stored in static memory 104.Can suppose that the address of key data in safe storage 105 be the address of the final decrypted result of A0, KL in safe storage 105 is B1 in addition, it is A1, A2, A3 respectively that three layers of KL input the addresses of ciphertext in static memory 104.Processor 101 generates the DMA chained list needed for 3 layers of KL computing according to the value of A0, A1, A2, A3.
In concrete enforcement, as shown in Figure 7, described enciphering/deciphering module 102 comprises the key register 201 be connected by bus 106 with DAM103, the data input register 202 be connected by bus 106 with static memory 104, control register 203, status register 204, data output register and enciphering/deciphering engine 206, described enciphering/deciphering engine 206 respectively with key register 201, data input register 202, control register 203, status register 204 and the data output register 205 be connected by bus 106 with static memory 104, wherein key register 201 is for preserving the key data of each level, data input register 202 is for receiving the input encrypt data of each level transmitted from static memory 104, control register 203 is for preserving control data, status register 204 is for status data, data output register is for preserving the result data of enciphering/deciphering engine 206, enciphering/deciphering engine 206 is for carrying out aes algorithm, the enciphering/deciphering process of DES algorithm or TDES algorithm.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a disposal route for data enciphering/deciphering, is characterized in that: the treating method comprises following steps:
Processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Direct memory access device is according to the DMA chained list of current level, and the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module uses the key data of described current level to carry out enciphering/deciphering process when described control data is for enabling signal to described input data, obtains the output data of level up till now;
Processor judges whether the progression of current level is less than n, if so, exports first and judges signal, if not, export secondary signal;
Direct memory access device obtains the DMA chained list of next level, and according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
The output data of current level are saved in safe storage as final key by direct memory access device.
2. the disposal route of data enciphering/deciphering as claimed in claim 1, is characterized in that: before described processor judges whether to get the DMA chained list of next level, further comprising the steps of:
Whether processor judges to carry out enciphering/deciphering process to described key data accurate, when obtaining the output data of current level;
If so, the step of the DMA chained list getting next level is judged whether described in processor execution;
If not, the process of enciphering/deciphering terminates.
3. the disposal route of data enciphering/deciphering as claimed in claim 1, it is characterized in that: described enciphering/deciphering module carries out enciphering/deciphering process when described control data is enabling signal according to the key data of described current level to described input data, obtain the step of the output data of level up till now, be specially:
Described enciphering/deciphering module carries out the enciphering/deciphering process of aes algorithm, DES algorithm or TDES algorithm to described input data according to the key data of described current level, obtain the output data of level up till now.
4. the disposal route of data enciphering/deciphering as claimed in claim 1, is characterized in that: the DMA chained list of described each level comprises conveyance data length, data source address, data destination address and next chain table address;
The DMA chained list of last level comprises conveyance data length, data source address and data destination address.
5. the disposal route of data enciphering/deciphering as claimed in claim 1, it is characterized in that: the DMA chained list of described first level comprises a DMA child list for obtaining described key data from the memory address of key data, the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of each level of described intermediate level comprises a DMA child list for obtaining the key data of output data as current level of described last layer level from the output data register of enciphering/deciphering module, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of last level described comprises a DMA child list for obtaining the key data of output data as last level of described last layer level from the output data register of enciphering/deciphering module, 2nd DMA child list is used for obtaining the input data of described last level from the input address data memory of n level, and the 3rd DMA child list is for obtaining control data and the 4th DMA child list for the output data of last level being saved in safe storage as final key.
6. a disposal route for data enciphering/deciphering, is characterized in that: the treating method comprises following steps:
Processor obtains the memory address of key data and the input address data memory of n level, wherein n be more than or equal to 1 positive integer;
Processor, according to the input address data memory of the memory address of described key data and n level, generates the DMA chained list of n level;
Processor by the DMA linked list data of current level write direct memory access device, and starts the work of direct memory access device;
Direct memory access device is according to the DMA chained list of current level, and the key data and the current level that transport current level input data to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module uses the input data of key data to described current level of described current level to carry out enciphering/deciphering process when described control data is for enabling signal, obtains the output data of level up till now;
Processor judges whether the DMA chained list getting next level, if so, exports first and judges signal, if not, export secondary signal;
Direct memory access device according to the DMA chained list of next level, using the output data of current level as the key data of next level when receiving described first and judging signal, to carry out enciphering/deciphering process;
The output data of current level are saved in safe storage as final key by direct memory access device.
7. the disposal route of data enciphering/deciphering as claimed in claim 6, is characterized in that: before described processor judges whether the progression of current level is less than n, further comprising the steps of:
When obtaining the output data of current level, whether processor judges to carry out enciphering/deciphering process to the key data of described current level accurate;
If so, the step of the DMA chained list getting next level is judged whether described in processor execution;
If not, the process of enciphering/deciphering terminates.
8. the disposal route of data enciphering/deciphering as claimed in claim 6, it is characterized in that: the DMA chained list of described first level comprises a DMA child list for obtaining described key data from the memory address of key data, the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of each level of described intermediate level comprises a DMA child list for obtaining the key data of output data as current level of described last layer level from the output data register of enciphering/deciphering module, and the 2nd DMA child list is used for obtaining the input data of described current level and the 3rd DMA child list from the input address data memory of n level for obtaining control data;
The DMA chained list of last level described comprises a DMA child list for obtaining the key data of output data as last level of described last layer level from the output data register of enciphering/deciphering module, 2nd DMA child list is used for obtaining the input data of described last level from the input address data memory of n level, and the 3rd DMA child list is for obtaining control data and the 4th DMA child list for the output data of last level being saved in safe storage as final key.
9. the treating apparatus of a data enciphering/deciphering, it is characterized in that: described treating apparatus comprises: processor, direct memory access device, enciphering/deciphering module and safe storage, wherein said direct memory access device is electrically connected with described processor and enciphering/deciphering module respectively by bus, described direct memory access device and safe storage electrical connection;
Described processor, for the input address data memory of the memory address and n level that obtain key data, wherein n be more than or equal to 1 positive integer, and according to the memory address of described key data and the input address data memory of n level, generate the DMA chained list of n level, and by the DMA linked list data of current level write direct memory access device, and start the work of direct memory access device;
Described direct memory access device, for the DMA chained list according to current level, the input data of the key data and current level that transport current level to enciphering/deciphering module, and start enciphering/deciphering module work;
Enciphering/deciphering module, when described control data is enabling signal, uses the key data of described current level to carry out enciphering/deciphering process to described input data, obtains the output data of level up till now;
Described processor, for judging whether the DMA chained list getting next level, if so, exporting first and judging signal, if not, exports second and judges signal;
Described direct memory access device, for receive described first judge signal time, according to the DMA chained list of next level, the output data of current level are exported to described enciphering/deciphering module to carry out enciphering/deciphering process as the key data of next level, and receive described second when judging signal, the output data of current level are saved in described safe storage as final key.
10. the treating apparatus of a data enciphering/deciphering, it is characterized in that: described treating apparatus comprises: described treating apparatus comprises: processor, direct memory access device, enciphering/deciphering module and safe storage, wherein said direct memory access device is electrically connected with described processor and enciphering/deciphering module respectively by bus, described direct memory access device and safe storage electrical connection;
Described processor, for the input address data memory of the memory address and n level that obtain key data, wherein n be more than or equal to 1 positive integer, and for according to the memory address of described key data and the input address data memory of n level, generate the DMA chained list of n level;
Described direct memory access device, for the DMA chained list according to current level, obtains input data and the control data of key data, at present level;
Enciphering/deciphering module, when described control data is enabling signal, the input data according to described current level carry out enciphering/deciphering process to described key data, obtain the output data of level up till now;
Described processor, for judging whether the progression of current level is less than n, if so, exporting first and judging signal, if not, exports second and judges signal;
Described direct memory access device, for receive described first judge signal time, according to the DMA chained list of next level, the output data of current level are exported to described enciphering/deciphering module to carry out enciphering/deciphering process as the key data of next level, and receive described second when judging signal, the output data of current level are saved in described safe storage as final key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510667588.0A CN105373738B (en) | 2015-10-16 | 2015-10-16 | A kind of processing unit of the processing method and data enciphering/deciphering of data enciphering/deciphering |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510667588.0A CN105373738B (en) | 2015-10-16 | 2015-10-16 | A kind of processing unit of the processing method and data enciphering/deciphering of data enciphering/deciphering |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105373738A true CN105373738A (en) | 2016-03-02 |
| CN105373738B CN105373738B (en) | 2018-09-28 |
Family
ID=55375926
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510667588.0A Active CN105373738B (en) | 2015-10-16 | 2015-10-16 | A kind of processing unit of the processing method and data enciphering/deciphering of data enciphering/deciphering |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105373738B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483479A (en) * | 2017-09-11 | 2017-12-15 | 上海斐讯数据通信技术有限公司 | A kind of method and system for generating network communication equipment and logging in key |
| CN109791589A (en) * | 2017-08-31 | 2019-05-21 | 华为技术有限公司 | A kind of method and device of calculator memory data enciphering/deciphering |
| CN112329076A (en) * | 2020-12-01 | 2021-02-05 | 深圳安捷丽新技术有限公司 | Storage area protection method and device based on data temperature |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635623A (en) * | 2008-07-25 | 2010-01-27 | 财团法人工业技术研究院 | System and method thereof for encrypting and decrypting multi-level data |
| CN102594548A (en) * | 2012-03-22 | 2012-07-18 | 山东泰信电子有限公司 | Method capable of achieving data sectional encryption and decryption |
| US20130268776A1 (en) * | 2010-05-27 | 2013-10-10 | Kabushiki Kaisha Toshiba | Cryptographic processing apparatus and ic card |
-
2015
- 2015-10-16 CN CN201510667588.0A patent/CN105373738B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101635623A (en) * | 2008-07-25 | 2010-01-27 | 财团法人工业技术研究院 | System and method thereof for encrypting and decrypting multi-level data |
| US20130268776A1 (en) * | 2010-05-27 | 2013-10-10 | Kabushiki Kaisha Toshiba | Cryptographic processing apparatus and ic card |
| CN102594548A (en) * | 2012-03-22 | 2012-07-18 | 山东泰信电子有限公司 | Method capable of achieving data sectional encryption and decryption |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109791589A (en) * | 2017-08-31 | 2019-05-21 | 华为技术有限公司 | A kind of method and device of calculator memory data enciphering/deciphering |
| CN107483479A (en) * | 2017-09-11 | 2017-12-15 | 上海斐讯数据通信技术有限公司 | A kind of method and system for generating network communication equipment and logging in key |
| CN112329076A (en) * | 2020-12-01 | 2021-02-05 | 深圳安捷丽新技术有限公司 | Storage area protection method and device based on data temperature |
| CN112329076B (en) * | 2020-12-01 | 2023-07-14 | 深圳安捷丽新技术有限公司 | Storage area protection method and device based on data temperature |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105373738B (en) | 2018-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | Recent attacks and defenses on FPGA-based systems | |
| KR102430042B1 (en) | Memory Behavior Encryption | |
| US9515820B2 (en) | Protection against side channels | |
| CN110825672B (en) | High performance autonomous hardware engine for online encryption processing | |
| US10248579B2 (en) | Method, apparatus, and instructions for safely storing secrets in system memory | |
| WO2007071754A1 (en) | Secure system-on-chip | |
| US7970133B2 (en) | System and method for secure and flexible key schedule generation | |
| US8774407B2 (en) | System and method for executing encrypted binaries in a cryptographic processor | |
| US11436946B2 (en) | Encryption device, encryption method, decryption device, and decryption method | |
| US20170294148A1 (en) | Encryption device, encryption method, decryption device, and decryption method | |
| JP7256862B2 (en) | Secure communication method and system between protected containers | |
| US20120036371A1 (en) | Protection from cryptoanalytic side-channel attacks | |
| US9571273B2 (en) | Method and system for the accelerated decryption of cryptographically protected user data units | |
| CN112906070A (en) | Block cipher side channel attack mitigation for security devices | |
| CN105373738A (en) | Data encryption/decryption processing method and data encryption/decryption processing apparatus | |
| CN114221762A (en) | Private key storage method, private key reading method, private key management device, private key management equipment and private key storage medium | |
| CN116522358A (en) | Data encryption method, device, computing equipment and storage medium | |
| Schleiffer et al. | Secure key management-a key feature for modern vehicle electronics | |
| US11444760B2 (en) | System, method, and apparatus for obfuscating device operations | |
| CN106650329A (en) | Individual authorization method of data export equipment | |
| CN116070293A (en) | Processing method and device for firmware protection through chip encryption | |
| EP4099205A1 (en) | Systems and methods for logic circuit replacement with configurable circuits | |
| US11595201B2 (en) | System and method for generation of a disposable software module for cryptographic material protection | |
| US11533162B2 (en) | Method for verification of integrity and decryption of an encrypted message, associated cryptomodule and terminal | |
| CN113259718A (en) | Video stream encryption method and device, communication equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 22A, Guoshi building, 1801 Shahe West Road, high tech Zone, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province Patentee after: Guowei group (Shenzhen) Co., Ltd. Address before: 518000 Guangdong city of Shenzhen province Nanshan District high tech Industrial Park South high SSMEC building two floor Patentee before: Guowei Teih Co., Ltd., Shenzhen |
|
| CP03 | Change of name, title or address |