CN107632878B - A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource - Google Patents

A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource Download PDF

Info

Publication number
CN107632878B
CN107632878B CN201710891146.3A CN201710891146A CN107632878B CN 107632878 B CN107632878 B CN 107632878B CN 201710891146 A CN201710891146 A CN 201710891146A CN 107632878 B CN107632878 B CN 107632878B
Authority
CN
China
Prior art keywords
algorithm
current version
examples
virtual current
cipher card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710891146.3A
Other languages
Chinese (zh)
Other versions
CN107632878A (en
Inventor
王志华
宋志华
徐波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuweng Information Technology Co.,Ltd.
Original Assignee
SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd filed Critical SHANDONG YUWENG INFORMATION TECHNOLOGY Co Ltd
Priority to CN201710891146.3A priority Critical patent/CN107632878B/en
Publication of CN107632878A publication Critical patent/CN107632878A/en
Application granted granted Critical
Publication of CN107632878B publication Critical patent/CN107632878B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

This application discloses a kind of distribution methods of cipher card algorithm resource, are applied under SR IOV environment, including:The algorithm for including by cipher card carries out type division, obtains current version algorithm and non-current version algorithm;The algorithm routine of current version algorithm is replicated to obtain M virtual current version algorithm examples, and by default naming rule allocation algorithm ID, obtains M different algorithm ID;When receiving the call instruction of current version algorithm, idle polling operation is executed, until the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;Corresponding virtual current version algorithm examples are called to execute algorithm arithmetic operation by algorithm ID, until M virtual current version algorithm examples are in seizure condition.The distribution method logical calculated resource allocation is more scientific and reasonable, utilization rate higher.The application further simultaneously discloses a kind of distribution system, cipher card and the computer readable storage medium of cipher card algorithm resource, has above-mentioned advantageous effect.

Description

A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource
Technical field
This application involves computer information safe field of communication technology, more particularly to a kind of distribution of cipher card algorithm resource Method, system, cipher card and computer readable storage medium.
Background technology
SR-IOV technologies are a kind of virtualization technologies, by user software, monitor of virtual machine, device drives, BIOS, support PCI-E (the Peripheral Component Interconnect of VF (Virtual Function, virtual functions) Express, the interconnection of quick peripheral component) compositions such as equipment technological package, a physics PCI-E device can be itself void Multiple virtual PCI-E devices are intended to be, multiple and different virtual machines is supplied to access.
In the prior art, one is based on FPGA (Field-Programmable Gate Array, field programmable gate Array) the PCI-E cipher cards that constitute are provided with a certain number of VF, and the algorithm resource of complete set is configured for each VF, and one Come simple in this way, easy, but the intrinsic hardware logic computing resource of the PCI-E cipher cards can be wasted, but be similarly limited to close Code blocks limited logical calculated resource, it is impossible to which the unconfined quantity for increasing VF is unlikely when the quantity of VF is more Each VF is provided which the algorithm resource of complete set.
So how to provide, a kind of logical calculated resource allocation is more scientific and reasonable, the higher cipher card algorithm of utilization rate Resource allocation mechanism is those skilled in the art's urgent problem to be solved.
Invention content
The purpose of the application is to provide a kind of distribution method, system, cipher card and the computer of cipher card algorithm resource can Storage medium is read, it is multiple applied under SR-IOV environment, the current version algorithm that algorithmically frequency of use marks off is copied as, So that the multiple current version algorithm examples copied can execute algorithm operation, it is aobvious on the basis of resource allocation is more rational Write the utilization rate for the logical calculated resource for improving the PCI-E cipher cards.
In order to solve the above technical problems, the application provides a kind of distribution method of cipher card algorithm resource, it is applied to SR- Under IOV environment, which includes:
At least two algorithms for including by cipher card carry out type division, obtain current version algorithm and non-current version algorithm;
The algorithm routine of the current version algorithm is copied as into preset quantity M, obtains M virtual current version algorithm examples;
Default naming rule allocation algorithm ID is pressed for the M virtual current version algorithm examples, obtains M different algorithms ID;
When receiving the call instruction of the current version algorithm, sky is executed in the M virtual current version algorithm examples Not busy polling operation, until the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
Corresponding virtual current version algorithm examples are called to execute algorithm arithmetic operation by the algorithm ID, until M institute It states virtual current version algorithm examples and is in seizure condition, the call instruction of M is no more than with parallel processing quantity.
Optionally, at least two algorithms for including by cipher card carry out type division, obtain current version algorithm and non-common Type algorithm, including:
The frequency of use of each algorithm that includes is counted in the cipher card in predetermined period;
Judge whether each frequency of use is more than threshold value;
It is current version algorithm by the algorithm partition that the frequency of use is more than the threshold value if being more than;
If not exceeded, the algorithm partition that the frequency of use is less than to the threshold value is non-current version algorithm.
Optionally, the algorithm routine of the current version algorithm is copied as into preset quantity M, obtains M virtual current versions Before algorithm examples, further include:
The total calculated performance and each algorithm routine for obtaining the FPGA logic cell for constituting the cipher card occupy institute State the percentages of total calculated performance;
The preset quantity M is calculated according to each percentages and each frequency of use.
Optionally, it is that the M virtual current version algorithm examples press default naming rule allocation algorithm ID, obtains M not After same algorithm ID, further include:
M different algorithm ID are ranked up by predetermined order rule, obtain algorithm sequencing table;
Acquire the working condition of the corresponding virtual current version algorithm examples of each algorithm ID;
Each working condition is attached to the predeterminated position for corresponding to algorithm ID in the algorithm sequencing table, obtains algorithm shape State inquiry table.
Optionally, idle polling operation is executed in the M virtual current version algorithm examples, until obtaining in the free time The corresponding algorithm ID of virtual current version algorithm examples of state, including;
Judge whether each virtual current version algorithm examples are in the idle state successively;
If so, obtaining the corresponding algorithm ID of virtual current version algorithm examples in the idle state;
If the M virtual current version algorithm examples are in seizure condition, restart poll, is in until existing The virtual current version algorithm examples of the idle state.
Present invention also provides a kind of distribution systems of cipher card algorithm resource, are applied under SR-IOV environment, the distribution System includes:
Division unit, at least two algorithms for including by cipher card carry out type division, obtain current version algorithm and Non- current version algorithm;
Copied cells obtain M virtually often for the algorithm routine of the current version algorithm to be copied as preset quantity M With type algorithm examples;
ID allocation units are obtained for pressing default naming rule allocation algorithm ID for the M virtual current version algorithm examples The algorithm ID different to M;
Poll searching unit, for executing idle polling operation in the M virtual current version algorithm examples, until To the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
Execution unit is called, for calling corresponding virtual current version algorithm examples to execute algorithm fortune by the algorithm ID Operation is calculated, until the M virtual current version algorithm examples are in seizure condition, the institute of M is no more than with parallel processing quantity State call instruction.
Optionally, the division unit includes:
Frequency of use counts subelement, the use for counting in the cipher card each algorithm for including in predetermined period Frequency;
Threshold decision subelement possesses and judges whether each frequency of use is more than threshold value;
Current version divides subelement, for being more than that the algorithm partition of the threshold value is calculated for current version by the frequency of use Method;
Non- current version divides subelement, and the algorithm partition that the threshold value is less than for the frequency of use is non-current version Algorithm.
Optionally, the poll searching unit includes:
Idle state judgment sub-unit, for judging whether each virtual current version algorithm examples are in the sky successively Not busy state;
Free time processing subelement, for obtaining the corresponding algorithm of virtual current version algorithm examples in the idle state ID;
Processing subelement is occupied, for restarting poll, until existing virtual common in the idle state Type algorithm examples.
Present invention also provides a kind of cipher card based on SR-IOV, which includes:
Memory, for storing computer program;
Processor realizes point of the cipher card algorithm resource as described in the above when for executing the computer program The step of method of completing the square.
Present invention also provides a kind of computer readable storage medium, meter is stored on the computer readable storage medium Calculation machine program realizes the distribution of the cipher card algorithm resource as described in the above when the computer program is executed by processor The step of method.
A kind of distribution method of cipher card algorithm resource provided herein is applied under SR-IOV environment, by password At least two algorithms that card includes carry out type division, obtain current version algorithm and non-current version algorithm;The current version is calculated The algorithm routine of method copies as preset quantity M, obtains M virtual current version algorithm examples;For the M virtual current version algorithms Example presses default naming rule allocation algorithm ID, obtains M different algorithm ID;When the calling for receiving the current version algorithm is ordered When enabling, idle polling operation is executed in the M virtual current version algorithm examples, until being in idle condition virtual The corresponding algorithm ID of current version algorithm examples;Corresponding virtual current version algorithm examples are called to execute algorithm by the algorithm ID Arithmetic operation, until the M virtual current version algorithm examples are in seizure condition, with parallel processing quantity no more than M's The call instruction.
Obviously, technical solution provided herein, the intrinsic logic having on fully taking into account the PCI-E cipher cards On the basis of computing resource, the current version algorithm that algorithmically frequency of use marks off is copied as it is multiple, certainly, the quantity of duplication The limitation of logical calculated resource is received, and makes the multiple current version algorithm examples copied that can execute algorithm operation, The utilization rate of the logical calculated resource of the PCI-E cipher cards is significantly improved on the basis of resource allocation is more rational.The application A kind of distribution system, cipher card and the computer readable storage medium of cipher card algorithm resource are additionally provided simultaneously, is had above-mentioned Advantageous effect, details are not described herein.
Description of the drawings
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
A kind of flow chart of the distribution method for cipher card algorithm resource that Fig. 1 is provided by the embodiment of the present application;
The flow chart of the distribution method for another cipher card algorithm resource that Fig. 2 is provided by the embodiment of the present application;
A kind of structure diagram of the distribution system for cipher card algorithm resource that Fig. 3 is provided by the embodiment of the present application;
Algorithm state table shows in a kind of distribution system for cipher card algorithm resource that Fig. 4 is provided by the embodiment of the present application It is intended to;
The structure diagram of the distribution system for another cipher card algorithm resource that Fig. 5 is provided by the embodiment of the present application.
Specific implementation mode
The core of the application is to provide a kind of distribution method of cipher card algorithm resource, is applied under SR-IOV environment, The current version algorithm that algorithmically frequency of use marks off is copied as multiple so that the multiple current version algorithm examples copied are equal Algorithm operation can be executed, the logical calculated resource of the cipher card is significantly improved on the basis of resource allocation is more rational Utilization rate.
To keep the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application In attached drawing, technical solutions in the embodiments of the present application is clearly and completely described, it is clear that described embodiment is Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art The all other embodiment obtained without making creative work, shall fall in the protection scope of this application.
Below in conjunction with Fig. 1, a kind of stream of the distribution method for cipher card algorithm resource that Fig. 1 is provided by the embodiment of the present application Cheng Tu.
It specifically includes following steps:
S101:At least two algorithms for including by cipher card carry out type division, obtain current version algorithm and non-current version Algorithm;
This step is intended at least two algorithms that will include on cipher card according to whether common progress type division, is divided Belong to current version algorithm and non-current version algorithm two major classes.
The algorithm partition that cipher card is included by which kind of parameter of concrete foundation is that the mode of this two class is varied, for example, can To acquire the access times or frequency of use of each algorithm in some cycles, and judge certain calculation in conjunction with some threshold value of setting Method particularly belongs to current version algorithm or non-current version algorithm;It can also be classified according to other parameters or particular/special requirement, it can Algorithm that is sufficiently complex, expending logical calculated resource is classified as non-current version algorithm, because of unless adding in highest level Close algorithm, chance and the number for using the type algorithm under normal conditions are less.For example, the standard compressed to data file Have several kinds, including RAR, ZIP, 7Z etc., wherein most of software can all give tacit consent to choose RAR or ZIP format because this two Kind format has been able to the demand for meeting most of user, unless there is special requirement, is voluntarily choosing satisfactory pressure Contracting standard.
S102:The algorithm routine of current version algorithm is copied as into preset quantity M, obtains M virtual current version algorithm examples;
On the basis of S101, the algorithm routine that this step is intended to the current version algorithm that will be marked off copies as preset quantity M, to obtain M virtual current version algorithm examples.Wherein, which includes all algorithms for belonging to current version algorithm, i.e., Assuming that in the case that the current version algorithm includes SM1, SM2 (two kinds of Encryption Algorithm) both algorithms, which includes just The execution code of both algorithms of SM1, SM2 or other data files that can realize identical operation step.
S103:Default naming rule allocation algorithm ID is pressed for M virtual current version algorithm examples, obtains M different calculations Method ID;
On the basis of S102 replicates completion, this step presses for this M virtual current version algorithm examples and presets naming rule Allocation algorithm ID obtains M different algorithm ID, corresponding virtual normal in order to by algorithm ID find in subsequent step The calculating task issued is executed with type algorithm examples.
Wherein, the manifestation mode of the default naming rule is varied, for example, started counting up from 01, it is each virtual common Type algorithm examples increase by 1, i.e., carry out function number life in the way of 01,02,03 ... for each virtual current version algorithm examples Name;It can also be named in the way of 100,200,300 ...;Or identification method is combined to be added according under actual conditions Distinguished including Chinese and English etc., specific restriction is not done herein, can voluntarily be judged and be chosen suitable rule progress work( The name that can be numbered.
S104:When receiving the call instruction of current version algorithm, idle wheel is executed in M virtual current version algorithm examples Operation is ask, until the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
On the basis of S103 completes to name, this step is intended to when receiving the call instruction of current version algorithm, using wheel The mode of inquiry traverses all virtual current version algorithm examples, until the virtual current version algorithm examples being in idle condition Corresponding algorithm ID.
Wherein, the mode that poll is searched is varied, for example, M can will be represented virtually often first after the completion of name A polling list polling table is generated by predetermined order with M algorithm ID of type algorithm examples, and by the way that algorithm ID is added in the polling list polling table Corresponding virtual current version algorithm examples state in which issues calculating task;The side for generating idle sequence can also be used Formula is inquired the state of primary all virtual current version algorithm examples by predetermined period, and only virtual normal by what is be in idle condition The modes such as the idle sequence are added with the algorithm ID of type algorithm examples, herein and are not specifically limited, it can be according to actual conditions The realization difficulty of lower each method takes and other influence factors consider and select most suitable method.
S105:Corresponding virtual current version algorithm examples are called to execute algorithm arithmetic operation by algorithm ID, until M empty Quasi- current version algorithm examples are in seizure condition, and the call instruction of M is no more than with parallel processing quantity.
On the basis of S104, this step is intended to call corresponding virtual current version algorithm examples to execute calculation by algorithm ID Method arithmetic operation is no more than the tune of M with parallel processing quantity until M virtual current version algorithm examples are in seizure condition With order.Finally to realize M virtual current version algorithm examples while handle calculating task, certainly, number M is bound to by close Code fixes the limitation for the logical calculated resource for having hardware to be provided, it is impossible to unconfined increase, but because only by current version The algorithm routine of algorithm is replicated, and the quantity of number M can be largely increased.
It is also possible in view of utilizing most common algorithm to the full extent, can limit the current version algorithm includes Algorithm number, it is assumed that current version algorithm includes uniformly only 2 kinds of algorithms, even if algorithm is all more common in having 3, but still It chooses the most common algorithm partition of the first two and enters current version algorithm, and copy as preset quantity M, thus can further carry The quantity of high number M.
Based on the above-mentioned technical proposal, the distribution method of a kind of cipher card algorithm resource provided by the embodiments of the present application, is filling Divide on the basis of the intrinsic logical calculated resource in view of having on the PCI-E cipher cards, will algorithmically frequency of use mark off Current version algorithm copy as multiple, certainly, the quantity of duplication is limited by logical calculated resource, and to copy more A current version algorithm examples can execute algorithm operation, and the password is significantly improved on the basis of resource allocation is more rational The utilization rate of the logical calculated resource of card.
Below in conjunction with Fig. 2, the distribution method for another cipher card algorithm resource that Fig. 2 is provided by the embodiment of the present application Flow chart.
The present embodiment is a kind of restriction made for other steps in a upper embodiment in addition to S105, Qi Tabu Suddenly it is substantially the same with a upper embodiment, same section can be found in an embodiment relevant portion, and details are not described herein.
It specifically includes following steps:
S201:The frequency of use for each algorithm for including in cipher card is counted in predetermined period;
S202:Judge whether each frequency of use is more than threshold value;
S203:It is current version algorithm by the algorithm partition that frequency of use is more than threshold value;
S204:The algorithm partition that frequency of use is less than to threshold value is non-current version algorithm;
Above four steps be intended to first count predetermined period in each algorithm frequency of use, next determine whether be more than Setting can be divided into the threshold value of current version algorithm, i.e., will be divided into current version algorithm more than the algorithm of threshold value, be less than The algorithm of threshold value is divided into expense current version algorithm.
S205:It obtains the total calculated performance for the FPGA logic cell for constituting cipher card and each algorithm routine occupies total calculate The percentages of performance;
S206:Preset quantity M is calculated according to each percentages and each frequency of use;
S205 and two steps of S206 are intended to total calculated performance of the FPGA logic cell using the composition cipher card got And each algorithm routine occupies the percentages of total calculated performance, and combine each calculation using the corresponding percentages of the algorithm Method frequency of use COMPREHENSIVE CALCULATING goes out preset quantity M.
S207:The algorithm routine of current version algorithm is copied as into preset quantity M, obtains M virtual current version algorithm examples;
The present embodiment is by the way of replicating, by the corresponding algorithm performs code of all algorithms for belonging to the current version algorithm Preset quantity M is copied as, to obtain M virtual current version algorithm examples.
S208:Default naming rule allocation algorithm ID is pressed for M virtual current version algorithm examples, obtains M different calculations Method ID;
S209:M different algorithm ID are ranked up by predetermined order rule, obtain algorithm sequencing table;
On the basis of S208, this step is intended to be ranked up M different algorithm ID by predetermined order rule, obtains To algorithm sequencing table.Wherein, the form of expression of predetermined order rule is varied, for example, using from small to large sequence, with Machine or other existing particular/special requirements are ranked up etc., herein and are not specifically limited, can according under actual conditions not It is selected with whether sortord impacts.
S210:Acquire the working condition of the corresponding virtual current version algorithm examples of each algorithm ID;
On the basis of S209, this step is intended to acquire the work shape of the corresponding virtual current version algorithm examples of each algorithm ID State is in seizure condition also according to whether the corresponding virtual current version algorithm examples of each algorithm ID are in calculating condition adjudgement It is idle state, in order to record the virtual current version algorithm examples for being in certain state for subsequent step use.
S211;Each working condition is attached to the predeterminated position for corresponding to algorithm ID in algorithm sequencing table, obtains algorithm state Inquiry table;
On the basis of S210, the corresponding working condition of each virtual current version algorithm examples is attached to the algorithm sequencing table The predeterminated position of middle corresponding algorithm ID, to obtain algorithm state inquiry table.Wherein, which, which is subject to, is easiest to get , it is of course also possible to change additional position under the limitation of other particular/special requirements.Meanwhile the performance of additional status information Form is also varied, can be a mark for being similar to left-right switch, and it is idle state to be placed in left end, and it is to account for be placed in right end Use state;It can also be the description information etc. additionally having more, herein and be not specifically limited.
S212:Judge whether each virtual current version algorithm examples are in idle condition successively;
S213:Obtain the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
S214:Restart poll, until there are the virtual current version algorithm examples being in idle condition.
S213 and S214 corresponds to two kinds judged in S212 respectively as a result, the former is virtual normal in the presence of what is be in idle condition With type algorithm examples, the latter is there is no the virtual current version algorithm examples being in idle condition, and whole virtual current versions is calculated Method example is in seizure condition.
The corresponding algorithm ID of virtual current version algorithm examples being in idle condition, the latter can be directly acquired for the former Poll can then be restarted, until there are the virtual current version algorithm examples being in idle condition.
Based on the above-mentioned technical proposal, the distribution method of a kind of cipher card algorithm resource provided by the embodiments of the present application, is filling Divide on the basis of the intrinsic logical calculated resource in view of having on the cipher card, algorithmically frequency of use is marked off common Type algorithm copies as multiple, and certainly, the quantity of duplication receives the limitation of logical calculated resource, and to copy multiple common Type algorithm examples can execute algorithm operation, and patrolling for the cipher card is significantly improved on the basis of resource allocation is more rational Collect the utilization rate of computing resource.
Because situation is complicated, it can not enumerate and be illustrated, those skilled in the art should be able to recognize more the application The basic skills principle combination actual conditions of offer may exist many examples, in the case where not paying enough creative works, It should within the scope of protection of this application.
Refer to Fig. 3 below, a kind of distribution system for cipher card algorithm resource that Fig. 3 is provided by the embodiment of the present application Structure diagram.
The distribution system may include:
Division unit 100, at least two algorithms for including by cipher card carry out type division, obtain current version algorithm With non-current version algorithm;
Copied cells 200 obtain M and virtually commonly use for the algorithm routine of current version algorithm to be copied as preset quantity M Type algorithm examples;
ID allocation units 300 are obtained for pressing default naming rule allocation algorithm ID for M virtual current version algorithm examples The algorithm ID different to M;
Poll searching unit 400, for executing idle polling operation in M virtual current version algorithm examples, until To the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
Execution unit 500 is called, for calling corresponding virtual current version algorithm examples to execute algorithm fortune by algorithm ID Operation is calculated, until M virtual current version algorithm examples are in seizure condition, the calling with parallel processing quantity no more than M is ordered It enables.
Wherein, division unit 100 includes:
Frequency of use counts subelement, for counting using frequently for each algorithm for including in cipher card in predetermined period Rate;
Threshold decision subelement possesses and judges whether each frequency of use is more than threshold value;
Current version divides subelement, and the algorithm partition for by frequency of use being more than threshold value is current version algorithm;
Non- current version divides subelement, and the algorithm partition that threshold value is less than for frequency of use is non-current version algorithm.
Wherein, poll searching unit 400 includes:
Idle state judgment sub-unit, for judging whether each virtual current version algorithm examples are in idle condition successively;
Free time processing subelement, for obtaining the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
Processing subelement is occupied, for restarting poll, is calculated until there is the virtual current version being in idle condition Method example.
Further, before the execution of copied cells 200, can also include:
Parameter acquiring unit, total calculated performance for obtaining the FPGA logic cell for constituting cipher card and each algorithm journey Sequence occupies the percentages of total calculated performance;
Amount calculation unit, for preset quantity M to be calculated according to each percentages and each frequency of use.
Further, after the execution of ID allocation units 300, can also include:
Sequencing unit obtains algorithm sequencing table for being ranked up M different algorithm ID by predetermined order rule;
State acquisition unit, the working condition for acquiring the corresponding virtual current version algorithm examples of each algorithm ID;
Algorithm state table generation unit corresponds to the default of algorithm ID for each working condition to be attached in algorithm sequencing table Position obtains algorithm state inquiry table.
The above each unit can be applied in one below specific concrete instance:
The present embodiment selects the cipher card under SR-IOV environment constituted based on FPGA, it is intended to intrinsic to cipher card itself The logical calculated resource that hardware is provided integrates and optimizes, and to achieve the purpose that improve resource utilization, here is whole step Rapid flow:
1, classify to the cryptographic algorithm module of cipher card, be divided into current version and non-current version;
2, current version algorithm is copied into multiple using the method that algoritic module replicates, specific number is provided by fpga logic The restriction in source, and allocation algorithm ID number.Algorithm ID number is distinguished to the disparate modules of algorithm of the same race;
3, an algorithm state table is established, the service condition of inquiry special algorithm specific ID is facilitated;
4, when virtual machine is to when PCI-E device transmission algorithm call request, PCI-E device polling algorithm state table, until One of algorithm ID is idle, may refer to shown in Fig. 4;
5, the corresponding algoritic modules of idle algorithm ID is selected to carry out algorithm operation.
Fig. 5 is referred to, on the basis of the above overall flow, detailed, specific flow can be following mode:
Algorithm state table is defined first uses two-port RAM (random access memory, random access memory) Form realize that port A is writeable, and port B is readable, wherein read and write asynchronous progress, each algorithm corresponds to a two-port RAM.It is right Algorithm ID is numbered, and is that address accesses with its ID numbers.The output valve for defining two-port RAM is Q, input value D, Q For " 0 ", indicates that the corresponding algoritic modules of this ID are idle, otherwise indicate that the corresponding algoritic modules of this ID are just busy, and each algorithm is all There is unique corresponding algorithm queries state machine.
Step 1:Virtual machine is to PCI-E device transmission algorithm call request;
Step 2:It is (empty to be stored in corresponding VF for the algorithm order that PCI-E device will receive, parameter, initial data etc. Quasi- function) in.When receiving the request of complete algorithm, that is, when meeting algorithm and starting the required full terms of operation, VF will be calculated Method call request is put into according to the difference of algorithm in different algorithm queues, carries out unified queuing.Such as the queue packet of SM4 algorithms The queue of SM4 requests containing all VF, SM2 algorithms includes the SM2 requests of all VF, and there is no associations between the two queues. Algorithm queue uses the form of FIFO, each data in FIFO indicate currently to require the PF number of algorithm operation and VFnumber。
Step 3:Algorithm queries state machine, by port B polling algorithm state tables, if being polled to ID pairs of some algorithm When the Q answered is " 0 ", then current algorithm ID is recorded, continues search algorithm queue, according to PF number and VF therein Number allows signal and algorithm ID to corresponding VF transmission algorithm operations.Later by port A by the corresponding values of this algorithm ID Set, i.e. D=1.Then algorithm ID+1 continues to inquire.If the Q of the algorithm ID of inquiry is not " 0 ", algorithm ID+1 continues Inquiry.When the address of inquiry is more than the maximum value of ID, ID=0 is returned, continues to inquire.
Step 4:VF, which receives algorithm operation, allows signal and algorithm ID, later starting algorithm operation.It will order, parameter is former Beginning data are sent in the corresponding algoritic modules of algorithm ID.After algoritic module operation is complete, the corresponding storages of VF are stored the result into In device.Operation terminates, by port A by the corresponding value resets of this algorithm ID, i.e. D=0.
Present invention also provides a kind of cipher cards of base SR-IOV, may include memory and processor, wherein the storage There is computer program in device, when which calls the computer program in the memory, above-described embodiment institute may be implemented The step of offer.Certain setting device can also include various necessary network interfaces, power supply and other parts etc..
Present invention also provides a kind of computer readable storage mediums, have computer program thereon, the computer program The step of above-described embodiment is provided may be implemented when being performed terminal or processor execution.The storage medium may include:U Disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), the various media that can store program code such as magnetic disc or CD.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
Each embodiment is described by the way of progressive in specification, the highlights of each of the examples are with other realities Apply the difference of example, just to refer each other for identical similar portion between each embodiment.For device disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so description is fairly simple, related place is referring to method part illustration .
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These Function is implemented in hardware or software actually, depends on the specific application and design constraint of technical solution.Profession Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered Think to exceed scope of the present application.
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and above example is said It is bright to be merely used to help understand the present processes and its core concept.It should be pointed out that for the ordinary skill of the art For personnel, under the premise of not departing from the application principle, can also to the application, some improvement and modification can also be carried out, these improvement It is also fallen into the application scope of the claims with modification.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment including a series of elements includes not only that A little elements, but also include the other elements being not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or equipment including element.

Claims (7)

1. a kind of distribution method of cipher card algorithm resource is applied under SR-IOV environment, which is characterized in that including:
The frequency of use for each algorithm for including in cipher card is counted in predetermined period;
Judge whether each frequency of use is more than threshold value;
It is current version algorithm by the algorithm partition that the frequency of use is more than the threshold value if being more than;
If not exceeded, the algorithm partition that the frequency of use is less than to the threshold value is non-current version algorithm;
Total calculated performance and each algorithm routine occupancy for obtaining the FPGA logic cell for constituting the cipher card are described total The percentages of calculated performance;
Preset quantity M is calculated according to each percentages and each frequency of use;
The number that the algorithm routine of the current version algorithm is copied as to the preset quantity M obtains M virtual current version algorithms Example;
Default naming rule allocation algorithm ID is pressed for the M virtual current version algorithm examples, obtains M different algorithm ID;
When receiving the call instruction of the current version algorithm, idle wheel is executed in the M virtual current version algorithm examples Operation is ask, until the corresponding algorithm ID of virtual current version algorithm examples being in idle condition;
Corresponding virtual current version algorithm examples are called to execute algorithm arithmetic operation by the algorithm ID, until the M void Quasi- current version algorithm examples are in seizure condition, and the call instruction of M is no more than with parallel processing quantity.
2. distribution method according to claim 1, which is characterized in that pressed for the M virtual current version algorithm examples pre- If naming rule allocation algorithm ID, after obtaining M different algorithm ID, further include:
M different algorithm ID are ranked up by predetermined order rule, obtain algorithm sequencing table;
Acquire the working condition of the corresponding virtual current version algorithm examples of each algorithm ID;
Each working condition is attached to the predeterminated position for corresponding to algorithm ID in the algorithm sequencing table, algorithm state is obtained and looks into Ask table.
3. distribution method according to claim 1 or 2, which is characterized in that in the M virtual current version algorithm examples Idle polling operation is executed, until the corresponding algorithm ID of virtual current version algorithm examples being in idle condition, including;
Judge whether each virtual current version algorithm examples are in the idle state successively;
If so, obtaining the corresponding algorithm ID of virtual current version algorithm examples in the idle state;
If the M virtual current version algorithm examples are in seizure condition, restart poll, until existing in described The virtual current version algorithm examples of idle state.
4. a kind of distribution system of cipher card algorithm resource is applied under SR-IOV environment, which is characterized in that including:
Division unit, the frequency of use for counting each algorithm for including in cipher card in predetermined period;Judge each described make Whether it is more than threshold value with frequency;It is current version algorithm by the algorithm partition that the frequency of use is more than the threshold value if being more than;If It is less than, the algorithm partition that the frequency of use is less than to the threshold value is non-current version algorithm;
Parameter acquiring unit, total calculated performance and each algorithm routine for obtaining the FPGA logic cell for constituting cipher card account for With the percentages of total calculated performance;
Amount calculation unit, for preset quantity M to be calculated according to each percentages and each frequency of use;
Copied cells obtain M virtual current versions for the algorithm routine of the current version algorithm to be copied as preset quantity M Algorithm examples;
ID allocation units obtain M for pressing default naming rule allocation algorithm ID for the M virtual current version algorithm examples A different algorithm ID;
Poll searching unit is used to execute idle polling operation in the M virtual current version algorithm examples, until obtaining everywhere In the corresponding algorithm ID of virtual current version algorithm examples of idle state;
Execution unit is called, for calling corresponding virtual current version algorithm examples to execute algorithm operation behaviour by the algorithm ID Make, until the M virtual current version algorithm examples are in seizure condition, the tune of M is no more than with parallel processing quantity With order.
5. distribution system according to claim 4, which is characterized in that the poll searching unit includes:
Idle state judgment sub-unit, for judging each virtual current version algorithm examples whether in the idle shape successively State;
Free time processing subelement, for obtaining the corresponding algorithm ID of virtual current version algorithm examples in the idle state;
Processing subelement is occupied, for restarting poll, is calculated until there is the virtual current version in the idle state Method example.
6. a kind of cipher card based on SR-IOV, which is characterized in that including:
Memory, for storing computer program;
Processor realizes the cipher card algorithm resource as described in any one of claims 1 to 3 when for executing the computer program Distribution method the step of.
7. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program, realizing the cipher card algorithm resource as described in any one of claims 1 to 3 when the computer program is executed by processor The step of distribution method.
CN201710891146.3A 2017-09-27 2017-09-27 A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource Active CN107632878B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710891146.3A CN107632878B (en) 2017-09-27 2017-09-27 A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710891146.3A CN107632878B (en) 2017-09-27 2017-09-27 A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource

Publications (2)

Publication Number Publication Date
CN107632878A CN107632878A (en) 2018-01-26
CN107632878B true CN107632878B (en) 2018-10-16

Family

ID=61101907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710891146.3A Active CN107632878B (en) 2017-09-27 2017-09-27 A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource

Country Status (1)

Country Link
CN (1) CN107632878B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108897601A (en) * 2018-06-29 2018-11-27 郑州云海信息技术有限公司 A kind of FPGA application method, system and relevant apparatus based on virtualization

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102023893A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 An inside-encryption-card parallel processing realization method
CN106874065A (en) * 2017-01-18 2017-06-20 北京三未信安科技发展有限公司 A kind of system for supporting hardware virtualization

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8392625B2 (en) * 2010-06-25 2013-03-05 Intel Corporation Methods and systems to implement a physical device to differentiate amongst multiple virtual machines of a host computer system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102023893A (en) * 2010-11-04 2011-04-20 北京曙光天演信息技术有限公司 An inside-encryption-card parallel processing realization method
CN106874065A (en) * 2017-01-18 2017-06-20 北京三未信安科技发展有限公司 A kind of system for supporting hardware virtualization

Also Published As

Publication number Publication date
CN107632878A (en) 2018-01-26

Similar Documents

Publication Publication Date Title
CN109983449B (en) Data processing method and storage system
US20150333977A1 (en) Methods and apparatus related to management of unit-based virtual resources within a data center environment
WO2020119029A1 (en) Distributed task scheduling method and system, and storage medium
CN102027453A (en) System and method for optimizing interrupt processing in virtualized environments
EP3537281A1 (en) Storage controller and io request processing method
CN111176829B (en) Flexible resource allocation of physical and virtual functions in virtualized processing systems
CN109800558B (en) Password service board card and password service device
CN103761146A (en) Method for dynamically setting quantities of slots for MapReduce
CN104765701B (en) Data access method and equipment
CN102662889A (en) Interrupt handling method, interrupt controller and processor
CN107632878B (en) A kind of distribution method, system and the relevant apparatus of cipher card algorithm resource
CN107577962B (en) A kind of method, system and relevant apparatus that the more algorithms of cipher card execute side by side
CN111464331A (en) Control method and system for thread creation and terminal equipment
CN104123188A (en) Resource allocating method and related devices
CN111290858B (en) Input/output resource management method, device, computer equipment and storage medium
WO2021227789A1 (en) Storage space allocation method and device, terminal, and computer readable storage medium
CN116089477B (en) Distributed training method and system
CN106411545A (en) Service attribute counting method and device
WO2010111906A1 (en) Blade server and service scheduling method thereof
CN111158595A (en) Enterprise-level heterogeneous storage resource scheduling method and system
US20180129672A1 (en) Method and apparatus for accessing file, and storage system
CN103338246A (en) Method and system for selecting virtual machine in allocation process of infrastructure construction cloud resource
CN115658326A (en) Device and method for managing storage space, computing equipment and chip
CN112748883B (en) IO request pipeline processing device, method, system and storage medium
CN105659216A (en) Cache directory processing method and directory controller of multi-core processor system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 264200 No. 12-1, Chuhe North Road, chucun Town, gaoqu District, Weihai City, Shandong Province

Patentee after: Yuweng Information Technology Co.,Ltd.

Address before: No.12, Chuhe North Road, gaoqu District, Weihai City, Shandong Province

Patentee before: SHANDONG FISHERMAN INFORMATION TECHNOLOGY Co.,Ltd.