Invention content
Present invention aims at a kind of efficient data encryption device based on UASP is proposed, asynchronous queue's skill of UASP is relied on
The USB3.0 ultrahigh speed physical interfaces of art and bottom realize the efficient cryptographic to critical data.
To achieve the above object, the technical solution adopted by the present invention sets for a kind of efficient data encryption based on UASP agreements
It is standby, include USB3.0Device controllers, UASP controllers, crypto engine and the respective driving journey of three at the ends Device
Sequence also includes a data buffer zone;Include an application software app and a data buffer zone at the ends Host;Also include one
A program for realizing following functions:
S1:The ends Host application software app reads plaintext document to be encrypted to internal storage data buffering area from hard disk;
S2:The UASP drivers that the ends Host application software app provides the clear data in memory via operating system
It is sent to the ends encryption device Device;
S3:The ends encryption device Device receive above-mentioned clear data to encryption by the UASP drivers at the ends Device and draw
Encryption is held up and started, encrypted ciphertext data are put to the data buffer zone at the ends Device;
S4:Encryption device sends ciphertext data to the ends Host by the UASP drivers at the ends Device;
S5:The ends Host receive ciphertext data by application software app and deposit to memory;
S6:Ciphertext data are written back to hard disk by application software app or preserved to other positions by the ends Host.
Further, application software app in the ends Host generates UASP asynchronous queues by the asynchronous IO API that operating system provides.
The data length for the asynchronous I/O Request that the ends Host application software app is generated every time is buffered no more than device end datas
The capacity in area.
Continuously submit asynchronous I/O Request to the ends device, at the end of all asynchronous writes and asynchronous reading all, one in the ends Host
Secondary complete file encryption action terminates.
Asynchronous in cryptographic operation " writing " corresponding encryption, asynchronous " reading " is corresponding to read encrypted result;It is different in decryption oprerations
" writing " corresponding decryption is walked, asynchronous " reading " is corresponding to read decrypted result.
The buffering area at the required ends Device is smaller, and 32KB can reach high-performance, to save hardware resource.
Compared with prior art, the invention has the advantages that:
1, the present invention is based on the final products of the efficient data encryption device of UASP to be highly convenient for carrying, at any time with
The encryption and decryption of data is completed on ground, and form is similar to U Key;Key is located inside equipment, ensures safety;
2, the high bandwidth of USB3.0 can be made full use of based on UASP agreements, realize very efficient encryption and decryption;
3, UASP agreements are based on, extremely low to the buffer requirements of equipment end, 32KB SRAM can reach high-performance;
4, Host end application software app, which do not have to installation driving, directly to operate encryption device by application program, very
Just accomplish free drive.
Specific implementation mode
The invention will now be described in further detail with reference to the accompanying drawings.
Specific Encryption Algorithm selection proposed by the present invention and key management mode with technology frame proposed by the invention
Frame is unrelated.The encryption device of the present invention needs built-in encryption engine, and the arbitrary symmetric encipherment algorithm pair such as AES, SM1, SM4 may be used
The data flowed through carry out encryption and decryption.In terms of key management, you can encryption key is randomly generated with inside, can also by RSA,
The asymmetric arithmetics such as SM2 are negotiated to generate key, can also use other arbitrary acceptable key management modes.
The present invention is mainly to realize the USB device end for supporting UASP, next needs to write usb host end software, Shuan Fangpei
It closes and realizes data encrypting and deciphering process.When equipment is inserted into the usb host for supporting UASP, can a great Rong be identified as by host
Storage device is measured, host side software, which does not have to any driving of installation, can access the equipment, realize data encrypting and deciphering.Fig. 1 is this
One application scenarios of invention, including the ends Host and the ends Device, arrow represent a data encryption and (decrypt flow therewith substantially
It is identical) flow.
Single data encryption flow in Fig. 1 is described below:
1. host side application software (App) reads plaintext document to be encrypted to memory from hard disk (FileSystem)
(Buffer);
2. host side application software drives the clear data in memory to encryption via the UASP that operating system provides and sets
Preparation is sent;
3. encryption device receives clear data to crypto-engine (Crypto by the UASP drivings of equipment end
Engine), and start encryption, encrypted ciphertext data are put to equipment end buffer memory (Buffer);
4. encryption device sends ciphertext data to host side by the UASP drivings of equipment end
5. host side receives ciphertext data by application software and deposits to memory
6. ciphertext data are written back to hard disk (or preserving to other positions) by host side by application software
Single data encryption does not form asynchronous queue, is unable to fully the high bandwidth using USB3.0, is transmitted using more
It bright can then make full use of bandwidth, schematic diagram as shown in Figure 2 in conjunction with UASP.
Have 4 pending orders that host is issued in the command queue of Fig. 2, be followed successively by write, reading and writing, reading, and order tie
Using tag as distinguishing inside structure, it is expressed as CMD1, CMD2, CMD3, CMD4 (abbreviation of CMD i.e. command (order)).It writes, read
Occur in pairs, a data encryption operation is realized per a pair of write-read (see Fig. 1).The ends Device parse these and order and execute successively
Corresponding data receiver and receipt are sent, and wherein data receiver can be explained along with the encryption acts of crypto engine, detailed process
It is as follows:
1.Device parses CMD1 first, and notifies host that can execute CMD1;
2.Host is notified, executes CMD1, be-encrypted data is sent to device;Device starts crypto engine, connects
Receive data.Device CPU are released at this time, continue the parsing and pretreatment of CMD2;
3. after data encryption, device notifies host CMD1 to execute within the extremely short time, and notifies
Host can execute CMD2;
4.Host is notified, executes CMD2, and ciphertext data are read back host from device;The CPU of device can at this time
To continue the pretreatment of CMD3;
5. after ciphertext data transmission, host thinks that the encryption of the first block number evidence has been completed;Device is then extremely short
Time in notice host CMD2 executed, and notify host that can execute CMD3;
After 6.Host is notified, CMD3, CMD4 are continued to execute;Execute the flow and CMD1, CMD2 phase of CMD3, CMD4
Together.
In the step 3 of this flow, step 5, device notifies the time of host extremely short, this be asynchronous queue's mechanism and
What the software-hardware synergism at the ends device was ensured.By the way that from the point of view of time shaft, the time that " interval " in Fig. 2 occupies is extremely short,
It ensure that " receive and encrypt " and " returning to ciphertext " is continuous substantially, to ensure that bandwidth availability ratio to the maximum extent.This
It is the key that ensure to make full use of USB3.0 high bandwidths.
The implementation of the present invention relies on the software and hardware cooperation at the ends USB3.0Device, i.e., needs the ends USB host (general simultaneously
It is PC or application software App) realize matched program.
The technical solution of one most preferred embodiment is as follows:
The hardware resource at the ends 1.Device will have USB3.0Device controllers, crypto engine, DMA etc.;
The ends 2.Device need one piece of continuous SRAM as data buffer, and 32KB is enough;
The firmware program at the ends 3.Device needs to realize the driver of USB, crypto engine, DMA, and to realize that UASP is assisted
View realizes the efficient response to the host asynchronous queues issued;
The PC programs at the ends 4.Host need to generate UASP asynchronous queues by the asynchronous IO API that OS is provided;
The PC programs at the ends 5.Host every time asynchronous I/O Request data length be no more than the ends device buffer sizes;
6.Host continuously submits asynchronous I/O Request to be issued to device, when all asynchronous writes and asynchronous reading are all tied
When beam, primary complete file encryption acts the completion that leaves it at that;
7. encryption is similar with decryption scheme:For encryption, asynchronous " writing " is encryption;Asynchronous " reading " is to take encrypted result;It is right
In decryption, asynchronous " writing " is decryption, and asynchronous " reading " is to take decrypted result.
The description of the above specific implementation mode is not intended to limit the invention, all within the spirits and principles of the present invention institute
Any modification, equivalent substitution, improvement and etc. of work, should all be included in the protection scope of the present invention.