A kind of cipher card and its encryption method that based on FPGA data are carried out with algorithm process
Technical field
The present invention relates to a kind of data security arts, specifically, being to be related to one kind to carry out algorithm to data based on FPGA
The cipher card and its encryption method of processing.
Background technique
With the rapid development of communication and computer network technology, the strategic industries such as Internet of Things, big data, cloud computing
It rises, people are non-interference to network and the degree of dependence of network information resource is increasingly deepened.Computer network has become now
The important leverage of informationized society development, the network information security are related to national sovereignty, social stability, are related to public and private property
With the safety of individual privacy, just because of the presence of Network Information Security Problem, so the number stored and transmitted in a large amount of network
According to needing to be effectively protected, on the one hand the root of Network Information Security Problem carrys out the safety defect of automatic network itself, such as
The dangerous and business of network protocol it is dangerous, be on the other hand human factor, as mismanagement lead to hacker attack.
In order to guarantee that the safety of special data or industry data, network data need that cipher mode is taken to be transmitted, one
As undertake data encryption task mainly integration of equipments cipher card, currently, cipher card is as a kind of hardware encryption method,
It is mainly used in e-commerce, E-Government, electronic banking network field, wherein FPGA, DSP, algorithm chip and PEX8311
The generic structure cipher card hardware circuit module of chip is numerous, to increase entire circuit and power module, PCB plate-making text
The design difficulty of part, and power consumption is slightly larger than high speed password card, and increasing for hardware circuit module means cipher card control system
It is many and diverse, increase the working strength of written in code and maintenance.Meanwhile State Commercial Cryptography Administration needs elder generation according to China's information security
After promulgated the domestic cryptographic algorithm of more sets, including SM1, SM2, SM3, SM4 and Zu Chongzhi stream cipher algorithm etc., for support not
Same cryptographic algorithm needs to design various cipher cards to meet and support these cryptographic algorithms, and current cipher card is not supported a variety of
Cryptographic algorithm, and have the shortcomings that hardware circuit is complicated and operation efficiency is low, it is not able to satisfy current encryption needs.
Summary of the invention
The purpose of the present invention is to provide a kind of cipher card and its encryption sides that based on FPGA data are carried out with algorithm process
Method reduces hardware chip quantity and reduces the design difficulty of hardware circuit and close present invention optimizes the generic structure of cipher card
Code card power consumption, has effectively played the speed and performance of high speed password card algorithm chip, the fast, efficiency with crypto-operation speed
The advantages of height, small power consumption, has the value promoted well.
To achieve the above object, The technical solution adopted by the invention is as follows:
A kind of cipher card that based on FPGA data are carried out with algorithm process, comprising: cryptographic algorithm module, FLASH storage
Device, PCI-E bus interface, randomizer, further includes: the FPGA main control chip with NIOS soft-core processor, it is described
FPGA main control chip its be internally integrated PCI-E IP kernel and algorithmic state machine, wherein the PCI-E bus interface passes through institute
It states PCI-E IP kernel and is connected to the FPGA main control chip, for realizing data interaction;
The NIOS soft-core processor is the primary processor of FPGA main control chip, for controlling the FPGA main control chip
Carry out the read-write operation of data and order;
The randomizer is controlled by NIOS soft-core processor, and the random number sequence of generation is stored in and institute
In the FLASH memory for stating the connection of FPGA main control chip;
The algorithmic state machine controls the cryptographic algorithm module connecting with the FPGA main control chip, for calling
Cryptographic algorithm module carries out crypto-operation.
Further, two-port RAM is equipped in the FPGA main control chip, for storing the PCI-E bus interface hair
Send with received data, and in the NIOS soft-core processor carry out reading data.
Still further, the randomizer has two panels WNG9 physical noise source chip, and soft by the NIOS
Core processor control, and then generate random number sequence.
Still further, the FPGA main control chip is connected with EPCS16 configuration chip, the EPCS16 configuration chip is used
In storage configuration program, the rear FPGA main control chip is powered on every time and needs to load configuration in EPCS16 configuration chip
Program, thus initialized cryptographic card.
Still further, the cryptographic algorithm module includes multiple special purpose system algorithm chips, the special purpose system algorithm
Chip is connect with the FPGA main control chip, and each cryptographic algorithm chip respectively corresponded SM1/SM2/SM3/SM4 algorithm and
RSA international cryptography algorithm.
Still further, register is integrated in the FPGA main control chip, for temporary instruction, data and address.
Still further, being equipped with dma controller in the FPGA main control chip, the dma controller passes through the PCI-
E bus interface handles the transmission of data, after completing batch of data transmission, issues an interrupt requests to FPGA main control chip,
And ask the operation requirement of next step for instructions.
Based on above structure, the invention also discloses a kind of cipher cards that based on FPGA data are carried out with algorithm process
Encryption method includes the following steps:
(1) FPGA main control chip configures loading procedure in chip from EPCS16, and then external server is waited to send request
Instruction;
(2) external server gets out code data to be added, by PCI-E bus interface by be-encrypted data store to
In two-port RAM, and interrupt signal is sent to FPGA main control chip;
(3) FPGA main control chip removes interruption after receiving interrupt signal, sends control password to NIOS soft-core processor
Algoritic module reads the order that the data of dual port RAM are encrypted;
(4) instruction, the soft core of NIOS are sent completely to NIOS soft-core processor after cryptographic algorithm module completes data encryption
Processor, which sends back to the data encrypted in two-port RAM, to be stored, while being sent completely order to FPGA main control chip;
(5) FPGA main control chip sends interrupt signal to external server;
(6) data are read back into the memory of external server by two-port RAM by PCI-E bus interface, so far complete one
Secondary ciphering process.
Compared with prior art, the invention has the following advantages:
(1) cipher card of the invention, which passes through, selects FPGA main control chip and special encryption chip hardware realization crypto-operation,
The security services such as encryption and decryption, digital signature are provided, guarantee confidentiality, integrality, validity of the sensitive information in network transmission
And non-repudiation, relative to traditional method for running encryption software on host and being encrypted, hardware encryption has encryption
Speed is fast, occupies few, the highly-safe advantage of central processing unit (CPU) resource;
(2) cipher card of the invention has PCI-Express (PCI-E) bus interface, meets 2.0 interface of PCI-E rule
Model is placed in computer by PCI-E bus interface, the cipher card be located at network safety platform the bottom --- hardware adds
Close layer, main function are that required crypto-operation service is provided for upper layer application system, and it is fast to have achieved the effect that data are transmitted;
(3) the soft core of NIOS that cipher card of the invention uses FPGA main control chip embedded in processor connection is as handling
Device uses DSP as processor compared to traditional, and being used herein as NIOS has the advantages that flexibility is big, design is simple, and
And the framework of password Card processor is optimized, the performance of cipher card algorithm is improved, hardware chip quantity is reduced and reduces hardware
The design difficulty and cipher card power consumption of circuit;
(4) randomizer in the present invention uses the source chip concurrent working of two panels WNG9 physical noise, and will
The signal in two physical noise sources generates various random keys after exclusive or, and then improves key by height random
Quality, to improve the safety of whole system;
(5) being designed using PCI-E IP stone for cipher card of the invention has abandoned original PEX8311 conversion chip,
Improve the safety and agility of cipher key delivery.
Detailed description of the invention
Fig. 1 is overall structure diagram of the invention.
Fig. 2 is the work flow diagram of invention.
Specific embodiment
The invention will be further described with embodiment for explanation with reference to the accompanying drawing, and mode of the invention includes but not only
It is limited to following embodiment.
Embodiment
As Figure 1-Figure 2, the invention discloses a kind of cipher card that based on FPGA data are carried out with algorithm process, packets
It includes: cryptographic algorithm module, FLASH memory, PCI-E bus interface, randomizer, further includes: have at the soft core of NIOS
Manage device FPGA main control chip, the FPGA main control chip its be internally integrated PCI-E IP kernel and algorithmic state machine, wherein
The PCI-E bus interface is connected to the FPGA main control chip by the PCI-E IP kernel, for realizing
Data interaction;
The NIOS soft-core processor is the primary processor of FPGA main control chip, for controlling the FPGA main control chip
Carry out the read-write operation of data and order;
The randomizer is controlled by NIOS soft-core processor, and the random number sequence of generation is stored in and institute
In the FLASH memory for stating the connection of FPGA main control chip;
The algorithmic state machine controls the cryptographic algorithm module connecting with the FPGA main control chip, for calling
Cryptographic algorithm module carries out crypto-operation.
In order to guarantee the safety of key, key data disappears after realizing power down, is equipped in the FPGA main control chip double
Port ram, the data sent and received for storing the PCI-E bus interface, and carried out in the NIOS soft-core processor
Reading data.
In order to improve the quality of random key, the randomizer has two panels WNG9 physical noise source chip, and
It is controlled by the NIOS soft-core processor, and then generates random number sequence.
The FPGA main control chip is connected with EPCS16 configuration chip, and the EPCS16 configuration chip is used for storage configuration
Program powers on the rear FPGA main control chip and needs to load configurator in EPCS16 configuration chip, every time thus just
Beginningization cipher card.
In order to realize many algorithms, the cryptographic algorithm module includes multiple special purpose system algorithm chips, described dedicated close
Code algorithm chip is connect with the FPGA main control chip, and each cryptographic algorithm chip has respectively corresponded SM1/SM2/SM3/SM4
Algorithm and RSA international cryptography algorithm.
It is integrated with register in the FPGA main control chip, for temporary instruction, data and address.
Be equipped with dma controller in the FPGA main control chip, the dma controller by the PCI-E bus interface at
The transmission of data is managed, after completing batch of data transmission, issues an interrupt requests to FPGA main control chip, and ask for instructions next
The operation requirement of step.
Based on above structure, the invention also discloses a kind of cipher cards that based on FPGA data are carried out with algorithm process
Encryption method includes the following steps:
(1) FPGA main control chip configures loading procedure in chip from EPCS16, and then external server is waited to send request
Instruction;
(2) external server gets out code data to be added, by PCI-E bus interface by be-encrypted data store to
In two-port RAM, and interrupt signal is sent to FPGA main control chip;
(3) FPGA main control chip removes interruption after receiving interrupt signal, sends control password to NIOS soft-core processor
Algoritic module reads the order that the data of dual port RAM are encrypted;
(4) instruction, the soft core of NIOS are sent completely to NIOS soft-core processor after cryptographic algorithm module completes data encryption
Processor, which sends back to the data encrypted in two-port RAM, to be stored, while being sent completely order to FPGA main control chip;
(5) FPGA main control chip sends interrupt signal to external server;
(6) data are read back into the memory of external server by two-port RAM by PCI-E bus interface, so far complete one
Secondary ciphering process.
The course of work of the invention: powering on first, cipher card carry out electrifying self-resetting after, FPGA main control chip from
EPCS, which is configured, loads card internal program in chip, the hardware parameter of initialized cryptographic card waits the instruction of external server, password
Card is waited for, and external server gets out be-encrypted data, and the state of a control register of FPGA main control chip is arranged
(CSR), external server passes through PCI-E bus interface data such as plaintext to be encrypted, keys by the memory of external server
It being passed in the two-port RAM of FPGA main control chip, is stored, storage is completed, then interrupt signal is sent to fpga chip,
If storage does not complete, PCI-E bus interface, which continues the data such as plaintext to be encrypted, key to be passed in two-port RAM, to be stored,
Until storage is completed, FPGA main control chip removes interruption after receiving interrupt signal, sends and orders to NIOS soft-core processor,
NIOS soft-core processor receives the data that control cryptographic algorithm module reads two-port RAM after order and is encrypted, Jin Ershi
Other algorithm types: the domestic cryptographic algorithm of SM1, SM2, SM3, SM4 or RSA international cryptography algorithm, thus be encrypted, if
Encryption is not completed, then, NIOS soft-core processor continues to call cryptographic algorithm module, until cryptographic algorithm module is completed to add
Close processing.After NIOS soft-core processor receives the instruction that cryptographic algorithm module completes data encryption, and then control FPGA master
Chip interface is controlled, the data encrypted are sent back in two-port RAM and are stored, while NIOS soft-core processor is to FPGA master control
Chip is sent completely order, and then sends interrupt signal to external server, after external server receives interrupt signal, number
According to the memory for reading back into external server by PCI-E bus interface by two-port RAM, if external server reads data not
Terminate, then continue after sending interrupt signal to external server, until reading end of data, so far completes primary encryption process.
Present invention optimizes the generic structures of cipher card, improve cipher card on the basis for realizing identical algorithms function
The performance of algorithm reduces hardware chip quantity and reduces the design difficulty and cipher card power consumption of hardware circuit, effectively plays
The speed and performance of high speed password card algorithm chip have the advantages that crypto-operation speed is fast, high-efficient, small power consumption, have very
The value of good popularization.
Above-described embodiment is only one of the preferred embodiment of the present invention, should not be taken to limit protection model of the invention
It encloses, as long as that in body design thought of the invention and mentally makes has no the change of essential meaning or polishing, is solved
The technical issues of it is still consistent with the present invention, should all be included within protection scope of the present invention.