CN114567445A - Signature verification data transmission method, device, equipment and medium - Google Patents

Signature verification data transmission method, device, equipment and medium Download PDF

Info

Publication number
CN114567445A
CN114567445A CN202210191172.6A CN202210191172A CN114567445A CN 114567445 A CN114567445 A CN 114567445A CN 202210191172 A CN202210191172 A CN 202210191172A CN 114567445 A CN114567445 A CN 114567445A
Authority
CN
China
Prior art keywords
security chip
data
signature verification
reading
spi
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210191172.6A
Other languages
Chinese (zh)
Inventor
王廷平
肖佐楠
邓洲
郑茳
匡启和
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCore Technology Suzhou Co Ltd
Original Assignee
CCore Technology Suzhou Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCore Technology Suzhou Co Ltd filed Critical CCore Technology Suzhou Co Ltd
Priority to CN202210191172.6A priority Critical patent/CN114567445A/en
Publication of CN114567445A publication Critical patent/CN114567445A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • G06F13/4282Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/76Architectures of general purpose stored program computers
    • G06F15/78Architectures of general purpose stored program computers comprising a single central processing unit
    • G06F15/7807System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a method, a device, equipment and a medium for transmitting signature verification data, which comprise the following steps: adding an interface file in an SPI controller drive in advance, configuring an SPI register by using the interface file, and then sequentially sending a plurality of data packets to be checked and signed sent by a test program to a safety chip through the SPI register; when detecting that the security chip has received all data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result; and if the read result represents that the working state of the security chip is the ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be verified through the SPI register. This application is through adding interface file in SPI controller drive to utilize the SPI register of interface file configuration to examine the receipt and dispatch of signing data, and send the reading instruction to the security chip again after security chip receives all data packets of waiting to examine, can effectively improve SPI transmission rate and utilization ratio.

Description

Signature verification data transmission method, device, equipment and medium
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a medium for transmitting signature verification data.
Background
V2X (Vehicle to event) is a new generation information communication technology for connecting a Vehicle with Everything, wherein V represents a Vehicle, X represents any object for information interaction with the Vehicle, and current X mainly includes a Vehicle (Vehicle to Vehicle, i.e., V2V), a person (Vehicle to peer, i.e., V2P), a traffic road side Infrastructure (Vehicle to Infrastructure, i.e., V2I), and a Network (Vehicle Network, i.e., V2N). In the application of V2X, high-speed SM2 signature verification performance is required to meet the real-time performance of vehicle verification on external equipment, according to the common requirements in the industry at present, in a PC5 message service model, when the number of vehicles around reaches 200, the message sending rate of each node vehicle is 10 times/second, the message arrival rate of the current node vehicle reaches 2000 times/second, in consideration of processing loss of communication and service messages and the like, 20% of calculation redundancy capacity needs to be reserved, and the SM2 signature interface performance of an SSF layer should not be lower than 2400 times/second.
The V2X function is generally integrated into a Tbox, a domain controller, an antenna device, or other components, an NXP vehicle specification SOC chip is commonly used in the industry of a main control chip of such a device, and a communication Interface provided by the main control SOC chip to a security chip is generally an SPI (Serial Peripheral Interface). The security chip provides a security operation service for the main control SOC chip through the SPI interface, the security operation service generally adopts the flow that the main control SOC chip sends a message to be processed to the security chip through the SPI, and after the security chip performs password operation, the operation result is sent to the main control SOC chip. Currently, on one hand, the main control SOC chip side adopts Linux native SPIDEV driver to interact with the security chip, and the SPIDEV driver uses Linux SPI driver framework to finally call SPI controller driver to transmit and receive with the security chip through SPI _ Message to SPI _ Transfer. In this way, the time consumption of the SPI drive is large, and the SPI controller of the commonly applied NXP SOC chip drives the SPI to have low transmission efficiency, so that the SPI transmission is the bottleneck of the SM2 operation rate; on the other hand, when the security chip processes the data packet to be checked, a single-task processing mode of sending and receiving is generally adopted, because the security chip needs to receive data and then perform cryptographic operation, the mode ignores the duplex processing capability of the SPI and does not realize concurrent processing of transmission and operation, so that the SPI utilization efficiency is low in the mode and the operation rate of SM2 is also influenced.
In summary, how to improve the transmission efficiency and utilization rate of the SPI for the signature verification data in V2X is a problem to be solved at present.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, a device and a medium for transmitting signature verification data, which can improve the transmission efficiency and the utilization rate of an SPI for the signature verification data in V2X. The specific scheme is as follows:
in a first aspect, the present application discloses a signature verification data transmission method, which is applied to a master control SOC chip in V2X, and includes:
adding an interface file in an SPI controller drive in advance, configuring an SPI register by using the interface file, and then sequentially sending a plurality of data packets to be checked and signed sent by a test program to a safety chip through the SPI register;
when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result;
and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register.
Optionally, the number of data packets to be checked and signed sent by the test program is sequentially sent to the security chip through the SPI register, which includes:
executing write operation based on the interface file through a test program so that the SPI register can acquire a plurality of data packets to be checked and signed sent by the test program, and sequentially sending the plurality of data packets to be checked and signed to a security chip;
correspondingly, the obtaining, by the SPI register, the signature verification result for the to-be-verified data packet returned by the security chip includes:
and executing a reading operation based on the interface file through the test program so that the SPI register reads a signature verification result which is returned by the security chip and aims at the data packet to be verified, and sending the signature verification result to the test program.
Optionally, before a plurality of data packets to be checked sent by the test program are sequentially sent to the security chip through the SPI register, the method further includes:
packaging the signature checking operation command, the signature checking data segment and the check code to obtain the data packet to be checked; wherein, the label checking data segment comprises a label checking instruction.
Optionally, after a plurality of data packets to be checked and sent by the test program are sequentially sent to the security chip through the SPI register, the method further includes:
returning a response message for representing that the security chip receives all the data packets to be checked and signed to the main control SOC chip through the security chip, so that the main control SOC chip determines that the security chip receives all the data packets to be checked and signed based on the response message; analyzing each received data packet to be checked and signed in sequence in the process of receiving the data packet to be checked and signed through the security chip to obtain the check and sign data segment corresponding to each data packet to be checked and signed; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
Optionally, the method for transmitting the signature verification data further includes:
and setting the working state to be a busy state in the process of the signature checking operation, and setting the working state to be a ready state after the signature checking operation is completed.
Optionally, after sending a reading instruction for reading the working state of the secure chip to obtain a reading result, the method further includes:
and if the reading result represents that the working state of the security chip is the busy state, re-executing the step of sending a reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state.
Optionally, the sending a reading instruction for reading the working state of the security chip to obtain a reading result includes:
and if the number of the data packets to be checked and signed is multiple, sending a reading instruction for reading the working state of the security chip for checking and signing the last data packet to be checked and signed to the security chip so as to obtain a corresponding reading result.
In a second aspect, the present application discloses a signature verification data transmission device, which is applied to a main control SOC chip in V2X, and includes:
the data transmission module is used for adding an interface file in the SPI controller drive in advance, configuring an SPI register by using the interface file and then sequentially transmitting a plurality of data packets to be checked and signed sent by the test program to the security chip through the SPI register;
the instruction sending module is used for sending a reading instruction for reading the working state of the security chip to obtain a reading result when detecting that the security chip has received all the data packets to be checked;
and the data acquisition module is used for acquiring the signature verification result returned by the security chip aiming at the data packet to be verified through the SPI register if the reading result represents that the working state of the security chip is a ready state.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the signature verification data transmission method disclosed in the foregoing.
In a fourth aspect, the present application discloses a computer readable storage medium for storing a computer program; wherein the computer program realizes the steps of the signature verification data transmission method disclosed in the foregoing when being executed by a processor.
Therefore, the interface file is added in the SPI controller drive in advance, the SPI register is configured by the interface file, and then a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the safety chip through the SPI register; when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result; and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register. Therefore, the interface file is added in the SPI controller drive, and the SPI register configured by the interface file is used for receiving and sending the label checking data, so that the SPI controller drive can be avoided, and the system overhead of the main control SOC chip is reduced; and when sending data, a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the security chip through the SPI register, and a reading instruction is sent to the security chip after the security chip is detected to receive all data packets to be checked and signed, so that the technical scheme can effectively improve the transmission efficiency and the utilization rate of the SPI.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flow chart of a signature verification data transmission method disclosed in the present application;
fig. 2 is a communication connection diagram between a conventional main control SOC chip and a security chip disclosed in the present application;
FIG. 3 is a flow chart of a specific read command issue disclosed herein;
fig. 4 is a flowchart of a specific signature verification data transmission method disclosed in the present application;
FIG. 5 is a diagram of a specific signature verification data transmission process disclosed herein;
FIG. 6 is a flow chart illustrating a specific process for reading and writing data disclosed herein;
FIG. 7 is a prior art flow chart for reading and writing data disclosed herein;
fig. 8 is a flowchart of a specific signature verification data transmission method disclosed in the present application;
FIG. 9 is a flow chart illustrating a transmission and signature verification operation for multiple data packets to be verified;
fig. 10 is a waveform of a prior art SM2 signature data transmission disclosed herein;
FIG. 11 is a schematic diagram of a specific waveform interval time of the present disclosure;
FIG. 12 is a waveform of an improved SM2 signature data transmission disclosed herein;
FIG. 13 is a schematic diagram of a modified specific waveform interval time disclosed herein;
fig. 14 is a schematic structural diagram of an apparatus for transmitting signature verification data disclosed in the present application;
fig. 15 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the application of V2X, when the main control SOC chip receives and transmits data with the security chip, on one hand, the main control SOC chip side interacts with the security chip by using a Linux native spidetv driver, and the spidetv driver uses a Linux SPI driver framework and finally calls an SPI controller driver to receive and transmit data with the security chip by using an SPI _ Message to an SPI _ Transfer. In this way, the time consumption of the SPI drive is large, and the SPI controller of the commonly applied NXP SOC chip drives the SPI to have low transmission efficiency; on the other hand, when the security chip processes the data packet to be checked, a one-transmission-one-reception simplex processing mode is generally adopted, because the security chip needs to receive data and then perform cryptographic operation, the mode ignores the duplex processing capability of the SPI, and does not realize concurrent processing of transmission and operation, so that the utilization efficiency of the SPI in the mode is low, and therefore, the embodiment of the application discloses a method, a device, equipment and a medium for transmitting the data packet to be checked, which can improve the transmission efficiency and the utilization rate of the SPI for the data packet to be checked in V2X.
Referring to fig. 1, an embodiment of the present application discloses a method for transmitting signature verification data, including:
step S11: an interface file is added in an SPI controller drive in advance, an SPI register is configured by the interface file, and then a plurality of data packets to be checked and signed sent by a test program are sequentially sent to a safety chip through the SPI register.
Fig. 2 discloses a communication connection diagram between a conventional main control SOC chip and a security chip, in a V2X application, the security chip is connected with the main control SOC chip as an SPI Slave, a firmware program runs in the security chip, a test program at the main control SOC accesses an SPI device file through a system interface to interact with the security chip, the SPI in the diagram is a standard SPI interface, and has four signal lines, i.e., MOSI, MISO, CS, and CLK, which may be 1-path SPI or multiple-path SPI. IO are some GPIO pins including a status pin, a wake-up pin, and a reset pin. And a Linux native SPI controller is adopted at the master control SOC end to drive the master control SOC end to interact with the security chip. In the embodiment, the interface file is added in the driver of the SPI controller in advance, and then the SPI register is configured by using the interface file, so that the SPI register is directly controlled to send a plurality of data packets to be checked and signed sent by the test program to the security chip. Therefore, the driving of the SPI controller can be avoided, and the system overhead of the main control SOC chip is further reduced.
Step S12: and when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
In this embodiment, after detecting that the security chip has received all the data packets to be checked, a read instruction for reading the operating state of the security chip is sent to the security chip. It should be noted that the working states of the security chip include a ready state and a busy state, and the security chip mainly performs a signature verification operation, so the signature verification data transmission method further includes: and setting the working state to be a busy state in the process of the signature checking operation, and setting the working state to be a ready state after the signature checking operation is completed. In addition, according to the embodiment of the application, the working state of the security chip can be acquired in a GPIO mode except that the reading instruction is sent to the security chip to read the working state of the security chip.
Step S13: and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register.
In this embodiment, in a specific embodiment, if the read result indicates that the working state of the security chip is the ready state, indicating that the security chip has completed the signature verification operation, the signature verification result for the to-be-verified data packet returned by the security chip is obtained through the SPI register.
In another specific embodiment, after sending the reading instruction for reading the working state of the secure chip to obtain the reading result, the method further includes: and if the reading result represents that the working state of the security chip is the busy state, re-executing the step of sending a reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state. Fig. 3 is a specific read instruction sending flowchart disclosed in the present application, that is, if the read result indicates that the working state of the security chip is a busy state, it indicates that the security chip is still in the process of signature verification operation, and the read instruction for reading the working state of the security chip is sent to the security chip again at regular intervals until the read result indicates that the working state of the security chip is a ready state, and then the signature verification result is read from the security chip.
Therefore, the interface file is added in the SPI controller drive in advance, the SPI register is configured by the interface file, and then a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the safety chip through the SPI register; when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result; and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register. Therefore, the interface file is added in the SPI controller drive, and the SPI register configured by the interface file is used for completing the receiving and sending work of the label checking data, so that the SPI controller drive can be avoided, and the system overhead of the main control SOC chip is further reduced; and when sending data, a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the security chip through the SPI register, and a reading instruction is sent to the security chip after the security chip is detected to receive all data packets to be checked and signed, so that the technical scheme can effectively improve the transmission efficiency and the utilization rate of the SPI.
Referring to fig. 4, the embodiment of the present application discloses a specific signature verification data transmission method, and compared with the previous embodiment, the present embodiment further describes and optimizes the technical solution. The method specifically comprises the following steps:
step S21: adding an interface file in an SPI controller drive in advance, configuring an SPI register by using the interface file, and then executing write operation based on the interface file through a test program so that the SPI register can acquire a plurality of data packets to be checked and signed sent by the test program, and sequentially sending the plurality of data packets to be checked and signed to a security chip.
In this embodiment, the interface file added in the SPI controller driver may specifically be an SPI read/write interface file, and the user space program may directly read/write the interface. In the read-write interface, the SPI register is directly controlled without being driven by a Linux SPI controller, so that data can be received and transmitted. Fig. 5 is a specific transmission flow chart of the signature verification data disclosed in the embodiment of the present application, and it can be understood that, when data is written, a write operation is executed by a test program based on an interface file, then the SPI register obtains a plurality of data packets to be signed and to be verified, which are written by the test program, and then starts data transmission, and transmits the data packets to the security chip.
Step S22: and when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
Step S23: and if the reading result represents that the working state of the security chip is a ready state, executing reading operation based on the interface file through the test program so that the SPI register reads a label checking result which is returned by the security chip and aims at the label checking data packet to be checked, and sending the label checking result to the test program.
In this embodiment, it can be understood that, referring to fig. 5, when the working state of the security chip is the ready state, the data is read, the read operation is executed based on the interface file through the test program, then the SPI register starts data reception, reads the signature verification result for the to-be-verified data packet returned by the security chip, and sends the signature verification result to the test program.
After the technical solution disclosed in the embodiment of the present application is adopted, fig. 6 discloses a specific data read-write flow. Fig. 7 is a flow chart of conventional data reading and writing, in fig. 7, from the time when the VFS interface is called to the time when the SPI data is received and sent, the system consumes about 50us, and the consumed time is mainly consumed by the sys _ sync interface, and after the flow in fig. 6 is changed, the time for one-time signature verification can be reduced by about 45 us. The Sysfs interface, i.e., the read/write interface to the user space in the interface file added in this embodiment, is used to interact with the device.
For a more specific processing procedure of the step S22, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
It can be seen that, in the present application, write operation is executed based on a preconfigured interface file through a test program first, so that the SPI register obtains a plurality of to-be-checked data packets sent by the test program, and the plurality of to-be-checked data packets are sequentially sent to the security chip, and when the working state of the security chip is the ready state, read operation is executed based on the interface file through the test program first, so that the SPI register reads a check result returned by the security chip for the to-be-checked data packets, and sends the check result to the test program. Through the technical scheme that the interface file is added in the SPI controller drive, the transmission efficiency of the SPI can be effectively improved.
Referring to fig. 8, the embodiment of the present application discloses a specific signature verification data transmission method, and compared with the previous embodiment, the present embodiment further describes and optimizes the technical solution. The method specifically comprises the following steps:
step S31: an interface file is added in an SPI controller drive in advance, an SPI register is configured by the interface file, and then a plurality of data packets to be checked and signed sent by a test program are sequentially sent to a safety chip through the SPI register.
In this embodiment, before the above-mentioned a plurality of data packets to be checked that will be sent the test program are sent to the security chip in proper order through the SPI register, still include: packaging the signature checking operation command, the signature checking data segment and the check code to obtain the data packet to be checked; wherein, the label checking data segment comprises a label checking instruction. That is, the main control SOC chip needs to package the verification operation command, the verification data segment, and the check code according to a specified format to obtain the data packet to be verified.
Step S32: returning a response message for representing that the security chip receives all the data packets to be checked and signed to the main control SOC chip through the security chip, so that the main control SOC chip determines that the security chip receives all the data packets to be checked and signed based on the response message; and analyzing each received data packet to be checked and signed in sequence in the process of receiving the data packet to be checked and signed through the security chip to obtain the corresponding checking and signing data segment of each data packet to be checked and signed; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
In this embodiment, after receiving all the data packets to be checked and signed, the security chip needs to return response information to the main control SOC chip, so that the main control SOC chip determines that the security chip has received all the data packets to be checked and signed based on the response information. And in the process of receiving the data packets to be checked and signed, the security chip needs to analyze each received data packet to be checked and signed in sequence, and execute the checking and signing operation on the analyzed checking and signing data segments according to the checking and signing instruction to obtain the checking and signing result. Specifically, after the security chip receives the first data packet to be checked and signed, the security chip starts to operate, and meanwhile, can continue to receive subsequent data packets to be checked and signed, so that concurrent processing of SPI transmission and algorithm operation is realized, and the operation performance and the utilization rate of SPI can be effectively improved.
Step S33: and when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
In this embodiment, the main control SOC chip obtains whether the execution of the signature checking instruction is completed by reading the instruction, and after the execution of the signature checking instruction is completed, the working state of the security chip is changed from the busy state to the ready state, and then the corresponding reading result is the ready state. It should be noted that the sending of the read instruction for reading the operating state of the secure chip to obtain the read result may specifically include: and if the number of the data packets to be checked and signed is multiple, sending a reading instruction for reading the working state of the security chip for checking and signing the last data packet to be checked and signed to the security chip so as to obtain a corresponding reading result. That is, when the number of the data packets to be checked is more than one, the security chip only needs to query the working state of the checking operation performed on the last data packet to be checked. For example, fig. 9 discloses a flow chart of transmission and signature verification operations for a plurality of packets to be verified, when the number of packets to be verified is 4, each packet to be verified is denoted as a Job, which is in turn designated as Job0, Job1, Job2 and Job3, and each packet to be verified includes an SSI Bridge write instruction, a signature verification data segment and a CRC32 check code, and is transmitted to the security chip as Job0, Job1, Job2 and Job 3. And when the security chip receives Job0, the security chip starts to execute the signature checking operation aiming at the signature checking instruction of Job0, and continues to receive Job1, so that concurrent processing of received data and signature checking operation is realized, and when the signature checking operation is executed, sequential operations of Job0, Job1, Job2 and Job3 are guaranteed. When the transmission of Job3 is completed, it represents that the transmission of all 4 data packets to be checked is completed. At this time, a reading instruction is sent to the security chip to inquire the working state of the security chip, and since the security chip executes the signature checking operation on Job0, Job1, Job2 and Job3 in sequence, the master control SOC only needs to inquire the state of Job3, and when the master control SOC inquires that the working state of the security chip for Job3 is the ready state, the master control SOC starts to read the signature checking result.
Step S34: and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register.
For a more specific processing procedure of the step S34, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not repeated here.
Therefore, in the application, the data packet to be checked and signed is obtained by packaging the checking and signing operation command, the checking and signing data segment and the check code; the security chip analyzes each received data packet to be checked and signed in sequence in the process of receiving a plurality of data packets to be checked and signed, and executes the checking and signing operation on the checking and signing data section obtained by analysis according to the checking and signing instruction to obtain a checking and signing result, and after receiving the first data packet to be checked and signed, the security chip starts to operate and can continue to receive subsequent data packets to be checked and signed simultaneously, the concurrent processing of SPI transmission and algorithm operation is realized, and the operating performance and the utilization rate of SPI can be effectively improved. In addition, when the number of the data packets to be checked is more than one, the working state of the security chip for checking the signature of the last data packet to be checked is only required to be inquired.
Taking SM2 signature verification operation as an example, before the technical solution in the present application is not adopted, referring to fig. 10 for a transmission waveform with a data segment of APDU (16bytes) + KeyData (64bytes) + Msg (32bytes) + RS (64bytes), in the signature verification process of the above data segment, the transmission time of a data packet to be verified issued by the master SOC chip is 279us, the execution time of the signature verification command is 377us, the transmission time of a response data packet is 123us, and the total time is 779 us. The test is cycled 1000 times, the time is about 787ms, and the signature verification performance is 1271 times/second. According to this driving scheme, the interval time between SCKs (i.e., serial clocks) in the SPI waveform is relatively large, taking i.mx8m SOC of NXP as an example, the specific analysis is as follows:
during data transmission and reception, in a DMA (Direct Memory Access) mode, as shown in fig. 11, 8us of the interval between every 16Bytes, the minimum interval between every 16Bytes is 220ns, and there is an interval of an indefinite time every 64Bytes, which is intended to ensure that FIFO data transmission and reception are completed. The system takes about 50us from the time of VFS interface call to the time of SPI data transceiving, which is the CPU overhead for the VFS to SPI controller to send out data. Based on the above characteristics, taking the signature verification command as an example, the main control end issues data as follows: the transmission time of APDU (16bytes) + KeyData (64bytes) + Msg (32bytes) + RS (64bytes) ═ 176bytes is 279 us. And when the transmission time of the response packet is added, the transmission time of the SPI in one-time signature checking operation is over 400 us. Causing SPI transmission to become a performance bottleneck for the master control SOC chip label-checking interface.
After the technical scheme of the application is adopted, the interval diagram between the transmission waveform diagram and the Byte is shown in fig. 12 and fig. 13, in the data transceiving process, the interval of every 64bytes is 8us, and compared with the original driving scheme, the transmission of 64bytes is reduced by 24 us; the interval of every 4Bytes is 220ns, and every 4Bytes are reduced by 660ns compared with the original drive; because data are received and transmitted without passing through a Linux SPI driving frame, the SPI controller register is directly operated, the system scheduling overhead is reduced, and the time is reduced by about 45 us. The time for transmitting APDU (16bytes) + KeyData (64bytes) + Msg (32bytes) + RS (64bytes) ═ 176bytes after optimization is 157 us. In the whole signature checking operation, the transmission time is changed from 402us to 253 us. The transmission efficiency is improved by 60%.
And by adopting a multi-data packet sending scheme, concurrent data of SPI transmission and signature verification operation can be realized, and after testing, SM2 signature verification performance can be improved to 2600 times/second from original 1200 times/second. The requirement of V2X on the check-in speed can be met. Therefore, according to the technical scheme, the transmission efficiency and the utilization rate of the SPI can be effectively improved, and the requirement of V2X on the verification speed is met.
Referring to fig. 14, an embodiment of the present application discloses an apparatus for transmitting signature verification data, which is applied to a master control SOC chip in V2X, and the apparatus includes:
the data sending module 11 is configured to add an interface file in the SPI controller driver in advance, configure the SPI register by using the interface file, and then sequentially send a plurality of data packets to be checked and signed sent by the test program to the security chip through the SPI register;
the instruction sending module 12 is configured to send, when detecting that the security chip has received all the data packets to be checked, a reading instruction for reading the working state of the security chip to obtain a reading result;
and the data acquisition module 13 is configured to acquire, through the SPI register, a signature verification result returned by the security chip for the to-be-verified data packet if the read result indicates that the working state of the security chip is the ready state.
Therefore, the interface file is added in the SPI controller drive in advance, the SPI register is configured by the interface file, and then a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the safety chip through the SPI register; when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result; and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register. Therefore, the interface file is added in the SPI controller drive, and the SPI register configured by the interface file is used for completing the receiving and sending work of the label checking data, so that the SPI controller drive can be avoided, and the system overhead of the main control SOC chip is further reduced; and when sending data, a plurality of data packets to be checked and signed sent by the test program are sequentially sent to the security chip through the SPI register, and a reading instruction is sent to the security chip after the security chip is detected to receive all data packets to be checked and signed, so that the technical scheme can effectively improve the transmission efficiency and the utilization rate of the SPI.
Fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The method specifically comprises the following steps: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. The memory 22 is used for storing a computer program, and the computer program is loaded and executed by the processor 21 to implement the relevant steps in the signature verification data transmission method executed by the computer device disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is used to provide operating voltage for each hardware device on the computer device 20; the communication interface 24 can create a data transmission channel between the computer device 20 and an external device, and a communication protocol followed by the communication interface is any communication protocol applicable to the technical solution of the present application, and is not specifically limited herein; the input/output interface 25 is configured to obtain external input data or output data to the outside, and a specific interface type thereof may be selected according to specific application requirements, which is not specifically limited herein.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an AI (Artificial Intelligence) processor for processing a calculation operation related to machine learning.
In addition, the storage 22 is used as a carrier for storing resources, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., the resources stored thereon include an operating system 221, a computer program 222, data 223, etc., and the storage may be a transient storage or a permanent storage.
The operating system 221 is used for managing and controlling each hardware device and the computer program 222 on the computer device 20, so as to realize the operation and processing of the mass data 223 in the memory 22 by the processor 21, which may be Windows, Unix, Linux, or the like. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the signature data transmission method disclosed in any of the foregoing embodiments and executed by the computer device 20. The data 223 may include data received by the computer device and transmitted from an external device, data collected by the input/output interface 25, and the like.
Further, an embodiment of the present application further discloses a computer-readable storage medium, where a computer program is stored in the storage medium, and when the computer program is loaded and executed by a processor, the method steps executed in the transmission process of the signature verification data disclosed in any of the foregoing embodiments are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing describes in detail a method, an apparatus, a device, and a storage medium for transmitting signature verification data according to the present invention, and a specific example is applied in the description to explain the principle and the implementation of the present invention, and the description of the foregoing embodiment is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A signature verification data transmission method is applied to a main control SOC chip in V2X and is characterized by comprising the following steps:
adding an interface file in an SPI controller drive in advance, configuring an SPI register by using the interface file, and then sequentially sending a plurality of data packets to be checked and signed sent by a test program to a safety chip through the SPI register;
when detecting that the security chip has received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result;
and if the reading result represents that the working state of the security chip is a ready state, acquiring a signature verification result which is returned by the security chip and aims at the data packet to be verified and signed through the SPI register.
2. The method for transmitting the signature verification data according to claim 1, wherein the step of sequentially transmitting a plurality of data packets to be verified, which are sent by a test program, to the security chip through the SPI register comprises the steps of:
executing write operation based on the interface file through a test program so that the SPI register can acquire a plurality of data packets to be checked and signed sent by the test program, and sequentially sending the plurality of data packets to be checked and signed to a security chip;
correspondingly, the obtaining, by the SPI register, the signature verification result for the to-be-verified data packet returned by the security chip includes:
and executing a reading operation based on the interface file through the test program so that the SPI register reads a signature verification result which is returned by the security chip and aims at the data packet to be verified, and sending the signature verification result to the test program.
3. The method for transmitting signature verification data according to claim 1, wherein before the number of data packets to be verified sent by the test program is sequentially sent to the security chip through the SPI register, the method further comprises:
packaging the signature checking operation command, the signature checking data segment and the check code to obtain the data packet to be checked; wherein, the label checking data segment comprises a label checking instruction.
4. The method for transmitting the signature verification data according to claim 3, wherein after the number of the data packets to be verified sent by the test program is sequentially sent to the security chip through the SPI register, the method further comprises:
returning a response message for representing that the security chip receives all the data packets to be checked and signed to the main control SOC chip through the security chip, so that the main control SOC chip determines that the security chip receives all the data packets to be checked and signed based on the response message; analyzing each received data packet to be checked and signed in sequence in the process of receiving the data packet to be checked and signed through the security chip to obtain the check and sign data segment corresponding to each data packet to be checked and signed; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
5. The signature verification data transmission method of claim 4, further comprising:
and setting the working state to be a busy state in the process of the signature checking operation, and setting the working state to be a ready state after the signature checking operation is completed.
6. The signature verification data transmission method according to claim 5, wherein after sending a reading instruction for reading the operating state of the secure chip to obtain a reading result, the method further comprises:
and if the reading result represents that the working state of the security chip is the busy state, re-executing the step of sending a reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state.
7. The method for transmitting signature verification data according to any one of claims 1 to 6, wherein the sending a reading instruction for reading the working state of the security chip to obtain a reading result comprises:
and if the number of the data packets to be checked and signed is multiple, sending a reading instruction for reading the working state of the security chip for checking and signing the last data packet to be checked and signed to the security chip so as to obtain a corresponding reading result.
8. The utility model provides a signature verification data transmission device, is applied to the master control SOC chip in V2X, its characterized in that includes:
the data transmission module is used for adding an interface file in the SPI controller drive in advance, configuring an SPI register by using the interface file and then sequentially transmitting a plurality of data packets to be checked and signed sent by the test program to the security chip through the SPI register;
the instruction sending module is used for sending a reading instruction for reading the working state of the security chip to obtain a reading result when detecting that the security chip has received all the data packets to be checked;
and the data acquisition module is used for acquiring the signature verification result returned by the security chip aiming at the data packet to be verified through the SPI register if the reading result represents that the working state of the security chip is a ready state.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to carry out the steps of the signature verification data transmission method of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program; wherein the computer program realizes the steps of the signature data transmission method according to any one of claims 1 to 7 when being executed by a processor.
CN202210191172.6A 2022-02-28 2022-02-28 Signature verification data transmission method, device, equipment and medium Pending CN114567445A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210191172.6A CN114567445A (en) 2022-02-28 2022-02-28 Signature verification data transmission method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210191172.6A CN114567445A (en) 2022-02-28 2022-02-28 Signature verification data transmission method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN114567445A true CN114567445A (en) 2022-05-31

Family

ID=81714982

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210191172.6A Pending CN114567445A (en) 2022-02-28 2022-02-28 Signature verification data transmission method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN114567445A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116627775A (en) * 2023-07-24 2023-08-22 北京大学 Writing optimization method and device for stateful server non-perception function

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150039142A (en) * 2015-02-16 2015-04-09 주식회사 이노와이어리스 Serial peripheral interface with control logic for system performance improvement, and method therefor
CN111143259A (en) * 2019-12-31 2020-05-12 大唐半导体科技有限公司 Multi-line SPI flash controller
CN210609141U (en) * 2019-12-16 2020-05-22 东软睿驰汽车技术(沈阳)有限公司 Vehicle-mounted unit
CN112702173A (en) * 2020-12-23 2021-04-23 上海芯钛信息科技有限公司 Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on batch operation mechanism
CN112737789A (en) * 2020-12-23 2021-04-30 上海芯钛信息科技有限公司 Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on two-way SPI (Serial peripheral interface) concurrency
US20210319141A1 (en) * 2020-04-09 2021-10-14 Hewlett Packard Enterprise Development Lp Verification of programmable logic devices
CN113572795A (en) * 2020-04-28 2021-10-29 广州汽车集团股份有限公司 Vehicle safety communication method and system and vehicle-mounted terminal
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20150039142A (en) * 2015-02-16 2015-04-09 주식회사 이노와이어리스 Serial peripheral interface with control logic for system performance improvement, and method therefor
CN210609141U (en) * 2019-12-16 2020-05-22 东软睿驰汽车技术(沈阳)有限公司 Vehicle-mounted unit
CN111143259A (en) * 2019-12-31 2020-05-12 大唐半导体科技有限公司 Multi-line SPI flash controller
US20210319141A1 (en) * 2020-04-09 2021-10-14 Hewlett Packard Enterprise Development Lp Verification of programmable logic devices
CN113572795A (en) * 2020-04-28 2021-10-29 广州汽车集团股份有限公司 Vehicle safety communication method and system and vehicle-mounted terminal
CN112702173A (en) * 2020-12-23 2021-04-23 上海芯钛信息科技有限公司 Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on batch operation mechanism
CN112737789A (en) * 2020-12-23 2021-04-30 上海芯钛信息科技有限公司 Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on two-way SPI (Serial peripheral interface) concurrency
CN113795008A (en) * 2021-03-29 2021-12-14 荣耀终端有限公司 V2X signature verification method and device, electronic equipment and readable storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116627775A (en) * 2023-07-24 2023-08-22 北京大学 Writing optimization method and device for stateful server non-perception function
CN116627775B (en) * 2023-07-24 2023-09-29 北京大学 Writing optimization method and device for stateful server non-perception function

Similar Documents

Publication Publication Date Title
CN103064805B (en) SPI controller and communication means
CN109558344B (en) DMA transmission method and DMA controller suitable for network transmission
CN108333566B (en) ZYNQ-based portable radar test system and test method
CN110519138B (en) Profibus-DP master station protocol implementation method and system
CN103003808A (en) System and method for accessing resources of a PCI Express compliant device
CN113656227A (en) Chip verification method and device, electronic equipment and storage medium
CN108574580A (en) Real-time simulation communication system and method
CN113010470B (en) Edge node remote control system, method, equipment and storage medium
WO2022143714A1 (en) Server system, and virtual machine creation method and apparatus
CN107255961A (en) A kind of intelligent wireless oscillograph of efficient data interaction
CN114567445A (en) Signature verification data transmission method, device, equipment and medium
CN110837488B (en) Message transmission method and device
CN105487403A (en) Establishment of motion control system based on CAN and simulation modeling method
CN116893991B (en) Storage module conversion interface under AXI protocol and conversion method thereof
CN113849238A (en) Data communication method, device, electronic equipment and readable storage medium
CN115827285B (en) Cross-platform communication method, system, device, equipment and medium
CN115904259B (en) Processing method and related device of nonvolatile memory standard NVMe instruction
CN110209358B (en) NVMe equipment storage speed improving method based on FPGA
CN108055186B (en) Master-slave processor communication method and device
CN102929828B (en) Support data transmission method and the device of standard and non-standard I 2C interface simultaneously
CN114095303B (en) Communication device, data transmission method and electronic device
CN111371799B (en) Method, device and equipment for controlling data receiving and transmitting of MCTP (Multi-channel media Port) controller
CN115604070A (en) Message transmission method, device, equipment and medium based on MCTP (Multi-function peripheral protocol)
CN112835840B (en) Serial communication system
CN108549611A (en) A kind of driving realization method and system based on gt9 family chips

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination