CN114978950A - Network algorithm calling method and system based on cooperation of FPGA and CPU - Google Patents
Network algorithm calling method and system based on cooperation of FPGA and CPU Download PDFInfo
- Publication number
- CN114978950A CN114978950A CN202210622786.5A CN202210622786A CN114978950A CN 114978950 A CN114978950 A CN 114978950A CN 202210622786 A CN202210622786 A CN 202210622786A CN 114978950 A CN114978950 A CN 114978950A
- Authority
- CN
- China
- Prior art keywords
- fpga
- cpu
- data packet
- message
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 239000000284 extract Substances 0.000 claims abstract description 11
- 230000002194 synthesizing effect Effects 0.000 claims description 5
- 230000004913 activation Effects 0.000 claims description 3
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 238000003786 synthesis reaction Methods 0.000 claims description 3
- 230000004044 response Effects 0.000 abstract description 3
- 238000007726 management method Methods 0.000 description 24
- 230000008569 process Effects 0.000 description 13
- 238000005457 optimization Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The method comprises the following steps that the FPGA identifies the type of a network data packet: if the network data packet is a configuration management data message, the FPGA forwards the configuration management data message to the CPU; the CPU receives a network data packet forwarded by the FPGA, identifies the type of the network data packet, synthesizes the data packet subjected to configuration management and local password resources into algorithm parameters if the network data packet is a data packet subjected to configuration management, sends the synthesized algorithm parameters to the FPGA, and configures the algorithm parameters into an algorithm by the FPGA; if the network data packet is a service message, acquiring a handle from the service message, and if the context information is retrieved according to the handle, the FPGA extracts the key and the context information from the context table entry space to perform cryptographic operation. The invention shortens the calling flow, reduces the occupation of the system CPU time and improves the response speed.
Description
Technical Field
The invention relates to the technical field of computer network communication, in particular to a network algorithm calling method and system based on cooperation of an FPGA and a CPU.
Background
The network algorithm call is a basic network application, and the operation of the basic network application comprises a Client deployed on a PC, a Server deployed on a Server and an algorithm engine. The existing Server cipher machine mostly adopts a high-performance network processor and a high-performance algorithm card for matching use, wherein the network processor runs a Server program and is responsible for establishing a connection relation with a Client so as to complete data interaction with the Client; the high-performance algorithm card is mainly used as an algorithm engine to provide algorithm services, and a PCIe (peripheral component interface express) mode is conventionally used for providing the algorithm services for the network processor.
In the prior art, firstly, a Server deployed on a Server is required to complete data reception, then an algorithm service of an algorithm engine is called, and finally, the calculated data is transmitted to a Client, so that the whole flow path is too long, and the processing delay is too long. Meanwhile, because of the participation of the CPU, the network processing capability of the CPU is likely to become a bottleneck restricting the call performance. How to shorten the calling flow, reduce the pressure of the CPU, and improve the overall performance is a technical problem to be solved urgently.
Disclosure of Invention
Therefore, the invention provides a network algorithm calling method and system based on cooperation of an FPGA and a CPU, and aims to solve the problems of long processing delay, overlarge CPU pressure and poor overall performance in the traditional technology.
In order to achieve the above purpose, the invention provides the following technical scheme: the network algorithm calling method based on the cooperation of the FPGA and the CPU comprises the following steps:
the FPGA receives a network data packet, and the FPGA identifies the type of the network data packet:
if the network data packet is a configuration management data message, the FPGA judges whether the configuration management data message format is correct, and if the configuration management data message format is correct, the FPGA forwards the configuration management data message to the CPU; the CPU receives the network data packet forwarded by the FPGA, identifies the type of the network data packet, judges whether the format of the configured and managed data packet is correct if the network data packet is the configured and managed data packet, synthesizes the configured and managed data packet and local password resources into algorithm parameters if the configured and managed data packet is correct, sends the synthesized algorithm parameters to the FPGA, and configures the algorithm parameters into an algorithm by the FPGA;
if the network data packet is a service message, the FPGA judges whether the format of the data message configured and managed is correct, if the format of the service message is correct, a handle is obtained from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation.
As a preferable scheme of a network algorithm calling method based on cooperation of an FPGA and a CPU, when the FPGA extracts a secret key and context information from a context table entry space to carry out cryptographic operation, whether a service message is the last packet or not is judged according to a flag mark in the service message, if the service message is the last packet, a data packet is returned, service connection is disconnected by the CPU, and the FPGA sets a handle and the context information to be in a failure state.
As a network algorithm calling method optimization scheme based on cooperation of the FPGA and the CPU, the handle and the context information in the failure state in the FPGA are cleared.
As an optimal scheme of a network algorithm calling method based on cooperation of the FPGA and the CPU, if the service message is not the last packet, the FPGA refreshes the intermediate link variable after the operation to context information; the data packet is then returned to the host.
As an optimal scheme of a network algorithm calling method based on cooperation of the FPGA and the CPU, if context information is not retrieved according to the handle, the FPGA sends a key negotiation application message to the CPU, the CPU starts message negotiation after receiving the key negotiation application message sent by the FPGA, and the CPU acquires a service key and parameter information and forwards the service key and the parameter information to the FPGA;
the FPGA creates a handle, and synthesizes key information and context initialization parameters; updating the service key and the parameter information as context information into an FPGA address space; and setting the handle to a valid identifier, so that the handle and the context information are in an activated state.
The invention also provides a network algorithm calling system based on cooperation of the FPGA and the CPU, which comprises an FPGA processing unit and a CPU processing unit;
the FPGA processing unit comprises:
the first data receiving module is used for receiving the network data packet by the FPGA;
the first data identification module is used for identifying the type of the network data packet by the FPGA;
the first format judging module is used for judging whether the format of the data message subjected to configuration management is correct or not by the FPGA if the network data packet is the data message subjected to configuration management;
the first data forwarding module is used for forwarding the data message subjected to configuration management to the CPU processing unit by the FPGA if the format of the data message subjected to configuration management is correct;
the parameter configuration module is used for the FPGA to configure algorithm parameters into an algorithm;
the CPU processing unit includes:
the second data receiving module is used for receiving the network data packet forwarded by the FPGA by the CPU;
the second data identification module is used for identifying the type of the network data packet by the CPU;
the second format judging module is used for judging whether the format of the data message subjected to configuration management is correct or not by the CPU if the network data packet is the data message subjected to configuration management;
the parameter synthesis module is used for synthesizing the data message subjected to configuration management and the local password resource into an algorithm parameter by the CPU if the format of the data message subjected to configuration management is correct;
and the second data forwarding module is used for sending the synthesized algorithm parameters to the FPGA by the CPU.
As a network algorithm calling system optimization scheme based on cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a message ending judgment module, which is used for judging whether the service message is the last packet or not according to a flag mark in the service message when the FPGA extracts a key and context information from a context table item space for cryptographic operation;
the CPU processing unit also comprises a service disconnection module which is used for disconnecting the service connection by the CPU when the data packet is returned if the service message is the last packet;
the FPGA processing unit also comprises a failure configuration module which is used for setting the handle and the context information to be in a failure state by the FPGA.
As a network algorithm calling system optimization scheme based on cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a failure clearing module for clearing handle and context information in a failure state in the FPGA.
As a network algorithm calling system optimization scheme based on cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a variable refreshing module, wherein the variable refreshing module is used for refreshing the intermediate chain variable after the operation to the context information by the FPGA if the service message is not the last packet; the data packet is then returned to the host.
As a network algorithm calling system optimization scheme based on cooperation of the FPGA and the CPU, the FPGA processing unit further comprises a negotiation application module, and the negotiation application module is used for sending a key negotiation application message to the CPU if context information is not retrieved according to the handle;
the CPU processing unit also comprises a message negotiation module used for starting message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit also comprises a parameter acquiring and forwarding module for the CPU to acquire the service key and the parameter information and forward the service key and the parameter information to the FPGA;
the FPGA processing unit also comprises a handle creating module which is used for creating a handle by the FPGA, synthesizing key information and context initialization parameters;
the FPGA processing unit also comprises a context updating module which is used for updating the service key and the parameter information into the FPGA address space as context information;
the FPGA processing unit also comprises an activation configuration module which is used for setting the handle as a valid identifier so as to enable the handle and the context information to be in an activated state.
The invention has the following advantages: receiving the network data packet through the FPGA, and identifying the type of the network data packet by the FPGA: if the network data packet is a configuration management data message, the FPGA judges whether the configuration management data message format is correct, and if the configuration management data message format is correct, the FPGA forwards the configuration management data message to the CPU; the CPU receives a network data packet forwarded by the FPGA, identifies the type of the network data packet, judges whether the format of the data packet is correct if the network data packet is a configuration management data message, synthesizes the configuration management data message and local password resources into algorithm parameters if the configuration management data message is correct, sends the synthesized algorithm parameters to the FPGA, and configures the algorithm parameters into an algorithm by the FPGA; if the network data packet is a service message, the FPGA judges whether the format of the data message configured and managed is correct, if the format of the service message is correct, a handle is obtained from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation. According to the invention, a large amount of cryptographic operation and scheduling operation in the network data processing process can be borne by FPGA hardware, so that the calling process is shortened, the occupation of system CPU time is reduced, the response speed can be improved, and the network data transmission delay can be favorably reduced; the service message is not in the system memory and is not easy to be tampered by other software, thereby improving the security of the network system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.
The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so that those skilled in the art can understand and read the present invention, and do not limit the conditions for implementing the present invention, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the functions and purposes of the present invention, should still fall within the scope of the present invention.
Fig. 1 is a schematic view of an FPGA processing flow in a network algorithm calling method based on cooperation of an FPGA and a CPU according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a CPU processing flow in a network algorithm calling method based on FPGA and CPU cooperation according to embodiment 1 of the present invention;
fig. 3 is a schematic diagram of a network algorithm calling system based on cooperation of an FPGA and a CPU according to embodiment 2 of the present invention.
Detailed Description
The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1 and fig. 2, embodiment 1 of the present invention provides a network algorithm invoking method based on cooperation of an FPGA and a CPU, and implements invoking of an algorithm in a cooperative manner through division and cooperation of the FPGA and the CPU, where an implementation process includes an FPGA processing flow and a CPU processing flow, and a cooperative relationship exists between the FPGA processing flow and the CPU processing flow, and specific implementation steps are as follows.
The FPGA processing flow is as follows:
s001: after the FPGA is electrified, resetting is completed, a network interface of the FPGA is initialized, a context table entry space is initialized, and the next step is S002;
s002: receiving a network data packet through an initialized MAC interface, classifying messages according to the type of a data message of the network data packet, and if the messages are configured and managed data messages, turning to S101 for processing; if the service message is the service message, the step goes to S201 for processing;
s101: checking that the format of the data message meets the requirements, performing CRC (cyclic redundancy check) field check, and turning to S701 next step after judging that the data message is normally configured and managed, and discarding the message if the data message is wrong;
s201: checking that the format of the data message meets the requirements, performing CRC field check, judging the data message to be a service message, turning to S202 in the next step, and discarding the message if the data message is wrong;
s202: acquiring a handle from the message, and going to S203;
s203: retrieving context information according to the handle, and turning to S204; if the corresponding context information is not retrieved, sending a key agreement application message, and turning to S801;
s204: extracting a key and context information from a context table item space;
s205: performing cryptographic operation on the data with the operator by using the context information and the key, and turning to S206;
s206: judging whether the message is the last packet or not according to the flag mark in the message, if so, returning the data packet and turning to S901, and if not, turning to S207;
s207: refreshing the intermediate chain variable after the operation into the context information, and turning to S208;
s208: returning the data packet to the host machine;
s301: creating a handle, synthesizing key information and context initialization parameters;
s302: updating information such as a secret key and an initialization parameter into an FPGA address space as context information;
s303: setting a handle valid identifier to indicate that the handle and the context information are in an activated state;
s401: handle setting is invalid, so that the handle and the context information are in an invalid state, and the S402 is turned to;
s402: clearing the context information in the FPGA, and turning to S403;
s403: clearing the handle information;
s501: configuring algorithm parameters to an algorithm;
s502: and finishing the configuration and finishing the initialization.
The CPU processing flow is as follows:
s601: after the CPU is powered on, resetting is completed, operation parameters, network interfaces, cache spaces and the like are initialized, and the next step is transferred to S602;
s602: receiving a network data packet forwarded by the FPGA, and classifying the messages according to the type: if the message is a configuration management message, the process goes to S701 to process; if the message is a key negotiation application message, the process goes to S801; if the service completes the identification message, go to S901 to process;
s701: checking the data format of the message, calculating the CRC of the message, discarding the error message, and turning to S702 in the next step of the correct message;
s702: the algorithm parameters are synthesized together with the local password resources, and the next step goes to S703;
s703: sending the synthesized algorithm parameters to the FPGA, and turning to S501;
s801: starting message negotiation, and going to S802;
s802: acquiring a service key and parameter information, and turning to S301;
s901: disconnecting the service connection;
s902: and recovering the handle, clearing the context information and turning to S401.
In summary, the present invention receives the network data packet through the FPGA, and the FPGA identifies the type of the network data packet: if the network data packet is a configuration management data message, the FPGA judges whether the configuration management data message format is correct, and if the configuration management data message format is correct, the FPGA forwards the configuration management data message to the CPU; the CPU receives the network data packet forwarded by the FPGA, identifies the type of the network data packet, judges whether the format of the configured and managed data packet is correct if the network data packet is the configured and managed data packet, synthesizes the configured and managed data packet and local password resources into algorithm parameters if the configured and managed data packet is correct, sends the synthesized algorithm parameters to the FPGA, and configures the algorithm parameters into an algorithm by the FPGA; if the network data packet is a service message, the FPGA judges whether the format of the data message configured and managed is correct, if the format of the service message is correct, a handle is obtained from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation. When the FPGA extracts the key and the context information from the context table item space to carry out the cryptographic operation, whether the service message is the last packet is judged according to the flag mark in the service message, if the service message is the last packet, the data packet is returned, the CPU disconnects the service connection, and the FPGA sets the handle and the context information to be in the failure state. And clearing the handle and the context information in the failure state in the FPGA. If the service message is not the last packet, the FPGA refreshes the intermediate chain variable after the operation is finished into the context information; the data packet is then returned to the host. If the context information is not retrieved according to the handle, the FPGA sends a key negotiation application message to the CPU, the CPU starts message negotiation after receiving the key negotiation application message sent by the FPGA, and the CPU acquires a service key and parameter information and forwards the service key and the parameter information to the FPGA; the FPGA creates a handle, and synthesizes key information and context initialization parameters; updating the service key and the parameter information into the FPGA address space as context information; and setting the handle to a valid identifier, so that the handle and the context information are in an activated state. According to the invention, FPGA hardware bears a large amount of cryptographic operation and scheduling operation in the network data processing process, so that the calling process is shortened, the occupation of system CPU time is reduced, the response speed can be improved, and the network data transmission delay is favorably reduced; the service message is not in the system memory and is not easy to be tampered by other software, thereby improving the security of the network system.
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Example 2
Referring to fig. 3, embodiment 2 of the present invention provides a network algorithm invoking system based on cooperation of an FPGA and a CPU, including an FPGA processing unit 1 and a CPU processing unit 2;
the FPGA processing unit 1 includes:
the first data receiving module 101 is used for receiving the network data packet by the FPGA;
the first data identification module 102 is used for the FPGA to identify the type of the network data packet;
the first format judgment module 103 is configured to, if the network data packet is a configuration-managed data packet, judge, by the FPGA, whether a configuration-managed data packet format is correct;
the first data forwarding module 104 is configured to forward the configuration-managed data packet to the CPU processing unit by the FPGA if the configuration-managed data packet is in a correct format;
a parameter configuration module 105, configured to configure the algorithm parameters into the algorithm by the FPGA;
the CPU processing unit 2 includes:
the second data receiving module 201 is configured to receive the network data packet forwarded by the FPGA by the CPU;
a second data identification module 202, configured to identify, by the CPU, the type of the network data packet;
a second format determining module 203, configured to, if the network data packet is a configuration-managed data packet, determine, by the CPU, whether a configuration-managed data packet format is correct;
a parameter synthesis module 204, configured to, if the format of the data packet configured and managed is correct, the CPU synthesizes the data packet configured and managed and the local password resource into an algorithm parameter;
and the second data forwarding module 205 is used for sending the synthesized algorithm parameters to the FPGA by the CPU.
In this embodiment, the FPGA processing unit 1 further includes a message end determining module 106, configured to determine whether the service message is the last packet according to a flag in the service message when the FPGA extracts the key and the context information from the context table entry space to perform cryptographic operation;
the CPU processing unit 2 further includes a service disconnection module 206, configured to disconnect the service connection by the CPU when the data packet is returned if the service packet is the last packet;
the FPGA processing unit 1 further includes an invalidation configuration module 107, which is used for setting the handle and the context information in an invalidation state by the FPGA.
In this embodiment, the FPGA processing unit 1 further includes a failure clearing module 108, configured to clear the handle and the context information in the failure state in the FPGA.
In this embodiment, the FPGA processing unit 1 further includes a variable refreshing module 109, configured to, if the service packet is not the last packet, refresh, by the FPGA, the middle chain variable after the operation is finished into the context information; the data packet is then returned to the host.
In this embodiment, the FPGA processing unit 1 further includes a negotiation application module 110, configured to send, if the context information is not retrieved according to the handle, a key negotiation application message to the CPU by the FPGA;
the CPU processing unit 2 further includes a message negotiation module 207, configured to start message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit 2 further includes a parameter obtaining and forwarding module 208, configured to obtain a service key and parameter information by the CPU and forward the service key and parameter information to the FPGA;
the FPGA processing unit 1 further includes a handle creating module 111, configured to create a handle, synthesize key information, and context initialization parameter for the FPGA;
the FPGA processing unit 1 further includes a context updating module 112, configured to update the service key and the parameter information as context information into an FPGA address space;
the FPGA processing unit 1 further includes an activation configuration module 113, configured to set the handle to a valid identifier, so that the handle and the context information are in an activated state.
It should be noted that, for the information interaction, execution process, and other contents between the modules/units of the system, since the same concept is based on the method embodiment in embodiment 1 of the present application, the technical effect brought by the information interaction, execution process, and other contents are the same as those of the method embodiment of the present application, and specific contents may refer to the description in the foregoing method embodiment of the present application, and are not described herein again.
Example 3
Embodiment 3 of the present invention provides a non-transitory computer-readable storage medium, where a program code of a network algorithm calling method based on cooperation of an FPGA and a CPU is stored in the computer-readable storage medium, and the program code includes an instruction for executing the network algorithm calling method based on cooperation of the FPGA and the CPU in embodiment 1 or any possible implementation manner thereof.
The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
Example 4
An embodiment 4 of the present invention provides an electronic device, including: a memory and a processor;
the processor and the memory are communicated with each other through a bus; the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the network algorithm calling method based on FPGA and CPU cooperation of the embodiment 1 or any possible implementation manner thereof.
Specifically, the processor may be implemented by hardware or software, and when implemented by hardware, the processor may be a logic circuit, an integrated circuit, or the like; when implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory, which may be integrated in the processor, located external to the processor, or stand-alone.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.).
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
Although the invention has been described in detail above with reference to a general description and specific examples, it will be apparent to one skilled in the art that modifications or improvements may be made thereto based on the invention. Accordingly, such modifications and improvements are intended to be within the scope of the invention as claimed.
Claims (10)
1. The network algorithm calling method based on cooperation of FPGA and CPU is characterized by comprising the following steps:
the FPGA receives a network data packet, and the FPGA identifies the type of the network data packet:
if the network data packet is a configuration management data message, the FPGA judges whether the configuration management data message format is correct, and if the configuration management data message format is correct, the FPGA forwards the configuration management data message to a CPU; the CPU receives the network data packet forwarded by the FPGA, identifies the type of the network data packet, judges whether the format of the configured and managed data packet is correct if the network data packet is the configured and managed data packet, synthesizes the configured and managed data packet and local password resources into algorithm parameters if the configured and managed data packet is correct, sends the synthesized algorithm parameters to the FPGA, and configures the algorithm parameters into an algorithm by the FPGA;
if the network data packet is a service message, the FPGA judges whether the format of the data message configured and managed is correct, if the format of the service message is correct, a handle is obtained from the service message, and if context information is retrieved according to the handle, the FPGA extracts a secret key and the context information from a context table entry space to carry out cryptographic operation.
2. The FPGA and CPU cooperation-based network algorithm calling method as recited in claim 1, wherein when the FPGA extracts the key and the context information from the context table entry space for cryptographic operation, whether the service packet is the last packet is judged according to a flag in the service packet, if the service packet is the last packet, the data packet is returned, and the CPU disconnects the service connection, and the FPGA sets the handle and the context information to be in a failure state.
3. The FPGA and CPU cooperation-based network algorithm calling method as recited in claim 2, wherein handle and context information in a failure state in the FPGA are cleared.
4. The network algorithm calling method based on FPGA and CPU cooperation according to claim 2, wherein if the service packet is not the last packet, the FPGA refreshes the middle chain variable after the operation to the context information; and then returning the data packet to the host.
5. The network algorithm calling method based on FPGA and CPU cooperation according to claim 1, wherein if context information is not retrieved according to the handle, the FPGA sends a key agreement application message to the CPU, the CPU starts message agreement after receiving the key agreement application message sent by the FPGA, and the CPU obtains service keys and parameter information and forwards the service keys and parameter information to the FPGA;
the FPGA creates a handle, and synthesizes key information and context initialization parameters; updating the service key and the parameter information into the FPGA address space as context information; and setting the handle to be a valid identifier, and enabling the handle and the context information to be in an activated state.
6. The network algorithm calling system based on cooperation of the FPGA and the CPU is characterized by comprising an FPGA processing unit and a CPU processing unit;
the FPGA processing unit comprises:
the first data receiving module is used for receiving the network data packet by the FPGA;
the first data identification module is used for identifying the type of the network data packet by the FPGA;
the first format judging module is used for judging whether the format of the data message subjected to configuration management is correct or not by the FPGA if the network data packet is the data message subjected to configuration management;
the first data forwarding module is used for forwarding the data message subjected to configuration management to the CPU processing unit by the FPGA if the format of the data message subjected to configuration management is correct;
the parameter configuration module is used for the FPGA to configure algorithm parameters into an algorithm;
the CPU processing unit includes:
the second data receiving module is used for receiving the network data packet forwarded by the FPGA by the CPU;
the second data identification module is used for identifying the type of the network data packet by the CPU;
a second format judgment module, configured to, if the network data packet is a configuration management data packet, judge, by the CPU, whether the configuration management data packet format is correct;
the parameter synthesis module is used for synthesizing the data message subjected to configuration management and the local password resource into an algorithm parameter by the CPU if the format of the data message subjected to configuration management is correct;
and the second data forwarding module is used for sending the synthesized algorithm parameters to the FPGA by the CPU.
7. The FPGA and CPU cooperation-based network algorithm calling system as claimed in claim 6, wherein the FPGA processing unit further comprises a message end judgment module for judging whether the service message is the last packet according to a flag in the service message when the FPGA extracts the key and the context information from the context table entry space for cryptographic operation;
the CPU processing unit also comprises a service disconnection module which is used for disconnecting the service connection by the CPU when the data packet is returned if the service message is the last packet;
the FPGA processing unit also comprises a failure configuration module which is used for setting the handle and the context information to be in a failure state by the FPGA.
8. The FPGA and CPU cooperation-based network algorithm calling system as recited in claim 7, wherein the FPGA processing unit further comprises a failure clearing module for clearing handle and context information in a failure state in the FPGA.
9. The FPGA and CPU cooperation-based network algorithm calling system as claimed in claim 8, wherein the FPGA processing unit further comprises a variable refreshing module, configured to refresh an intermediate chain variable after operation into context information by the FPGA if the service packet is not the last packet; the data packet is then returned to the host.
10. The FPGA and CPU cooperation-based network algorithm calling system as claimed in claim 1, wherein the FPGA processing unit further comprises a negotiation application module for sending a key negotiation application message to the CPU by the FPGA if context information is not retrieved according to the handle;
the CPU processing unit also comprises a message negotiation module used for starting message negotiation after the CPU receives a key negotiation application message sent by the FPGA;
the CPU processing unit also comprises a parameter acquiring and forwarding module for the CPU to acquire the service key and the parameter information and forward the service key and the parameter information to the FPGA;
the FPGA processing unit also comprises a handle creating module which is used for creating a handle by the FPGA, synthesizing key information and context initialization parameters;
the FPGA processing unit also comprises a context updating module which is used for updating the service key and the parameter information into the FPGA address space as context information;
the FPGA processing unit also comprises an activation configuration module which is used for setting the handle as a valid identifier so as to enable the handle and the context information to be in an activated state.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210622786.5A CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210622786.5A CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978950A true CN114978950A (en) | 2022-08-30 |
| CN114978950B CN114978950B (en) | 2023-10-27 |
Family
ID=82958917
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210622786.5A Active CN114978950B (en) | 2022-06-02 | 2022-06-02 | Network algorithm calling method and system based on FPGA and CPU cooperation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978950B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145173A (en) * | 2006-09-12 | 2008-03-19 | 国际商业机器公司 | System and method for securely saving and restoring a context of a secure program loader |
| CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
| US20170163740A1 (en) * | 2015-12-07 | 2017-06-08 | Dell Products L.P. | Method and system for reconnecting server message block (smb) clients to persistent file handles |
| CN107526963A (en) * | 2017-08-30 | 2017-12-29 | 深圳市风云实业有限公司 | Cipher key lookup equipment, method and computer-readable recording medium |
| CN111224773A (en) * | 2018-11-26 | 2020-06-02 | 山东量子科学技术研究院有限公司 | Quantum key management equipment |
| US20200334384A1 (en) * | 2019-04-22 | 2020-10-22 | Hangzhou Dptech Technologies Co., Ltd. | Method of dynamically configuring fpga and network security device |
| CN111917552A (en) * | 2020-06-23 | 2020-11-10 | 深圳奥联信息安全技术有限公司 | Handle authority control method, device and system based on identification key |
| CN112491887A (en) * | 2019-09-25 | 2021-03-12 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing operation of virtual machine based on FPGA |
| CN112910646A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method and device of server cipher machine and server cipher machine |
| CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
| WO2021109275A1 (en) * | 2019-12-05 | 2021-06-10 | 广东省新一代通信与网络创新研究院 | Fpga device-based network-defined storage method, reading method and system |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
-
2022
- 2022-06-02 CN CN202210622786.5A patent/CN114978950B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101145173A (en) * | 2006-09-12 | 2008-03-19 | 国际商业机器公司 | System and method for securely saving and restoring a context of a secure program loader |
| CN104519055A (en) * | 2014-12-11 | 2015-04-15 | 曙光信息产业(北京)有限公司 | VPN (virtual private network) service implementation method, VPN service implementation device and VPN server |
| US20170163740A1 (en) * | 2015-12-07 | 2017-06-08 | Dell Products L.P. | Method and system for reconnecting server message block (smb) clients to persistent file handles |
| CN107526963A (en) * | 2017-08-30 | 2017-12-29 | 深圳市风云实业有限公司 | Cipher key lookup equipment, method and computer-readable recording medium |
| CN111224773A (en) * | 2018-11-26 | 2020-06-02 | 山东量子科学技术研究院有限公司 | Quantum key management equipment |
| US20200334384A1 (en) * | 2019-04-22 | 2020-10-22 | Hangzhou Dptech Technologies Co., Ltd. | Method of dynamically configuring fpga and network security device |
| CN112491887A (en) * | 2019-09-25 | 2021-03-12 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing operation of virtual machine based on FPGA |
| WO2021109275A1 (en) * | 2019-12-05 | 2021-06-10 | 广东省新一代通信与网络创新研究院 | Fpga device-based network-defined storage method, reading method and system |
| CN111917552A (en) * | 2020-06-23 | 2020-11-10 | 深圳奥联信息安全技术有限公司 | Handle authority control method, device and system based on identification key |
| CN112910646A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method and device of server cipher machine and server cipher machine |
| CN112910932A (en) * | 2021-04-30 | 2021-06-04 | 北京数盾信息科技有限公司 | Data processing method, device and system |
| CN113194097A (en) * | 2021-04-30 | 2021-07-30 | 北京数盾信息科技有限公司 | Data processing method and device for security gateway and security gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978950B (en) | 2023-10-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11444783B2 (en) | Methods and apparatuses for processing transactions based on blockchain integrated station | |
| US20170163479A1 (en) | Method, Device and System of Renewing Terminal Configuration In a Memcached System | |
| US20170163478A1 (en) | Method,electronic device and system for updating client configuration in key-value pair database | |
| US11783339B2 (en) | Methods and apparatuses for transferring transaction based on blockchain integrated station | |
| US11336660B2 (en) | Methods and apparatuses for identifying replay transaction based on blockchain integrated station | |
| US11665234B2 (en) | Methods and apparatuses for synchronizing data based on blockchain integrated station | |
| US10621124B2 (en) | Method, device and computer program product for enabling SR-IOV functions in endpoint device | |
| CN114553601B (en) | Information verification method, device, equipment and medium | |
| CN112035899B (en) | Data communication system and method based on password card | |
| CN112052483B (en) | Data communication system and method of password card | |
| CN115357535A (en) | Virtual serial port design method and device | |
| CN113986969A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN107172139B (en) | Wireless protocol stack and implementation method thereof | |
| JP2011229093A (en) | Network apparatus | |
| US11489817B2 (en) | Computing system with gateway data transfer based upon device data flow characteristics and related methods | |
| WO2017032110A1 (en) | Application message processing system and method, and application device | |
| CN107995184B (en) | Connector and communication method using same | |
| CN114978950A (en) | Network algorithm calling method and system based on cooperation of FPGA and CPU | |
| CN116070239A (en) | File encryption and decryption methods, devices, equipment and storage medium | |
| CN113905094B (en) | Industrial Internet integration method, device and system | |
| CN110460567B (en) | Identity authentication method and device | |
| CN113422754A (en) | Data processing method and device, electronic equipment and computer readable storage medium | |
| CN107454021B (en) | Communication method and device | |
| CN109586901A (en) | A kind of key updating method and equipment | |
| CN113301542B (en) | Pairing connection method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |