CN115277028A - Verification system and method for cryptographic algorithm chip - Google Patents
Verification system and method for cryptographic algorithm chip Download PDFInfo
- Publication number
- CN115277028A CN115277028A CN202211178768.9A CN202211178768A CN115277028A CN 115277028 A CN115277028 A CN 115277028A CN 202211178768 A CN202211178768 A CN 202211178768A CN 115277028 A CN115277028 A CN 115277028A
- Authority
- CN
- China
- Prior art keywords
- chip
- algorithm
- national
- cryptographic algorithm
- simulation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/22—Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
- G06F11/2273—Test methods
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
- G06F11/3612—Software analysis for verifying properties of programs by runtime analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/26—Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a verification system and a method of a cryptographic algorithm chip, wherein the system comprises: the GmSSL tool box preprocessing module calls a corresponding national cryptographic algorithm model according to the algorithm name in a national cryptographic algorithm chip needing to be verified to generate an excitation data file, and calls the national cryptographic algorithm model to generate a true value data file corresponding to the excitation data file; the national cryptographic chip verification platform module is used for connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to the verification platform, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file; and the algorithm result processing module is used for comparing, analyzing and processing the simulation data and the true value data file output by the national cryptographic chip verification platform and outputting conclusion data of the working efficiency and the algorithm correctness of the national cryptographic algorithm chip. The verification system does not need to modify a verification platform due to different national cryptographic algorithms, and the verification efficiency of the national cryptographic algorithm chip is improved.
Description
Technical Field
The invention relates to the technical field of information security and cryptographic algorithm verification, in particular to a verification system and a verification method of a national cryptographic algorithm chip.
Background
The national cryptographic algorithm is a short for national commercial cryptographic algorithm, and is a series of algorithms specified by the State cryptology administration, wherein the algorithms comprise a symmetric encryption algorithm, an elliptic asymmetric encryption algorithm, a hash algorithm and the like, SM2 is a public key cryptographic algorithm standard based on an elliptic curve cipher, and comprises a digital signature, a cipher exchange and a public key encryption, SM3 is a cipher hash algorithm, SM4 is a block cipher, and SM9 is a cipher algorithm based on identity. The commercial cipher technology is a technology capable of realizing functions of encryption, decryption, authentication and the like of a commercial cipher algorithm, has a wide application field, is mainly used for carrying out encryption protection on sensitive information which does not relate to national secret content, and is used for various aspects of security authentication, digital signature, internal information transmission encryption storage of enterprises and the like.
With the wide application of the national cryptographic algorithm, a large number of third-party cryptographic tools are generated, wherein GmSSL is an open-source national cryptographic tool box, supports the national cryptographic algorithms such as SM2, SM3, SM4, SM9, ZUC and the like, an SM2 national cryptographic digital certificate and an SSL/TLS secure communication protocol based on the SM2 certificate, supports national cryptographic hardware cryptographic equipment, and provides a programming interface and a command line tool which accord with the national cryptographic specification.
In the process of developing the national cryptographic algorithm chip, different algorithm verification models need to be developed according to different national cryptographic algorithms, and due to the complexity of the national cryptographic algorithms, a great deal of effort is needed to develop the algorithm models. In addition, in the process of dynamic simulation verification, a verification model corresponding to the national cryptographic algorithm needs to be instantiated in the verification platform, and the verification platform cannot be reused in different national cryptographic algorithm chip verifications, so that the development workload of the verification platform is increased.
Disclosure of Invention
The invention provides a verification system and a verification method of a national cryptographic algorithm chip aiming at the problems, and can solve the problems of longer chip verification time and lower efficiency in the research and development process of the national cryptographic algorithm chip.
In order to realize the purpose, the invention adopts the technical scheme that:
in a first aspect, the present invention provides a verification system for a cryptographic algorithm chip, including: the system comprises a GmSSL tool box preprocessing module, a national password chip verification platform module and an algorithm result processing module;
the GmSSL tool box preprocessing module is used for calling a corresponding national cryptographic algorithm model used by the national cryptographic algorithm chip verification platform module according to an algorithm name in a national cryptographic algorithm chip to be verified, generating an incentive data file, inputting the incentive data file into the national cryptographic algorithm model for operation, collecting the operation of the model, and outputting the operation of the model to a true value data file;
the national cryptographic chip verification platform module is used for connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and the algorithm result processing module is used for analyzing and processing the simulation data file and the true value data file output by the national cryptographic chip verification platform and outputting conclusion data of the working efficiency and the algorithm correctness of the national cryptographic algorithm chip.
Further, the GmSSL toolbox pretreatment module includes:
the classification submodule is used for classifying and preprocessing the algorithm tools in the GmSSL tool box according to the national cryptographic algorithm;
the calling submodule is used for calling a corresponding national cryptographic algorithm model according to the algorithm name in the national cryptographic algorithm chip to be verified and the classification result of the classification submodule;
and the execution operation sub-module is used for performing interface connection, data generation and algorithm execution operation according to the processing programs corresponding to different cryptographic algorithms.
Further, the execution operation sub-module is specifically configured to generate, according to an execution mode of a cryptographic algorithm tool, an incentive data file, a true value data file, a compiling option, a simulation option, and a GmSSL algorithm model of the GmSSL interface that are required by the cryptographic chip verification platform module.
Further, the cryptographic chip verification platform module includes:
the interface converter submodule is used for providing a GmSSL interface for the national cryptographic chip verification platform module to the outside and is connected with the corresponding national cryptographic algorithm model of the calling submodule through the GmSSL interface;
the simulation execution submodule is used for calling a simulation tool, adding the compiling options and the simulation options generated by the execution operation submodule into an execution command line of the simulation tool, compiling the verification platform and the cryptographic algorithm model and simulating a cryptographic algorithm chip, and generating simulation data into a file;
and the national secret chip monitor module is used for monitoring the algorithm operation time and the algorithm operation state of the national secret algorithm chip and the information of the input and output data of the chip in the simulation process of the simulation execution submodule, recording and outputting the information to a file.
In a second aspect, an embodiment of the present invention further provides a verification method for a cryptographic algorithm chip, where the verification system for a cryptographic algorithm chip according to any one of the foregoing embodiments is applied, the method includes the following steps:
s1, calling a corresponding national cryptographic algorithm model used by a national cryptographic algorithm chip verification platform module by adopting a GmSSL tool box preprocessing module according to an algorithm name in a national cryptographic algorithm chip to be verified; generating an incentive data file, inputting the incentive data file into a national cryptographic algorithm model for operation, collecting the operation of the model and outputting the operation of the model into a true value data file;
s2, connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform through a national cryptographic chip verification platform module, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and S3, analyzing and processing the simulation data file and the truth value data file output by the national password chip verification platform, and outputting conclusion data of the working efficiency and the algorithm correctness of the national password algorithm chip.
Further, the step S1 includes:
s11, classifying and preprocessing algorithm tools in the GmSSL tool box according to a national cryptographic algorithm;
s12, calling out a corresponding national cryptographic algorithm model according to the algorithm name and the classification result in the national cryptographic algorithm chip to be verified;
and S13, performing interface connection, data generation and algorithm execution operation according to processing programs corresponding to different cryptographic algorithms.
Further, the step S13 includes:
and generating an incentive data file, a true value data file, a compiling option, a simulation option and a GmSSL algorithm model of a GmSSL interface which are required by the national secret chip verification platform module according to an execution mode of a national secret algorithm tool.
Further, the step S2 includes:
s21, arranging a GmSSL interface externally provided on the national secret chip verification platform module, and connecting with a corresponding national secret algorithm model through the GmSSL interface;
s22, calling a simulation tool, adding a compiling option and a simulation option generated by a GmSSL tool box preprocessing module into an execution command line of the simulation tool, compiling the verification platform and simulating a cryptographic algorithm chip, and generating simulation data into a file;
and S23, monitoring the algorithm operation time, the algorithm operation state and the information of chip input and output data of the cryptographic algorithm chip in the simulation process, and recording and outputting the information to a file.
Compared with the prior art, the invention has the following beneficial effects:
the verification system of the cryptographic algorithm chip provided by the embodiment of the invention comprises: the GmSSL tool box preprocessing module is used for calling a corresponding national cryptographic algorithm model used by the national cryptographic chip verification platform module according to the algorithm name in the national cryptographic algorithm chip to be verified, generating an excitation data file, inputting the excitation data file into the national cryptographic algorithm model for operation, collecting the operation of the model, and outputting the operation of the model to a true value data file; the national cryptographic chip verification platform module is used for connecting a corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file; and the algorithm result processing module is used for analyzing and processing the simulation data file and the true value data file output by the national cryptographic chip verification platform and outputting conclusion data of the working efficiency and the algorithm correctness of the national cryptographic algorithm chip. When the verification system simulates the national cryptographic algorithm chips with different algorithms, because the national cryptographic algorithm model is connected with the verification platform through the interface, the verification platform does not need to be modified due to different national cryptographic algorithms, and the development processes of the national cryptographic algorithm verification model and the verification platform are reduced; the chip verification development time in the national cryptographic algorithm chip development process is greatly reduced, and the verification efficiency of the national cryptographic algorithm chip is improved.
Drawings
Fig. 1 is a block diagram of a verification system of a cryptographic algorithm chip according to an embodiment of the present invention;
fig. 2 is a diagram of a working process of a verification system of a cryptographic algorithm chip according to an embodiment of the present invention;
fig. 3 is a schematic diagram of the operation of the cryptographic algorithm chip verification platform according to the embodiment of the present invention;
fig. 4 is a flowchart of a verification method of a cryptographic algorithm chip according to an embodiment of the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further explained by combining the specific embodiments.
In the description of the present invention, it should be noted that the terms "upper", "lower", "inner", "outer", "front", "rear", "both ends", "one end", "the other end", and the like indicate orientations or positional relationships based on orientations or positional relationships shown in the drawings, and are only for convenience of description and simplification of description, but do not indicate or imply that the device or element referred to must have a specific orientation, be configured in a specific orientation, and operate, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "disposed," "connected," and the like are to be construed broadly, such as "connected," which may be fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1:
referring to fig. 1, the verification system of the cryptographic algorithm chip provided by the present invention includes: the system comprises a GmSSL tool box preprocessing module, a national password chip verification platform module and an algorithm result processing module;
the GmSSL tool box preprocessing module is used for calling a corresponding national cryptographic algorithm model used by the national cryptographic chip verification platform module according to an algorithm name in a national cryptographic algorithm chip to be verified, generating an incentive data file, inputting the incentive data file into the national cryptographic algorithm model for operation, collecting the operation of the model, and outputting the operation of the model to a true value data file; namely: generating an incentive file and a truth value file;
the national cryptographic chip verification platform module is used for connecting a corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and the algorithm result processing module is used for analyzing and processing the simulation data file and the true value data file output by the national password chip verification platform and outputting conclusion data of the working efficiency and the algorithm correctness of the national password algorithm chip.
In this embodiment, algorithm tools in the GmSSL toolbox are classified according to the national cryptographic algorithm in the GmSSL toolbox preprocessing module, and corresponding processing programs for different national cryptographic algorithms perform operations such as interface connection, data generation, algorithm execution, and the like. In the national cryptographic chip verification platform module, a preprocessed national cryptographic algorithm tool and a national cryptographic algorithm chip are connected to a verification platform, a national cryptographic algorithm chip verification system calls a simulation tool, compiling options and simulation options generated by a GmSSL tool box preprocessing module are added into a simulation tool execution command line, the verification platform is compiled and simulated, and simulation data are generated into files. After the simulation is finished, an algorithm result processing module of the verification system automatically calls an algorithm result processing platform to analyze and process simulation data output by the national cryptographic chip verification platform and outputs conclusions of the working efficiency, the algorithm correctness and the like of the national cryptographic chip.
According to the verification system of the national cryptographic algorithm chip provided by the embodiment of the invention, the working process is shown in fig. 2, a national cryptographic algorithm chip verification system program is executed, a national cryptographic algorithm name in the national cryptographic algorithm chip is input, a GmSSL tool box preprocessing module preprocesses a GmSSL algorithm tool according to the input national cryptographic algorithm name, and according to the characteristics of the execution mode and the like of the national cryptographic algorithm tool, such as an executable program or an API (application program interface) program, original data, truth value data, compiling options, simulation options, a GmSSL algorithm model of a GmSSL interface and the like required in the national cryptographic algorithm verification platform are generated, and the preprocessed and output GmSSL algorithm model is hung on the GmSSL interface of the verification platform; secondly, calling a simulation tool to compile a verification platform, preprocessing output data and the like to generate an executable file for simulation, simulating a national cryptographic algorithm chip, respectively obtaining the operation output of a GmSSL algorithm model and the operation output of the national cryptographic algorithm chip through simulation, simultaneously outputting simulation time and other information in the encryption and decryption processes of the national cryptographic algorithm chip, and respectively outputting the output information to an operation output data file and a simulation related output file; and finally, the algorithm result processing module processes the file output by simulation, such as comparison of operation output data, and also can select dynamic comparison in a verification platform, simulation data analysis obtains conclusions such as chip algorithm operation overhead, and the like, and finally outputs results such as simulation correctness, national cryptographic algorithm chip operation efficiency and the like.
According to the national secret chip verification platform module, a national secret model tool of a GmSSL tool box is connected to a verification platform through a GmSSL interface of the verification platform, the model tool is used as a truth value generator to carry out national secret algorithm operation on the same data with a national secret algorithm chip to be verified, the data output after the national secret algorithm operation is sent to the verification platform through the GmSSL interface or written out to a truth value file, and a checker in the verification platform carries out real-time comparison on a truth value from the GmSSL interface and an output value of the national secret algorithm chip. Fig. 3 is a schematic diagram of a cryptographic algorithm chip verification platform, in which an excitation generator generates an excitation such as a cryptographic algorithm chip configuration word and original data, where the original data may be dynamically generated by a cryptographic algorithm chip verification platform module or generated by a GmSSL toolbox preprocessing module, and is selected according to a usage mode of a cryptographic algorithm model tool in the GmSSL toolbox:
if the cryptographic algorithm tool in the GmSSL tool box is in an executable file form, selecting a GmSSL tool box preprocessing module to generate and preprocess original data, calling the GmSSL executable algorithm tool, operating the original data to generate output data corresponding to the cryptographic algorithm after operation, and storing the output data as an algorithm true value into a true value file;
if the cryptographic algorithm tool in the GmSSL toolkit is an API interface program, the raw data may be selected to be dynamically generated by a stimulus generator internal to the verification platform. And the national secret agent tool processes the excitation sent by the excitation generator, such as removing a read-write national secret algorithm chip register data packet, sending original data to be operated, configuring a GmSSL tool box and the like.
The GmSSL interface converter converts data such as original data to be operated, configuration data and the like related to the GmSSL tool box according to a GmSSL interface data format, sends the original data to be operated to the GmSSL tool box in a GmSSL interface time sequence, monitors data return after the GmSSL tool box is operated, and sends the data to a tester as a true value. The national secret chip agent module processes the excitation sent by the excitation generator and sends the excitation to the national secret chip driver module; the national cryptographic chip driver analyzes the excitation information and sends the data to the national cryptographic algorithm chip through a national cryptographic algorithm chip interface; the Guogard chip monitor monitors the input and output of the Guogard algorithm chip interface, the algorithm operation time and other information, writes the information into an operation output data file and a simulation related output file, and sends the obtained chip output data to the checker to be compared with the true data value obtained by the GmSSL interface converter.
The verification system of the national cryptographic algorithm chip provided by the invention can automatically call the national cryptographic algorithm model to be used by the verification platform according to the algorithm name input by a user, completes the generation of commands and files such as original data, simulation tool compiling options, simulation options and the like before the start of the simulation verification of the national cryptographic algorithm chip, completes the connection of the national cryptographic algorithm model and the verification platform, then automatically calls the simulation tool for compiling and simulation, and automatically analyzes the simulation result and obtains the verification conclusion of the chip after the simulation is finished.
According to the verification system of the national cryptographic algorithm chip, the GmSSL tool interface converter is designed in the national cryptographic chip verification platform module, the converter externally provides a GmSSL interface, and is connected with the algorithm model in the GmSSL tool box outside the verification platform through the interface, when national cryptographic algorithm chips with different algorithms are simulated, the verification platform does not need to be modified due to different national cryptographic algorithms, and the development processes of the national cryptographic algorithm verification model and the verification platform are reduced; the national cryptographic chip monitor in the verification platform monitors information such as algorithm operation time, algorithm operation state, chip input and output data of the national cryptographic algorithm chip, records and outputs the information to a file, and provides simulation output data for a verification system in the invention. In addition, the verification system greatly reduces the chip verification development time in the national cryptographic algorithm chip development process and improves the verification efficiency of the national cryptographic algorithm chip.
Example 2:
as shown in fig. 4, an embodiment of the present invention further provides a verification method for a cryptographic algorithm chip, where the verification system for the cryptographic algorithm chip of embodiment 1 is applied, and the method includes the following steps:
s1, calling a corresponding national cryptographic algorithm model used by a national cryptographic chip verification platform module by adopting a GmSSL tool kit preprocessing module according to an algorithm name in a national cryptographic algorithm chip to be verified; generating an incentive data file, inputting the incentive data file into a national cryptographic algorithm model for operation, collecting the operation of the model and outputting the operation of the model into a true value data file;
s2, connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform through a national cryptographic chip verification platform module, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and S3, analyzing and processing the simulation data file and the true value data file output by the national cryptographic chip verification platform, and outputting conclusion data of the working efficiency and the algorithm correctness of the national cryptographic algorithm chip.
Wherein, step S1 includes:
s11, classifying and preprocessing algorithm tools in the GmSSL tool box according to a national cryptographic algorithm;
s12, calling a corresponding national cryptographic algorithm model according to the algorithm name and the classification result in the national cryptographic algorithm chip to be verified;
and S13, performing interface connection, data generation and algorithm execution operation according to processing programs corresponding to different cryptographic algorithms. Specifically, an incentive data file, a truth value data file, a compiling option, a simulation option and a GmSSL algorithm model of a GmSSL interface required by the national secret chip verification platform module can be generated according to an execution mode of a national secret algorithm tool.
Step S2, comprising:
s21, arranging a GmSSL interface externally provided on the national secret chip verification platform module, and connecting with a corresponding national secret algorithm model through the GmSSL interface;
s22, calling a simulation tool, adding a compiling option and a simulation option generated by a GmSSL tool box preprocessing module into an execution command line of the simulation tool, compiling the verification platform and simulating a cryptographic algorithm chip, and generating simulation data into a file;
and S23, monitoring the algorithm operation time, the algorithm operation state and the information of chip input and output data of the cryptographic algorithm chip in the simulation process, and recording and outputting the information to a file.
The verification method of the cryptographic algorithm chip of the present invention is described below by two specific examples:
1. verifying the SM2 cryptographic algorithm chip:
verifying the SM2 cryptographic algorithm chip, operating a verification system of the cryptographic algorithm chip, and transmitting the cryptographic algorithm name SM2 and the specific algorithm name such as a signature algorithm to the verification system through a command line, wherein the verification method specifically comprises the following execution process:
firstly, selecting an SM2 signature algorithm tool in the GmSSL tool box by a GmSSL tool box preprocessing module, wherein the algorithm model is an API (application programming interface) interface model, calling an SM2 signature algorithm model interface file in a system, connecting the SM2 signature algorithm model to a verification platform through a GmSSL interface, selecting to use the verification platform to generate original data, and dynamically comparing a true value output by the algorithm model with chip output data by using a checker in the verification platform.
And compiling the configured verification platform and carrying out simulation, wherein a checker in the verification platform dynamically compares the output result of the national cryptographic algorithm chip with a true value collected by the GmSSL interface and outputs a comparison result, and a national cryptographic chip monitor collects information such as the operation processing simulation time of the national cryptographic algorithm chip and outputs the collected information to a simulation related file.
And after the third step of simulation is finished, the algorithm result processing module processes the data and the files output by the simulation to obtain the conclusion of the operation correctness, the operation efficiency and the like of the SM2 national cryptographic algorithm chip, and the verification process of the signature algorithm in the SM2 national cryptographic algorithm chip is completed.
2. Verifying the SM2 cryptographic algorithm chip:
verifying the SM2 cryptographic algorithm chip, operating a cryptographic algorithm chip verification system, and transmitting the cryptographic algorithm name SM2 and the specific algorithm name such as a signature to the verification system through a command line, wherein the verification method comprises the following execution processes:
firstly, selecting an SM2 algorithm tool in a GmSSL tool box by a GmSSL tool box preprocessing module, wherein an algorithm model is an executable file, generating an excitation data file by the GmSSL tool box preprocessing module, calling the SM2 executable file to perform signature verification algorithm operation on data in the excitation data file, and writing an algorithm model operation output result into a truth value file; and configuring a national cryptographic chip verification platform, selecting the generated excitation data file as an excitation, and selecting an enabling operation data file comparison mode.
And compiling the configured verification platform and excitation data file, and performing simulation, wherein the national cryptographic chip monitor collects information such as a national cryptographic algorithm chip operation output result and operation processing simulation time, and outputs the collected information to an operation output data file and a simulation related file.
And after the third step of simulation is finished, the algorithm result processing module compares the true value file with the chip operation output data file, judges the correctness of the chip operation of the SM2 cryptographic algorithm, processes the information in the simulation related output file, outputs the conclusion of the operation efficiency and the like, and completes the verification process of the SM2 cryptographic algorithm chip signature verification algorithm.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (8)
1. A verification system of a cryptographic algorithm chip is characterized by comprising: the system comprises a GmSSL tool box preprocessing module, a national secret chip verification platform module and an algorithm result processing module;
the GmSSL tool box preprocessing module is used for calling out a corresponding national cryptographic algorithm model used by the national cryptographic algorithm chip verification platform module according to an algorithm name in a national cryptographic algorithm chip to be verified, generating an incentive data file, inputting the incentive data file into the national cryptographic algorithm model for operation, collecting the model operation and outputting the model operation to a true value data file;
the national cryptographic chip verification platform module is used for connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and the algorithm result processing module is used for analyzing and processing the simulation data file and the true value data file output by the national cryptographic chip verification platform and outputting conclusion data of the working efficiency and the algorithm correctness of the national cryptographic algorithm chip.
2. The system of claim 1, wherein the GmSSL tool box preprocessing module comprises:
the classification submodule is used for classifying and preprocessing the algorithm tools in the GmSSL tool box according to a national cryptographic algorithm;
the calling submodule is used for calling a corresponding national cryptographic algorithm model according to the algorithm name in the national cryptographic algorithm chip to be verified and the classification result of the classification submodule;
and the execution operation sub-module is used for performing interface connection, data generation and algorithm execution operation according to processing programs corresponding to different cryptographic algorithms.
3. The system as claimed in claim 2, wherein the execution operation sub-module is specifically configured to generate, according to an execution manner of a cryptographic algorithm tool, an incentive data file, a true value data file, a compiling option, a simulation option, and a GmSSL algorithm model of the GmSSL interface that are required by the cryptographic chip verification platform module.
4. The system of claim 3, wherein the cryptographic chip verification platform module comprises:
the interface converter submodule is used for providing a GmSSL interface for the national secret chip verification platform module and connecting the GmSSL interface with the corresponding national secret algorithm model of the calling submodule;
the simulation execution submodule is used for calling a simulation tool, adding a compiling option and a simulation option generated by the execution operation submodule into an execution command line of the simulation tool, compiling the verification platform and simulating the cryptographic algorithm chip to generate simulation data to a file;
and the national secret chip monitor module is used for monitoring the algorithm operation time and the algorithm operation state of the national secret algorithm chip and the information of the input and output data of the chip in the simulation process of the simulation execution submodule, recording and outputting the information to a file.
5. A verification method of a cryptographic algorithm chip, characterized in that a verification system of a cryptographic algorithm chip according to any one of claims 1-4 is applied, the method comprising the steps of:
s1, calling a corresponding national cryptographic algorithm model used by a national cryptographic chip verification platform module by adopting a GmSSL tool kit preprocessing module according to an algorithm name in a national cryptographic algorithm chip to be verified; generating an incentive data file, inputting the incentive data file into a national cryptographic algorithm model for operation, collecting the operation of the model and outputting the operation of the model into a true value data file;
s2, connecting the corresponding national cryptographic algorithm model and the national cryptographic algorithm chip to a verification platform through a national cryptographic chip verification platform module, calling a simulation tool to compile and simulate the national cryptographic algorithm verification platform, the national cryptographic algorithm model and the excitation data file, and outputting a simulation data file;
and S3, analyzing and processing the simulation data file and the truth value data file output by the national password chip verification platform, and outputting conclusion data of the working efficiency and the algorithm correctness of the national password algorithm chip.
6. The method for verifying the cryptographic algorithm chip according to claim 5, wherein the step S1 comprises:
s11, classifying and preprocessing algorithm tools in the GmSSL tool box according to a cryptographic algorithm;
s12, calling a corresponding national cryptographic algorithm model according to the algorithm name and the classification result in the national cryptographic algorithm chip to be verified;
and S13, performing interface connection, data generation and algorithm execution operation according to processing programs corresponding to different cryptographic algorithms.
7. The method for verifying the cryptographic algorithm chip as claimed in claim 5, wherein the step S13 comprises:
and generating an incentive data file, a true value data file, a compiling option, a simulation option and a GmSSL algorithm model of a GmSSL interface which are required by the national secret chip verification platform module according to an execution mode of a national secret algorithm tool.
8. The method for verifying the cryptographic algorithm chip of claim 7, wherein the step S2 comprises:
s21, arranging a GmSSL interface externally provided on the national secret chip verification platform module, and connecting with a corresponding national secret algorithm model through the GmSSL interface;
s22, calling a simulation tool, adding a compiling option and a simulation option generated by a GmSSL tool box preprocessing module into an execution command line of the simulation tool, compiling the verification platform and simulating a cryptographic algorithm chip, and generating simulation data into a file;
and S23, monitoring the algorithm operation time, the algorithm operation state and the information of chip input and output data of the cryptographic algorithm chip in the simulation process, and recording and outputting the information to a file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211178768.9A CN115277028B (en) | 2022-09-27 | 2022-09-27 | Verification system and method of cryptographic algorithm chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211178768.9A CN115277028B (en) | 2022-09-27 | 2022-09-27 | Verification system and method of cryptographic algorithm chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277028A true CN115277028A (en) | 2022-11-01 |
| CN115277028B CN115277028B (en) | 2023-03-31 |
Family
ID=83757318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211178768.9A Active CN115277028B (en) | 2022-09-27 | 2022-09-27 | Verification system and method of cryptographic algorithm chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277028B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7249108B1 (en) * | 1997-07-15 | 2007-07-24 | Silverbrook Research Pty Ltd | Validation protocol and system |
| CN111988133A (en) * | 2020-08-18 | 2020-11-24 | 浪潮商用机器有限公司 | System SM4 encryption and decryption verification method, device, equipment and storage medium |
| CN113032195A (en) * | 2021-03-24 | 2021-06-25 | 上海西井信息科技有限公司 | Chip simulation verification method, system, equipment and storage medium |
| CN114325333A (en) * | 2021-12-30 | 2022-04-12 | 江苏集萃智能集成电路设计技术研究所有限公司 | High-efficiency normalized SOC (system on chip) system level verification method and device |
-
2022
- 2022-09-27 CN CN202211178768.9A patent/CN115277028B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7249108B1 (en) * | 1997-07-15 | 2007-07-24 | Silverbrook Research Pty Ltd | Validation protocol and system |
| CN111988133A (en) * | 2020-08-18 | 2020-11-24 | 浪潮商用机器有限公司 | System SM4 encryption and decryption verification method, device, equipment and storage medium |
| CN113032195A (en) * | 2021-03-24 | 2021-06-25 | 上海西井信息科技有限公司 | Chip simulation verification method, system, equipment and storage medium |
| CN114325333A (en) * | 2021-12-30 | 2022-04-12 | 江苏集萃智能集成电路设计技术研究所有限公司 | High-efficiency normalized SOC (system on chip) system level verification method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277028B (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109284313B (en) | Federal modeling method, device and readable storage medium based on semi-supervised learning | |
| Mitchell et al. | Automated analysis of cryptographic protocols using mur/spl phi | |
| Chevalier et al. | Automated unbounded verification of security protocols | |
| US9781109B2 (en) | Method, terminal device, and network device for improving information security | |
| CN112153030B (en) | Internet of things protocol security automatic analysis method and system based on formal verification | |
| CN110519115A (en) | Gateway interface test method, terminal device, storage medium and device | |
| CN109547477A (en) | A kind of data processing method and its device, medium, terminal | |
| Philipps et al. | Model-based test case generation for smart cards | |
| CN107743067A (en) | Awarding method, system, terminal and the storage medium of digital certificate | |
| CN110929252A (en) | Algorithm and random number detection system | |
| CN106708687A (en) | Executable file-based chip verification method and apparatus | |
| CN114186266B (en) | Big data security and privacy computing control method in super computing and cloud computing environment | |
| Patel et al. | Comparative analysis of formal model checking tools for security protocol verification | |
| CN115221071A (en) | Chip verification method and device, electronic equipment and storage medium | |
| CN115277028B (en) | Verification system and method of cryptographic algorithm chip | |
| CN113038463B (en) | Communication encryption authentication experimental device | |
| CN113381909B (en) | Full link voltage measuring method and device | |
| TWM641418U (en) | Digital nameplate creation system based on public key infrastructure | |
| CN109298869A (en) | A kind of generation method and relevant apparatus of target channel packet | |
| CN109088733A (en) | A kind of implementation method and device of application of IC cards extension | |
| CN114374514A (en) | UVM-based ECDSA verification system and method | |
| Benaissa et al. | Cryptographic protocols analysis in event B | |
| Hassan et al. | Automated verification tools for cryptographic protocols | |
| CN112990481A (en) | Automatic evaluation method for machine learning model based on block chain | |
| CN106878100A (en) | A kind of method of testing and system of ellipse curve public key cipher security coprocessor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |