CN1649296A - Apparatus and method for performing transparent cipher block chaining mode cryptographic functions - Google Patents

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CBC block pointer logic, and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CBC block cryptographic operations performed on a corresponding plurality of input text blocks. The CBC block pointer logic is operatively coupled to the cryptographic instruction. The CBC block pointer logic directs the computing device to update pointer registers and intermediate results for each of the plurality of CBC block cryptographic operations. The execution logic is operatively coupled to the CBC block pointer logic. The execution logic executes the one of the cryptographic operations.

Description

Carry out the device and method of transparent cipher block chaining mode cryptographic functions

Technical field

The present invention relates to the microelectronics field, relate in particular to a kind of device and method of in microprocessor or miscellaneous equipment, carrying out transparent cipher block chaining mode cryptographic functions.

Background technology

One early stage computer system independently operates with other computer system, a therefore application program of carrying out in the computer system in early days, and whole input data of being asked may be positioned at this computer system, or are provided when carrying out by an application designer.This application program is produced by dateout, and is the result after carrying out, and this dateout is usually with written output, or is document form, writes on a magnetic tape station, disk or other is arranged in the mass storage of this computer system.This output file then can be used as execution in same computer system, the input file of a series of application programs, perhaps this dateout is previous just is stored into a removable or transportable mass storage with a document form, then it can then be provided to a difference, even not compatible computer system, uses for application program.In these early stage computer systems, confirmed to protect the demand of sensitive data, and in the out of Memory preservation measures, the sensitive data that password program develops and is used to protect unauthorized to disclose.In general, these password programs will be stored in the encryption and the deciphering of the dateout of mass storage.

Several years ago, the user finds the connected network computer, with the data that provide access to share.Jointly, network configuration, operating system and Data Transport Protocol have similarly been shared access the ability of data, and developing into is not only support, even has played the part of the important role of projection.For example, in today: the user of a computer workstation, can read different operating station or NetWare file server file, use the internet to obtain news and other information, transmit and receive electronic information (that is Email), be connected to supplier's computer system at hundreds of intercomputers, credit card or bank function information are provided, with carry out and the supplier between dealing or in the dining room, airport or other public place utilize wireless network to carry out aforementioned activity, all are quite usual things.Therefore, the sensitive data itself and the violent growth of transmission requirements of the exposure of protection unauthorized.One user is during a given computer multi-layer protocol, and the obligated case of sensitive data of protecting is more and more.News headlines regularly increases the weight of the power of computer information safe subject under discussion at present, for example the forefront of spam, assault, personal data outflow, public's subjects under discussion such as reduction engineering, network defraud and credit card deception.And because the cyberterrorism of these premediations, with the influence of not positive means invasion individual privacy scope, appropriate body is drafted out corresponding new method, the execution of strictness and the program of public education.Yet, show effect without any a kind of being reflected on the computerized information compromise processing trend.Originally the thing of having only government to be concerned about, financial system, military affairs and spy's problem become general citizen now and read Email or carry out a kind of significant theme when living depositor's access from its home computer.Aspect the information security category, develop gradually some technology and device and can allow the information only can be by specific understanding, the promptly so-called cryptography (cryptography) of receiving looking like.When being applied to protect information especially; it is when intercomputer stores or transmit, encrypt be used in transmit responsive information (known as " expressly " (cleartext) or " this paper " (plaintext) to the form ((ciphertext)) that can not understand as " ciphertext ".The transport process that expressly is converted to ciphertext claims " encrypting (encryption) ", " enciphering (enciphering) " or " encipherment (ciphering) ", and ciphertext is converted to transport process expressly and claims " deciphering (decryption) ", " removing password (deciphering) " or " additive cipher (inverse ciphering) ".

In the password category, developed and several steps and rule, allow the user not need altitude knowledge or make great efforts to finish Password Operations, and these users can be transmitted or otherwise provide its information to other user as encrypted form.Along enciphered message, " Crypted password " that conveyer generally provides the recipient one and can not make the recipient to remove enciphered message, so the recipient can not remove or otherwise increase the access of unencryption raw information.A kind of technology is taked cryptoguard with these steps or rule, and mathematical operation and specially designed application forms are with high sensitive information encryption or deciphering.

Some computing classifications are used in data encryption or deciphering.First kind computing classification is (as the public-key encryption computing: the RSA computing) utilize two kinds of Crypted passwords (a kind of public keys (publickey) and a kind of private key (private key)) with data encryption or deciphering referred in this.Mention some public keys computings, a kind of public keys is used to send to recipient's data encryption.Public and private key has a mathematics calculation relation concurrently the user, and the recipient must utilize its private key will transmit data decryption with extensive many certificates.Though this type of cryptographic calculation extensively was used in today, encrypt and decryption oprerations speed still slow excessively, even encrypt and decrypt low volume data only.The second class computing as symmetric key computing (symmetric key algorithms), provide the data security certain degree, and speed is faster.These computings are called the symmetric key computing, because it uses encryption key in encrypting and decryption information.Three kinds of public known main encryption key computings are arranged: data encryption standard rule (data encryption standard, DES), triple DES rule (Triple DES), and advance rank encryption standard rule (advancedencryption standard, AES).Because these calculation intensity protection high sensitive data, it is used by U.S. government and agency thereof now.But can expect that one or more in these technology will become commerce or private transmission standard in future.According to these symmetric key computings, plaintext and ciphertext are separated in a special size respectively encrypts or deciphers.For example, 128 big minizones advance the complete cryptographic operation of rank encryption standard rule, and use 128,192 and 256 encryption key.What other symmetric key computing allowed 192 and 256 bit data groups advances the rank encryption standard.Mention the block encryption operation, a kind of 1024 cleartext informations are as eight 128 bytes are encrypted.

Whole symmetric key computings utilizes time operation of same form, with an expressly block encryption.And mention the symmetric key computing of general more normal use, a kind of initial encryption key expands into multiple key (as a kind of " key catalogue "), and each (round) is finished in the plaintext block as meeting time operation encryption " wheel ".For example, first key of key catalogue makes first encryption round that is used for finishing in operation last time of plaintext block, wherein second takes turns and utilizes second key of key catalogue to produce second result.A kind of sub-cell wheel of specific quantity is done and produces the final result of returning of a ciphertext itself.Time operation during each that advance the computing of rank encryption standards rule is taken turns still has time position (or S-box), moves row (ShiftRows), mixed hurdle (MixColum), adds round key terms such as (AddRoundKey).During each was taken turns, a kind of ciphertext block deciphering was finished, and except finishing ciphertext input additive cipher and changing time operation (as mixing the hurdle, moving row), each is taken turns final result and is the plaintext block.

Data encryption standard rule and triple DES rule are utilized different qualities time operation, but inferior operation is advanced the same worker of rank encryption standard rule with these, and one plaintext block becomes a ciphertext block because it is used in the similar fashion conversion.

Finish Password Operations on multiple follow-on test group, all the symmetric key computing utilizes identical pattern.These patterns comprise electronic codebook mode (electronic code book, ECB) pattern, cypher block chaining (cipher block chaining, CBC) pattern, cipher feedback (cipher feedback, CFB) pattern, reach output feedback (output feedback, OFB) pattern.During inferior operation was finished, some patterns were utilized a kind of additional initialization vector and some to be used to complete in the ciphertext of the first plaintext block encryption primary importance and are exported as a kind of additional input to the encryption second place of finishing in the second plaintext block.More correlation technique details, can be referring to Federal Information Processing Standards Publication46-3 (FIPS-46-3), on October 25th, 1999, it has gone through data encryption standard rule, triple DES rule; And referring to FIPS-197, on November 26 calendar year 2001, it has done detailed explanation to advancing the rank encryption standard.Aforesaid standards rule system is by national standard science and technology research institute (NationalInstitute of Standards and Technology, NIST) promulgation and opinion.In addition, individual other instruction, white paper, sheathing tool and countermeasure can be with reference to the computer security strain centers (CSRC) of national standard science and technology research institute, and network address is http://csrc.nist.gov/.

The known technology person will discover most application programs and can effectively carry out on computers to finish cryptographic operation (as encrypting and going close).In fact, the certain operations system is (as Microsoft ^, WindowsXP ^, Linux) when original encryption form, encrypted application interface and homologue, directly provide the encrypt/decrypt service.In any case today, still there were some defectives in the computer encipher technology.Please directly with reference to figure 1, so as to highlighting and discuss these defectives below.

Fig. 1 is square frame Figure 100 that a kind of today, computer encipher was used, describes first computer workstation 101 that links with LAN 105, one second computer workstation 102, network file storage facilities 106, the first router 107 or other and Wide Area Network (WAN) 110 as the internet, reach a wireless network router one 08 as the interface of ieee standard 802.11 formation also with LAN 105 bindings.A mobile computer 104 utilizes wireless network 109 to be connected to wireless network by device 108.Wide Area Network 110 another emphasis, a second router 111 provides one the 3rd computer workstation 103 interfaces.

As mentioned above, today, the user repeatedly faced the subject under discussion of computer information safe during operation.For example, under multi-job operating system control today, workstation1 01 user can finish several work synchronously, and each all needs Password Operations.Encrypt/decrypt application program 112 (provide or travelled by operating system as the part operation system) storage area file on network file storage facilities 106 need be provided workstation1 01 user.When file stored, the user can transmit enciphered message to second user who is positioned at second computer workstation 102, and it also needs to carry out encrypt/decrypt application program 112.Enciphered message can be in real time (as a kind of information immediately) or non real-time (as Email).In addition, the user also can be from the 3rd computer workstation (103) via Wide Area Network 110 accesses or the sensitive data of him is provided final data (as credit card number, finance is transferred accounts, etc.) or other form.When entering any one, the company of walking out on LAN 105, shares resource 101,102,106,107,108,109 workstation1s 01, and the user uses the 3rd computer workstation 103 can represent home computer or long distance computer 103.Each aforementioned activities needs one to meet the example of carrying out encrypt/decrypt application program 112.In addition, wireless network 109 present normalities be provided in cafe, the airport, school, and other public place, therefore no matter encrypting and decrypting of mobile computer 104 users is his/her other user of information transmission/reception needs immediately, and encrypts or decipher all information via wireless network 109 to wireless network by device 108.

The known technology person can understand, and each above-mentioned activity all need be done cryptographic operation on workstation1 01-104, and the demand of carrying out an encrypt/decrypt application program 112 immediately also just should be arranged mutually.Therefore, computer 101-104 further may finish hundreds of cryptographic operations simultaneously.

In any case, exist some on computer system 101-104, carry out at least more than one immediately encrypt/decrypt application program 112 and finish the restriction of encryption operation method.For example, finishing an aforementioned functional via a software program compares and finishes identical function via hardware and carry out slow.Each encrypt/decrypt application program 112 all needs a period of time, and just the current program of carrying out on computer 101-104 may during this period of time must suspend execution, and cryptographic operation is (as plaintext, ciphertext, pattern, keys etc.) parameter must be carried out cryptographic operation by operating system to encrypt/decrypt application program 112.And because cryptographic calculation must comprise a few round trip operations of special group data, encrypt/decrypt application program (112) is carried out to comprise and is carried out a plurality of computers extension instructions, and therefore all system operation speed has adverse influence.As the known technology person can find, transmit a little encrypted E-mail at Microsoft  Outlook  and can transmit slow 5 times of a unencryption Email.

In addition, the limitation of current techniques is caused by the delay that operating system is interfered.Most of application programs do not provide the integer key to produce or the encrypt/decrypt assembly, and the assembly of their executive operating system or embedded applications are to finish these tasks.And operating system system just dispatches in the demand and the interruption of executive utility according to other.

Even, the present invention notice on the 101-104 of current computer system crypto-operation finish with finishing of floating-point mathematics computing before special-purpose floating point unit occurs in microprocessor be similar.Early stage floating-point operation realizes by software, so execution speed is very slow.Just as floating-point operation, it is quite slow carrying out crypto-operation by software.Along with the improvement of floating-point technology, floating point instruction is provided on the common processor of floating-point and carries out, and it is more a lot of soon than the realization of software that common processor is carried out floating-point operation, and it has also increased the cost of system certainly.Similarly, the common processor of password today is with expansion board or be connected to the form of the external equipment of primary processor by parallel port or other peripheral interface (as USB).Common processor makes the execution of crypto-operation faster than the realization of pure software certainly.But the common processor of password has increased cost to system configuration, and he needs extra power supply and has reduced the reliability of system.Because data path on same module, is monitored so the execution of the common processor of password is easier quilt unlike master microprocessor.

Therefore, the present invention recognizes that people need have a special cryptographic hardware in the microprocessor of today, needs the application program of crypto-operation can be directly to carry out this crypto-operation via independent, a little cipher instruction indication microprocessor like this.The present invention also provides such function, reduces interference and management to operating system.And this cipher instruction preferably can be used in the level of privilege of application program, the cryptographic hardware of appointment can with the microprocessor compatibility of current popular.Cryptographic hardware and associated cryptographic instruction simultaneously will provide the mode with the compatibility of previous operating system and program.Topmostly provide a kind of apparatus and method of carrying out crypto-operation, make and effectively resist undelegated monitoring, and can support multiple cryptographic algorithm, support is verified the special password algorithm of implementing therein and is tested, key that the permission user provides and the key that produces voluntarily, support multiple data block size and key length, programmable block encryption/decryption modes is provided, promptly as ECB, CBC, CFB and OFB etc., and can efficiently carry out the block cryptographic function to the mass data piece when stating block encryption/decryption modes able to programme in the use.

Summary of the invention

The present invention is in order to solve the above-mentioned of known technology and other problem and defective.The invention provides a kind of technology preferably in microprocessor, to carry out crypto-operation.

In a scheme, in a microprocessor, provide in order to finish the device of crypto-operation.This device comprises a cipher instruction circuit, password block serial block pointer logic and execution logic circuit.The cipher instruction that the cipher instruction circuit is provided, receiving, and as the part of performed instruction stream on calculation element, cipher instruction has also been stipulated a kind of crypto-operation by calculation element.Crypto-operation comprises a plurality of password block serial block crypto-operations, and these password block serial block crypto-operations are then processed in corresponding a plurality of input divisions.Password block serial block pointer logic and cipher instruction circuit combine.This password block serial block pointer logic indication calculation element upgrades the intermediate object program of pointer register and each a plurality of password block serial block crypto-operation.Execution logic circuit and password block serial block pointer logic mutually combine, and execution logic circuit is then carried out a cipher instruction.

Another program of the present invention is a kind of device of carrying out crypto-operation, and this device comprises that one is embedded in password unit and the password block serial block pointer logic in the equipment.Password unit responds to the cipher instruction of having specified a crypto-operation in the instruction stream of receiving and carries out a kind of crypto-operation, and this crypto-operation comprises several password block serial block crypto-operations.Password block serial block crypto-operation is then processed in pairing several input divisions.Password block serial block pointer logic and password unit combine.Password block serial block pointer logic is indicated the content of this renewal of the equipment pointer register, and the result of temporary each password block serial block crypto-operation.

The another scheme of the present invention is a kind of method of carrying out crypto-operation in an equipment.This method comprises the cipher instruction received of response and carries out a kind of crypto-operation, and wherein cipher instruction has been stipulated a kind of crypto-operation, and this execution comprises and finishes several password block serial mode block computings in corresponding several input characters blocks.This method also comprises the position that a current input characters block is write an initialization vector, so that, use the initialization vector of current input characters block as an equivalence in the Next Password block serial mode block computing of next input characters block.

Description of drawings

Fig. 1 is the schematic diagram that the explanation current password is used.

Fig. 2 describes the schematic diagram of carrying out the crypto-operation technology.

Fig. 3 discloses the schematic diagram in order to the micro processor, apparatus of execution crypto-operation according to the present invention.

Fig. 4 discloses the schematic diagram according to the present invention one little cipher instruction embodiment.

Fig. 5 illustrates the numerical tabular of typical block cipher mode according to little cipher instruction of Fig. 4.

Fig. 6 describes the block diagram according to the present invention's password unit in an x86 compatible microprocessors in detail.

The schematic diagram of the typical microcommand of codon computing is carried out in Fig. 7 explanation in the microprocessor of Fig. 6.

Fig. 8 loads the numerical tabular of microinstruction register field according to the format description one of Fig. 7.

Fig. 9 discloses the numerical tabular of a storage microinstruction register field according to the form of Fig. 7.

Figure 10 is according to the typical control word format figure of the present invention in order to the cryptographic parameter of regulation crypto-operation.

The block diagram that Figure 11 describes in detail according to password unit of the present invention.

Figure 12 makes according to advancing the rank encryption standard and carries out crypto-operation according to the block diagram that the present invention illustrates a kind of block cryptologic circuit embodiments.

Figure 13 is described in the interrupt event in order to check the flow chart of cryptographic parameter status method according to the present invention.

Figure 14 is described in the flow chart of finishing the method for specific cryptosystem block serial mode crypto-operation under at least one interrupt event in number input block piece according to the present invention.

Wherein, description of reference numerals is as follows:

100 square frame Figure 101, first computer workstation

102 second computer workstations 103 the 3rd computer workstation

104 notebooks, 105 LAN

106 network file storage facilitiess, 107 the first router

108 wireless networks are by device 109 wireless networks

110 Wide Area Networks, 111 the second router

112 encrypt/decrypt application programs, 200 block diagrams

201 microprocessors, 202 operating systems

203 application memories, 204 cryptographic key generating routines

205 key catalogues, 206 block encipherors

207 block decrypted programs, 208 initialization vectors

209 cryptographic parameter 210 are block expressly

211 ciphertext blocks, 300 block diagrams

301 microprocessors, 302 command registers

The 304 microcommand formations of 303 translation logic circuit

305,306 microcommands, 307 registers group that enter the mouth

The 308-313 register

314 load logic circuit, 315 data high-speed buffer memorys

316 password units, 317 stored logic circuit

318 write back logical circuit 319 rambus

320 operating systems, 321 Installed System Memories

322 cipher instructions, 323 initial control words symbol

324 initial keys or key catalogue 325 initialization vectors

326 input characters blocks, 327 output character blocks

328 execution logic circuit, 400 little cipher instructions

401 alternative preamble field 402 repeat preamble field

403 operation code fields, 404 block cipher mode fields

500 table 600x86 compatible microprocessors

601 obtain logical circuit 602 translation logic circuit

603 transfer interpreters, 604 microcode read-only memorys

605 register stages 606 address phase

608 execution phases of 607 load phase

609 microcommand formations, 610 integer units

611 microcommand formations, 612 floating point units

613 microcommand formations, 614 multimedias are extended the collection unit

615 microcommand formations, 616 crossfires extend the collection unit

617 password units, 618 storage stages

619 write back stages 620 load bus

621 inhibit signals, 622 memory bus

624 flag register 625X positions

626 interrupt logic circuit, 627 softwares and hardware interrupt

628 machine particular register 629E positions

630 Characteristics Control register 631D positions

632 execution logic circuit, 640 password block serial block pointers are patrolled

Collect circuit

700 microcommands, 701 little operation code fields

702 data register fields, 703 register fields

704 data field positions, 800 tables

900 table 1000 control character forms

1001 reserved fields, 1002 cipher key size fields

1003 encrypt/decrypt fields, 1004 intermediate object program fields

1005 keys produce field 1006 algorithm field

1007 take turns count area 1100 password units

1101 block cryptologic circuit, 1102 key random access memorys

1103 microinstruction registers, 1104 control character registers

1105 inputs-0 register, 1106 inputs-1 register

1107 keys-0 register, 1108 keys-1 register

1109 outputs-0 register, 1110 outputs-1 register

1111 load bus, 1112 memory bus

1113 inhibit signals, 1114 microinstruction bus

1200 block cryptologic circuit, 1201 microinstruction registers

1202 control character register 1203 keys-0 registers

The 1204key-1 register

1205-1206 input register 1207-1208 output register

1210 take turns engine controller 1211-1214 bus

The 1216-1218 bus

1220 take turns engine 1,221 first key xor logic circuit

1,222 first registers are kept in-0 1223S-Box logical circuit

1224 move column logic circuitry 1,225 second registers temporary-1

1226 mix hurdle logical circuit 1227 the 3rd register temporary-2

1302 blocks 1304 are judged block

1306 blocks, 1308 blocks

1310 blocks, 1312 blocks

1402 blocks, 1404 blocks

1406 judge block 1408 blocks

1410 blocks, 1412 blocks

1414 blocks, 1416 blocks

1418 blocks, 1420 blocks

1422 blocks 1426 are judged block

1428 blocks, 1430 blocks

Embodiment

The following stated is the cited example of the present invention that application-specific and demand in the literary composition were made or used to the application of known technology.Yet mentioned various modifications are used to show and not the existing together of known technology that this rule can be applicable among other embodiment among the embodiment.Therefore, the present invention is defined in specific embodiment.

Because above-mentioned about password program technical background and the use of computer nowadays system with the correlation technique of data encryption and deciphering, we continue to inquire into these technology and restriction thereof with reference to Fig. 2.Then, continue to discuss the present invention with reference to Fig. 3-14.

Please see Figure 2, one square frame Figure 200 and described the technology of in above-mentioned present age computer system, finishing crypto-operation.Square frame Figure 200 comprises a microprocessor 201, and it is known as the some of application memory 203 from the Installed System Memory of an application program correspondence, obtains instruction and access data.The control of program and be by operating system 202 management that resides in the zone that has been protected the Installed System Memory from these application memory 203 access datas.As above-mentioned discussion, if an application program of carrying out (for example an e-mail program or a file stored routine) needs to carry out a crypto-operation, the instruction that the application program of carrying out promptly must instigate microprocessor 201 to carry out specific quantity just can be finished crypto-operation.These instructions perhaps be exactly this just in an executive utility subprogram partly, they also may be to be linked to this just in the embedded program of executive utility, also may be the services that this operating system 202 is provided.No matter their combination, those skilled in the art will understand these instructions and will reside in the region of memory some appointments or that distributed.Based on the purpose of discussing, these storage areas will be disclosed in this application memory 203, and comprising a cryptographic key generating routine 204, it can produce or receive a cryptographic key and this cipher key spreading can be become a key catalogue 205 and use for the password wheels computing.For the cryptographic calculation of multi-tiling, a block encipheror 206 will be by priming.But this encipheror 206 is carried out the instruction of a plurality of blocks of accesses, and a plurality of blocks comprise block 210 expressly, key catalogue 205, such as the cryptographic parameter 209 of the more detailed cryptographic calculations such as position of pattern, key catalogue.If mode designated needs, an initialization vector 208 also can come access by encipheror 206.Encipheror 206 is carried out these instructions and is made the relevant ciphertext block 211 of generation.Similarly, in order to carry out the block decrypt operation, need priming one block decrypted program 207.Decrypted program 207 is carried out and is used for the instruction of a plurality of blocks of access, and a plurality of blocks comprise the cryptographic parameter 209 of ciphertext block 211, key catalogue 205, more detailed decrypt operation, if the pattern needs, an initialization vector 208 also can be by access.Decrypted program 207 is carried out these instructions to produce corresponding plaintext block 210.

It should be noted that the instruction that needs to carry out specific quantity, to produce cryptographic key and encryption or deciphering literal block.Above-mentioned FIPS standard has comprised many pseudo-code examples, makes the instruction number that needs to determine to be estimated.Therefore, those skilled in the art understand thoroughly needs up to a hundred instructions to finish a simple block cryptographic calculation, and wherein each instruction all will be carried out by microprocessor 201, just can finish required crypto-operation.Furthermore, carry out these and instruct and finish a crypto-operation, for current be unnecessary computing just in the main purpose (as file management, real-time messages, e-mail, remote file access, credit card trade) of executive utility.Therefore, currently just feel that the user of executive utility finishing of current performed program is not efficient.Independently or under the situation of embedded encryption and decrypted program 206,207, start and manage other demand that these programs 206,207 also will be subjected to operating system 202 and arrange, such as support to interrupt, the incident of unusual and deterioration problem etc.Moreover, for required each parallel crypto-operation on a computer system, an example of program 204,206,207 be exactly must separate configuration in internal memory 203.And as mentioned above, can be contemplated that requirement by the crypto-operation number that a microprocessor 201 walks abreast, will increase along with time remaining.

The present inventor has noticed the limitation of these problems and current computer system password technology, has more confirmed to be provided at one and can not occur in the microprocessor of program delay the user, carries out the demand of the apparatus and method of crypto-operation.Computing therefore, the present invention provides a microprocessor in this, via exclusive password unit, carries out the device and related methods of crypto-operation.When starting password unit, to carry out crypto-operation via the sequencing of single password instruction.Now with reference to Fig. 3-12 the present invention is discussed.

With reference to Fig. 3, a block diagram 300 has been described a micro processor, apparatus of carrying out crypto-operation according to the present invention.Block diagram 300 has been described a microprocessor 301, and it is linked on the Installed System Memory 321 by a rambus 319.Microprocessor 301 comprises the translation logic circuit 303 that receives instruction from a command register 302.Translation logic circuit 303 can be logical circuit, device or microcode (be microcommand or local instruction) or the combination of logical circuit, device or a microcode, or can translate and instruct the equivalent elements of relevant microinstruction sequence.Performed assembly of translating may be shared by other circuit, microcode etc. in translation logic circuit 303, promptly carries out other function in microprocessor 301.According to purpose of the present invention, microcode is a term, a large amount of microcommand of its expression.One microcommand (or being called local instruction) is other instruction of performance element level.For example, microcommand is directly carried out by the Reduced Instruction Set Computer microprocessor.For a complex instruction set computer (CISC) microprocessor, such as an x86 compatible microprocessors, the x86 instruction can be translated into relevant microcommand, and these microcommands can directly be carried out by at least one unit in the complex instruction set computer (CISC) microprocessor.Translation logic circuit 303 is connected in the microcommand formation 304, and microcommand formation 304 has several microcommand inlets 305,306.Microcommand is offered the register phase logic circuit that comprises a registers group 307 by microcommand formation 304.Registers group 307 has a plurality of register 308-313, and the content of these registers promptly is established before the crypto-operation of carrying out an appointment.Register 308-312 points to the relevant position 323-327 in the internal memory 321, is depositing here and is carrying out the required data of designated pin computing.The register stage is connected to load logic circuit 314, and it is connected to the data high-speed buffer memory 315 of the designated pin operational data that is used for that search complete.Data high-speed buffer memory 315 is connected on the internal memory 321 by rambus 319.Execution logic circuit 328 and load logic circuit 314 join, and carry out the computing of appointment by the microcommand that transmits on last stage.Execution logic circuit 328 comprises logical circuit, device or microcode (being microcommand or local instruction) or the combination of logical circuit, device or a microcode, or can carry out the equivalent elements of specify arithmetic by the microcommand that offers it.The assembly of carrying out computing in execution logic circuit 328 may be shared by other circuit, microcode etc., promptly finishes other function in microprocessor 301.Execution logic circuit 328 comprises a password unit 316, and password unit 316 receives from load logic circuit 314, in order to carry out the required data of designated pin computing.Microcommand drives password unit 316 is carried out appointment on a plurality of input characters blocks 326 crypto-operation, to generate relevant a plurality of output character blocks 327.Password unit 316 comprises logical circuit, device or microcode (being microcommand or local instruction) or the association of logical circuit, device or a microcode, or can carry out the equivalent unit of crypto-operation.The assembly of carrying out crypto-operation in password unit 316 may be shared by other circuit, microcode etc., promptly finishes other function in microprocessor 301.In one embodiment, other performance element of password unit 316 and execution logic circuit 328 (not icon) is such as integer unit, floating point unit etc., executed in parallel.An embodiment of one " unit " comprises logical circuit, device or microcode (being microcommand or local instruction) or the association of logical circuit, device or a microcode in the scope of the invention, or can carry out the equivalent elements of specify arithmetic or appointed function.These are carried out specify arithmetic or carry out appointed function on a special element assembly may be shared by other circuit, microcode etc., promptly carries out other function exclusive disjunction in microprocessor 301.For example, in one embodiment, an integer unit comprises logical circuit, device or microcode (being microcommand or local instruction) or the combination of logical circuit, device or a microcode, or can carry out the equivalent elements of integer instructions.One floating point unit comprises logical circuit, device or microcode (being microcommand or local instruction) or the combination of logical circuit, device or a microcode, or can carry out the equivalent elements of floating point instruction.The assembly of carrying out integer instructions in integer unit can be shared circuit, microcode etc., promptly carries out floating point instruction in floating point unit.In an embodiment of compatible x86 system, the multimedia extension apparatus of the integer unit of a password unit 316 and an x86, the floating point unit of an x86, an x86 and the crossfire extension apparatus executed in parallel of an x86.According to the present invention, the embodiment of a compatible x86 system is meant that this embodiment can correctly carry out great majority designs and be used for the application program carried out on an x86 microprocessor.If obtain a correct result, application program can be performed just exactly.The compatible embodiment of alternative x86 expects a password unit and an above-mentioned subclass executed in parallel mentioning the x86 performance element.Password unit 316 is connected on the stored logic circuit 317, and corresponding a plurality of output character block 327 is provided.Stored logic circuit 317 also is connected to data high-speed buffer memory 315, and it sends to Installed System Memory 321 with output character block 327 and sentences for storing.Stored logic circuit 317 is connected to and writes back on the logical circuit 318.Finish when the crypto-operation of appointment, write back logical circuit 318 and will upgrade register 308-313 in the registers group 307.In one embodiment, a microcommand and a frequency signal (not icon) are synchronous, flow through each above-mentioned logical stage 302,303,304,307,314,316-318, and like this, these computings just can executed in parallel, just as an assembly line.

In Installed System Memory 321, an application program needs the crypto-operation of appointment, and can be via a single password instruction 322, and indication microprocessor 301 removes to carry out crypto-operation.Instruct as the example explanation with a password (XCRYPT) at this.In a complex instruction set computer (CISC) embodiment, cipher instruction 322 comprises the instruction of an appointment one crypto-operation.In Reduced Instruction Set Computer embodiment, cipher instruction 322 comprises the microcommand of an appointment one crypto-operation.In one embodiment, cipher instruction 322 utilizes the unnecessary or command coding of usefulness not in the existing instruction set architecture.In the embodiment of an x86 compatibility, cipher instruction 322 is the instruction of one 4 byte, it comprises x86 and repeats (REP) preposition (being 0xF3), follow the not x86 operation code of usefulness (for example 0x0FA7) of 2 bytes, add 1 byte, it specifies in a particular block cipher mode of using when carrying out a designated pin computing.In one embodiment, can carry out offering under the System Privileges level of application program according to cipher instruction 322 of the present invention, therefore and can be in an application program or under the control of an operating system 320, be programmed into to make in the program instruction streams and offer microprocessor 301.Only need a cipher instruction 322 indication microprocessors 301 owing to carry out the crypto-operation of appointment, like this, computing to finish for operating system 320 will be transparence fully.

During computing, application program of operating system 320 primings makes on microprocessor 301 and carries out, and during carrying out this application program, as the part of instruction stream, a cipher instruction 322 is offered by internal memory 321 and obtains logical circuit 302.Yet, before carrying out cipher instruction 322, this microprocessor 301 is indicated in instruction in program flow, content with initialization register 308-312, so that with the position 323-327 of its sensing in internal memory 321, these positions comprise a cipher control character 323, an initial password key 324 or a key catalogue 324, an initialization vector 325 (if necessary), for the input characters 326 and the output character 327 of computing.Before carrying out cipher instruction 322, need initialization register 308-312, because cipher instruction 322 needs an indicator register 308-312 and an adjunct register 313, so before carrying out cipher instruction 322, need initialization register 308-312, and adjunct register 313 comprises a block count, and it is some encrypted or decrypted data blocks in input characters 326.Like this, translation logic circuit 303 gets access to cipher instruction from obtaining logical circuit 302, and it is translated to one corresponds to microinstruction sequence, carries out the crypto-operation of appointments with indication microprocessor 301.Computing one is corresponding to more than first microcommand circuit 305-306 of microcommand circuit family, the data that provided by load logic circuit 314 are provided special instructions password unit 316, promptly begin to carry out the quantity of designated pin wheel, to produce a corresponding dateout block, and provide corresponding dateout block to stored logic circuit 317, via data high-speed buffer memory 315 it is stored in the output character 327 of internal memory 321.In corresponding to the sequence of microcommand, microcommand more than one second (not illustrating) indication other performance element in microprocessor 301, carry out other necessary computing, to finish the crypto-operation of appointment, for example manage no architectural registers (not illustrating), it comprises temporary transient result and counter, upgrade input and output indicator register 311-312, and behind the encrypt/decrypt of an input characters 326, upgrade initial vector pointer register 310 (if necessary), handling interrupt is shelved or the like.In one embodiment, register 308-313 is structural register.One structural register 308-313 is defined as at the instruction set architecture that is used for special microprocessor (instruction set architecture, ISA) Nei a register.

Computing in one embodiment, password unit 316 is divided into several stages, allows the continuous input characters 326 of pipelineization whereby.

The block diagram 300 of Fig. 3 provides necessary assembly of the present invention, also therefore, the majority logic circuit in microprocessor 301, for cheer and bright, thereby in block diagram 300 omissions.Yet one it will be understood to those of skill in the art that microprocessor 301 according to particular implementation, comprises many stages and logic module, for cheer and bright, it is gathered together.For example, load logic circuit 314 can be implemented an address and produce the stage, and then a cache interface stage, then a cache line alignment stage.Yet importantly, according to the present invention, complete crypto-operation on a plurality of input characters 326, be instructed to via single password instruction 322 according to the present invention, the crypto-operation of its cipher instruction circuit is only considered operating system 320, and the execution of cipher instruction circuit is via an exclusive password unit 316, and parallel computing is finished in microprocessor 301.Another embodiment of the focus password unit 316 that the present invention is absorbed in, be similar to several every year before, the enforcement configuration of exclusive floating point unit hardware in a microprocessor.Password unit 316 reaches the computing of the cipher instruction 322 of being correlated with, and is compatible with old operating system simultaneously 320 and application fully, will be in the following more detailed description of doing.

Referring now to Fig. 4, a schematic diagram shows an embodiment according to little cipher instruction 400 of the present invention.Little cipher instruction 400 comprises an alternative preamble field 401, and then one repeats preamble field 402 thereafter, a then operation code field 403 again afterwards, then a block cipher mode field 404 and then.In one embodiment, the content of these fields 401-404 is consistent with the x86 instruction set architecture.General and other instruction set architecture compatibility of other embodiment.

In the computing, alternative preamble field 401 is to be used in many instruction set architectures, with activation or some treatment characteristic device of not activation one master microprocessor, for example indicates 16-position or 32-bit arithmetic, indication processing or access particular memory fragment or the like.Repeat preamble field 402 indications and on a plurality of input block pieces, finish (that is plaintext or ciphertext) by the crypto-operation of little cipher instruction circuit 400 appointments.Repeat preamble field 402 and also infer a microprocessor that is fit to, using the content of a plurality of framework registers, as one in Installed System Memory the pointer of position, Installed System Memory comprises the data and the parameter of specific cryptosystem computing.As mentioned above, in the compatible embodiment of an x86, the numerical value that repeats preamble field 402 is 0xF3.And according to the infrastructure protocol of x86, the instruction of the x86 repeated strings of cipher instruction and REP.MOVS and so on is quite similar.For example, when carrying out the microprocessor embodiment of of the present invention and x86 compatibility, repeat preamble field instruction indication and be stored in block among the structure register ECX and calculate variable, be stored in the source address pointer (pointing out the input data that crypto-operation is used) among the register ESI and be stored in destination address pointer (in internal memory, pointing out the dateout zone) among the register EDI.In the compatible embodiment of x86, the present invention makes known repeated strings command content, more with reference to being stored in the control character pointer among the register EDX, the pointer (if words that the chip mode of appointment needs) that is stored in the cryptographic key pointer among the register EBX and is stored in the initialization vector among the register EAX.Operation code field 403 specifies microprocessor to finish crypto-operation, and it more is specified in the control character that is stored in the internal memory, and this internal memory is by the indication of control character pointer.The preferable selective value that the present invention calculates operation code field 403 is with as standby in the existing instruction set architecture or do not use one of operation code, so that keep the consistency of the microprocessor that old operating system and application software meet.For example, as previously mentioned, operation code field 403 is implemented numerical value 0x0FA7, carries out the crypto-operation that specifies with indication.Block cipher mode field 404 is specified the special section block cipher mode, to carry out during specifying crypto-operation, as shown in Figure 5.

Fig. 5 has illustrated a table 500, and this table 500 has illustrated the numerical value according to the exemplary block cipher mode field of the electronic structure of Fig. 4.The computing of numerical value 0xC8 designated pin can be by using electronic codebook mode (electronic code book, ECB) information pattern and finishing.The computing of numerical value 0xD0 designated pin can access to your password piece chain (cipher block chaining, cypher block chaining) and finish.The computing of numerical value 0xE0 designated pin can access to your password, and (cipher feedback CFB) finishes feedback model.The computing of numerical value 0xE8 designated pin can be used output feedback mode, and (output feedback OFB) finishes.All other values of block cipher mode field 404 can be retained.These patterns are described in aforesaid FIPS literal to some extent.

Then, Fig. 6 has illustrated a block diagram, and this block diagram has been described according to the password unit 617 in the x86-compatible microprocessors 600 of the present invention.Microprocessor 600 comprises and obtains logical circuit 601, obtains logical circuit 601 and obtains structure in order to carry out from internal memory (not illustrating).Obtain logical circuit 601 and be connected to translation logic circuit 602.Translation logic circuit 602 comprises the combination of logical circuit, assembly or microcode (in other words, micro-structural or body construction) or logical circuit, assembly or microcode, perhaps uses and translates the equivalent elements of structure to the associated order of micro-structural.Carrying out the assembly of translating in translation logic circuit 602 can share with other circuit, microcode etc., and these circuit, microcode are in order to carry out other function in microprocessor 600.Translation logic circuit 602 comprises transfer interpreter 603, is connected to the transfer interpreter 603 of microcode read-only memory 604 and is connected to transfer interpreter 603 and the password block serial block pointer logic 640 of microcode read-only memory 604.Interrupt logic circuit 626 is connected to translation logic circuit 602 by bus 628.Most softwares and hardware interrupt 627 are handled by interrupt logic circuit 626, and 626 indications of interrupt logic circuit are sent to translation logic circuit 602 with interruption.Translation logic circuit 602 is connected to the successive stages of microprocessor 600, and this microprocessor 600 comprises a register stage 605, address phase 606, load phase 607, execution phase 608, storage stage 618 and writes back the stage 619.In the successive stages each comprises the logical circuit of finishing specific function, these specific functions with carry out that to obtain the instruction that logical circuit 601 provides relevant, and these structures are described with similar title in the microprocessor of Fig. 3.The characteristic of the compatible embodiment of the described x86 of Fig. 6 is the execution logic circuit 632 in the execution phase 608, and the execution phase 608 comprises parallel performance element 610,612,614,616,617.One integer unit 610 receives integer microcommand circuit to carry out from microcommand formation 609.One floating point unit 612 receives the floating point microinstruction circuit to carry out from microcommand formation 611.One multimedia is extended collection unit 614 and is received multimedia extension collection microcommand to carry out from microcommand formation 614.A string curtain coating is stretched collection unit 616 and is received crossfire extension collection microcommand to carry out from microcommand formation 615.In exemplary x86 embodiment, password unit 617 is connected to crossfire by load bus 620, inhibit signal 621 and memory bus 622 and extends collection unit 616.Password unit 617 has been shared the microcommand formation 615 that crossfire extends the collection unit.In another alternate embodiment, carry out the independent parallel computing of password unit 617 in the mode that is similar to unit 610,612 and 614.Integer unit 610 is connected to x86 sign (EFLAGS) register 624.Flag register comprises X position 625, its in order to the indication crypto-operation whether in processing.In one embodiment, X position 625 is for coming the 30th position of x86 flag register 624.In addition, integer unit 610 receives mechanical particular register 628 to identify the state of E position 629.Whether the state indication password unit 617 of E position 629 presents in microprocessor 600.Integer unit receives a D position 631 in Characteristics Control register 630, so that password unit 617 activations or disabled.Microprocessor embodiment 301 as shown in Figure 3, the microprocessor 600 of Fig. 6 have described some assemblies especially with the ins and outs that clearly show the compatible embodiment of x86-and other assembly of clearly assembling or delete microprocessor.Those skilled in the art can know easily finish needed other assembly of interface such as data high-speed cache (not illustrating), Bus Interface Unit (not illustrating), frequency produces and assignment logic circuit (not illustrating) or the like.

In the computing, by obtaining logical circuit 601, from get instruction circuit and be synchronized with frequency signal (not illustrating) and provide instruction of internal memory (not illustrating) to translation logic circuit 602.Translation logic circuit 602 is translated the corresponding formation of each instruction circuit to the microcommand circuit, and these microcommand formations are synchronized with a frequency signal, is provided for the subsequent stage 605-608,618 and 619 of microprocessor continuously.Each microcommand circuit in the microinstruction sequence is indicated the execution of sub-computing, this sub-computing need be finished comprehensive computing, and this comprehensive computing is specified by corresponding instruction circuit, and these corresponding instructions can be as beneath instruction circuit: by the generation of the address of address phase 606; Two addition operation codes in the integer unit 610, this integer unit 610 from the register stage 605 appointment register (not illustrating) and obtain; Store the result that one of performance element 610,612,614,616,617 is produced, this storage is performed by storage stage 618.According to the instruction of being translated, translation logic circuit 602 will make transfer interpreter 603 directly produce microinstruction sequence, perhaps obtain sequence, perhaps make the transfer interpreter 603 direct existing sequence parts that produce a part of and acquisition of sequence from microcode read-only memory 604 from microcode read-only memory 604.Microcommand and frequency signal are synchronously by subsequent stage 605-608,618 and 619 and carry out in succession.Arrive 608 o'clock execution phases in microcommand, they and its operation code and appointed performance element 610,612,614,616,617 (are obtained from register in the register stage 605, perhaps produced by the logical circuit in the address phase 606, perhaps obtained from the data high-speed buffer memory by load phase 607) be performed logical circuit 632 together and arrange to carry out, by being replaced microcommands by corresponding microcommand formation 609,611,613,615 and reaching.Performance element 610,612,614,616,617 is carried out microcommand and is provided the result to storage stage 618.In one embodiment, microcommand comprise indication its whether with the field of the parallel execution of other computing.React on the aforesaid cipher instruction of obtaining, translation logic circuit 602 produces relevant microcommand, and these microcommands are pointed out logical circuit in the subsequent stage 605-608,618,619 of microprocessor 600, to implement the crypto-operation of appointment.Computing first most relevant microcommands are transferred into password unit 617 and indicate password unit 617 that the data that provided by load bus 620 are provided, perhaps load the input data of a block and begin to carry out the encryption cycle of predetermined quantity, to produce the dateout of a block, perhaps by memory bus 622, so that the generation block of dateout to be provided, and be stored in the internal memory by storage stage 618.Second most relevant microcommands are transferred into other performance element 610,612,614,616 to carry out other sub-computing, this a little computing need be finished the prescribed password computing, these prescribed password computings can be: test E position 629, activation D position 631, set X position 625 to point out the register (just: counter register, input characters pointer register, output character pointer register) in the register 605 is being carried out, upgraded to crypto-operation whether, to handle to be interrupted the indicated interruption 627 of logical circuit 626.By the integer unit microcommand in the staggered password unit microinstruction sequence, relevant microcommand is provided as the execution of specific cryptosystem computing on the multiple input block piece, so that integer arithmetic can be finished with the password unit computing is parallel.Microcommand is included in the relevant microcommand to allow response interruption 627 and to return from interrupting 627.Because the pointer of all cryptographic parameter and data all leaves in the structure register of x86, their state will be saved when handling interrupt, and the state of grade is in recovery when interrupting returning.Therefore, when interrupt taking place, program controlly will jump to corresponding interrupt service routine.As the part of program control redirect, X position 625 will be fallen clearly, and is no longer valid with expression key data and control character data.When interrupting returning, the program control cipher instruction that is rotated back into, and as the part of its relevant microcommand, special microcommand will test the state of X position 625 to determine key data and control character data whether effective.If effectively, program will be proceeded to handle to the specific input block piece before interrupting generation, if it is no longer valid that the state of X position 625 shows key data and control character data, will arrive internal memory again, and read key and the control character of handling specific input block piece when interrupting taking place.In a word, according to the present invention, carry out initial testing that a cipher instruction always comprises X position 625 validity with decision key data and control character data in password unit 617.If key data and control character data are invalid, can read key data and control character data from internal memory.The input block piece that is pointed to by the input pointer register is to be loaded then, and the designated pin computing ties up on the input block piece and carries out.In addition, the execution of the loading of input block piece and designated pin computing does not need to load earlier key data and control character data.

If a new key and control character have been arranged, before carrying out new cipher instruction, must fall this X position 625 clearly so.Use the continous cipher instruction of same key data and control word data also can be performed.In this case, need not after initialization key data and control word data are transfused to, to fall X position 625 clearly.For example, in order to improve the speed of rambus, the user can be divided into the encrypt/decrypt of 500 input block pieces 5 cipher instructions, and its each instruction can be handled 100 input block pieces.

Utilize password block serial mode, password block serial block pointer logic 640 will be finished crypto-operation.Password block serial block pointer logic 640 is guaranteed that the microcommand of being correlated with is working properly and is allowed the intermediate object program of pointer register and the block crypto-operation sequence on serial input characters block can be updated before handling interrupt 627.640 indications of password block serial block pointer logic are inserted into the microcommand circuit in the micro instruction flow, when carrying out the crypto-operation of first block input data, input in internal memory and dateout block pointer are to be modified to point to next input and dateout block like this.In addition, 640 indications of password block serial block pointer logic are inserted into the microcommand in the corresponding micro instruction flow, and change block count device is finished to show the crypto-operation on the present input data block.The cryptographic calculation of those skilled in the art's understanding under password block serial mode uses an initialization vector, and it is used to produce one first ciphertext block by one first plaintext block.In order to generate one second ciphertext block, the first ciphertext block will be used as the equivalent initialization vector of second plaintext block, successively continuity.Therefore password block serial block pointer logic 640 recognition code block serial modes are encrypted and are provided a sequence microcommand to upgrade the pointer of this structure register, and then guarantee first block behind the block expressly, to use suitable ciphertext block as its equivalent initialization vector.

For the deciphering of password block serial mode, those skilled in the art understand initialization vector of use and one first ciphertext block, to produce one first plaintext block.In order to generate next expressly block, the first ciphertext block will be used as the equivalent initialization vector of this second ciphertext block, successively continuity.Therefore a sequence microcommand is deciphered and provided to these password block serial block pointer logic 640 recognition code block serial modes, when corresponding plaintext block produces, temporary transient each ciphertext block that stores, and the ciphertext block that will temporarily store writes back to the memory field that the initialization vector pointer register points to, and makes nextly expressly to be able to as an equivalent initialization vector when block produces.

Referring now to Fig. 7, chart understands that for example one carries out the structure of the typical microcommand 700 of codon computing in the microprocessor of Fig. 6.Microcommand 700 comprises 701, one data register fields 702 of a little operation code field and a register field 703.Little operation code field 701 has shown a specific sub-computing that will be performed, and has shown the logical circuit at least one stage of the sub-computings of microprocessor 600 execution.The particular value of little operation code field 701 shows that the microcommand of appointment is by carrying out according to password unit of the present invention.In one embodiment, two kinds of particular values are arranged.One first value loads (XLOAD) and shows and will obtain data from the core position, and memory address is to be specified by the content of the represented structure register of data register field 702.Data will be loaded in the register of password unit, and register is then specified by register field 703.The data that get access to (for example cryptographic key data, control character, input characters data, initialization vector) offer password unit.One second value of little operation code field 701 stores (XSTOR) and shows that the data that produced by password unit will be stored into a core position, and its address is specified by data register field 702 represented structure registers.In the embodiment of a multistage password unit, register field 703 is indicated a group in the array dateout blocks, in order to be stored in the internal memory.The dateout block offers the access of stored logic circuit by password unit in data field position 704.According to the present invention, carry out the more detailed description that loads and store microcommand about password unit and will in Fig. 8 and Fig. 9, discuss.

Fig. 8, table 800 have described 700, one values that load the register field 703 of microcommand of form according to Fig. 7.As the discussion of front, translate a cipher instruction and will cause microinstruction sequence of generation.Microinstruction sequence comprises first group of microcommand and one group of second group of microcommand being carried out by other parallel function unit beyond the password unit in this microprocessor of an execution password unit.Second group of microcommand finished, such as refresh counter, temporary register, structure register, test and be arranged on the sub-computings such as mode bit on the machine specified register.First group of instruction provide key, cryptographic parameter, and the input data to password unit and indicate password unit to make to generate key catalogue (or loading is from key catalogue that internal memory obtained), load and encrypt (or deciphering) input characters data, and store the output character data.One loads microcommand provides the Loading Control character data for password unit, and loading pin key or key catalogue load the initialization vector data, load the input characters data, and loads the input characters data and drive the crypto-operation that password unit is carried out appointment.At a numerical value 0b010 who loads in the microinstruction register field 703, the designated pin unit loads a control character in self internal control character register.Because this instruction is that the structure control character pointer register in register stage is by access, has deposited the address of control character in internal memory to obtain in the online execution of pipe.Addressing logic becomes physical address with address translation, for memory access.The load logic circuit obtains control character from high-speed cache, and control character is placed into data field position 704, and this moment, control character was sent to password unit.Same, register field numerical value 0b100 indicates password unit, to be carried in the input characters data that data field position 704 is provided, reaches loading subsequently, the crypto-operation of execution appointment.The same with control character, the input data are stored in pointer in the structure register by access by one.Numerical value 0b101 represents that the input data that data field position 704 is provided will be loaded into internal register 1 input-1.The data that are loaded into input-1 register can be input characters data (when pipelines), also can be initialization vectors.Numerical value 0b110 and 0b111 represent that password unit loads a cryptographic key respectively or produces the low level and the high position of a key in the key catalogue the user.According to the present invention, the user is meant and finishes an appointed function or specify arithmetic that the user can be an application program, an operating system, a machine, or a people.Therefore, in one embodiment, the user produces the key catalogue and can be set up by application program.In an optional embodiment, the user produces the key catalogue and can be set up by the people.

In one embodiment, the numerical value 0b100 of register field and 0b101 are divided into two stages with a password unit, and continuous input characters block can be by pipelineization.Therefore, carry out pipelineization in order to make two continuous input block pieces, one first loading microcommand is carried out one first input characters block to input-1 is provided, carry out one second loading microcommand subsequently and one second input characters block is provided for input-0, indicate password unit to begin to carry out the crypto-operation of appointment simultaneously.

If a user produces the key catalogue and is used to carry out crypto-operation, produce the corresponding most microcommands that load of the number of keys of key catalogue with the user so and will be sent to password unit, it is in order to be carried in each round key in the key catalogue.

All other values that load the register field 703 of microcommand are kept.

With reference to Fig. 9, table 900 illustrates the numerical value that stores the register field 703 of microcommand according to the form 700 1 of Fig. 7.The output character data that store microcommand indication password unit generation (promptly encrypting or deciphering) offer the stored logic circuit, and it is stored in the memory address of addressing field 702 appointments.Therefore, according to the present invention, the translation logic circuit is being after its relevant input characters block sends a loading microcommand, is that specific output character block sends a storage microcommand.The numerical value 0b100 indication password unit of register field 703 is united its inner output-0 output-0 register the output character block is offered the storage of stored logic circuit.The content of output-0 is relevant with the input characters block that is provided to input-0.Equally, with reference to register field numerical value 0b101, the content of inner output-1 register also is related with the input characters data that are provided to input-1.Therefore, load after key and the control character data, send the password microcommand and make a plurality of input characters blocks undertaken pipelineization by password unit, these password microcommands are in regular turn for to load. input-1, load. input-0 (load. input-0 also can indicate password unit to begin to carry out crypto-operation), store. output-1, store. output-0, load. input-1, load. input-0 (beginning following two input characters blocks are carried out computing) or the like.Refer now to Figure 10, according to the present invention, chart is described a control character form 1000 emphatically, the cryptographic parameter of control character designated pin computing.Control character 1000 is to be programmed into internal memory by the user, and before carrying out crypto-operation, its pointer is provided by a structure register that is fit to microprocessor.Therefore, part as the relevant microinstruction sequence of cipher instruction, one loads microcommand indication microprocessor reads the structure register that includes pointer, pointer is converted to a physical address, reads control character 1000 and control character 1000 is loaded into the internal control character register of password unit from internal memory (high-speed cache).Control character 1000 comprises a reserved field (RSVD) 1001, a cipher key size field (KSIZE) 1002, an encrypt/decrypt field (E/D) 1003, an intermediate object program field (IRSLT) 1004, a key produces field (KGEN) 1005, one algorithm field (ALG) 1006 and wheels count areas (RCNT) 1007.

The all values of reserved field 1001 all is retained.The content of cipher key size field 1002 is specified and is used for finishing the cryptographic key size of encrypting or deciphering.In one embodiment, cipher key size field or one 128 keys, or one 192 keys, or one 256 keys.The 1003 designated pin computings of encrypt/decrypt field are cryptographic calculation or decrypt operation.Key produces field 1005 and shows and provide a user in the internal memory to produce the key catalogue still be a single cryptographic key, if the words of a single password key, microcommand will send to password unit together with cryptographic key, make the cryptographic algorithm according to algorithm field 1006 appointments, indicating member is the key catalogue with cipher key spreading.In one embodiment, the algorithm of algorithm field 1006 appointments by at present the data encryption standard algorithm of discussion, triple DES algorithm or advance rank encryption standard algorithm.Alternative embodiment comprises other algorithm, such as the Rijndael cryptographic algorithm, and Twofish cryptographic algorithm etc.The content basis given algorithm of wheel count area 1007 finish each input characters block given password wheels number.Though above cryptographic algorithm standard has been specified the fixed password wheel number of each input characters block, provides wheel count area 1007 and allows the programmer to change the specified wheel number of this standard.In one embodiment, the programmer can specify 0 to take turns to 15 to each block.At last, whether the encrypt/decrypt that the content of intermediate object program field 1004 is specified an input characters block is according to the cryptographic algorithm standard of algorithm field 1006 appointments, count the executor with wheel count area 1007 specified wheels, perhaps whether encrypt/decrypt is according to the algorithm of algorithm field 1006 appointments, wheel number with wheel count area 1007 appointments is carried out, and last to take turns execution result be a median rather than final result.Those skilled in the art will wish that in each is taken turns many cryptographic algorithms are all carried out identical sub-computing, except the execution that last is taken turns.Therefore, so that intermediate object program rather than end product to be provided, can allow the programmer to change the intermediate steps of implementing operation method to middle result field 1004 programmings.For example, can take turns encryption, on the same text block, carry out two-wheeled then, 3 take turns etc. then, with the intermediate object program that obtains to add up performance with verification algorithm by on a literal block, carrying out one.Provide counting and the function of intermediate object program of taking turns able to programme to allow the user can the authentication password coding efficiency, detection failure, and probe into the effectiveness that different key structures and wheel are counted.

With reference to Figure 11, block diagram is described in detail according to password unit 1100 of the present invention.Password unit 1100 comprises a microinstruction register 1103 that receives password microcommand (promptly loading and store microcommand) by microinstruction bus 1114.Password unit 1100 also has a control character register 1104, an input-0 register 1105, reaches an input-1 register 1106, a key-0 register 1107, one keys-1 register 1108.Data offer register 1104-1108 by a load bus 1111, and are specified as the loading microcommand content 1103 li of microinstruction registers.Password unit 1100 also comprises the block cryptologic circuit 1101 that is connected to all register 1103-1108 and key random access memory (cryptographic key RAM) 1102.Block cryptologic circuit provides an inhibit signal 1113, and the block result is provided to output-0 register 1109 and an output-1 register 1110.Output register 1109-1110 is fit in the successive phases of microprocessor by the content to that a memory bus 1112 sends them.In one embodiment, microinstruction register 1103 is 32, and other register 1104-1110 then is all 128.

In computing, send microinstruction register 1103 to the password microinstruction sequencing, among control character register 1104 or the input register 1105-1106 simultaneously, or specified data among the cipher key register 1107-1108 also are sent out.In the embodiment that reference Fig. 8 and Fig. 9 are discussed, a control character at first loads microcommand by one and is loaded in the control character register 1104.Then by subsequent load microcommand loading pin key or key catalogue.If one 128 cryptographic key is loaded into, one loads microcommand can offer appointment register key-01107.If the cryptographic key greater than 128 is loaded, one load microcommand except offering appointment register key-01107 so, also provide register key-11108 a specified loading microcommand simultaneously.Catalogue is loaded if the user produces key, and then the specified subsequent load microcommand of register key-01107 will be provided.Each key that is loaded in the key catalogue in turn is stored in the key random access memory 1102 and uses in their corresponding password wheels.After this, input characters data (if not needing initialization vector) will be loaded into input-1 register 1106.Initialization vector if desired, it will load microcommand by one be loaded onto input-1 register 1106.Act on the loading microcommand indication password unit of input-0 register 1105, make and load the input characters data to input-0 register 1105, and begin the parameter that basis is provided by control character register 1104, use the initialization vector of input-1 or two input register 1105-1106 (if input data linesization) import-01105 input characters data with the execution register password wheels.After receiving the specified loading microcommand in input-01105, block cryptologic circuit begins to carry out specified crypto-operation by the content of control character.If an independent cryptographic key need be expanded, block cryptologic circuit promptly generates each key in the key catalogue, and they are stored in 1102 li of key random access memorys.No matter block cryptologic circuit 1101 produces the key catalogues or the key catalogue loads from internal memory, first round key is buffered in this block cryptologic circuit 1101, can carry out so that this first block password wheels need not be visited this key random access memory 1102.In case starting, block cryptologic circuit are the crypto-operation that continues to put rules into practice at least one input characters block up to finishing computing, as cryptographic algorithm is desired from key random access memory 1102 intercepting round key continuously.Password unit 1100 is carried out the block crypto-operation of an appointment on the input characters block of appointment.Continuous input characters block can and store microcommand via corresponding and continuous loading and carry out encryption or deciphering.After a storage microcommand is performed, if also having fully, appointed dateout (i.e. output-0 or output-1) do not produce, block cryptologic circuit is to produce inhibit signal 1113 at this moment.When dateout produced and be placed into a corresponding output register 1109-1110, the content of register 1109-1110 promptly was passed to memory bus 1112.

See Figure 12 now, a block diagram illustrating used according to the inventionly advance the embodiment that the rank encryption standard is carried out a block cryptologic circuit 1200 of crypto-operation.Block cryptologic circuit 1200 comprises by bus 1211-1214 and bus 1216-1218 and is connected to a wheel engine 1220 of taking turns engine controller 1210.Wheel engine controller 1210 accesses one microinstruction register 1201, control character register 1202, key-0 register 1203, and key-1 register 1204 is with key data, microcommand and the parameter etc. of access indication crypto-operation.The content of input register 1205-1206 is provided to wheel engine 1220 and wheel engine 1220 is provided to output register 1207-1208 with corresponding output character.Output register 1207-1208 is by bus 1216-1217, be connected to wheel engine controller 1210, to guarantee to take turns the result that engine controller can each continous cipher wheel of access, it is that a next password wheels is provided to wheel engine 1220 by bus NEXTIN 1218.The key of key random access memory (not icon), by bus 1215 by access.(ENC/DEC) encrypt/decrypt signal 1211 indicator wheel engines use sub-computing to carry out and encrypt (for example S-Box) or deciphering (S-Box for example reverses).The content driven wheel engine 1220 of wheel counting (RNDCON) bus 1212 is carried out one first and is advanced rank encryption standard wheel, advances rank encryption standard wheel in the middle of one or last advances rank encryption standard wheel.Single generation key (GENKEY) signal 1214 is used to refer to wheel engine 1220, generates a key catalogue with the key that is provided according to bus 1213.When its respective wheel was performed, key bus 1213 was to offer wheel engine 1220 each key of taking turns.

Wheel engine 1220 comprises the first key xor logic circuit 1221 that is connected on one first register temporary-0 1222.First register 1222 is connected to S-Box logical circuit 1223, and S-Box logical circuit 1223 then is connected to and moves on the column logic circuitry 1224.Move column logic circuitry 1224 and be connected to temporary-1 1225 place of one second register.1225 in second register is connected to and mixes hurdle logical circuit 1226, mixes hurdle logical circuit 1226 and is connected to one the 3rd register temporary-2 1227.These are discussed in the above advances the first cipher key logic circuit 1221 among the encryption standard FIPS of rank, and S-Box logical circuit 1223 moves column logic circuitry 1224 and mixes hurdle logical circuit 1226 and carry out sub-computing as their title on the input characters data.Mixing hurdle logical circuit 1226 needs during breast wheel by key bus 1213, uses round key to carry out rank encryption standard xor function on the input data.The first cipher key logic circuit 1221, S-Box logical circuit 1223 moves column logic circuitry 1224, reaches mixed hurdle logical circuit 1226 and also is used for passing through encrypt/decrypt state 1211 between the decryption period, oppositely advances the sub-computing of rank encryption standard accordingly in order to carry out them.Those skilled in the art understand the special section block encryption pattern of basis by the content appointment of control character register 1202, and the breast wheel data are feedback to wheel engine 1220.Initialization vector data (if desired) are to offer wheel engine 1220 by bus NEXTIN 1218.

In the embodiment shown in fig. 12, the wheel engine is divided into two stages: the phase I between temporary-0 1222 and temporary-1 1225, temporary-1 1225 with keep in-2 1227 second stage then.Breast wheel data and frequency signal (not icon) pipeline transmission between the stage synchronously.When crypto-operation was finished on an input block piece, relevant dateout promptly was stored in corresponding output register 1207-1208.The execution that one microcommand stores makes one to specify the content of output register 1207-1208 to be provided to a memory bus (not icon).

See Figure 13 now, a flow chart description according to the present invention during an interrupt event method of protection cryptographic parameter state.According to the present invention, when microprocessor execution command stream, flow process begins at block 1302 places to carry out.Instruction flow is not to comprise a cipher instruction described herein.Subsequently, flow processing is judged block 1304.

When judging block 1304, make assessment with determine whether interrupt event (for example, maskable interrupts, maskable interrupts, wrong page or leaf, task is switched, or the like) take place to require to remove to handle this interrupt event changing current instruction stream (" interrupt handler ").If flow process is promptly carried out block 1306.If not, flow process is being judged block 1034 circulations, can continue to carry out up to an interrupt event in this instruction and take place.

According to the present invention, when block 1306, because there is an interrupt event to take place, before will program controlly giving corresponding interrupt handler, the interrupt logic circuit guides and falls the interior X position of flag register clearly.Removing the X position guarantees, when when interrupt handler returns, if a block crypto-operation is carrying out, show that at least one interrupt event takes place, and before the block crypto-operation by input pointer register content input block piece pointed continued, control character data and key data must reload.Flow process enters into block 1308 subsequently.

At block 1308,, be stored into internal memory to all structure registers that comprise the pointer sum counter relevant with carrying out the block crypto-operation according to the present invention.Those skilled in the art understand and to deliver program controlly before interrupt handler, and the memory structure register is the behavior of finishing at the current data calculation element.Thereby the present invention utilizes the purpose of current data structure that the transparence of execution is provided during whole interrupt event.After register was stored, flow process promptly proceeded to block 1310.

At block 1310, program flow is passed to interrupt handler.Flow process promptly proceeds to block 1312 subsequently.

At block 1312, Method Of Accomplishment.Those skilled in the art understand, after the method for Figure 13 is returned from interrupt handler, once more from block 1302.

With reference now to Figure 14,, flow chart has been described according to the present invention to carry out the method for a designated pin block serial mode crypto-operation on several input block pieces under the situation of at least interrupt event generation.

Flow process according to the present invention, is guided crypto-operation at this cipher instruction in block 1402 beginning, allows the crypto-operation block serial mode that accesses to your password begin to carry out.The execution of password can be one first execution, also can be after one first carries out, and carries out the result of interrupting by an interrupt event, and is program control after an interrupt handler executed, transfers back to the cipher instruction place.Flow process proceeds to block 1404 subsequently.

At block 1404,, via a content block pointed of an input pointer register, load and start the crypto-operation of an appointment from internal memory in the internal memory according to the present invention.Specific input pointer register is block cipher mode (for example ECB, the serial of password block, CFB or the OFB) decision maker of institute by special password computing of appointment (for example, encrypt or decipher) and appointment.For example, if a cryptographic calculation uses the OFB pattern, be used for the input pointer register of loading data so promptly to mean the register of an initialization vector in internal memory.If a decrypt operation uses ecb mode, be used for the input pointer register of loading data so promptly to point to the register of next password block in the internal memory.If specify a password block serial mode cryptographic calculation, the register that points to next plaintext block will be used as the input pointer register, and by the block that the initialization vector pointer register points to, be used to generate corresponding ciphertext block again.If specify a password block serial mode decrypt operation, the register that points to next ciphertext block will be used as the input pointer register, and the block of being pointed to by the initialization vector pointer register is used to generate corresponding plaintext block.Flow process proceeds to subsequently judges block 1406.

Judging that block 1406, one assessments are used to decision whether the X position is set in a flag register.If the X position is set up, show that promptly present control character and the key catalogue that is loaded into a password unit according to the present invention is effective.If remove the X position, show that promptly the control character and the key catalogue that are loaded into password unit at present are invalid.As above-mentioned mention indirectly, with reference to Figure 13, when interrupt event took place, the X position was promptly fallen clearly.In addition, that as above mentions is such, when needs load a new control character or key catalogue or two all necessary loadings, promptly must fall the X position clearly before sending cipher instruction.Use among the compatible embodiment of the 30th x86 of x86 sign (EFLAGS) register one, have the PUSHFD instruction of a POPFD instruction to fall the X position clearly subsequently by carrying out one.But those skilled in the art understand, and other instruction must be used to fall clearly the X position in other replaceable embodiment.If the X position is set up, flow process will proceed to block 1412.If this X position is fallen clearly, flow process promptly proceeds to block 1408.

At block 1408, because an X position that is eliminated shown that an interrupt event takes place, perhaps new control character and/or key data will be loaded, and therefore a control character is to load from internal memory.In one embodiment, the Loading Control character stops password unit to be carried out as above-mentioned block 1404 described designated pin computings.In this typical embodiment, start a crypto-operation for 1404 li at block, allow to utilize the control character and the key data that load at present that the multi-tiling crypto-operation is carried out optimization by supposition.Therefore, the present input data block is to be loaded, and crypto-operation just began before checking the situation of judging X position in the block 1406.Next flow process promptly proceeds to block 1410.

At block 1410, key data (i.e. a key or a complete key catalogue) is loaded from internal memory, in addition, according to new control character and the key catalogue that loads, input block of being mentioned at block 1404 and initialization vector (or equivalent initialization vector) are again loaded and are started crypto-operation.Next flow process promptly proceeds to block 1412.

Be used to decision in block 1412, one assessments and whether specified a password block serial cryptographic calculation or the computing of password block serial decryption.If be appointed as encryption, flow process promptly proceeds to block 1420, if be appointed as deciphering, flow process promptly proceeds to block 1414.

Corresponding to this output block (ciphertext) that is loaded input block (expressly) at block 1420, is produced.Flow process proceeds to block 1422 subsequently.

At block 1414, the input block piece (current ciphertext block) that loads in block 1404 or block 1410 is stored into an internal register TEMP.Flow process proceeds to block 1416 then.

Corresponding to the output block (expressly) that is loaded input block (ciphertext) at block 1416, is produced.Flow process is with post processing zone piece 1418.

At block 1418, the content of internal register TEMP (current ciphertext block) is write to initialization vector pointer register content core position pointed, so that the deciphering of a subsequent ciphertext block, and will use the initialization vector of the current block of ciphertext as an equivalent.Flow process proceeds to block 1422 then.

Described step is required to guarantee that at a state its performed cipher instruction of block serial mode that allows to access to your password is interrupted at any time in the block 1414,1416 and 1418.For example, in one embodiment, a wrong page or leaf a cipher instruction the term of execution can take place at any point.

At block 1422, the output block of generation is stored into internal memory.Flow process proceeds to block 1424 then.

At block 1424, the content of input and output block pointer register is modified to points to next input and output block.In addition, the content of block count register is modified to and shows finishing of on present input data block crypto-operation.In the embodiment that Figure 14 discussed, the block count register successively decreases.But those skilled in the art understand, and replaceable embodiment uses the computing and the test of block count content of registers, to allow the execution of input characters block pipeline.Flow process is judged block 1426 subsequently.

Judging that block 1426, one assessments are used to determine whether an input block piece is waited to be performed.Among the embodiment of Miao Shuing, be illustrative purpose here, the block count device is in order to determine whether it equals zero.If there is not block to wait to be performed, flow process promptly proceeds to block 1430.If a block is waited to be performed, flow process is to begin to carry out block 1428.

At block 1428, when pointing to via the content of input pointer register, next district of input data is loaded.Flow process is handled block 1412 then.

At block 1430, Method Of Accomplishment.

Those skilled in the art wish that block 1416,1418,1420,1422 and 1424 steps of being discussed can be along their special flow paths, take place or their generation that can walk abreast with different order.

Though described the present invention and its target, feature and advantage in detail, other embodiment also should be contained by the present invention.For example, the present invention couple goes through with the embodiment of x86 system compatibility.But such discussing mode is because the x86 system is understood widely, and the means that therefore an abundance is provided are with study the present invention.The present invention comprises that still such as other instruction set architecture of PowerPC, MIPS and fellow thereof and other be the embodiment that new instruction set architecture adapts fully.

The present invention still is included in the computing system assembly but not the execution of crypto-operation in this microprocessor itself.For example, can easily use in a password unit embodiment according to cipher instruction of the present invention, that is not must use as a computer system part as the integrated circuit in the microprocessor.The expection embodiments of the invention will be integrated into a microprocessor chipset (for example, north bridge, south bridge) on every side or the application specific processor of conduct execution crypto-operation, give processor at this cipher instruction from a master microprocessor.Expectation the present invention will be applied to embedded controller, industrial control unit (ICU), signal processor, array processor and be used for the miscellaneous equipment of deal with data.The present invention is also included within to describe here and carries out the embodiment that the necessary assembly of crypto-operation is formed.An equipment like this will provide a low cost, lower powered selection to carry out crypto-operation as the encryption/decryption process device in a communication system really.For the purpose of clear and definite, these processing components selected that the present invention mentions are processors recited above.

In addition, although the present invention is described with 128 blocks, the size that only needs to change input data, dateout, key and control character register just can realize different block sizes.

And, though data encryption standard, triple DES and advance exponent number and detailed description is arranged in the present invention according to encryption standard, the present invention points out the block cryptographic algorithm that comprises that also less people knows, such as MARS cryptographic algorithm, Rijndael cryptographic algorithm, Twofish cryptographic algorithm, Blowfish cryptographic algorithm, Serpent cryptographic algorithm and RC6 cryptographic algorithm.The invention provides the block encryption apparatus of appointment and in a microprocessor, support the method that a cover is realized, can pass through the execution of an independent instruction by priming in the computing of microcell block encryption.

In addition, though the present invention according to the block cryptographic algorithm, and is described the correlation technique of carrying out the block cryptographic function, merits attention the present invention and comprise other password form except the block password fully.An instruction separately is provided, can indicate the microprocessor of a compatibility to carry out a crypto-operation with the user such as encrypting or deciphering, comprise the password unit of an appointment at this microprocessor, the password unit of appointment is finished appointed cryptographic function by instruction circuit.

And the discussion about the wheel engine here provides the device in one 2 stage, and such two input block pieces just can the pipeline execution.The inventor points out that other embodiment may be more than 2 stages.Expect the pipeline stage of more input block pieces divide be with other stage that matches in the microprocessor be consistent.

At last, though the present invention is discussed as the independent password unit of a number of support block cryptographic algorithm, the present invention also comprises to be provided and parallel several password units that are connected of other performance element in a compatible microprocessors, at this, each in these password units is in order to carry out a specific block cryptographic algorithm.For example, a first module is configured to into rank encryption standard, and Unit one second then is configured to data encryption standard or the like.

It will be understood by a person skilled in the art that easy use discloses clear and definite notion and embodiment, with as finishing purpose basic engineering of the present invention or revise other structure, and the various changes of being carried out according to this, substitute and change spirit and the scope that does not all break away from the present invention and defined.

Claims (20)

1. one kind in order to carry out the device of crypto-operation, comprises:

One cipher instruction circuit, it produces a cipher instruction that is received by a computing equipment, this cipher instruction is as the part of the instruction stream of carrying out on this computing equipment, and this cipher instruction specifies this crypto-operation of one of described crypto-operation and wherein appointment to comprise: carry out a plurality of block password serial block crypto-operations on corresponding a plurality of input characters blocks;

One block password serial block pointer logic, it is connected to this cipher instruction circuit, in order to drive this computing equipment, to upgrade a plurality of intermediate object programs of a plurality of pointer registers and each described block password serial block crypto-operation; And

One execution logic circuit, it is connected to this block password serial block pointer logic, in order to carry out this crypto-operation of appointment.

2. device according to claim 1, wherein this crypto-operation of appointment further comprises at least one of column operations down:

One block password string row mode cryptographic calculation, its computing comprise encrypts a plurality of plaintext blocks, to produce corresponding a plurality of ciphertext block; And

One block password string row mode decrypt operation, its computing comprise a plurality of ciphertext blocks of deciphering, to produce corresponding a plurality of plaintext block.

3. device according to claim 1, this cipher instruction is specified the password block serial mode in order to this crypto-operation of carrying out appointment.

4. device according to claim 1 further comprises:

A holder, its of storage also is connected to this execution logic circuit, and whether this is interrupted by an interrupt event in order to this crypto-operation that shows appointment.

5. device according to claim 4, wherein this bit register is arranged in a flag register.

6. device according to claim 4, wherein this interrupt event comprises and shifts program controlly to a program flow of handling this interrupt event, and wherein is interrupted in the execution of this crypto-operation of current input characters block.

7. device according to claim 6, wherein when from program control when returning this cipher instruction, this crypto-operation of appointment is performed in this current input characters block.

8. device according to claim 1, when wherein the described password block serial block crypto-operation of each on each corresponding described input characters block is finished, this password block serial block pointer logic of appointment is guided this computing equipment, revise this pointer register, pointing to next input and output literal block, and current output character block is stored into via the content of initialization vector register place, core position pointed.

9. device according to claim 1, wherein this cipher instruction relates to a plurality of registers in this computing equipment.

10. device according to claim 9, wherein said register comprise be selected from one of following:

One first register, wherein the content of this first register comprises first pointer of a sensing first memory address, and this first memory address has been specified the primary importance in internal memory, the described input characters block of access when this crypto-operation of appointment will be done;

One second register, wherein the content of this second register comprises one second pointer that points to one second memory address, this second memory address specifies in the second place in this internal memory to preserve corresponding a plurality of output character block, and these corresponding a plurality of output character blocks are finished the result that this crypto-operation produced of appointment on a plurality of input characters blocks;

One the 3rd register, wherein the content of the 3rd register shows a plurality of literal blocks in a plurality of input characters blocks;

One the 4th register, wherein the content of the 4th register comprises one the 3rd pointer that points to one the 3rd memory address, the 3rd memory address is specified the 3rd position in internal memory, for the access of the employed cryptographic key data of this crypto-operation that is used for finishing appointment;

One the 5th register, wherein the content of the 5th register comprises the 4th pointer of a sensing one the 4th memory address, the 4th memory address is specified the 4th position in internal memory, for the access of the employed initialization vector of this crypto-operation that is used for finishing appointment; And

One the 6th register, wherein the content of the 6th register comprises a five fingers pin that points to one the 5th memory address, five position of the 5th memory address appointment one in internal memory, for the access of the employed control character of this crypto-operation that is used for finishing appointment, wherein this control character is a plurality of cryptographic parameter of this crypto-operation of appointment.

11. device according to claim 1, wherein this execution logic circuit comprises:

A password unit, it carries out a plurality of password wheels on each described input characters block, and producing a corresponding output character block at each described output character block, described password wheels is specified by a control character that acts on mutually with this password unit.

12. the device in order to the execution crypto-operation comprises:

One password unit in an equipment responds one of described crypto-operation that receives a cipher instruction in order to carry out in the instruction stream of this crypto-operation of appointment, wherein this crypto-operation of appointment comprises:

On corresponding a plurality of input characters blocks, carry out a plurality of password block serial block crypto-operations; And

Password block serial block pointer logic, it is connected to this password unit, in order to guide this device, to upgrade the intermediate object program of pointer register and each described password block serial block crypto-operation.

13. device according to claim 12, wherein an interrupt event makes one program controlly to transfer to a program flow of handling this interrupt event, and it interrupts the execution of this crypto-operation of appointment among current input characters block.

14. device according to claim 13, wherein when from program control when turning back to this cipher instruction, this crypto-operation of appointment is promptly carried out on this current input characters block.

15. device according to claim 12, when wherein the described password block serial block crypto-operation of each on each corresponding a plurality of input characters block is finished, this password block serial block pointer logic of appointment is guided this computing equipment, revise this pointer register, pointing to next input and output literal block, and store a current output character block to via initialization vector register core position pointed.

16. a method of carrying out crypto-operation in an equipment, this method comprises:

Carry out one of described crypto-operation, to receiving a cipher instruction, wherein this cipher instruction is indicated this crypto-operation of appointment with response, and this execution is included in and carries out the computing of a plurality of password block serial mode block on the corresponding a plurality of input characters blocks; And

One current input characters block is write an initialization vector position, so that on next described input characters block, make one of next described password block serial mode block computing use this current input characters block, as the equivalent of an initialization vector.

17. method according to claim 16 also comprises:

Shift program control to a program flow, in order to handle an interrupt event; And

The execution of interruption this crypto-operation of appointment on this current input characters block.

18. method according to claim 17 also comprises:

From program control cipher instruction after turning back to this transfer the time, on this current input characters block, carry out this execution.

19. method according to claim 16, wherein this reception comprises: specify a password block serial mode decrypt operation, with this crypto-operation as appointment.

20. method according to claim 16, wherein this reception comprises: specify a kind of password block serial mode in order to this crypto-operation of finishing appointment in this cipher instruction.

Images