CN1652163B - Apparatus and method for performing transparent output feedback mode cryptographic functions - Google Patents

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, OFB mode logic, and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of OFB block cryptographic operations performed on a corresponding plurality of input text blocks. The OFB mode logic is operatively coupled to the cryptographic instruction. The OFB mode logic directs the computing device to update pointer registers and an initialization vector location for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the OFB mode logic. The execution logic executes the one of the cryptographic operations.

Description

Carry out the method and the device of transparent output feedback mode cryptographic functions

Right of priority of the present invention is quoted from No. the 10/826745th, patent application; The applying date is on April 16th, 2004, and name is called " APPARATUS AND METHOD FOR PERFORMINGTRANSPARENT OUTPUT FEEDBACK MODE CRYPTOGRAPICFUNCTIONS ".

Technical field

The present invention relates to the microelectronics field, relate in particular to a kind of device and method of in microprocessor or miscellaneous equipment, carrying out permeability output feedback mode crypto-operation.

Background technology

Early stage computer system is separated operation independent with other computer system; Therefore in a sense; All required input data of performed application program reside in computer system on the early stage computer system, or when operation, provide by the application programmer.The output data that produces after application program executes generally all be printed on the paper or with the stores of file on tape, disk or other a large amount of storage facilitiess as the computing system ingredient.Like this; Output file just can be used as the input file of the application program of on same computer system, being moved subsequently; If be stored on removable or portable a large amount of storage facilitiess with file before the output data, it just can be by a difference but the application program on the computing system of compatibility use.In these early stage systems, understand the demand of protection sensitive information gradually, and in the out of Memory safety practice, password program development and be used to protect the disclosed sensitive data of unauthorized.In general, these password programs will be stored in the encryption and the deciphering of the output data of mass storage.

In recent years, the user finds to connect network computer, with the data that provide access to share.Jointly, network structure, operating system and Data Transport Protocol have likewise been shared access the ability of data, and developing into is not only support, even has played the part of the important role of projection property.For example; In today: the user of a computer workstation; Can read different operating station or NetWare file server file, use the Internet to obtain news and other information, transmit and receive electronic information (also being Email), be connected to supplier's computer system at hundreds of intercomputers; Credit card or bank function information are provided; With carry out and the supplier between dealing or in the dining room, airport or other public place utilize wireless network to carry out aforementioned activity, all are quite usual things.Therefore, protection unauthorized disclosed sensitive data itself and transmission requirements are grown up tempestuously.One user is during a given computing machine multi-layer protocol, and the obligated case of sensitive data of protecting is more and more.News headlines regularly increases the weight of the power of computer information safe subject under discussion at present, for example the forefront of spam, assault, personal data outflow, public's subjects under discussion such as reduction engineering, network defraud and credit card deception.And because the cyberterrorism of these premediations, with the influence of improper means invasion individual privacy scope, appropriate body is drafted out corresponding new method, the execution of strictness and the program of public education.Yet, have no a kind of being reflected on the computerized information compromise processing trend to show effect.Originally thing, financial system, military affairs and the spy's problem of having only government to be concerned about become general citizen now and read Email or carry out a kind of significant theme when living depositor's access from its home computer.

Aspect the information security category, develop gradually some technology and device and can let the information only can be by specific understanding, the promptly so-called cryptography (cryptography) of receiving looking like.When being applied to protect information especially; It is when intercomputer stores or transmit, encrypt be used in transmit responsive information (known as " expressly " (cleartext) or " this paper " (plaintext) to the form ((ciphertext)) that can not understand like " ciphertext ".The transport process that expressly is converted to ciphertext is claimed " encrypting (encryption) ", " enciphering (enciphering) " or " encipherment (ciphering) ", and ciphertext is converted to transport process expressly and claims " deciphering (decryption) ", " removing password (deciphering) " or " additive cipher (inverse ciphering) ".

In the password category, set up several steps and rule, allow the user not need altitude knowledge or make great efforts to accomplish crypto-operation, and these users can be transmitted or otherwise provide its information to other user like encrypted form.Along enciphered message, " Crypted password " that conveyer generally provides the recipient one and can not make the recipient to remove enciphered message, so the recipient can not remove or otherwise increase the access of unencryption raw information.A kind of technology is taked cryptoguard with these steps or rule, and mathematical operation and specially designed application forms are with high sensitive information encryption or deciphering.

Some computing classifications are used in data encryption or deciphering.In this first kind computing classification of mentioning (like public golden key cryptographic calculation: the RSA computing) utilize two kinds of Crypted passwords (a kind of public golden key (public key) and the golden key of a kind of individual (private key)) with data encryption or deciphering.Mention some public golden key computings, a kind of public golden key is used to send to recipient's data encryption.Have a mathematics calculation relation concurrently at the public and private golden key of user, the recipient must utilize its private golden key will transmit data decryption with restore data.Though this type of cryptographic calculation extensively was used in today, encrypt and decrypt operation speed still slow excessively, even encrypt and decrypt low volume data only.Second type of computing like symmetric key computing (symmetric keyalgorithms), the data security certain degree is provided, and speed is faster.These computings are called the symmetric key computing, encrypt golden key in encrypting and decryption information because it uses.Three kinds of golden key computings of known main encryption are arranged: data encryption standards rule (data encryption standard; DES); Triple DES rule (Triple DES) and advance rank encryption standard rule (advanced encryption standard, AES).Because these calculation intensity protection high sensitive data, it is used by U.S. government and agency thereof now.But can expect that at least one in these technology will become commerce or private transmission standard in future.According to these symmetric key computings, plaintext and ciphertext are distinguished at a distance from encrypting or decipher in a special size respectively.For example, 128 big minizones advance the complete cryptographic calculation of rank encryption standards rule, and use 128,192 and 256 encryption gold key.What other symmetric key computing allowed 192 and 256 bit data groups advances the rank encryption standard.Mention the block encryption computing, a kind of 1024 cleartext informations are as eight 128 bytes are encrypted.

Whole symmetric key computings utilizes the inferior computing of same form, with an expressly block encryption.And mention the generally more normal symmetric key computing of using, a kind of initial encryption gold key is expanded multiple golden key (like a kind of " golden key catalogue "), and each (round) is accomplished in the plaintext block as meeting time computing encryption " bout ".For example, the first gold medal key of golden key catalogue makes to be used for accomplishing in first of plaintext block computing last time encrypts bout, and wherein the second gold medal key of second leg utilization gold key catalogue produces second result.A kind of sub-cell bout of specific quantity is done and produces the final bout result of a ciphertext itself.Advance inferior computing in each bout of rank encryption standards rule computing, time position (or S-box) is still arranged, move row (ShiftRows), mixed hurdle (MixColum), adding bout key terms such as (AddRoundKey).During each bout, a kind of ciphertext block deciphering is accomplished, and except completion ciphertext input additive cipher and conversion time computing (as mixing the hurdle, moving row), each bout net result is the plaintext block.

Data encryption standards rule and triple DES rule are utilized the inferior computing of different qualities, but inferior computing and these advance the same worker of rank encryption standard rule because its be used in similar fashion conversion one expressly block become a ciphertext block.

On multiple follow-on test group, accomplish crypto-operation, all the symmetric key computing utilizes identical pattern.These patterns comprise electronic cipher book (electronic code book, ECB) pattern, password block serial (cipher block chaining, CBC) pattern, cipher feedback (cipher feedback, CFB) pattern, reach output feedback (output feedback, OFB) pattern.During inferior computing was accomplished, some patterns were utilized a kind of additional initialization vector, and some be used to complete in first expressly block encrypt the ciphertext output of primary importance, like a kind of additional input to the encryption second place of accomplishing in the second plaintext block.More correlation technique details; Can be referring to Federal Information Processing Standards Publication46-3 (FIPS-46-3); On October 25th, 1999, it has gone through the data encryption standards rule, triple DES is regular; And referring to FIPS-197, on November 26 calendar year 2001, it has made illustrated in detail to advancing the rank encryption standard.The aforesaid standards rule is by national standard science and technology research institute (National Instituteof Standards and Technology, NIST) promulgation and opinion.In addition, individual other instruction, white paper, sheathing tool and countermeasure can be with reference to the computer security strain centers (CSRC) of national standard science and technology research institute, and network address is http://csrc.nist.gov/.

The discernable most application programs of known technology personnel can be carried out to accomplish cryptographic calculation (as encrypting and going close) effectively on computers.In fact; Some arithmetic systems (like Microsoft , WindowsXP

, Linux) when original encryption form, encrypted application interface and homologue, directly provide the encrypt/decrypt service.In any case today, still there were some scarce traps in the computer encipher technology.Please directly with reference to figure 1, to highlight and to discuss these disappearances below.

Fig. 1 is framework Figure 100 that a kind of today, computer encipher was used, describes first computer workstation 101 that is connected with LAN 105, one second computer workstation 102, network file storage facilities 106, first router 107 or other and Wide Area Network (WAN) 110 like the Internet, reach a wireless network and also be connected like the interface that ieee standard 802.11 forms with LAN 105 by device 108.A notebook 104 utilizes wireless network 109 to be connected to wireless network by device 108.Wide Area Network 110 another emphasis, a secondary route device 111 provides one the 3rd computing machine workstation1 03 interface.

As mentioned above, today, the user repeatedly faced the subject under discussion of computer information safe property during operation.For example, under multi-job arithmetic system control today, workstation1 01 user can accomplish several work synchronously, and each all needs crypto-operation.Workstation1 01 user need carry out encrypt/decrypt application program 112 (provide or driven by arithmetic system like the partial arithmetic system) storage area file on network file storage facilities 106.When file stored, the user can transmit enciphered message to second user who is positioned at second computer workstation 102, and it also need carry out encrypt/decrypt computing 112.Enciphered message can be in real time (like a kind of information immediately) or non real-time (like Email).In addition, the user also can be from the 3rd computer workstation (103) via Wide Area Network 110 accesses or the sensitive data of him is provided final data (like credit card number, finance account transfer etc.) or other form.On LAN 105, share resource 101,102,106,107,108,109, workstation1 01 when the company that walks out gets into any one, the user uses the 3rd computing machine workstation1 03 can represent home computer or long distance computing machine 103.Each aforementioned activities needs one to meet the example of carrying out encrypt/decrypt computing 112.In addition; Wireless network 109 is provided in cafe, airport, school now usually, reaches other public place; Therefore no matter encrypting and decrypting of notebook 104 users is his/her other user of information transmission/reception needs immediately, and encrypts or decipher all information via wireless network 109 to wireless network by device 108.

The known technology person can understand, and each above-mentioned activity all need be done cryptographic calculation on workstation1 01-104, and the demand of carrying out an encrypt/decrypt application program 112 immediately also just should be arranged mutually.Therefore, computing machine 101-104 also possibly accomplish hundreds of cryptographic calculations simultaneously.

In any case, exist some on computer system 101-104, carry out at least more than one immediately encrypt/decrypt computing 112 and accomplish the restriction of cryptographic calculation method.For example, accomplishing an aforementioned functional via a software program compares slower via the execution of hardware completion identical function.Each encrypt/decrypt computing 112 all needs a period of time; And the current program of just on computing machine 101-104, carrying out possibly during this period of time must suspend to be carried out; And cryptographic calculation (like plaintext, ciphertext, pattern, golden key etc.) parameter must be passed through arithmetic system to encrypt/decrypt computing 112, carries out cryptographic calculation.And because cryptographic calculation must comprise a few round trip computings of special group data, encrypt/decrypt computing (112) is carried out to comprise and is carried out a plurality of computing machines extension instructions, and therefore all system's arithmetic speed has adverse influence.As the known technology personnel can find, transmit a little encrypted E-mail at Microsoft

Outlook and can transmit slow 5 times of a unencryption Email.

In addition, the limitation of current techniques is to be caused by the delay that operating system is interfered.Most of application programs do not provide integer gold key to generate or the encrypt/decrypt element, and element of their executive operating systems or embedded applications are to accomplish these tasks.And operating system is just dispatched in the demand and the interruption of executive utility according to other.

Even inventor of the present invention notices the completion of crypto-operation on the 101-104 of current computer system, and the completion that occurs preceding floating-point mathematics computing with special-purpose floating point unit in microprocessor is similar.Early stage floating-point operation realizes through software, so the speed of carrying out is very slow.Just as floating-point operation, be quite slow through the software executing crypto-operation.Along with the improvement of floating-point technology, floating point instruction is provided on the common processor of floating-point and carries out, and it is more a lot of soon than the realization of software that the common processor of floating-point is carried out floating-point operation, and it has also increased the cost of system certainly.Likewise, today, the password floating-point existed the form that is connected to the external unit of primary processor with expansion board or through parallel port or other peripheral interface (like USB).These floating-points make the execution of crypto-operation faster than the realization of regular software certainly.But the common processor of password has increased cost to system configuration, needs extra power supply and has reduced the reliability of system.Because data path, is eavesdropped so the execution of the common processor of password is easier quilt on same module unlike the master microprocessor that kind.

Therefore, inventor of the present invention recognizes that people need have a special cryptographic hardware in the microprocessor of today, needs the application program of crypto-operation directly to carry out crypto-operation via an independent little cipher instruction indication microprocessor like this.And the cipher instruction circuit provides at least one cipher instruction.Inventor of the present invention also recognizes the function that provide so simultaneously, reduces interference and keyholed back plate to operating system.And cipher instruction preferably can use in the level of privilege of application program, and special purpose system hardware can be compatible with the microprocessor of current popular.Simultaneously instruction will provide and the previous mode of the compatibility of operating system and program cryptographic hardware with associated cryptographic.Topmostly provide a kind of apparatus and method of carrying out crypto-operation; Make and effectively resist undelegated eavesdropping; And can support multiple cryptographic algorithm, support is verified the special password algorithm of implementing therein and is tested, golden key that the permission user provides and the golden key that produces voluntarily; Support multiple data block size and golden key length; Programmable block encryption/decryption modes is provided,, and can effectively carries out block ciphertext cryptographic function to mass data when stating block encryption/decryption modes able to programme in the use promptly like electronics code book formula, the serial of password block, cipher feedback pattern and output feedback mode etc.

Summary of the invention

One embodiment of the invention are in a microprocessor, to provide in order to accomplish the device of crypto-operation.This device comprises a cipher instruction circuit, output feedback mode logical circuit and execution logic circuit.The cipher instruction circuit is in order to produce a cipher instruction, and it receives through calculation element, and the part of conduct performed instruction stream on calculation element.Cipher instruction is stipulated a kind of crypto-operation.This crypto-operation comprises a plurality of output feedback block crypto-operations, and output feedback block crypto-operation then is executed in corresponding a plurality of input characters block.Output feedback mode logical circuit and cipher instruction circuit combine nearly.An initialization vector position of apparatus updates pointer buffer and each these output feedback block crypto-operation is calculated in the indication of output feedback mode logical circuit.Execution logic circuit and output feedback mode logical circuit are combined closely, and execution logic circuit is to carry out a cipher instruction.

Device according to above-mentioned conception; Wherein this crypto-operation of appointment also comprises at least one of column operations down: an output feedback block mode cryptographic calculation, and this output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; Reach an output feedback block mode decrypt operation, this output feedback block mode decrypt operation comprises a plurality of ciphertext blocks deciphering to produce corresponding a plurality of plaintext block.

According to the device of above-mentioned conception, wherein this cipher instruction is specified the output feedback mode of this crypto-operation of carrying out appointment.

According to the device of above-mentioned conception, wherein also comprise a reservoir, be connected to this execution logic circuit, whether it is interrupted by an interrupt event in order to this crypto-operation that shows appointment in order to store one.

According to the device of above-mentioned conception, wherein this interrupt event comprises the program control program circuit to this interrupt event of processing of transfer, and this crypto-operation of wherein carrying out in the appointment of current input characters block is interrupted.

According to the device of above-mentioned conception, wherein when from program control when returning this cipher instruction, this crypto-operation of appointment is performed in this current input characters block.

Device according to above-mentioned conception; When wherein the said output feedback of each on each corresponding said input characters block block mode crypto-operation is accomplished; This output feedback block mode logical circuit carries out of following running at least: guide this computing equipment to revise this pointer buffer, to point to next input and output literal block; Guide this computing equipment to the content of initialization vector buffer memory location pointed, to store current equivalent initialization vector; And guide this computing equipment, make via the two mutual exclusion exclusive disjunction of a current input characters block and a current output character block, to produce this current equivalent initialization vector.

According to the device of above-mentioned conception, wherein this interrupt event comprise one interrupt, one unusual, a page is made mistakes or a task is switched.

According to the device of above-mentioned conception, wherein this cipher instruction is referenced to a plurality of buffers in this computing equipment.

Device according to above-mentioned conception; Wherein these buffers comprise and are selected from following one: one first buffer; Wherein the content of this first buffer comprises first pointer of a sensing first memory address; This first memory address specifies in the primary importance in the storer, the said input block piece of access when this crypto-operation of appointment will be done; One second buffer; Wherein the content of this second buffer comprises one second pointer that points to a second memory address; This second memory address specifies in the second place in this storer preserving corresponding a plurality of output character block, and said corresponding output character block is accomplished the result that this crypto-operation produced of appointments at a plurality of input characters blocks; One the 3rd buffer, wherein the content of the 3rd buffer system is illustrated in a plurality of literal blocks in a plurality of input characters blocks; One the 4th buffer; Wherein the content of the 4th buffer comprises one the 3rd pointer that points to one the 3rd storage address; Three position of the 3rd storage address appointment one in storer is for the access at the key data that this crypto-operation uses of accomplishing appointment; One the 5th buffer; Wherein the content of the 5th buffer comprises the 4th pointer of a sensing one the 4th storage address; Four position of the 4th storage address appointment one in storer; The 4th position comprises this initialization vector position, the content of this initialization vector position comprise one when accomplishing this crypto-operation of appointment employed initialization vector or equivalent initialization vector; And one the 6th buffer; Wherein the content of the 6th buffer comprises a five fingers pin that points to one the 5th storage address; Five position of the 5th storage address appointment one in storer is for the access of the control word that this crypto-operation uses of accomplishing appointment, and wherein this control word is in order to specify the employed a plurality of cryptographic parameter of this crypto-operation.

Device according to above-mentioned conception; Wherein this execution logic circuit comprises: a password unit; It carries out a plurality of password bouts on each said input characters block; To produce corresponding each a plurality of output character blocks, wherein said password bout is specified by the control word of this password unit.

Another embodiment of the present invention is a kind of device of carrying out crypto-operation.This device comprises that one is embedded in password unit and the output feedback mode logical circuit in the equipment.Password unit is carried out one of several crypto-operations, and which crypto-operation specifies according to the cipher instruction in the received instruction stream be.Appointed crypto-operation comprises several cipher feedback block crypto-operations, and cipher feedback block crypto-operation then is performed in pairing several input characters blocks.Output feedback mode logical circuit and password unit combine nearly.One initialization vector position of the content of this renewal of the equipment pointer buffer of output feedback mode logical circuit indication and each a plurality of output feedback block crypto-operation.Wherein this crypto-operation of appointment also comprises at least one of column operations down: an output feedback block mode cryptographic calculation; This output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; This output feedback block mode cryptographic calculation uses one to encrypt initialization vector; It is used to produce one first by one first encrypting plaintext block and encrypts the ciphertext block; The computing of previous encryption ciphertext is used to encrypt initialization vector and encrypts ciphertext output block to produce one first; Subsequently, borrowing first to encrypt the mutual exclusion of the ciphertext output block and the first encrypting plaintext block or encrypt the ciphertext block to produce one first, first encrypts ciphertext output block then will be encrypted initialization vector as an equivalence of encrypting the second encrypting plaintext block by feedback; Reach an output feedback block mode decrypt operation; This output feedback block mode decrypt operation comprises a plurality of ciphertext block deciphering to produce corresponding a plurality of plaintext block; This output feedback block mode decrypt operation uses a deciphering initialization vector; It is used to produce expressly block of one first deciphering by one first decrypting ciphertext block; Previous decrypting ciphertext computing is used to decipher initialization vector to produce one first decrypting ciphertext output block; Subsequently, then first decrypting ciphertext is exported the mutual exclusion of the block and the first decrypting ciphertext block or is deciphered expressly block to produce one first, and first decrypting ciphertext output block then will be deciphered an equivalence deciphering initialization vector of the second decrypting ciphertext block by the feedback conduct.

According to the device of above-mentioned conception, wherein an interrupt event make one program control transfer to one handle this interrupt event program circuit, be interrupted at this crypto-operation of current input characters onblock executing appointment.

According to the device of above-mentioned conception, wherein when from program control when turning back to this cipher instruction, this crypto-operation of appointment promptly is performed on this current input characters block.

Device according to above-mentioned conception; When wherein the said output feedback of each on each said corresponding a plurality of input characters block block crypto-operation is accomplished; This output feedback block mode logical circuit carries out of following running: guide this computing equipment to revise the content of this pointer buffer, to point to next input and output literal block place; And guide this computing equipment to store an equivalent initialization vector to this initialization vector position, wherein this initialization vector position comprises by the content of initialization vector buffer memory location pointed.

According to the device of above-mentioned conception, wherein should guide the mutual exclusion exclusive disjunction of this computing equipment by output feedback block mode logical circuit, and produce an equivalent initialization vector via a current input characters block and a current output character block.

Another embodiment of the present invention is a kind of method of carrying out crypto-operation at an equipment.This method comprises the cipher instruction that response is received and carries out one of several crypto-operations that wherein cipher instruction is stipulated the crypto-operation of appointment.And this execution in step comprises completion several output feedback mode block computings in corresponding several input characters blocks.This method also comprises via the next output feedback mode block computing on next input characters block, the position that an equivalent initialization vector is write an initialization vector.Wherein this crypto-operation of appointment also comprises at least one of column operations down: an output feedback block mode cryptographic calculation; This output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; This output feedback block mode cryptographic calculation uses one to encrypt initialization vector; It is used to produce one first by one first encrypting plaintext block and encrypts the ciphertext block; The computing of previous encryption ciphertext is used to encrypt initialization vector and encrypts ciphertext output block to produce one first; Subsequently, borrowing first to encrypt the mutual exclusion of the ciphertext output block and the first encrypting plaintext block or encrypt the ciphertext block to produce one first, first encrypts ciphertext output block then will be encrypted initialization vector as an equivalence of encrypting the second encrypting plaintext block by feedback; Reach an output feedback block mode decrypt operation; This output feedback block mode decrypt operation comprises a plurality of ciphertext block deciphering to produce corresponding a plurality of plaintext block; This output feedback block mode decrypt operation uses a deciphering initialization vector; It is used to produce expressly block of one first deciphering by one first decrypting ciphertext block; Previous decrypting ciphertext computing is used to decipher initialization vector to produce one first decrypting ciphertext output block; Subsequently, then first decrypting ciphertext is exported the mutual exclusion of the block and the first decrypting ciphertext block or is deciphered expressly block to produce one first, and first decrypting ciphertext output block then will be deciphered an equivalence deciphering initialization vector of the second decrypting ciphertext block by the feedback conduct.

According to the method for above-mentioned conception, it also comprises: shift program control program circuit to a processing one interrupt event, and interrupt the execution of this crypto-operation of appointment on this current input characters block.

According to the method for above-mentioned conception, it also comprises: from program control this cipher instruction after turning back to this transfer the time, on this current input characters block, carry out this execution.

According to the method for above-mentioned conception, wherein this reception comprises: specify an output feedback mode cryptographic calculation, with this crypto-operation as appointment.

According to the method for above-mentioned conception, wherein this reception comprises: specify an output feedback block mode decrypt operation, with the crypto-operation as appointment.

Method according to above-mentioned conception also comprises: generation should the equivalence initialization vector.

According to the method for above-mentioned conception, wherein this generation comprises: a current input word literary composition block and the current output character block mutual exclusion exclusive disjunction between the two.

Description of drawings

Fig. 1 is the synoptic diagram that the explanation current password is used.

Fig. 2 describes the synoptic diagram of carrying out the crypto-operation technology.

Fig. 3 is according to the synoptic diagram of the present invention in order to the micro processor, apparatus of execution crypto-operation.

Fig. 4 is the synoptic diagram according to little cipher instruction embodiment of the present invention.

Fig. 5 is the numerical tabular according to little cipher instruction typical block cipher mode of Fig. 4.

Fig. 6 is the calcspar of describing in detail according to the present invention's password unit in an x86 compatible microprocessors.

Fig. 7 is the typical micro-order of codon computing is carried out in explanation in the microprocessor of Fig. 6 a synoptic diagram.

Fig. 8 is the numerical tabular that is written into micro-order buffer item according to the format description one of Fig. 7.

Fig. 9 is the numerical tabular that discloses a storage micro-order buffer item according to the form of Fig. 7.

Figure 10 is according to the password ginseng a plurality of Typical control word format synoptic diagram of the present invention in order to the regulation crypto-operation.

Figure 11 is the calcspar of describing in detail according to password unit of the present invention.

Figure 12 is the calcspar that a kind of block cryptologic circuit embodiments is described according to the present invention, and it carries out crypto-operation according to advancing the rank encryption standard.

Figure 13 is described in the interrupt event in order to check the process flow diagram of cryptographic parameter status method according to the present invention.

Figure 14 is described in the process flow diagram of in a plurality of input block pieces, accomplishing 1 method of specific output feedback mode crypto-operation under the incident of one or more interruptions according to the present invention.

100 square Figure 101, first computer workstation

102 second computer workstations 103 the 3rd computer workstation

104 notebooks, 105 LANs

106 network file storage facilitiess, 107 first routers

108 wireless networks are by device 109 wireless networks

110 Wide Area Networks, 111 secondary route devices

112 encrypt/decrypt application programs

200 calcspars, 201 microprocessors

202 operating systems, 203 application memories

204 passwords gold key generating routine, 205 gold medal key catalogues

206 block encipherors, 207 block decrypted programs

208 initialization vectors, 209 cryptographic parameter

210 plaintext blocks, 211 ciphertext blocks

300 calcspars, 301 microprocessors

302 Instruction Registers, 303 translation logic circuit

304 micro-order formations, 305,306 micro-orders inlet

307 buffer group 308-313 buffers

314 are written into logical circuit 315 data gets soon

316 password units, 317 stored logic circuit

318 write back logical circuit 319 memory buss

320 operating systems, 321 system storages

322 cipher instructions, 323 initial control words

324 initial golden keys or golden key catalogue 325 initialization vectors

326 input characters blocks, 327 output character blocks

328 execution logic circuit

400 little cipher instruction 401 alternative preamble field

402 repeat preamble field 403 operation code fields

404 block cipher mode fields, 500 tables

600x86 compatible microprocessors 601 acquisition logical circuits

602 translation logic circuit, 603 transfer interpreters

604 microcode ROM (read-only memory)s, 605 buffer levels

606 addressing levels 607 are written into level

The 609 micro-order formations of 608 execution levels

The 611 micro-order formations of 610 integer units

The 613 micro-order formations of 612 floating point units

614 multimedias are extended collection unit 615 micro-order formations

616 crossfires extend collection unit 617 password units

618 storage level 619 write back level

620 are written into bus 621 inhibit signals

622 memory bus, 624 tag cache devices

625X position 626 interrupt logic circuit

627 softwares and hardware interrupt 628 machine specific register

629E position 630 Characteristics Control buffers

631D position 632 execution logic circuit

640 output feedback mode logical circuits

700 micro-orders, 701 little operation code fields

702 data buffer fields, 703 buffer fields

704 data fields

800 tables 900 table

1000 control words, 1001 reserved fields

1002 gold medal key size field, 1003 encrypt/decrypt fields

1004 intermediate result fields, 1005 gold medal keys produce field

1006 algorithm field, 1007 bout count areas

1100 password units, 1101 block cryptologic circuit

1102 gold medal key RAS, 1103 little operation code buffers

1104 control word buffers, 1105 inputs-0 buffer

1106 inputs-1 buffer, 1107 gold medal key-0 buffers

1108 gold medal key-1 buffers, 1109 outputs-0 buffer

1110 outputs-1 buffer 1111 is written into bus

1112 memory bus, 1113 inhibit signals

1114 microinstruction bus, 1200 block cryptologic circuit

1201 micro-order buffers, 1202 control word buffers

1203 gold medal key-0 buffers, 1204 gold medal key-1 buffers

1205-1206 input buffer 1207-1208 output state

1210 bout engines control 1211-1214 bus

1216-1218 bus 1220 bout engines

1,221 first gold medal key xor logic circuit, 1,222 first buffer buffer memorys-0

1223S-Box logical circuit 1224 moves column logic circuitry

1,225 second buffer buffer memorys-1 1226 mix the hurdle logical circuit

1227 the 3rd buffer buffer memorys-2

1302 squares, 1304 decision block

1306 squares, 1308 squares

1310 squares, 1312 squares

1402 squares, 1404 squares

1406 decision block, 1408 squares

1410 squares, 1412 squares

1414 squares, 1416 squares

1418 squares, 1420 squares

1422 squares, 1424 decision block

1426 squares, 1428 squares

Embodiment

The following stated is the cited example of the present invention that application-specific and demand in the literary composition were made or used to application of known technology.Yet mentioned various modifications are to be used to show different with known technology among the embodiment, and this rule can be applicable among other embodiment.Therefore, the present invention is defined in specific embodiment.

Through the correlation technique of above-mentioned technical background and the use of computer nowadays system about password program with data encryption and deciphering, we will continue to inquire into these technology and restriction thereof with reference to Fig. 2.Then, will continue to discuss the present invention with reference to Fig. 3-14.The present invention provides a kind of device and method that is executed in the password program of present age computer system; Compared to present main flow machine; This device and method has shown preferable usefulness, therefore satisfied the restriction operation system intervention, electronic type, old-fashioned, computer organization is compatible, the programmability of algorithm and pattern, prevention hacker attacks, and the above-mentioned target of testability.

Please see Fig. 2 now, a square Figure 200 has described the technology of in above-mentioned present age computer system, accomplishing crypto-operation.Square Figure 200 comprises a microprocessor (microprocessor) 201, and it is known as application memory (applicationmemory) 203 and captures instruction circuit and access data from the part of the corresponding system storage of an application program.Instruction circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

The control of program and be by 202 keyholed back plates of the operating system in the protection zone that resides in system storage (operating system) from the data of 203 accesses of application memory.Like above-mentioned discussion; If an application program of carrying out (for example an Email (email) program or a file case stored routine) needs to carry out a crypto-operation, the application program of carrying out promptly must indicate microprocessor 201 to carry out specific instruction could accomplish crypto-operation.Perhaps, these instructions are exactly just in an executive utility sub program partly, and they also possibly be just to be linked in the embedded program of executive utility, also possibly be the services that operating system 202 is provided.No matter how they combine, those skilled in the art will understand that these instructions will reside in some appointments or the allocated storage zone in.

Based on the purpose of discussing; These storage areas will be disclosed in the application memory 203; And comprise password gold key generating routine (cryptographic key generation application) 204; Can produce as the one of which or receive a golden key and golden key is expanded into a gold medal key catalogue (key schedule) 205, use for the computing of password bout.For the cryptographic calculation of multi-tiling, a block encipheror (encryptionapplication) 206 will be by priming.The accesses of encipheror 206 execution command expressly blocks (plaintext) 210, golden key catalogue 205, such as the cryptographic parameter (cryptographic parameters) 209 of more detailed cryptographic calculations such as pattern, golden key directory location.If mode designated needs, an initialization vector (initialization vector) 208 also can pass through encipheror 206 accesses.Encipheror 206 is carried out these instructions, to produce relative ciphertext block (ciphertext) 211.Likewise, a block decrypted program (decryption application) 207 by priming in order to carry out the block decrypt operation.Decrypted program 207 is carried out several instructions, and these instructions can access ciphertexts 211, the cryptographic parameter 209 of golden key catalogue 205, more detailed decrypt operation, an and initialization vector 208 (if pattern need be also can by access).Decrypted program 207 is carried out these instructions and is made the corresponding expressly block 210 of generation.

It should be noted that specific instruction must be performed to produce golden key and to encrypt or deciphering literal block.Above-mentioned FIPS standard has comprised many pseudo-code examples, makes that the instruction number that need be determined can be estimated to come out, and therefore, those skilled in the art will understand that needs up to a hundred instructions, to accomplish a simple block cryptographic calculation.Each these instruction is carried out through microprocessor 201, to accomplish required crypto-operation.Further saying, carry out these instructions to accomplish a crypto-operation, just in the fundamental purpose (like file case keyholed back plate, real-time messages, Email, the access of telefile case, credit card trade) of executive utility, all is unnecessary computing for current.

Therefore, currently just feel that the user of executive utility the completion of current performed program is not efficient.Independently or under the situation of embedded encryption and decryption application 206,207, start and manage other demand that these programs 206,207 also will receive operating system 202 and arrange, such as support to interrupt, the incident of unusual and deterioration problem etc.Further say, for required each parallel crypto-operation on a computing system, an example of program 204,206,207 be exactly must separate configuration in storer 203.As stated, can be contemplated that requirement by the crypto-operation number that a microprocessor 201 walks abreast, will increase along with time remaining.

Inventor of the present invention has noticed the limitation of these problems and current computer system password technology, has more confirmed to be provided at one and can not occur in the microprocessor of program delay the user, carries out the demand of the apparatus and method of crypto-operation.Therefore, the present invention provides a microprocessor in this, via exclusive password unit, carries out the device and related methods of crypto-operation.When starting password unit,, carry out crypto-operation with sequencing via a single password instruction.Now will be with reference to Fig. 3 to Figure 12 so that the present invention to be discussed.

With reference to Fig. 3, a calcspar 300 has been described a micro processor, apparatus of carrying out crypto-operation according to the present invention.Calcspar 300 has been described a microprocessor (microprocessor) 301, and it is linked on the system storage (system memory) 321 through a memory bus (memory bus) 319.Microprocessor 301 comprises that translation logic circuit (translation logic) 303 receives instruction circuit from an Instruction Register (instructionregister) 302.Instruction circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (nativeinstruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

Translation logic circuit 303 comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode, or can translate and instruct the equivalent unit of relevant microinstruction sequence.Performed unit of translating possibly shared by other circuit, microcode etc. in translation logic circuit 303, promptly in microprocessor 301, carries out other function.According to the object of the invention, microcode is a term, a large amount of micro-order of its expression.One micro-order (or being called native instructions) is other instruction of performance element level.For example, (reduced instruction set computer, RISC) directly carry out by microprocessor by Reduced Instruction Set Computer for micro-order.For a CISC (complex instruction set computer; CISC) microprocessor; Such as an x86 compatible microprocessors; The x86 instruction is translated into relevant micro-order, and these micro-orders can directly be carried out by at least one unit in the CISC microprocessor.

Translation logic circuit 303 is connected in the micro-order formation (micro instruction queue) 304, and micro-order formation 304 has several micro-order inlets (micro instruction entries) 305,306.Micro-order is offered the buffer level logic circuit that comprises a buffer group 307 by micro-order formation 304.Buffer group (register file) 307 has a plurality of buffers (registers) 308-313, and the content of these buffers promptly is established before the crypto-operation of carrying out an appointment.Buffer 308-312 points to relevant position (corresponding locations) 323-327 in the storer (memory) 321, is depositing here and is carrying out the required data of designated pin computing.The buffer level is connected to and is written into logical circuit (load logic) 314, and it is connected to data and gets (data cache) 315 soon, is used for recovering carrying out the data of the crypto-operation of appointment.Data are got 315 soon and are connected on the storer 321 through memory bus 319.Execution logic circuit (execution logic) 328 be written into that logical circuit (load logic) 314 joins and transmit the computing that the micro-order of getting off is carried out appointment through upper level.Execution logic circuit 328 comprises logical circuit, device or microcode (being micro-order or native instructions) or the combination of logical circuit, device or a microcode, or can carry out the equivalent unit of specify arithmetic through the micro-order that offers it.

The unit of in execution logic circuit 328, carrying out computing possibly shared by other circuit, microcode etc., promptly in microprocessor 301, accomplishes other function.Execution logic circuit 328 comprises a password unit (cryptography unit) 316, and password unit 316 receives from being written into logical circuit 314, in order to carry out the required data of crypto-operation of appointment.Micro-order drives password unit 316 is carried out appointment on a plurality of input characters blocks 326 crypto-operation, to generate relevant a plurality of output character blocks (outputtext) 327.Password unit 316 comprises logical circuit, device or microcode (being micro-order or native instructions) or the combination of logical circuit, device or a microcode, or can carry out the equivalent unit of crypto-operation.The unit of in password unit 316, carrying out crypto-operation possibly shared by other circuit, microcode etc., promptly in this microprocessor 301, accomplishes other function.

In one embodiment, other performance element (not icon) of password unit 316 and execution logic circuit 328 is an executed in parallel such as integer unit, floating point unit etc.An embodiment of one " unit " system comprises logical circuit, device or microcode (being micro-order or native instructions) or the combination of logical circuit, device or a microcode in the scope of the invention, or can carry out the equivalent unit of specify arithmetic or appointed function.These elements of on a special element, carrying out specify arithmetic or execution appointed function possibly shared by other circuit, microcode etc., promptly in microprocessor 301, carry out other function exclusive disjunction.For example, in one embodiment, integer unit system comprises logical circuit, device or microcode (being micro-order or native instructions) or the combination of logical circuit, device or a microcode, or can carry out the equivalent unit of integer instructions.One floating point unit comprises logical circuit, device or microcode (being micro-order or native instructions) or the combination of logical circuit, device or a microcode, or can carry out the equivalent unit of floating point instruction.The element of in integer unit, carrying out integer instructions can be shared circuit, microcode etc., promptly in floating point unit, carries out floating point instruction.

In an embodiment of compatible x86 system, the crossfire that the multimedia of the integer unit of a password unit 316 and an x86, the floating point unit of an x86, an x86 is extended a collection unit and an x86 extends collection unit executed in parallel.According to the present invention, the embodiment of a compatible x86 system is meant that this embodiment can correctly carry out great majority and be designed to the application program on an x86 microprocessor, carried out.If obtain a result correctly, this program implementation is exactly correct.The compatible embodiment of alternative x86 expects a password unit and an above-mentioned sub-set executed in parallel of mentioning the x86 performance element.Password unit 316 is connected on the stored logic circuit (store logic) 317 and corresponding a plurality of output character block 327 is provided.Stored logic circuit 317 also is connected to data and gets 315 soon, and it sends output character data 327 and sentences the confession storage to system storage 321.Stored logic circuit 317 is connected to and writes back on the logical circuit (write backlogic) 318.Accomplish when the crypto-operation of appointment, write back logical circuit 318 and will upgrade the buffer 308-313 in the buffer group 307.In one embodiment; A micro-order and a frequency signal (not shown) are synchronous, each above-mentioned logic circuit stage of flowing through (logic stages) 302,303,304,307,314,316-318, like this; These computings just can executed in parallel, just as an assembly line.

In system storage 321, one needs the application program of designated pin computing just can go to carry out this computing through an independent cipher instruction (cryptographic instruction) the 322 direct microprocessors 301 that drive.At this with a password (XCRYPT) instruction explanation as an example.In a CISC embodiment, cipher instruction 322 comprises the instruction of regulation one crypto-operation.In Reduced Instruction Set Computer embodiment, cipher instruction 322 comprises the micro-order of regulation one crypto-operation.In one embodiment, cipher instruction 322 utilizes the unnecessary or order number of usefulness not in the existing instruction set architecture.In the compatible embodiment of an x86; Cipher instruction 322 is instructions of one 4 bytes; It comprises an x86 and repeats preposition (being 0xF3); The untapped x86 codings of 2 bytes of heel (for example 0x0FA7) are added 1 byte and are indicated a particular block ciphertext pattern of when carrying out a designated pin computing, using.In one embodiment; Can be performed offering under the System Privileges level of application program according to cipher instruction 322 of the present invention; And therefore can directly be programmed in the program instruction streams from an application program or under the control of an operating system 320, make to offer this microprocessor 301.Only need a cipher instruction 322 driving microprocessors 301 to get final product owing to carry out the crypto-operation of appointment, like this, the completion of computing will be a transparence for operating system 320 fully.

During computing, application program of operating system 320 primings makes on microprocessor 301 and carries out, and as the part of instruction stream, a cipher instruction 322 offers acquisition logical circuit 302 by storer 321 during executive utility.Yet; Before carrying out cipher instruction 322; Instruction in program flow drives the content that microprocessor 301 makes initialization buffer 308-312; So that it is pointed to the position 323-327 in storer 321; These positions comprise a cipher control word (cryptographic controlword) 323, one initial golden key (initial cryptographic key) 324 or one gold medal key catalogue (keyschedule) 324, an initialization vector (initialization vector) 325 (if necessary), supply input characters (the input text) 326 and the output character (output text) 327 of computing.

Initialization buffer 308-312 is necessary before carrying out cipher instruction 322; Directly do not use these buffers 308-312 and the additional buffered device 313 of depositing a number of blocks because cipher instruction 322 does not add verification, this number of blocks is meant to be needed to encrypt or the decrypted data number of blocks in input characters district 326.Like this, translation logic circuit 303 captures cipher instruction and it is translated into this microprocessor 301 of a series of drivings from acquisition logical circuit 302 and makes the corresponding micro-order of carrying out the designated pin computing.One first group of micro-order 305-306 in corresponding serial micro-order drive password unit 316 make download from the data that are written into logical circuit 314 and provided and the password bout that begins to carry out some make and produce a corresponding output data block, and get 315 soon through data corresponding output data block offered stored logic circuit 317 with in the output character district 327 that is stored in storer 321.One second group of micro-order (not shown) in corresponding serial micro-order drives other performance element (not shown) of microprocessor 301 and carries out the crypto-operation of other necessary computing with the completion appointment; Such as behind the intact one group of input characters 326 of encrypt/decrypt; The non-structure buffer (not shown) of keyholed back plate buffer memory intermediate result and counting; Upgrade input and output pointer buffer (pointer registers) 311-312, upgrade initialization vector pointer buffer (initialization vector pointer register) 310 (if necessary) and handle current interruption etc.In one embodiment, buffer 308-313 is the structure buffer, and structure buffer 308-313 is meant that (instruction set architecture carries out the defined buffer of special microprocessor in ISA) at instruction set architecture.

In one embodiment, password unit 316 is divided into a plurality of levels, allows the continuous input characters block 326 of pipelined thus.

The calcspar 300 of Fig. 3 is used for telling about basic composition of the present invention unit, and therefore for more clear, a lot of logical circuits in current microprocessor 301 are all ignored by calcspar 300.Yet those skilled in the art will be appreciated that according to the current microprocessor 301 of specific execution and comprise many levels and logic circuit unit, but because of the purpose from clear expression, it flocked together.For example, being written into logical circuit 314 and can comprising address and generate level, is one to get interface level soon then, is a fast line taking alignment stage then.But it should be noted that; A complete crypto-operation on a plurality of input characters blocks 326 drives through an independent cipher instruction 322 according to the present invention; The computing of this instruction considers it is transparence from the angle of operating system 320; And his execution is to accomplish through a special purpose system unit 316, and other performance elements in password unit 316 and the microprocessor 301 walk abreast.Inventor of the present invention attempts on example structure, to provide a kind of embodiment of restructural password unit 316, the special-purpose floating point unit hardware that microprocessor was provided before it was similar to.The concurrent computing of the computing of password unit 316 and associated cryptographic instruction 322 and former operating system 320 and application program is compatible fully.To describe in detail as follows.

See also Fig. 4 now, the schematic diagram shows that it provided according to an embodiment of the present invention's one little cipher instruction 400.Cipher instruction 400 comprises an alternative preamble field (optional prefixfield) 401; Be a repetition preamble field (repeat prefix field) 402 then; Be an operation code field (opcode field) 403 subsequently; Be a block cipher mode field (block cipher mode field) 404 at last, in one embodiment, the content of field 401-404 is consistent with the x86 instruction set architecture.Compatible other the instruction set architecture of reconfigurable embodiment.

In computing, this alternative preamble field 401 is executed at many instruction set architectures, maybe can not realize some operation characteristics of master microprocessor with activation, such as carrying out 16 or 32 bit arithmetics, handle or access to the special memory section etc.Repeat the crypto-operation that preamble field 402 shows cipher instruction 400 appointments, will be done in a plurality of input block pieces (i.e. plaintext or ciphertext).Repeat preamble field 402 and also infer the microprocessor that is fit to, using the content of a plurality of architectural buffers, as one in system storage the pointer of position, system storage comprises the data and the parameter of specific cryptosystem computing.

As stated, in the compatible embodiment of an x86, the numerical value that repeats preamble field 402 is 0xF3.And according to the infrastructure protocol of x86, the instruction of the x86 repeated strings of cipher instruction and REP.MOVS and so on is quite similar.For example; When carrying out the microprocessor embodiment of the present invention and x86 compatibility, repeat the preamble field instruction and indicate the block that is stored among the structure buffer ECX to calculate variable, be stored in the source address pointer (pointing out the input data that crypto-operation is used) among the buffer ESI and be stored in the destination address pointer (pointing out that in storer output data is regional) among the buffer EDI.In the compatible embodiment of x86; The present invention makes known repeated strings command content, also with reference to being stored in the control word pointer among the buffer EDX, the pointer (if words that the chip mode of appointment needs) that is stored in the password gold key pointer among the buffer EBX and is stored in the initialization vector among the buffer EAX.

Operation code field 403 specifies microprocessor to accomplish crypto-operation, and it also is specified in the control word that is stored in the storer, and this storer system is through the indication of control word pointer.The preferable selective value that the present invention calculates operation code field 403 is with as subsequent use in the existing instruction set architecture or do not use one of operation code, so that keep the consistance of the microprocessor that old operating system and application software meet.For example, as previously mentioned, operation code field 403 is implemented numerical value 0x0FA7, carries out the crypto-operation that specifies with indication.Block cipher mode field 404 is specified the special section block cipher mode, and is during specifying crypto-operation, to carry out, as shown in Figure 5.

Fig. 5 has illustrated a table 500, and this table 500 has illustrated the numerical value according to the exemplary block cipher mode field of the electronic structure of Fig. 4.The computing of numerical value 0xC8 designated pin can be accomplished through using electronics sign indicating number format information pattern.The computing of numerical value 0xD0 designated pin can access to your password the block serial mode and accomplish.The computing of numerical value 0xE0 designated pin can access to your password feedback model and accomplish.The computing of numerical value 0xE8 designated pin can be used output feedback (output feedback, OFB) pattern and accomplishing.All other values of block cipher mode field 404 can be retained.These patterns are described in the literary composition in aforesaid FIPS to some extent.

Refer now to Fig. 6, synoptic diagram is described in detail according to the password unit (cryptography unit) 617 of the present invention 600 li of x86 compatible microprocessors (microprocessor).Microprocessor 600 comprises an acquisition logical circuit (fetch logic) 601 from execute store (not shown) acquisition.Acquisition logical circuit 601 is connected on the translation logic circuit (translation logic) 602.Translation logic circuit 602 comprises logical circuit, device or microcode (being micro-order or native instructions) or the association of logical circuit, device or a microcode, or can instruction be translated into the equivalent unit of microinstruction sequence.In this translation logic circuit 602, carrying out the element of translating possibly shared by other circuit, microcode etc., and it is a function of in this microprocessor 600, carrying out other.

This translation logic circuit 602 comprises the transfer interpreter (translator) 603 and output feedback mode logical circuit (outputfeedback mode logic) 640 that are connected on the microcode ROM (read-only memory) (microcodeROM) 604, and it is connected on transfer interpreter 603 and the microcode ROM (read-only memory) 604 simultaneously.Interrupt logic circuit (interrupt logic) 626 is connected to translation logic circuit 602 through bus (bus) 628.Several softwares and hardware interrupt (interrupt signals) 627 will be interrupted logical circuit 626 and handle, and it will show that present is disconnected to translation logic circuit 602.The continuous level that translation logic circuit 602 is connected to microprocessor 600 comprises buffer level (register stage) 605, addressing level (addressstage) 606, is written into level (load stage) 607, execution level (execute stage) 608, storage level (storestage) 618 and writes back level (write back stage) 619.Each continuous level comprises the logical circuit of accomplishing appointed function, and these specific functions are relevant with the instruction that execution acquisition logical circuit 601 provides, and these structures are described with similar title in the microprocessor of Fig. 3.

The compatible embodiment 600 of the x86 that Fig. 6 describes has showed the execution logic circuit (execution logic) 632 in the execution level 608, and it comprises parallel performance element (execution unit) 610,612,614,616,617.Integer unit 610 receives the integer micro-order for execution from micro-order formation (micro instruction queue) 609; Floating point unit (floating point unit) 612 receives floating point microinstruction for execution from micro-order formation 611; Multimedia is extended collection unit (Multi-media Extensions; MMX) 614 receive multimedias from micro-order formation 613 and extend the collection micro-orders for execution; Crossfire extends the collection unit, and (Streaming SIMD Extensions SSE) 616 receives crossfires from micro-order formation 615 and extends the collection micro-orders for execution.

Show that in typical x86 embodiment a password unit (cryptography unit) 617 is written into bus (load bus) 620, one inhibit signal (stall signal) 621 and one memory bus (storebus) 622 through one and is connected to this crossfire extension collection unit 616.Password unit 617 is shared the micro-order formation 615 that crossfire extends the collection unit.Reconfigurable embodiment attempts the parallel work-flow of isolated password unit 617, just as unit 610,612 and 614.Integer unit (integer unit) 610 is connected on the tag cache device (EFLAGS register) 624 of an x86.The tag cache device comprises an X position 625, and whether the state of X position indication crypto-operation is in processing.

In one embodiment, X position 625 is the 30th of an x86 tag cache device 624.In addition, integer unit 610 accesses one machine specific register (machine specific register) 628 is to calculate the state of an E position 629.The state of E position 629 is illustrated in whether there is password unit 617 in the microprocessor 600.Integer unit 610 also is accessed in the D position 631 in the Characteristics Control buffer (feature control register) 630, opens or closes password unit 617.Microprocessor embodiment 301 with Fig. 3 is the same, and the microprocessor 600 of Fig. 6 has been described the necessary element of the present invention in the compatible embodiment of x86, and clear some elements of gathering or ignoring microprocessor.Those skilled in the art will recognize that other element also must be used to accomplish this interface such as data and get (not shown), Bus Interface Unit (not shown), frequency generation and frequency division logical circuit (not shown) etc. soon.

In the computing, through acquisition logical circuit 601, from get instruction circuit and be synchronized with frequency signal (not shown) and provide instruction of storer (not shown) to translation logic circuit 602.Instruction circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

Translation logic circuit 602 is translated the corresponding formation of each instruction circuit to micro-order circuit, and these micro-order formations are synchronized with a frequency signal, is provided for the 605-608,618 and 619 of level subsequently of microprocessor continuously.Each micro-order circuit in the microinstruction sequence is indicated the execution of sub-computing; This sub-computing need be accomplished comprehensive computing; And this comprehensive computing is specified through corresponding instruction circuit, and these corresponding instructions can be like beneath instruction circuit: the generation of the address through address level 606; Two sum operation sign indicating numbers in the integer unit 610, this integer unit 610 postpone in the latch stages 605 named cache device (not shown) and obtain; Store the result that one of performance element 610,612,614,616,617 is produced, this stores through storage level 618 performed.According to the instruction of being translated; Translation logic circuit 602 will make transfer interpreter 603 directly produce microinstruction sequence; Perhaps obtain sequence, perhaps make the transfer interpreter 603 direct existing sequence parts that produce a part of and acquisition of sequence from microcode ROM (read-only memory) 604 from microcode ROM (read-only memory) 604.Micro-order and frequency signal are synchronously through level 605-608,618 and 619 and carry out in succession subsequently.

When micro-order arrives execution level 608; They and its operation code and appointed performance element 610,612,614,616,617 (are obtained from buffer in buffer level 605; Logical circuit in the level 606 that perhaps is addressed produces; Perhaps get institute soon from data and obtain through being written into level 607) be performed logical circuit 632 together and arrange to carry out, reach through being replaced micro-orders by corresponding microinstruction sequence 609,611,613,615.Performance element 610,612,614,616,617 is carried out micro-order and is provided the result to storage level 618.In one embodiment, micro-order comprise indication its whether with the field of the parallel execution of other computing.

As above describe, make response to obtaining a cipher instruction, translation logic circuit 602 produces relevant micro-order, and its continuous level 605-608,618,619 that orders about in the microprocessor 600 makes the crypto-operation of carrying out appointment.One first group of relevant micro-order directly sends to password unit 617; And driving password unit 617 reads the data that are written on the bus 620; Perhaps download an input block piece, and begin to carry out the password bout of a given number, make to produce an output data block; Perhaps provide an output data block to memory bus 622, make through stored logic circuit 618 to be saved in the storer.One second group of relevant micro-order sends to other performance element 610,612,614,616; Make other required sub-computing of complete designated pin computing; Such as test E position 629, start D position 631, X position 625 is set currently has a crypto-operation to carry out to show; Upgrade the buffer (for example counting a plurality of buffers, input characters pointer buffer, output character pointer buffer) of buffer level 605, through interrupt logic circuit 626 handling interrupt 627 etc.

Through the integer unit micro-order in the staggered password unit microinstruction sequence, relevant micro-order is provided the execution as specific cryptosystem computing on multiple several input block pieces, so that integer arithmetic can be done with the password unit computing is parallel.Micro-order system is included in the relevant micro-order to allow response interruption 627 and to return from interrupting 627.Because the pointer of all cryptographic parameter and data all leaves in the structure buffer of x86, their state will recovered when interruption is returned by preservation and these states when handling interrupt.

Therefore, when interrupt taking place, program controlly will jump to corresponding interrupt service routine.As the part of program control redirect, X position 625 will be fallen clearly, to represent golden key data and control word data no longer valid.When interrupting returning, program control system is rotated back into cipher instruction, and as the part of its relevant micro-order, special micro-order will be tested the state of X position 625 to determine golden key data and control word data whether effective.If effectively; This program will be proceeded to handle to the specific input block piece before interrupting generation; If the state of X position 625 shows golden key data and control word data no longer valid, will read golden key and the control word of handling specific input block piece when interrupting taking place to storer again.

In a word,, carry out the initial testing that a cipher instruction always comprises X position 625, with the validity of decision golden key data and control word data in password unit 617 according to the present invention.If golden key data and control word data are invalid, can read golden key data and control word data from storer.The input block piece that is pointed to by input pointer buffer then is written into, and designated pin fortune ties up on the input block piece and carries out.In addition, the execution that is written into the designated pin computing of input block piece does not need to be written into earlier golden key data and control word data.

If a new golden key and a control word has been arranged, before carrying out new cipher instruction, must fall X position 625 clearly so.Use the continous cipher instruction of identical golden key data and control word data also can be performed.In this case, need not after initialization gold key data and control word data are transfused to, to fall X position 625 clearly.For example in order to improve the speed of memory bus, the user can be divided into the encrypt/decrypt of 500 input block pieces 5 cipher instructions, and its every instruction can be handled 100 input block pieces.

Utilize the cipher feedback pattern; Output feedback mode logical circuit 640 will be accomplished crypto-operation OFB mode logic 640 and guarantee that the micro-order of being correlated with is in proper working order; And allow the intermediate result of this pointer buffer and the block crypto-operation sequence on serial input characters block, before handling interrupt 627, can be updated.Output feedback mode logical circuit 640 instructs micro-order to be inserted in the micro instruction flow, and when carrying out the crypto-operation of first block input data, input in storer and output data block pointer are modified and point to next input and output data block like this.In addition, output feedback mode logical circuit 640 instructs micro-order to be inserted in the corresponding micro instruction flow, and change block count device is accomplished to show the crypto-operation on the present input data block.

Those skilled in the art will hope that the cryptographic calculation under output feedback mode uses an initialization vector, and it is used to produce one first ciphertext block by one first plaintext block.Previous ciphertext computing is used to initialization vector to produce one first ciphertext output block.Subsequently, borrowing first ciphertext output block with the mutual exclusion of the first plaintext block or to produce one first ciphertext block.First ciphertext output block then will be by feedback as an equivalent initialization vector of encrypting the second plaintext block.And the like, the completion of output feedback mode deciphering is very similar with an output feedback cryptographic calculation person, and only expressly block is produced by the ciphertext block and the ciphertext output block of mutual exclusion.Previous ciphertext computing then acts on initialization vector and follow-up equivalent initialization vector, to produce ciphertext output block.

In one embodiment; 640 identifications one of output feedback mode logical circuit specify output feedback mode to encrypt or decrypt operation; And provide a micro-order series with the pointer in the new construction buffer more, guarantee to feed back to first expressly or the follow-up block of ciphertext block give suitable equivalent initialization vector.

In alternative embodiment; 640 identifications one of output feedback mode logical circuit specify output feedback mode to encrypt or decrypt operation; And micro-order series is provided: 1) in current plaintext block and corresponding current ciphertext block thereof, carry out a mutual exclusion computing, can supply the equivalent initialization vector of next block use to produce one; 2) equivalent initialization vector is stored into by initialization vector pointer buffer memory location place pointed; 3) pointer in the new construction buffer more, with guarantee to feed back to first expressly or the follow-up block of ciphertext block give suitable equivalent initialization vector.

Referring now to Fig. 7, the for example clear structure of in the microprocessor of Fig. 6, carrying out the typical micro-order 700 of codon computing of chart.Micro-order (micro instruction) 700 comprises a little operation code field (micro opcode field) 701, one data buffer field (data register field) 702 and buffer fields (register field) 703.Little operation code field 701 has shown a specific sub-computing that will be performed, and has shown the logical circuit of at least one grade of the sub-computings of microprocessor 600 execution.The particular value of little operation code field 701 shows that the micro-order circuit of appointment is through carrying out according to password unit of the present invention.The micro-order circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

In one embodiment, two kinds of particular values are arranged.One first value " is written into (XLOAD) " and shows and will refetch data from memory location, and storage address is to be specified by the content of the represented structure buffer of data buffer field 702.These data will be loaded in the buffer of password unit, and buffer is then specified by buffer field 703.The data that refetch (for example golden key data, control word, input characters data, initialization vector) offer password unit.One second value of little operation code field 701 " stores (XSTOR) " and shows that the data that produced by password unit will be stored into a memory location, and its address is specified by data buffer field 702 represented structure buffers.In the embodiment of a multistage password unit, buffer field 703 is indicated a group in the array output data blocks to make and is stored in the storer.The output data block offers the access of stored logic circuit by password unit in data field position (data field) 704.According to the present invention, carry out the more detailed description that is written into and stores micro-order about password unit, will in Fig. 8 and Fig. 9, discuss.

Fig. 8, table 800 have described the value that is written into the buffer field 703 of micro-order circuit according to 700, one of the forms of Fig. 7.The micro-order circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (nativeinstruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.Like the discussion of front, translating of a cipher instruction will cause microinstruction sequence of generation.Microinstruction sequence comprises one by first group of micro-order and one group of second group of micro-order of password unit execution, and second group of micro-order is that other parallel function unit beyond the password unit is carried out in the microprocessor.Second group of micro-order accomplished such as refresh counter, temporary register, structure buffer, tested and be arranged on the sub-computings such as mode bit on the special buffer of machine.

First group of instruction provide golden key, cryptographic parameter, and the input data to password unit, and drive password unit and make and generate golden key catalogue (or being written into the golden key catalogue that refetches from storer), be written into and encrypt (or deciphering) input characters data, and store the output character data.One to be written into micro-order be that password unit provides and is written into the control word data, is written into golden key or golden key catalogue, is written into the initialization vector data, is written into input word literary composition data and is written into the input characters data and drives the crypto-operation that password unit is carried out appointment.Be written into a control word in its internal control word buffer in the value 0b010 designated pin unit that is written in the micro-order buffer field 703.Because this instruction is carried out on pipeline, the architecture control pointer buffer of buffer level has been deposited the address of control word in storer by access to obtain.Addressing logic becomes physical address with address translation, for storage access.Be written into logical circuit from getting control word soon, and control word is placed into data field position 704, this moment, control word was transmitted to password unit.Equally, the value 0b100 of buffer field orders about password unit, makes to be loaded in the input characters data that data field position 704 is provided, and just is written into, carries out the designated pin computing subsequently.

The same with control word, the input data are stored in pointer in the structure buffer by access through one.Value 0b101 representes that the input data that data field position 704 provides will be loaded into internal buffer 1 input-1.The data that are loaded into input-1 buffer can be input characters data (when pipelined are handled), also can be initialization vectors.Value 0b110 and 0b111 represent that password unit is written into a golden key respectively or generates the low level and the high position of a golden key in the golden key catalogue the user.According to the present invention, the user is meant the object of accomplishing an appointed function or specify arithmetic, and the user can be an application program, an operating system, a machine or a people.Therefore, in one embodiment, the user generates golden key catalogue and is set up by application program.In an alternative embodiment, the user generates golden key catalogue and is set up by the people.

In one embodiment, the value 0b100 of buffer item and 0b101 are divided into two levels with a password unit, and this continuous input characters block can be carried out by pipeline.Therefore; In order to make two continuous input block pieces carry out the pipeline running; One first is written into micro-order carries out to input and-1 one first input characters block is provided; Carry out one second subsequently and be written into micro-order and one second input characters block be provided for input-0, drive the crypto-operation that password unit begins to carry out appointment simultaneously.

If a user generates golden key catalogue and is used to carry out crypto-operation, corresponding several of golden key quantity that generate golden key catalogue with the user so are written into micro-order and will be sent to password unit, in order to be loaded in each bout gold key in the golden key catalogue.

All other values that are written into the buffer field 703 of micro-order keep.

With reference to Fig. 9, table 900 is showed the value that stores the buffer field 703 of micro-order according to the form 700 1 of Fig. 7.The micro-order circuit provides at least one instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

The output character data that storage micro-order driving password unit will generate (promptly encrypting or deciphering) offer the stored logic circuit, and it is stored in the storage address of metadata cache field 702 appointments.Therefore, according to the present invention, the translation logic circuit is that specific output character block sends a storage micro-order after one of relevant input characters block transmission is written into micro-order for it.Its inner output-0 output-0 buffer of the value 0b100 indication password unit associating of buffer field 703 offers the stored logic circuit with the output character block and stores.It is related when the content of output-0 with the input characters block that is provided to input-0 is.Equally, with reference to buffer item value 0b101, the content of inner output-1 buffer also is related with the input characters data that are provided to input-1.Therefore; Be written into after golden key and the control word data; A plurality of input characters blocks just can be through to be written into. input-1, be written into. input-0 (be written into. input-0 also can drive password unit and begin crypto-operation), store. output-1, store. output-0, be written into. input-1, be written into. the order of input-0 (beginning the computing to following two input characters blocks) sends the password micro-order, makes through the password unit pipeline and carries out.

Refer now to Figure 10, according to the present invention, chart has been described a typical control word format (control word format) 1000 emphatically, and control word has been specified the cryptographic parameter of crypto-operation.Control word 1000 is write storer by user's programming, and before carrying out crypto-operation, its pointer is provided by the structure buffer of a suitable microprocessor.Therefore; Part as the microinstruction sequence relevant with providing cipher instruction; And the cipher instruction circuit provides at least one cipher instruction, and it is used for indicating a crypto-operation, and instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (nativeinstruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

One loads micro-order indication microprocessor reads the structure buffer that includes pointer, converts pointer into a physical address, reads control word 1000 and control word 1000 is loaded into the internal control word buffer of password unit from storer (getting soon).Control word 1000 comprises that golden key size (KSIZE) field of a reservation (RSVD) field 1001,1002, encrypt/decrypt (E/D) field 1003, intermediate result (IRSLT) field 1004, golden key produce (KGEN) field 1005, algorithm (ALG) field 1006 and one bout counting (RCNT) field 1007.

The all values of reserved field 1001 all is retained.The content of gold key size field 1002 has been specified and has been used for accomplishing the golden key size of encrypting or deciphering.In one embodiment, golden key size field or one 128 golden keys, or one 192 golden keys, or one 256 golden keys.The 1003 designated pin computings of encrypt/decrypt field are cryptographic calculation or decrypt operation.The gold key produces field 1005 and shows and provide a user in the storer to generate golden key catalogue still be a single golden key; If the words of a single golden key; Micro-order will send to password unit together with golden key; Make the cryptographic algorithm according to algorithm field 1006 appointments, driver element expands to golden key catalogue with golden key.

In one embodiment; Data encryption standards (the Data Encryption Standard of the algorithm of algorithm field 1006 appointments for discussing so far; DES) algorithm, triple (Triple-data EncryptionStandard; Triple-DES) algorithm or advance rank encryption standard (Advanced Encryption Standard, AES) algorithm.The alternative embodiment attempt comprises other algorithm, such as the Rijndael ciphertext, and Twofish ciphertext etc.The content basis given algorithm of bout count area 1007 accomplish each input characters block given password rounds.Though above cryptographic algorithm standard has been specified the fixed password rounds of each input characters block, provide bout count area 1007 and allow the programmer to change the specified rounds of this standard.

In one embodiment, the programmer specifies 0 to 15 bout can for each block.At last; Whether the encrypt/decrypt that the content of intermediate result field 1004 is specified an input characters block is according to the cryptographic algorithm standard of algorithm field 1006 appointments; With the specified rounds executor of bout count area 1007; Perhaps whether this encrypt/decrypt according to the algorithm of ALG item 1006 appointments, carry out with the rounds of bout count area 1007 appointments, and last bout execution result is an intermediate value rather than net result.Those skilled in the art will hope that in each bout many cryptographic algorithms are all carried out identical sub-computing, except the performed person of last bout.Therefore, so that intermediate result rather than end product to be provided, can allow the programmer to change the intermediate steps of implementing operation method to middle result field 1004 programmings.For example, can be through encrypting, on this same text block, carry out then two bouts, 3 bouts etc. then carrying out bout on the literal block, with the intermediate result that obtains to add up performance with verification algorithm.Provide the user of the function of rounds able to programme and intermediate result can the authentication password coding efficiency, detection failure, and the effectiveness of probing into different golden key structures and rounds.

With reference to Figure 11, calcspar is described in detail according to password unit of the present invention (cryptographyunit) 1100.Password unit 1100 comprises a little operation code buffer 1103 that receives password micro-order circuit (promptly being written into and storing micro-order) through microinstruction bus 1114.Password micro-order circuit provides at least one cipher instruction; It is used for indicating a crypto-operation; And instruction circuit comprises logical circuit, device or microcode (being micro-order or native instructions (native instruction)) or the combination of logical circuit, device or a microcode; Because instruction circuit is not for emphasis of the present invention, no longer this is elaborated in this.

Password unit 1100 also has a control word buffer (control word register) 1104, an input-0 buffer 1105 and an input-1 buffer 1106, gold medal key-0 buffer 1107, gold medal key-1 buffer 1108.Data are written into bus (load bus) 1111 through one and offer buffer 1104-1108, as being written into the micro-order content in 1103 li appointments of micro-order buffer (micro instruction register).Password unit 1100 also comprises the block cryptologic circuit (block cipher logic) 1101 that is connected to all buffer 1103-1108 and golden key RAS (key RAM) 1102.Block cryptologic circuit provides an inhibit signal (stall signal) 1113, and the block result is provided to output-0 buffer 1109 and an output-1 buffer 1110.The content to one that these output states 1109-1110 sends them through a memory bus (store bus) 1112 is fit in the successive level of microprocessor.In one embodiment, micro-order buffer 1103 is 32, and other buffer 1104-1110 then is 128 persons.

In computing, send micro-order buffer 1103 to the password microinstruction sequencing, among control word buffer 1104 or these input buffers 1105-1106 simultaneously, or specified data among these golden key buffer 1107-1108 also are sent out.In with reference to the embodiment that Fig. 8 and Fig. 9 discussed, a control word at first is written into micro-order through one and is loaded in the control word buffer 1104.Be written into golden key or golden key catalogue through the follow-up micro-order that is written into then.If one 128 golden key is written into, one is written into micro-order can offer named cache device gold key-01107.If the golden key greater than 128 is written into, one be written into micro-order except offering named cache device gold key-01107 so, also provide simultaneously buffer gold key-11108 specified one be written into micro-order.

If the user generates golden key catalogue and is written into, then the specified follow-up micro-order that is written into of buffer gold key-01107 will be provided.Each golden key in the golden key catalogue that is written into all is stored in successively in the golden key RAS 1102 and in their corresponding password bouts, is used.After this, input characters data (if not needing initialization vector) will be loaded into input-1 buffer 1106.Initialization vector if desired, it will be written into micro-order through one and be loaded into input-1 buffer 1106.The micro-order that is written into that acts on input-0 buffer 1105 drives password unit and makes and be written into the input characters data to input-0 buffer 1105; And beginning is according to the parameter that is provided by control word buffer 1104; Use initialization vector or two input buffer 1105-1106 (if input data system is pipeline) of input-1, to carry out the password bout of buffer input-01105 input characters data.Receiving specified being written into after the micro-order in input-01105, block cryptologic circuit 1101 begins to carry out specified crypto-operation through the content of control word.

If an independent golden key need be expanded, block cryptologic circuit 1101 promptly generates each golden key in golden key catalogue, and is stored in 1102 li of golden key RAS to them.Whether no matter block cryptologic circuit 1101 produces golden key catalogues or denys that golden key catalogue is written into from storer; First leg gold key is cached in this block cryptologic circuit 1101, so that this first block password bout need not can be carried out by access gold key RAS 1102.In case starting; Block cryptologic circuit 1101 is done up to this computing at the crypto-operation that at least one input characters block continues to put rules into practice, as the cryptographic algorithm that is used is desired from golden key RAS 1102 continuous intercepting bout gold key.Password unit 1100 is carried out the block crypto-operation of an appointment on the input characters block of appointment.Continuous input characters block can be carried out encryption or deciphering via the corresponding and continuous micro-order that is written into and stores.After a storage micro-order is performed, if also having fully, appointed output data (i.e. output-0 or output-1) do not produce, block cryptologic circuit 1101 produces inhibit signals 1113 at this moment.When output data produced and inserted a corresponding output state 1109-1110, the content of buffer 1109-1110 promptly was passed to memory bus 1112.

See Figure 12 now, a calcspar has been explained the embodiment that the rank encryption standard is carried out a block cryptologic circuit (block cipher logic) 1200 of crypto-operation that advances used according to the invention.Block cryptologic circuit 1200 comprises the bout engine (round engine) 1220 that is connected to bout engine controller (round engine controller) 1210 through bus 1211-1214 and bus 1216-1218.Bout engine controller 1210 accesses one micro-order buffers (micro instruction register) 1201, control word buffer (control word register) 1202, golden key-0 buffer 1203 and golden key-1 buffer 1204 are with golden key data, micro-order and the parameter etc. of access indication crypto-operation.

The content of input buffer (input register) 1205-1206 is provided for bout engine 1220, and bout engine 1220 offers output state 1207-1208 with corresponding output character.Output state 1207-1208 is connected to bout engine controller 1210 through bus 1216-1217; With the result who guarantees that the bout engine controller can each continous cipher bout of access, it offers bout engine 1220 through bus NEXTIN 1218 for the Next Password bout.The golden key of gold key RAS (not icon) passes through bus 1215 by access.Encrypt/decrypt (ENC/DEC) signal 1211 drives the bout engine and uses sub-computing to carry out encryption (for example S-Box) or deciphering (for example being inverted S-Box).The content driven bout engine 1220 of bout counting (RNDCON) bus 1212 is carried out one first and is advanced to advance in the middle of the rank encryption standard bout, rank encryption standard bout or last and advance rank encryption standard bout.The gold key produces (GENKEY) signal 1214 and is used to instruct bout engine 1220 to make the golden key that is provided according to bus 1213 generate a gold medal key catalogue.When its corresponding bout was performed, golden key bus 1213 offered the golden key of bout engine 1220 each bout.

Bout engine 1220 comprises the first gold medal key xor logic circuit 1221 that is connected on the one first buffer buffer memory-01222.First buffer 1222 is connected to S-Box logical circuit 1223, and S-Box logical circuit 1223 then is connected to and moves on the column logic circuitry (Shift Row logic) 1224.Move column logic circuitry 1224 and be connected to one second buffer buffer memory-11225 place.1225 of second buffers are connected to and mix hurdle logical circuit (Mix Column logic) 1226, mix hurdle logical circuit 1226 and are connected to one the 3rd buffer buffer memory-21227.These are discussed in the above advances the first gold medal key logical circuit 1221, S-Box logical circuit 1223 in the encryption standard FIPS standard of rank, move column logic circuitry 1224 and mix hurdle logical circuit 1226 and on the input characters data, carry out the sub-computing identical with their titles.

Move column logic circuitry 1226 during middle bout, need use bout gold key on the input data, to carry out rank encryption standard xor function through golden key bus 1213.The first gold medal key logical circuit 1221, S-Box logical circuit 1223, move column logic circuitry 1224, and mix hurdle logical circuit 1226 and also be used between the decryption period carrying out their corresponding contrary sub-computings of rank encryption standard of advancing through encrypt/decrypt signal 1211 keyholed back plates.Those skilled in the art hope the special section block encryption pattern of basis by the content appointment of control word buffer 1202, and the bout data are fed back to bout engine 1220 in the middle of making.Initialization vector data (if desired) offer bout engine 1220 through bus NEXTIN1218.

In the embodiment shown in fig. 12, the bout engine is divided into two levels: between buffer memory-01222 and the buffer memory-11225 is the first order, and buffer memory-11225 then is the second level with buffer memory-21227.The pipeline transmission between level synchronously of middle bout data and frequency signal (not shown).When crypto-operation was accomplished on an input block piece, relevant output data promptly was stored in corresponding output state 1207-1208.The execution of one micro-order " storage " makes the content of an appointment output state 1207-1208 be provided to a memory bus (not shown) and locates.

See Figure 13 now, a flow chart description according to the present invention during an interrupt event method of protection cryptographic parameter state.According to the present invention, when microprocessor execution command stream, flow process begins at square 1302 places to carry out.Instruction flow is not to comprise a cipher instruction of describing here.Subsequently, the flow processing decision block 1304.

When decision block 1304; Making assessment takes place to require to remove to handle interrupt event at the current instruction stream (＂ interrupt handler ＂) of change to determine whether an interrupt event (for example, maskable interrupts, non-maskable interrupts, page fault, task are switched or the like).If flow process is promptly carried out square 1306.If not, flow process can continue execution in this instruction and take place up to an interrupt event in decision block 1034 circulations.

According to the present invention, when square 1306, because there is an interrupt event to take place, before will program controlly giving corresponding interrupt handler, the interrupt logic circuit guides and falls the interior X position of tag cache device clearly.The removing of X position guarantees; When interrupt handler returns; If a block crypto-operation is carrying out; It will be shown, and at least one interrupt event is taking place, and before the block crypto-operation by input pointer buffer contents input block piece pointed continued, control word data and golden key data must be written into again.The flow processing square 1308 subsequently.

At square 1308,, be stored into storer to all structure buffer systems that comprise the pointer sum counter relevant with carrying out the block crypto-operation according to the present invention.Those skilled in the art hope deliver control to interrupt handler before, the storage configuration buffer is a typical behavior of accomplishing at the current data calculation element.Thereby the purpose of current data structure of the present invention is to provide transparence ground to carry out during the whole interrupt event.After buffer was preserved, flow process was promptly handled square 1310.

At square 1310, program flow is passed to interrupt handler.Flow process is promptly handled square 1312 subsequently.

At square 1312, this method is accomplished.Those skilled in the art hope to begin from square 1302 once more after the method for Figure 13 is returned from interrupt handler.

With reference now to Figure 14,, process flow diagram has been described according to the present invention under the situation of at least interrupt event generation, on several input block pieces, to carry out the method for an appointment output feedback mode crypto-operation.

Flow process according to the present invention, guides crypto-operation to use output feedback mode begin carry out at this cipher instruction in square 1402 beginnings.The execution of cipher instruction can be one first execution, also can be after one first carries out, and carries out the result of interrupting by an interrupt event, the program control cipher instruction place that after an interrupt handler is performed, transferred back to.Flow process is promptly handled square 1404 subsequently.

At square 1404, according to the present invention, the content block pointed via an input pointer buffer in the storer is written into from storer, and starts the crypto-operation of an appointment.Specific input pointer buffer is to be determined by the block cipher mode of special password computing of appointment (for example, encrypt or decipher) and appointment (for example electronics code book formula, the serial of password block, cipher feedback or output feedback).For example, if a cryptographic calculation uses output feedback mode, import the pointer buffer so and an initialization pointer buffer all is used to these data of device.For an output feedback mode cryptographic calculation, input pointer buffer points to next plaintext block that will be encrypted.For an output feedback mode decrypt operation, input pointer buffer then points to the next ciphertext block that quilt is deciphered that is about to.Feed back encryption and decipher both for output, the initialization vector buffer points to the initialization vector position in the storer.For one first block, the content of initialization vector position is an initialization vector in storer.For follow-up block, the content of initialization vector position is relevant to the output ciphertext block of a last block, and it is used as an equivalent initialization vector of current block.If the designated use electronics of decrypt operation code book formula pattern, so in order to the input pointer buffer that is written into these data be one point to next ciphertext block in the storer buffer.Flow process arrives decision block 1406 with aftertreatment.

Be used to decision in decision block 1406, one assessments and whether in a tag cache device, the X position be set.If the X position is set up, show that promptly present control word and the golden key catalogue that is loaded into a password unit according to the present invention is effective.If the X position is fallen clearly, show that promptly the control word and the golden key catalogue that are loaded into password unit at present are invalid.As above-mentioned mention indirectly, with reference to Figure 13, when interrupt event took place, the X position was promptly fallen clearly.In addition, that kind of as above mentioning when needs are written into a new control word or golden key catalogue or two and all must be written into, promptly must be fallen the X position clearly before sending this cipher instruction.Use among the compatible embodiment of the 30th x86 of X86 tag cache device one, have the PUSHFD instruction of a POPFD instruction to fall the X position clearly subsequently through carrying out one.But those skilled in the art will hope that in other alternative embodiment, other instruction must be used to fall clearly the X position.If the X position is set up, flow process will be handled square 1412.If the X position is fallen clearly, flow process is promptly handled square 1408.

At square 1408, because the X position that is eliminated has shown that an interrupt event takes place, perhaps a new control word and/or golden key data will be written into, and therefore a control word is written into from storer.In one embodiment, being written into control word stops password unit to be carried out as above-mentioned square 1404 described designated pin computings.In this typical embodiment,, start a crypto-operation, allow to utilize control word and the golden key data that are written at present, the multi-tiling crypto-operation is optimized through supposing 1404 li of squares.Therefore, the present input data block is written into, and just begins before the situation of crypto-operation X position in inspection decision block 1406.Next flow process promptly handles square 1410.

At square 1410, golden key data (i.e. a gold medal key or a complete golden key catalogue) are written into from storer.In addition, according to the up-to-date control word that is written into and golden key catalogue, (or equivalent initialization vector system is written into and is carried out crypto-operation once more at square 1404 described input blocks and initialization vector.Flow process is handled square 1412 immediately.

At square 1412, the input block piece (current ciphertext block or current plaintext block) that is loaded in square 1404 or the square 1410 is saved to an internal buffer TEMP.Flow process is with aftertreatment square 1414.

Corresponding to the output block that is written into the input block at square 1414, is generated.Encrypt for the output feedback, the input block is a plaintext block, and the output block then is a corresponding ciphertext block.For the deciphering of output feedback, the input block is a ciphertext block, and the output block then is a corresponding plaintext block.Flow process is with aftertreatment square 1416.

Produce through output block and the mutual exclusion of TEMP content at square 1416, one equivalent initialization vector IVEQ.Flow process is with aftertreatment square 1418.

At square 1418; These effect initialization vectors IVEQ is write to initialization vector pointer buffer IVPTR content memory location pointed, therefore will use the equivalent initialization vector that is fit to the execution of importing the specified output feedback mode crypto-operation of block subsequently.Flow process is handled square 1420 then.

Described step is asked to guarantee at a state in the square 1412,1414,1416 and 1418, and it allows the execution of a cipher instruction of use block password output feedback mode to be interrupted at any time.For example, in one embodiment, a page make mistakes a cipher instruction the term of execution can take place at any point.

At square 1420, the output block that is generated is stored into storer.Flow process is handled square 1422 then.

At square 1422, the content of input and output block pointer buffer is modified to points to next input and output block.In addition, the content of a plurality of buffers of block meter is modified, to be illustrated in the completion of crypto-operation on the present input data block.In the embodiment that Figure 14 discussed, a plurality of buffers of block meter successively decrease.But those skilled in the art will hope, alternative embodiment is with the computing of block count buffer contents and test also the pipelined of tolerable input characters block and carry out.Flow process is with aftertreatment row decision block 1424.

Whether an input block piece is waited to be performed to be used to decision in decision block 1426, one assessments.Among the embodiment that describes, be illustrative purpose here, the block count device is used to determine whether it equals zero.If there is not block to wait to be performed, flow process is promptly handled square 1428.If a block is waited to be performed, flow process begins to handle square 1426.

At square 1426, be written into by input pointer buffer contents and initialization vector next input block and equivalent initialization vector thereof pointed.Flow process is handled square 1412 then.

At square 1428, this method is finished dealing with.

Those skilled in the art will hope that step that square 1416,1418,1420,1422 and 1424 discussed can be along their special flow path, take place or their generations that can walk abreast with different order.

Though the present invention and its target, characteristic and advantage are described in detail, other embodiment also should be comprised by the present invention.For example, the present invention couple goes through with the embodiment of x86 structure compatible.But such discussing mode is because the x86 structure is understood widely, and the means that therefore an abundance is provided are with study the present invention.The present invention comprises that still such as other instruction set architecture of PowerPC, MIPS and fellow thereof and other be the embodiment that new instruction set architecture adapts fully.

The present invention still is included in the computing system element, but not the execution of crypto-operation in microprocessor itself.For example, can easily in a password unit embodiment, be used according to cipher instruction of the present invention, be not as the integrated circuit in the microprocessor, must use as a computer system part.The expection embodiments of the invention will be integrated into a microprocessor chipset (for example, north bridge, south bridge) on every side or the application specific processor of conduct execution crypto-operation, give this processor at this cipher instruction from a master microprocessor.Expectation the present invention will be applied to embedded controller, industrial control unit (ICU), signal processor, array processor and be used for the miscellaneous equipment of deal with data.The present invention is also included within to describe here and carries out the embodiment that the necessary element of crypto-operation is formed.An equipment like this will provide a low cost, lower powered selection to carry out crypto-operation as the encryption/decryption process device in a communication system really.For the purpose of clear and definite, these treatment elements selected that inventor of the present invention mentions are processors recited above.

In addition, although the present invention describes with 128 blocks, the size that only needs to change input data, output data, golden key and control word buffer just can realize different block sizes.

And; Though data encryption standards, triple DES and advance the rank encryption standard and significant description is arranged in the present invention; The inventor points out that the present invention also comprises less well-known block cryptographic algorithm, such as MARS block cryptographic algorithm, Rijndael block cryptographic algorithm, Twofish block cryptographic algorithm, Blowfish block cryptographic algorithm, snake block cryptographic algorithm and RC6 block cryptographic algorithm.What will fully understand is, the present invention provides the dedicated block encryption apparatus, and in a microprocessor, supports the method that a cover is realized, there the computing of microcell block encryption can through one separately the execution of instruction by priming.

In addition, though the present invention is described according to the block cryptographic algorithm and to the correlation technique of carrying out the block cryptographic function, should be noted that the present invention comprises other password form except the block password fully.It should be deferred to: an instruction separately is provided; The user can indicate a compatible microprocessor to carry out a crypto-operation such as encrypting or deciphering whereby; Comprise the password unit of a special use at this this microprocessor, password unit is accomplished appointed cryptographic function through instruction.

And, one 2 grades device is provided about the discussion of bout engine here, such two input block pieces just can be carried out by pipeline.The inventor points out that other embodiment maybe be more than 2 levels.Expection supports the level of the pipeline of more input block pieces to divide and other interior grade of microprocessor that match is consistent.

At last; Though the present invention is used as one and supports that the independent password unit of several block cryptographic algorithms is discussed; The present invention also comprises to be provided and parallel several password units that are connected of other performance element in a compatible microprocessors; At this, each in these password units is in order to carry out a specific block cryptographic algorithm.For example, a first module is configured to into rank encryption standard, and Unit one second then is configured to data encryption standards or the like.

Those skilled in the art should hope that they can use easily and disclose clear and definite notion and embodiment; With as accomplishing the object of the invention basic engineering or revise other structure, and the various changes of being carried out according to this, substitute and change spirit and the scope that does not all break away from accompanying claims of the present invention and defined.

Claims (22)

1. the device in order to the execution crypto-operation comprises

One cipher instruction circuit; It provides at least one cipher instruction, and this cipher instruction is received by a computing equipment, with the part as an instruction stream of on this computing equipment, carrying out; Wherein this cipher instruction is specified one of a plurality of crypto-operations, and this crypto-operation of wherein appointment comprises:

At corresponding a plurality of input characters blocks, carry out the computing of a plurality of output feedback block passwords;

One output feedback block mode logical circuit, it is connected to this cipher instruction circuit, to drive the initialization vector position that this computing equipment upgrades pointer buffer and each said output feedback block crypto-operation; And

One execution logic circuit, it is connected to this output feedback block index logical circuit, with this crypto-operation of execution appointment,

Wherein this crypto-operation of appointment also comprises at least one of column operations down:

One output feedback block mode cryptographic calculation; This output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; This output feedback block mode cryptographic calculation uses one to encrypt initialization vector; It is used to produce one first by one first encrypting plaintext block and encrypts the ciphertext block; The computing of previous encryption ciphertext is used to encrypt initialization vector and encrypts ciphertext output block to produce one first; Subsequently, borrowing first to encrypt the mutual exclusion of the ciphertext output block and the first encrypting plaintext block or encrypt the ciphertext block to produce one first, first encrypts ciphertext output block then will be encrypted initialization vector as an equivalence of encrypting the second encrypting plaintext block by feedback; And

One output feedback block mode decrypt operation; This output feedback block mode decrypt operation comprises a plurality of ciphertext block deciphering to produce corresponding a plurality of plaintext block; This output feedback block mode decrypt operation uses a deciphering initialization vector; It is used to produce expressly block of one first deciphering by one first decrypting ciphertext block; Previous decrypting ciphertext computing is used to decipher initialization vector to produce one first decrypting ciphertext output block; Subsequently, borrowing the mutual exclusion of first decrypting ciphertext output block and the first decrypting ciphertext block or deciphering expressly block to produce one first, first decrypting ciphertext output block then will be by feedback as an equivalence deciphering initialization vector of deciphering the second decrypting ciphertext block.

2. device as claimed in claim 1, wherein this cipher instruction is specified the output feedback mode of this crypto-operation of carrying out appointment.

3. device as claimed in claim 1 also comprises:

A reservoir is connected to this execution logic circuit, and it is in order to store one, and whether this is interrupted by an interrupt event in order to this crypto-operation that shows appointment.

4. device as claimed in claim 3, wherein this interrupt event comprises the program control program circuit to this interrupt event of processing of transfer, and this crypto-operation of wherein carrying out in the appointment of current input characters block is interrupted.

5. device as claimed in claim 4, wherein when from program control when returning this cipher instruction, this crypto-operation of appointment is performed in this current input characters block.

6. device as claimed in claim 1, when wherein the said output feedback of each on each corresponding said input characters block block mode crypto-operation was accomplished, this output feedback block mode logical circuit carried out of following running at least:

Guide this computing equipment to revise this pointer buffer, to point to next input and output literal block;

Guide this computing equipment to the content of initialization vector buffer memory location pointed, to store current equivalent initialization vector; And

Guide this computing equipment, make via the two mutual exclusion exclusive disjunction of a current input characters block and a current output character block, to produce this current equivalent initialization vector.

7. device as claimed in claim 1, wherein this interrupt event comprise one interrupt, one unusual, a page is made mistakes or a task is switched.

8. device as claimed in claim 1, wherein this cipher instruction is referenced to a plurality of buffers in this computing equipment.

9. device as claimed in claim 8, wherein said buffer comprise and are selected from following one:

One first buffer; Wherein the content of this first buffer comprises first pointer of a sensing first memory address; This first memory address specifies in the primary importance in the storer, the said input block piece of access when this crypto-operation of appointment will be done;

One second buffer; Wherein the content of this second buffer comprises one second pointer that points to a second memory address; This second memory address specifies in the second place in this storer preserving corresponding a plurality of output character block, and said corresponding output character block is accomplished the result that this crypto-operation produced of appointments at a plurality of input characters blocks;

One the 3rd buffer, wherein the content of the 3rd buffer system is illustrated in a plurality of literal blocks in a plurality of input characters blocks;

One the 4th buffer; Wherein the content of the 4th buffer comprises one the 3rd pointer that points to one the 3rd storage address; Three position of the 3rd storage address appointment one in storer is for the access at the key data that this crypto-operation uses of accomplishing appointment;

One the 5th buffer; Wherein the content of the 5th buffer comprises the 4th pointer of a sensing one the 4th storage address; Four position of the 4th storage address appointment one in storer; The 4th position comprises this initialization vector position, the content of this initialization vector position comprise one when accomplishing this crypto-operation of appointment employed initialization vector or equivalent initialization vector; And

One the 6th buffer; Wherein the content of the 6th buffer comprises a five fingers pin that points to one the 5th storage address; Five position of the 5th storage address appointment one in storer is for the access of the control word that this crypto-operation uses of accomplishing appointment, and wherein this control word is in order to specify the employed a plurality of cryptographic parameter of this crypto-operation.

10. device as claimed in claim 1, wherein this execution logic circuit comprises:

A password unit, it carries out a plurality of password bouts on each said input characters block, and to produce corresponding each a plurality of output character blocks, wherein said password bout is specified by the control word of this password unit.

11. the device in order to the execution crypto-operation comprises:

One password unit in an equipment, it is used for carrying out a certain this crypto-operation of a plurality of crypto-operations, and it also responds the cipher instruction in the instruction stream of specifying this crypto-operation, and wherein appointed this crypto-operation comprises:

On corresponding a plurality of input characters blocks, carry out a plurality of output feedback mode block crypto-operations; And

One output feedback mode logical circuit, it is connected to this password unit, with the content of the initialization vector position of the content of guiding this apparatus updates pointer buffer and each said output feedback mode block crypto-operation,

Wherein this crypto-operation of appointment also comprises at least one of column operations down:

One output feedback block mode cryptographic calculation; This output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; This output feedback block mode cryptographic calculation uses one to encrypt initialization vector; It is used to produce one first by one first encrypting plaintext block and encrypts the ciphertext block; The computing of previous encryption ciphertext is used to encrypt initialization vector and encrypts ciphertext output block to produce one first; Subsequently, borrowing first to encrypt the mutual exclusion of the ciphertext output block and the first encrypting plaintext block or encrypt the ciphertext block to produce one first, first encrypts ciphertext output block then will be encrypted initialization vector as an equivalence of encrypting the second encrypting plaintext block by feedback; And

One output feedback block mode decrypt operation; This output feedback block mode decrypt operation comprises a plurality of ciphertext block deciphering to produce corresponding a plurality of plaintext block; This output feedback block mode decrypt operation uses a deciphering initialization vector; It is used to produce expressly block of one first deciphering by one first decrypting ciphertext block; Previous decrypting ciphertext computing is used to decipher initialization vector to produce one first decrypting ciphertext output block; Subsequently, borrowing the mutual exclusion of first decrypting ciphertext output block and the first decrypting ciphertext block or deciphering expressly block to produce one first, first decrypting ciphertext output block then will be by feedback as an equivalence deciphering initialization vector of deciphering the second decrypting ciphertext block.

12. device as claimed in claim 11, wherein an interrupt event make one program control transfer to one handle this interrupt event program circuit, and wherein be interrupted at this crypto-operation of current input characters onblock executing appointment.

13. device as claimed in claim 12, wherein when from program control when turning back to this cipher instruction, this crypto-operation of appointment promptly is performed on this current input characters block.

14. device as claimed in claim 11, when wherein the said output feedback of each on each said corresponding a plurality of input characters block block crypto-operation was accomplished, this output feedback block mode logical circuit carried out of following running:

Guide this computing equipment to revise the content of this pointer buffer, to point to next input and output literal block place; And

Guide this computing equipment to store an equivalent initialization vector to this initialization vector position, wherein this initialization vector position comprises by the content of initialization vector buffer memory location pointed.

15. device as claimed in claim 11 wherein should guide the mutual exclusion exclusive disjunction of this computing equipment via a current input characters block and a current output character block by output feedback block mode logical circuit, and produce an equivalent initialization vector.

16. a method of in an equipment, carrying out crypto-operation, this method comprises:

Carry out the some of a plurality of crypto-operations, with the cipher instruction that response receives, wherein this cipher instruction is specified a certain this crypto-operation that will be performed in said crypto-operation, and this execution comprises:

At corresponding a plurality of input characters blocks, carry out the computing of a plurality of output feedback block mode block; And

Write an equivalent initialization vector to an initialization vector position, use so that it feeds back one of block mode block computing via the next a plurality of outputs on the said input characters block of the next one,

Wherein this crypto-operation of appointment also comprises at least one of column operations down:

One output feedback block mode cryptographic calculation; This output feedback block mode cryptographic calculation comprises to be encrypted to produce corresponding a plurality of ciphertext block a plurality of plaintext blocks; This output feedback block mode cryptographic calculation uses one to encrypt initialization vector; It is used to produce one first by one first encrypting plaintext block and encrypts the ciphertext block; The computing of previous encryption ciphertext is used to encrypt initialization vector and encrypts ciphertext output block to produce one first; Subsequently, borrowing first to encrypt the mutual exclusion of the ciphertext output block and the first encrypting plaintext block or encrypt the ciphertext block to produce one first, first encrypts ciphertext output block then will be encrypted initialization vector as an equivalence of encrypting the second encrypting plaintext block by feedback; And

One output feedback block mode decrypt operation; This output feedback block mode decrypt operation comprises a plurality of ciphertext block deciphering to produce corresponding a plurality of plaintext block; This output feedback block mode decrypt operation uses a deciphering initialization vector; It is used to produce expressly block of one first deciphering by one first decrypting ciphertext block; Previous decrypting ciphertext computing is used to decipher initialization vector to produce one first decrypting ciphertext output block; Subsequently, borrowing the mutual exclusion of first decrypting ciphertext output block and the first decrypting ciphertext block or deciphering expressly block to produce one first, first decrypting ciphertext output block then will be by feedback as an equivalence deciphering initialization vector of deciphering the second decrypting ciphertext block.

17. method as claimed in claim 16, it also comprises:

Shift program control program circuit, and interrupt the execution of this crypto-operation of appointment on this current input characters block to a processing one interrupt event.

18. method as claimed in claim 17, it also comprises:

From program control this cipher instruction after turning back to this transfer the time, on this current input characters block, carry out this execution.

19. method as claimed in claim 16, wherein this reception comprises:

Specify an output feedback mode cryptographic calculation, with this crypto-operation as appointment.

20. method as claimed in claim 16, wherein this reception comprises:

Specify an output feedback block mode decrypt operation, with crypto-operation as appointment.

21. method as claimed in claim 16 also comprises:

Generation should the equivalence initialization vector.

22. method as claimed in claim 21, wherein this generation comprises:

An one current input word literary composition block and the current output character block mutual exclusion exclusive disjunction between the two.

Images