TW200536329A - Apparatus and method for performing transparent cipher block chaining mode cryptographic functions - Google Patents

Apparatus and method for performing transparent cipher block chaining mode cryptographic functions Download PDF

Info

Publication number
TW200536329A
TW200536329A TW093133735A TW93133735A TW200536329A TW 200536329 A TW200536329 A TW 200536329A TW 093133735 A TW093133735 A TW 093133735A TW 93133735 A TW93133735 A TW 93133735A TW 200536329 A TW200536329 A TW 200536329A
Authority
TW
Taiwan
Prior art keywords
block
password
cryptographic
register
item
Prior art date
Application number
TW093133735A
Other languages
Chinese (zh)
Other versions
TWI268686B (en
Inventor
Glenn G Henry
Thomas A Crispin
Terry Parks
Original Assignee
Via Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/826,814 external-priority patent/US7542566B2/en
Application filed by Via Tech Inc filed Critical Via Tech Inc
Publication of TW200536329A publication Critical patent/TW200536329A/en
Application granted granted Critical
Publication of TWI268686B publication Critical patent/TWI268686B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CBC block pointer logic, and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CBC block cryptographic operations performed on a corresponding plurality of input text blocks. The CBC block pointer logic is operatively coupled to the cryptographic instruction. The CBC block pointer logic directs the computing device to update pointer registers and intermediate results for each of the plurality of CBC block cryptographic operations. The execution logic is operatively coupled to the CBC block pointer logic. The execution logic executes the one of the cryptographic operations.

Description

200536329 九、發明說明: 【相關申請案之交互參考】 本申請案優先權之申請係根據美國專利申請 案唬為1 0/82681 4,申請日期係為〇4/16/2〇〇4。 【發明所屬之技術領域】 本發明係有關微電子學領域,尤其係有關一種 在微處理器或其他設備中執行透明化密碼區塊串列 模式密碼運算的裝置及方法。 【先前技術】 作*早期電腦系統,係與其他電腦系統獨立運 μ因此-在早期電腦系統中執行之應用程式,所 :庫:全部輸入資料,可能位於該電腦系統,或由 出;=設計者於執行時提供。該應用程式由輸 二為執行後的結果,而該輸出資料通 节μ書面輸出, 磁碟或其他位… 寫在—磁帶機、 該輪出楼電腦系統内之大量储存裝置中。 1列二之行在同一電腦系統中, 就已經以一檔案形式二,或者该輸出資料先前 式储存到一可移除或可運輸之大 200536329 量儲存裝置,則它可接著被提供到一不同、甚至不 相容之電腦系統,以供應用程式使用。在這些早期 的電腦系統中’已確認保護敏感資料的需纟,而在 其他貢訊保全措施中,密碼程序程式係發展及利用 來保護未授權揭露之敏感資料。一般來說,這些密 碼程式將儲存在大量儲存裝置料的加密: 解密。 山 幾年則,使用者發現連結網路電腦,以提供存 取已共享的資料。連帶地,網路結構、作業系統及 貧料傳輸協定,同樣地將存取已分享資料的能力, 發展到不僅僅是支援,甚至扮演起突起性重要的角 色例士在5日·一電腦工作站的使用者,能夠 讀取不同工作站或網路檔案伺服器之檔案、使用網 際網路取得新聞及其他資訊、在數百部電腦間傳送 及接收電子訊息(亦艮p電子郵件)、冑接到供應商的 電腦系統,提供信用卡或銀行功能資訊,以進行與 供應商之間的買賣、或在 八,w厶穴5 所利用無線網路進行前述活動’都是相當平常的等 情。因此,保護未授權揭露之敏感資料本身及傳賴 的需求劇烈的成長。一使用者在一給定電腦多層涵 定期間,有義務來保護敏感資料的案例越來越多。 200536329 目前新聞頭條#拍$ 只悚係規律性地加重電腦資 力道,例如垃切俞从 貝‘女王4題的 郵件、駭客攻擊、個人資料 還原工程、網跋斗料 卞卜机、 η > 泎騙以及信用卡詐欺等公眾議題 隶釗線。而因為产 靖之 為坆些預谋之網路恐怖主義,以 之手段入侵個人降$ a m 不正 又個人私乾圍的影響,有關機關 定出相對應的新半 .^ ^ ^ …擬 ’ 新法、嚴格的執行及公眾教育的程 式然而,沒有任何一種反應在電腦訊息妥協處理 (勢上表現出作用。原本只有政府關心的事情,金 融制度,軍事及間謀問題,現在變成—般市民從其 家用電腦讀取電子料或執行活儲戶頭存取時一種 〃、、頁著的主題。在訊息安全範疇方面,已逐漸發展出 一些技術與裝置可以讓訊息只會被特定的對像所接 收瞭解,即所謂的密碼學(crypt〇graphy)。當特別 應用於保護資訊時,其為在電腦間儲存或傳送時, 加进使用於傳送敏感的訊息(已知如“明文” (cleartext)或本文”(plaintext)至不能瞭解的 形式(如“密文” (ciphertext))。明文轉換至密文 的傳送過程稱“加密(e n c r y p t i ο η ) ” 、 “譯成密 碼(encipher ing ) ”、或“密碼化(cipher ing ) ” , 且密文轉換至明文的傳送過程稱“解密 (decryption)”、“解除密碼(deciphering)” 、 200536329 或‘轉換密碼(inverse ciphering),,200536329 IX. Description of the invention: [Cross-reference of related applications] The priority application of this application is 10/82681 4 according to the US patent application, and the application date is 04/16/22004. [Technical field to which the invention belongs] The present invention relates to the field of microelectronics, and more particularly, to a device and method for performing a transparent password block serial mode cryptographic operation in a microprocessor or other device. [Previous technology] * Early computer systems are independent of other computer systems. Therefore-applications executed in early computer systems, so: library: all input data, may be located in the computer system, or from; = design Provided at execution time. The application is the result of the execution from the input two, and the output data is written in μ, a disk or other bits ... written in a tape drive, a large number of storage devices in the computer system of the building. A row of two rows in the same computer system is already in the form of a file two, or the output data is stored previously in a removable or transportable large 200536329 volume storage device, which can then be provided to a different , Or even incompatible computer systems for use by applications. In these early computer systems, the need to protect sensitive data has been identified, while in other tribute security measures, cryptographic programs have been developed and used to protect sensitive data that has not been disclosed. Generally, these password programs will be stored in a mass storage device for encryption: decryption. In recent years, users have found connected computers to provide access to shared data. Together, the network structure, operating system, and lean data transfer protocol have similarly developed the ability to access shared data to not only support, but even play a prominent and important role. On the 5th, a computer workstation Of users can read files from different workstations or network file servers, use the Internet to get news and other information, send and receive electronic messages (also email) between hundreds of computers, and receive The supplier's computer system provides credit card or bank function information to conduct transactions with the supplier, or to perform the aforementioned activities on the wireless network used in the eight, w 厶 Acupoint 5 are quite common. As a result, the need to protect sensitive information itself and its disclosure has increased dramatically. Increasingly, a user is obliged to protect sensitive information during a given period of time in a given computer. 200536329 Current news headline # 拍 $ Only the thriller regularly increases the computer power, such as the email of La Qieyu Congbei's queen 4 question, hacker attack, personal data restoration project, online post fighting machine, η & gt Public issues, such as fraud and credit card fraud, are on the line. However, because of the premeditated cyber terrorism and the invasion of individuals by means of incursions and the influence of personal privacy, the relevant agencies have determined a corresponding new half. ^ ^ ^… Strict implementation and public education programs. However, none of the reactions have played a role in compromising the processing of computer information. Originally, only the government's concerns, the financial system, military and intrigue issues, now become ordinary citizens from their home A sloppy, paged theme when a computer reads electronic material or performs a live deposit account access. In the area of message security, some technologies and devices have been gradually developed so that messages can only be received by specific objects. The so-called cryptography. When it is particularly used to protect information, it is used to transfer sensitive information when it is stored or transmitted between computers (known as "cleartext" or text) (Plaintext) to an incomprehensible form (such as "ciphertext"). The process of converting plaintext to ciphertext is called "encrypti ο η" "," Encipher ing ", or" cipher ing ", and the transmission process of cipher text to plain text is called" decryption "," deciphering ", 200536329 or ' Inverse ciphering,

他方式增加未加密原始訊息 皆一個不能使接受者解除加密訊 ,因此接受者不能夠移除或以其 I始訊息的存取。一種技術將這 些步驟或規則採取密碼保護,數學運算及特別設計 的應用程式形式將高敏感度訊息加密或解密。 一些運异類別使用於將數據加密或解密。在此 提及的第一類運算類別(如公共金鑰加密運算· rsa 運算)利用兩種加密密碼(一種公共金鑰(pubHc key)及一種私人金鑰(Private key))來將數據加 密或解密。提及一些公共金鑰運算,一種公共金鑰 利用來傳送給接受者的數據加密。在使用者公共及 私人金鑰兼有一個數學演算關係,接受者必須利用 其私人金餘將傳送資料解密以恢復數據。雖然此類 加密運算在今日廣泛被使用,但加密及解密操作速 度仍然過慢,即使只加密與解密少量數據。第二類 運算,如對稱金鑰運算(symmetric key 200536329 algorithms),提供數據安全相當程度,且速度更 快。运些運算稱為對稱金鑰運算,因為其使用加密 金输於加密及解宓#自 , 胛在汛息。有三種公共習知之主要加Adding unencrypted original messages in other ways does not allow the recipient to unencrypt the message, so the recipient cannot remove or start access to the message. A technology encrypts or decrypts these steps or rules with password-protected, mathematical operations, and specially designed applications. Some variants are used to encrypt or decrypt data. The first type of operation mentioned here (such as public key encryption operation · rsa operation) uses two encryption passwords (a public key (pubHc key) and a private key (Private key)) to encrypt data or Decrypt. Mentioned some public key operations, a type of public key encryption used to transmit data to recipients. The user's public and private keys have a mathematical calculation relationship, and the recipient must use their private funds to decrypt the transmitted data to recover the data. Although such encryption operations are widely used today, the speed of encryption and decryption operations is still too slow, even if only a small amount of data is encrypted and decrypted. The second type of operations, such as symmetric key 200536329 algorithms, provide a degree of data security and are faster. These operations are called symmetric key operations, because they use encrypted gold for encryption and solution # 自, 胛 in the flood. There are three main types of public knowledge

密金錄運算:教撼‘ & 、、A '山才示準規則(data encryption dard DES ) ’二重數據加密標準規則(Triple DES)’及進階加密標準規則糊⑶仏叩州⑽ 如池心购。因為這些演算強度保護高敏感度 數據’其現在由美國政府及其代理機構使用。但可 以預期,這此技術中& —孜竹中的一個或多個將在未來成為商 業或私人傳达標準。根據這些對稱金鑰運算,明文 ^文係分別被區隔於—個特殊的大小來加密或解 雄牛例纟1 28位元大小區間的進階加密標準規 則完整加密操作,且使用128、192及256位元的加 密金鑰。其他對稱金輪運算允許192& 256位元數 據組的進階加密標準。提及分組加密操作 1 024位το明文訊息為如八個128位元組加密。 全部的對稱金鑰運算利用相同形式品 :乍二將一明文區塊加密。且提及-般更常使用的對 稱金餘運算,-種最初加密金鑰擴充進多種金十 一種“金錄目錚”),备 棚丄外 ^ Ώ 鳊錄)母一個如符合次操作加宓“回 合”(r〇Und)在明文區塊中完成。舉例,金“錄的 200536329 弟一金餘使用來完成方日 木7^成在明文區塊上次操作的第一加 岔回合,其中第二回合 矛J用金餘目錄的第二金鑰來 產生第二結果。一種特宏叙曰A 輪孓 種特疋數量的次單元回合被完成 “生一個密文本身的最終回結果。進階加密標準 規則運算之每―回合中的次操作,尚有次位元(或 s-b〇x)、移列(ShiftRows)、混攔(MixC〇i_)、加 入回合鍵(AddRoundKey)等術語。每一回合期間, -種密文區塊解密完成,除了完成密文輸人轉換密 碼以及轉換次操作(如混攔,移列),每一回合最終 結果為明文區塊。 ' 數據加密標準規則及三重數據加密標準規則 利用不同特性次操作,但次操作與這些進階加密標 準規則同工,因為其利用於類似方式轉換一明文區 塊成一密文區塊。 在多重連續測試組上完成密碼操作,全部對稱 金鍮運异利用相同的模式。這些模式包含電子密竭 書(electronic code book、ECB)模式、密碼區塊 串列(cipher block chaining、CBC)模式、密石馬 回饋(cipher feedback、CFB)模式、及輸出回饋 (output feedback、0FB)模式。在次操作完成期 間,一些模式利用一種附加初始化向量且一些使用 200536329 元成於第一明文區塊加密第一位置的密文輸出如一 種附加輸入至完成於第二明文區塊的加密第二位 置。更多的相關技術細節,可以參見Federal Information Processing Standards Publication 46-3 ( FIPS-46-3),1 999 年 10 月 25 日,其詳細討 論了數據加密標準規則、三重數據加密標準規則; 以及參見FIPS-197,2001年11月26日,其對進階 加密標準作了詳細解釋。前述標準規則係由國家標 修 準科技研究所(National Institute of Standards and Technology、NIST)頒佈及主張。此外,個別 的才曰令、白皮書、套裝工具及對策可參考國家標準 科技研究所之電腦安全應變中心(CSRC ),網址為 http·· //csrc· nist· g〇v/。 習知技術者將察覺多數應用程式可以有效的 在電腦上執行以完成加密操作(如加密及去密)。事 _ 貫上,一些操作系統(如Microsoft⑧、WindowsXP®、Encryption operation: teach "'&", "A" data encryption dard DES "Double Data Encryption Standard Rules (Triple DES)" and advanced encryption standard rules (仏 叩 州 ⑽ 如 池) Heart purchase. Because these calculations protect high-sensitivity data, 'it is now used by the US government and its agencies. However, it is expected that one or more of these technologies will become a commercial or private communication standard in the future. According to these symmetric key operations, the plaintext ^ text system is separated into a special size to encrypt or unravel the bull's case. 1 28-bit size advanced encryption standard rules complete encryption operations, and use 128, 192 And 256-bit encryption keys. Other symmetric golden wheel operations allow advanced encryption standards for 192 & 256-bit data sets. Mention the block encryption operation 1 024 bits το The plaintext message is encrypted as eight 128-bit bytes. All symmetric key operations use the same form of product: the first two encrypt a plaintext block. And mentioned-generally more commonly used symmetric remnant operations,-a kind of original encryption key expanded into a variety of gold eleven "Golden Record Catalog"), prepared 丄 丄 丄 Ώ 鳊 recorded) mother one if the operation Adding a "round" (rUnd) is done in a plaintext block. For example, Jin ’s 200536329 brother Yiyi Jinyu used to complete Fang Rimu ’s first operation of the last round in the plaintext block, and in the second round, Spear J used the second key of Jinyu ’s directory to A second result is produced. A kind of special unit that says the number of subunit rounds of A rounds of special features is completed "the final result of generating a cipher text body. Advanced Encryption Standard For each operation of the rule operation, there are terms such as sub-bit (or s-b0x), shift shift (ShiftRows), mixed block (MixC0i_), and add round key (AddRoundKey). During each round, the decryption of a ciphertext block is completed. Except for completing the ciphertext input conversion password and the conversion operation (such as mixing, shifting), the final result of each round is a plaintext block. '' Data encryption standard rules and triple data encryption standard rules utilize different characteristics of the secondary operation, but the secondary operation works with these advanced encryption standard rules because it is used to convert a plaintext block into a ciphertext block in a similar way. Cryptographic operations are performed on multiple consecutive test groups, all of which are symmetric. These modes include electronic code book (ECB) mode, cipher block chaining (CBC) mode, cipher feedback (CFB) mode, and output feedback (0FB) )mode. During the completion of this operation, some modes utilize an additional initialization vector and some use 200536329 yuan to encrypt the ciphertext output in the first plaintext block as an additional input to the encrypted second position in the second plaintext block. . For more related technical details, please refer to Federal Information Processing Standards Publication 46-3 (FIPS-46-3), October 25, 1999, which discusses data encryption standard rules and triple data encryption standard rules in detail; and see FIPS-197, November 26, 2001, provides a detailed explanation of advanced encryption standards. The aforementioned standard rules were promulgated and claimed by the National Institute of Standards and Technology (NIST). In addition, for individual talent orders, white papers, tool kits and countermeasures, please refer to the Computer Security Contingency Center (CSRC) of the National Institute of Standards and Technology. The website address is http: // · // csrc · nist · g〇v /. Those skilled in the art will recognize that most applications can be effectively executed on a computer to perform encryption operations (such as encryption and de-encryption). Things _ consistently, some operating systems (such as Microsoft⑧, WindowsXP®,

Linux )在原始加密形式、加密應用程式介面及相似 物%,直接提供加密/解密服務。無論如何,今曰電 腦加密技術仍存在一些缺失。請直接參考第一圖, 藉以在下面突顯及討論這些缺失。 圖1為一種今日電腦加密應用的方塊圖1 00, 12 200536329 描述一個與區域…05連結的第-電腦工作站 m、-個第二電腦工作站102、一個網路槽儲存設 備⑽、-個第一路由器107、或其他 (WAN)110如網際網路、及-個無線網路路由哭:1〇8 如1疆標準802.u形成的介面亦與區域網路105 連結。-個筆記型電腦104利用無線網路連接 至無線網路由器108。廣域網路11 〇另一個重點 :個第二路由器111提供-個第三電腦工作站⑽ 介面。 如上提及’今曰使用者在工作期間多次面臨電 腦資訊安全性的議題。舉例,在今日多重工作操作 系統控制下’一個工作站1〇1使用者可同步完成數 個工作,每—個皆需要密碼操作。工作站I"使用 者需要進行加密/㈣應用程式112(如部 =供或由操作系統行驶)已在網路槽儲存設備 上儲存區域檔案。在檔案儲存的同時,使用者 可傳送加密訊息至位於第二電腦工作站1〇2的第: 2用者,其亦需要執行加密/解密應用程式11 2。加 :訊息可為即時(如一種立即訊息)或非即時(如 子郵件)。另外’使用者還可從第三電腦工作站 3)經由廣域網路110存取或提供他/她最終數 200536329 據(如信用卡號碼,金融轉帳,等)或其他形式的 敏感數據。當走出公司進入任何一個在區域網路 105 上的分旱資源 1〇1 ’ 1〇2,1〇6,107,108,109 工作站101,使用者使用第三電腦工作站103可代 表豕用電腦或退距電腦1〇3。每一個前述動作需要 一個符合執行加密/解密應用程式112的例子。此 外,無線網路1 09現在常態性的提供於咖啡店,機 場,學校,及其他公共場所,因此筆記型電腦1〇4 使用者一個加密解密無論是他/她的訊息傳送/接收 ,、他使用者立即的需要,且經由無線網路工⑽至無 線網路由器108加密或解密所有訊息。 習知技術者可以瞭解,每一個上述活動都需要 一作站1 0 1 1 04上做加密操作,也就相應有執行 一個立即的加密/解审廡 在解在應用程式112的需求。因此, 電月旬101-104造一牛- 作 ν可此同時完成數百個加密操 無論如何,存扁_ ^丄 子在一些在電腦系統101-104上勃 仃至少一個以上 工執 ―士 即的加密/解密應用程式ι12而 元成加密操作方法 u而 式完成一個a、“ 制。舉例,經由-個軟體程 執行慢。每一個加为對比經由硬體完成相同功能 口在/解密應用程式U2都需要—段 200536329 時間’並且正在電腦1G1 — 1G4上執行的現行q可 能在這段時間内必須暫停執行,且加密操作(如明 文,密文,模式,金_)參數必須通過操作系统 至加密/解密應用程式112,執行加密操作。且因為 加密運算必須包含特殊組別數據幾回次操作,加密/ 解密應用#呈式(112 )執行包含執行多個電腦延伸; 令’因此全部系統操作速度有不利的影響。如―: 習知技術者所能查覺,在Micr〇s〇ft⑧〇討1〇〇心 送一個小的加密電子郵件會較傳送一個未加密電子 郵件慢5倍。 、 另外,當前技術的局限是由作業系統干涉的延 遲所造成❸。大多數應用㈣並不提供整數金餘產 生或加密/解密元件,他們執行作業系統的元件或内 嵌應用程式’以完成這些任務。而作業系統係按照 其他正在執行應用程式的需求及中斷進行調度。 甚至,本發明注意到在當前電腦系統1〇11〇4 上密碼運算之完成係與在微處理器中專用浮點單元 出現前浮點數學運算之完成是類似的。早期的浮點 運鼻係通過軟體實現,所以執行速度很慢。就像浮 點運舁一樣,通過軟體執行密碼運算是相當慢的。 隨著浮點技術的改進,浮點指令係提供在浮點共同 15 200536329 處理器上執行,同虎 ,、「J處理益執行浮點運算係比 的實現要快报多,當铁它★祕* 7/ 胺 田…、匕也增加了系統的成本。 樣地’今日密碼共同處理器係以擴展板或通過平行Linux) directly provides encryption / decryption services in the original encryption form, encryption application program interface and the like. However, there are still some shortcomings in computer encryption technology today. Please refer to the first figure directly to highlight and discuss these shortcomings below. Figure 1 is a block diagram of a computer encryption application today. 00, 12 200536329 describes a first computer workstation m, a second computer workstation 102, a network slot storage device, and a first computer workstation connected to the area ... 05. The router 107, or other (WAN) 110, such as the Internet, and a wireless network router, are connected to the local network 105 by an interface formed by the standard 802.u. A notebook computer 104 is connected to a wireless network router 108 using a wireless network. WAN 11 〇 Another important point: a second router 111 provides a third computer workstation ⑽ interface. As mentioned above, ‘today ’s users face multiple issues of computer information security during work. For example, under the control of today's multi-tasking operation system, a workstation 101 user can simultaneously complete several tasks, each of which requires a password operation. Workstation I " The user needs to perform encryption / encryption application 112 (such as the ministry or by the operating system) has stored the zone file on the network slot storage device. While the file is being stored, the user can send an encrypted message to the second user at the second computer workstation 102: he also needs to execute the encryption / decryption application 11 2. Plus: The message can be instant (such as an instant message) or non-instant (such as a sub-mail). In addition, the user can also access or provide his / her final number 200536329 (such as credit card number, financial transfer, etc.) or other forms of sensitive data from the third computer workstation 3) via the wide area network 110. When leaving the company and entering any one of the drought-separating resources on the local area network 105, 101, 102, 106, 107, 108, 109 workstation 101, the user using the third computer workstation 103 can use a computer or Back off the computer 103. Each of the foregoing actions requires an example consistent with the execution of the encryption / decryption application 112. In addition, the wireless network 1 09 is now routinely provided in coffee shops, airports, schools, and other public places. Therefore, the user of the laptop 104 can encrypt and decrypt both his / her message transmission / reception, and other information. The user immediately needs to encrypt or decrypt all messages via the wireless network to the wireless network router 108. Those skilled in the art can understand that each of the above activities requires an encryption operation on the station 1 0 1 1 04, and accordingly there is a need to perform an immediate encryption / decryption review in the application 112. Therefore, at the end of the month 101-104 make a cow-work ν can complete hundreds of encryption operations at the same time no matter what, Cun Bian _ ^ in some computer systems 101-104 at least one or more workers That is, the encryption / decryption application program ι12 and the encryption operation method u complete a a, "system. For example, it is slow to execute through a software process. Each plus and minus completes the same function through the hardware. The program U2 all needs — segment 200536329 time 'and the current q running on the computer 1G1 — 1G4 may have to be suspended during this period, and the encryption operation (such as plaintext, ciphertext, mode, gold_) parameters must pass the operating system To the encryption / decryption application program 112, perform the encryption operation. And because the encryption operation must include special group data several times, the encryption / decryption application #presentation (112) execution includes the execution of multiple computer extensions; The operating speed has an adverse effect. For example, ——: As far as a skilled technician can perceive, sending a small encrypted e-mail in Micr〇s〇ft⑧〇 100 will be better than sending a Unencrypted e-mail is 5 times slower. In addition, the limitations of the current technology are caused by delays in operating system interference. Most applications do not provide integer surplus generation or encryption / decryption components. They implement operating system components or Embedded applications are used to complete these tasks. The operating system is scheduled according to the needs and interruptions of other running applications. Furthermore, the present invention notes that the completion of cryptographic operations on the current computer system 1011104 is related to the The completion of floating-point mathematical operations before the appearance of the special-purpose floating-point unit in the microprocessor is similar. The early floating-point nose was implemented by software, so the execution speed was very slow. Just like floating-point operations, passwords are executed by software. The operation is quite slow. With the improvement of floating-point technology, floating-point instructions are provided for execution on a common floating-point processor. 200536329 With Tiger, "J processing is faster than implementation of floating-point operations. When iron it ★ Secret * 7 / amine field ..., dagger also increases the cost of the system. Samples' Today's code coprocessor is an expansion board or through parallel

埠或其它週邊介面(如丨 T USB )連接到主處理器之 部设備的形式。j£间虔田 八 里益§然使得密碼運算的勃 行比純軟體的實現要快。 1一⑴碼共同處理器給系 配置增加了成本,他需要額外的電源、而且降低二 :::可:性。由於資料通路不像主微處理器那樣 ^個模組上’所以密碼共同處 易被監聽。 %、门處理順行乃更 因此,本發明了解到人們需要在今日的微處理 個專門的密碼硬體,這樣需要密碼運算的 應用耘式可以直接經由一 保早獨的、U畨碼指令指 不镟處理器執行該密碼運算。 功能,減少對作广明也提供這樣的 沪人〜 業糸、,先的干涉和管理。並且該密碼 才曰令农好能夠在應用程式 特#級加以使用,指定 之毪碼硬體能夠盘者箭、、六— 密” 器相容。同時 在碼硬體和相關密碼指 ^ ^ 曰7晋杈仏與先刖作業系統和 式的相谷的方式。s主要 運算之梦署4 + i 種執仃始、碼 …和方法,使有效抵禦 能支援多種密碼演算法,支,“ 夂後對在其中貫施的特殊 16 200536329 密碼演算法進行驗證和測試,允許用戶提供的金鑰 和自仃產日生的金鑰’支援多重的資料塊大小和金鑰 長度’提供可編程的區塊加密/解密模式,即如 ⑽、CBC、CFB和_等’並且在使用上述可編程 品鬼力山/解雄、扠式時能夠對大量資料塊高效執行 區塊密碼功能。 【發明内容】 本發明係用以解決習知技術的上述以及盆他 的問題和缺點。本發明提供一種較好的技術使:微 處理器内執行密碼運算。 在一個實施例中,係在一微處理器内提供用以 完成:碼運算的裝£。該裝置包括一密碼指令電 路逸馬區塊串列區塊指標邏輯電路和執行邏輯電 路。抢碼指令電路所提供之密碼指令,係透過計算 裝置以接收’並作為在計算震置上所執行指令流的 '^刀&碼指令也規定了—種密碼運算。密碼運 算包括複數個密碼區塊串列區塊密碼運算,而這些 密碼區塊串列區堍笫 J匕尾在碼運异則係在相對應的複數個 輸入内文區塊中被處理。密碼區塊串列區塊指標邏 輯電路和密碼指合雪 曰7電路係結合在一起。該密碼區塊 17 200536329 串列區塊指標邏輯電路指示計算 卜 I开衣置更新指標暫存 器及每一個複數個密碼區塊串 儿中Μ Ih£塊密碼運算的中 間結果。執行邏輯電路和密碼 。 ^ 1 ^現爭列區塊指標邏 輯電路係相互結合,執行邏輯- 科电路則執仃一條密碼 指令。 本發明另一實施例為一種執行密碼運算的裝 置’該裝置包括一内嵌在—設備中的密碼單元和密 ❹塊串列區塊指標邏輯電路。密碼單㈣收到的 指令流中指定了—條密碼運算的密碼指令作出回應 並執行-種密碼運算,此密碼運算包純個密碼區 塊串列區塊密碼運算。而密碼區塊串列區塊密碼運 异則於所對應之數個輸人内文區塊中被處理。密碼 Q塊串列區塊指標邏輯電路和密碼單元結合在一 起密碼區塊串列區塊指標邏輯電路指示該設備更 新指標暫存器之内容’並暫存每一個密碼區塊串列 區塊密碼運算的結果。 本發明又一實你也丨炎 ^ , 碼運算的方法。該方、”括广設備内執行密 # — 褒方法包括回應收到的密碼指令並 仃:種密碼運算,其尹密碼指令係規定了 一種密 ^運算’而該執行包括完成數財相對應數個輸入 文子區塊令之密碼區塊串列模式區塊運算。該方法 200536329 還包括將一個當前輸入文字區塊寫到一個初始化向 置的位置,以使在下一個輸入文字區塊的下一個密 碼區塊串列模式區塊運算,使用當前輸入文字區塊 作為一個等效的初始化向量。 【實施方式】 以下所述為應用習知技術而製造或使用文中 特定應用及需求之本發明所列舉之例子。然而,實 施例中所提及之各種修改係用於彰顯與習知技術之 不同處,此一般原則可應用於其他實施例中。因此, 本發明並非限定於特定實施例。 有鑑於上述關於密碼程序之技術背景及當今 電腦系統所使用將資料加密及解密之相關技術,我 :門將參照目2來繼續探討這些技術及其限制。接 著,將參照圖3 - 14繼續討論本發明。 、請看圖2’ 一方塊圖2〇〇描述了在上述當代電 腦系統上完成密碼運算的技術。方塊圖2〇〇包括一 個微處理器201’其係從一個應用程式對應 記憶體中’被稱作應用記憶體2〇3的一部份、 :::和存取資料。程式的控制和從該 體203存取諸是由駐留在1統記憶體中已 200536329 保護的區域内之作業系統202管理。如上述1二八 如果-個正在執行的應用程式(例如一電子信:程 式或一檔案儲存程式)需要執行—個密碼運算,正 在執行的應用程式即必須指使微處理器2〇1執行特 定數量的指令才能完成密碼運算。這些指令也許就 是該正在執行應用程式部份的一個子程式,它們也 可能是鏈結到該正在執行應用程式的内嵌程式,也Port or other peripheral interface (such as 丨 T USB) connected to the host processor's external device. j £ jian Qiantian Eight Miles§ of course makes cryptographic operations more robust than pure software implementations. A 1-code coprocessor adds cost to the system configuration, it requires additional power, and reduces the 2 ::::: ability. Since the data path is not on the same module as the main microprocessor, the common password is easily monitored. The door processing is more straightforward. Therefore, the present invention understands that people need to process a special cryptographic hardware today. In this way, applications that require cryptographic calculations can directly pass an early-warning, unique U 畨 code instruction. The processor performs the cryptographic operation. Function to reduce the interference and management of the work of Guangming, which also provides such Shanghai people ~ And this password is only allowed for Nonghao to be used in the application special level. The specified code hardware can be compatible with the arrow and the password. At the same time, the code hardware and the related password refer to ^ ^ 7 The way that the system is in the same way as the previous operating system. The main operation of the dream department is 4 + i kinds of execution start codes, codes, and methods, so that effective defense can support a variety of cryptographic algorithms, support, "夂After verifying and testing the special 16 200536329 cryptographic algorithm implemented in it, it allows users to provide keys and self-produced daily keys 'support multiple data block sizes and key lengths' to provide programmable blocks Encryption / decryption modes, such as ⑽, CBC, CFB, and _, etc., and can efficiently perform block cipher functions on a large number of data blocks when using the above-mentioned programmable products Giriyama / Uniong, Fork. [Summary of the Invention] The present invention is to solve the above-mentioned problems and disadvantages of the conventional technology. The present invention provides a better technique for enabling cryptographic operations to be performed in a microprocessor. In one embodiment, a microprocessor is provided for performing: code operations. The device includes a cryptographic instruction circuit, the Yima block serial block index logic circuit, and an execution logic circuit. The cryptographic instruction provided by the code grabbing instruction circuit is received through a computing device and used as a command stream for the execution of the computation on the computing device. The code command also specifies a cryptographic operation. Cryptographic operation includes a plurality of cipher block serial block block cipher operations, and these cipher block serial blocks 堍 笫 J dagger tails are processed in the corresponding plurality of input text blocks. Cryptographic block serial block indicator logic circuit and cipher finger Hexue 7 circuit are combined together. The cipher block 17 200536329 indicates the calculation of the serial block index logic circuit. The intermediate result of the M Ih £ block cipher operation in the open register update index register and each of the plurality of cipher block strings. Implement logic circuits and passwords. ^ 1 ^ The logic circuits of the current block index are combined with each other, and the execution logic-branch circuit executes a password instruction. Another embodiment of the present invention is a device for performing a cryptographic operation. The device includes a cryptographic unit and a cryptographic block serial block index logic circuit embedded in the device. Cryptographic note: In the instruction stream received, a cryptographic instruction for cryptographic operation is specified to respond and execute a kind of cryptographic operation. This cryptographic operation package is purely a cipher block block string block block cipher operation. The password block serial block password operation is processed in the corresponding input text blocks. The combination of the password Q block serial block indicator logic circuit and the crypto unit is combined with the password block serial block indicator logic circuit to instruct the device to update the contents of the index register and temporarily store each password block serial block password. The result of the operation. Another embodiment of the present invention is also a method of code calculation. The party and the “encryption device” execute the secret code — the method includes responding to the received cryptographic command and: a cryptographic operation whose cryptographic instruction specifies a cryptographic operation, and the execution includes the completion of a corresponding number of transactions. Password block serial mode block operation for each input text sub-block. The method 200536329 also includes writing a current input text block to an initial orientation position so that the next password in the next input text block Block tandem mode block operation, using the current input text block as an equivalent initialization vector. [Embodiment] The following describes the application of the conventional technology to manufacture or use the specific applications and requirements of the present invention enumerated Examples. However, the various modifications mentioned in the embodiments are used to highlight the differences from the conventional technology. This general principle can be applied to other embodiments. Therefore, the present invention is not limited to specific embodiments. In view of the above Regarding the technical background of cryptographic procedures and related technologies used to encrypt and decrypt data in today's computer systems, I: goalkeeper refer to heading 2 Continue to explore these technologies and their limitations. Next, continue to discuss the present invention with reference to Figs. 3-14. Please see Fig. 2 '-A block diagram 200 describes a technique for performing cryptographic operations on the above-mentioned contemporary computer system. Block diagram 2 〇〇 Includes a microprocessor 201 'which is from an application corresponding memory' is called a part of the application memory 203, :::, and accesses data. Program control and access from this body 203 The accesses are managed by the operating system 202 residing in the area protected by 200536329 in the unified memory. As mentioned above, one or two if-a running application (such as an e-mail: program or a file storage program) A cryptographic operation needs to be performed. The running application must instruct the microprocessor 201 to execute a certain number of instructions to complete the cryptographic operation. These instructions may be a subroutine of the application program that is being executed. They may also Is an embedded program linked to that running application, and

可能是該作業系統2〇2所提供的服務。不管它們的 結合,一個熟悉該項技術之人將了解這些指令將駐 留在一些指定的或是已分配的記憶體區域中。基於 纣卿的目的,这些儲存區域將會被揭示在該應用記 憶體203中,及包含一個密碼金鑰產生程式2〇4,It may be a service provided by the operating system 202. Regardless of their combination, a person familiar with the technology will understand that these instructions will reside in some designated or allocated memory area. For the purpose of Yun Qing, these storage areas will be revealed in the application memory 203, and include a cryptographic key generation program 204,

其可產生或接收一個密碼金鑰並可將該金鑰擴展成 為一金鑰目錄205以供密碼回合運算使用。對於多 區塊的加密運算’一區塊加密程式2〇6將被引動。 該加密程式206執行可存取多個區塊的指令,多個 區塊包含明文區塊210、金鑰目錄205、諸如模式、 金鑰目錄的位置等更為詳細加密運算的密碼參數 209。如果指定的模式需要,一個初始化向量Mg 也會藉由加谘程式206來存取。加密程式2〇6執行 攻些指令使產生相關的密文區塊211。同樣地,為 20 200536329 了執行區塊解密運算,* η π 7 ^ 而 動 區塊解密藉4*、 2〇7。%岔程式2〇7 転式 多個區塊包含密文二::多個區塊之指令, 細解密運算的密碼來數金二目錄2°5'更為詳 山要文ZU9,如果模式雲 始化向量208也合被在敌、式而要,一初 指令以產^胃存取。解岔程式207執行這些 ^產生相對應的明文區塊210。 值得注意的是需要執行特定數量的指八,、 生密碼金鑰和加密或解密 7以產 規範包含了許 :予£塊。上述的nps 量m 使得需確定的指令數 :::被估計出來。因此,-個熟悉該項技術之人 通曉需要上百個指令完成—個簡 1之人 算,其中每個指令都要!^由計审 4加密運 处一、 丨资猎由镟處理器201執行,才 月匕完成所需的密碼運算。隹 令來Hr 來說,執行這些指 一個⑨碼運算,對於當前正在執行應用程 式的主要目的(如播案管理,即時消 ,案存取、信用卡交易)來說是多餘的運:。’ :此’當前正在執行應用程式的用戶感覺到當前所 ::程式之完成並沒有有效率。在獨立的或内嵌的 加街及解密程式2〇6、m的情況下,啟動和管理亡 些程式206、207也要受到作業系統2〇2的其他带 所支配,諸如支持中斷、異常 而乂 、 及心化問題的事件 200536329 等。再者,對於在—電腦系統上所需求的每 之密碼運算,藉+ 9 n / 。 K丁 ’連-I式 204、206、207 的一例子η 分開配置於記憶體2〇3中。 疋'、 ^ Β 卻上所述,可以預期 的疋’要求由一微處理 ZU 1並仃之密碼運管盤 目,將會隨著時間持續增加。運算運# “ 本發明之發明人注意到了這些問題 腦糸統密碼技術的局限,更確認了提供在…: 程式;遲之微處理器中,執行密碼^算 一:方法之需求。運算因此,本發明於此提供 U處理器’經由專屬之密碼單元,執行密碼運算 :!置及相關的方法。當啟動密碼單元時,以經由 照 早⑧碼指令之程式化執行密碼運算。 圖3 -1 2討論本發明。It can generate or receive a cryptographic key and can expand the key into a key directory 205 for use in crypto round operations. For multi-block encryption operations, a one-block encryption program 206 will be triggered. The encryption program 206 executes instructions that can access multiple blocks. The multiple blocks include a plaintext block 210, a key directory 205, and more detailed cryptographic parameters 209 such as the mode and the location of the key directory. If required by the specified mode, an initialization vector Mg will also be accessed by the application program 206. The encryption program 206 executes some instructions to generate the relevant ciphertext block 211. Similarly, the block decryption operation is performed for 20 200536329, * η π 7 ^ and the block decryption borrows 4 *, 207. % Fork program 207 転 multiple blocks contain cipher text 2 :: instructions for multiple blocks, the password for the fine decryption operation counts to the second directory 2 ° 5 'more detailed mountain text ZU9, if the model cloud The initialization vector 208 is also required in combination with the enemy, and is initially instructed to access the stomach. The branching program 207 executes these ^ to generate a corresponding plaintext block 210. It is worth noting that a specific number of fingerprints, cryptographic keys, and encryption or decryption need to be performed. The production specification includes a promise: a block of ££. The above-mentioned nps quantity m makes the number of instructions to be determined ::: estimated. Therefore, a person familiar with the technology needs hundreds of instructions to complete-a person of Jane 1 counts, each of them must! ^ Accounting and Auditing 4 Cryptographic Operations Department 1. The asset hunting is performed by the processor 201, and then the required cryptographic operations are completed. H For Hr, performing these operations is a code operation, which is redundant for the main purpose of the application currently being executed (such as case management, instant messaging, case access, credit card transactions). ‘: This’ The user currently running the application feels that the completion of the current :: program is not efficient. In the case of independent or embedded encryption and decryption programs 206, m, starting and managing these programs 206, 207 are also subject to other bands of the operating system 202, such as support for interrupts, exceptions and乂, and the events of mentalization 200536329 and so on. Furthermore, for every cryptographic operation required on a computer system, borrow + 9 n /. An example of the K-L'-I formula 204, 206, and 207 is separately arranged in the memory 203.疋 ', ^ Β However, as mentioned above, it can be expected that 疋 ’requires a micro-processing of ZU 1 and passwords to manage the inventory, which will continue to increase over time.算 运 # "The inventor of the present invention noticed these problems and the limitations of the system's cryptographic technology, and confirmed that it is provided in :: programs; later in the microprocessor, execute the password ^ one: method requirements. The operation, therefore, The present invention provides a U-processor 'to perform cryptographic operations via a dedicated cryptographic unit:! Setup and related methods. When the cryptographic unit is activated, the cryptographic operations are performed programmatically via early coding instructions. Figure 3 -1 2 Discuss the present invention.

m 〇 λ ^..... /m 〇 λ ^ ..... /

>團3,一方塊圖3〇〇描述了 一個依據本發 執行岔碼運异的微處理器裝置。方塊圖3 0 0描述 、個彳放處理态3 01,其係通過一記憶體匯流排31 9 ,到一系統記憶體321上。微處理器3〇1包括從一 7暫存為302接收指令的轉譯邏輯電路3〇3。轉 =邏輯電路303可以是邏輯電路、裝置或微碼(即 ^ ^令或本地指令)、或是一個邏輯電路、裝置或微 碼之組合’或是能夠轉譯指令到相關微指令序列的 22 200536329 等效元件。在榦缚、r w續輯電路303中所執行轉譯的元 件可能被其他的雷敉 f的兀 器301内執行其他% 在U處理 碼是一個術語,t矣-L 7 u ^ 表不大量的微指令。一微指令(或 ,“地指:)是-個執行單元級別的指令。例如, …曰7由精簡&令集電腦微處理器直接執行。對於 一個複雜指令集雷脱辦+ m 、 口口 冤月自彳政處理器,諸如一 X86相容微> Mission 3, a block diagram 300 depicts a microprocessor device that executes a fork code operation in accordance with the present invention. The block diagram 3 0 0 describes an individual processing state 3 01, which is transmitted to a system memory 321 through a memory bus 31 9. The microprocessor 301 includes a translation logic circuit 303 that receives instructions from a 7 temporarily stored as 302. Translation = logic circuit 303 can be a logic circuit, device, or microcode (ie, ^ ^ order or local instruction), or a combination of logic circuit, device, or microcode 'or can translate instructions to the relevant microinstruction sequence 22 200536329 Equivalent component. The elements that are translated in the dry-bound, rw sequel circuit 303 may be executed by other elements 301 in the thunder circuit. In U processing code is a term, t 矣 -L 7 u ^ means a large number of micro instruction. A microinstruction (or, "ground means :) is an instruction at the execution unit level. For example, ... 7 is executed directly by the streamlined & order set computer microprocessor. For a complex set of instructions, + +, 口Wrongful month self-policing processors, such as an X86 compatible micro

處理x86指令會被轉譯成相關的微指令,而這 U才"可以在複雜指令集電腦微處理器内由至少 /個早兀直接執行。轉譯邏輯電路3G3係連接到一 仔歹"04上’微指令佇列3。4有數個微指令 入口 3〇5、306。微指令由微指令佇列304提供給包 括暫存為組307的暫存器階段邏輯電路。暫存器 =307係具有複數個暫存器3〇8 — 313,且這些暫二 為的内谷係在執行一個指定❸密碼運算前即被建 立。暫存器308-3 1 2指向記憶體321中的相應位置 32 3 327,故裏存放著執行指定密碼運算所需的資 料。暫存器階段連接到载人邏輯電路314,其係連 接到用纟檢索完成指$密碼運算資料#資料快取 315。貪料快取315通過記憶體匯流排319連接到記 憶體321上。執行邏輯電路328和載入邏輯電路314 23 200536329 相接,並通過上一階段傳送下來的微指令執行指定 的運算。執行邏輯電路328係包含邏輯電路、裝置 或微碼(即微指令或本地指令)、或是—個邏輯電 路、裝置或微碼之組合,或是能通過提供給它的微 才"執行才曰定運异的等效元件。在執行邏輯電路 328中執行運算的元件可能被其他的電路、微碼等 所共用,即在微處理器斯内完成其他的功能。執 行邏輯電路328包括一個密碼單元316,密碼單元 316從載入邏輯電路314 運算所需的資料。奸八丄執仃'…碼 個於入々a ‘ 7驅動岔碼單元316在複數 :文子區塊326上執行指定的密碼運算,以生 包含邏輯電路/ 密碼單元316 令)、1 θ 4置或微碼(即微指令或本地指 是1:::個邏輯電路、裝置或微瑪之聯合體,或 疋此執仃畨碼運算的等 執行密碼運曾的-批 在费碼單元316中 運#的7L件可能被1 共用,即 此被/、他的電路、微碼等所 17在微處理器301内 實施例中 〜成其他的功能。在- 他執行單元^早凡316和執行邏輯電a 328的其 並行執行圖下)’諸如整數單元、浮點單元等, 係包含邏輯電跋發明砣圍中—“單元,,的一實施例 電路、裝置或微碼(即微指令或本地指 24 令)、或是-個邏輯電路、 是能執行指定運曾 π碼之聯合體,或 -個特殊單元上二Γ功能的等效元件。這些在 執仃指定運算或勃γ > 件,可能被其他的雷 订‘定功能的元 理請内執行:Γ、微碼等所共用,即在微處 施例中,-整能或運算。例如,在-個實 (即微指令或本地指 $路、1置或微碼 或微碼之組合,或:5疋—個邏輯電路、裝置Processing x86 instructions will be translated into related micro-instructions, which can be directly executed by at least one early processor in a complex instruction set computer microprocessor. The translation logic circuit 3G3 is connected to a micro-instruction queue 3. on the "04". There are several micro-instruction entries 305,306. The micro-instructions are provided by the micro-instruction queue 304 to the register stage logic circuit which is temporarily stored as a group 307. Register = 307 has a plurality of registers 3008 — 313, and these temporary inner valley systems are established before performing a specified ❸ cryptographic operation. The register 308-3 1 2 points to the corresponding location 32 3 327 in the memory 321, and the homepage stores the data required to perform the specified cryptographic operation. The register stage is connected to the manned logic circuit 314, and it is connected to the data retrieval cache 315, which is the completion of $ password calculation data #. The greed cache 315 is connected to the memory 321 through the memory bus 319. The execution logic circuit 328 is connected to the load logic circuit 314 23 200536329, and executes the specified operation by the micro instruction transmitted from the previous stage. The execution logic circuit 328 includes a logic circuit, a device, or a microcode (that is, a microinstruction or a local instruction), or a combination of a logic circuit, a device, or a microcode, or a microcapacitor provided to it. Said to be the equivalent component of different shipments. The elements that perform operations in the execution logic circuit 328 may be shared by other circuits, microcode, etc., that is, perform other functions in the microprocessor. The execution logic circuit 328 includes a cipher unit 316, and the cipher unit 316 loads data required for the operation from the load logic circuit 314.丄 八 丄 丄… 码 码 于 于 々 a 7 7 to drive the fork code unit 316 to perform the specified cryptographic operation on the plural: sub-block 326 to generate a logic circuit / password unit 316), 1 θ 4 set Or microcode (that is, microinstruction or local refers to a combination of 1 ::: logic circuits, devices, or microma, or any code that performs code operations, etc.)-batches are shipped in fee code unit 316 The 7L pieces of # may be shared by 1, that is, by /, his circuit, microcode, etc. 17 in the embodiment of the microprocessor 301 ~ into other functions. In-his execution unit ^ Zaofan 316 and execution logic An a 328 of its parallel execution diagram below) 'such as integer units, floating-point units, etc., which contains the logic of the electronic circuit invention-"unit," an embodiment of a circuit, device, or microcode (that is, microinstruction or local Refers to 24 orders), or a logic circuit, a combination capable of performing the specified operation π code, or an equivalent element of the two Γ functions on a special unit. These are performed in the specified operation or γ > , May be executed by other elements of Thunder ’s fixed function: Γ, microcode, etc. Common, that is, in the micro embodiment,-integrator or operation. For example, in a real (that is, a micro-instruction or local means $ way, a set or a combination of micro-code or micro-code, or: 5 疋 a logic Circuit, device

-浮點單元包含邏::π:指令的等效元件。 或本地指令)、或是=輯裝置或微,(即微指令 合,Mr#… 路U或微碼之組 次疋-執仃洋點指令的等 内執行整數指令的元件孫亦、 在正數早兀 即在、、拿毀„ _ '、σ以共用電路、微碼等, Ρ在/予點早元内執行 -實施例中,Μ單:在相容χδ6體系的 16和—χ86的整數單元、-The floating point unit contains the equivalent element of the logic :: π: instruction. Or a local instruction), or a device or micro, ie, a combination of micro-instructions, Mr # ... a U or microcode group, a component that executes an integer instruction within a sequence of foreign points, etc. Early, that is, destroy, _ _, σ to share the circuit, microcode, etc., P is executed in the early point of /-in the embodiment, M single: in the χδ6 system compatible 16 and χ86 integers unit,

/予點早兀、一 χδ6的多媒體延伸單元和一 串流延伸單元並行執行。根據本發明,一相 體系的實施例是指這個實施例能夠正確地執 ::多數設計用來在一 χδ6微處理器上執行的應用 孝、> 果传到-個正確結果,應用程式能被正準 確地被執行。可供選擇的χδ6相容實施例期望密瑪 早兀與上述所提到χ86執行單元的—個子集並行執 25 200536329 行在碼單元316連接到儲存邏輯電路317上,並 提供相對應複數個輸出文字區塊327。儲存邏輯電 路317也連接到資料快取犯, 塊327發送到系統記憶體321處以供儲存。儲^ 輯電路31 7係連接到寫回邏輯電路3 m。當指定 的密碼運算完成,寫回邏輯電路318將更新暫^哭 組307令的暫存器勝313。在一個實施例中^ 指令係與一時脈信號(未圖示)同步,流經每一個 上述的邏輯階段 3〇2、3〇3、304、307、314、316_318, 這樣’這些運算就可以並行執行,就像-條裝配線 一樣0 ^糸統記憶體321 _,—應用程式需要指定之 进碼運鼻’且可經由一個單一密碼指令322,指示 ^處理益3G1去執行密碼運算。在此以-密碼 (XCRYPT)指令作為範例說明。在—複雜指令华電 腦實施例中,密碼指令322包含一指 的指令。在精簡指令集電腦實施例卜 = …指定-密碼運算的微指令。在—實二, ㈣指令把利用現有指令集架構中多餘的或未用 的如令編碼。在—χ86相容的實施例中,密碼指令 322為―冑4位元組的指令,其係包含Χ86重複 26 200536329 (REP)前置(即〇xF3),接著2位 遂曾牌r A 70、、且未用的x86 運开馬(例如〇x〇FA7),再加上j 在勃杆一社… 位70組,其指定 才曰疋密碼運算時使用的一 式。在一他康 特疋&塊密碼模 大在個實施例中,依據本發明密 以在提供认庵 曰7 了 應心式的糸統許可權級下執行,並因 此此在一應用程式或在一 下,端宜卞系系統32〇的控制之 ::寫到程式指令流裏使提供給微處理器斯。/ Yu Dianwu, a χδ6 multimedia extension unit and a stream extension unit are executed in parallel. According to the present invention, the one-phase system embodiment means that this embodiment can execute correctly: most applications designed to be executed on a χδ6 microprocessor, > if the result reaches a correct result, the application program can It is executed exactly. The alternative χδ6 compatible embodiment expects that Mima executes in parallel with a subset of the above-mentioned χ86 execution units. 25 200536329 The code unit 316 is connected to the storage logic circuit 317, and a corresponding plurality are provided. Output text block 327. The storage logic circuit 317 is also connected to the data cache, and block 327 is sent to the system memory 321 for storage. The storage circuit 31 7 is connected to the write-back logic circuit 3 m. When the specified cryptographic operation is completed, the write-back logic circuit 318 will update the register 307 of the temporary buffer group 307 to win. In one embodiment, the ^ instruction is synchronized with a clock signal (not shown) and flows through each of the above-mentioned logical stages 3202, 303, 304, 307, 314, 316_318, so that 'these operations can be parallel Execute, just like-assembly line 0 ^ system memory 321 _,-the application needs to specify the code to run the nose and can pass a single password instruction 322 to instruct ^ processing 3G1 to perform cryptographic operations. Take the -Cryptography (XCRYPT) command as an example. In the embodiment of the complex instruction Huadian, the cryptographic instruction 322 includes an instruction of one finger. In the reduced instruction set computer embodiment, the micro-instructions of ... designation-cryptographic operation are used. In the second case, the ㈣ instruction encodes redundant or unused instructions in the existing instruction set architecture. In the -χ86 compatible embodiment, the cryptographic instruction 322 is a "胄 4-byte instruction, which contains an χ86 repeat 26 200536329 (REP) preamble (that is, 0xF3), followed by 2 succeeded cards r A 70 , And unused x86 running horses (for example, 0x〇FA7), plus j in Bo Bol Yisha ... a group of 70, which specifies the formula used in cryptographic calculations. In one embodiment of the Tektronix & Block Cryptographic Module, in accordance with the present invention, it is executed under the system permission level that provides authentication, and therefore an application or In the following, the end of the system should be controlled by the system 32: write to the program instruction stream to provide to the microprocessor.

干代2以㈣碼運算係只需—密碼指令您指 3二為30卜适樣,運算的完成對於作業系統 3 20末况將完全是透明化的。It only needs to use the code calculation system in Qiandai 2—the password command you refer to 3 is 30. The completion of the calculation will be completely transparent to the operating system.

μ運算時,作業系統320係引動一個應用程式使 在U處理器30丨上執行,在執行該應用程式期間, 作為指令流的-部分,-密碼指令322係由記憶體 3八21提供給擷取邏輯電路3〇2。然而,在執行密碼指 令322之前,在程式流中的指令指示該微處理= 30卜以初始化暫存器308-31 2的内容,以致將其指 向在記憶體321中的位置323-327,這些位置包^ 一密碼控制字元323、一初始密碼金鑰324或—金 鑰目錄324、一初始化向量325 (如果需要的話), 供運算之輸入文字326和輸出文字327。在執行您 碼指令322之前需初始化暫存器308_312,因為^ 27 200536329 碼指令322需指示暫存器3〇8 — 312與一附加暫存器 31 3,所以在執行密碼指令3 2 2之前需初始化暫存器 308-3]2,而附加暫存器313包含一區塊計數,其為 在輸入文字326中-些被加密或解密的資料區塊。 這樣’轉譯邏輯電路3G3從擷取邏輯電路咖榻取 到密碼指令’及將其轉譯至一相對應於微指令序 列,以指示微處理器3〇1執行指定之密碼運瞀。運 算一在相對應於微指令電路系列之第一複數:微指 令電路305-306’特別指示密碼單元316載入由載 入邏輯電路314提供之資料,即開始執行已指定密 碼回合之數量,以產生一相對應之輪出資料區塊, ❿ 及提供㈣應之輸出資料區塊至儲存邏輯電路 317’俾經由資料快取315將其儲存在記憶體321 之輸出文字327。在相對應於微指令之序列内,一 第二複數微指令(未繪示)才旨示在微處理器301内 之其他執行單元’執行其他必須之運算,以完成指 定之密碼運算’例如管理無架構暫存器(未緣示), =含暫時結果及計數器,更新輪入及輸出指示器 子為31卜312,及在—輪入文》326的加密/解密 後’更新初始向量指標暫存_ 31〇(如果需要的 洁),處理中斷搁置等等。在—實施例中,暫存哭 28 200536329 308-31 3為結構性暫存器。一結構性暫存器3〇8 3i3 定義為在用於特殊微處理器之指令集架構 (instruction set architecture, ISA)内的一暫存 器。 運鼻在一個實施例中,密碼單元316係被分為 數個階段,藉此允許管線化連續輸入文字326。 圖3之方塊圖300係提供本發明之必要元件, 也因此,在微處理器301内之多數邏輯電路,為了 清楚明瞭,因而於方塊圖3〇〇省略。然而一熟習此 技藝之人士將會理解,微處理器3〇ι依據特定實 施,包含許多階段及邏輯元件,為了清楚明瞭,將 其聚集起來。例如,哉λ、鹿站^ J 載入邏輯電路314可以實施一 位址產生階段,賢垃| 緊接者一快取介面階段,接 取線對準階段。然而重 、 數個輸入文字326上之—完整的 月在稷 發明係被指示經由一單— ’、、#依據本 a帝々— 密碼指♦ 322,其密碼指 々電路之遂、碼運算口老胃 开/、考篁到作業系統320,及苴密 碼指令電路之執行經由—京 八 _ ^ 寻屬之抢碼早兀31 6,在 微處理器301内平行運曾— 在 〆— 建斤凡成。本發明專注之隹點 係密碼單元31 6之s 〜 、點 貫施例,類似於幾年年前, 在一微處理器令專屬浮 鸯U早το硬體之實施組態。 29 200536329 碼單元31 6及相關之密碼指令322之運算,係完全 與同時之舊有作業系統320和應用相容,將在以下 做更詳細之說明。 現在參照圖4, 一示意圖係顯示—依據本發明 之微密碼指令400的實施例。微密碼指令包含 一可選擇性前置欄位401,其後緊接著一重複前置 攔位402’之後又接著一運算碼攔位4〇3,而後緊接 著一區塊密碼模式攔位404。在一實施例中,這些 攔位401-404之内容與x86指令集架構相符合。其 他之實施例普遍與其他指令集架構相容。 八 運算上’可選擇性前置攔位4〇1是用在許多指 令集架構,以致能或不致能一主微處理器某些處理 特性裝置,例如指示16_位元或32_位元運算,指示 處理或存取特定記憶片段等等。重複前置攔位4〇2 指示由微密碼指令電路·指定之密碼運算在複數 個輸入資料區塊上完成(亦即明文或密文)。重複前 置攔位402亦暗指—適合之微處理器,以使用複數 個木構性暫存态的内容’作為一在系統記憶體内位 置之指標,系統記憶體包含特定密碼運算之資料及 ^數。如上所述’在—χ86相容之實施例中,重複 則置攔位402之數值為〇xF3。而且,根據χ86的結 200536329 構協定,密碼指令與REP· M0VS之類的x86重覆串指 令相當類似。舉例而言,當執行本發明之與X 8 6相 容的微處理器實施例時,重複前置欄位指令指示儲 存在結構暫存器ECX中的區塊計算變數、儲存在暫 存器ESI中的來源位址指標(指出密碼運算所用的 輸入資料)以及儲存在暫存器ED I中的目的位址指 標(在記憶體中指出輸出資料區域)。在χ86相容的 實施例中’本發明使習知重覆串指令内容,更參照 鲁 儲存在暫存器EDX中的控制字元指標、儲存在暫存 器ΕΒΧ中的密碼金鑰指標、以及儲存在暫存器ΕΑχ 中的初始化向量之指標(若指定的晶片模式需要的 話)。運算碼攔位4〇3指定微處理器完成密碼運算, 其更指定於儲存在記憶體中的控制字元内,此記憔 體係透過控制字元指標指示。本發明計算出運算碼 攔位403之較佳選擇值以作為現存指令集架構内備^ 用或未用運算碼之一,以便保留舊有作業系統以及 應用軟體符合的微處理器之一致性。舉例而言,如 月’J所述,運算碼欄位4〇3施行數值〇x〇FA7,以指示 執行具體說明的密碼運算。區塊密碼模式攔位曰40丁4 指定特殊區塊密石馬模式,以在具體說明密碼運算期 間執行,如圖5所示。 # ’ 31 200536329 圖5繪示了一表500,此表500綠示了根據圖 4之電子結構的示範性區塊密碼模式攔位的數值。 數值0xC8指定密碼運算可藉由使用電子碼書式 (electronic code book,ECB)訊息模式而完成。數 值OxDO指定密碼運算可使用密碼區塊串列 (cipher block chaining,密碼區塊串列)而完 成。數值ΟχΕΟ指定密碼運算可使用密碼回饋模式 (cipher feedback, CFB)而完成。數值 〇χΕ8 指定密 碼運算可使用輸出回饋模式(〇utput feedback,〇fb) 而完成。區塊密碼模式攔位4〇4的所有其他值會被 保留。這些模式在前述的FIPS文字中有所描述。 接著,® 6緣示了一方塊圖,此方塊圖描述了 根據本發明之x86-相容微處理@ _中之密碼單元 H7。微處理器6〇〇包含擷取邏輯電路⑽卜擷取邏 輯電路601自,己憶體(未緣示)取得用以執行的結 構。擷取邏輯電路601連接至轉譯邏輯電路602。 轉譯邏輯電路602包含邏輯電路、元件或是微碼(換 5之,微結構或是本體結構)或者邏輯電路、元件、 組合,或者使用轉譯結構至微結構之相關 、序的專效元件。在轉譯邏輯電路602中執行轉釋 之兀件可與其他電路、微碼等所共享,這此電路、 32 200536329 微碼係用以在微處理器600中執行其他功能。轉譯 邏輯電路602包含轉譯器603、連接至微碼唯讀記 L體6 0 4的轉澤裔6 〇 3、以及連接至轉譯器6 3和 微碼唯讀記憶體604的密碼區塊串列區塊指標邏輯 電路640。中斷邏輯電路626透過匯流排連接 至轉#璉輯電路6〇2。多數軟體及硬體中斷訊號 糟由中斷邏輯電路626而處理,中斷邏輯電路626 指不將中斷傳送至轉譯邏輯電路 路-連接至微處理請之連續階段轉= 杰600包含一暫存器階段6〇5、定址階段6〇6、載入 階段607、執行階段6〇8、儲存階段618以及寫回階 & 619。連續階段中的每一個包含完成特定功能的 邏輯電路,這些特定功能與執行擷取邏輯電路6〇ι 提供的指令有關,且這些結構在圖3的微處理器中 以類似的名稱描述。圖6所描料χ8Μ目容實施例 之特色為在執行階段608中的執行邏輯電路咖, 執行階段608包含平行執行單元61〇、612 614、 616、617。一整數單元61〇自微指令仔列6〇9接收 整數微指令電路以執行。—浮點單元612自微指令 佇列61"妾收浮點微指令電路以執行。—多媒體延 伸集單元614自微指切列614接收多媒體延伸集 33 200536329 微指令以執行。-串流延伸集單元616自微指令仔 列615接收串流延伸集微指令以執During the μ operation, the operating system 320 causes an application program to be executed on the U processor 30. During the execution of the application program, as a part of the instruction stream, the -password instruction 322 is provided by the memory 3 8 21 Take the logic circuit 302. However, before the execution of the password instruction 322, the instruction in the program stream instructed the microprocessing = 30 to initialize the contents of the register 308-31 2 so as to point it to the locations 323-327 in the memory 321, these The location package ^ a cryptographic control character 323, an initial cryptographic key 324 or-a key directory 324, an initialization vector 325 (if necessary), input text 326 and output text 327 for operation. The register 308_312 needs to be initialized before executing your code instruction 322. Because ^ 27 200536329 the code instruction 322 needs to indicate the register 3 08 — 312 and an additional register 31 3, so it is necessary to execute the password instruction 3 2 2 The initial register 308-3] 2, and the additional register 313 contains a block count, which is a block of data encrypted or decrypted in the input text 326. In this way, the 'translation logic circuit 3G3 fetches the cryptographic instruction from the fetching logic circuit' and translates it to a sequence corresponding to the microinstructions to instruct the microprocessor 301 to execute the specified cryptographic operation. Operation one corresponds to the first complex number of the micro-instruction circuit series: the micro-instruction circuit 305-306 'specially instructs the crypto unit 316 to load the data provided by the load logic circuit 314, that is, the number of specified crypto rounds is started, and A corresponding rotating data block is generated, and the corresponding output data block is provided to the storage logic circuit 317 ', which is stored in the output text 327 of the memory 321 via the data cache 315. In the sequence corresponding to the microinstructions, a second plural microinstruction (not shown) is intended to be executed by the other execution units in the microprocessor 301 to perform other necessary operations to complete the specified cryptographic operation, such as management No architecture register (not shown), = Includes temporary results and counters, updates the turn-in and output indicators to 31 and 312, and updates the initial vector index after encryption / decryption in "Roll-in Article" 326. Store _ 31〇 (if needed cleaning), handle interrupt pending and so on. In the embodiment, the temporary cry 28 200536329 308-31 3 is a structural register. A structural register 3008 3i3 is defined as a register in an instruction set architecture (ISA) for a special microprocessor. In one embodiment, the cryptographic unit 316 is divided into several stages, thereby allowing pipelined continuous input of text 326. The block diagram 300 of FIG. 3 provides the necessary components of the present invention. Therefore, most of the logic circuits in the microprocessor 301 are omitted in the block diagram 300 for clarity. However, those skilled in the art will understand that the microprocessor 300 is composed of many stages and logic elements according to a specific implementation, and for clarity. For example, 哉 λ, deer station ^ J load logic circuit 314 may implement an address generation phase, followed by a cache interface phase and an access line alignment phase. However, on the basis of several input texts 326—the complete month in the invention is instructed via a single order— ',, #according to this a di々—the password refers to 322, and the password refers to the circuit and code calculation port Lao Wei Kai /, test the operating system 320, and the execution of the password instruction circuit-Beijing eight _ ^ find the code to grab the early Wu 31 6, in parallel in the microprocessor 301 Zeng-Zai-Jian Fan Cheng. The focus of the present invention is the implementation of the s ~~ points of the cipher unit 3116, similar to the implementation configuration of a microprocessor to make the exclusive floating hardware earlier than a few years ago. 29 200536329 The operation of the code unit 31 6 and the related cryptographic instruction 322 is completely compatible with the old operating system 320 and applications at the same time, which will be described in more detail below. Referring now to FIG. 4, a schematic diagram illustrates an embodiment of a micro-cryptographic instruction 400 according to the present invention. The microcode instruction includes an optional leading field 401, followed by a repeat leading field 402 ', followed by an opcode block 403, and then a block password mode block 404. In one embodiment, the contents of these blocks 401-404 are consistent with the x86 instruction set architecture. Other embodiments are generally compatible with other instruction set architectures. "Operational optional" pre-blocking 401 is used in many instruction set architectures to enable or disable certain processing characteristics of a main microprocessor, such as indicating 16_bit or 32_bit operations , Instructing to process or access specific memory segments, and more. Repeated pre-stop block 402 indicates that the cryptographic operation specified by the micro-crypto instruction circuit is completed on a plurality of input data blocks (that is, plain text or cipher text). Repeated pre-blocking 402 also implies that—a suitable microprocessor uses the content of a plurality of wooden temporary states as an indicator of the position in the system memory. The system memory contains data for specific cryptographic operations and ^ Number. As described above, in the -χ86 compatible embodiment, the value of the stop 402 is repeatedly set to 0xF3. Furthermore, according to the 200536329 structure agreement of χ86, the cryptographic instruction is quite similar to the x86 repeating instruction such as REP · MOVS. For example, when the X 8 6 compatible microprocessor embodiment of the present invention is executed, repeating the preceding field instruction instructs the block calculation variables stored in the structure register ECX and the register ESI The source address indicator in (indicates the input data used for cryptographic calculations) and the destination address indicator (in the memory indicates the output data area) stored in the register EDI. In the χ86 compatible embodiment, the present invention makes it known to repeat the contents of the instruction, referring more to the control character index stored in the register EDX, the cryptographic key index stored in the register EBX, and Index of the initialization vector stored in the register EAx (if required by the specified chip mode). The operation code block 403 specifies that the microprocessor completes the cryptographic operation, and it is also specified in the control characters stored in the memory. This record system indicates through the control character indicators. The present invention calculates a better selection value of the operation code block 403 as one of the reserved or unused operation codes in the existing instruction set architecture, so as to maintain the consistency of the microprocessors conforming to the old operating system and the application software. For example, as described in the month 'J, the opcode field 403 implements a value of 0x0FA7 to instruct the cryptographic operation to be performed as specified. The block password mode block is 40-40. A special block dense stone horse mode is specified to execute during the specific cryptographic calculation, as shown in Figure 5. # ’31 200536329 FIG. 5 shows a table 500, which shows the values of exemplary block cipher mode blocks according to the electronic structure of FIG. 4 in green. A value of 0xC8 specifies that cryptographic operations can be accomplished by using an electronic code book (ECB) message mode. The value OxDO specifies that the cipher operation can be completed using cipher block chaining (cipher block chaining). The value ΟχΕΟ specifies that the cipher operation can be completed using cipher feedback (CFB). The value 〇χΕ8 specifies that the password operation can be completed using output feedback mode (〇utput feedback, 〇fb). All other values of block 404 in block cipher mode are retained. These modes are described in the aforementioned FIPS text. Next, ® 6 shows a block diagram that describes the cryptographic unit H7 in x86-compatible microprocessing @ _ in accordance with the present invention. The microprocessor 600 includes a retrieval logic circuit 601. The retrieval logic circuit 601 has a structure (not shown) to obtain a structure for execution. The fetch logic circuit 601 is connected to the translation logic circuit 602. The translation logic circuit 602 includes a logic circuit, an element or a microcode (in other words, a microstructure or an ontology structure) or a logic circuit, an element, a combination, or a related, ordered, special-effect element using the translation structure to the microstructure. The components that perform the interpretation in the translation logic circuit 602 may be shared with other circuits, microcode, etc. This circuit, 32 200536329 microcode is used to perform other functions in the microprocessor 600. The translation logic circuit 602 includes a translator 603, a translator 6 03 connected to the microcode read-only memory L 64, and a series of password blocks connected to the translator 63 and the microcode read-only memory 604. Block index logic circuit 640. The interrupt logic circuit 626 is connected to the switching circuit 602 via a bus. Most software and hardware interrupt signals are handled by the interrupt logic circuit 626. The interrupt logic circuit 626 means that the interrupt is not transmitted to the translation logic circuit.-Connected to the micro processor, the continuous phase is transferred = Jie 600 includes a register stage 6 〇5, addressing stage 606, loading stage 607, execution stage 608, storage stage 618, and write back stage & 619. Each of the successive stages contains logic circuits that perform specific functions related to the execution of instructions provided by the fetch logic circuit 60, and these structures are described under similar names in the microprocessor of FIG. The embodiment shown in FIG. 6 is characterized by an execution logic circuit in an execution phase 608. The execution phase 608 includes parallel execution units 61, 612, 614, 616, and 617. An integer unit 61 receives an integer micro-instruction circuit from the micro-instruction array 609 for execution. -The floating-point unit 612 receives the floating-point micro-instruction circuit from the micro-instruction queue 61 for execution. — The multimedia extension set unit 614 receives the multimedia extension set from the micro-finger slice 614 33 200536329 micro instruction for execution. -The stream extension set unit 616 receives the stream extension set micro instruction from the micro instruction array 615.

實施例中,密碼單元617透過載入匯流排 遲訊號621以及儲存匯流排622連接至串流延伸隹 單元616。密碼單元617分享了串流延伸集單元: «令许列615。在另-替代性實施例中,以類似 ;單元610、612和614的方式執行密碼單元Η? 之獨立平行運算。整數單元61〇連接至χ86旗標 (EFLAGS)暫存器624。旗標暫存器包含χ位元625, 其用以指示密碼運算是否在處理中。在一實施例 中,X位7L 625為排在χ86旗標暫存器624之第3〇 個位元。此外,整數單元61〇接收機械特定暫存器 6一28〜以鑑定Ε位元629之狀態位元629之狀態: :密碼單元617是否在微處理器600中呈現。整數 早元在特性控制暫存器630中接收一 D位元631, ^使密碼單元61 7致能或非致能。如圖3所示的微 处理态實施例301,圖6之微處理器600特別描述 些元件以清楚的表現x86_相容實施例的來龍 脈並清楚的聚集或刪除微處理器之其他元 头Q 在匕工 式、、 項技藝者可輕易知曉完成介面所需要的其他元 資料快取(未繪示)、匯流排介面單元(未緣 34 200536329 示)、時脈產生以及分配邏輯電路(未繪示)等等。 運算中,藉由擷取邏輯電路6〇1,從記憶體(未 緣示)取得指令電路並同步於時脈訊號(未緣示)提 供指令給轉譯邏輯電路602。轉譯邏輯電路602轉 譯每一指令電路至微指令電路的對應仔列,這些微 指令佇列同步於一時脈訊號’連續地被提供給微處 理器之隨後階段605-608、618和619。微指令序列 中的每-微指令電路指示子運算的執行,此子運算馨 需完成全面運算此全面運#藉由對應指令電路 而才日疋這些對應才日令可如底下的指令電路:藉由 定址階段_之位址的產生;整數單元61〇中之兩 相加運介碼’此整數單元61 〇係從暫存器階段6〇5 中的指定暫存器(未繪示)而獲得;儲存執行單元 ㈣、612、614、616、617之一所產生的結果,此 2存係藉由儲存階段618所執行。根據被轉譯的指 # T二轉譯邏輯電路602將使轉譯器6〇3直接產生微 扎π序列,或者獲得來自微碼唯讀記憶體6〇4的序 =,或者使轉譯器603直接產生序列的一部份並獲 知來自微碼唯讀記憶體604的現存序列部份。微指 7與時脈訊號同步透過隨後階段6〇5_6〇8、618和 619而相繼進行。在微指令到達執行階段6〇8時, 35 200536329 他們與其運算碼以及被指定的執行單元61〇、6i2、 614、616、617(在暫存器階段6〇5中自暫存器取得, 或者被位址階段606中的邏輯電路所產生,或者藉 由載入㈣6G7自資料快取所取得)一起被執行^ 輯電路632所安排執行,係藉由被相對應的微指令 佇列6〇9、6"、613、615替換微指令而達成。執行 單元61〇、612、614、616、617執行微指令並提_ 結果給儲存階段618。在一實施例中,微指令包人 指示其是否與其它運算平行執行的攔位。反應於二 述的取得密碼指令’轉譯邏輯電路6〇2產生相關的 微指令’這些微指令在微處理器_之隨後階段 605-608、618、619中指出邏輯電路,以施行扑: 的密碼運算。運算第-多數相關微指令被傳送= 碼單元6Π並指示密碼單元617 “由載人匯 620所提供的資料,或者載入一區塊的輸入資料並 開始執行預定數量之加密迴圈’以產生一區 出資料,或者透過儲存匯流排622,以提供輸出: 料的產生區塊,並藉由儲存階段618而儲存在記二 體中。第二多數相關微指令被傳送至其他執行: ㈣、川、川、616以執行其他子運算,這些子: ^而元成預定密碼運算,這些預定密碼運算可為. 36 200536329 測試E位元629,致能η你- 双此〇位凡631、設定χ位元625 以指出密碼運算是否在執行、更新暫存器6〇5中的 暫存器(也就是:計算暫存器、輸入文字指標暫存 ϋ '輸^字指標暫存處理被中斷邏輯電路 6 2 6所指示的中斷6 2 7。補μ μ ^ 研“通過父錯密碼單元微指令序 列中之整數單元微指今,乂日Μν 干u7相關微指令係被提供作為 多重輸入資料區塊上特定密碼運算之執行,以使整 數運算能夠和密碼單元運算並行完成。微指令係包 含在相關的微指令中以允許回應中斷627和從中斷 627返回。由於所有密碼參數和資料的指標都存放 在χ86的結構暫存器中,當處理中斷時他們的狀態 將會被保存,而且等狀態在從中斷返回時恢復。因 此’當有中斷發生時,程式控制將跳轉到相應的中 斷服務程式。作為程式控制跳轉的一部分,χ位元 625將被清掉金鑰賴和控财元資料^ 再有效。當從中斷返回時,程式控制係被轉回到密 碼指令’並作為其相關微指令的—部分,特殊的微 指令將測試)(位元625的狀態以決m身料和控 制字元資料是否有效。如果有效,程切對在中: 發生之前的特定輸人f料區塊繼續進行處理,如果 X位元625的狀態表明金鑰資料和控制字元資料不 37 200536329 再有效,將會重新到記憶體,並轳 在處理转宋於A -欠』丨 M 中斷發生時正 在-里特疋輸入貧料區塊的金鑰 之’根據本發明’執行—密碼指令總、:兀。‘、 625的初始測試以決定在密碼單元 =:資料的有效性。如果金鑰資料 元資料。然後由輸入扑;=鍮資料和控制字 塊乃被载入,而且於: 指向的輪入資料區 上^ ^密碼運算係錢人資料區塊 上執仃。另外,輸入資料區塊—充 算的執行並不需要先和心疋抵碼運 料。 不而要先載入金鑰資料和控制字元資 如果有了-個新的金鑰和控制字 行新的密碼指令之前必須清掉該χ位元62 ^ 相同金鑰資料和控制字資料的連續密碼指 被執行。在這種情況下,無需在初始化金蝴:: 控制子育料被輸入後清掉χ位元625。例如 1高記憶體匯流排的速度,用戶可以將5〇〇個輸入 貝料區塊的加密/解密分成5個密碼指令,其每個指 令係可處理100個輸入資料區塊。 曰 利用选碼區塊串列模式,密碼區塊串列區塊指 才示邏輯電路640將完成密碼運算。密碼區塊串列區 38 200536329 塊指標邏輯電路640確保相關的微指令工作正常並 允許指標暫存器和在系列輸人文字區塊上之區塊密 碼運算序列的中間結果在處 s _ 处里中斷627之前能夠被 更新、碼區塊串列區塊指標邏輯電路“。指示插 入到4扣"I ^之微指令電路,這樣在執行第一區 塊輸入資料的密碼運算日岑 山〜 在記憶體中的輸入及輸 二:枓區塊指標乃被更改指向下—輸入及輸出資料 :塊。另外’密碼區塊串列區塊指標邏輯電路64〇 曰不插入到相應的微指令流中之微指令,使更改區 :计數β以表明當前輸入資料區塊上的密碼運算已 成。一個熟悉該項技術者了解在密碼區塊串列 :式下的加密運算使用一個初始化向量,其係被一 弟-: 月文區塊使用以產生一第—密文區塊。為了生 -弟二密文區塊’第一密文區塊將被作為第二明 =塊的等量初始化向量,依次延續。因此密碼區 :列區塊指標邏輯電路6 4 〇識別密碼區塊串列模 工加密並提供一序列微指令以更新該結構暫存器之 :標’進而確保第一明文區塊後的區塊,以使用人 適的密文區塊作為其等量初始化向量。 對於密碼區塊串列模式解密,一個熟悉該項技 付了解使用一個初始化向量和一第一密文區塊, 39 200536329 以產生一第一明文區塊。為了生成下一個明文區 塊’第一密文區媿將被作為該第二密文區塊的等量 初始化向1,依次延續。因此該密碼區塊串列區塊 才曰標邏輯電路640識別密碼區塊串列模式解密並提 供一序列微指令,俾當相應的明文區塊產生時,暫 時儲存每一密文區塊,並將暫時儲存的密文區塊寫 回到初始化向量指標暫存器指向的記憶體區,使得 下一個明文區塊產生時得以做為一等量初始化向 量。 現在參照圖7’圖表舉例說明了 一在圖6的微 處理器内執行密碼子運算的典型微指令700的姓 構。微指令m包括一個微運算碼欄位7〇1,—: :科暫存器攔位7〇2和一個暫存器襴。 异碼攔位701表明了 一個要被執行的特定子運曾 並且表明了微處理器600執行子 段的邏輯電路。微運算碼棚位心:二個階 定的微指令通過依攄太……特殊值表明指 圮依據本發明之密碼單元來執杆如 -個實施例中,有兩種特殊值。—:在 (XLOAD)表明要從記憶體位置擷取資料:裁入 址是由資料暫存器攔位702所表示的〆體位 内容指定。資料將被载入到的::存器之 平70的暫存器中, 200536329 而暫存态則係由暫存器攔位7〇3所指 資料(例如密碼金鑰資料、控制字元、於擷取到的 料、初始化向量)係提供給密瑪單元。f入文字資 位7 01之—篦一 M 封運算碼攔 之弟—值儲存USTOiO係表明由^ 所產生的資料將要 4 月由畨碼單元 係由資料暫存1 存到一§己憶體位置,其位址 … 欄位702所表示的結構暫存哭产 疋。在一個複數階段密碼單 爛…示數組輪出資::::=暫存器 存在5己憶體中。輸出資料區塊係由密碼單元::: 攔位704中提供仏鍅户溫沾 早兀在-貝料 a, ,、…存邏輯電路存取。依#本發 明:有關密碼單元執行載入和錯存微指令的= 描述將在圖8和圖g中討論。 、 、、、田 來看圖8’表800描述了根據圖7的柊式7〇〇 一條載人微指令的暫存器欄位703的值。如^面的 討論,轉譯一密碼栌人 如别面的 列。微指令序列包含日一:、Λ起產生一個微指令序 令和-組被該微處理器::::單元:第-組微指 功能單元執行㈣二並行. 微相7。第二組微指合— 成,諸如更新計數器、暫 70 測試和設置在機器特殊暫存結構暫存器、 算。第-組指令提供2:;::態…子運 在馬芩數、及輸入資料 41 200536329In the embodiment, the password unit 617 is connected to the stream extension unit 616 through the loading bus delay signal 621 and the storage bus 622. The crypto unit 617 shared the stream extension unit: «令 许 列 615. In another-alternative embodiment, independent parallel operations of the cryptographic units Η? Are performed in a similar manner to the units 610, 612, and 614. The integer unit 61 is connected to a χ86 flag (EFLAGS) register 624. The flag register contains χ bit 625, which is used to indicate whether the cryptographic operation is being processed. In one embodiment, the X bit 7L 625 is the 30th bit ranked in the x86 flag register 624. In addition, the integer unit 61 receives the machine-specific register 6-28 to identify the state of the E bit 629: whether the crypto unit 617 is present in the microprocessor 600. The integer early element receives a D bit 631 in the characteristic control register 630, and enables or disables the crypto unit 617. The micro-processing embodiment 301 shown in FIG. 3, and the microprocessor 600 in FIG. 6 specifically describe some components to clearly represent the origin of the x86_compatible embodiment and clearly gather or delete other headers of the microprocessor. Q In the dagger style, the artist can easily know other metadata caches (not shown), bus interface units (not shown in 34.200536329), clock generation and distribution logic circuits (not shown) required to complete the interface. Drawing) and so on. In the operation, the instruction logic circuit 601 is used to obtain the instruction circuit from the memory (not shown) and provide the instruction to the translation logic circuit 602 in synchronization with the clock signal (not shown). The translation logic circuit 602 translates each instruction circuit to a corresponding array of microinstruction circuits. These microinstruction queues are continuously provided to the microprocessor at subsequent stages 605-608, 618, and 619. Each micro-instruction circuit in the micro-instruction sequence instructs the execution of a sub-operation. This sub-operation needs to complete a comprehensive operation. This comprehensive operation is performed by corresponding instruction circuits. These corresponding instructions can be used as the following instruction circuits: Borrow From the generation of the address in the addressing stage; the two-phase addition transport code in the integer unit 61. This integer unit 61 is obtained from the designated register (not shown) in the register stage 60. ; Store the results produced by one of execution units ㈣, 612, 614, 616, 617, which are executed by the storage stage 618. According to the translated finger # T two translation logic circuit 602, the translator 603 will directly generate a micro-Z π sequence, or obtain the sequence from the microcode read-only memory 604 =, or the translator 603 will directly generate a sequence And learn the existing sequence portion from the microcode read-only memory 604. The micro-finger 7 is synchronized with the clock signal through successive phases 605_608, 618, and 619. When the microinstructions reach the execution stage 608, 35 200536329 they and their opcodes and designated execution units 61〇, 6i2, 614, 616, 617 (obtained from the scratchpad in the scratchpad stage 605, or Generated by the logic circuit in the address stage 606, or obtained by loading (6G7 from the data cache) together and executed by the execution circuit 632, which is performed by the corresponding microinstruction queue 6009 , 6 ", 613, 615 instead of micro instructions. The execution units 610, 612, 614, 616, 617 execute micro instructions and provide the results to the storage stage 618. In one embodiment, the microinstruction encloses a block indicating whether it is executed in parallel with other operations. In response to the second-mentioned acquisition of the cryptographic instruction 'translation logic circuit 602 generates related microinstructions', these microinstructions point out the logic circuit in the subsequent stages of the microprocessor_ 605-608, 618, 619 to implement the: Operation. The operation number-most relevant micro-instructions are transmitted = code unit 6Π and instructed to the crypto unit 617 "The information provided by the manned exchange 620, or the input data of a block is loaded and a predetermined number of encryption loops are started" to generate One area outputs the data, or provides the output through the storage bus 622: the generation block of the material, and is stored in the record body through the storage stage 618. The second most relevant microinstructions are transmitted to other implementations: ㈣ , Chuan, chuan, 616 to perform other sub-operations, these sub-elements: ^ and yuan into predetermined cryptographic operations, these predetermined cryptographic operations can be. 36 200536329 Test E bit 629, enabling η you-double this 0 bit Fan 631, Set the χ bit 625 to indicate whether the cryptographic operation is being performed, and update the register in the register 60 (that is, the calculation register, the input text index temporary storage ϋ 'input ^ word index temporary processing is interrupted The interruption indicated by the logic circuit 6 2 6 6 2 7. Complement μ μ ^ "Research through the integer unit micro instruction in the micro instruction sequence of the parent wrong password unit, the next day Μν and u7 related micro instructions are provided as multiple input data Block specific Code operations are performed so that integer operations can be performed in parallel with cryptographic unit operations. Microinstructions are included in the relevant microinstructions to allow response to interrupt 627 and return from interrupt 627. Since all password parameters and data indicators are stored in χ86 In the structure register, their state will be saved when processing interrupts, and the state will be restored when returning from the interrupt. Therefore, when an interrupt occurs, program control will jump to the corresponding interrupt service routine. As a program As part of the control jump, the χ bit 625 will be cleared of the key key and the control financial data ^ and then valid. When returning from the interrupt, the program control system is transferred back to the password instruction 'and used as part of its related micro instruction , Special micro instructions will test) (The state of bit 625 depends on whether the figure and control character data are valid. If it is valid, Cheng cuts in: The specific input block before the occurrence continues to be processed, If the state of X-bit 625 indicates that the key data and control character data are not valid anymore, 200536329, it will re-enter the memory, and will be transferred to Song Yu A- 』M When the interruption occurs, the key of the lean block is being executed according to the present invention-Rite 疋. According to the present invention, the execution of the cryptographic command is: 兀. The initial test of 625 is to determine the validity of the cryptographic unit =: data If the key data is metadata, then the input flutter; = 鍮 data and control block are loaded, and executed on: the rotating data area pointed to ^ ^ password operation is performed on the money person data block. In addition, the input data block-the execution of the charge does not need to be shipped with your heart. Instead of loading the key data and control character data first, if you have a new key and control word line Before the new password instruction, the χ bit 62 must be cleared. ^ Consecutive password instructions with the same key data and control word data are executed. In this case, there is no need to clear the χ bit 625 after initializing the Golden Butterfly :: Control subfeed. For example, with a high memory bus speed, users can divide the encryption / decryption of 500 input data blocks into 5 password instructions, each of which can process 100 input data blocks. Using the code selection block serial mode, the password block serial block indicator indicates that the logic circuit 640 will complete the cryptographic operation. Cryptographic block serial area 38 200536329 The block index logic circuit 640 ensures that the relevant micro instructions work properly and allows the intermediate results of the index register and the block password operation sequence on the series of input text blocks to be at s _ Before interruption 627, it can be updated, the code block serial block index logic circuit ". The instruction is inserted into the micro-instruction circuit of 4 buckle" I ^ ", so that the cryptographic operation of the input data of the first block is performed. Input and output in memory 2: The block index is changed to point downwards-input and output data: block. In addition, the 'password block string block index logic circuit 64' is not inserted into the corresponding micro instruction stream The micro instruction makes the change area: count β to indicate that the cryptographic operation on the current input data block has been completed. A person familiar with the technology understands that the cryptographic operation under the cryptographic block string: formula uses an initialization vector, which It is used by Yidi :: Moontext block to generate a first-ciphertext block. For the first-second ciphertext block, the first ciphertext block will be used as the equivalent initialization vector of the second Ming = block. , Followed by Therefore, the password area: Column Block Index Logic Circuit 640 identifies the cryptographic block serial die encryption and provides a sequence of micro instructions to update the structure register: the 'mark' to ensure the area behind the first plaintext block. Block, using a suitable ciphertext block as its equivalent initialization vector. For the cipher block serial mode decryption, a person familiar with this technology knows the use of an initialization vector and a first ciphertext block, 39 200536329 to A first plaintext block is generated. In order to generate the next plaintext block, the first ciphertext block will be initialized to the same as the second ciphertext block to 1, and will continue in sequence. Therefore, the cipher block string area The block logic circuit 640 recognizes the cipher block serial mode decryption and provides a sequence of micro instructions. When the corresponding plaintext block is generated, each ciphertext block is temporarily stored, and the temporarily stored ciphertext block is stored. Write back to the memory area pointed to by the initialization vector index register, so that the next plaintext block can be used as an equal amount of initialization vector. Now referring to the chart in FIG. The last name structure of a typical microinstruction 700 that performs codon operations in the processor. The microinstruction m includes a microoperation code field 701,-:: temp register block 702 and a register 襕. The code block 701 indicates a specific sub-operation to be executed and indicates that the logic circuit of the sub-section is executed by the microprocessor 600. The micro-computing code center: two predetermined micro-instructions are based on the eitai ... special The value indicates that the password unit is executed according to the present invention. In one embodiment, there are two special values. —: (XLOAD) indicates that data is to be retrieved from the memory location: the cutting address is temporarily stored by the data The body position specified by the device stop 702. The data will be loaded into: the register of the level 70 of the register, 200536329, and the temporary state is indicated by the register stop 703 Data (such as cryptographic key data, control characters, data retrieved, and initialization vectors) are provided to the Mimar unit. fEnter text information 7 01—brother of one M-code operation code block—value storage USTOiO system indicates that the data generated by ^ will be April from the code unit system from the data temporary storage 1 to a §memory body Location, its address ... The structure indicated by field 702 is temporarily stored. In a plural phase, the password list is bad ... it shows that the round funding :::: = register is stored in the memory. The output data block is provided by the password unit :: block 704. The user's temperature is provided by the early-in-a-box material a, ,, ... stored in the logic circuit for access. According to the present invention: the descriptions of the load and misstore microinstructions of the crypto unit will be discussed in Figs. 8 and g. Looking at FIG. 8 'Table 800 describes the value of a register field 703 containing a human micro instruction according to Equation 7 of FIG. As discussed in the previous section, translating a password into a person is as shown in the other columns. The micro-instruction sequence contains a sequence of micro-instructions and-from Λ to generate a micro-instruction sequence and the-group is executed by the microprocessor :::: unit: the-group of micro-finger functional units execute two parallel. Micro-phase 7. The second group of micro-finger combinations — such as updating the counter, temporarily testing and setting the temporary registers in the special temporary structure of the machine, counting. The second group of instructions provides 2:; :: state ... sub-transport number and input data. 41 200536329

到密碼單Tt並指示密碼單元使生成金鑰目錄 入從記憶體所擷取的金餘目錄),載人並加密 密)輸入文字資料,及儲存輸出文字資料。—截 微指令為密碼單元提供載入控制字元資料,载入: 碼金鑰或金鑰目錄’載入初始化向量資料,載入二 入:字資料,及载入輸入文字資料並驅動密碼單: 執:丁:疋的密碼運算。在一载入微指令暫存器攔位 的數值_10,指定密碼單元載入一控制字元 到自身内部控制字元暫存器中。由於這個指令 行,暫存器階段的結構控制字元指標暫存 t取,以取得存放了控制字元在記憶體中的 位址。疋址邏輯電路將位址轉譯成為實體位址 供記憶體存取。載入邏輯電路從快取擷取控制字 70 ’並將控制字元放置到資料欄位704,此時控制Go to the password list Tt and instruct the cryptographic unit to generate the key catalogue into the surplus catalogue retrieved from the memory), carry it and encrypt it) enter text data, and store and output text data. —Truncate instructions provide loading control character data for the password unit, load: code key or key directory 'load initialization vector data, load binary: word data, and load input text data and drive the password list : Execution: Ding: 疋 's cryptographic operations. At a value _10 of a load microinstruction register, the designated password unit loads a control character into its own internal control character register. Due to this instruction line, the structure control character pointer of the register stage is temporarily fetched to obtain the address of the control character in memory. The address logic circuit translates the address into a physical address for memory access. The load logic circuit retrieves the control word 70 from the cache and places the control character in the data field 704.

::經傳送到密碼單元。同樣的,暫存器爛位i 指示密瑪單元,以載入在資料爛位7。4所 密碼運算。同:二4:及::後的載入、執行指定之 ^子几一樣’輸入資料通過-儲存 =構暫存器裏的指標被存取。數值咖表示資 =攔位⑽所提供的輸人資料將被载人到内部暫存 輸入-卜载入到輸入」暫存器的資料可以是 42 200536329 輸入文字資料(當管線化時),也可以是一初始化向 量。數值Obl 10和〇bl 11表示密碼單元分別載入一 個密碼金鑰或是在使用者產生金鑰目錄中一個金鑰 的低位元和高位元。依據本發明,使用者是指完成 一個指定功能或指定運算,使用者可以是一應用程 式、一作業系統、一機器,或一個人。因此,在一 個實施例中,使用者產生金鑰目錄可由應用程式建 立。在一可選的實施例中,使用者產生金鑰目錄可 由人所建立。 在一個實施例中,暫存器欄位的數值〇bl〇〇和 0 b 1 01係將一個岔碼單元分為兩個階段,連續的輪 入文字資料區塊能被管線化。因此,為了使兩個連 績的輸入資料區塊進行管線化,一第一載入微指令 執行給輪入-1提供了一第一輸入文字資料區塊,隨:: Passed to the crypto unit. Similarly, the bad bit i of the register indicates the Mimar unit to load the cryptographic operation at the bad bit 7.4 of the data. Same as: 2: 4: and ::: After loading and executing the specified ^ child is almost the same ’Input data is accessed through -storage = construct the index in the register. The value of the data indicates that the input data provided by the user will be loaded into the internal temporary storage input-the input data will be stored in the register. The data in the register can be 42 200536329 text input data (when pipelined), Can be an initialization vector. The values Obl 10 and Obl 11 indicate that the cryptographic unit is loaded with a cryptographic key or a low-order bit and a high-order bit of a key in the user-generated key list, respectively. According to the present invention, the user refers to the completion of a specified function or a specified operation, and the user may be an application, an operating system, a machine, or a person. Therefore, in one embodiment, the user-generated key catalog can be created by the application. In an alternative embodiment, the user-generated key directory may be created by a person. In one embodiment, the values of the register fields OBBLOO and 0B101 are divided into two stages of a fork code unit, and consecutive round-text data blocks can be pipelined. Therefore, in order to pipeline the two consecutive input data blocks, a first load microinstruction execution provides a first input text data block to round-in, and then

後執行第二載入微指令給輸入-〇提供一第二輸 入文子貧料區塊,同時指示密碼單元開始執行指定 的密碼運算。 ^如果一使用者產生金鑰目錄被用來執行密碼 運算’那麼和使用者產生金鑰目錄的金鑰數量相對 應的夕數载入微指令將被發送到密碼單元,其係用 以載入在金鑰目錄中的每一回合金鑰。 43 200536329 載入微指令之暫在哭、4 以保留。 ^挪位703的所有其他值予 一茶照圖9 ’表_轉示根據圖7的格式 -儲存微指令的暫存器襴位7〇3的數值 令指示密碼單元產^:广 子U #曰 一 生(即加密或解密)的輪 貧料提供給儲存邏輯電路,將其儲 子 702指定的記情俨仿 疋址棚位 曰疋们‘隐體位址。因此,根 邏輯電路在為其相^ ,轉譯 U關輪入文字區塊發送 指令後,為特定的輪屮令^广ώ 戟入& 令。暫存器攔位703的數值〇bl(^一 /存心曰 合其内部於屮一 指不密碼單元聯 2 ^ 輸出暫存器將輸出文字區塊提 仏A儲存邏輯電路 入 子輸出-〇的内容和提供到輸 位數值〇二 塊係有關。同樣,參照暫存器搁 1 ’内部輸出-1暫存器的内容和提供到 輸入—1的輸入文宝杳极L 9 錄和控制字元資料之:Γ、關:的。因此,載入金 ^ ^ 、’ ^ 發送密碼微指令使複數個 輸入文子區塊能甬一 碼微指令依以 ;^進行管線化’這些密 入H 輪入Ί、載入.輸入—〇(載 出—卜儲存·輪“、載人.輸入-1、 Ά ^開始對下面兩個輪入文字區塊進行運 44 200536329 算)等等。現在來看圖10,依據本發明,圖表著重 才田述個控制字元格式1 0 0 0,控制字元指定密碼運 算的密碼參數。控制字元1 000是由使用者程式化到 記憶體,而在執行密碼運算之前,其指標係由一適 合微處理器的結構暫存器所提供。因此,做為密碼 扣令相關的 政指令序列的一部分,一載入微指令指 示微處理為讀取包含有指標之結構暫存器,將指標 轉換為一個實體位址,從記憶體(快取)讀取控制鲁 字元1 000並將控制字元1 000載入到密碼單元的内 部控制字元暫存器中。控制字元1 000包括一個保留 攔位(RSVD )1〇〇1,一個金鑰大小攔位(KSIZE) 1 002, 一個加密/解密攔位(E/D) 1 003,一個中間結果攔 位(IRSLT) 1004’ 一個金錄產生欄位(KGEN) 1005, 一個 >貝异法搁位(A L G ) 1 0 0 6和一個回合計數攔位 (RCNT) 1 007 〇 · 保留欄位1 0 0 1的所有值都被保留。金餘大小 欄位1 002的内容指定用來完成加密或解密的密碼 金鑰大小。在一個實施例中,金鑰大小欄位或者是 一 128位元金錄,或者是一 192位元金餘,或者是 一 2 56位元金鑰。加密/解密攔位1〇〇3指定密碼運 算是加密運算還是解密運算。金鑰產生攔位1005 45 200536329 表明記憶體内提供的是一 用者產生金餘目絲;罗3 —單一的密碼金鑰,如果是—_ ”、 疋 單一後、碼金餘的古壬, 微指令將和密碼金輪_ 、, 、' ° 演算法攔位1 006指定 : 鍮擴展為金鑰目錄。在一個 :: i〇〇6m寅算法為目〜㈠τ “法攔位 準、、宮曾半,一舌一…月】斤纣淪過的資料加密標 標準演算法。可替代的,二::法或是進階加密 例包含其他的演算法, 口 :n ael密碼演算法,Tw〇fish密碼演算法 等。回合計數攔位1〇〇7的肉六分4ι^人 ulJ7的内办依據給定演算法完成 母-輸入文字區塊所給定的密碼回合數。 =密碼演算法標準指定了每一輸入文字區塊的、固定 达馬回口數’但是提供回合計數攔位 師更改該標準所指定的回合數。在—個實施=式 耘式師可以對每個區塊指定0到15回合。最後,中 間=果欄位1 004的内容指定一個輸入文字區塊的 ^进/解密是否根據演算法攔位1 006指定的密碼演 异法標準,以回合計數攔位1 007所指定的回合數執 =者三,者加密/解密是否根據演算法攔位1 006指 疋的演算法,以回合計數攔位1 007指定的回合數執 亍而最後一回合執行結果是一個中間值而不是最 46 200536329 終結果。一個熟悉該攔位技術之人將希望在每一回 合中,許多密碼演算法都執行相同的子運算,除了 最後一回合的執行以外。因此,對中間結果攔位 1 0 04編程以提供中間結果而不是最後結果,可允許 程式師更改施行運算法的中間步驟。例如,可以通 過在一個文字區塊上執行一回合加密’然後在相同 文子區塊上執行兩回合,然後3回合等,以獲得累 加的中間結果以驗證演算法的性能。提供可編程回 合計數和中間結果的功能讓使用者能夠驗證密碼編 碼性能,檢測故障,並探究不同金鑰結構和回合計 數的效用。 參照圖11 ’方塊圖詳細描述依據本發明的密碼Then execute the second load microinstruction to provide a second input sub-lean block to input -0 and instruct the crypto unit to start the specified crypto operation. ^ If a user-generated key directory is used to perform cryptographic operations, then the load microinstruction corresponding to the number of keys in the user-generated key directory will be sent to the crypto unit, which is used to load Every key in the key catalog. 43 200536329 Crying while loading microinstructions, 4 to keep. ^ Replace all other values of 703 to a tea according to Fig. 9 'Table_Representation according to the format of Fig. 7-the value of the register 0703 which is used to store microinstructions instructs the cryptographic unit to produce ^ : 广 子 U # The whole life (ie, encryption or decryption) of the poor material is provided to the storage logic circuit, and the memory designated by its storage 702 is imitated at the address booth. Therefore, after the root logic circuit translates and sends instructions to the U-turn-in text block, it issues a command for a specific round. The value of the register block 703 is bl (^ 一 / memory, and its internal is connected to the one-finger password unit 2) The output register will lift the output text block to A to store the logic circuit into the sub-output -0's The content is related to the input value of the second block. Similarly, refer to the register 1 and the contents of the internal output-1 register and the input to the input-1. Data: Γ, Off: Yes. Therefore, load gold ^ ^, '^ send password micro-instructions to enable multiple input text sub-blocks to rely on one code micro-instruction; ^ pipelined' these are hidden H round-in Ί, load. Input-0 (load out-bu save · wheel ", man. Input -1, Ά ^ began to run the next two round text blocks 44 200536329 count) and so on. Now look at the figure 10. According to the present invention, the chart focuses on the control character format 1 0 0, where the control character specifies the password parameter for the cryptographic operation. The control character 1 000 is programmed into the memory by the user, and the cryptographic operation is being performed Previously, the indicators were provided by a structure register suitable for a microprocessor Therefore, as part of the administrative instruction sequence related to the password deduction order, a micro instruction is loaded to instruct the micro-processing to read a structure register containing an indicator, convert the indicator to a physical address, and remove the memory (cache ) Read control character 1 000 and load control character 1 000 into the internal control character register of the password unit. Control character 1 000 includes a reserved stop (RSVD) 1001, a Key size block (KSIZE) 1 002, one encryption / decryption block (E / D) 1 003, one intermediate result block (IRSLT) 1004 ', one gold record generation field (KGEN) 1005, one > shell Alien Hold (ALG) 1 0 0 6 and a Round Count Block (RCNT) 1 007 〇 · All values in reserved field 1 0 0 1 are reserved. The content of the gold surplus size field 1 002 is used to specify To complete the encryption or decryption of the cryptographic key size. In one embodiment, the key size field is either a 128-bit gold record, or a 192-bit gold balance, or a 2 56-bit key. The encryption / decryption block 003 specifies whether the cryptographic operation is an encryption operation or a decryption operation. The key generation stop 1005 45 200536329 indicates that the memory is provided by a user to generate gold eyes; Luo 3 — a single cryptographic key, if it is — ”, 、 after a single, the code Jinyu Guren, micro The instruction will be combined with the cryptographic golden wheel _ ,,, and '°. The algorithm block 1 006 specifies: 鍮 Expands to the key directory. In one :: i〇〇6m 寅 The algorithm is for the purpose ~ 法 τ "Method block standard, Miyazaka , One tongue, one month ... The standard algorithm for encryption of data encryption standards. Alternatively, two :: method or advanced encryption examples include other algorithms, mouth: n ael password algorithm, Twfish fish algorithm and so on. The round count stops the meat of 1007 and 4m ^ ul. The internal office of ulJ7 completes the number of password rounds given by the mother-enter text block according to the given algorithm. = Cryptographic algorithm standard specifies a fixed number of Dammam rounds for each input text block 'but provides a round count stopper to change the number of rounds specified by the standard. In one implementation = type The hard type division can specify 0 to 15 rounds for each block. Finally, the content of the middle = fruit field 1 004 specifies whether the ^ advance / decryption of an input text block is based on the algorithmic cryptographic standard specified by algorithm block 1 006 and the round specified by block 1 007 Number of executions = 3, whether the encryption / decryption is based on the algorithm of algorithm blocking 1 006, and the execution is performed with the number of rounds specified by round counting blocking 1 007, and the execution result of the last round is an intermediate value instead of Most 46 200536329 final results. A person familiar with the blocking technique will hope that in each round, many cryptographic algorithms perform the same sub-operations, except for the execution of the last round. Therefore, programming the intermediate result stop 1 04 to provide an intermediate result instead of the final result allows the programmer to change the intermediate steps of the execution algorithm. For example, you can verify the performance of the algorithm by performing one round of encryption on one text block, then two rounds on the same text subblock, and then three rounds, etc. to obtain cumulative intermediate results. The ability to provide programmable round counting and intermediate results enables users to verify the performance of cryptographic codes, detect failures, and explore the utility of different key structures and round counts. The cipher according to the present invention will be described in detail with reference to FIG. 11 ′.

單元1 1 0 0。岔碼單元1 1 0 0包括一個通過微指令匯 流排1114接收密碼微指令(即載入和儲存微指令) 的微編碼暫存器1103。密碼單元11〇〇也具有一7控 制字元暫存器11〇4、一輸入_〇暫存器ιι〇5、及一 輸入-1暫存器Π06、一金鑰—〇暫存器11〇7,一全 鑰—1暫存器UG8。資料係通過—載人匯流排i⑴ 提供給)存器11〇4-1108,如同在微指令暫存器 11 03裏的載入微指令内容所指定。 °° 么碼早70 U00 連接到所有暫存1111G3-_和金鍮隨機存 47 200536329 取記憶體(cryptographic key RAM)ll〇2 的區塊穷 碼邏輯電路11 01。區塊密碼邏輯電路提供一個延遲 k號111 3 ’並將區塊結果提供到一輪出—q暫存哭 1109和一輸出-1暫存器1110。輸出暫存器 1109-1110通過一儲存匯流排1112發送他們的内 容到一適合微處理器的相繼階段中。在一個實施例 中’微指令暫存器Π03為32位元,而其他暫存器 1104-1110則皆為128位元。 鲁 在運异中,密碼微指令順序地傳送給微指令暫 存器1103,同時控制字元暫存器11〇4或輸入暫存 器1 1 05-1 1 06中的一個,或金鑰暫存器11〇7一11〇8 中的一個所指定資料也被發送。在參照圖8和圖9 所討論的實施例中,一控制字元首先通過一載入微 才曰7載入到控制字元暫存器1104中。然後通過後續 載彳放心々載入密碼金錄或金錄目錄。如果一個 _ 1 2 8位元的岔碼金鑰被裝入,一載入微指令即可提 =給指定暫存器金錄_〇 11〇7。如果大於128位元的 :I金鑰被载入’那麼一載入微指令除了提供給指 定暫存器金鑰—〇 11〇7外,亦同時提供暫存器金鑰 1 U 0 8所指定之一載入微指令。如果使用者產生 金餘目錄被载人,則暫存器金鑰-G 1107所指定的 48 200536329 後續載入微指令將被提供。金錄目錄裏所載入的每 個金鑰依次地儲存在金鑰隨機存取記憶體中 =他們相應的密碼回合中使用。繼這之後,輪入 文子㈣(如果不需要初始化向量)將被載入到輪 入-1暫存器n〇6。如果需要初始化向量,它將通過 一條載入微指令被裝載到輪入_丨暫存器ιι〇6。作用 於輸入-〇暫存器11〇5的載入微指令指示密碼單 兀,使載入輸入文字資料到輸入_0暫存器1105,並 開始根據由控制字元暫存器1104提供的參數,使用 輸入-1的初始化向量或兩個輸入暫存器 (如果輸人資料管線化)以執行暫存器輸人1105 輸2文字資料的密碼回合。在收到輸入-〇 1105所 心^的載人微指令之後’區塊密碼邏輯電路通過控 制子元的内谷,開始執行所指定的密碼運算。如果 一個單獨的密碼金餘需要被擴展,區塊密碼邏輯電 路即在金鑰目錄裏生成每個金m把他們儲存 在金鑰隨機存取記憶體⑽裏。無論區塊密碼邏輯 電路η〇ι產生金鍮目錄或是金鍮目錄係從記憶體 載入,第一回合金鑰係被緩存在該區塊密碼邏輯電 路11 〇 1内,以便該第一個區塊密碼回合無需要訪問 該金鑰隨機存取記憶體1102即可執行。一旦起動, 49 200536329 =定:乃在至少一個輪入文字區塊繼續 的…算直到完成運算,像、 =要求的那樣從金錄隨機存取記憶體丨1〇2中: 截取回合金鑰。密瑪單元1100在指定的 區塊上執行-個指定的區塊密碼運算。連:的輸: ::力區!:可經由相應且連續的載入和儲存::: 執仃加⑨或解密。t—儲存微指令被執行後,如果 被指疋的輸出資料(即輸出,〇 <輸出還沒完全 H ’此時區塊密碼邏輯電路乃產生延遲信號 當輸出資料產生並被置入-相應的輸出暫存 益"〇9-"10時’暫存器11〇9_111〇的内容即被移 轉至儲存匯流排u丨2。 現在看圖12, 一方塊圖說明了根據本發明使 用進階加密標準執行密碼運算的一個區塊密碼邏輯 電路1 2 G G的貫施例。區塊密碼邏輯電路1 2⑽包括 =過匯流# 1211 — 1214和匯流排1216 —1218連接到 〜回。引擎控制器12丨〇的回合引擎1 220。回合引 擎控制裔1210存取一微指令暫存器1201,控制字 疋暫存裔1 202,金鑰—〇暫存器ι2〇3,以及金鑰一丄 2存态1 204以存取指示密碼運算的金鑰資料、微指 ▽和參數等。輸入暫存器ι2〇5 —12〇6的内容提供到 200536329 回合引擎1 220及回合引擎1 220將相應的輪出文字 提供到輸出暫存器1 207-1 208。輸出暫存器 1 207-1 208通過匯流排1216-121 7,連接到回合引擎 控制态1 21 0,以轉保回合引擎控制器能夠存取每個 連續密碼回合的結果,其係通過匯流排NEXTIN 1218 為一下一個密碼回合提供到回合引擎122〇。金输隨 機存取記憶體(未圖示)的金鑰,通過匯流排1 2 ^ 5 被存取。(ENC/DEC)加密/解密信號丨211指示回合 引擎使用子運异執行加密(例如S — B〇x)或解密(例 如反轉S-Box)。回合計數(RNDC〇N)匯流排1212 的内容驅動回合引擎1 220執行一第一進階加密標 準回合,一中間進階加密標準回合或者最後的進階 加密標準回合。單一產生金鑰(GENKEY)信號1214 用來私不回合引擎1 220,以根據匯流排丨21 3所提 供的金鑰生成一金鑰目錄。當它的相應回合被執行 時,金鍮匯流排1 21 3乃提供給回合引擎1 2 2 〇每一 回合的金餘。 回合引擎1 220包括連接到一第一暫存器暫存 〇 1222上的第一金鑰xqr邏輯電 — 存器刪連接一邏輯電路12二 邏輯電路1223則係連接到移列邏輯電路1 224上。 200536329 移列邏輯電路1 224係連接到一第二暫存器暫存η 1 2 25處。第二暫存器1 225則連接到混攔邏輯電路 1 226,混攔邏輯電路1 226係連接到一第三暫存器暫 存2 1 22 7。這些在上面討論的進階加密標準ρ I ps 中的第一金鑰邏輯電路1221,s —Β〇χ邏輯電路 1 223,移列邏輯電路1 224及混攔邏輯電路1226係 在輸入文字貧料上執行像他們名稱一樣的子運算。 混欄邏輯電路1 226在中間回合期間需要通過金鑰 匯流排1213,使用回合金鑰在輸入資料上執行進階 加密標準X0R功能。第一金鑰邏輯電路1221,s — 邏輯電路1 223,移列邏輯電路1 224,及混攔邏輯電 6也用末在解您期間通過加密/解密狀熊 211用以執行他們相應的反向進階加密標準子運 ^。一位熟悉該項技術者了解根據由控制字元暫存 2 1/02的内容指定的特殊區塊加密模式,使中間回 合資料被回授到回合引擎1 220。初始化向量資料 (如果需要)係通過匯流排ΝΕΧΤΙΝ 1218提供給回人 弓丨擎1 220。 ° 在圖12所示的實施例中,回合引擎係被分為 :個階段·暫存-〇 1 222與暫存—1 1 225之間係第— 又’而暫存-1 1 225與暫存-2 1 227則係第二階 52 200536329 段。中間回合資料與 μ其# π #〜 了胍L唬(未圖不)同步在階段 間g線化傳送。當资 田⑴碼運异在一輸入資料區塊上完 成日守,相關輸出資料g 貝科即被存放到相應的輸出暫存哭 1 207-1 208。一微指人枚七 ilU曰7儲存的執行使得一指定輸出暫 存器1 207-1 208的内交妯担μ 幻円奋被提供至一儲存匯流排(未 圖示)。 在看囷1 3流程圖描述了根據本發明在一 次中斷事件期間保護密碼參數狀態的方法。根據本 發明’ t-微處理器執行指令流時,流程係在區塊 1302處開始執行。指令流程並不是—定要包括一個 此處所描述的密碼指令。隨後,流程處理判斷區塊 1 304 〇 在判斷區塊13 0 4時,做出評估以確定是否一 次中斷事件(例如,可遮罩中斷,不可遮罩中斷, 錯頁,任務切換,等等)發生要求在改變當前的指 7 μ (中斷處理器’’)去處理該中斷事件。如果是, 流程即執行區塊1 306。如果不是,流程在判斷區塊 1 034迴圈,在此指令會繼續執行直到一次中斷事件 發生。 根據本發明,在區塊1 3 〇 6時,因為有一中斷 事件發生,在將程式控制交給相應的中斷處理器之 53 200536329 前,中斷邏輯電路指引清掉標誌暫存器内的X位 元。清除X位元確保,當從中斷處理器返回時,如 果-區塊密碼運算在進行’表明至少—個中斷事件 發生,並且在由輸入指標暫存器内容所指向的輸入 資料區塊的區塊密碼運算繼續之前,控制字元資料 和金鑰資料一定要重新载入。隨後流程進入到區 1 308。 在區塊1 308’根據本發明,給所有包含與執行 區塊密碼運算有關的指標和計數器的結構暫存器係 儲存到記憶體。熟悉該項技術者了解在轉交程式控 制到中斷處理器之前’儲存結構暫存器是在; 料計算裝置完成的行為。從而,本發明利用;前資 枓結構的目的在整個中斷事件期間提供執行的透明 化。當暫存器被儲存後,流程即進行到區塊⑶〇。 在區塊⑶G,程式流係移轉到中斷處理哭 後流程即進行到區塊1 3丨2。 在區塊1312,完成方法。熟悉該 解,圖13的方法從中斷處理 汁者了 13〇2開始。 -返回後,再次從區塊 現在參考圖“’流程圖插,會了依據本 次中斷事件發生的情況下,錢㈣人資料區 54 200536329 塊上執行一指定穷 。馬£塊串列模式密碼運算的方法 流程在區塊1402開始,根據 雄、碼指令指引密碼運算,讓 $在此一 串列模式開β在馬運^使用密碼區塊 :式開始執仃。密碼的執行可以是—第一執行 後,傳回到中斷處理器已執行 。 令處。流程隨後進行職塊1404 入扑:二14 〇 4 ’依據本發明,記憶體内經由-輸 =暫:…内容所指向的一資料區塊,係從記 體載入並啟動一指定 ㈣在时… 疋心碼運异。特定的輸入指 密//疋由指定的特殊密碼運算(例如,加密或解 指定的區塊密碼模式(例如㈣、密碼區塊串 列、CFB、或〇FB )戶斤、、表a 土 y 1 μ)所决疋者。例如’如果-加密運 二用0FB模式’那麼用來載入資料的輸入指標暫 存器即係指向記憶體中-初始化向量的暫存器。如 果-解密運算使用㈣模式,那麼用來載入資料的 輸入指標暫存器即係指向記憶體中下一密碼區塊的 暫存器。如m密碼區塊串賴式加密運算, 指向下―日月文區塊的暫存器將被用作輸入指標暫存 55 200536329 器,而由初始化向量指標暫存器指向的資料區塊 又被用來生成相應的密文區塊。如果指定一宓碼區 塊串列模式解密運算,指向下一密文區塊的^存: 將被用作輸人指標暫存n,而心始化向量指標暫 存器指向的資料區塊又被用來生成相應的明文區塊 。流程隨後進行到判斷區塊〗4〇6。Unit 1 1 0 0. The fork code unit 1 1 0 0 includes a micro-code register 1103 for receiving password micro-instructions (ie, loading and storing micro-instructions) through a micro-instruction bus 1114. The crypto unit 1100 also has a 7-character register 1104, an input_0 register ιι5, and an input-1 register Π06, and a key-zero register 11. 7, a full key-1 register UG8. The data is provided to the memory 11-104-1108 through the manned bus i⑴, as specified by the contents of the load microinstruction in the microinstruction register 1103. °° What code is as early as 70 U00 is connected to all temporary storage 1111G3-_ and gold 鍮 random storage 47 200536329 block poor code logic circuit 11 01 of cryptographic key RAM 110. The block cipher logic circuit provides a delay k number 111 3 ′ and provides the block result to a round-out—q temporary cry 1109 and an output-1 temporary register 1110. The output registers 1109-1110 send their contents through a storage bus 1112 to a successive stage suitable for a microprocessor. In one embodiment, the 'microinstruction register UI03 is 32 bits, while the other registers 1104-1110 are all 128 bits. In Lu Yiyun, the password microinstruction is sequentially transmitted to the microinstruction register 1103, and at the same time, one of the control character register 1104 or the input register 1 1 05-1 1 06, or the key register The data specified in one of the registers 1107-108 is also transmitted. In the embodiment discussed with reference to Figs. 8 and 9, a control character is first loaded into the control character register 1104 through a load micro-processor 7. Then load the password gold record or the gold record directory with confidence afterwards. If a _ 1 2 8-bit fork code key is loaded, the micro-instruction can be loaded as soon as the micro-instruction is loaded to the specified register golden record _〇 11〇7. If the 128-bit: I key is loaded, then a load microinstruction is provided in addition to the specified register key — 011 1 07, and also provided with the register key 1 U 0 8 One loads the microinstruction. If the user generates a gold directory to be carried, the 48 200536329 subsequent loading microinstruction specified by the register key -G 1107 will be provided. Each key loaded in the directory is stored in turn in the key random access memory = their corresponding password rounds are used. Following this, the round robin (if no initialization vector is needed) will be loaded into the round -1 register n06. If the initialization vector is needed, it will be loaded into the round-in register via a load microinstruction. The loading micro-instruction acting on the input-zero register 1105 instructs the password unit to load the input text data into the input-0 register 1105, and starts to act according to the parameters provided by the control character register 1104. , Use the initialization vector of input -1 or two input registers (if the input data is pipelined) to perform the password round of register 1105 input 2 text data. After receiving the input human-instruction micro-instruction of -0 1105, the block cipher logic circuit starts to execute the specified cryptographic operation through the inner valley of the control sub-element. If a single cryptographic balance needs to be expanded, the block cryptographic logic circuit generates each gold m in the key directory and stores them in the key random access memory ⑽. Regardless of whether the block cipher logic circuit ηι generates the gold key catalog or the gold key catalog is loaded from the memory, the first round of alloy key system is cached in the block cipher logic circuit 11 〇1, so that the first The block password round can be executed without accessing the key random access memory 1102. Once started, 49200536329 = constant: is the text block into at least one wheel to continue operation until the operator ..., as, as requested from the golden = Random Access Memory recorded in Shu 1〇2: Alloy taken back key. The Mimar unit 1100 performs a specified block cryptographic operation on a specified block. Even: lose: :: force zone !: can be loaded and stored through corresponding and continuous ::: execution, encryption or decryption. t—After the stored microinstruction is executed, if the output data of the accused (i.e. output, 0 < the output is not complete H 'at this time, the block password logic circuit generates a delayed signal when the output data is generated and is placed in-the corresponding The output of the temporary storage benefit " 〇9- " at 10 o'clock, the contents of the register 1109_111〇 is transferred to the storage bus u 丨 2. Now looking at FIG. 12, a block diagram illustrates the use of the An example of a block cipher logic circuit 1 2 GG that performs cryptographic operations on the order encryption standard. The block cipher logic circuit 1 2⑽ includes = over-confluence # 1211 — 1214 and bus 1216 — 1218 connected to the back. Engine controller 12 丨 〇 Round Engine 1 220. The Round Engine Control Line 1210 accesses a micro-instruction register 1201, a control word 疋 Temporary 1 202, a key—0 Temporary ι2 03, and a key 丄 2 Store state 1 204 to access the key data, micro-finger ▽ and parameters that indicate cryptographic operations. The contents of the input register ι205-120 are provided to 200536329 Round Engine 1 220 and Round Engine 1 220. Roll out text provided to output register 1 207-1 208 The output register 1 207-1 208 is connected to the round engine control state 1 21 0 through the bus 1216-121 7, in order to reassure that the round engine controller can access the result of each consecutive password round, which is through the bus NEXTIN 1218 provides the next round of ciphers to the round engine 122. The key of the golden access random access memory (not shown) is accessed through the bus 1 2 ^ 5. (ENC / DEC) encryption / decryption signal丨 211 instructs the round engine to use sub-transactions to perform encryption (such as S — B 0x) or decrypt (such as reversing S-Box). The content of the round count (RNDCON) bus 1212 drives the round engine 1 220 to execute a The first advanced encryption standard round, an intermediate advanced encryption standard round, or the last advanced encryption standard round. A single generation key (GENKEY) signal 1214 is used to privately turn the engine 1 220, according to the bus 丨 21 3 The provided key generates a key directory. When its corresponding round is executed, the gold bus 1 21 3 is provided to the round engine 1 2 2 0 for each round. The round engine 1 220 includes a connection to a Temporary register 0122 The first key xqr logic on 2 — the memory is connected to a logic circuit 12 and the second logic circuit 1223 is connected to the shift logic circuit 1 224. 200536329 The shift logic circuit 1 224 is connected to a second temporary storage Temporary register η 1 2 25. The second register 1 225 is connected to the mixed logic circuit 1 226, and the mixed logic circuit 1 226 is connected to a third temporary register 2 1 22 7. The first key logic circuits 1221, s-B0χ logic circuit 1 223, shift logic circuit 1 224, and block logic circuit 1226 in the advanced encryption standard ρ I ps discussed above are all in the input text. Perform sub-operations like their name on. The mixed column logic circuit 1 226 needs to pass the key bus 1213 during the middle round, and uses the alloy key to perform the advanced encryption standard X0R function on the input data. First Key Logic Circuit 1221, s — Logic Circuit 1 223, Shift Logic Circuit 1 224, and Mixed Logic Circuit 6 also use encryption / decryption-like bears 211 to perform their corresponding inversions during decryption. Advanced encryption standards. A person familiar with the technology understands that the intermediate block data is fed back to the round engine 1 220 according to the special block encryption mode specified by the content of the control character temporary 2 1/02. The initialization vector data (if required) is provided to the return bow 1 220 via the bus NEXXIN 1218. ° In the embodiment shown in Fig. 12, the round engine system is divided into: Stage · Temporary-〇1 222 and Temporary-1 1 225 is the first-and 'Temporary -1 1 225 and Temporary Cun-2 1 227 is the second stage 52 paragraph 200536329. The data of the middle round is synchronized with μ ## π # ~ guanidine Lb (not shown) and is transmitted linearly between stages. When the data field code is completed on an input data block, the relevant output data g Beco is stored in the corresponding output temporary cry 1 207-1 208. The execution of a micro-finger 7 ilU and 7 storage causes an internal load of a designated output register 1 207-1 208 to be provided to a storage bus (not shown). A method for protecting the state of a cryptographic parameter during an interrupt event according to the present invention is described in Fig. 13 flow chart. When the instruction stream is executed by the 't-microprocessor according to the present invention, the process starts at block 1302. The instruction flow is not—it must include a cryptographic instruction as described here. Subsequently, the process processes decision block 1 304. When judging block 13 04, an evaluation is made to determine whether an interrupt event (for example, maskable interrupt, non-maskable interrupt, page fault, task switching, etc.) A request has occurred to change the current finger 7 μ (interrupt handler '') to handle the interrupt event. If so, the process executes block 1 306. If it is not, the process loops at block 1 034, where the instruction will continue to execute until an interrupt event occurs. According to the present invention, at block 1306, because of an interrupt event, before the program control is handed over to the corresponding interrupt handler 53 200536329, the interrupt logic circuit instructs to clear the X bit in the flag register. . Clearing the X bit ensures that when returning from the interrupt handler, if-the block crypto operation is in progress, it indicates that at least one interrupt event has occurred, and the block of the input data block pointed to by the input index register contents Before cryptographic calculations continue, control character data and key data must be reloaded. The flow then proceeds to zone 1 308. At block 1 308 ', according to the present invention, all structural registers containing indicators and counters related to performing block cryptographic operations are stored in memory. Those skilled in the art understand that the 'storage register' is in the behavior of the data computing device before transferring the program control to the interrupt handler. Thus, the present invention utilizes the purpose of the pre-funded structure to provide transparency of execution throughout the interruption event. When the register is stored, the process proceeds to block ⑶. In block CDG, the program flow is transferred to interrupt processing and the flow proceeds to block 1 3 丨 2. At block 1312, the method is completed. Familiar with this solution, the method of Fig. 13 starts with the interruption processer 1302. -After returning, insert the block from the block and now refer to the figure "'Flowchart' again. According to the case of this interruption event, Qian Jianren's data area 54 200536329 will be executed on the block. Ma £ block string mode password The calculation method flow starts at block 1402, and the password operation is guided according to the male and code instructions, so that $ is opened in this series mode β in the Ma Yun ^ Use the password block: formula to start execution. The execution of the password can be- After the execution, it is returned to the interrupt handler which has been executed. The command. The process then proceeds to block 1404. Entering: 2 14 04 'According to the present invention, the data in the memory via-lose = temporary: ... the content points to. A block is loaded from the script and activated with a specified ㈣ present ... 疋 heart code is different. A specific input refers to a secret /// is calculated by a specified special password (for example, encrypt or decrypt a specified block password mode ( For example, ㈣, password block series, CFB, or 0 FB), or the table a soil y 1 μ) determined. For example, 'if-encryption operation 2 uses 0FB mode' then input for loading data Pointer register is pointed to memory-initial Vector register. If the -decryption operation uses ㈣ mode, then the input index register used to load the data is a register pointing to the next password block in the memory. Encryption operation, pointing down-the register of the Japanese and Japanese blocks will be used as the input index temporary storage 55 200536329, and the data block pointed by the initialization vector index register will be used to generate the corresponding cipher text area Block. If you specify a code block serial mode decryption operation, it points to the storage of the next ciphertext block: it will be used as the input indicator temporary storage n, and the data area pointed to by the mentalization vector indicator temporary storage device. The block is then used to generate the corresponding plaintext block. The process then proceeds to the judgment block [406].

在判斷d塊咖,-評估㈣來決定是否在_ 標諸暫存11中設置X位元。如果X位元被設置,即 表明目前依據本發明載入到一密碼單元的控制字元 :金鑰目錄是有效的。如果清除X位元,即表明目 :載入到密碼單元的控制字元和金鑰目錄係無效 、。如上述間接提到的那樣,參照圖13,當一次中 斷事件發生時,X办-P 中 才x位7°即被清掉。另外,如上提到 、那樣,當需要載入一- 個都必須載入時,在㈣或鑰目錄或兩In judging d block coffee, -evaluate ㈣ to decide whether to set the X bit in _ flags temporary storage 11. If the X bit is set, it means that the control character: key directory currently loaded into a cryptographic unit according to the present invention is valid. If the X bit is cleared, it means that the control character and key directory system loaded into the crypto unit is invalid. As mentioned indirectly above, referring to Fig. 13, when an interrupt event occurs, the x-bit in X office-P is cleared only by 7 °. In addition, as mentioned above, when you need to load one-both must be loaded, in the ㈣ or key directory or both

在發运进、碼指令之前即必須清掉 3() 在一使用X86旗標(EFLAGS)暫存器的第 個p凡的相容實施例中,通過執行-隨後有一 個POPFD指令的pus 更有 該項技術者了解,在^曰令清掉X位元。不過熟悉 必 /、他可置換實施例中其他指令 y頁被用來清掉χ / 70 °如果X位元被設置,流程 56 200536329 位元被清掉,流程即 將進行到區塊1412。如果該 進行到區塊14 0 8。 在區塊1408,由於一被潘略从 ^除的X位元已經表日; —·中斷事件已經發生,或者—個新控制字⑲/或金 鑰資料將被載入’因此一個控制_ 匕制予凡乃從記憶體處 載入。在—個實施例中’載人控制字元係阻止密石馬 早凡執行如上述區塊14〇4所述之指定密碼運算。在3 () must be cleared before the incoming and code instructions are dispatched. In a first compatible embodiment using the X86 flag (EFLAGS) register, execute-followed by a pus with a POPFD instruction. Those skilled in the art understand that X bit is cleared in ^ order. However, familiar with /, he can replace other instructions in the embodiment. The y page is used to clear χ / 70 ° If the X bit is set, the process 56 200536329 bit is cleared, and the process will proceed to block 1412. If that proceeds to block 14 0 8. In block 1408, since an X bit that was removed by Pan slightly from ^ has been listed; — · an interruption event has occurred, or — a new control word ⑲ / or key data will be loaded ', so a control_ dagger Controlling Fan is loaded from memory. In one embodiment, the manned control characters prevent Mi Shima from performing the specified cryptographic operations as described in block 1404 above. in

,個典型的實施例中,在區塊14G4裏啟動—密碼運 算’係允許通過假定利用目前载人的㈣字元和全 鑰資料對複數區塊密碼運算進行最佳化。因此,當 前輸入資料區塊乃被《入,而i密碼運算在檢查: 斷區塊2 406中X位元的狀況之前就已經開始。流程 接下來即進行到區塊1 41 〇。 在區塊1410’金鑰資料(即一金鑰或一完整的 金鑰目錄)係從記憶體被載入,另外,依據新載入⑩ 的控制字元及金鑰目錄,在區塊丨4〇4所提到的輸入 區塊及初始化向量(或等效初始化向量)係被再次 地載入並啟動密碼運算。流程接下來即進行到區塊 1412。 在區塊141 2,一評估被用來決定是否指定了一 密碼區塊串列加密運算或密碼區塊串列解密運算。 57 200536329 如果指定為加密,流程即進行到區塊〗42〇,如果指 定為解密,流程即進行到區塊1 41 4。 在區塊1 420,一相對應於該被載入輸入區塊 (明文)的輸出區塊(密文)係被產生。流程隨後進行 到區塊1 422。 在區塊1414,在區塊1404或區塊1410中载入 的輸入資料區塊(當前密文區塊)係被儲存到一内部 暫存裔TEMP。流程然後進行到區塊141 6。 在區塊1416,一相對應於被載入輸入區塊(密 文)的輸出區塊(明文)係被產生。流程隨後處理區塊 1418。 在區塊1418,内部暫存器TEMp (當前的密文 區塊)的内容係被寫給初始化向量指標暫存器内容 所指向的記憶體位置,以便一後續密文區塊的解 密,並將使用密文的當前區塊作為一等量的初始化 向量。流程然後進行到區塊1422。 區塊1414、1416及1418内所描述的步驟被要 求保證在一個狀態,其係允許使用密碼區塊串列模 式所執行的一密碼指令隨時被打斷。例如,在一實 施例中’-錯頁在-密碼指令的執行期間係可在任 —點發生。 58 200536329 在區塊1 422,產生的輸出區塊係被儲存到記憶 體。流程然後進行到區塊丨424。 在區塊1424,輸入和輸出區塊指標暫存器的内 谷被修改成指向下一個輸入和輸出資料區塊。另 外,區塊計數暫存器的内容係被修改成表明在當前 輸入資料區塊上密碼運算的完成。在圖14所討論的 貫施例中,區塊計數暫存器是遞減的。不過熟悉該 項技術者了解,可置換實施例使用區塊計數暫存器 内容之運算和測試,以容許輸入文字區塊管線化執 行。流程隨後進行判斷區塊丨426。 在判斷區塊1426, 一評估被用以決定是否一個 輸入資料區塊待被執行。在這裏描述的實施例中, 為說明性的目的,區塊計數器用以決定它是否等於 零。如果沒有區塊待被執行,流程即進行到區塊 1430。如果一區塊待被執行,流程乃開始進行區塊 1 428。 在區塊1428’當經由輸入指標暫存器的内容指 向時,輸入資料的下一區乃被載入。流程然後處理 區塊141 2。 在區塊14 3 0 ’完成方法。 熟悉該項技術之人希望區塊1416、1418、142〇 59 200536329 、1 4 2 2及1 4 2 4所讨論的步驟能沿著他們的特殊斧 動路徑,以不同的次序發生或者他們能並行發生。 雖然已詳細描述本發明和它的目標、特徵和優 勢’但是其他實施例也應被本發明所涵蓋。例如, 本發明對與x86體系相容的實施例已經進行了詳細 討論。但是,這樣的討論方式,是因為χ86體系被 廣泛地理解,因此提供一充足的手段以學習本發 月本發明仍然包括諸如PowerPC 、MIPS及其類 似者的其他指令集架構以及其他完全是新的指令集 架構相適應的實施例。 本發明尚包含在一計算系統元件中而非在該 微處理器本身中密碼運算的執行。例如,依據本發 =、碼指令能容易地在—密碼單元實施例中使用, 非像μ處理器内的積體電路那樣必須作為電腦 系統一部分传用。 . 預功本發明的實施例將被集成到 一微處理器周圍的一 又j 或者作為執— 曰曰片、、且(例如,北橋、南橋) 令係從-個主微處心交^處理’,在此㈣指 應用於喪入式""…處理器。預計本發明將 陣列處理哭和用於:、工業控制器、信號處理器、 也包括在這裏所二理資料的其他設備中。本發明 田述執行密碼運算所必須的元件組 200536329 成的實施例。這樣的—個 内的一加密/解密處理哭,=作為在一個通信系統 功率的選擇以執行密碼 ’、-成本、低 口雙#。為明確起 提及的這些可選擇處理元 χ月 糸上面所述之處理哭。 另外,儘管本發明係以m 述,但是只需改變輪入次乜 兀·^塊加以描 而文欠輪入貧料、輪 制字元暫存器的大小就可以告银 土鑰和& 尤了以只現不同的區塊大小。 準、:二數據加密標準、三重數據加密標 料加密標準在本發明中有詳細的描 :,本發明指出也包括較少人熟知的區塊密碼㈣ 法’諸如刪密碼演算法、RUndaei 二 一⑽密碼演算法、Blowfish密碼演算法' ㈣如密碼演算法和⑽密碼演算法。本發明提 供指,的區塊密碼裝置並且在—個微處理器内支援 。。套實現的方法’在微區塊密碼運算可以通過 單獨指令的執行被引動。 〃 此夕卜$然本發明按照區塊密碼演算法,以及 立行區塊遂碼功能的相關技術進行了描述,值得 注意本發明完全包括除了區塊密碼以外的其他密= 形式。提供—條單獨指令,憑使用者能指示—相容 的嘁處理器進行一密碼運算諸如加密或者解密,在 61 200536329 此微處理器包括一個指定的密碼單元,指定的密碼 單元通過指令電路完成被指定的密碼功能。 而且,這裏關於回合引擎的討論提供—個2階 奴的裝置,廷樣兩輸入資料區塊就可以管線化執 仃。發明人指出其他的實施例可能多於2個階段。 預期更多輸入資料區塊的管線階段劃分乃係與—相 稱微處理器内的其他階段是一致的。In a typical embodiment, starting in block 14G4-Cryptographic Operation 'allows optimization of complex block cryptographic operations by assuming the use of currently carried human characters and full-key data. Therefore, the current input data block is entered, and the i-cipher operation is started before checking: the state of the X bit in block 2 406. The flow then proceeds to block 1 41 0. In block 1410 ', the key data (that is, a key or a complete key directory) is loaded from memory. In addition, according to the newly loaded control characters and key directory, in block 丨 4 The input block and initialization vector (or equivalent initialization vector) mentioned in 〇4 are loaded again and the cryptographic operation is started. The flow then proceeds to block 1412. In block 1412, an evaluation is used to determine whether a cryptographic block serial encryption operation or a cryptographic block serial decryption operation is specified. 57 200536329 If designated as encryption, the process proceeds to block 〖42〇, if designated as decryption, the process proceeds to block 1 41 4. At block 1 420, an output block (ciphertext) corresponding to the loaded input block (plaintext) is generated. The process then proceeds to block 1 422. In block 1414, the input data block (current ciphertext block) loaded in block 1404 or block 1410 is stored in an internal temporary source TEMP. The process then proceeds to block 141 6. At block 1416, an output block (plaintext) corresponding to the input block (ciphertext) is generated. The process then processes block 1418. In block 1418, the content of the internal register TEMp (the current ciphertext block) is written to the memory location pointed to by the initialization vector index register content to decrypt a subsequent ciphertext block, and Use the current block of the ciphertext as an equivalent initialization vector. The process then proceeds to block 1422. The steps described in blocks 1414, 1416, and 1418 are required to be guaranteed to be in a state that allows a cryptographic instruction executed using the cryptoblock serial mode to be interrupted at any time. For example, in one embodiment, the '-wrong page during-the execution of the password instruction may occur at any point. 58 200536329 In block 1 422, the output block generated is stored in memory. The process then proceeds to block 424. In block 1424, the valleys of the input and output block indicator registers are modified to point to the next input and output data block. In addition, the contents of the block count register are modified to indicate the completion of the cryptographic operation on the current input data block. In the embodiment discussed in FIG. 14, the block count register is decremented. However, those skilled in the art understand that alternative embodiments use block counting registers to perform calculations and tests to allow pipelined execution of input text blocks. The process then proceeds to decision block 426. In decision block 1426, an evaluation is used to determine whether an input data block is to be executed. In the embodiment described here, for illustrative purposes, the block counter is used to determine whether it is equal to zero. If there are no blocks to be executed, the process proceeds to block 1430. If a block is to be executed, the process starts at block 1 428. In block 1428 ', when the content is pointed through the input indicator register, the next area of the input data is loaded. The process then processes block 141 2. The method is completed at block 14 3 0 ′. Those who are familiar with this technology hope that the steps discussed in blocks 1416, 1418, 142059 200536329, 1 4 2 2 and 1 4 2 4 can occur along their special axe path in different orders or they can be parallel occur. Although the present invention and its objects, features, and advantages' have been described in detail, other embodiments should also be covered by the present invention. For example, the present invention has discussed in detail the embodiments compatible with the x86 system. However, this way of discussion is because the χ86 system is widely understood, so it provides ample means to learn this month. The invention still includes other instruction set architectures such as PowerPC, MIPS, and the like, and others are completely new. The instruction set architecture is adapted to the embodiment. The invention also encompasses the execution of cryptographic operations in a computing system element rather than in the microprocessor itself. For example, according to the present invention, the code instruction can be easily used in the embodiment of the crypto unit, instead of being used as a part of the computer system like the integrated circuit in the μ processor. The pre-powered embodiment of the present invention will be integrated into a microprocessor around the microprocessor or as an executive — say film, and (for example, North Bridge, South Bridge) order from the master to the heart ^ processing ', Here refers to the application to the funnel " " processor. It is expected that the present invention will use array processing and: industrial controllers, signal processors, and other devices that are also included here. The present invention describes an embodiment of a group of components 200536329 necessary for performing cryptographic operations. Such an encryption / decryption process is crying, as a power option in a communication system to perform cryptography, 'cost, low-port double #. In order to clarify the mentioned optional processing element 月 月 哭 cry as described above. In addition, although the present invention is described in m, it is only necessary to change the number of rounds to be described. The text owes to the rounds, the size of the rounded character register, and the silver key and & In particular, only different block sizes are present. The two-data encryption standard and three-data encryption standard encryption standard are described in detail in the present invention. The present invention also includes the less-known block cipher methods, such as the delete password algorithm and RUndaei 21 ⑽Cryptographic Algorithms, Blowfish Cryptographic Algorithms', such as cryptographic algorithms and ⑽cryptographic algorithms. The present invention provides a block cipher device and supports it in a microprocessor. . The set of implementation methods' cryptographic operations in microblocks can be triggered by the execution of separate instructions. 〃 Now, the present invention has been described in accordance with the block cipher algorithm and the related technology of performing block code execution. It is worth noting that the present invention completely includes other forms other than block ciphers. Provides a single instruction, which can be instructed by the user. A compatible 嘁 processor performs a cryptographic operation such as encryption or decryption. At 61 200536329, this microprocessor includes a designated cryptographic unit. The designated cryptographic unit is completed by the instruction circuit. Specified password function. Moreover, the discussion of the round engine here provides a 2-level slave device, and the two input data blocks can be executed in a pipelined manner. The inventors point out that other embodiments may have more than 2 stages. It is expected that the pipeline phase division of more input data blocks is consistent with the other phases in the symmetric microprocessor.

最後,雖然本發明作為一支援數區塊密碼演算 法之單獨密碼單元已加以討論,本發明也包括提供 和在一相容微處理器中的其他執行單元並行連接的 數個密碼單元,在此,這些密碼單元中的每一個係 用以執行一特定的區塊密碼演算 單元配置成進階加密標準,一第 據加密標準等等。 法。例如,一第一 二單元則配置成數 熟悉該項技術者應了解易使用揭示明確的概 # 念和實施例’以作為完成本發明的目的基礎設計或 者修改其他結構,而依此所進行之各種改變、替代 和變化係均未脫離本發明中請專利範圍所界定之精 神及範圍。 【圖式簡單說明】 62 200536329 圖1係說明當前密碼庫 立 1馮用之不意圖。 圖2係描述執行密碼 密碼運算的微 斤筏術之示意圖。 圖3係揭示依據本發明用以執行 處理器裝置之示意圖。 圖4係揭示依據本發 示意圖 明一微密碼指令實 施例之 說明典型區塊密 圖5係依據圖4的微密碼指令 碼模式的數值表。 個x86相容微 圖6係詳細描述依據本發明在一 處理器内密碼單元之方塊圖。 圖7係說明在圖6之微處理器内_ 曾aa * Μ執仃密碼子運 ^的典型微指令的示意圖。 圖8係根據圖7的格式說明—载人微指令暫存 口口攔位的數值表。 圖9係根據圖7的格式揭示一儲存微指令暫存 口。攔位的數值表。 碼 圖10係依據本發明用以規定密碼運算之密 參數的典型控制字格式圖。 1X4 圖 圖11係依據本發明密碼單元詳細描述之方塊 圖12係依據本發明說明一種區塊密碼邏輯電 63 200536329 路實施例之方塊圖 運算。 使按照進階加密標準執行密碼 圖1 3係依據本發明描述在一中斷事件中用以 查看密碼參數狀態方法之流程圖。 圖14係依據本發明描述在至少-個中斷事件 下於數輸入資料區塊中完成特 宗踩、$ μ ^ X行疋么碼&塊串列模式 么碼運异之方法的流程圖。 主要 元件符號說明】 100 方塊圖 102 第二電腦工作站 104 筆記本電腦 106 網路檔儲存設備 108 無線網路由器 110 廣域網路 112 加密/解密應用程式 201 微處理器 203 應用記憶體 205 金鑰目錄 207 區塊解密程式 209 密碼參數 101第一電腦工作站 103第三電腦工作站 105 區域網路 107第一路由器 109 無線網路 111 第二路由器 200 方塊圖 202作業系統 204 密瑪金錄產生程式 206 區塊加密程式 208 初始化向量 210 明文區塊Finally, although the present invention has been discussed as a separate cryptographic unit supporting a multi-block cryptographic algorithm, the present invention also includes providing a number of cryptographic units connected in parallel with other execution units in a compatible microprocessor. Each of these cryptographic units is used to execute a specific block cryptographic calculation unit configured as an advanced encryption standard, a data encryption standard, and so on. law. For example, the first and second units are configured so that those familiar with the technology should understand the easy-to-use and reveal clear concepts and embodiments to serve as the basis for completing the purpose of the present invention or to modify other structures, and perform various operations based on this. Changes, substitutions, and alterations do not depart from the spirit and scope defined by the scope of the patents claimed in the present invention. [Schematic description] 62 200536329 Figure 1 shows the current password library Li Feng uses it intentionally. FIG. 2 is a schematic diagram describing a micro-rapping technique for performing cryptographic cryptographic operations. FIG. 3 is a schematic diagram illustrating a processor device for executing a processor according to the present invention. FIG. 4 is a schematic diagram illustrating a micro-crypto instruction embodiment according to the present invention. FIG. 5 is a numerical table of a micro-crypto instruction code pattern according to FIG. 4. Fig. 6 is a block diagram detailing a cryptographic unit in a processor according to the present invention. FIG. 7 is a schematic diagram illustrating a typical microinstruction that performs a codon operation in the microprocessor of FIG. 6. Figure 8 is a numerical description based on the format shown in Figure 7—the man-made micro-instruction temporary buffer port table. FIG. 9 is a diagram illustrating a micro-instruction temporary storage port according to the format of FIG. 7. Table of values of the stop. Code Figure 10 is a diagram of a typical control word format used to specify cryptographic parameters for cryptographic operations in accordance with the present invention. 1X4 Fig. 11 is a detailed block diagram of a cryptographic unit according to the present invention. Fig. 12 is a block diagram of a block cryptographic logic operation according to the present invention. Encryption is performed according to the advanced encryption standard. Fig. 13 is a flowchart illustrating a method for viewing the state of a password parameter in an interrupt event according to the present invention. Fig. 14 is a flow chart describing a method for completing a special step, $ μ ^^ X line code, and block cascade mode in the input data block under at least one interrupt event according to the present invention. Key component symbols] 100 Block diagram 102 Second computer workstation 104 Notebook 106 Network file storage device 108 Wireless router 110 Wide area network 112 Encryption / decryption application 201 Microprocessor 203 Application memory 205 Key directory 207 Block Decryption program 209 Password parameters 101 First computer workstation 103 Third computer workstation 105 Local area network 107 First router 109 Wireless network 111 Second router 200 Block diagram 202 Operating system 204 Mima Golden Record generation program 206 Block encryption program 208 Initialization vector 210 plaintext block

64 200536329 211 密文區塊 301 微處理器 303 轉譯邏輯電路 305、 306 微指令入口 308-313 暫存器 314 載入邏輯電路 316 密碼單元 318 寫回邏輯電路 320 作業系統 322 密碼指令 324 初始金输或金餘目錄 326 輸入文字區塊 328 執行邏輯電路 401 可選擇性前置欄位 403 運算碼欄位 500 表 601 擷取邏輯電路 603 轉譯器 605 暫存器階段 607 載入階段 609 微指令佇列 方塊圖 指令暫存器 微指令佇列 暫存器組 資料快取 儲存邏輯電路 記憶體匯流排 _ 糸統記憶體 初始控制字元 初始化向量 輸出文字區塊 微密碼指令 重複前置欄位 區塊密碼模式欄位 儀 x86相容微處理器 轉譯邏輯電路 微碼唯讀記憶體 定址階段 執行階段 整數單元 65 200536329 611 微指令佇列 612 浮點單元 613 微指令佇列 614 多媒體延伸集單元 615 微指令佇列 616 串流延伸集單元 617 密碼單元 618 儲存階段 619 寫回階段 620 載入匯流排 621 延遲信號 622 儲存匯流排 624 旗標暫存器 625 X位元 626 中斷邏輯電路 627 軟體及硬體中斷信號 628 機器特定暫存器 629 E位元 630 特性控制暫存器 631 D位元 632 執行邏輯電路 640 密碼區塊串列區塊指標 邏輯電路 700 微指令 701 微運算碼欄位 702 資料暫存器欄位 703 暫存器欄位 704 貢料搁位 800 表 900 表 1000 控制字元格式 1001 保留欄位 1002 金鑰大小欄位 1003 加密/解密欄位 1004 中間結果欄位 1005 金錄產生欄位 1006 演算法欄位 1007 回合計數欄位 1100 密碼單元 1101 區塊密碼邏輯電路 1102 金鑰隨機存取記憶體64 200536329 211 Ciphertext block 301 Microprocessor 303 Translation logic circuit 305, 306 Microinstruction entry 308-313 Register 314 Load logic circuit 316 Password unit 318 Write back to logic circuit 320 Operating system 322 Password instruction 324 Initial gold loss Or Jinyu directory 326 input text block 328 execution logic circuit 401 optional optional field 403 operation code field 500 table 601 fetch logic circuit 603 translator 605 register stage 607 loading stage 609 micro instruction queue Block diagram instruction register micro instruction queue register group data cache storage logic circuit memory bus _ system memory initial control character initialization vector output text block micro password instruction repeat front field block password Mode field instrument x86 compatible microprocessor translation logic circuit microcode read-only memory addressing stage execution stage integer unit 65 200536329 611 microinstruction queue 612 floating point unit 613 microinstruction queue 614 multimedia extension set unit 615 microinstruction Column 616 Stream extension set unit 617 Password unit 618 Storage stage 619 Write back Segment 620 Loading bus 621 Delay signal 622 Storage bus 624 Flag register 625 X-bit 626 Interrupt logic circuit 627 Software and hardware interrupt signal 628 Machine-specific register 629 E-bit 630 Feature control register 631 D bit 632 execution logic circuit 640 password block serial block index logic circuit 700 micro instruction 701 micro operation code field 702 data register field 703 register field 704 tribute place 800 table 900 table 1000 control character format 1001 reserved field 1002 key size field 1003 encryption / decryption field 1004 intermediate result field 1005 gold record generation field 1006 algorithm field 1007 round count field 1100 password unit 1101 block password Logic Circuit 1102 Key Random Access Memory

66 200536329 1103微編碼暫存器 1105輸入-0暫存器 1107金鑰-0暫存器 1109輸出-0暫存器 1111載入匯流排 1113延遲信號 1200區塊密碼邏輯電路 1202控制字元暫存器 1204 key-1暫存器 1205-1206輸入暫存器 1210回合引擎控制器 1216-1218匯流排 1220回合引擎 1222第一暫存器暫存-0 1224移列邏輯電路 1226混欄邏輯電路 1302區塊 1306區塊 1310區塊 1402區塊 1406判斷區塊 1104控制字元暫存器 1106輸入-1暫存器 1108金鑰-1暫存器 1110輸出-1暫存器 1112儲存匯流排 1114微指令匯流排 1201微指令暫存器 1203金鑰-0暫存器 春 1207-1208輸出暫存器 1211-1214匯流排 1221第一金鑰XOR邏輯電路 1223 S-Box邏輯電路 1225第二暫存器暫存-1 _ 1227第三暫存器暫存-2 1304判斷區塊 1308區塊 1312區塊 1404區塊 1408區塊 67 200536329 1410區塊 1414區塊 1418區塊 1422區塊 1428區塊 1412區塊 1416區塊 1420區塊 1426判斷區塊 1430區塊66 200536329 1103 microcode register 1105 input-0 register 1107 key-0 register 1109 output-0 register 1111 loading bus 1113 delay signal 1200 block password logic circuit 1202 control character temporary storage Register 1204 key-1 register 1205-1206 input register 1210 round engine controller 1216-1218 bus 1220 round engine 1222 first register temporary-0 1224 shift logic circuit 1226 mixed column logic circuit 1302 area Block 1306 Block 1310 Block 1402 Block 1406 Judgment Block 1104 Control Character Register 1106 Input-1 Register 1108 Key-1 Register 1110 Output-1 Register 1112 Store Bus 1114 Microinstruction Bus 1201 micro-instruction register 1203 key-0 register spring 1207-1208 output register 1211-1214 bus 1221 first key XOR logic circuit 1223 S-Box logic circuit 1225 second register temporary Store -1 _ 1227 third register temporary store-2 1304 judgment block 1308 block 1312 block 1404 block 1408 block 67 200536329 1410 block 1414 block 1418 block 1422 block 1428 block 1412 block 1416 block 1420 block 1426 judgment block 1430 block

6868

Claims (1)

200536329 十、申請專利範圍: 1 · 一種用以執行密碼運算的裝置,係包人 一 :=ί電路,其產生係由-計“備所接 ,之一役碼指♦,該密碼#令係作為在該 :以執行之指令流的一部分,該密碼指 三係扣疋該些密碼運算之一且其中 密碼運算係包含: Α 在:相對應複數個輸入文字區土 鬼上執行複 數個區塊密碼串列區塊密碼運算;200536329 X. Scope of patent application: 1 · A device for performing cryptographic operations, including the first one: = ί circuit, the generation of which is connected to the -by "device, one of the service code refers to ♦, the password # 令 系 为In this: part of the instruction flow to be executed, the password refers to one of the three series of cryptographic operations and the cryptographic operation system contains: Α executes a plurality of block passwords on the corresponding ghosts in the input text area Serial block password operation; 一區塊密碼串列區塊指標邏輯電ς ’,且係 1接f該密碼指令電路,用以驅動該計 j故備,以更新複數個指標暫存器和每 個忒些區塊密瑪串列區塊密碼運算的 複數個中間結果;以及 一于邏輯電路,其係被連接到該區塊密 ,串列區塊指標邏輯電路,用以執行指 疋之該密碼運算。A block password is in series with the block indicator logic, and is connected to the password instruction circuit to drive the countermeasures to update the multiple index registers and each block's dense memory. A plurality of intermediate results of the serial block cryptographic operation; and a logic circuit which is connected to the block secret and a serial block index logic circuit for performing the cryptographic operation referred to. 丨·如申請專利範圍第丨項所述 該密碼運算進一步包含:J戒置/、中扣疋之 一=二串列模式加密運算,其運算包含加 塊,以產生相對應的複數個 .如申請專利範圍第1項所述 甘士 & + 該密碼運算進-步包含貝所边的装置,其中指定之 :t列模式解密運算,其運算包含解 您文區塊,以產生相對應的複數個 69 200536329 4. 如申請專利範圍第1項所述巢 密碼運算係根據進階加密標準、、宫嘗;定之該 5. 如申請專利範圍第j項所述的;=一 指定用以執行指定之該密碼;,^狁碼指令 列模式。 建斤的一岔碼區塊串 6. 如申請專利範圍第丨項所述 -位元儲存器,其儲存一 m進-步包含: 邏輯電路,該位元俜用^連接到邊執行 運瞀a不。、士位:係用从表明指定之該密碼 運异疋否已被一中斷事件打斷。 圍f6項所述的裳置,其中該位元 暫存為係位於一旗標暫存器中。 几 8. :申請專利範圍第6項所述的裝置,其中該 包含=移程式控制到一處理該中斷事‘的= 二:’且八中在當前輸入文字區塊 的執行係被中斷。 1 ^ # 9. 如申請專利範圍第8項所述的裝置,其中告 式控制返回該密碼指令時,指宗 二 主 ^ ^ ^ ^ X 才曰疋之該密碼運算係 在邊s刖輸入文字區塊中被執行者。 10如申請專利範圍第i項所述的裝置,其中在每一 ,相對應該些輪入文字區塊上的每一個該些密碼 ,塊串列區塊密碼運算完成日夺,指定之該密碼區 h串列區塊指標邏輯電路係指引該計算設備,'、來 ,改該指標暫存器,以指向下一個輸入和 字區塊。 又 1 ^如^申請專利範圍第1項所述的裝置,其中指定之 該密碼區塊串列區塊指標邏輯電路指引該計算設 備以將g如的輸出文字區塊儲存到經由一勃始 200536329 化向量暫存器之内容所指向的記 12.如申請專利範圍第丨項所述的裝“-,置處。 事件係包含一中斷、一異常、— /、中该中斷 切換。 錯頁、或一任務 1 3 ·如申請專利範圍第丨項所述的裝 指令係依據X86指令格式所規定' ,/、中該密碼 14 ·如申請專利範圍第1項所述的穿置复 指令』步及到在該計算設備中的複數個暫口密碼 15.如申請專利範圍第14項所述 暫存裔。 暫存器係包含: x置’其中該些 一第一暫存器,其中該第—暫在 -指向第-記憶體位址的第!;:,容包含 記憶體位址指定了在記憶體中V—第亥 置’俾在指定之該密碼運曾趑、第一位 該些輸入文字區塊。斤將被完成時存取 16暫如//Λ利範圍第14項料的裝置,其中該些 -第二暫:器’其令該第二暫存器 才曰向-弟二記憶體位址的—第二指標,^ ^己憶體位址指定在該記憶體中的第二' 置以保存相對應的複數個輸出文字區 ;對應的複數個輸出文字區塊係在複數 L入的文:果…完成指定之該密碼運ί: π暫如存^專含利範圍第14項所述的裝置,其中該些 -第三暫存器’其中該第三暫存器的内容係表 71 200536329 明在複數個輸入文字區塊内複數個文字區 塊。 1 8 ·如申請專利範圍第14項所述的骏置,其中該些 暫存器包含: 〇 一 一第四暫存器,其中該第四暫存器的内容包含 指向一第三記憶體位址的一第三指標,該第 二圮憶體位址係指定一在記憶體中的第三 4置以供用來完成#日疋之該密碼運算所使 用之密碼金鑰資料的存取。 # 19勒如申請專利範圍第14項所述的 暫存器包含: 一 Τ ΘI 一第一t暫存器,其中該第五暫存器的内容包含 一才曰向一第四記憶體位址的第四 :;己憶體位址係指定-在記憶體 =置’以供用來完成指定之該密碼運 用之一初始化向量的存取。 开斤使 ^如申請專利範圍第14項所述的 暫存器包含: 置其中該些 一第六暫存器,其中該第六暫存哭 指向-第五記憶體位址的—第;2内容包含 】記憶體位址指定一在記4五曰:第:第 置,以供用來完成指定之該密碼五位 之控制字元的存取,其中該控制了使用 之該密碼運算的複數個密碼表备70為指定 •如申請專利範圍第丨項所述f 且 邏輯電路包含: 97衷置,其中該執行 碼單元,其係在每-該些輪入文字 區塊 72 200536329 土=數個密碼回合,以在每一該 塊,該此宓瑪门人危丄 輸出文子區 22. 之一栌:二馬回5係由與該密碼單元相作用 ^ 控制子7C所指定。 ^用以;執行密瑪運算的裝置,包含: 在。又備内的密碼單元,以 碼運算的指令流内執m“ 指人的# ^ ^ u u應到接收一密碼 知7的该些密碼運算之—, 碼運算係包含: ,、中扣疋之该岔 在一相對應複數個輸入文字區塊上 個密碼區塊串列區塊密碼運瞀及 密石1=串單列區塊指標邏輯電二其係連接到 運算的中ΐ結果“碼區塊串列區塊密碼 23.如申請專利範圍第22 斷事件使得一程式控制轉移m,其中-中 66妒斗、a W工市j轉移到一處理該中斷事侔 =耘式^,且其中斷在當前輸入文 疋之該密碼運算的執行。 兒之中才曰 24·如申請專利範圍第23項所述的苴卷^ 程式控制返回到該密碼指令時: ;田攸 算即在該當前輸入文字區塊】執广…運 •如申請專利範圍第22項所述的裝置, 複數個輸入文字區塊上的每 „區塊密碼運算完成時,指定之該密二 來修改該指標暫存计鼻設備, 节仔,以扣向下一個輸入和輸出 73 200536329 文子區塊。 26:/Λ專:「範”22項所述的裝置,其中該密 =二列區二咖邏輯電路係指引該計算設 化“3:^前輸出文字區塊到一經由〆初始 匕向1暫存益所指向的記憶體位置。 :如申請專利範圍第22項所 28碼—指令係依據χ86指令格式所規^置 含-:種在-設備t執行密碼運算的方法,該方法包 執:r:些ΐ碼運算之一,以回應至接收-密碼 、:二’,、中該密碼指令係指示指定之該密碼 ’該執行包括在一相對應的複數個輪入 文子區塊上執行複數個密碼區塊 塊運算;及 j姨式區 向量位置 上,使得 异之一使 初始化向 更包含: 一中斷事 5亥密碼運 更包含: 1令時,在 把一當前輸入文字區塊寫到一初始化 處,以便在下一該些輸入文字區塊 下一該些密碼區塊串列模式區塊運 用該當前輸入文字區塊,作為_個 量的等效物。 29·如申請專利範圍第28項所述的方法, 轉移程式控制到一程式流,用以處理 件;及 中斷在該當前輸入文字區塊上指定之 算的執行。 3〇·如申請專利範圍第29項所述的方法, 在從程式控制返回到該轉移後之密碼才丨 该當前輸入文字區塊上進行該執行。 74 200536329 3 1 ·如申請專利範圍第28項所述的方法,其中該接 收包含:依據X 8 6指令格式所規定的該密碼指 令。 3 2.如申請專利範圍第28項所述的方法,其中該接 收包含:指定一密碼區塊串列模式解密運算,以 作為指定之該密碼運算。 33. 如申請專利範圍第28項所述的方法,其中該執 行包含:依據進階加密標準演算法完成指定之該 密碼運算。 34. 如申請專利範圍第28項所述的方法,其中該接 _ 收包含:在該密碼指令内指定一種用以完成指定 之該密碼運算的密碼區塊串列模式。丨 · The cryptographic operation described in item 丨 of the scope of patent application further includes: J or one of the middle / deduction == two-string mode encryption operation, whose operation includes adding blocks to generate corresponding plurals. Gans & described in item 1 of the scope of patent application + This cryptographic operation further includes a device on the side of Besso, which specifies: t column mode decryption operation, whose operation includes deciphering your text block to generate the corresponding Plural 69 200536329 4. As described in item 1 of the scope of patent application, the nest cipher operation is based on the advanced encryption standard, and it is fixed; 5. As described in item j of the scope of patent application; = a designation for execution Specify the password ;, ^ 狁 code command line mode. One-pronged code block string of the built-in 6. As described in item 丨 of the patent application-bit memory, which stores one m step-contains: logic circuit, the bit is connected to the side with ^ to perform operation a no. , The position: the use of the specified password to indicate whether the operation has been interrupted by an interruption event. The dress set according to item f6, wherein the bit is temporarily stored in a flag register. 8 .: The device described in item 6 of the scope of patent application, wherein the method includes: shifting program control to a process that handles the interruption '== 2 ::' and the execution system of the eighth middle in the current input text block is interrupted. 1 ^ # 9. The device as described in item 8 of the scope of patent application, wherein when the notification control returns the password instruction, it refers to the two main masters ^ ^ ^ ^ X The password calculation is performed on the side s 刖 input text area The executor in the block. 10 The device according to item i in the scope of patent application, wherein in each of them, corresponding to each of the passwords on the rounded text block, block serial block password operation completion date is designated, and the password area is designated The h serial block index logic circuit directs the computing device, ',,, and changes the index register to point to the next input and word block. The device described in item 1 of the scope of patent application, wherein the designated cryptographic block serial block index logic circuit instructs the computing device to store the output text block of gru through a erection 200536329 The contents of the register of the vectorization register point to "12." as described in Item 丨 of the scope of the patent application. The event includes an interrupt, an exception,-/, the interrupt switch. Error page, Or a task 1 3 · The installation instructions described in item 丨 of the scope of patent application are based on the X86 instruction format ', /, the password 14 · Step through the multiple instructions in the scope of patent application "step 1 And the plurality of temporary passwords in the computing device 15. The temporary storage is as described in item 14 of the scope of patent application. The temporary storage device includes: x set 'of these first temporary storage devices, wherein the first —Temporarily-points to the first of the-memory address!;:, Contains the memory address specified in the memory V-the first set of 'password' in the specified password, the first input text Block. Jin will be accessed when finished 16 temporarily as // Λ 利范The device of item 14, wherein the -second temporary: device, which causes the second temporary register to be the second index of the memory address of the second brother, and the second memory address is specified in the memory The second 'in the body is used to save the corresponding output text areas; the corresponding output text blocks are in the input text of plural L: fruit ... to complete the specified password operation: π The device according to item 14 of the scope of interest, wherein the third register, wherein the content of the third register is shown in Table 71 200536329, which is a plurality of text blocks within a plurality of input text blocks. 1 8 · As described in item 14 of the scope of patent application, wherein the registers include: 〇 a fourth register, wherein the content of the fourth register includes a pointer to a third memory address A third indicator, the second memory address designates a third 4th position in the memory for accessing the cryptographic key data used for the cryptographic operation of # 日 疋. # 19 勒 如The register described in item 14 of the scope of patent application includes: one T ΘI one first t temporary storage , Where the content of the fifth register includes a fourth to a fourth memory address :; the memory address is designated-in memory = set 'for one of the specified password applications The access of the initialization vector. The register as described in item 14 of the scope of the patent application includes: placing one of these sixth registers, wherein the sixth temporary memory points to the fifth memory address. -The content of 2 contains the memory address designation in the 4th and 5th: the first: the first position, used to complete the specified five-digit control character access to the password, which controls the use of the password A plurality of password tables for operation are designated 70. As described in item 丨 of the scope of patent application, f and the logic circuit includes: 97, where the execution code unit is in each-to-the-round text block 72 200536329 Soil = several cipher rounds, in each block, the Mamen are critically outputting text sub-area 22. One of the two: Ermahui 5 is designated by the interaction with the cipher unit ^ Control sub 7C. ^ A device for performing a Mima operation, including: in. The password unit in the device also executes m ”in the instruction stream of code operation. Refers to # ^ ^ uu of a person who should receive a password to know 7—the code operation system includes: This fork corresponds to a plurality of input text blocks, the previous password block is in series, the block password is in operation, and the dense stone is 1 = the single-row block indicator is logical, and it is connected to the middle of the operation. Serial block password 23. If the 22nd fault event in the scope of the patent application makes a program control transfer m, where -zhong 66 doudou, a W industry j transfer to a process to handle the interruption 侔 = Yun type ^, and its interruption The execution of the cryptographic operation in the currently entered text. When you return to the password instruction as described in item 23 of the scope of patent application ^ Program control returns to the password instruction:; Tian Youshu will be in the current input text block. In the device described in item 22 of the range, when each „block password operation on a plurality of input text blocks is completed, the secret number is specified to modify the indicator temporarily storing the nose counting device, and it is necessary to deduct the next input. And output 73 200536329 text sub-blocks. 26: / ΛSpecial: The device described in "Fan" Item 22, where the secret = second column second coffee logic circuit directs the calculation to set the output text block before "3: ^". To the memory location pointed to by the initial storage of the temporary storage benefit 1 through the initial dagger .: As in the 28th code of the 22nd patent application range—the instruction is based on the χ86 instruction format. A method of operation, the method includes: r: one of some code operations in response to the receive-password,: two ', where the password instruction indicates that the password is specified' the execution includes a corresponding plural Multiple password block blocks on each round of sub-blocks Operations; and the position of the aunt-style area vector, so that the other one makes the initialization more inclusive: an interruption of the 5 password operation includes: 1 command, write a current input text block to an initialization, so that At the next input text blocks, the next password block serial mode block uses the current input text block as an equivalent of _ amount. 29. Method as described in item 28 of the scope of patent application Transfer program control to a program flow for processing pieces; and interrupt the execution of the calculation specified on the current input text block. 30. The method described in item 29 of the scope of patent application, returns from program control It is not until the transfer of the password that the execution is performed on the current input text block. 74 200536329 3 1 · The method described in item 28 of the scope of patent application, wherein the receiving includes: according to the X 8 6 instruction format The cryptographic instruction. 3 2. The method according to item 28 of the scope of patent application, wherein the receiving includes: specifying a cryptographic block serial mode decryption operation as the designated cryptographic operation. 33. The method according to item 28 of the scope of patent application, wherein the execution includes: completing the specified cryptographic operation according to an advanced encryption standard algorithm. 34. The method according to item 28 of the scope of patent application, wherein the access _ Include: Specify a cipher block serial mode in the cipher instruction to complete the specified cipher operation. 7575
TW093133735A 2004-04-16 2004-11-05 Apparatus and method for performing transparent cipher block chaining mode cryptographic functions TWI268686B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/826,814 US7542566B2 (en) 2003-04-18 2004-04-16 Apparatus and method for performing transparent cipher block chaining mode cryptographic functions

Publications (2)

Publication Number Publication Date
TW200536329A true TW200536329A (en) 2005-11-01
TWI268686B TWI268686B (en) 2006-12-11

Family

ID=34887811

Family Applications (1)

Application Number Title Priority Date Filing Date
TW093133735A TWI268686B (en) 2004-04-16 2004-11-05 Apparatus and method for performing transparent cipher block chaining mode cryptographic functions

Country Status (2)

Country Link
CN (1) CN1649296A (en)
TW (1) TWI268686B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8538012B2 (en) * 2007-03-14 2013-09-17 Intel Corporation Performing AES encryption or decryption in multiple modes with a single instruction
US8538015B2 (en) 2007-03-28 2013-09-17 Intel Corporation Flexible architecture and instruction for advanced encryption standard (AES)
US8719589B2 (en) * 2010-05-25 2014-05-06 Via Technologies, Inc. Microprocessor that facilitates task switching between multiple encrypted programs having different associated decryption key values

Also Published As

Publication number Publication date
TWI268686B (en) 2006-12-11
CN1649296A (en) 2005-08-03

Similar Documents

Publication Publication Date Title
TWI303936B (en) Apparatus and method for generating a cryptographic key schedule in a microprocessor
CN107667499B (en) Keyed hash message authentication code processor, method, system, and instructions
US7321910B2 (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
EP1596530B1 (en) Apparatus and method for employing cryptographic functions to generate a message digest
WO2017172244A1 (en) Power side-channel attack resistant advanced encryption standard accelerator processor
US7532722B2 (en) Apparatus and method for performing transparent block cipher cryptographic functions
EP1538510B1 (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
EP1519509B1 (en) Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7392400B2 (en) Microprocessor apparatus and method for optimizing block cipher cryptographic functions
US7502943B2 (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7529368B2 (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
US7900055B2 (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US20040208072A1 (en) Microprocessor apparatus and method for providing configurable cryptographic key size
US7542566B2 (en) Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
CN1661958B (en) Microprocessor apparatus of block cryptographic functions and method
TW200536329A (en) Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
US20040252841A1 (en) Microprocessor apparatus and method for enabling configurable data block size in a cryptographic engine
US7529367B2 (en) Apparatus and method for performing transparent cipher feedback mode cryptographic functions
TWI274280B (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
TWI247241B (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
CN1652163B (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
CN1658548B (en) Microprocessor apparatus and method for configuring cryptographic engine data block
TW200536335A (en) Apparatus and method for performing transparent cipher feedback mode cryptographic functions
TWI253268B (en) Microprocessor apparatus and method for optimizing block cipher cryptographic functions
TW200536334A (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results