TWI258289B - Microprocessor apparatus and method for providing configurable cryptographic block cipher round results - Google Patents

Microprocessor apparatus and method for providing configurable cryptographic block cipher round results Download PDF

Info

Publication number
TWI258289B
TWI258289B TW093131089A TW93131089A TWI258289B TW I258289 B TWI258289 B TW I258289B TW 093131089 A TW093131089 A TW 093131089A TW 93131089 A TW93131089 A TW 93131089A TW I258289 B TWI258289 B TW I258289B
Authority
TW
Taiwan
Prior art keywords
block
password
cryptographic
register
instruction
Prior art date
Application number
TW093131089A
Other languages
Chinese (zh)
Other versions
TW200536334A (en
Inventor
G Glenn Henry
Thomas A Crispin
Terry Parks
Original Assignee
Via Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US10/826,435 external-priority patent/US7502943B2/en
Application filed by Via Tech Inc filed Critical Via Tech Inc
Publication of TW200536334A publication Critical patent/TW200536334A/en
Application granted granted Critical
Publication of TWI258289B publication Critical patent/TWI258289B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • G06F9/30007Arrangements for executing specific machine instructions to perform operations on data operands

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and execution logic. The cryptographic instruction is received by a computing device as part of an instruction flow executing on the computing device. The cryptographic instruction prescribes one of the cryptographic operations, and also prescribes that an intermediate result is generated. The execution logic is operatively coupled to the cryptographic instruction. The execution logic executes the one of the cryptographic operations, and generates the intermediate result.

Description

* 1258289 九、發明說明: 【相關申請案之交互參考】 本申凊案優先權之申請係根據美國專利申請案號為 10/826435,申請日期係為 〇4/16/2〇〇4。 【發明所屬之技術領域】 本發明為關於微電子範田壽,且特別為一種在電腦裝置 上執仃具有中間結果之產生之密碼操作的裝置及方法。 【先前技術】 早期電腦系統,係與其他電腦系統獨立運作,因此 :在早期電腦系統中執行之應用程式 資料,可能位於該電腦李够., 邛輪入 行時接供。⑧系、,充,或由—應用程式設計者於執 果,而;浐::二程式由輸出資料產生,且為執行後的結 ί-m常係以書面輪出,或為槽案形式,寫 在磁贡機、磁碟或其他位於該電腦牵轉肉夕+θ ^ 置中。該輪出於安拉# 包月自糸、、、充内之大1儲存裝 -系列應用程者可以做為執行在同-電腦系統中, 以一檔案形式儲存到一 貝科先則就已經 則它可接著被提供到一不‘二σ運輸,大量儲存裝置, 應用程式使用。 11 至不相容之電腦系統,供 感資料的需求,而的電腦系統中,已確認保護敏 係發展及彻來保護未 I 4碼各序程式 這些密碼程式將儲 ^'路破感貧料。一般來說, 解密。 晰子在大量儲存裝置之輪出資料的加密及 1258289 前、,!用者發現連結網路電腦,以提供存取已共* 1258289 IX. Invention Description: [Reciprocal Reference for Related Applications] The application for priority of this application is based on US Patent Application No. 10/826435, and the filing date is 〇4/16/2〇〇4. BACKGROUND OF THE INVENTION 1. Field of the Invention This invention relates to microelectronics Fan Tianshou, and more particularly to an apparatus and method for performing cryptographic operations with intermediate results on a computer device. [Prior Art] Early computer systems operated independently of other computer systems. Therefore, the application data executed in the early computer system may be located on the computer. 8 series, charging, or by the application designer, and; 浐:: The second program is generated by the output data, and the post-execution knot ί-m is usually written in writing, or in the form of a slot , written in the magnetic tribute machine, disk or other located in the computer to pull the meat eve + θ ^ set. The round is from Allah #包月自糸,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, It can then be provided to a non-two-sigma transport, mass storage device, and application. 11 to incompatible computer systems for the demand for information, and in the computer system, it has been confirmed that the development of the protection system and the protection of the code program of the I 4 code will be stored. . In general, decryption. Clear the encryption of the data in a large number of storage devices and before 1258289,! Users find links to network computers to provide access

Hi地2地路結構、作業系統及資料傳輪協 援,甚二?取6分享資料的能力,發展到*僅僅是支 至扮演起突祕重要的角色。例如,在今日:父 細工作站的使用者,能夠綠 器之檔宰、使用_取不同案伺服 田木使用網際網路取得新聞及苴他資吨、名查 電腦間傳送及接收電子$自r女曰,、他貝▲在數百部 應商的電腦系統,提供;;電子::广連接到供 供應商之間的買賣、或在餐:機二以進行與 -Πΐ: 動,都是相當平常的事情。因此,保 叹未技推揭鉻之敏感資料本身及 $用者在'給定電腦多層 務;:敏;料: 案例越來越多。目前斩門_5片〃我才力保》又破感貝枓的 全議題的力道,例如垃;係:!=加重電腦㈣ 户、、萝店 件駭各攻擊、個人資料外 :個人:::圍㈣響,有關擬==應手= 反應在電腦訊息妥協處理上有任订種 心的事情,金融制度,軍事尸:有政府關 顯著的主題。在訊息安全存取時-種 術與裝置可以讓訊息只會皮==逐漸發展出-些技 謂的密碼學 在電腦間儲存或傳送時,=:用於保護貧訊時,其為 知如“明文,,(cleartext)或‘‘::傳达敏感的訊息(已 不文 (Plaintext)至不能瞭解的 1258289 形式(如“密文”(ciphertext))。明文轉換至密文的傳送過 程稱“加密(encryption ) ” 、“譯成密碼 (enciphering ) ” 、或“密碼化(ciphering ) ” ,且密文轉 換至明文的傳送過程稱“解密(decryption ) ” 、“解除密 碼(deciphering ) ” 、或“轉換密碼(inverse ciphering ) ” 。 在密碼範疇中,已經發展出數個步驟及規則,可用以 允許使用者不需使用多少知識或努力便可以完成密碼操 作,且使這些使用者能夠傳送或以其他方式如加密形式提 供其訊息給其他使用者。順著加密訊息,傳送者一般提供 接受者一個不能使接受者解除加密訊息的“加密密碼”, 因此接受者不能夠移除或以其他方式增加未加密原始訊息 的存取。已有一些技術,可以將這些步驟或規則採取密碼 保護,數學運算及特別設計的應用程式形式,而將高敏感 度訊息加密或解密。 一些運算類別使用於將數據加密或解密。在此提及的 第一類運算類別(如公共金鑰密碼運算:RSA運算)利用 兩種密碼(一種公共金鍮及一種私人金鑰)來將數據加密 或解密。提及公共金鑰運算,一種公共金鑰利用來傳送給 接受者的數據加密。在使用者公共及私人金鑰兼有一個數 學演算關係,接受者必須利用其私人金鑰將傳送資料解密 以恢復數據。雖然此類密碼運算在今日廣泛被使用,但加 密及解密操作速度仍然過慢,即使只加密與解密少量數 據。第二類運算,如對稱金鑰運算(symmetric key algorithms ),提供數據安全相當程度,且速度更快。這些 運算稱為對稱金鑰運算,因為其使用密碼金鑰於加密及解 密訊息。有三種公共習知之主要加密金鑰運算:數據加密 1258289 標準規則(data enciypticm standard、DES ),三重數據加穷 標準規則(T_eDES) ’及進階加密標準規則(_纖/ enCiyPti〇nStandard、AES)。因為這些演算法強度包含高敏 感度數據,其現在由美國政府及其代理機構使用。但可以 預期二這些技術之至少-個技術,將在未來成為商業或私 人傳送標準。根據這些對稱金鑰運算,明文及密文係分別 被區隔於一個特殊的大小來加密或解密。舉例,在128位 兀大小區間的進階加密標準規則完整加密操作,且使用 ^28、192及256位元的加密金鑰。其他對稱金鑰運算允_ 許192及256位元數據組的高級加密標準。提及分組密碼. 知作,一種1024位兀明文訊息有如八個128位元組加密 全部的對稱金鑰運算利用相同形式的次操作,將一明 文區塊加密。尚有一般更常使用的對稱金鑰運算,如一種 初始化密碼金鑰擴展多種金鑰(如一種“金鑰目錄,,), 每一個如符合次操作密碼“回合,,(nmnd)在明文區塊中完 成。舉例,金鑰目錄的第一金鑰使用來完成在明文區塊上 次操作的第-密碼回合’其中第二回合利用金錄目錄的第# 一金鑰來產生第二結果。一種特定數量的次單元回合被完 成^產生一個密文本身的最終回結果。進階加密標^規= 運算之每一回合中的次操作,尚有次位元(或s_b〇x)、移 列轉換(ShiftRows )、混欄(MixC〇lum )、加入回合鍵 (AddRoundKey )等術語。每一回合期間,一種密文區塊 解岔完成,除了完成密文輸入轉換密碼以及轉換次操作 (混攔欄位,移列轉換)外,每一回合之最終結果皆為明 文區塊。 數據加密標準規則及三重數據加密標準規則利用不同 • 1258289 特性次操作,但次操作相似於與這些進階加密標準規則, 因其利用類似的方式轉換一明文區塊成一密文區塊。 在多重連續測試組上完成密碼操作,全部對稱金錄運 算利用相同的模式。這些模式包含電子密碼書(electronic code book、ECB )模式、密碼組串(cipher block chaining、 CBC )模式、密碼回饋(cipher feedback、CFB )模式、及 輸出回饋(output feedback、OFB )模式。在次操作完成期 間,一些模式利用一種附加初始化向量,且一些使用完成 於第一明文區塊加密第一位置的密文輸出,如一種附加輸 入至完成於第二明文區塊的加密第二位置。更多的相關技 術細節,可以參見FIPS-46-3,1999年10月25日,其詳細討 論了數據加密標準規則、三重數據加密標準規則;以及參 見FIPS-197 ,2001年11月26日,其對進階加密標準作了詳 細解釋。前述標準規則係由國家標準科技研究所 (National Institute of Standards and Technology、NIST )頒佈及主 張。此外,個別的指令、白皮書、套裝工具及對策可參考 國家標準科技研究所之電腦安全應變中心(CSRC ),網 址為 http://csrc.nist.gov/。 習知技術者將察覺多數應用程式可以有效的在電腦上 執行以完成密碼操作(如加密及去密)。事實上,一些操 作系統(如Microsoft®、WindowsXP®、Linux)在原始密碼形 式、密碼應用程式介面及相似物時,直接提供加密/解密 服務。無論如何,今日電腦密碼技術仍存在一些缺失。請 直接參考第一圖,藉以在下面突顯及討論這些缺失。 第一圖為一種今日電腦密碼應用的架構圖100 ,描述 一個與區域網路105連結的第一電腦工作站101 、一個第 1258289 二電腦工作站l〇2、—個烟 , οσ 1Λ^ 们、凋路檔案儲存裝置10ό、一個第 路由态ω7、或其他與廣域網路(WAN彳· :、及-個無線網路路由器⑽如==網= 線網路1〇9連接至二:^己型電月每104利用無 重點,-個第二路由、、個;域:路^ 介面。 捉仏個弟二電腦工作站103 安二 使I:在工作期間多次面臨電㈣ -個工作站m;用者ϊ;;ί= 喿編控制下’ 要密碼操作。工作站101使 乍二母一個皆需 槽案儲存裝請上儲存區域檔:在網路 使用者可傳送加密訊自 在輻木储存的同時, 使用者,其亦需;力 為即時(如-種立即訊息)或加密訊息可 外,使用者還可從第三電二 ί取或提供他/她最終數據(如***二 =網路110 等)或其他形式的敏感數據。當走ϋ、盃蛐轉帳, 區域網路ι〇5上的分享資源J=任何一個在 ,應工作站101,使用者 ,斯, 可代表家用電腦或遠距電腦103 工作站朋 個符合執行加密/解密操作112的例子们::,要-卿現在常態性的提供於咖啡店,機場 ,热線網路 共場所,因此筆記型電腦104使用者一個’及其他公 是他/她的訊息傳送/接收其他使:者=需:密= 1258289 由無線網路l〇9 $盔妗,々丄, 習知技祁-去密或解密所有訊息。 站iom者瞭解’每—個上述活動都需要在工作 /解资ϋ "9 w也尤相應有執灯一個立即的加密 山木 的而求。因此,電腦101-104進一步可能同 日Τ元成數百個密碼操作。 ,論如何,存在一些在電腦系統ι〇ι上 夕個立即的加密/解宓握 二—丄〜 $ 限制。兴n 而完成密碼操作方法的 於-由=二二軟體程式完成一個前述功能’相對 /、;密嶋行速度慢。每-個加密 ==式:能在這段時間内必須暫停執行,且加密 系統至加密/解:二餘等)參數必須通過操作 .堇管、"二 木作112 ’執行加密操作。且因為加密 運-必須包“寺殊組別數據幾回次 、=行包含執行多個電腦延伸指令,因此全部= ^度有不利的影響。如—般習知技術者所能木作 fΓ _傳送—個小的加密電子料會較傳送- 個未加畨電子郵件慢5倍。 、、 另外’因為與操作系統的互動往 ;:=。許多應用程式並不能提供完二產2 應用ί完成作統零件或外掛程式 除此之外,在今日電腦系統101_〗 與在微^理器中先前出現使用於浮點單元二=;以 斤點運异經由軟體完成,執行相當慢。像浮點 1258289 =作’密碼操作經由軟體完成相當 ίπ =令提供在浮點共同訊息處理心2 = 二Cii理機執行浮點操作較軟體完成速度快,但仍复 士匯流排(如通用序列匯流排)接合至主::息》;:接 坆些共同訊息處理機執行完成密媽操 =*。 ,。但密碼共同訊息處理物力 統全部的可信賴度。完成密碼共‘ =此、’有需要改善現有之處理器㈣碼功能,例如提 碼於I可ί直接在微處理器上做密碼操作以經由單一微密 的:密碼操作,並進而限制操作系統介入及處: 級,且提供今曰微處理器主要結構的密碼硬體。 用更體且結合密碼指令於-種後續操作系 許生方法中。其更需要提供-種阻止未經 多裝置及方法,其可以支撐且編序 管:::二: 測試具體實施的特殊密碼運 入供的金输如自行產生支持多個數據組大 穷模弋早-♦录’且其提供可編碼組別加密/解 子,、碼書,密碼組串模式,密瑪回饋模式及輸 【發明内容】 12 1258289 本發明係要直接解決前案的 一個更優越的技術來完成在微處理哭、點。本發明提供 體實施例,提供—種執行密碼操作的^碼操作。一個具 個密碼指令電路及執行邏輯電路el 該裝置包含一 密碼指令係由電腦裝置接收,來作=M' 3令電路所處理之 行之指令流程的一環。一種密碼指;::】腦裝置中所執 :,且亦指定產生的中間結果。執行:輯:::;㈣操 電路係有效純。執行邏輯電路執行 I 碼才曰令 一個中間結果。 種雄碼操作且產生Hi land 2 road structure, operating system and data transfer assistance, and so on? Taking 6 the ability to share information, and developing to * is only an important role to play a secret. For example, in today's: the user of the parent-small workstation, can use the green device to slaughter, use _ take different cases, servo Tianmu use the Internet to get news and 苴TongTeng, name check computer transfer and receive electronic $ from r Nüwa, He Bei ▲ is provided in hundreds of computer systems for business; electronic:: wide connection to the sale and purchase between suppliers, or in the meal: machine two to carry out - Πΐ: move, are Quite the usual thing. Therefore, it is sighed that the sensitive information of the chrome is not revealed and the user is in a given computer multi-layer;; sensitive; material: more and more cases. At present, Tuen Mun _5 〃 才 才 才 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 》 : Wai (four) ringing, related to the == should hand = reaction in the computer information compromise processing has a fixed mind, financial system, military corpse: there is a prominent theme of the government. In the case of secure access to information - the techniques and devices can make the message only skin == gradually developed - some of the cryptography stored or transmitted between computers, =: used to protect the poor, it is known "Clear text, (cleartext) or '':: conveys sensitive messages (Plaintext) to the unrecognized 1258289 form (such as "ciphertext"). The transfer of plaintext to ciphertext is called "encryption", "enciphering", or "ciphering", and the transfer process of ciphertext to plaintext is called "decryption", "deciphering", Or "inverse ciphering". In the context of passwords, several steps and rules have been developed that can be used to allow users to perform cryptographic operations without requiring much knowledge or effort, and to enable these users to transmit or The message is provided to other users in other ways, such as in encrypted form. By encrypting the message, the sender generally provides the recipient with a message that does not allow the recipient to unencrypt the message. The password is encrypted, so the recipient cannot remove or otherwise increase the access to the unencrypted original message. There are techniques for password protection, mathematical operations, and specially designed application forms. Encrypt or decrypt high-sensitivity messages. Some types of operations are used to encrypt or decrypt data. The first type of operation mentioned here (such as public key cryptography: RSA operation) uses two types of passwords (a public key) And a private key) to encrypt or decrypt the data. Refers to the public key operation, a public key used to encrypt the data transmitted to the recipient. The user public and private keys have a mathematical calculus relationship, accept The private key must be used to decrypt the transmitted data to recover the data. Although such cryptographic operations are widely used today, the encryption and decryption operations are still too slow, even if only a small amount of data is encrypted and decrypted. The second type of operation, such as Symmetric key algorithms provide data security to a greater degree and speed. These operations are called symmetric key operations because they use cryptographic keys to encrypt and decrypt messages. There are three common practices for primary cryptographic operations: data encryption 1258289 standard rules (data enciypticm standard, DES), triple data plus poor standards Rules (T_eDES) 'and advanced encryption standard rules (_fiber / enCiyPti〇nStandard, AES). Because these algorithms contain high sensitivity data, they are now used by the US government and its agencies. But these two technologies can be expected At least one technology will become a commercial or private delivery standard in the future. According to these symmetric key operations, the plaintext and ciphertext are respectively encrypted or decrypted by a special size. For example, the advanced encryption standard rules in the 128-bit 兀 size interval complete the encryption operation, and use the encryption keys of ^28, 192, and 256 bits. Other symmetric key operations allow for advanced encryption standards for 192 and 256-bit metadata sets. Referring to block ciphers, it is known that a 1024-bit plaintext message is like eight 128-bit tuples. All symmetric key operations use a sub-operation of the same form to encrypt a plaintext block. There are still more commonly used symmetric key operations, such as an initial cryptographic key to extend multiple keys (such as a "key directory,"), each such as the secondary operation password "round, (nmnd) in the plaintext area Completed in the block. For example, the first key of the key directory is used to complete the first-password round of the last operation of the plaintext block, where the second round uses the #th key of the golden record directory to generate the second result. A specific number of sub-unit rounds is completed ^ to produce a final result of a cipher text. Advanced Encryption = The second operation in each round of the operation, there are sub-bits (or s_b〇x), ShiftRows, MixC〇lum, AddRoundKey And other terms. During each round, a ciphertext block is decoded. Except for the ciphertext input conversion password and the conversion sub-operation (mixing field, shifting conversion), the final result of each round is the plaintext block. Data Encryption Standard Rules and Triple Data Encryption Standard Rules utilize different • 1258289 feature sub-operations, but sub-operations are similar to these advanced encryption standard rules because they convert a plaintext block into a ciphertext block in a similar manner. The cryptographic operations are performed on multiple consecutive test groups, and all symmetric golden records use the same mode. These modes include an electronic code book (ECB) mode, a cipher block chaining (CBC) mode, a cipher feedback (CFB) mode, and an output feedback (OFB) mode. During the completion of the secondary operation, some modes utilize an additional initialization vector, and some use the ciphertext output completed in the first plaintext block to encrypt the first location, such as an additional input to the encrypted second location completed in the second plaintext block. . For more technical details, see FIPS-46-3, October 25, 1999, which discusses in detail the Data Encryption Standard Rules, Triple Data Encryption Standard Rules; and FIPS-197, November 26, 2001. It explains in detail the advanced encryption standards. The aforementioned standard rules were promulgated and promulgated by the National Institute of Standards and Technology (NIST). In addition, individual instructions, white papers, kits and countermeasures can be found in the National Institute of Standards and Technology's Computer Security Response Center (CSRC) at http://csrc.nist.gov/. Those skilled in the art will recognize that most applications can be effectively executed on a computer to perform cryptographic operations (such as encryption and decryption). In fact, some operating systems (such as Microsoft®, WindowsXP®, Linux) provide encryption/decryption services directly in the original password form, password application interface, and the like. In any case, there are still some shortcomings in today's computer password technology. Please refer directly to the first figure to highlight and discuss these shortcomings below. The first picture is an architecture diagram 100 of today's computer password application, describing a first computer workstation 101 connected to the regional network 105, a 1258289 second computer workstation l〇2, a cigarette, οσ 1Λ^, and a road The file storage device 10ό, a routing state ω7, or other network connection with the wide area network (WAN彳:, and - wireless network router (10) such as == network = line network 1〇9: Every 104 uses unfocused, - a second route, a; domain: road ^ interface. Capture a brother two computer workstations 103 An II I: multiple times during the work period (four) - a workstation m; users ϊ ;; ί= 喿 控制 控制 要 要 要 要 要 要 要 要 要 要 要 要 要 要 要 要 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站 工作站It is also required; if the power is immediate (such as an immediate message) or encrypted message, the user can also obtain or provide his/her final data (such as credit card 2 = network 110, etc.) or Other forms of sensitive data. When walking, cup transfer, regional network 5 shared resources J = any one, should workstation 101, user, s, can represent the home computer or remote computer 103 workstations in line with the implementation of the encryption / decryption operation 112 examples::, want - Qing is now normal Sex is provided in the coffee shop, airport, hotline network, so the notebook computer 104 user's and other public is his/her message transmission/reception other:: = need: secret = 1258289 by wireless network路 l〇9 $Helmets, 々丄, 知知祁--to secret or decrypt all messages. Station iom understands that 'every of the above activities need to work/solve ϋ"9 w also has a corresponding The light is an immediate encryption of the mountain. Therefore, the computer 101-104 may further operate hundreds of passwords in the same day. On how, there are some immediate encryption/unlocking in the computer system. Second - 丄 ~ $ Restriction. Xing n and complete the password operation method - by = two two software program to complete a previous function 'relative /,; secret line speed is slow. Every - encryption == type: can be in this paragraph Must be suspended during the time, and the encryption system To the encryption / solution: two, etc.) parameters must be operated through the operation of the control, and "two wood for 112" to perform the encryption operation. And because the encryption operation - must include "the temple special group data several times, the = line contains the execution of multiple computer extension instructions, so all = ^ degrees have an adverse effect. If the general knowledge of the technology can be made fΓ _ Transfer - a small encrypted electronic material will be 5 times slower than the transfer - un-twisted email. Also, 'because of interaction with the operating system;:=. Many applications do not provide the second production 2 application ί complete In addition to the system or plug-in program, in today's computer system 101_〗 and in the microprocessor previously appeared in the floating-point unit two =; by the point of the difference between the implementation of the software, the implementation is quite slow. Like floating point 1258289 = "The password operation is done via software. ίπ = Let the common message processing in the floating point. 2 = Two Cii machines perform floating-point operations. The software is faster than the completion, but still the rendezvous bus (such as the universal serial bus) Join to the main:: interest";: After receiving these common message processor execution, complete the mother's operation = *., but the password common message processing material is all trustworthy. Complete the password altogether '=this,' need to improve Existing place (4) code function, for example, code can be directly operated on the microprocessor to perform password operation via a single micro-density: password operation, and thus limit the operating system intervention and level: and provide the main microprocessor The cryptographic hardware of the structure is used in a more tangible and combined cryptographic instruction in the subsequent operation of the method. It is more necessary to provide a kind of prevention without multiple devices and methods, which can support and sequence the tube:::2: Test the specific implementation of the special password to enter the gold supply, such as self-generation support for multiple data groups, large and poor models, and provide codeable group encryption/decompression, codebook, cipher string mode,密玛回回模式模式 and transmission [Summary of the Invention] 12 1258289 The present invention is to directly solve the prior art of a more superior technology to complete the crying, point in the micro-processing. The present invention provides an embodiment to provide a password operation ^ Code operation. A device with a password command circuit and an execution logic circuit. The device includes a password command received by a computer device to make a loop of the command flow processed by the circuit. Code finger;::] The brain device is executed: and the intermediate result is also specified. Execution: Series:::; (4) The circuit is valid pure. The execution logic circuit executes the I code to make an intermediate result. Operation and production

裝置字實個執行密碼操❹ 單元所處理之控制字元係用來指示在 間所產生的-中間結果。密 碼-作執㈣ 據-指令流程内是否有接收到用以m係用以相 碼指令電路’執行—種密碼 ;: 制字元。 F /、γ山碼才日令亦芩照控The device word is executed by the cryptographic operation. The control word processed by the unit is used to indicate the intermediate result produced between the two. Password-Acceptance (4) According to the -instruction process, whether or not the circuit is used to execute the code for the phase code command circuit is executed. F /, γ mountain code is also controlled by the sun

本發明之另一個具體實施一 碼操作的方法。兮 仕衣置中兀成 指一一击方法至少包含下列步驟:經由-個密 的:接::J間結果是在一種密碼操作執行期間所產 門=碼#日令’·以及當執行—個密碼操作時產生此 【實施方式】 +以下所述為應用習知技術而製造或使用文中特定應用 及需求之本發明所列舉之例子。然而,實施例中所提及之 13 1258289 各種修改係用於彰顯與習知技術之不同處,此 :用於其他實施例中。因此’本發明並非限定於:定實施 有I於上述關於密碼程序之技術背景及當今電 所使用將資料加密及解密之相關技術,我I 1 :繼續探討這些技術及其限制。接著,將參照第二:; 十五圖繼續討論本發明。 财=請ί考第二圖’一方塊圖200係描述上述現今電 技術。方塊圖200包含-微處理器 少/、了擷取指令電路,並存取資料,而所存取之資料 記!體203的系統記憶體區域内之應用程 ^由^章系"用記憶體203内的程式控制和資料存取,通 吊由作業糸統202管理,作辈系姑 —受保護^位於线記憶體上 (例如:一帝_ ,如果一正在執行之應用程式 碼運营,* ^子料或—㈣儲存程式)要求須執行一密 成资碼運*在^丁之應用程式必須命令微處理器201完 為:程式:或:定的指令電路。這些指令電路可能 也可:為正在執行之應用程式本身的-部分, 式的應用程式’其連接到正在執行之應用 二L '、、、作業系統202所提供的服務程式。先不論 路的關聯性,任何熟習此技藝之人士將會了 電路將會駐留在記憶體内某些指定或分配的 =岸述討論之目的,這些記憶體的區域將顯 不在應用4體203内,且包含—密瑪金餘產生程序 14 1258289 204,一般會產生或接受一密碼金鑰,及擴展此密碼金输 至一金鑰排程205,以便在密碼回合運算中使用。對 重區塊加密運算而言,會引動一區塊加密程序2〇6。加密 程序206執行多個指令,其可存取明文21〇、金鑰排程 205、密碼參數209之區塊,而密碼參數2〇9進一步指定 特殊之區塊加密操作(例如模式)、金鑰排程之位置^疋 $ °若需要一特定模式,力σ密料2〇6也會存取一初始向 里208。加密程序2〇6於此執行指令,以產生多個對應密 文211之區塊。類似地,引動一解密程序,以執行區 ,解密操作。解密程序2〇7亦會執行多個指令,包括存^ 密文211、金鑰排程2〇5、密碼參數2〇9之區塊,而密碼 :數209可進-步指定特殊之區塊解密操作,且如果模式 ,要,也會存取一初始向量2〇8。解密程序2〇7於此執7 这些指令以產生多個對應明文區塊210之區塊。 為,生密碼金輪及將内文加密或解密,而執行大量的 ^例^非^值得的。前述之聊規格包含許多虛擬編 、二’以預估所需求指令的大約數目,因此,—熟羽 β之人士將冒理解’完成一簡單的區塊加密操作,會 们扣7且其中每一指令都必須由該微處理哭 二完Ϊ所要求之密碼操作。更者,該指“執 山碼‘作,通常被視為一執行中應用程式主要 二i 理、即時訊息、電子郵件、遠端槽案存 覺到執行中^ 因此’執行中應用程式的使用者會感 中應用程式之執行不具效率。在一獨立運作或插 15 -1258289 入式的加密程序206和解密程序2〇7, 序206及207必須依據作業夺 口官ί廷些程 斷、除錯、及一些會使問題惡化的事件。再者,對 電腦糸統上需求的每-並行之密碼操作,、在 施、浙的例子就是須分開配置於記憶體2q 上所,,可以預期的是,要求由—微處理器2〇 = 碼運算數目,將會隨著時間持續增加。 仃在 本發明之發明者已經注咅 術的_*更確認二 微處理器中,執行密碼操作的裳置和方 Γ據此’本發明於此提供-微處理器,經由專屬之:碼 早;,執行密碼操作的裳置及相關的方法。當啟:心 兀時,以經由一單—密;,碼早 現在將參照第三圖至第十二圖討論^明執行岔石馬操作。 請參昭M = 1 執行密碼操作::處理一::圖::二據本發明用以 該微處理器如====,之微處理器如。 執行邏輯電路3〇3曰存裔302接收指令之轉譯 電路、裝置譯執行邏輯電路3〇3包含執行邏輯 執峨;路心 轉譯成對應的微指令序列結:’或者是可將指令 邏輯電路303中執行件。用來在轉譯執行 ^澤电路工作之元件,可以被微處理 16 Ί25«289 器301中其他不同功用的電路、微程式碼等共用。根據本 應用範圍,微程式碼係表示至少一個微指令之術語。微指 令(亦稱作本機指令)係控制一元件或裝置執行動作之階 級的指令。舉例來說,微指令係藉由一精簡指令集 (reduced instruction set computer, RISC )微處理器直接執行。 對於一複雜指令集(complex instruction set computer, CISC )微 處理器,例如一 x86相容之微處理器,x86指令係轉譯成 對應的微指令,且對應的微指令係由複雜指令集微處理器 中之元件或裝置來直接執行。轉譯邏輯303係連接至一微 指令佇列304。微指令佇列304具有複數個微指令項目 305、306。微指令係由微指令佇列304提供至包含暫存 器檔案307之暫存器階層執行邏輯電路。暫存器檔案307 具有複數個暫存器308-313,其中暫存器的内容係先設定 好以執行一指定的密碼操作。暫存器308-313指向記憶體 321上之對應位址323-327,其中記憶體包含用來執行指 定的密碼操作所需的資料。暫存器階層係連接至載入執行 邏輯電路314,其中載入執行邏輯電路係作為一資料快取 記憶體315之介面,用作執行指定的密碼操作時之資料擷 取。資料快取記憶體315係藉由記憶體匯流排319連接至 記憶體321。執行邏輯電路328係連接至載入執行邏輯電 路314且執行由前一階層傳遞下來的微指令指定之動作。 該執行邏輯電路328包含執行邏輯電路、裝置或微程式碼 (例如微指令或本機指令),或是執行邏輯電路、裝置或 微程式碼之結合,或者是用來執行指令所指定動作之等效 17 Ί258289 的兀件。執行邏輯電路328中用 1 被微處理器,中其他不同功:=:等:以 -從載入執行邏輯::;:;:單元;16:密碼單元 操作所需的資料。微指八:收用來執行指定的密碼 文件區塊326 #〜t 岔碼單元316對複數個輸入 輪出文件區塊 ,程式碼㈧如微指令或本機=路: 電路、裝置或微程式碼之*人 :)或疋執盯邏輯 之等效的元件。密碼單元、:中用輪^ 件’可以被微處理器3…他=,、碼操作之元 石馬等共用。在一實 ς问功用的電路、微程式 路微中其他的執行單元如316係與執行邏輯電 繪示於圖中)平行運作。早兀、浮點數單元等(未 實施例包含執行邏輯·路=用範圍内’ -「單元」之 或本機指令),或是程式碼(例如微指令 ^或者是用來執行特定功能或特定… 在—特定單元巾用來執行特定功L切^的元件。 以被微處理器301中其他不同功品^作之元件,可 碼等共用。舉例來說,名—垂> $ *乍之電路、微程式 邏輯電路、裝置或微程式:單元包含執行 =是:行邏輯電路、襄置或微程式:馬::=本:指令), 仃整數指令之等效的元件。—浮,或者是用來Another embodiment of the present invention is a method of code operation. The method of hitting the 兀 兀 指 一 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 至少 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由 经由This is the case when the cryptographic operation is performed. [Embodiment] The following is an example of the present invention which is manufactured or used with specific applications and needs in the application of the prior art. However, the various modifications mentioned in the examples are intended to highlight differences from the prior art, which are used in other embodiments. Therefore, the present invention is not limited to the following: the technical background of the above-mentioned cryptographic program and the related technologies for encrypting and decrypting data used by today's electric power, I I: continue to explore these technologies and their limitations. Next, the present invention will be further discussed with reference to the second:; fifteenth diagram. Finance = Please refer to the second picture 'a block diagram 200 series describes the above-mentioned current electric technology. The block diagram 200 includes - a microprocessor less /, captures the instruction circuit, and accesses the data, and the accessed data is recorded in the system memory area of the body 203 by the ^ chapter system " The program control and data access in the body 203 are managed by the operating system 202, and the system is protected by the operating system. (For example, an emperor _, if an application code is being executed, , * ^ sub-material or - (four) storage program) requires the implementation of a secret code operation * in the application of the program must be ordered by the microprocessor 201: program: or: fixed command circuit. These instruction circuits may also be: a part of the application itself being executed, which is connected to the application program being provided by the application system 202. Regardless of the relevance of the road, anyone familiar with the art will have the circuit to reside in the memory for certain specified or assigned = shore discussion purposes, the area of these memory will not be in the application 4 body 203 And including - the mega-gold generation program 14 1258289 204, generally generates or accepts a cryptographic key, and extends the cryptographic key to a key schedule 205 for use in the cryptographic round operation. For heavy block cryptographic operations, a block cipher 2 〇 6 is motivated. Encryption program 206 executes a plurality of instructions that can access blocks of plaintext 21, key schedule 205, and cryptographic parameters 209, while cryptographic parameters 2 〇 9 further specify special block cryptographic operations (eg, mode), keys The position of the schedule ^ 疋 $ ° If a specific mode is required, the force σ dense material 2 〇 6 will also access an initial inward 208. The encryption program 2〇6 executes the instructions here to generate a plurality of blocks corresponding to the ciphertext 211. Similarly, a decryption program is invoked to perform the zone and decryption operations. The decryption program 2〇7 also executes a plurality of instructions, including a block of ciphertext 211, a key schedule of 2〇5, and a password parameter of 2〇9, and a password of 209 can further specify a special block. The decryption operation, and if the mode, is, will also access an initial vector 2〇8. The decryption program 2〇7 executes 7 these instructions to generate a plurality of blocks corresponding to the plaintext block 210. In order to generate a password golden wheel and encrypt or decrypt the text, a large number of cases are executed. The aforementioned chat specification contains a number of virtual edits, and the second is to estimate the approximate number of instructions required. Therefore, people who are familiar with the feathers will understand that 'complete a simple block encryption operation, and they will deduct 7 and each. The instructions must be operated by the password required by the microprocessor. Moreover, the reference to "Chiba Code" is usually regarded as an application in the main application, instant messaging, e-mail, remote slot, and execution. ^ So the user of the application in execution In the sense that the execution of the application is not efficient. In an independent operation or plug-in 15-1258289 encryption program 206 and decryption program 2〇7, the order 206 and 207 must be based on the operation of the commander And some incidents that will aggravate the problem. Furthermore, the per-parallel cryptographic operations required on the computer system, in the case of Shi and Zhe, must be separately configured on the memory 2q, it can be expected The number of operations required by the microprocessor 2 〇 = code will continue to increase over time. 仃 In the inventor of the present invention, the _* more confirmed two microprocessors perform the cryptographic operation. According to the present invention, the present invention provides a microprocessor, via exclusive: code early; and performs a cryptographic operation and related methods. When the card is open, the heart is passed through a single-dense; The code will now refer to the third picture to The twelfth figure discusses the implementation of the 岔石马 operation. Please refer to M = 1 to perform the cryptographic operation:: Process one:: Figure:: According to the invention, the microprocessor is used for the microprocessor such as ==== The execution logic circuit 3 〇 3 曰 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 302 The execution unit of the logic circuit 303. The component for performing the operation of the circuit can be shared by the other circuits, microcodes, etc. of the different functions in the 16 Ί 25 « 289 301. According to the scope of application, the micro code A term representing at least one microinstruction. A microinstruction (also referred to as a native instruction) is an instruction that controls the class in which a component or device performs an action. For example, a microinstruction is by a reduced instruction set computer , RISC) microprocessor directly executes. For a complex instruction set computer (CISC) microprocessor, such as an x86 compatible microprocessor, the x86 instructions are translated into corresponding microinstructions, And the corresponding microinstructions are directly executed by components or devices in the complex instruction set microprocessor. The translation logic 303 is coupled to a microinstruction queue 304. The microinstruction queue 304 has a plurality of microinstruction items 305, 306. The microinstruction is provided by the microinstruction queue 304 to the scratchpad hierarchy execution logic circuit including the scratchpad file 307. The scratchpad file 307 has a plurality of registers 308-313, wherein the contents of the scratchpad are first set. Preferably, a specified cryptographic operation is performed. The registers 308-313 point to corresponding addresses 323-327 on the memory 321 where the memory contains the data needed to perform the specified cryptographic operations. The scratchpad hierarchy is coupled to load execution logic 314, which loads the execution logic circuitry as an interface to data cache 315 for use as a data capture for performing specified cryptographic operations. The data cache memory 315 is connected to the memory 321 via the memory bus 319. Execution logic 328 is coupled to load execution logic circuit 314 and performs the actions specified by the microinstructions passed by the previous level. The execution logic circuit 328 includes an execution logic circuit, a device or a microcode (such as a microinstruction or a native instruction), or a combination of an execution logic circuit, a device or a microcode, or an instruction to perform an action specified by the instruction. A condition of 17 Ί 258289. Execution logic circuit 328 uses 1 different functions in the microprocessor: =: etc.: - from - load execution logic: :;:;: unit; 16: crypto unit operation required data. Microfinger eight: Received to execute the specified password file block 326 #~t Weight unit 316 for multiple input rounds of file blocks, code (8) such as microinstruction or local = way: circuit, device or microprogram The code * person:) or 疋 疋 逻辑 逻辑 logic equivalent components. The cryptographic unit, the middle wheel, can be shared by the microprocessor 3, his =, the code operation element, the stone horse, and the like. In the circuit, the other execution units such as the 316 system and the execution logic shown in the figure are operated in parallel. Early 兀, floating-point units, etc. (non-embodiments include execution logic • path = use range - "unit" or native instructions), or code (such as microinstructions ^ or are used to perform specific functions or Specific—In the specific unit, the component used to perform the specific work. The components that are made by other different functions in the microprocessor 301 can be coded and shared. For example, the name-hanging> $ * Circuit, microprogramming logic, device or microprogram: unit contains execution = yes: row logic circuit, device or microprogram: horse::= this: instruction), the equivalent component of the integer instruction. - floating, or used

電路、裝置或微程式碼(例如微指令或行邏J 或是 1258289 執行邏輯電路、裝置或微程式碼之結合,或者是用來執行 -浮點數指令之等效的元件。在一整數單元中用來執行整數 指令之元件,可以被浮點數單元中用來執行浮點數指令之 電路、微程式碼等共用。在一與χ86結構相容之實施例 中,該密碼單元316係與一 χ86整數單元、一 χ86浮點數 單元、一 χ86 多媒體延伸集(Multi-media extension,ΜΜΧ ) 單元及一 x86 串流延伸集(Streaming SIMD extension,SSE )單 元平行地運作。根據本應用範圍,一實施例係與x86結構 _ 相容,如果實施例可以正確地執行大部分用來執行在一 x86微處理器上的應用程式。若一應用程式係正確地執 行,可得到預期的結果。可替代的,x86相容的實施例考 慮到密碼單元與上述x86執行單元之子集合平行地操作。 密碼單元316係連接至儲存執行邏輯電路317且提供對應 之複數個輸出文件區塊327。儲存執行邏輯電路317亦連 接至資料快取記憶體315,資料快取記憶體315將輸出文 件資料327依路徑傳送至系統記憶體321儲存。儲存執行 _ 邏輯電路317係連接至寫回執行邏輯電路318。當指定的 密碼操作完成時,寫回執行邏輯電路318更新暫存器檔案 中307的暫存器308-313。在一實施例中,微指令隨著一 時脈訊號(未繪示於圖中)同步地通過上述每一個執行邏 輯電路階層 302、303、304、307、314、316 —318, 因此這些動作大致類似同時執行於一組裝線上之操作方 式。 在系統記憶體321中,一需要指定的密碼操作之應用 19 1258289 ^::二/二密碼指令來命令微處理器期執行該 理器3〇1。在χ复上隹χ::τ)指令電路來命令微處 含-指定麼^例中’密碼指令322包 密碼』令;2; Γ: 2 ί二在—精簡指令集的實施例中, 中,穷碼二 疋_作之微指令。在-實施例 i他:用二人二t使用一已存在之指令集架構中剩餘或 指=指令操作碼。在—x86相容之實施例中 RFp #、—时元組之指令,其包含—_重複前置A circuit, device, or microcode (such as a microinstruction or line logic J or 1258289 that performs a combination of logic, device, or microcode, or an equivalent component used to execute a floating-point instruction. In an integer unit The component used to execute the integer instruction may be shared by the circuit, the microcode, etc. used to execute the floating point instruction in the floating point unit. In an embodiment compatible with the χ86 structure, the cryptographic unit 316 is A 86 integer unit, a 86 floating point unit, a 86 Multi-media extension (ΜΜΧ) unit, and an x86 Streaming SIMD extension (SSE) unit operate in parallel. According to the scope of the application, An embodiment is compatible with the x86 architecture _ if the embodiment can correctly execute most of the applications used to execute on an x86 microprocessor. If an application is executed correctly, the expected results can be obtained. Alternatively, the x86 compatible embodiment contemplates that the cryptographic unit operates in parallel with a subset of the x86 execution units described above. The cryptographic unit 316 is coupled to the storage execution logic 317 and a corresponding plurality of output file blocks 327 are provided. The storage execution logic circuit 317 is also connected to the data cache memory 315, and the data cache memory 315 transfers the output file data 327 to the system memory 321 for storage according to the path. Execution_logic circuit 317 is coupled to writeback execution logic 318. When the specified cryptographic operation is complete, write back execution logic 318 updates register 308-313 in register file 307. In an embodiment, The microinstruction synchronously passes through each of the above-described execution logic circuit levels 302, 303, 304, 307, 314, 316-318 with a clock signal (not shown), so these actions are substantially similar to being performed simultaneously on an assembly line. In the system memory 321, an application that requires a specified password operation 19 1258289 ^:: two/two password command is used to command the microprocessor to execute the processor 3〇1. :τ) The instruction circuit to command the micro-inclusion - specify the 'cryptographic instruction 322 packet password' command in the example; 2; Γ: 2 ί2 in the condensed instruction set embodiment, the middle, the poor code 疋Microinstruction . In the embodiment i: use two or two to use the remaining or finger = instruction opcode in an existing instruction set architecture. In the -x86 compatible embodiment, the RFp #, - time tuple instruction includes -_ repeat preamble

Prefix )欄位(例如0xF3 ),接下來 位元組操作碼欄位(例如〇x〇FA7 X 一 詳述-在執行特定的密碼操作過程)中,二元組 塊加宓握4备— 所使用之特定的區Prefix) field (for example, 0xF3), followed by the byte opcode field (for example, 〇x〇FA7 X - detailed - during the execution of a specific cryptographic operation), the binary block plus 4 4 Specific area used

1^+/。在—貫施例中,根據本發明“指令32H =之密碼指令電路)可執行在一提供應用程式: 且:一勺階級’因此可以被設計成提供給微處理器則, =、用程式提供或作業系統32〇控制的指令程式流 二要一個密碼指令322來控制微處理器執行指 ;、=:於賴統32。來說,此— 微户作上’作業系統320需要一應用程式用以執行於 ^ - 301上。如同應用程式執行過 然而在執行密碼指令322之前,指令流程中指定 ^理益301會先將暫存器落312中的内容初始化, 使4向記憶體321中之位址323 —327,其中記憶體32ι 20 1258289 3检碼控制字元323’ -初始密碼金输或一金錄目錄 二=化向量325 (如有需要的話)…“文件 先一輸出文件327。在執行密碼指令您之前,需 存哭观~312初始化,因為密碼指令322會參照暫 Γΐ:::—Γ與一包含區塊總數之附力,暫存請,區 因文件326區域中欲加密或解密之區塊個數。 Γ貝二行邏輯電路303自操取執行邏輯電路搬中 理Ρ : 譯ί一對應的微指令序列,以控制微處 第仃曰疋的始碼#作。在對應的微指令序列中, 载入ί二=令305、306特別控制密碼單元训載入 數目之密碼回合,產生于已指定 枓快取記憶體315儲存至記憶體 2過貝 327。在對應的微指令序列 二::輪出文子區塊 示於圖中)控制微處理器中則並=數個微指令(未繪 於圖中),執行其他必須的二^ =單元(未緣示 構式暫存器包含,;之管理,㈣ 存器3Π、312之更新,在—輸人=輪入及輸出指向暫 密之後,初始化向量指向暫:326加密/解 更新,中斷判定之處 ;:1〇 (如有需要的話)之 一係結構式暫存 定義於指令集架構( 之H暫存器姻〜阳係- 中之曰存益,用於特定的微處 21 1258289 理器中。 、在一實施例中,密碼單元316係分成複數個階層, 適用於連續的輸入文字區塊326之管線操作。 第二圖中之方塊圖300說明本發明之必要元件,因此 =部分現今微處理器3G1中之執行邏輯電路已被省略,以 犬頒本發明之目的。然而,任何熟習此技藝者可以了解_ 現今的微處理器301中,依照特定的使用範圍,包含有 多個階層及邏輯元件,其中一些收集於此以說明本發明: 目的。舉例來說,載入執行邏輯電路314包含接在一快取 記憶體介㈣層之後的位址生成階層,且接著的是一快取 ㈣體介面階層。“要注意的是,根據本發明係由單 一密碼指令322來控制對複數個輸入文字區塊326做_ $ 整的密碼操作,其中該單一密碼指令322之操作係以不^ 的方式來思考及了解作業系統32(),藉由一專用的密碼單 =316來執行單一密碼指令322,且密碼單元係與微處理 器中301其他的執行單元平行且同步運作。本發明考慮到 實施例結構中密碼單元316可替代之實施例,類似於最近 幾年微處理H巾的專料點數單元硬體。密碼單元及相關 的检碼指令322之操作’如上所述可完全的與目前的舊式 作業系統320及應用程式相容’以下將會有更詳細的說 明。 現在請參照第四圖,根據本發明一方塊圖揭示一微密 碼指令400之實施例。密碼指令4〇〇包含一選擇性前置欄 位Uptionalprefixfleld) 401,之後接著一重複前置欄位 22 1258289 (repeat prefix field ) 402, field ) 403,接下來是— mode field ) 404 ,在一實 x86指令集架構一致。可 指令集架構。 接下來疋一彳呆作碼搁位(〇pC〇de 區塊加密模式攔位(block cipher 施例中,櫊位401 -404的内容與 替代的實施例則考慮到了其他的 在操作上,選擇性前置攔位4〇1使用在許多的指令集 木構中用以。又疋-主機微處理器中之某項執行特徵致能 或不致能,例如控制16位元或32位元之動作,控制執行或 存取特定的記憶體段落等等。重複前置攔位4〇2用來表示 由密碼指令4GG指定之密碼操作,是要對至少—個輸入資 料(例如無加密文件或已加密文件)區塊來執行。重複前 置攔位也隱約控制-相稱的微處理器,使用其中複數^結 構式暫存器的内容作為指向系統記憶體中的位址之指標, 其中記憶體包含有已加密資料及參數,以完成指定的^碼 操作。如上所提,在一 x86相容之實施例中,重複前置攔 位的數值為0xF3。而且根據x86架構協定,密碼指令係與 一 x86架構中重複字串指令(例如)的形式非 苇類似。舉例來說,當本發明中一 χ86相容微處理器之實 施例執行重複前置時,重複前置會參考一存於結構二暫二 為ECX中代表區塊計數變數,一存於暫存器ESI中之來源 位址指標(指向密碼操作之輸入資料),及一存於暫存哭 EDI中之目的位址指標(指向記憶體中輸出資料的區W 域)。在一 x86相容之實施例中,本發明更進一步擴充一 習知的重複字串指令之概念,進一步參考一存於暫存哭 23 1258289 EDX之控制字元指標,一 . 存於暫存器EBX中之密碼全钤 :二存於暫存器EAX中指向初始化向 、(= 才曰疋的岔碼模式需要的話)。 (如果 =作:攔位403指定微處理器之密碼操作 =:;Γ之控制字,中說w透過控制二 ⑽摆 之用本兔明考慮到操作碼攔位403較佳的 廷擇,以作為已存在的指八隹加 平乂仏的 數值,η日士忒/ 7木木構中備用或未用的操作碼 =卢】:可相容於一包含舊式作業系統及應用軟體 W處理裔。舉例來說’如上所提—χ86相容 :::實施例中使用數一,以控制特定的密瑪摔: 塊加密模式搁位404指定在特定的密碼操作過 ::討::特定的區塊加密模式,接下來請參照第五圖以 =圖係顯示一根據第四圖微密碼指令之區塊加密模 ^數^表500之數值實例。數值QxC8係蚊密碼操作使用 电子名碼本(ECB )模^。數值QxD()係指定密碼操作使用 加密區塊連鎖(CBC)模式。數值㈣指定密碼操作係使 用密碼回授(CFB )模式。以及數值祕指^密碼操作係 使用輸出回授(QFB )模式。所有其他區塊加密模式搁位 撕的數值都被保留起來。$些模式都在上述的Hps之槽 案裡有說明。 田 現在來看第六圖,根據本發明一方塊圖詳細說明一 沾6相容之微處理器6〇〇中之密碼單元617。微處理器 60〇包g擷取執行邏輯電路6〇1 ,擷取執行邏輯電路6⑴ 24 1258289 從記憶體(未緣示於圖中)中擷取要執行的指令。铸體 執行邏輯電路602。轉譯執行邏輯電路術 二執仃,輯電路、裝置或微程式碼(例如微指令或本機 =:公或是執行邏輯電路、裝置或微程式碼之結合,或 指令轉譯成對應的微指令序列之等效的元件。該 用來在^譯執行邏輯電路602令執行轉譯工作之 其他不同功用的電路、微程式碼等: 仃邈輯電路602包含微程式碼唯讀記憶體 連,至微程式碼唯讀記憶體604之轉譯器6〇3、及 匕匯流排連接中斷執行邏輯電路62 電路602。禮數個斂鲈芬綠触士“ <知#執订璉軏 行邏輯電路% 627 _號係由中斷執 來判定#^ 理’其中中斷執行邏輯電路626係用 路6。2之中斷。轉譯執行邏輯電路 605連妾至伽器600中連續的階層,包括暫存器階層 存階ΖΓΊ _,載入階層607,執行階層_,儲 舄回階層619。連續的每-個階層中都包 ;二::力能的執行邏輯電路,其中這些功能係依照 二轉⑽的指令來執行。掏取執行邏輯電路 在之刚弟二圖之微處理器中討論過了。第六 的x86相容之微處理哭奋 、°田、,曰 _中的執行邏輯電ς 特徵在於執行階層 ㈣… 路632,其中執行階層_包含平行 的執行單元_、612、剔、616、617。一 订 ⑽從微指切列_ 正數早几 浮點盔® ^ 按叹正数檨扣7电路以執行之。一 數早凡612從微指令仔列6Π接收浮點數微指令以執 25 Ί258289 行之。一多媒體延伸集單元614從微指令佇列613接收多 媒體延伸集微指令以執行之。一串流延伸集單元616從微 指令佇列615接收串流延伸集微指令以執行之。在所示之 x86相容的實施例中,一密碼單元617係藉由一載入匯流 排620,一延遲信號621,及一儲存匯流排622連接至串 流延伸集單元616。密碼單元617共用串流延伸集單元 616的微指令仔列615。一可替代的實施例考慮了密碼單 元617之平行獨立作業,類似於單元610、612及614的 方式。整數單元610係連接至一 x86旗標(EFLAGS )暫 存器624。旗標暫存器624包含一 X位元625 ,設定X位 元625的狀態以表示密碼操作是否有在進行中。在一實施 例中,X位元625係一 x86旗標暫存器624中之第30個 位元。除此之外,整數單元610存取一機器特定暫存器 628以判斷一 E位元629的狀態。E位元629的狀態係表 示密碼單元617是否有出現於微處理器600中。整數單元 610亦存取一特徵控制暫存器630中之D位元631 ,以使 密碼單元617致能或不致能。如第三圖中一微處理器301 之實施例,第六圖中之微處理器600之特徵在於必要元 件,於一 x86相容之實施例說明本發明,且為了清楚起 見,收集了微處理器600中必要元件而省略掉其他不必要 元件。任何熟習此技藝者可以了解其他的元件係用來完成 其介面,例如一資料快取記憶體(未繪示於圖中),匯流 排介面單元(未繪示於圖中),時脈產生器,及分布執行 邏輯電路(未繪示於圖中)等等。 26 1258289 f操作上’指令係隨著時脈訊號(未綠示於圖中)同 步地藉由擷取執行邏輯電路6G1,從記憶體巾擷取至轉譯 執行邏輯電路602。轉譯執行邏輯電路6〇2將每個指令轉 譯成-對應的微指令序列,序列係隨著時脈訊號同步、連 續地提供至微處理器中之子序列階層齡繼、618、 619 ° -微指令序列中每—個微指令’係控制—完成整個 指令對應之操作所必須的子動作之執行,例如由位址階層 _產生一位址,整數單元61〇中二個運算元的相加(已 。頁取自暫,器階層605中指定的暫存器(未緣示於圖 中)),藉由儲存執行邏輯電路618,將由執行單元 610、6i2、614、616、617其中之一產生的結果儲存 §己憶體中轉。依照進行轉譯的指令,轉譯執行邏輯電 路602會使用轉譯器、6〇3來直接產生微指令序列,或者合 從微程式碼唯讀記憶體綱中操取序列,或者會 ^ 來直接產生-部分的微指令序列,且從微程式碼唯擎 =憶體_中擷取序列其他的部分。微指令透過微處理 ::連績的階層605德、618、619,隨著時脈訊號同步 :地進仃。虽微指令到達執行階層_,他們將執行邏 :路632以及它們的運算元(擷取自暫存器階層6仍中 之暫存器,或由位址階層606中之執行邏輯電路632產 生:或者是藉由載人執行邏輯電路632擷取自—資料快取 ^憶體)以置放微指令於對應的微指令仔列609、611、、 613、615之方式,沿路送至標定的執行單元61〇、 612、614、616、617。執行單元 61〇、612、614、 27 1258289 Μ?執行被指令且將結果提供至儲存階層618。在 貝靶例中,微指令包含一些可以或不能與其他動作平行 執行的區域。 ^對於如上所述擷取一密碼指令之反應,轉譯執行邏輯 %路602產生對應的微指令,微指令控制微處理器中子序 ^6。5_6()8、618、619中之執行邏輯電路,以執行指 二的饴碼刼作。於是第一複數個對應的微指令係直接沿路 送至密碼單元617,並控制密碼單元617載入由載入匯流 排必)上所提供的資料,或載入一輸入資料區塊,並開始 執行指定的加密回合I $ 士人,》 數以產生一輸出貢料區塊,或於儲 上提供一已生成的輪出資料區塊,以透過儲 订4电路632將之儲存於記憶體中 應的微指令係沿路送至其他的執行單元61〇、612、對 Π你Μ6巾’以執行其他完成指定的密碼操作所必須之 子動作,例如Ε位元_之測試,致能D位以31 _定 Χ位元625以表示有-密碼操作正在進行中,更新軒;: :中之暫存器(例如計數暫存器,輸入文件 ::所=文:指標暫存器)’處理由中斷執行邏輯;: 626所提出之中斷627 〇 、平斗电路 -些整數單元微指令的設物二 操作,因此整數操作可舆:二摔佳:二^^^ 指令係包含於對應的微指令中以接受中斷防仃。微 627的狀_。因為所有指向密碼參數的指標 28 1258289 在X86結構式暫存器中,所以當執行中斷服 們的狀態合祜秒六+ 力式日寸’他 對於從斷跳回時會讀回該狀態。 斷是否微指令會測歌位元625的狀態以判 時正在執行在進行中°如果是的話’中斷發生 摔作。在n 人資料區塊將會4複執行該項密碼 =暫存器與對輪入文件區塊執行密碼操作之序列的3 栌制:::茶照第七圖,一揭示第六圖之微處理器_中 才工制捃碼子動作之微指令700實例中的欄位。 包含—ρ 貝例甲的欄位。微指令700 二二f私式瑪攔位701,一資料暫存器攔位702,及一 i:::: 7〇3。微程式碼攔位7〇1具體說明-特定的子 ㈣ 指派微處理器_中至少-個階層中桿定 的執行邏輯電路來勃许兮工知a ㈢疋 定的值係声—ί執们亥子動作。微程式碼攔位7〇1中特 碼。在根據本發明之密碼單元來執行微程式 入^財:料定的值。第—個值「载 二:體位址t操取,其,結構式 二 存為欄位702的内容指定。資 貝竹θ 的暫存Μ,MM 载人到—密碼單元 的資料了" 曰存益係由暫存器欄位703指定。擷取 的貝抖(例如密碼金餘資料 只取 初始化向量)俜送至&二制子凡,輸入文件資料, ::Γ )」表示,由密碑單无產生的資料是 存於由結構式暫存器的内容所指定之-記憶體位址 29 1258289 中,其中結構式暫存器係由資料暫存器(XSTOR )欄位 702的内容指定。在密碼單元之一多階層實施例中,暫存 器(XSTOR)攔位703的内容係分配複數個輸出資料區塊 以儲存於記憶體中。密碼單元於資料(XSTOR )攔位704 中產生輸出資料區塊以供儲存執行邏輯電路之存取。現在 請參照第八圖及第九圖,繼續探討更多根據本發明,關於 由一密碼單元執行的載入和儲存微指令更多具體的細節。 請參照第八圖,載入微指令數值表800係描述暫存器 欄位703中用於一根據本發明載入微指令電路的數值。如 之前所討論的,一微指令序列可以係經由一密碼指令電路 之轉譯運作所產生的。微指令序列包含由密碼單元來執行 之第一複數個微指令電路,及由微處理器中密碼單元之 外,至少一個平行操作的單元來執行之第二複數個微指令 電路。第二複數個微指令控制像是更新計數器、臨時暫存 器、結構式暫存器,機器特定暫存器中狀態位元之判斷與 設定等等的子動作。第一複數個微指令將金鑰資料、密碼 參數、及輸入資料送至密碼單元,且控制密碼單元產生金 錄目錄(或載入已由記憶體中擷取之金鑰目錄)載入輸入 文件資料或將輸入文件資料加密(或解密),並且儲存輸 出文件資料。一密碼單元中之載入微指令係用來載入控制 字元資料,載入一密碼金鑰或金鑰目錄,載入初始化向量 資料,載入輸入文件資料,並控制密碼單元以開始執行一 指定的密碼操作。一載入微指令中暫存器攔位703中之數 值ObOlO控制密碼單元,將一控制字元載入密碼單元内部 30 '1258289 制字元暫存器。當微指令沿管線操作執行下來時,合 存取-暫存器階層中之結構式控制字元指標暫存器: 二中f存控制字元的位址。轉譯執行邏輯電路將: 止羿#成一供記憶體存取之實體位址。 1=Γ體中擷取控制字元並且將控制字二ί: 的:’且接下來將控制字元傳送至密碼單元中。同樣 你^子器攔位數值麵〇係控制密碼單元載入來自資料 =位=之輸人文件資料,接著㈣執行指定的密碼操 器中二 f入資料係透過—儲存於結構式暫存 口中载入到第-内部暫存器叫載入到= ^曰^中的資料可以是輸入文件資料(當執行管線操作 二:::::化向量。數值0bl10與0b111控制密碼單 刀 捃碼金鑰之較低或較高的位元或由使用者產 之讀目錄中之—錢。根據本實例 齡一特定功能或特定操作者。使用者可以是手=為 :::作業系統,-機器,或是一個人。因此例 秩代=者產生之金餘目錄係由一應用程式產生。在一可 :1^M t ’制者產生之金錄目錄係由一個人操作 在一實施例中暫存器欄位數值為OblOO與〇_,者 慮到一具有二個階層 —^ 料區塊可以是用管線作2早兀’其中連續的輪入文件資 線作業的方作你 式來操作。因此,為了以管 ”、 ^ —個連續的輸入資料區塊,執行第一個 31 1258289 載入微指令電路,以將 輸入-1中,且接下來執=人文件資料區塊送到暫存器 輸入文件資料區塊送到暫存=载入微指令電路以將第二 元執行指定的密碼操作。°°雨入-0中,亚且控制密碼單 =採用一使用者產生之金 -些對應於使用者產生之金 執仃*碼知作, 被沿路送至密碼單元中 :D孟餘的载入指令會 每-個回合金輸。其中密碼單元係载入金輸目錄中 载入微指令’所有暫存器搁位7 值都會被保留。 T /、他的數 請參照第九圖,儲在料人垂Η士士 位703中用於一裙护笙/ " #值表9〇〇1|示暫存器攔 值。-儲圖中格式的儲存微指令7。。之數 :储存竭700係被送至密碼單元中以提 的(如已加密的或已解宓) 成 輯雷路中m 文件區塊至儲存執行邏 丨於記憶體中由資料暫存器攔位702所提 八 。因此’在為-輪入文件區塊產生-载入财入 =艮據本發明之轉譯執行邏輯電路為對應的二; 計 料微指令。暫存器攔位7G3數值〇麵. =碼早謂對應於其第一内部輸出暫存器輸出_〇之輸出 ΐ塊,提供至儲存執行邏輯電路中存放。輸出-0的内 應於提供至輪入·〇之輸入文件區塊。同樣的,參照 曰子益攔位703數值〇應,第二内部輪出暫存器輸出 的内容係對應於提供至輸入]之輸入文件區塊。因此,在 金餘與控制字元資料之載入後,複數個輪入文件區塊可以 32 1258289 利用密瑪單元’藉由產生如載入 (盡入私、η 親1入儲存·輪入-〇 作)^ 樣地控㈣碼單㈣始執行機密操 入於::輪“,儲存·輪出_1,載入.輸入d,载 開始對之後二個輪入文件區塊執行密碼操 作)專專順序之微密碼指令來完成管線操作。 現在請看第十圖,第+ 之密碼摔作中Γ 用定根據本發明 字元柊字元格式麵實例。該控制 摔作::且:t—使用者設計於記憶體中,在執行密碼 ’且格式的指標係提供給相稱的微處理器中之— =構^存器。如同對應於—密瑪指令之部分的微指令序 構式令=來控制微處理器讀取包含指標的結 工s: 5亥指標轉換成一實體記憶體位:w: ’從記憮 -(快取記憶體)中擷取控制字元麵,並且將控制字^ 麵載入到密碼單元中的内部控制字元暫存ϋ。控制字元 麵包含-保留(RSVD)攔位咖,一金錄尺寸1子疋 (KSIZE )攔位刪,一加密//解密(e/d)搁位 1003,一中間結果(IRSLT )攔位麵,一金鑰產生 (KGEN )攔位刪’一演算法(ALG)攔位聰,及一 回合計數(RCN )攔位1〇07。 保留攔位臟中的所有數值均被保留。金输尺寸摘位 臓之内容指定-用來執行一加密或解密操作之密碼金鑰 的大小。在一實施例中,金鑰尺寸攔位1002指定一 位 元大小之金餘,- 192位元大小之金输’或一攻位元大 小之金鑰。加密/解密攔位1003指定密碼操作為一加密動 33 1258289 作或是一解密動作。金鑰產生攔位1005表示提供於記憶體 中者為一使用者產生之金鑰目錄,或者是一單一的密碼金 鑰。若提供於記憶體中者為一單一的密碼金鑰,接下來微 指令會隨著密碼金鑰被傳送到密碼單元中,根據由演算法 欄位1006之内容所指定的密碼演算法,微指令會控制密碼 單元將金鑰增加至一金鑰目錄上。在一實施例中,演算法 櫊位1006中特定的數值係指定資料加密標準演算法,三重 資料加密標準演算法,或進階加密標準演算法。可替代的 實施例考慮了其他的加密演算法,像是Rijndael加密演算 法,雙魚(Twofish )加密演算法等等。回合計數欄位1007 的内容指定根據指定的演算法,用來執行於每個資料輸入 區塊之密碼回合的次數。雖然上述演算法之標準,指定了 對每個輸入文件區塊執行固定的密碼回合次數,回合計數 欄位1007的提供也允許使用者可以改變標準指定的密碼回 合次數。在一實施例中,使用者可以指定每個區塊執行0 〜15次的密碼回合。最後,中間結果欄位1004的内容指定 一輸入文件區塊之加密/解密是否要執行指定於回合計數 攔位1007 (根據演算法欄位1006中指定的密碼演算法標 準)中之密碼回合次數,或者是要執行指定於回合計數攔 位1007之回合次數,其中執行的最終回合代表一中間結果 而非最終結果(根據演算法攔位1006中指定的演算法)。 任何熟習此技藝者可以了解,許多的密碼演算法在每個密 碼回合中可以執行同樣的子動作,除了執行於最終回合的 以外。因此,設計中間結果攔位1004來產生中間結果而非 34 Ί258289 I、冬結果,這允許—程式設計者可以 中間的步驟。舉例丈〇、 十 义μ執仃的演算法 間結果,可由兄,用來改變演算法操作之增佳的中 j由執仃一禮、碼回合於一 個密碼回合於同一 ° Α,Λ、、:後執行二 文件區塊,然後執行二個象 之方式來得到。接徂π# A 在碼回合等等 使用去7 / 式的回合與中間結果的方式,售 使用者可以改變密碼執行的效果,排除困難 ^遠 金鑰結構與回合總數的功用。 ”、 、改k 現在請看到第十一 要給第十圖中斤制丰-咖^攔位數值表_顯示 ,,.pq 制予兀1000之中間結果攔位1004的數值與 例。中間結果攔位1004之「 的數值只 運算元件來“卜 制,係根據本發明之 十圖之Sr疋密碼操作(根據如上述討論關於第 之「! 馬茶數)的正常結果。中間結果攔位腦 + 」技制,係根據本發明之運算元件來產生一特定 根據如上述討論關於第十圖之特定的密碼Γ 數)的中間結果。 / 現在請參照第十二 明一密碼單元實例1200 一微程式碼暫存器1203 令匯流排1214來接收微 令)。密碼單元1200亦 一輸入暫存器(輸入_〇 -1 ) 1206 ’ 一第一金餘 金鑰暫存器(金鑰4 ) 入微指令有所指定時, 圖,一方塊圖係用來說明根據本發 中各細節部分。密碼單元1200包含 ’微程式碼暫存器12〇3透過一微指 始、碼指令(例如載入與儲存微指 包含一控制字元暫存器1204,一第 )1205,一第二輪入暫存器(輸入 暫存器(金鑰-0 ) 1207,及一第二 12〇8。當微指令暫存器12〇3中一載 貪料係透過一載入匯流排1211來提 35 1258289 供至暫存器中。“單元麗亦包含區塊加密執 ^邏輯電路12G1,區塊加密執行邏輯f路咖係連接至每 =暫存器麗,並且也連接至㈣切隨機存取記憶 202、。區塊加純行賴電路·也會提供—延遲訊號 13 ’亚且提供區塊結果給第—輸出暫存|| 及第二輸 s存态1210。这些輸出暫存器透過一儲存匯流排⑵2將 一内容沿路送至一相容的微處理器中的連續階層。在一實 施例中,微指令暫存器1203的大小為32位元,且其他每一 個暫存器的大小為128位元。 _在刼作上,微密碼指令隨著控制字元暫存器1204、一 輪入暫存态1205-1206、或是金鑰暫存器12〇7_12〇8之一的資 料連績地提供至微指令暫存器12〇3中。在第八圖或第九 圖所的貫施例中,—控制字元係透過—載人微指令載 入至控制子兀暫存器12〇4。接著密碼金錄或金輸目錄將透 :連續的載入微指令來載入。如果是載入一 128位元的密 2鑰帛下來w才疋供一載入微指令以指定暫存器金錄〇 2。如果是載入一大力128位元的密碼金錄,接下來會 指^暫存器金錄_〇咖的載人微指令以及—指定暫 =金錄心观的載入微指令。如果是載人-使用者產生 =目_,則接下來會提供連續的、絲指定暫存器金 輪-0 1207的載入微指令。全钤 . . L i鑰目錄中每一個被载入的金鑰 係依序地於其對應的密碼回合 記憶體⑽《供使《破存放於金㈣機存取 用到初始化向量)係被載件資料(如果不需要 戟主暫存器輸入1 1200中。如果 36 Ί258289 =L::始=量則接下該初始化向量係透過-載 入«曰令被載人至暫存器輸人_u寫中。—關於暫存器輸 入-0 1205的載入微指令控制密碼單元,將輸人文件資料载 入至暫存器輸人-G12G5巾’並使用暫存器輸人_u施中的 初始化向量(或使用二個數入暫存器中的初始化向量’若 輸入貧料是以管線作業的方式來操作),根據由控制字元 内容提供的參數,開始在暫存器輸入_〇12〇5中對輸入文件 Γ2〇::密?匕的操作。在接收到-指定暫存器輸“ —、入镟指令後,區塊加密執行邏輯電路1201開始執 订由,制字元内容所指定的密碼操作。如果需要增加一單 -的密碼金錄’接下來區塊加密執行邏輯電路12 SI錄中:每一個錢並且存於金输隨機存取記憶體 不塊加讀行邏輯電路12G1是產生一金餘目 ==記謝載入該金餘目錄,第-回合之金餘係 快=至區塊加岔執行邏輯電路咖中,因此第—區塊加密 回5可不需存取金錄隨機存取記憶體⑽就能執行。一旦 初純後’區塊加密執行邏輯電路咖會對至少—個輸入 定的密碼操作’並連續地從金賴 存取§己憶體腿中擷取密碼演算法中必須用到的回合金 到操作完成為止。密碼單元聰對衫的密瑪文件 的區塊密碼操作。連續的輸入文件區塊係 ,對應之_入及儲存微指令的執行來加密或解密。 路時,若指定的輸出資料(例如輸 或輸出)逛未產生完成,接下來區塊加密執行邏輯 1258289 電路1201會提出一延遲訊號1213。一旦輸出資料產生且存 放於對應的輸出資料暫存器12〇9_121〇之後,輸出資料暫存 區1209-1210的内容會被傳送到儲存匯流排1212上。 現在看到第十三圖,方塊圖顯示一根據本發明,依照 進階加密標準演算法來執行密碼操作之區塊加密執行邏輯 電路1300的實施例。區塊加密執行邏輯電路13〇〇包含一透 過匯流排1311-1314與匯流排1316_1318,連接至回合引擎控 制為1310之回合引擎132〇。回合引擎控制器131〇包含中間 杈式執行邏輯電路1330並且存取一微指令暫存器13〇1,一 控制字元暫存器1302,第-金餘(金錄-0)暫存器1303, 與第二金鑰(金鑰-1)暫存器13〇4,以存取金鑰資料、微 才曰令以及扣定的密碼操作之參數。輸入暫存器13〇5_13〇6的 内容係提供至回合引擎咖中,且回合引擎咖產生對應 的輸出文件至輸出暫存器13〇7_13〇8。輸出暫存器i3〇7_i3〇8 亦透過匯流排1316-1317連接至回合引擎控制器131〇,使回 δ引擎控制态1310可以存取每個連續密碼回合的結果,其 中結果係透過匯流排ΝΕΧΤΙΝ1318提供至回合引擎132〇以給 下一個密碼回合使用。密碼金鑰係透過匯流排1315從金鑰 Ik機存取§己憶體中操取出來。加密/解密訊號U11控制回 合引擎利用子動作來執行加密(如s-BOX)或解密(如逆 向S-BOX )。對應於控制字元中一中間結果攔位之内容, 中間模式執行邏輯電路1330設定好回合計數匯流排1312的 狀態,以控制回合引擎1320執行第一個進階加密標準回 合,一中間的進階加密標準回合,或是一最終進階加密標 38 ^258289 準回合。金鍮匯流排1313亦用於執行每個對應的加密回合 時,將每個回合金鑰提供至回合引擎1320中。 回合引擎1320包含連接至第一暫存器暫存_0 1322之第 一金鑰互斥(XOR)執行邏輯電路1321。第一暫存器1322 係連接至S-BOX執行邏輯電路1323,其中S-BOX執行邏輯 電路1323係連接至移列執行邏輯電路(ShiflRowlogic ) 1324。 移列執行邏輯電路1324係連接至第二暫存器暫存-1 1325。 第二暫存器1325連接至混攔(MIX Column )執行邏 輯電路1326,其中混欄執行邏輯電路1326係連接至第三暫 存器REG-2 1327。第一金鑰執行邏輯電路1321、S-BOX執 行邏輯電路1323、移列執行邏輯電路1324以及混攔執行邏 輯電路1326係建構來對輸入文件資料執行同名的子動作, 如之前討論的FIPS之進階加密標準指定的操作。混攔執行 邏輯電路1326額外地用於間回合過程中,利用金鑰匯流排 1313提供之回合金鍮來對輸入資料執行進階加密標準互斥 (AES XOR )功能。在加密/解密階層1311的解密步驟 中,第一金鑰互斥執行邏輯電路1321、S-BOX執行邏輯電 路1323、移列執行邏輯電路1324以及混欄執行邏輯電路 1326亦建構來執行其對應的逆向進階加密標準子動作。任 何熟習此技藝者可以了解中間回合的資料係回傳至回合引 擎1320中,根據此方式,特定的區塊密碼模式係由控制字 元暫存器1302來指定。初始化向量資料(如有需要)係透 過匯流排NEXTIN 1318傳送至回合引擎1320中。 任何熟習此技藝者亦可了解,雖然中間模式執行邏輯 39 '1258289 電路咖根據進階加純準,以明確的架構來執行密碼操 作’而具體顯示於區塊加密執行邏輯電路測中,但是, 根據上述討論的其他區塊加密演算法,關於本發明大致相 似的實施例’同樣的可以完成中間結果的生成。 在第十三圖所顯示的實施例中,回合引擎卿係分成 二個階層··第一階層係介於暫存们奶與暫存奶之 間;第二階層係介於暫存_1 1325與暫存_2 1327之間。中間 資::隨著一時脈訊號(未示於圖”,於二個階 μ — 栗’万式;同步插作。當-輪入資料區塊 上之密碼操作完成時,對應 兄 的輸出暫存器 定的輸出暫存器13〇7_13〇8之内容逆 锉六仃0使才曰 (未緣示於圖中)。I傳达到一儲存匯流排上 現在看到第十四圖,一流程圖顧一 一中斷事件的期間保存密碼參數的狀能、之;於 的流程由根據本發明之微處理 ::、法。*一指令 ⑽開始。指令流程可以不必=執:程自區塊 程進行到判定區塊1404。 山馬礼5。接下來流 在判又區塊1404中,呈右一虫 (例如可庐I斗^ 士 “八有片断疋否有一中斷事件 …如了遮罩式的中斷,非可遮 研爭仵 ,作切換等等)正在發生的評估,t中杜面錯秩, =令流程至另一指令流程(中理^事:會切換原 事件。如果有一中斷發生的話,以執行該中斷 】條。如果沒有中斷發生的話,接下進行到區塊 木/爪耘胃形成迴圈持 40 ^258289 續在判定區塊14〇4中進耔 ^ y 事件發生為止。 ,執㈣指令電路直财-中斷 在區塊H06中’因為—中斷事件的發生,在將 制軺換成一對應的中斷處 " ,路’會清除一旗標暫存器中之χ位元。清除仃 用來確保從中斷處理跳回木 兀 正在進行,就會指定—或多個塊加费操作 對由輸入指標暫存器内容所件已結束’且在繼續 £塊加密操作之前,控制字 執仃口亥 t 70兵孟鑰貝枓必須被重新载 入。接下來流程進行到區塊1408。 在£塊1408中,關於—根據本發明之區塊加密操作的 Ι·^Φ所有包含指標與計數器的結構式暫存11都儲存於記 fe體中。任何熟習此技蓺者 、 ί 一般係在將㈣轉換至中斷處理之前,於現今的資料運 Γ件中完成。因此,本發明利用目前資料結構的這個概 1使整個中斷事件的執行變得明朗化。在儲存該暫存哭 之後’接下來流程進行到區塊141〇。 °° 、在區塊1410中’程式流程係轉換到中斷處理上。 來流程進行到區塊1412。 在區塊1412中,該方法p 6 士 义 乃凌已7L成。任何熟習此技藝者可 以了解第十四圖中之方法,當由中隱考 田田甲断處理中跳回時該方法 會在區塊1402中再次的開始操作。 現在請參照第十五圖,一、六# 口 机耘圖係描繪一根據本發 明’在出現至少一個中餅拿杜沾卜主 岍爭仵的h況下,對至少一個輸入 41 1258289 資料區塊執行一密碼操作時,用於指定且產生-中間社果 了,見,用來控制根據區塊加密模式指 二r已省略’其中區塊加密模式需要更新 子广之間寻同初始化向量的參數(例如輸出回授模 回授模式);雖然那些其他的區塊加密模式是透 過该根據本發明之方、本步τ # 、士 區挣流程從區塊15G2開始,在 二私 I根據本發明用來控制—密碼操作的密碼指令 :口订。密碼指令的執行可以是第一個執行的動作,或 因為-中斷事件的中斷執行而接在—第—個執行動 如/目此中斷處理執行完後程式控制權又傳回該加密 曰々上。接下來流程進行到區塊1504。 在區塊1504中,由一根據本發明之輸入指標暫存器所 =口己fe體中之貧料區塊,係由該記憶體中載入,且開始 作:Lpi疋的岔碼#作。在一實施例中,該指定的密碼操 行到判定區塊1506。 -在判定區塊1506中’具有-判斷旗標暫存器中之X位 :的值是否為「設定」的評估。如果該X位元的值為「設 疋」’代表根據本發明載人至加密單元巾的控制字元盘金 輸目錄^有效的。如果的值為「清除」,則代表載 入至加⑥、早兀中的控制字元與金餘目錄是無效的。如上面 依照第十四圖所提及的,當—中斷事件發生時,χ位元 :值為「清除」。此外’如同上面所提到的,#需要载入 一新的控制字Μ切目錄,或g要同時載人二者時,在 42 1258289 傳送密碼指令之前,必須要有指令執行χ位元的清除。 如果有-中斷發生的話,接下來流程會進行到區塊 如果/又有中斷發生的話,接下來流程會形成迴圈持 、、哭在判定區塊1404中進行,執行該指令直到有—中斷事件 發生為止。在-使用χ86旗標暫存器中第則固位元㈤ 3〇)之Χ86相容的實施例中,可藉由執行p〇pFD指令,接 ,行P_指令來清除χ位元。然而任何熟習此技藝 主可以了解,在可替代的實施例中必須使用其他的指令來 ::除Χ位元。如果Χ位元的值為「設定」,接下來流程進 :到判定區塊m2。如果χ位元的值為「清除」,則接下 來流程進行到判定區塊15〇8。 亩在區塊1508中,因為一清除的χ位元已指明有-中斷 2件發生或是要載人—新的控制字元及/或錢資料,一 控制字元係從記憶體中載入,且原本在區塊⑽中開 Ζ的密碼操作會重新啟動。在—實施例中,載人控制字元 二=密:單元執行如上所述(參考區塊15〇4)指定的密 例中,於區塊1504中開始—密碼操作, 思到複數個區塊加密操作之最佳化,可假設一正 ^制字70與錢資料是要被使用的,且電子密碼本模式曰 使用於區塊加密模式的’因此使用電子密碼本;: 來刼作。接下來流程進行到區塊151〇。 、 在區塊1510中,如區塊15〇4中之輸入文件 =餘資料-起再次被載人,且密碼操作根據新载 ^ 子元與金餘資料來開始執行。接下來流程進行到判定= 43 Ί258289 1512。 在判定區塊1512中,偵測控制字元中之一中間結果欄 位來判斷對於該載入的輪入區塊是要產生一正常的結果或 是要產生一中間結果。若是要產生一正常的結果,接下來 流程進行到區塊1516。若是要產生一中間結果,接下來流 程進行到區塊1514。 在區塊1516中,會產生一對應該輸入區塊的輸出區 塊。對於加密來說,該輸入區塊係一無加密文件區塊且輸 出區塊係對應的已加密文字區塊。對於解密來說,該輸入 區塊係一已加密文字區塊且輸出區塊係對應的無加密文字 區塊。根據控制字元中一回合計數欄位的内容,一指定次 數的加岔回合係執行於輸入區塊上。然而取代一正常結 果,一中間結果的產生已於之前討論過了。接下來流程進 行到區塊1518。 在區塊1514中,產生一對應於载入的輸入區塊之輸出 區塊。根據控制字元中一回合計數攔位的内容,一指定次 數的密碼回合係執行於輸入區塊上。根據指定的密碼演^ 法及區塊加密模式,產生一正常的結果。接下來流程進: 到區塊1518。 在區塊1518中,產生的輸出區塊係儲存於記憶體中。 接下來流程進行到區塊152〇。 在區塊1520中,輸入與輸出區塊指標暫存器的内容被 改為指向下一個輸入及輸出區塊。此外,區塊計數暫存器 的内容改為指示執行於目前的輸人資料區塊之密碼操作已 44 Ί258289 在㈣第十五圖所討論的實施例中,減少區塊計數 曰存益的值。然而任何熟習此技藝者可以了解,可替代的 貫施例考慮了區塊計數暫存器内容的操作與測試,以 问樣的管線作業的方式來執行輸人文件區塊的密碼操作。 接下來流程進行到判定區塊1522。 在判定區塊助中,具有一判斷是否仍有輸入資料區 ^要執订加岔刼作的評估。在此顯示的實施例中,為突顯 目的,區塊計數器被偵測其值是否為零。如果已經沒有區、 塊要執行密碼操作,接下來流程進行到區塊1526。如果仍 有區塊要執行密碼操作,接下來流程進行到區塊1524。 在區塊1524中’如輸入指標暫存器的内容所指,下一 個輸入資料區塊會被載人。接下來流程進行到區塊咖。 在區塊1526中,該方法已完成。 雖然本發明及其目的、特徵與優點已詳細地描述,但 其他的貫施例可以同樣地依據本發明來完成。I例來說, 本發明已討論根據x86相容之實施例。然而會以這樣的方 式來討論是因為X86結構係普遍地被熟知,所以藉由此具 體地說明本發明。然而本發明包含適用於其他指令华/、 構,如PowerPC®、刪⑧以及其他全新的指令集結構之實 施例。 、 此外本务明包含在-運算系統的元件(而不在微處理 器本身)中加密碼操作的執行。舉例來說,根據本發明之 密碼指令可以容易的應用於一加密單元實施例中,其中密 碼單元並非是操作部分電腦系統的積體電路(如―微處二 45 1258289 二:=明這種的實施例預期為整合入微處理 碼操作的專用處橋)卜或是當作執行密 傳遞下來到該專用處理中?:二處理器指體 歲入式控制器、工章用:二。也考慮到了本發明適係用於 哭 業用控制益、訊號處理器、陣列處理 作之必要/-I 卩些執行此處所述的密碼操 70 。這樣的兀件實施例確實會提供一低成 率消ί的選擇來專門只執㈣碼操作,作為一通 …的加在/解密處理器。為了清楚起見,本發明者 將如上數之處理器般來討論這些替代的處理元件。 此外,雖然本發明對128位元之區塊有加以描述過, 另外也考慮到也可使用不同大小的區塊,只要改變儲存輪 入貪料、輸出資料、金餘及控制字元等之暫存器的大小即 可。 再者,雖然本發明說明書中有特別突顯資料加密標準 演算法,三重資料加密標準演算法,及進階加密標準演算 法。本發明者指出本發明同樣地亦包含較不廣為人知的區 塊加密演算法的情況,例如MARS加密演算法(MARS cipher )、Rijndael 加密演算法(Rijn(jaei cipj^ )、雙魚加 岔〉灵异法(Twofish cipher ) 、Blowfish加密演算法 (Blowfish cipher )、Serpent 加遂、演算法(Serpent cipher ), 以及RC6加密演算法(RC6cipher)。可以充分了解本發明 係提供專用的區塊加密裝置及關於微處理器的理論,其中 46 1258289 微區塊加密動作可以由單一指令的執行來觸發。 並且’雖然本發明對區塊加密演算法及執行區塊加密 技術有加以描述過,要注意的是本發明亦可以完全 叫疏區塊加岔以外的加密方式。可以觀察到單一指令的 解:等者可控制一相容的微處理器來執行加密或 ,專山馬#作’並且該微處理器包含一專用的密碼單 兀’用以執行該單-指令電路所指示的密碼功能。 另外’關於討論的一提供二個階層之袭置的回合引 :中該裝置可對二個輸人資料區塊進行管線作業的操 主卷月者扣出其他增加的實施例考慮到了多於二個階 12 =有預期到將階層分割以支援更多輸人資料區塊 丄:ί: 樣的方式可以同樣的延伸到-相容的微處 理枝中其他的階層上。 最後,雖然本發明以單一個支援複數個 密 法的密碼單元來具體討論,然而本發明亦涵蓋了於一相; ,處:益:提:複數個與其他執行單元平行連結的密碼 。:二::禮:皁元係建構來執行特定的區塊加密演 +歹1〜兄’第—個單元係建構來執行進階加密標準 ^法,第二個單元係建構來執行資料加密標準演算法 等等。 雖然本發明已於前述較佳實施例揭示,然其並非用以 限定本發明,純㈣此技藝者,在不麟本發明之精神 和範圍内,當可作各種之更動與修改,因此本發明之伴罐 範圍當視後附之中請專利範圍所敎者為準。 ^ 47 1258289 【圖式簡單說明】 為了讓本發明之上述和其他目的、 月頦,下文特舉本發明較佳實施例 點能更 詳細說明如下: 例亚配合所附圖示,作 ϊ Γ圖為說明今日密碼應用的方塊圖; C述執行密碼操作之技術的方塊圖. 置的“目 根據本發明之執行密碼操作之微處理裝 圖;乐四圖為揭示本發明—實施例之微密碼指令的方塊 式範四圖提及之微密碼指令之示範方塊密碼模 元的㈡一個x86,容性微處理器内密碼單 示範㈤5=理器内直接密蝴 範圖為根據第七圖之格式之载人微指令之裝置記錄 之表弟九圖為顯示第七圖形式提及之儲存微裝置記錄㈣ 性控調本發明提及加密操作指 •第十一圖為說明第十圖提及控制文字 表; 定密碼參數示範 中間結果範疇之 =圖為本發明提及示範性密碼 弟十二圖為說明本發明提及之宓 °、、’田@二, 以在進階加密標準下執行加㈣^馬奸組具體實施例 弟十四圖為說明本發明提及一種在中斷情況下保留密 48 Ί258289 碼參數狀態的流程圖; 第十五圖說明一個本發明提及當在目前一個或多個阻 礙情況下,一個或多個輸入數據執行密碼操作時指定或產 生中間結果的方法之流程圖。 主要元件符號說明】 100 方塊圖 101 第一電腦工作站 102 第二電腦工作站 103 第三電腦工作站 104 筆記型電腦 105 區域網路 106 網路檔案儲存裝 置 107 第一路由器 108 無線路由器 109 無線網路 110 廣域網路 111 第二路由器 112 加密/解密操作 200 方塊圖 201 微處理器 202 作業系統 203 應用記憶體 204 密碼金鑰產生程式 205 金鑰目錄 206 加密程式 207 解密程式 208 初始化向量 209 密碼參數 210 無加密文件 211 已加密文件 300 方塊圖 301 微處理器 302 指令暫存器 303 轉譯執行邏輯電 路 304 微指令佇列 305 微指令項目 306 微指令項目 307 暫存器檔案 308 、309、310、3U、312、 313暫存器 314 載入執行邏輯電 路 49 1258289 315資料快取記憶體 317儲存執行邏輯電路 319記憶體匯流排 321記憶體 323控制字元 325初始化向量 327輸出文件 400微密碼指令 402重複前置欄位 404區塊加密核式搁位 600微處理器 602轉譯執行邏輯電路 604微程式碼唯讀記憶體 606位址階層 608執行階層 610整數單元 614多媒體延伸集單元 616串流延伸集單元 618儲存階層 620載入匯流排 622儲存匯流排 625 X位元 627中斷 629 E位元 316密碼單元 318寫回執行邏輯電路 320作業系統 322密碼指令 324初始加密金錄或金鍮目錄 326輸入文件 328執行邏輯電路 401前置攔位 403操作碼欄位 500區塊加密模式數值表 601擷取執行邏輯電路 603轉譯器 605暫存器階層 607載入階層 609、611、613、615 微指令佇列 612浮點數單元 617密碼單元 619寫回階層 621延遲信號 624旗標暫存器 626中斷執行邏輯電路 628機器特定暫存器 630特徵控制暫存器 50 1258289 631 D位元 632執行邏輯電路 700微指令 701微程式碼攔位 702資料暫存器欄位 704資料攔位 703暫存器欄位 800載入微指令數值表 900儲存微指令數值表 1000控制字元 1001保留欄位 1002金鑰尺寸攔位 1003加密/解密欄位 1004中間結果欄位 1005金鍮產生攔位 1006演算法欄位 1007回合計數欄位 1100中間結果攔位數值表1200回單元 1201區塊加密執行邏輯電路 1202回金鑰隨機存取記憶體 1203微程式碼暫存器 1204控制字元暫存器 1205、1206輸入暫存器 1207、1208金鑰暫存器 1209輸出資料暫存器 1210輸出資料暫存器 1211載入匯流排 1212儲存匯流排 1213延遲訊號 1214微指令匯流排 1300區塊加密執行邏輯電路 1301微指令暫存器 1302控制字元暫存器 1303第一金鑰暫存器 1304第二金鑰暫存器 1305第一輸入暫存器 1306第二輸入暫存器 1307第一輸出暫存器 1308第二輸出暫存器 1310回合引擎控制器 1311加密/解密訊號 1312回合計數匯流排 51 Ί258289 1313金鑰匯流排 1314金鑰產生匯流排 1315、1316、1317、1318 匯流排 1320回合引擎 1321第一金鑰互斥執行邏輯電路 1322第一暫存器 1323 S-BOX邏輯 1324移列執行邏輯電路 1325第二暫存器 1326混欄執行邏輯電路 1327第三暫存器 1330中間模式執行邏輯電路 1400流程圖 1402開始 1406清除X位元 1410中斷處理 1500流程圖 1404中斷判定 1408儲存結構式暫存器 1412完成 1502開始 1504載入輸入區塊並開始操作 1506X位元之判斷 1508載入控制字元並重新啟動 1510載入金鑰資料,載入輸入區塊,並重新開始操作 1512判斷是否為一正常結果 1514產生指定回合總數的中間輸出區塊 1516產生指定回合總數的正常輸出區塊 1518儲存輸出區塊至記憶體中 1520更新區塊計數器及指標 1522判斷區塊計數器值是否為零 1524載入輸入區塊並開始操作 52 Ί258289 1526完成1^+/. In the embodiment, the "instruction 32H = cryptographic instruction circuit" according to the present invention can be implemented in an application: and: a spoonful of class ' can therefore be designed to be provided to the microprocessor, =, provided by the program Or the operating system 32 control program stream 2 requires a password command 322 to control the microprocessor execution finger; , =: in Lai Tong 32. For this, the micro-home operation system 320 requires an application. Executed on ^ - 301. As the application executes, however, before the execution of the password instruction 322, the instruction flow specifies that the benefit 301 first initializes the contents of the register 312 to the 4-way memory 321 Address 323-327, where memory 32 ι 20 1258289 3 code control character 323' - initial password gold input or one gold record directory two = chemical vector 325 (if necessary) ... "file first output file 327. Before executing the password command, you need to save the crying ~312 initialization, because the password command 322 will refer to the temporary:::-Γ and a total of the total number of blocks included, temporary storage, the area is encrypted in the file 326 area Or the number of blocks that are decrypted. The mussel two-row logic circuit 303 is self-operating to execute the logic circuit. The following is a sequence of micro-instructions to control the micro-indication of the first code #. In the corresponding microinstruction sequence, the password loop for loading the number of the 255, 306, and 306 special control cryptographic units is generated, and is generated in the memory 315 stored in the memory 2 to be stored in the memory 2 329. In the corresponding micro-instruction sequence 2:: the round-out text sub-block is shown in the figure) in the control microprocessor and = several micro-instructions (not shown in the figure), perform other necessary two ^ = unit The configuration register contains,; the management, (4) the update of the registers 3, 312, after the - input = wheel and the output point to the temporary secret, the initialization vector points to the temporary: 326 encryption / solution update, where the interrupt is determined ;:1〇 (if necessary) One of the structural temporary storage is defined in the instruction set architecture (H register, Yang, Yang, zhong), for the specific micro-location 21 1258289 In one embodiment, the cryptographic unit 316 is divided into a plurality of levels for use in the pipeline operation of the continuous input text block 326. The block diagram 300 in the second figure illustrates the essential components of the present invention, thus = part of today's micro The execution logic in processor 3G1 has been omitted for the purposes of the present invention. However, anyone skilled in the art will appreciate that in current microprocessor 301, multiple levels are included, depending on the particular scope of use. Logic components, some of which are received The present invention is set forth to illustrate the present invention: For example, load execution logic circuit 314 includes an address generation hierarchy following a layer of cache memory (4), followed by a cache (four) body interface level. It is to be noted that, according to the present invention, a cryptographic operation is performed on a plurality of input text blocks 326 by a single cipher command 322, wherein the operation of the single cipher command 322 is not considered Knowing the operating system 32(), a single cryptographic command 322 is executed by a dedicated cipher list = 316, and the cryptographic unit operates in parallel and synchronously with other executing units of the 301 in the microprocessor. The present invention contemplates the structure of the embodiment. The cryptographic unit 316 can be substituted for the embodiment, similar to the special point unit hardware of the micro-processing H towel in recent years. The operation of the cryptographic unit and the associated code reading instruction 322 can be completely and currently used as described above. System 320 and Application Compatibility are described in more detail below. Referring now to Figure 4, an embodiment of a micro-cipher instruction 400 is disclosed in accordance with a block diagram of the present invention. 4〇〇 includes a selective pre-field Uptionalprefixfleld) 401, followed by a repeating pre-column 22 1258289 (repeat prefix field) 402, field ) 403, followed by - mode field ) 404 , in a real x86 instruction The set architecture is consistent. The instruction set architecture. Next, let's wait for the code to be placed (〇pC〇de block encryption mode block (block cipher example, the contents of the 401-404 and alternative embodiments) Considering other operations, the selective pre-blocking block 4〇1 is used in many instruction set wood structures. Also, an execution feature in the host microprocessor is enabled or disabled, such as controlling 16-bit or 32-bit operations, controlling execution or access to specific memory segments, and the like. The repeat pre-block 4〇2 is used to indicate that the cipher operation specified by the cipher command 4GG is to be performed on at least one input material (for example, an unencrypted file or an encrypted file) block. Repetitive pre-blocking is also implicitly controlled - a commensurate microprocessor that uses the contents of the complex ^ structure register as an indicator of the address in the system memory, where the memory contains the encrypted data and parameters, Complete the specified ^ code operation. As mentioned above, in an x86 compatible embodiment, the value of the repeated preamble is 0xF3. Moreover, according to the x86 architecture protocol, the cryptographic instructions are similar to the form of a repeated string instruction (for example) in an x86 architecture. For example, when an embodiment of a 86 compatible microprocessor in the present invention performs a repeating preamble, the repeated preamble will be referenced to the second block of the structure, and the second block is the representative block count variable in the ECX. The source address indicator in ESI (pointing to the input data of the password operation), and the destination address indicator (pointing to the W field of the output data in the memory) stored in the temporary crying EDI. In an x86 compatible embodiment, the present invention further expands the concept of a conventional repeated string instruction, and further refers to a control character indicator stored in the temporary crying 23 1258289 EDX, which is stored in the temporary register. The password in EBX is full: two in the register EAX pointing to the initialization direction, (= the required weight mode is required). (If = work: block 403 specifies the password operation of the microprocessor =:; Γ control word, said w through control two (10) pendulum use this rabbit to consider the operation code block 403 better choice, to As an existing value of the finger 隹 隹 隹 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , For example, 'as mentioned above—χ86 is compatible::: The number one is used in the embodiment to control the specific MM drop: Block Encryption Mode Shelf 404 specifies that the specific password has been operated::::Specific area In the block encryption mode, please refer to the fifth figure to display a numerical example of the block encryption module ^ table 500 according to the micro-password instruction of the fourth figure. The numerical QxC8 mosquito code operation uses the electronic name code book ( ECB) modulo ^. The value QxD () is the specified password operation using the encrypted block chain (CBC) mode. The value (4) specifies the password operation system uses the password feedback (CFB) mode, and the numerical secret ^ password operation system uses the output feedback (QFB) mode. Number of tears in all other block encryption modes All of them are preserved. Some of these modes are described in the above Hps slot case. Tian now looks at the sixth figure, which details a 6-compatible microprocessor in a block diagram according to the present invention. The cryptographic unit 617. The microprocessor 60 executes the logic circuit 6〇1, and the execution logic circuit 6(1) 24 1258289 retrieves the instruction to be executed from the memory (not shown in the figure). Logic circuit 602. Translation execution logic circuit 2, circuit, device or micro code (such as micro-instruction or local = public or execution logic, device or micro-code combination, or instruction translated into corresponding An equivalent component of the microinstruction sequence. The circuitry, microcode, etc. used to perform the translation function of the logic circuit 602 to perform other different functions of the translation operation: the circuit 602 includes a microcode read-only memory , to the microcode code read-only memory 604 translator 6〇3, and the bus bar connection interrupt execution logic circuit 62 circuit 602. The number of 鲈 鲈 鲈 绿 绿 绿 “ <Knowledge# 琏軏 逻辑 Logic Logic 627 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ The translation execution logic circuit 605 is connected to successive levels in the gamma 600, including the scratchpad hierarchy ΖΓΊ _, the load hierarchy 607, the execution hierarchy _, and the storage hierarchy 619. Each of the successive classes is packaged; two:: the execution logic of the force, wherein these functions are executed according to the instructions of the second turn (10). The execution logic circuit was discussed in the microprocessor of the second brother. The sixth x86-compatible micro-processing crying, the field, and the execution logic in 曰_ are characterized by the execution level (four)... path 632, where the execution level _ contains parallel execution units _, 612, tick, 616, 617. A set (10) cut from the micro finger _ positive number a few floats Helmet® ^ Press the sigh positive number to snap the 7 circuit to perform it. A number of 612 received the floating-point micro-instruction from the micro-instruction column 6 to execute 25 Ί 258289. A multimedia extension set unit 614 receives the multimedia extension set microinstructions from the microinstruction queue 613 for execution. A stream extension set unit 616 receives the stream extension set microinstructions from the microinstruction queue 615 for execution. In the illustrated x86 compatible embodiment, a cryptographic unit 617 is coupled to the stream extension unit 616 by a load bus 620, a delay signal 621, and a storage bus 622. The cryptographic unit 617 shares the microinstruction queue 615 of the stream extension set unit 616. An alternative embodiment contemplates parallel independent operations of cryptographic unit 617, similar to the manner of units 610, 612, and 614. Integer unit 610 is coupled to an x86 flag (EFLAGS) register 624. Flag register 624 includes an X bit 625 that sets the state of X bit 625 to indicate whether a cryptographic operation is in progress. In one embodiment, X bit 625 is the 30th bit in an x86 flag register 624. In addition, integer unit 610 accesses a machine specific register 628 to determine the status of an E bit 629. The state of the E bit 629 indicates whether or not the cryptographic unit 617 is present in the microprocessor 600. Integer unit 610 also accesses D bit 631 in a feature control register 630 to enable or disable crypto unit 617. As an embodiment of a microprocessor 301 in the third figure, the microprocessor 600 of the sixth figure is characterized by the necessary elements, the invention is illustrated in an x86 compatible embodiment, and for the sake of clarity, the micro is collected. The necessary components in the processor 600 are omitted and other unnecessary components are omitted. Anyone skilled in the art will appreciate that other components are used to complete their interface, such as a data cache (not shown), a bus interface unit (not shown), and a clock generator. And distribution execution logic circuits (not shown in the figure) and so on. 26 1258289 The f-operation command is synchronously retrieved from the memory tape to the translation execution logic circuit 602 by the capture logic circuit 6G1 along with the clock signal (not shown in the figure). The translation execution logic circuit 6〇2 translates each instruction into a corresponding microinstruction sequence, and the sequence is sequentially provided to the subsequence of the microprocessor in the synchronization with the clock signal, 618, 619 ° - microinstruction Each microinstruction in the sequence is controlled to perform the subactions necessary for the operation corresponding to the entire instruction, for example, an address is generated by the address level _, and the two operands of the integer unit 61 相 are added (already The page is taken from the temporary register (not shown in the figure) specified in the tier 605, and is stored by the execution logic 618, which is generated by one of the execution units 610, 6i2, 614, 616, 617. The result is stored in § Recall. According to the instruction for translation, the translation execution logic circuit 602 directly uses the translator, 6〇3 to directly generate the microinstruction sequence, or the sequence from the microcode read-only memory, or directly generates a portion. The sequence of microinstructions, and the other parts of the sequence are extracted from the microcode source=memory_. Micro-instructions through micro-processing :: Continuation of the class 605, 618, 619, with the synchronization of the clock signal: the ground into the 仃. Although the microinstructions arrive at the execution level _, they will execute the logic: path 632 and their operands (taken from the scratchpad still in the scratchpad hierarchy 6, or generated by the execution logic 632 in the address hierarchy 606: Alternatively, the manned execution logic circuit 632 retrieves the data from the data micro-instruction in the manner of the corresponding micro-instruction 609, 611, 613, 615, and sends it to the calibration execution along the way. Units 61A, 612, 614, 616, 617. Execution units 61〇, 612, 614, 27 1258289 执行 are executed and the results are provided to storage hierarchy 618. In the shell target case, the microinstruction contains some areas that may or may not be executed in parallel with other actions. ^ For the response of capturing a password command as described above, the translation execution logic % path 602 generates a corresponding microinstruction, and the microinstruction controls the execution logic circuit in the subroutine ^6. 5_6() 8, 618, 619 of the microprocessor. To perform the weighting of the fingertips. Then the first plurality of corresponding micro-instructions are directly sent to the cryptographic unit 617, and the control cryptographic unit 617 loads the data provided by the loading bus, or loads an input data block and starts execution. The specified encryption round I $士人," is used to generate an output tribute block, or a generated round-out data block is provided on the storage to store it in the memory through the reserve 4 circuit 632. The micro-instructions are sent along the way to other execution units 61〇, 612, to your Μ6 towel' to perform other sub-actions necessary to complete the specified cryptographic operations, such as the test of the Ε bit _, enabling the D bit to 31 _ Bit 625 is defined to indicate that the cryptographic operation is in progress, updating the suffix;: : in the scratchpad (eg, count register, input file:: = text: metric register) 'processing is performed by interrupt Logic;: 626 proposed interrupt 627 平, squash circuit - some integer unit micro-instruction set two operations, so the integer operation can be 舆: two fell good: two ^ ^ ^ instruction is included in the corresponding micro-instruction Accept interrupts. The shape of micro 627. Since all indicators pointing to the password parameter 28 1258289 are in the X86 structured register, when the state of the interrupt service is executed, the value of the interrupted service is 六 + + + + + + ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ ’ Whether or not the micro-instruction will measure the state of the song bit 625 to determine that the execution is in progress. If yes, the interruption occurs. In the n-person data block, the password will be executed 4 = the register and the sequence of the password operation for the round-in file block:: The seventh picture of the tea, and the sixth picture The field in the instance of the microinstruction 700 of the processor _ code. Contains the field of the -ρ shell example. The microinstruction 700 22f private semaphore 701, a data register 702, and an i:::: 7 〇 3. Microcode Blocker 7〇1Specific Description-Specific Sub (4) Assign microprocessor_ at least one level of the execution logic of the pole to the ambition to know the value of a (3) 疋 的 — — — — Haizi action. The microcode stops the special code in 7〇1. In the cryptographic unit according to the present invention, the microprogramming value is calculated. The first value is "Load 2: The body address t is fetched, and the structure 2 is stored as the content of the field 702. The temporary storage of the zizhu θ, the MM manned to the crypto unit data " 曰The beneficiary is specified by the register field 703. The captured bounce (for example, the password gold data only takes the initialization vector) is sent to the & second system, the input file data, ::Γ )" indicates that The data generated by the monument is stored in the memory address 29 1258289 specified by the contents of the structure register, wherein the structured register is specified by the contents of the data register (XSTOR) field 702. . In one of the multi-level embodiments of the cryptographic unit, the contents of the temporary storage (XSTOR) block 703 are assigned a plurality of output data blocks for storage in the memory. The cryptographic unit generates an output data block in the data (XSTOR) block 704 for storage access to the execution logic circuit. Referring now to the eighth and ninth figures, it is further discussed with more specific details regarding the loading and storing of microinstructions performed by a cryptographic unit in accordance with the present invention. Referring to the eighth diagram, the load microinstruction value table 800 is a description of the value in the register field 703 for loading a microinstruction circuit in accordance with the present invention. As previously discussed, a sequence of microinstructions can be generated via a translation operation of a cryptographic instruction circuit. The microinstruction sequence includes a first plurality of microinstruction circuits executed by the cryptographic unit, and a second plurality of microinstruction circuits executed by at least one of the parallel operating units in addition to the cryptographic units in the microprocessor. The second plurality of microinstructions control sub-actions such as updating the counter, the temporary scratchpad, the structured scratchpad, the determination and setting of the status bits in the machine specific register. The first plurality of microinstructions send the key data, the password parameter, and the input data to the password unit, and the control password unit generates a gold record directory (or loads the key directory that has been retrieved from the memory) to load the input file. Data or encrypt (or decrypt) the input file data, and store the output file data. The load microinstruction in a crypto unit is used to load the control character data, load a cryptographic key or key directory, load the initialization vector data, load the input file data, and control the cryptographic unit to start execution. The specified password action. A value of the ObOlO control cipher unit is loaded into the scratchpad block 703 in the microinstruction, and a control character is loaded into the crypto unit internal 30'1258289 word slot register. When the microinstruction is executed along the pipeline operation, the structured control character index register in the access-storage hierarchy: the address of the second control register character. The translation execution logic circuit will: stop 羿# into a physical address for memory access. 1 = The control character is retrieved from the body and the control word 2:: and the control character is then transferred to the crypto unit. Similarly, the value of the control block is changed. The control password unit loads the input file data from the data=bit=, and then (4) executes the specified cryptographic device. The data is transmitted through the structure-storage port. The data loaded into the first internal register called load into = ^曰^ can be the input file data (when the pipeline operation 2::::: vector is executed. The values 0bl10 and 0b111 control the password single-chip weight key The lower or higher bit or the money in the reading list produced by the user. According to the present example, a specific function or a specific operator. The user can be a hand = for::: operating system, - machine, Or a person. Therefore, the ranks generated by the rank generation = are generated by an application. The catalogue generated by a system can be operated by one person in one embodiment. The number of column digits is OblOO and 〇_, and it is considered that one has two levels - the material block can be used as a pipeline for 2 consecutive operations, in which the continuous round-in file operation is operated by you. Therefore, In order to tube ", ^ - a continuous input data block Execute the first 31 1258289 to load the micro-instruction circuit to input the -1, and then send the human file data block to the scratchpad input file data block to the temporary storage = load micro-instruction circuit to The second element is executed to perform the specified password operation. ° ° rain into -0, and the control password list = use a user-generated gold - some corresponding to the user generated gold stub * code known as the work, was sent along the way In the password unit: D Meng Yu's load command will be returned every time. The crypto unit is loaded into the gold input directory and the micro-instruction is loaded. All the register 7 values will be retained. T /, For his number, please refer to the ninth figure, which is stored in the Η Η 士 703 for a skirt 笙 / "#值表9〇〇1| shows the register value. - The format of the map Save the micro-instruction 7. Number: The 700-storage system is sent to the password unit for extraction (such as encrypted or unpacked). The m-file block in the trace channel is stored to the storage execution logic in the memory. Arranged by the data register block 702. Therefore, 'in the case of - rounded file block generation - load financial input = translation according to the present invention A logic circuit corresponding to the line II; bar gauge material microinstruction register bit value 7G3 square surface.  The = code is presumed to correspond to the output of its first internal output register output _〇, which is provided to the storage execution logic for storage. The output-0 is provided to the input file block provided to the wheel. Similarly, the value of the second internal wheeled register output corresponds to the input file block provided to the input]. Therefore, after the loading of the gold remainder and the control character data, a plurality of rounded file blocks can be used by 32 1258289 to generate a megagram unit by generating, for example, loading (by private, η 亲1 into storage, round-in - 〇作)^ Sample control (4) Code list (4) Start to perform confidential operation:: Wheel ", store · turn out _1, load. Enter d, load to start the password operation for the next two rounds of the file block) the micro-password command in the special order to complete the pipeline operation. Referring now to the tenth figure, the +th password is used as an example of the character format format according to the present invention. The control falls: and: t - the user is designed in the memory, the password is executed and the format indicator is provided to the symmetrical processor. As with the micro-instruction configuration order corresponding to the part of the -Mimma instruction, the microprocessor is controlled to read the completion s containing the indicator: 5H index is converted into a physical memory bit: w: 'From the record-(cache) The control character side is retrieved from the memory and the control word is loaded into the internal control character temporary buffer in the crypto unit. Control character face contains -reserved (RSVD) blocker, one gold record size 1 child 疋 (KSIZE) block delete, one encryption / / decrypt (e / d) placement 1003, an intermediate result (IRSLT) block Face, a key generation (KGEN) block deletes an algorithm (ALG) to block Cong, and a round count (RCN) block 1〇07. All values in the reserved padding are preserved. Gold Size Dimension 臓 Content Specification - The size of the cryptographic key used to perform an encryption or decryption operation. In one embodiment, the key size block 1002 specifies a gold margin of a bit size, - a gold input of 192 bit size or a key of a attack bit size. The encryption/decryption block 1003 specifies that the password operation is an encryption action 33 1258289 or a decryption action. The key generation block 1005 indicates a key directory generated by a user in the memory, or a single cryptographic key. If the one provided in the memory is a single cryptographic key, then the microinstruction is transmitted to the cryptographic unit along with the cryptographic key, according to the cryptographic algorithm specified by the content of the algorithm field 1006, the microinstruction The control crypto unit will add the key to a key directory. In one embodiment, the particular value in algorithm field 1006 specifies a data encryption standard algorithm, a triple data encryption standard algorithm, or an advanced encryption standard algorithm. Alternative embodiments consider other encryption algorithms such as the Rijndael encryption algorithm, the Twofish encryption algorithm, and the like. The content of the round count field 1007 specifies the number of times the password round used to execute each data input block is performed according to the specified algorithm. Although the standard of the above algorithm specifies a fixed number of password rounds for each input file block, the provision of the round count field 1007 allows the user to change the number of password rounds specified by the standard. In an embodiment, the user can specify that each block performs a password round of 0-15 times. Finally, the content of the intermediate result field 1004 specifies whether the encryption/decryption of an input file block is to execute the number of password rounds specified in the round count block 1007 (according to the cryptographic algorithm standard specified in algorithm field 1006). Or, the number of rounds specified for the round count block 1007 is to be executed, wherein the final round executed represents an intermediate result rather than the final result (according to the algorithm specified in algorithm block 1006). Anyone skilled in the art will appreciate that many cryptographic algorithms can perform the same sub-actions in each cipher round, except that they are executed in the final round. Therefore, the intermediate result block 1004 is designed to produce intermediate results instead of 34 Ί 258289 I, winter results, which allows the programmer to have intermediate steps. For example, the results of the algorithm between Zhang Yi and Shi Yi, can be changed by the brother, used to change the operation of the algorithm, by the swearing, the code round in a password round at the same ° Α, Λ, : After executing the two file blocks, then execute the two methods to get.徂π# A In the code round, etc. Using the 7/style round and intermediate results, the user can change the effect of the password execution and eliminate the difficulty of the remote key structure and the total number of rounds. ",, change k, please see the eleventh. To give the tenth figure in the figure of the feng feng - café ^ block value table _ display,,. The value and example of the intermediate result block 1004 of pq is given to 兀1000. The value of the intermediate result block 1004 is only the arithmetic component, which is the Sr疋 cryptographic operation according to the tenth figure of the present invention (according to the normal result of the above-mentioned "! horse tea number" as discussed above. The brain + "technology" is an intermediate result of an operational element in accordance with the present invention that produces a particular number of passwords according to the tenth figure discussed above. / Now, please refer to the twelfth first cryptographic unit instance 1200. A microcode register 1203 causes the bus 1214 to receive the microcode). The cryptographic unit 1200 is also input to the temporary storage device (input _〇-1) 1206 'a first golden key register (key 4). When the micro-instruction is specified, a block diagram is used to illustrate The details of this issue. The cryptographic unit 1200 includes a 'microcode register 12' through a micro-finger, a code command (eg, load and store micro-finger includes a control character register 1204, a first) 1205, a second round The scratchpad (input register (key-0) 1207, and a second 12〇8. When the microinstruction register 12〇3 is loaded with a greedy material through a load bus 1211, 35 1258289 Provided to the scratchpad. "The unit also includes a block encryption execution logic circuit 12G1, and the block encryption execution logic is connected to each of the scratchpads, and is also connected to the (four) tangent random access memory 202. Block plus pure line circuit will also provide - delay signal 13 ' and provide block results to the first - output temporary memory | | and the second output s state 1210. These output registers through a storage sink Row (2) 2 routes a content to successive levels in a compatible microprocessor. In one embodiment, microinstruction register 1203 is 32 bits in size and each of the other registers has a size of 128. Bit _ In the operation, the micro-cipher command follows the control character register 1204, and one round enters the temporary state 1205 -1206, or one of the key registers 12 〇 7_12 〇 8 is provided to the microinstruction register 12 连 3 in a continuous manner. In the embodiment of the eighth or ninth embodiment, - The control character is loaded into the control sub-register 12 〇 4 through the manned micro-instruction. Then the password record or the gold input directory will be: continuous loading micro-instruction to load. If it is loaded a 128 The secret key of the bit is stunned for a load microinstruction to specify the scratchpad gold record 2. If it is a strong 128-bit password record, the next step is to register the scratchpad gold. Record the _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ -0 1207 load microinstruction.  .  Each key loaded in the directory of the key is sequentially stored in its corresponding password-based memory (10), and the data is loaded (if the initialization vector is used for the access to the gold (four) machine) (if It is not necessary to input the main register input 1 1200. If 36 Ί 258289 = L:: start = quantity, then the initialization vector is transmitted through the - load «曰 command to be loaded into the register input _u. - About the register input - 0 1205 load micro-instruction control cipher unit, load the input file data into the register input - G12G5 towel 'and use the register to enter the initial vector in the _u application Or use two initialization vectors in the scratchpad 'If the input lean is operated in the pipeline operation mode, according to the parameters provided by the control character content, start in the register input _〇12〇5 For the operation of the input file Γ2〇:: 密匕. After receiving the - specified register input "-, input 镟 command, the block cipher execution logic circuit 1201 begins to bind, the password specified by the word element content Operation. If you need to add a single-password record, then the block encryption execution logic Road 12 SI record: every money and stored in the gold random access memory no block plus read line logic circuit 12G1 is to generate a gold surplus == memorize loading the gold balance directory, the first round of the gold Fast = to block plus 岔 execution logic circuit, so the first block encryption back 5 can be executed without accessing the gold random access memory (10). Once the initial pure 'block encryption execution logic circuit coffee Will enter at least one of the specified password operations' and continuously retrieve the alloys that must be used in the cryptographic algorithm from the 赖 己 体 腿 腿 到 到 到 到 到 到 到 到 到 。 。 。 。 。 。 。 。 。 。 。 。 。 The block cipher operation of the file. The continuous input file block system is encrypted or decrypted corresponding to the execution of the _in and store microinstructions. If the specified output data (such as input or output) is not completed, the connection is not completed. Down block encryption execution logic 1258289 circuit 1201 will present a delay signal 1213. Once the output data is generated and stored in the corresponding output data register 12〇9_121〇, the contents of the output data temporary storage area 1209-1210 will be transmitted to Storage sink Flowchart 1212. Referring now to a thirteenth diagram, a block diagram shows an embodiment of a block cipher execution logic 1300 for performing cryptographic operations in accordance with an advanced cryptographic standard algorithm in accordance with the present invention. Block Encryption Execution Logic 13〇〇 includes a pass bus 1311-1314 and a bus 1316_1318 connected to a round engine 132 controlled by the round engine control 1310. The round engine controller 131 includes an intermediate execution logic circuit 1330 and accesses a micro instruction. The memory 13〇1, a control character register 1302, a first-golden (golden record-0) register 1303, and a second key (key-1) register 13〇4 are stored. Take the key data, the micro-order, and the parameters of the debited password operation. The contents of the input buffer 13〇5_13〇6 are provided to the round engine, and the round engine generates the corresponding output file to the output register 13〇7_13〇8. The output register i3〇7_i3〇8 is also connected to the round engine controller 131〇 through the bus bars 1316-1317, so that the return δ engine control state 1310 can access the result of each successive password round, wherein the result is transmitted through the bus bar 1318 Provided to the round engine 132 for use in the next password round. The cryptographic key is retrieved from the key Ik machine through the bus 1315. The encryption/decryption signal U11 controls the round engine to perform encryption (such as s-BOX) or decryption (such as reverse S-BOX) using sub-actions. Corresponding to the content of an intermediate result block in the control character, the intermediate mode execution logic circuit 1330 sets the state of the round count bus 1312 to control the round engine 1320 to execute the first advanced encryption standard round, an intermediate advance. The level encryption standard round, or a final advanced encryption standard 38 ^ 258289 quasi-round. The bank bus 1313 is also used to provide each back alloy key to the round engine 1320 when performing each corresponding encryption round. The round engine 1320 includes a first key exclusive exclusion (XOR) execution logic circuit 1321 coupled to the first scratchpad temporary store _0 1322. The first register 1322 is coupled to the S-BOX execution logic 1323, wherein the S-BOX execution logic 1323 is coupled to a shift execution logic (ShiflRowlogic) 1324. The shift execution logic circuit 1324 is coupled to the second scratchpad temporary storage - 1 1325. The second register 1325 is coupled to the MIX Column execution logic circuit 1326, wherein the hash execution logic circuit 1326 is coupled to the third register REG-2 1327. The first key execution logic circuit 1321, the S-BOX execution logic circuit 1323, the shift execution logic circuit 1324, and the hash execution logic circuit 1326 are constructed to perform sub-actions of the same name on the input file material, such as the FIPS advance discussed earlier. The operation specified by the level encryption standard. The hybrid execution logic circuit 1326 is additionally used in the inter-round process to perform an Advanced Encryption Standard Mutual Exclusion (AES XOR) function on the input data using the return alloy provided by the key bus 1313. In the decryption step of the encryption/decryption level 1311, the first key mutual exclusion execution logic circuit 1321, the S-BOX execution logic circuit 1323, the shift execution logic circuit 1324, and the hash execution logic circuit 1326 are also constructed to perform their corresponding Reverse advanced encryption standard subactions. Anyone skilled in the art will appreciate that the intermediate round of data is passed back to the round engine 1320, in which a particular block cipher mode is designated by the control character register 1302. The initialization vector data (if needed) is transmitted to the round engine 1320 via the bus NEXTIN 1318. Anyone skilled in the art can also understand that although the intermediate mode execution logic 39 '1258289 circuit coffee is performed according to the advanced and pure, the cryptographic operation is performed with an explicit architecture' and is specifically displayed in the block encryption execution logic circuit, however, According to other block cryptographic algorithms discussed above, the generation of intermediate results can be accomplished with respect to the substantially similar embodiments of the present invention. In the embodiment shown in the thirteenth figure, the round engine is divided into two levels. The first level is between the temporary milk and the temporary milk; the second level is between the temporary storage _1 1325 Between the temporary storage _2 1327. Intermediate capital:: With a pulse signal (not shown in the figure), in the second order μ - Li 'Wan type; synchronous insertion. When the - the key operation on the data block is completed, the output of the corresponding brother is temporarily The contents of the output register 13〇7_13〇8 of the register are reversed to 锉6仃0 (not shown in the figure). I is conveyed to a storage busbar and now see the fourteenth figure, a process The process of saving the password parameter during the interruption event is started by the microprocessing::, method, *an instruction (10) according to the present invention. The instruction flow may not have to be executed: Go to decision block 1404. Yamagata 5. Then the flow is in block 1404, which is right worm (for example, 庐I 斗 ^ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " Interruption, non-observable disputes, switching, etc.) The evaluation that is taking place, t-displacement in t, = order flow to another instruction flow (in the middle of the matter: will switch the original event. If there is an interruption If it is executed, the interrupt will be executed. If no interruption occurs, proceed to the block. Wood/claw stomach formation loop 40 ^ 258289 continued in the decision block 14 〇 4 into the 耔 ^ y event occurred, the implementation of (four) command circuit direct financial - interrupt in block H06 'because - interrupt event occurred In the replacement of the system into a corresponding interrupt ", the road will clear the flag in the flag register. Clearing is used to ensure that jumping from the interrupt processing to the raft is in progress, it will be specified - Or multiple block plus operation operations have been completed by the input indicator register contents, and before the block block encryption operation is continued, the control word must be reloaded. Flow proceeds to block 1408. In block 1408, with respect to - the block cryptographic operation in accordance with the present invention, all structured temporary stores 11 containing indicators and counters are stored in the ge body. Any familiar with this The technician, ί is generally completed in today's data transport before converting (4) to interrupt processing. Therefore, the present invention makes use of this overview of the current data structure to make the execution of the entire interrupt event clear. After storing the temporary cry, 'take down The flow proceeds to block 141. °°, in block 1410, the 'program flow is switched to interrupt processing. The flow proceeds to block 1412. In block 1412, the method p 6 has been 7L. Anyone familiar with the art can understand the method in Figure 14 and the method will start again in block 1402 when jumping back from the process of Zhongyin Kaida. Please refer to the fifteenth. Figure 1, a hexagram diagram depicting a cryptographic operation on at least one input 41 1258289 data block in accordance with the present invention 'in the presence of at least one of the cakes , used to specify and generate - intermediate fruit, see, used to control according to the block encryption mode refers to the second r has been omitted 'where the block encryption mode needs to update the sub-wide search for the initialization vector parameters (such as output feedback Mode feedback mode); although those other block encryption modes are based on the party according to the present invention, the step τ #, the stipulation process starts from block 15G2, and the second private I is used to control the password according to the present invention. Password command for operation : Oral order. The execution of the password instruction may be the first execution action, or the interrupt execution of the interrupt event is followed by the first execution event, and the program control right is returned to the encryption file after the execution of the interrupt processing. . The flow then proceeds to block 1504. In block 1504, a poor block in the input index register according to the present invention is loaded from the memory and starts to be: Lpi疋# . In an embodiment, the specified password is passed to decision block 1506. - In the decision block 1506, there is an evaluation of whether or not the value of the X bit in the flag register is "set". If the value of the X bit is "set", it means that the control character disk entry directory of the manned to encrypted unit towel is valid according to the present invention. If the value is "clear", it means that the control character and the gold balance directory loaded into the plus 6, early is invalid. As mentioned above in the fourteenth figure, when the interrupt event occurs, the : bit: value is "clear". In addition, as mentioned above, # needs to load a new control word cutting directory, or g to load both of them, before the password command is transmitted in 42 1258289, the instruction must be executed to clear the bit. . If there is an interrupt, then the flow will proceed to the block if/and an interrupt occurs, then the flow will form a loopback, crying in decision block 1404, and the instruction will be executed until there is an interrupt event. Soon. In the embodiment compatible with the use of the 固86 flag register, the 固86 is the same as the 固86 compatible ,86, the p 〇 pFD instruction can be executed, and the P_ instruction can be used to clear the χ bit. However, it will be appreciated by those skilled in the art that other instructions must be used in the alternative embodiment to remove the bits. If the value of the bit is "set", then the flow proceeds to: decision block m2. If the value of the bit is "clear", then the flow proceeds to decision block 15〇8. In the block 1508, a control character is loaded from the memory because a cleared χ bit has indicated that there is a - interrupt 2 occurrence or a person to be loaded - a new control character and / or money data, a control character is loaded from the memory And the password operation originally opened in block (10) will be restarted. In an embodiment, the manned control character two = secret: the cell performs the secret case specified as described above (reference block 15〇4), starting in block 1504 - the cryptographic operation, thinking of a plurality of blocks The optimization of the encryption operation can be assumed that a positive font 70 and money data are to be used, and the electronic codebook mode is used in the block encryption mode, thus using an electronic codebook; The flow proceeds to block 151〇. In block 1510, the input file = the remaining data in block 15〇4 is again loaded, and the cryptographic operation is started according to the newly loaded sub- and meta-data. The flow then proceeds to decision = 43 Ί 258289 1512. In decision block 1512, an intermediate result field in the control character is detected to determine whether a normal result is to be generated for the loaded round block or an intermediate result is to be generated. If a normal result is to be generated, then the flow proceeds to block 1516. If an intermediate result is to be generated, then the flow proceeds to block 1514. In block 1516, a pair of output blocks that should be input to the block are generated. For encryption, the input block is an unencrypted file block and the output block corresponds to an encrypted text block. For decryption, the input block is an encrypted text block and the output block corresponds to an unencrypted text block. A specified number of rounds of rounds are executed on the input block based on the contents of a round count field in the control character. However, instead of a normal result, the generation of an intermediate result has been discussed previously. The flow then proceeds to block 1518. In block 1514, an output block corresponding to the loaded input block is generated. A specified number of password rounds are executed on the input block based on the contents of a round count block in the control character. A normal result is generated based on the specified cryptographic and block cipher modes. The flow proceeds to: Block 1518. In block 1518, the resulting output block is stored in memory. The flow then proceeds to block 152. In block 1520, the contents of the input and output block indicator registers are changed to point to the next input and output block. In addition, the content of the block count register is changed to indicate that the cryptographic operation performed on the current input data block has been 44 Ί 258289. In the embodiment discussed in the fourteenth figure, the value of the block count is saved. . However, anyone skilled in the art will appreciate that alternative embodiments consider the operation and testing of the contents of the block count register and perform the cryptographic operations of the input file block in the manner of the sampled pipeline job. The flow then proceeds to decision block 1522. In the decision block help, there is an evaluation to determine whether there is still an input data area to be imposed. In the embodiment shown here, the block counter is detected to see if its value is zero for the purpose of highlighting. If there are no zones, the block is to perform a cryptographic operation, then the flow proceeds to block 1526. If there are still blocks to perform the cryptographic operation, then the flow proceeds to block 1524. In block 1524, as indicated by the contents of the input indicator register, the next input data block will be loaded. The flow proceeds to the block coffee. In block 1526, the method has been completed. Although the invention and its objects, features and advantages have been described in detail, other embodiments can be practiced in accordance with the invention. In the case of I, the invention has been discussed in terms of x86 compatibility. However, it will be discussed in such a manner that the X86 structure is generally known, so that the present invention will be specifically described. However, the present invention includes embodiments that are applicable to other instruction architectures such as PowerPC®, Deletion 8, and other entirely new instruction set architectures. Furthermore, this service explicitly includes the execution of a cryptographic operation in the components of the -computing system (and not in the microprocessor itself). For example, the cryptographic instructions according to the present invention can be easily applied to an cryptographic unit embodiment, wherein the cryptographic unit is not an integrated circuit that operates part of the computer system (eg, "Micro-Section 2 45 1258289 II: = Ming" Is the embodiment intended to be a dedicated bridge integrated into the microcode operation or is it passed as an execution secret to the dedicated processing? : The second processor refers to the annual controller and the chapter: II. It is also contemplated that the present invention is suitable for use in the control of the crying, signal processor, array processing, etc., and performs the cryptographic operations described herein. Such a device embodiment does provide a low rate option to exclusively perform (four) code operations as a pass/decrypt processor. For the sake of clarity, the inventors will discuss these alternative processing elements as described above. In addition, although the present invention has described 128-bit blocks, it is also considered that blocks of different sizes can be used, as long as the storage rounds are greedy, output data, gold remainder, and control characters are temporarily changed. The size of the register can be. Furthermore, although the specification of the present invention particularly highlights the data encryption standard algorithm, the triple data encryption standard algorithm, and the advanced encryption standard algorithm. The inventors have pointed out that the present invention also includes less well-known block cipher algorithms, such as MARS cipher, Rijndael cipher (Rijn (jaei cipj^), Pisces plus 灵) (Twofish cipher), Blowfish encryption algorithm (Blowfish cipher), Serpent coronation, algorithm (Serpent cipher), and RC6 encryption algorithm (RC6cipher). It is fully understood that the present invention provides a dedicated block cipher device and The theory of processors, in which the 46 1258289 micro-block cryptographic action can be triggered by the execution of a single instruction. And 'Although the invention has described block cipher algorithms and performing block cipher techniques, it is noted that the present invention It can also be completely called the encryption method other than the block addition. You can observe the solution of a single instruction: etc. You can control a compatible microprocessor to perform encryption or specialization and the microprocessor contains A dedicated password 兀 ' is used to perform the cryptographic function indicated by the single-instruction circuit. The round of the attack of the layer: the device can perform the pipeline operation of the two input data blocks, and the other ones are added. The embodiment takes into account more than two orders. 12 = Expected to be the class Segmentation to support more input data blocks: :: The same way can be extended to other classes in the compatible micro-processing branch. Finally, although the invention supports a single password with a single password The unit is specifically discussed, but the present invention also covers one phase; , at: benefit: mention: a plurality of passwords that are linked in parallel with other execution units.: 2:: Ceremony: The soap element is constructed to perform specific block encryption. The first unit is constructed to perform the advanced encryption standard method, the second unit is constructed to perform the data encryption standard algorithm, etc. Although the present invention has been disclosed in the foregoing preferred embodiments, However, it is not intended to limit the invention, and it is to be understood that those skilled in the art can make various changes and modifications within the spirit and scope of the present invention. Scope ^ 47 1258289 [Simple Description of the Drawings] In order to make the above and other objects of the present invention, the following description of the preferred embodiments of the present invention will be described in more detail below: The diagram is a block diagram illustrating the application of the password today; C is a block diagram of the technique for performing the password operation.  The present invention is a micro-processing device for performing a cryptographic operation according to the present invention; the Lefour diagram is an exemplary block cryptographic module for the micro-password instruction mentioned in the block diagram of the micro-password instruction of the present invention. (2) An x86, password module demonstration in a capacitive microprocessor (5) 5 = Directly in the processor, the fan map is the cousin of the device recorded in accordance with the format of the seventh figure. The figure is shown in the seventh figure. And storage micro device records (4) sexual control adjustments The present invention refers to the encryption operation refers to the eleventh figure to illustrate the tenth figure refers to the control text table; the definite password parameters demonstrate the intermediate result category = figure for the present invention refers to the exemplary The code of the twelve brothers is illustrated in the description of the present invention, 田 °, '田 @ 二, to perform under the advanced encryption standard (4) ^ horse rape group specific embodiment of the fourteen brothers to illustrate the A flowchart for retaining the state of the parameter 48 258 289 289 in the event of an interruption; the fifteenth figure illustrates a reference to the designation or generation of one or more input data when performing cryptographic operations in the event of one or more current impediments Flowchart of the method of the result. Main component symbol description 100 Block diagram 101 First computer workstation 102 Second computer workstation 103 Third computer workstation 104 Notebook 105 Regional network 106 Network file storage device 107 First router 108 Wireless Router 109 Wireless Network 110 Wide Area Network 111 Second Router 112 Encryption/Decryption Operation 200 Block Diagram 201 Microprocessor 202 Operating System 203 Application Memory 204 Password Key Generation Program 205 Key Directory 206 Encryption Program 207 Decryption Program 208 Initialization Vector 209 Password Parameter 210 Unencrypted File 211 Encrypted File 300 Block Diagram 301 Microprocessor 302 Instruction Scratchpad 303 Translation Execution Logic Circuit 304 Microinstruction Array 305 Microinstruction Item 306 Microinstruction Item 307 Scratchpad File 308, 309 , 310, 3U, 312, 313 register 314 load execution logic circuit 49 1258289 315 data cache memory 317 storage execution logic circuit 319 memory bus 321 memory 323 control character 325 initialization vector 327 output file 400 micro password Instruction 402 Repeat Preamble Field 404 Block Encryption Kernel Placement 600 Microprocessor 602 Translation Execution Logic Circuit 604 Microcode Code Read Only Memory 606 Address Level 608 Execution Level 610 Integer Unit 614 Multimedia Extension Set Unit 616 Streaming Extended set unit 618 storage level 620 loaded bus 622 storage bus 625 X bit 627 interrupt 629 E bit 316 crypto unit 318 write back execution logic circuit 320 operating system 322 password command 324 initial encrypted record or gold directory 326 Input file 328 execution logic circuit 401 pre-block 403 operation code field 500 block encryption mode value table 601 capture execution logic circuit 603 translator 605 register level 607 load level 609, 611, 613, 615 micro-instruction伫 612 floating point unit 617 crypto unit 619 write back 621 delay signal 624 flag register 626 interrupt execution logic circuit 628 machine specific register 630 feature control register 50 1258289 631 D bit 632 execution logic circuit 700 micro-instruction 701 micro-code block 702 data register field 704 data block 703 register field 800 load micro-instruction value table 900 storage micro Let the value table 1000 control character 1001 reserved field 1002 key size block 1003 encryption / decryption field 1004 intermediate result field 1005 gold 鍮 generate block 1006 algorithm field 1007 round count field 1100 intermediate result block Value table 1200 back to unit 1201 block encryption execution logic circuit 1202 back key random access memory 1203 micro code register register 1204 control word register 1205, 1206 input register 1207, 1208 key register 1209 output data register 1210 output data register 1211 load bus 1212 storage bus 1213 delay signal 1214 micro-instruction bus 1300 block encryption execution logic circuit 1301 micro-instruction register 1302 control character register 1303 First key register 1304 second key register 1305 first input register 1306 second input register 1307 first output register 1308 second output register 1310 round engine controller 1311 encryption / decryption signal 1312 round count bus 51 Ί 258289 1313 key bus 1314 key generation bus 1315, 1316, 1317, 1318 bus 1320 round engine 1321 first key mutual exclusion Logic circuit 1322 first register 1323 S-BOX logic 1324 shift execution logic circuit 1325 second register 1326 hash execution logic circuit 1327 third register 1330 intermediate mode execution logic circuit 1400 flow chart 1402 start 1406 clear X Bit 1410 Interrupt Processing 1500 Flowchart 1404 Interrupt Determination 1408 Storage Structured Register 1412 Complete 1502 Start 1504 Load Input Block and Start Operation 1506X Bit Determination 1508 Load Control Character and Restart 1510 Load Gold The key data is loaded into the input block, and the operation 1512 is restarted to determine whether the intermediate output block 1516 which generates a total number of specified rounds for a normal result 1514 generates a normal output block 1518 for generating the total number of rounds to store the output block to the memory 1520. Update block counter and indicator 1522 to determine whether the block counter value is zero 1524 loaded into the input block and start operation 52 Ί 258289 1526 completed

5353

Claims (1)

1258289 、申請專利範圍: —種執行密碼操作的裝置,包含: —密碼指令電路,用以產生由一計算裝置所接收之 一密碼指令,該密碼指令係為在該計算裝置上所 執行之指令流程的一部份,其中該密碼指令電路 指定複數個密碼操作之一,並指定一種中間結果 被產生;以及 ^ 一執行邏輯電路,有效連結至該密碼指令電路,用 2· 4· 以執行被指定之該密碼操作,並且產生被指定之 该中間結果。 =申請專利範圍第1項所述之裝置,其中被指定之該 W碼操作更包含: —加密操作,該加密操作包含至少加密至少一個明 文區塊,藉以產生至少一個相對應密文區塊。 $申請專利範圍第1項所述之裝置,其中被指 毯、碼操作更包含: 〜 —解密^作,該解密操作包含解密至少一個密文區 塊,藉以產生至少一個相對應明文區塊。 -ΐΐ專!!範圍第1項所述之裝置,其中該執行邏輯 电路用以中斷在由該密碼指令提及之一控制 —中間結果攔位。 円的 =中請專利範圍第4項所述之裝置,其中該中間 二申請專利範圍第4項所述之裝置中中間結果 私不该執行逛輯電路執行以產生一正常結 如申請專利範圍第1項所述之裝置,豆中該 電路用以中斷在由該密碼指令提及之::帝^3 —回合計數攔位。 于兀内的 如申請專利範圍第7項所述之裝置,豆中兮 攔位的數值指定複數個密碼回合,在= 54 1258289 執仃被指定之該密碼操作時,在一輸入區塊中被 9· 10. 11. 12. 13. Κ ϋ’ί?,圍第1項所述之裝置,其中被指定之該 :由i ί係根據進階加密標準演算而完成。 宓圍第1項所述之裝置,•中被指定之該 二^私々係根據x86指令格式而被指定。 參:以?”1項所述之裝置,其中該密碼指令 二二/ 口十#衣置内至少一個以上的暫存哭。 =青第η項所述之裝置,“ 以上之暫存器包含: 似 — ί:?存器’其中該第一暫存器的内容包含對應 f:記憶地址之一第一指標,該第—記憶地 f评、、、田私明記憶體中的一第一位置,被指定之該 捃碼,作係透過對應於該第一位置之至少一個輸 入文字區塊之存取而完成。 ίΐΐϊϊ範圍第11項所述之裝置,其中該至少-個 从上之暫存器包含: 1U 3 —2存器,其中該第二暫存器的内容 =第,記憶地址之一第二指標,該第二= ,二,和明該記憶體中的一第二位置,來儲存至 以上相對應之輸出文字區塊,該輸出文字 =生係依據至少一個以上之輸入文字= 成被扣定之該密碼指令。 範圍第11項所述之裝置,,中該至少一個 以上之暫存器包含: 〆 中該第三暫存器的内容指出在至 塊。们上之輸入文字區塊中的複數個文字區 範圍第11項所述之裝置,#中該至少-個 Μ上之暫存器包含·· 王夕1固 55 15. 5258289 三記憶地址之一第三指標,該第三於-弟 指明記憶體中的一第三位置,來地址詳細 ;,以使用來完成被指定之4;:;碼金输數 申明專利乾圍第11項所述之裝置,1 以上之暫存器包含: /、干該至少一個 -第=器,其中該第五暫存器包含對應 四 5己k地址之一第四指標,該第四記憶地址 明2憶體中的一第四位置,該第四位置包含二‘ T向2置,該最初向量位置對應之内容包含一 最初向量等同物’用來完成被指定 17. 巧項所述之裝置’其中該至少-個 态’其中該第六暫存器包含對應於-第五 體ΐ ii:ί五ΐΓ該第五記憶地址指明記憶 之該加密操作,其中該控制字 疋之該岔碼操作的複數個密碼參數,並包含: ^種中間結果欄位,用以指出一個正常結果或 ,中間結果是否為在被指定之該密碼操作執行 期間產生。 18. ΐΐΐί利範圍第1項所述之裝置,其中該執行邏輯 個τί碼if ’用以在至少一個輸入文字區塊之每-仃^數個密碼回合,藉以產生相對應的至少一 所子區塊’其中該些密碼回合係由該密碼單元 19 二勺一控制字元之一回合計數欄位所指定。 •一種執行密碼操作的裝置,包含: 一種控制字元產生器,用以產生一控制字元, 56 1258289 密碼操作期間内, ―::單元’其在-元件中,用以在接收到-指令 二ί之二密碼指令的時候執行被指定之—該资i ί ί你:該指令流係為用來指定被指定之i宓 參程的一部份,並且該密碼指“ 指定之該密碼指令所一記憶位置係由被 此如申請專利蘇 2^A之一暫存器的内容所指定。 據進階加密標準:算,該密碼單元係根 41:工=項:,之襄置,其中該密碼單元 是否產中間結果攔位,以決定 2S ^ ^ ㊉結果或該中間結果。 .=請專利範圍第19項所述之裝 解澤一種在該批在丨丨全-〜, i /、r成么碼早兀 被指令之的回合計數攔位,以決定在 -輪入文字區塊被執行。〜在碼回合區塊必需在 •如申請專利範圍第19項所述 係依據沾6指令格式所^之衣置’其中該密碼指令 種在元件中執行密碼操 經由-密瑪指令,心^方法’邊方法包含: 間,產生―中門^ 行被指定之密碼操作期 分 T間結果;以及 接收該密碼指令電路, 作時產生該中間結果在執行被指定之該密碼操 26.如申請專利範圍第25 包含: 員所述之方法,其中該指定步驟 經由該密碼指令所參 位,具體指出是否產ί =制子兀内的第一攔 古產生一個正常結果或著產生該 57 1258289 27 中間結果。 •如申請專利範圍第25項所 包含: 方法,其中該接收步鱗 從記憶體載入該控制字元。 驟 况如申請專利範圍第25項所述 包含: 1述之方法,其中該接收步 根據進階加密標準演曾劫 291:請專利範圍第25項“之方; 30· 依據χ86 如申請專利 包含: t令,式來提供該密碼指令。 範圍第25項所述之方法,其中該指定步驟1258289, the scope of patent application: - a device for performing a password operation, comprising: - a password command circuit for generating a password command received by a computing device, the password command being a command flow executed on the computing device a portion of the cryptographic instruction circuit that specifies one of a plurality of cryptographic operations and specifies an intermediate result to be generated; and an execution logic circuit that is operatively coupled to the cryptographic instruction circuit for execution by 2·4· The cryptographic operation operates and produces the intermediate result that is specified. The apparatus of claim 1, wherein the specified W code operation further comprises: - an encryption operation comprising encrypting at least one of the at least one plaintext block to generate at least one corresponding ciphertext block. The device of claim 1, wherein the fingerprint and code operations further comprise: - decrypting, the decrypting operation comprising decrypting at least one ciphertext block to generate at least one corresponding plaintext block. The device of item 1, wherein the execution logic is to interrupt the control of one of the references by the cryptographic instruction - an intermediate result block.円 中 中 中 中 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利 专利In the device of claim 1, the circuit is used to interrupt the reference in the password command:: ^3 - round count block. In the device according to item 7 of the patent application scope, the value of the bean stop position specifies a plurality of password rounds, and when the password operation is designated at = 54 1258289, it is in an input block. 9· 10. 11. 12. 13. Κ ϋ 'ί?, the device described in item 1, which is specified: by i 系 is based on the advanced encryption standard calculation. The device specified in item 1 is designated in accordance with the x86 instruction format. Participation: to? The device according to item 1, wherein the password command is at least one or more temporary crying in the second or third ten clothes. The device described in the item n, "the above register contains: like - ί The memory of the first register includes a first indicator corresponding to one of f: a memory address, and the first location in the first memory location is specified, and the first location in the memory is specified. The weight is completed by accessing at least one of the input text blocks corresponding to the first location. The device of claim 11, wherein the at least one slave register comprises: 1U 3 - 2 memory, wherein the content of the second register = first, one of the memory addresses, the second indicator, The second =, second, and a second position in the memory are stored to the corresponding output text block, and the output text = the living system is based on at least one of the input characters = being deducted Password command. The device of claim 11, wherein the at least one of the registers comprises: 〆 The content of the third register is indicated in the block. In the input text block, the plurality of text areas in the range of the device described in item 11, the at least one of the above-mentioned registers contains ····························· a third indicator, the third in-different indicates a third position in the memory, and the address is detailed; and is used to complete the designated 4;:; the code-in-gold number is declared as described in Item 11 of the patent The device, the register above 1 includes: /, the at least one - the third device, wherein the fifth register includes a fourth indicator corresponding to one of the four 5 k addresses, the fourth memory address a fourth position, the fourth position comprising two 'T to 2', the content of the initial vector position comprising an initial vector equivalent 'used to complete the device specified by the item 17. a state in which the sixth register contains a corresponding password - corresponding to the fifth body ii: ΐΓ ΐΓ ΐΓ ΐΓ ΐΓ ΐΓ ΐΓ ΐΓ 指明 指明 , , , 第五 第五 第五 第五 第五 第五 第五 加密 加密 加密 加密 加密 加密 加密 加密 加密 加密Parameters, and include: ^ intermediate result field to indicate a positive Results or intermediate results generated during whether the designated cryptographic operation is performed. 18. The device of claim 1, wherein the execution logic τ 码 if ' is used to generate a corresponding number of passwords in each of the at least one input text block, thereby generating a corresponding at least one of the children The block 'where the password rounds are specified by the round count field of one of the two control elements of the cryptographic unit 19. • A device for performing a cryptographic operation, comprising: a control character generator for generating a control character, 56 1258289 during a cryptographic operation, a ―:: unit 'in the - component, for receiving a command The execution of the second password command is specified. This resource is used to specify a part of the specified parameter, and the password refers to the specified password command. The memory location is specified by the content of the temporary register as claimed in the patent application. According to the advanced encryption standard: the cryptographic unit is root 41: work = item:, the device, wherein Whether the cryptographic unit produces an intermediate result block to determine the 2S ^ ^ ten result or the intermediate result. . = Please refer to the patent scope of item 19 to solve the problem in the batch in 丨丨 - -~, i /, r into the code as early as the commanded round count block to determine that the - round text block is executed. ~ In the code round block must be in • as described in the scope of claim 19 The instruction format is set to 'the password instruction The execution of the password operation in the device is via the -Murma command, and the method of the method includes: generating a "intermediate gate" line with the specified password operation period T between the results; and receiving the password instruction circuit, generating the intermediate The result is performed in the execution of the password operation. The method of claim 25 includes: the method described by the member, wherein the specifying step is configured via the password instruction, and specifically indicates whether the production is in the first step The interception produces a normal result or produces the intermediate result of the 57 1258289. • As contained in claim 25, the method includes a method in which the receiving step scale loads the control character from the memory. Item 25 includes: 1 the method, wherein the receiving step is performed according to the advanced encryption standard 291: Please refer to the 25th item of the patent scope; 30. According to χ86, if the patent application includes: t order, Provide this password instruction. The method of claim 25, wherein the specified step 經由在該密碼指令電 第二攔位,指出在 疋之密碼操作期間 路所參照之一控制字元内的_ 輪入文字之一區塊中執行被指 ,有多少個密碼回合被執行。By means of the second intercept in the cipher command, it is indicated how many cipher rounds are executed in the block of the _ wheeled text within one of the control characters referenced during the cryptographic operation. 5858
TW093131089A 2004-04-16 2004-10-14 Microprocessor apparatus and method for providing configurable cryptographic block cipher round results TWI258289B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/826,435 US7502943B2 (en) 2003-04-18 2004-04-16 Microprocessor apparatus and method for providing configurable cryptographic block cipher round results

Publications (2)

Publication Number Publication Date
TW200536334A TW200536334A (en) 2005-11-01
TWI258289B true TWI258289B (en) 2006-07-11

Family

ID=35263552

Family Applications (1)

Application Number Title Priority Date Filing Date
TW093131089A TWI258289B (en) 2004-04-16 2004-10-14 Microprocessor apparatus and method for providing configurable cryptographic block cipher round results

Country Status (2)

Country Link
CN (1) CN1684408B (en)
TW (1) TWI258289B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109583238B (en) * 2018-11-29 2023-03-28 中国电子科技集团公司第四十七研究所 Pipeline instruction stream encryption and decryption method

Also Published As

Publication number Publication date
CN1684408A (en) 2005-10-19
CN1684408B (en) 2010-06-23
TW200536334A (en) 2005-11-01

Similar Documents

Publication Publication Date Title
TWI303936B (en) Apparatus and method for generating a cryptographic key schedule in a microprocessor
TWI351864B (en) Apparatus and method for employing cyrptographic f
TWI705352B (en) Keyed-hash message authentication code processors, methods, systems, and instructions
EP1596530B1 (en) Apparatus and method for employing cryptographic functions to generate a message digest
US7321910B2 (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
TW200537886A (en) Apparatus and method for secure hash algorithm
US7532722B2 (en) Apparatus and method for performing transparent block cipher cryptographic functions
TW200816767A (en) System and method for trusted data processing
TW200830327A (en) System and method for encrypting data
US20040250090A1 (en) Microprocessor apparatus and method for performing block cipher cryptographic fuctions
EP1519509B1 (en) Apparatus and method for providing user-generated key schedule in a microprocessor cryptographic engine
US7502943B2 (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
US7536560B2 (en) Microprocessor apparatus and method for providing configurable cryptographic key size
US7529368B2 (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
US7900055B2 (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
US7542566B2 (en) Apparatus and method for performing transparent cipher block chaining mode cryptographic functions
TWI258289B (en) Microprocessor apparatus and method for providing configurable cryptographic block cipher round results
CN1661958B (en) Microprocessor apparatus of block cryptographic functions and method
TWI274280B (en) Microprocessor apparatus and method for employing configurable block cipher cryptographic algorithms
TWI247241B (en) Microprocessor apparatus and method for performing block cipher cryptographic functions
TWI272815B (en) Apparatus and method for performing transparent output feedback mode cryptographic functions
TWI250450B (en) Microprocessor apparatus and method for providing configurable cryptographic key size
TW200536329A (en) Apparatus and method for performing transparent cipher block chaining mode cryptographic functions