支持國產(chǎn)密碼算法的高速PCIe密碼卡的設(shè)計(jì)與實(shí)現(xiàn)

趙軍; 曾學(xué)文; 郭志川

doi:10.11999/JEIT190003

支持國產(chǎn)密碼算法的高速PCIe密碼卡的設(shè)計(jì)與實(shí)現(xiàn)

doi: 10.11999/JEIT190003

趙軍^{1, 2},
曾學(xué)文^{1, 2, 3, ,},
郭志川^{1, 2, 3}

1.
中國科學(xué)院聲學(xué)研究所國家網(wǎng)絡(luò)新媒體工程技術(shù)研究中心 ??北京 ??100190
2.
中國科學(xué)院大學(xué)電子電氣與通信工程學(xué)院 ??北京 ??100190
3.
北京中科視云科技有限公司北京 100190

基金項(xiàng)目: 中國科學(xué)院戰(zhàn)略性科技先導(dǎo)專項(xiàng)課題(XDC02010701)

詳細(xì)信息

作者簡介:
趙軍：男，1991年生，博士生，研究方向?yàn)樾畔踩?/p>
曾學(xué)文：男，1968年生，研究員，研究方向?yàn)榫W(wǎng)絡(luò)新媒體技術(shù)

郭志川：男，1975年生，研究員，研究方向?yàn)镕PGA硬件加速技術(shù)

通訊作者:
曾學(xué)文　zengxw@dsp.ac.cn

中圖分類號: TP393.08
計(jì)量
- 文章訪問數(shù): 4002
- HTML全文瀏覽量: 2551
- PDF下載量: 190
- 被引次數(shù): 0
出版歷程
- 收稿日期: 2019-01-03
- 網(wǎng)絡(luò)出版日期: 2019-04-25
- 刊出日期: 2019-10-01

Design and Implementation of High Speed PCIe Cipher Card Supporting GM Algorithms

Jun ZHAO^{1, 2},
Xuewen ZENG^{1, 2, 3
, ,},
Zhichuan GUO^{1, 2, 3}

1.
National Network New Media Engineering Research Center, Institute of Acoustics, Chinese Academy of Sciences, Beijing 100190, China
2.
School of Electronic, Electrical and Communication Engineering, University of Chinese Academy of Sciences, Beijing 100190, China
3.
Beijing Zhongke Vision Cloud Technology Co., Ltd., Beijing 100190, China

Funds: Strategic Priority Research Program of the Chinese Academy of Sciences(XDC02010701)

摘要

摘要: 密碼卡在信息安全領(lǐng)域發(fā)揮著重要作用，但當(dāng)前密碼卡存在性能不足的問題，難以滿足高速網(wǎng)絡(luò)安全服務(wù)的需要。該文提出一種基于MIPS64多核處理器的高速PCIe密碼卡的設(shè)計(jì)與系統(tǒng)實(shí)現(xiàn)方法，支持SM2/3/4國產(chǎn)密碼(GM)算法以及RSA, SHA, AES等國際密碼算法，系統(tǒng)包括硬件模塊，密碼算法模塊，主機(jī)驅(qū)動(dòng)模塊和接口調(diào)用模塊；對SM3的實(shí)現(xiàn)提出一種優(yōu)化方案，性能提升了19%；支持主機(jī)以Non-Blocking方式發(fā)送請求，單進(jìn)程應(yīng)用即可獲得密碼卡滿載性能。該卡在10核CPU下SM2簽名和驗(yàn)證速度分別為18000次/s和4200次/s, SM3雜湊速度2200 Mbps, SM4加/解密速度8/10 Gbps，多項(xiàng)指標(biāo)達(dá)到較高水平；采用1300 MHz主頻16核CPU時(shí)，SM2/3的性能指標(biāo)提高1倍，采用48核CPU時(shí)SM2簽名速度可達(dá)到10⁵次/s。
- 密碼卡 /
- PCIe總線 /
- 國產(chǎn)密碼算法 /
- 非阻塞
Abstract: Cipher cards play an important role in the field of information security. However, the performance of cipher cards are insufficient, and it is difficult to meet the needs of high-speed network security services. A design and system implementation method of high-speed PCIe cipher card based on MIPS64 multi-core processor is proposed, which supports the GM algorithm SM2/3/4 and international cryptographic algorithms, such as RSA, SHA and AES. The implemented system includes module of hardware, cryptographic algorithm, host driver and interface calling. An optimization scheme for the implementation of SM3 is proposed, the performance is improved by 19%. And the host to send requests in Non-Blocking mode is supported, so a single-process application can get the cipher card’s full load performance. Under 10-core CPU, the speed of SM2 signature and verification are 18000 and 4200 times/s, SM3 hash speed is 2200 Mbps, SM4 encryption/decryption speed is 8/10 Gbps, multiple indicators achieve higher level; When using 16-core CPU @1300 MHz, SM2/3 performance can be improved by more than 100%, and the speed of SM2 signature could achieve 10⁵ times/s with 48-core CPU.
- Cipher card /
- PCIe bus /
- GM algorithm /
- Non-Blocking

HTML全文

圖 1 硬件設(shè)計(jì)框圖

下載: 全尺寸圖片幻燈片

圖 2 非阻塞請求處理機(jī)制

下載: 全尺寸圖片幻燈片

表 1 優(yōu)化前后對比

輸入長度(Byte)	運(yùn)算速度(Mbps)		性能提升(%)
輸入長度(Byte)	優(yōu)化前	優(yōu)化后	性能提升(%)
64	96	115	19.8
256	156	186	19.2
1 k	185	220	18.9
4 k	194	231	19.1
16 k	196	233	18.9

下載: 導(dǎo)出CSV

表 2 阻塞、非阻塞單進(jìn)程對比

請求運(yùn)算類型	運(yùn)算速度(次/s)		性能提升(%)
請求運(yùn)算類型	阻塞	非阻塞	性能提升(%)
SM2 簽名	1710	17523	900
SM2 驗(yàn)簽	418	4240	900
RSA(2048) 簽名	219	2200	900
RSA(2048) 驗(yàn)簽	2018	20232	900

下載: 導(dǎo)出CSV

表 3 密碼卡性能測試結(jié)果對比

密碼卡種類	SM2 (次/s)		SM3 (Mbps)	SM4 (Gbps)	RSA2048 (次/s)		AES128 (Gbps)	SHA1 (Gbps)	SHA256 (Gbps)
密碼卡種類	簽名	驗(yàn)證	SM3 (Mbps)	SM4 (Gbps)	簽名	驗(yàn)證	AES128 (Gbps)	SHA1 (Gbps)	SHA256 (Gbps)
SJK1572	14000	4000	1300	1.3	–	–	–	–	–
SJK1120	1800	1300	1	1.2	30	350	1.2	–	–
SJK1337	31000	19000	1700	2.2	–	–	–	–	0.8
本密碼卡	18000	4100	2200	8.1	2200	20232	9.0	13.0	13.0

下載: 導(dǎo)出CSV

參考文獻(xiàn)(24)

ABBASINEZHAD-MOOD D and NIKOOGHADAM M. An anonymous ECC-based self-certified key distribution scheme for the smart grid[J]. IEEE Transactions on Industrial Electronics, 2018, 65(10): 7996–8004. doi: 10.1109/TIE.2018.2807383

ADALIER M. Efficient and secure elliptic curve cryptography implementation of curve P-256[EB/OL]. http://csrc.nist.gov/groups/ST/ecc-workshop-2015/papers/session6-adalier-mehmet.pdf.

PAN Wuqiong, ZHENG Fangyu, ZHAO Yuan, et al. An efficient elliptic curve cryptography signature server with GPU acceleration[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(1): 111–122. doi: 10.1109/TIFS.2016.2603974

程明智, 周由勝, 辛陽, 等. GF(2¹⁹²)域上ECC加密的FPGA實(shí)現(xiàn)[J]. 華中科技大學(xué)學(xué)報(bào) (自然科學(xué)版), 2009, 37(10): 9–12. doi: 10.13245/j.hust.2009.10.023

CHENG Mingzhi, ZHOU Yousheng, XIN Yang, et al. FPGA realization of ECC encryption algorithm in GF(2¹⁹²)[J]. Journal of Huazhong University of Science and Technology (Natural Science Edition), 2009, 37(10): 9–12. doi: 10.13245/j.hust.2009.10.023

ROTA L, CASELLE M, CHILINGARYAN S, et al. A PCIe DMA architecture for multi-gigabyte per second data transmission[J]. IEEE Transactions on Nuclear Science, 2015, 62(3): 972–976. doi: 10.1109/TNS.2015.2426877

PCI express base specification revision 3.0[EB/OL]. https://doc.mbalib.com/view/e99fb1d0aab4982329ffd43f1a0dbf3b.html, 2010.

CAVIUM. OCTEON Ⅱ CN66XX multi-core MIPS64 Proce-ssors[J/OL]. http://www.cavium.com/OCTEONⅡCN66XX.html. 2011.

國家密碼管理局. GM/T 0018–2012 密碼設(shè)備應(yīng)用接口規(guī)范[S]. 北京: 中國標(biāo)準(zhǔn)出版社, 2012.

State Cryptography Administration Office of Security Commercial Code Administration. GM/T 0018–2012 Interface specifications of cryptography device application[S]. Beijing: China Standard Press, 2012.

國家密碼管理局. GM/T 0002–2012 SM4分組密碼算法[S]. 北京: 中國標(biāo)準(zhǔn)出版社, 2012.

State Cryptography Administration Office of Security Commercial Code Administration. GM/T 0002–2012 SM4 block cipher algorithm[S]. Beijing: China Standard Press, 2012.

國家密碼管理局. GM/T 0003–2012 SM2橢圓曲線公鑰密碼算法[S]. 北京: 中國標(biāo)準(zhǔn)出版社, 2012.

State Cryptography Administration Office of Security Commercial Code Administration. GM/T 0003–2012 Public key cryptographic algorithm SM2 based on elliptic curves[S]. Beijing: China Standard Press, 2012.

LI Yang, WANG Jinlin, ZENG Xuewen, et al. Fast Montgomery modular multiplication and squaring on embedded processors[J]. IEICE Transactions on Communications, 2017, E110.B(5): 680–690. doi: 10.1587/transcom.2016EBP3189

MONTGOMERY P L. Modular multiplication without trial division[J]. Mathematics of Computation, 1985, 44(170): 519–521. doi: 10.1090/S0025-5718-1985-0777282-X

M?LLER B. Improved techniques for fast exponentiation[C]. The 5th International Conference on Information Security and Cryptology-ICISC 2002, Seoul, Korea, 2002: 298–312.

ZHANG Dan and BAI Guoqiang. High-performance implementation of SM2 based on FPGA[C]. The 8th IEEE International Conference on Communication Software and Networks, Beijing, China, 2016: 718–722.

ZHOU Xin and TANG Xiaofei. Research and implementation of RSA algorithm for encryption and decryption[C]. The 6th International Forum on Strategic Technology, Harbin, China, 2011, (2): 1118–1121.

國家密碼管理局. GM/T 0004–2012 SM3密碼雜湊算法[S]. 北京: 中國標(biāo)準(zhǔn)出版社, 2012.

State Cryptography Administration Office of Security Commercial Code Administration. GM/T 0004–2012 SM3 cryptographic hash algorithm[S]. Beijing: China Standard Press, 2012.

朱寧龍, 戴紫彬, 張立朝, 等. SM3及SHA-2系列算法硬件可重構(gòu)設(shè)計(jì)與實(shí)現(xiàn)[J]. 微電子學(xué), 2015, 45(6): 777–780. doi: 10.13911/j.cnki.1004-3365.2015.06.021

ZHU Ninglong, DAI Zibin, ZHANG Lichao, et al. Design and implementation of hardware reconfiguration for SM3 and SHA-2 hash function[J]. Microelectronics, 2015, 45(6): 777–780. doi: 10.13911/j.cnki.1004-3365.2015.06.021

楊先偉, 康紅娟. SM3雜湊算法的軟件快速實(shí)現(xiàn)研究[J]. 智能系統(tǒng)學(xué)報(bào), 2015, 10(6): 954–959. doi: 10.11992/tis.201507036

YANG Xianwei and KANG Hongjuan. Fast software implementation of SM3 hash algorithm[J]. CAAI Transactions on Intelligent Systems, 2015, 10(6): 954–959. doi: 10.11992/tis.201507036

于永鵬, 嚴(yán)迎建, 李偉. SM3算法高速ASIC設(shè)計(jì)及實(shí)現(xiàn)[J]. 微電子學(xué)與計(jì)算機(jī), 2016, 33(4): 21–26. doi: 10.19304/j.cnki.issn1000-7180.2016.04.005

YU Yongpeng, YAN Yingjian, and LI Wei. High speed ASIC design and implementation of SM3 algorithm[J]. Microelectronics &Computer, 2016, 33(4): 21–26. doi: 10.19304/j.cnki.issn1000-7180.2016.04.005

JUANG W S. Efficient multi-server password authenticated key agreement using smart cards[J]. IEEE Transactions on Consumer Electronics, 2004, 50(1): 251–255. doi: 10.1109/TCE.2004.1277870

衛(wèi)士通. 商用PCI-E密碼卡[EB/OL]. http://www.westone.com.cn/index.php?m=content&c=index&a=show&catid=17&id=1, 2018.

WESTONE. Commercial PCI-E cipher card[EB/OL]. http://www.westone.com.cn/index.php?m=content&c=index&a=show&catid=17&id=1, 2018.

漁翁信息. 如何選擇商密加密卡[EB/OL]. http://www.fisec.com.cn/page118?article_id=30, 2017.

FISEC. How to Choose a commercial encryption card[EB/OL]. http://www.fisec.com.cn/page118?article_id=30, 2017.

西電捷通. 高速通用密碼卡之西電捷通綜合性測試分析[EB/OL]. http://www.sohu.com/a/124421829_446726, 2017.

IWNCOMM. Comprehensive test analysis of IWNCOMM with high-speed universal cipher card[EB/OL]. http://www.sohu.com/a/124421829_446726, 2017.

李軍, 陳君, 倪宏, 等. 基于多核協(xié)作的流媒體內(nèi)容緩存算法[J]. 網(wǎng)絡(luò)新媒體技術(shù), 2014, 3(4): 12–18. doi: 10.3969/j.issn.2095-347X.2014.04.003

LI Jun, CHEN Jun, NI Hong, et al. Multi-core platform based multimedia collaboration caching algorithm[J]. Journal of Network New Media, 2014, 3(4): 12–18. doi: 10.3969/j.issn.2095-347X.2014.04.003

相關(guān)文章

施引文獻(xiàn)

資源附件(0)

訪問統(tǒng)計(jì)