千兆国产化商用密码卡技术
|
摘要
随着国产可编程逻辑芯片、国产存储器件及国产处理器芯片的飞速发展,紧跟国家主管部门的技术要求,基于自主研制的高效安全密码产品的设计思想,研制开发了一款国产化的商用千兆PCIE密码卡(以下简称:密码卡)。该密码卡的主控制器采用国产的X1000E芯片、各算法实现引擎、各存储器件、物理噪声源及配套外设USBKey均实现国产化,满足国密局相关的技术要求和准入行业相关标准,高效实现了SM1/2/3/4算法。对称算法和哈希算法性能接近1 Gb/s,非对称运算签名性能大于50000 tps,设备驱动程序自主开发,兼容性和稳定性好。密码卡成本较低,具有很好的商用前景。
With the high-speed development of domestic FPGA chips, domestic storages and Embedded CPUs, for keeping abreast of the technical requirement of the competent state departments, and based on the idea of independently-developed high-efficient secure cipher products, a home-made commercial Gigabit cipher card(here in after referred to as cipher card) is developed. The main controller of the cipher card adopts X1000 E CPU chip made in China, and the engine of each algorithm, storages, physical noise source,as well as supporting peripheral USBkey are localized, which meet the relevant technical requirement of state Crypto Bureau and the relevant standards of the entry industry, and realize the SM 1/2/3/4 algorithms efficiently. The performance of SM 1/3/4 is close to 1 Gbps, while the performance of SM2 signature greater than 50000 tps. The Most of components of the card are domestic, such as CPU, algorithm co-operator, all storages, random chips, and USBkey. The characters of card meet the technique requirements of policy and criterions of certain domains. The card has good performance in SM1/2/3/4 algorithms, SM1/3/4 speed are close to 1 Gbps, SM2 sign speed is above 50000 tps. The device drivers are developed independently with good compatibility and stability. The cost of crypto card is low, and it has a good application prospect.
With the high-speed development of domestic FPGA chips, domestic storages and Embedded CPUs, for keeping abreast of the technical requirement of the competent state departments, and based on the idea of independently-developed high-efficient secure cipher products, a home-made commercial Gigabit cipher card(here in after referred to as cipher card) is developed. The main controller of the cipher card adopts X1000 E CPU chip made in China, and the engine of each algorithm, storages, physical noise source,as well as supporting peripheral USBkey are localized, which meet the relevant technical requirement of state Crypto Bureau and the relevant standards of the entry industry, and realize the SM 1/2/3/4 algorithms efficiently. The performance of SM 1/3/4 is close to 1 Gbps, while the performance of SM2 signature greater than 50000 tps. The Most of components of the card are domestic, such as CPU, algorithm co-operator, all storages, random chips, and USBkey. The characters of card meet the technique requirements of policy and criterions of certain domains. The card has good performance in SM1/2/3/4 algorithms, SM1/3/4 speed are close to 1 Gbps, SM2 sign speed is above 50000 tps. The device drivers are developed independently with good compatibility and stability. The cost of crypto card is low, and it has a good application prospect.
引文
[1]MindShare Inc,Ravi Budruk,Don Anderson.PCI Express System Architecture[M].US:Addison Wesley Publishing Company,2003:96-198.
[2]国家密码管理局.GM/T 0002-2012.SM4分组密码算法[S].北京:国家密码管理局.1-5[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0002-2012.SM4 Block Cipher Algorithm[S].Beijing:China Cryptography Administration.1-5[2019].China Cryptography Administration Official Website.
[3]国家密码管理局.GM/T 0003-2012.SM2椭圆曲线公钥密码算法[S].北京:国家密码管理局.1-10[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0003-2012.Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves[S].Beijing:China Cryptography Administration.1-10[2019].China Cryptography Administration Official Website.
[4]国家密码管理局.GM/T 0004-2012.SM3密码杂凑算法[S].北京:国家密码管理局.1-11[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0004-2012.SM3 Cryptographic Hash Algorithm[S].Beijing.China Cryptography Administration.1-11[2019].China Cryptography Administration Official Website.
[5]朱河清.深入浅出DPDK[专著][M].北京:机械工业出版社,2016.ZHU He-qing.Easy to Understand DPDK[M].Beijing:China Machine Press,2016.
[6]张磊,刘艳霞.Linux的虚拟内存管理和Cache机制探析[J].焦作大学学报,2004,18(4):24-25.ZHANG Lei,LIU Yan-xia.Analysis of Virtual Memory Management And Cache Mechanism of Linux[J].Jiaozuo:Journal of Jiaozuo University,2004,18(4):24-25.
[7]曹宗凯,胡晨,姚国良.DMA在内存间数据拷贝中的应用及其性能分析[J].电子器件,2007,30(1):311-313.CAO Zong-kai,HU Chen,YAO Guo-liang.Implementation And Performance Analysis of Data Copy Between Memory by DMA[J].Electron Devices,2007,30(1):311-313.
[8]曹彦荣,张锐.DMA传输与Cache一致性分析[J].硅谷,2014(8):39-40.CAO Yan-rong,ZHANG Rui.Analysis of DMA Transport And Cache Consistency[J].Silicon Valley,2004(8):39-40.
[9]杜小洪.高性能DMA控制器及软件模型设计[D].成都:电子科技大学,2012.DU Xiao-hong.Design of High Performance DMAController And Software Model[D].Chengdu:University of Electronic Science and Technology of China,2012.
[10]国家密码管理局.GM/T 0028-2014.密码模块安全技术要求[S].北京:国家密码管理局.1-48[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0028-2014.Security Technical Requirements for Cryptographic Modules[S].Beijing.China Cryptography Administration.1-48[2019].China Cryptography Administration Official Website.
[11]国家密码管理局.GM/T 0039-2015.密码模块安全检测要求[S].北京:国家密码管理局.1-90[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0039-2015.Security Testing Requirements for Cryptographic Modules[S].Beijing:China Cryptography Administration.1-90[2019].China Cryptography Administration Official Website.
[12]国家密码管理局.GM/T 0018-2012.密码设备应用接口规范[S].北京.国家密码管理局.1-27[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0018-2012.Crypto Equipment Application Interface Specification[S].Beijing:China Cryptography Administration.1-27[2019].China Cryptography Administration Official Website.
[2]国家密码管理局.GM/T 0002-2012.SM4分组密码算法[S].北京:国家密码管理局.1-5[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0002-2012.SM4 Block Cipher Algorithm[S].Beijing:China Cryptography Administration.1-5[2019].China Cryptography Administration Official Website.
[3]国家密码管理局.GM/T 0003-2012.SM2椭圆曲线公钥密码算法[S].北京:国家密码管理局.1-10[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0003-2012.Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves[S].Beijing:China Cryptography Administration.1-10[2019].China Cryptography Administration Official Website.
[4]国家密码管理局.GM/T 0004-2012.SM3密码杂凑算法[S].北京:国家密码管理局.1-11[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0004-2012.SM3 Cryptographic Hash Algorithm[S].Beijing.China Cryptography Administration.1-11[2019].China Cryptography Administration Official Website.
[5]朱河清.深入浅出DPDK[专著][M].北京:机械工业出版社,2016.ZHU He-qing.Easy to Understand DPDK[M].Beijing:China Machine Press,2016.
[6]张磊,刘艳霞.Linux的虚拟内存管理和Cache机制探析[J].焦作大学学报,2004,18(4):24-25.ZHANG Lei,LIU Yan-xia.Analysis of Virtual Memory Management And Cache Mechanism of Linux[J].Jiaozuo:Journal of Jiaozuo University,2004,18(4):24-25.
[7]曹宗凯,胡晨,姚国良.DMA在内存间数据拷贝中的应用及其性能分析[J].电子器件,2007,30(1):311-313.CAO Zong-kai,HU Chen,YAO Guo-liang.Implementation And Performance Analysis of Data Copy Between Memory by DMA[J].Electron Devices,2007,30(1):311-313.
[8]曹彦荣,张锐.DMA传输与Cache一致性分析[J].硅谷,2014(8):39-40.CAO Yan-rong,ZHANG Rui.Analysis of DMA Transport And Cache Consistency[J].Silicon Valley,2004(8):39-40.
[9]杜小洪.高性能DMA控制器及软件模型设计[D].成都:电子科技大学,2012.DU Xiao-hong.Design of High Performance DMAController And Software Model[D].Chengdu:University of Electronic Science and Technology of China,2012.
[10]国家密码管理局.GM/T 0028-2014.密码模块安全技术要求[S].北京:国家密码管理局.1-48[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0028-2014.Security Technical Requirements for Cryptographic Modules[S].Beijing.China Cryptography Administration.1-48[2019].China Cryptography Administration Official Website.
[11]国家密码管理局.GM/T 0039-2015.密码模块安全检测要求[S].北京:国家密码管理局.1-90[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0039-2015.Security Testing Requirements for Cryptographic Modules[S].Beijing:China Cryptography Administration.1-90[2019].China Cryptography Administration Official Website.
[12]国家密码管理局.GM/T 0018-2012.密码设备应用接口规范[S].北京.国家密码管理局.1-27[2019].国家密码管理局官网.China Cryptography Administration.GM/T 0018-2012.Crypto Equipment Application Interface Specification[S].Beijing:China Cryptography Administration.1-27[2019].China Cryptography Administration Official Website.