CN114567445B - Method, device, equipment and medium for transmitting signature verification data - Google Patents
Method, device, equipment and medium for transmitting signature verification data Download PDFInfo
- Publication number
- CN114567445B CN114567445B CN202210191172.6A CN202210191172A CN114567445B CN 114567445 B CN114567445 B CN 114567445B CN 202210191172 A CN202210191172 A CN 202210191172A CN 114567445 B CN114567445 B CN 114567445B
- Authority
- CN
- China
- Prior art keywords
- security chip
- signature verification
- reading
- data
- checked
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 121
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000005540 biological transmission Effects 0.000 claims abstract description 56
- 238000004590 computer program Methods 0.000 claims description 16
- 230000004044 response Effects 0.000 claims description 10
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 238000012512 characterization method Methods 0.000 abstract 1
- 238000012545 processing Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 235000015429 Mirabilis expansa Nutrition 0.000 description 1
- 244000294411 Mirabilis expansa Species 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 235000013536 miso Nutrition 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 229920006395 saturated elastomer Polymers 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7807—System on chip, i.e. computer system on a single chip; System in package, i.e. computer system on one or more chips in a single package
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, equipment and a medium for transmitting signature verification data, which comprise the following steps: adding an interface file in an SPI controller driver in advance, configuring an SPI register by using the interface file, and sequentially transmitting a plurality of to-be-checked data packets transmitted by a test program to a security chip through the SPI register; when the security chip is detected to receive all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result; if the read result is that the working state of the characterization security chip is the ready state, acquiring a signature verification result which is returned by the security chip and is specific to the data packet to be verified through the SPI register. According to the application, the interface file is added in the SPI controller driver, the SPI register configured by the interface file is utilized for receiving and transmitting the signature verification data, and the security chip sends the reading instruction to the security chip after receiving all the data packets to be verified, so that the SPI transmission rate and the utilization rate can be effectively improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for transmitting signature verification data.
Background
V2X (Vehicle to Everything) is a new generation of information communication technology for connecting a vehicle to everything, where V represents the vehicle, X represents any object that interacts information with the vehicle, and currently X mainly includes a vehicle (Vehicle to Vehicle, i.e., V2V), a person (Vehicle to Pedestrian, i.e., V2P), a traffic road side infrastructure (Vehicle to Infrastructure, i.e., V2I), and a network (Vehicle to Network, i.e., V2N). In V2X applications, a high-speed SM2 signature verification performance is required to meet the real-time performance of vehicle verification on external devices, and according to the current general requirements in the industry, in a PC5 message service model, when the vehicle periphery reaches 200 saturated numbers, the message sending rate of each node vehicle is 10 times/second, the message arrival rate of the current node vehicle reaches 2000 times/second, and in consideration of processing loss of communication and service messages, 20% of computing redundancy capacity needs to be reserved, and the SM2 signature verification interface performance of an SSF layer should not be lower than 2400 times/second.
The V2X function is generally integrated into Tbox, a domain controller or an antenna device, and the like, and in the main control chip industry of such devices, a vehicle-mounted SOC chip of NXP is generally adopted, and the communication interface provided by the main control SOC chip to the security chip is generally an SPI (serial peripheral interface SERIAL PERIPHERAL INTERFACE). The security chip provides security operation service for the main control SOC chip through the SPI interface, and a process commonly adopted by the security operation service is that the main control SOC chip sends a message to be processed to the security chip through the SPI, and after the security chip carries out password operation, the security chip sends an operation result to the main control SOC chip. Currently, on one hand, a main control SOC chip end adopts a SPIDEV driver of a Linux native type to interact with a security chip, a SPIDEV driver uses a Linux SPI driving frame, and finally, an SPI controller driver is called to transmit and receive with the security chip through SPI_message to SPI_transfer. The SPI driving is time-consuming in the mode, and the SPI transmission efficiency driven by an SPI controller of a commonly applied NXP SOC chip is low, so that the SPI transmission is a bottleneck of SM2 operation rate; on the other hand, when the security chip processes the data packet to be checked, a simplex processing mode of sending and receiving is generally adopted, because the security chip needs to receive the data and then carry out the password operation, the duplex processing capability of the SPI is ignored in the mode, and the concurrent processing of transmission and operation is not realized, so that the SPI has lower utilization efficiency in the mode, and the operation rate of SM2 is also influenced.
To sum up, how to improve the transmission efficiency and the utilization rate of the SPI for the signature verification data in V2X is a problem to be solved at present.
Disclosure of Invention
Accordingly, the present invention aims to provide a method, a device and a medium for transmitting signature verification data, which can improve the transmission efficiency and the utilization rate of SPI for the signature verification data in V2X. The specific scheme is as follows:
In a first aspect, the application discloses a signature verification data transmission method, which is applied to a main control SOC chip in V2X, and comprises the following steps:
Adding an interface file in an SPI controller driver in advance, configuring an SPI register by utilizing the interface file, and sequentially transmitting a plurality of data packets to be checked sent by a test program to a security chip through the SPI register;
when the security chip is detected to have received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result;
and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register.
Optionally, the sending, by the SPI register, the number of to-be-checked data packets sent by the test program to the security chip sequentially includes:
Performing writing operation based on the interface file through a test program, so that the SPI register obtains a plurality of data packets to be checked sent by the test program, and sequentially sends the plurality of data packets to be checked to a security chip;
Correspondingly, the step of obtaining, by the SPI register, the signature verification result returned by the security chip for the data packet to be signed, includes:
And executing reading operation based on the interface file through the test program, so that the SPI register reads the signature verification result returned by the security chip and aiming at the data packet to be verified, and sending the signature verification result to the test program.
Optionally, before the number of to-be-checked data packets sent by the test program are sequentially sent to the security chip through the SPI register, the method further includes:
packaging the signing verification operation command, the signing verification data segment and the verification code to obtain the data packet to be signed; the signature verification data segment comprises a signature verification instruction.
Optionally, after the number of to-be-checked data packets sent by the test program are sequentially sent to the security chip through the SPI register, the method further includes:
Returning response information used for representing that the main control SOC chip has received all the data packets to be checked to the main control SOC chip through the safety chip, so that the main control SOC chip determines that the safety chip has received all the data packets to be checked based on the response information; analyzing each received data packet to be checked in sequence by the security chip in the process of receiving the data packet to be checked so as to obtain the data segment to be checked corresponding to each data packet to be checked; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
Optionally, the signature verification data transmission method further includes:
Setting the working state to be a busy state in the signing verification operation process, and setting the working state to be a ready state after the signing verification operation is completed.
Optionally, after sending a reading instruction for reading the working state of the security chip to obtain a reading result, the method further includes:
And if the reading result is the busy state representing the working state of the security chip, re-executing the step of sending the reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state.
Optionally, the sending a reading instruction for reading the working state of the security chip to obtain a reading result includes:
If the number of the data packets to be checked is multiple, a reading instruction for reading the working state of the security chip for checking the last data packet to be checked is sent to the security chip, so that a corresponding reading result is obtained.
In a second aspect, the application discloses a signature verification data transmission device, which is applied to a main control SOC chip in V2X, and comprises:
The data transmission module is used for adding an interface file in the SPI controller driver in advance, configuring an SPI register by utilizing the interface file, and sequentially transmitting a plurality of to-be-checked data packets transmitted by the test program to the security chip through the SPI register;
the instruction sending module is used for sending a reading instruction for reading the working state of the security chip to the security chip when the security chip is detected to receive all the data packets to be checked, so as to obtain a reading result;
and the data acquisition module is used for acquiring a signature verification result which is returned by the security chip and is specific to the data packet to be signed through the SPI register if the reading result is that the working state of the security chip is the ready state.
In a third aspect, the present application discloses an electronic device, comprising:
a memory for storing a computer program;
and the processor is used for executing the computer program to realize the steps of the signature verification data transmission method.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein the computer program when executed by the processor implements the steps of the previously disclosed method for authenticating data transmission.
Therefore, an interface file is added in the SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then a plurality of data packets to be checked, which are sent by a test program, are sequentially sent to a security chip through the SPI register; when the security chip is detected to have received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result; and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register. Therefore, the SPI controller driver is added with the interface file, and the SPI register configured by the interface file is utilized to complete the receiving and transmitting work of the label checking data, so that the SPI controller driver can be avoided, and the system overhead of the main control SOC chip is further reduced; and when data are transmitted, a plurality of data packets to be checked, which are transmitted by the test program, are sequentially transmitted to the security chip through the SPI register, and a reading instruction is transmitted to the security chip after the security chip is detected to receive all the data packets to be checked, so that the transmission efficiency and the utilization rate of the SPI can be effectively improved by the technical scheme.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for transmitting verification data disclosed by the application;
FIG. 2 is a diagram showing a communication connection between a prior art master SOC chip and a security chip;
FIG. 3 is a flow chart illustrating a read instruction transmission method according to the present disclosure;
FIG. 4 is a flowchart of a specific method for transmitting verification data according to the present application;
FIG. 5 is a diagram illustrating a specific signature verification data transmission process according to the present disclosure;
FIG. 6 is a flow chart of reading and writing data according to one embodiment of the present disclosure;
FIG. 7 is a flow chart of reading and writing data according to the prior art;
FIG. 8 is a flowchart of a specific method for transmitting verification data according to the present disclosure;
FIG. 9 is a flow chart of a transmission and verification operation of a plurality of to-be-verified data packets according to the present application;
Fig. 10 is a waveform diagram of conventional SM2 signature data transmission according to the present disclosure;
FIG. 11 is a diagram illustrating a waveform interval time according to one embodiment of the present disclosure;
Fig. 12 is a waveform diagram of an improved SM2 signature data transmission according to the present disclosure;
FIG. 13 is a graph showing the waveform interval time of an improved embodiment of the present application;
Fig. 14 is a schematic structural diagram of a signature verification data transmission device according to the present disclosure;
fig. 15 is a block diagram of an electronic device according to the present disclosure.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the V2X application, when the main control SOC chip and the safety chip transmit and receive data, on one hand, the main control SOC chip end adopts SPIDEV drive of Linux to interact with the safety chip, SPIDEV drive uses a Linux SPI drive frame, and finally, the SPI controller drive is called to transmit and receive data with the safety chip through SPI_message to SPI_transfer. The SPI driving in the mode consumes more time when being called, and the SPI driving transmission efficiency of an SPI controller of a commonly applied NXP SOC chip is low; on the other hand, when the security chip processes the data packet to be checked, a simplex processing mode of sending and receiving is generally adopted, because the security chip needs to receive the data and then carry out the password operation, the duplex processing capability of the SPI is ignored in the mode, and the concurrent processing of transmission and operation is not realized, so that the SPI is low in utilization efficiency in the mode.
Referring to fig. 1, the embodiment of the application discloses a method for transmitting signature verification data, which comprises the following steps:
Step S11: an interface file is added in an SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then a plurality of data packets to be checked, which are sent by a test program, are sequentially sent to a security chip through the SPI register.
Fig. 2 discloses a communication connection diagram between a prior master control SOC chip and a prior safety chip, in V2X application, the safety chip is connected with the master control SOC chip as an SPI Slave, a firmware program is run in the safety chip, a test program at the master control SOC end accesses an SPI device file through a system interface to interact with the safety chip, the SPI in the diagram is a standard SPI interface, and there are MOSI, MISO, CS, CLK four signal lines, which may be 1-way or multiple-way SPIs. IO is some GPIO pins including a state pin, a wake pin, and a reset pin. And the master control SOC end is driven by an SPI controller in Linux to interact with the security chip. In this embodiment, an interface file is added in advance in the SPI controller driver, and then the SPI register is configured by using the interface file, so that the SPI register is directly controlled to transmit a plurality of data packets to be checked, which are transmitted by the test program, to the security chip. Therefore, the SPI controller can be avoided, and the system overhead of the main control SOC chip is further reduced.
Step S12: and when the security chip is detected to have received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
In this embodiment, after detecting that the security chip has received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip. It should be noted that, the working state of the security chip includes a ready state and a busy state, and the security chip mainly performs a signature verification operation, so the signature verification data transmission method further includes: setting the working state to be a busy state in the signing verification operation process, and setting the working state to be a ready state after the signing verification operation is completed. In addition, the embodiment of the application can obtain the working state of the security chip in a GPIO mode besides sending the reading instruction to the security chip to read the working state of the security chip.
Step S13: and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register.
In this embodiment, in a specific embodiment, if the read result indicates that the working state of the security chip is a ready state, it indicates that the security chip has completed the signature verification operation, and the signature verification result returned by the security chip for the data packet to be verified is obtained through the SPI register.
In another embodiment, after the sending the reading instruction for reading the working state of the security chip to obtain the reading result, the method further includes: and if the reading result is the busy state representing the working state of the security chip, re-executing the step of sending the reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state. Fig. 3 is a specific read instruction sending flow chart disclosed in the present application, that is, if the read result is that the working state of the security chip is a busy state, it indicates that the security chip is still in the process of checking the signature, then the read instruction for reading the working state of the security chip is sent to the security chip again at regular intervals until the read result is that the working state of the security chip is a ready state, and then the signature checking result is read from the security chip.
Therefore, an interface file is added in the SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then a plurality of data packets to be checked, which are sent by a test program, are sequentially sent to a security chip through the SPI register; when the security chip is detected to have received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result; and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register. Therefore, the SPI controller driver is added with the interface file, and the SPI register configured by the interface file is utilized to complete the receiving and transmitting work of the label checking data, so that the SPI controller driver can be avoided, and the system overhead of the main control SOC chip is further reduced; and when data are transmitted, a plurality of data packets to be checked, which are transmitted by the test program, are sequentially transmitted to the security chip through the SPI register, and a reading instruction is transmitted to the security chip after the security chip is detected to receive all the data packets to be checked, so that the transmission efficiency and the utilization rate of the SPI can be effectively improved by the technical scheme.
Referring to fig. 4, the embodiment of the application discloses a specific signature verification data transmission method, and compared with the previous embodiment, the embodiment further describes and optimizes the technical scheme. The method specifically comprises the following steps:
Step S21: an interface file is added in an SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then writing operation is executed based on the interface file through a test program, so that the SPI register obtains a plurality of data packets to be checked sent by the test program, and the plurality of data packets to be checked are sequentially sent to a security chip.
In this embodiment, the interface file added in the SPI controller driver may specifically be an SPI read-write interface file, and the user space program may directly read and write the interface. In the read-write interface, the SPI register is directly controlled without being driven by a Linux SPI controller, so that data receiving and transmitting are realized. Fig. 5 is a flowchart of a specific signature verification data transmission disclosed in the embodiment of the present application, it may be understood that when writing data, a test program is first executed based on an interface file, then an SPI register obtains a number of data packets to be signed written by the test program, and then data transmission is started to transmit the data packets to a security chip.
Step S22: and when the security chip is detected to have received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
Step S23: and if the reading result is that the working state representing the security chip is the ready state, executing reading operation based on the interface file through the test program so that the SPI register reads the signature verification result returned by the security chip and aiming at the data packet to be signed, and sending the signature verification result to the test program.
In this embodiment, as can be understood, referring to fig. 5, when the working state of the security chip is the ready state, the data is read, the read operation is performed based on the interface file through the test program, then the SPI register starts the data reception, reads the signature verification result returned by the security chip for the data packet to be verified, and sends the signature verification result to the test program.
After the technical scheme disclosed by the embodiment of the application is adopted, a specific data reading and writing flow is disclosed in fig. 6. Fig. 7 is a conventional data read-write flow chart, in fig. 7, from the VFS interface call to the SPI data transceiving, the system takes about 50us, and the time consumption is mainly about 45us after the sys_sync interface takes time, and after the flow in fig. 6 is changed, one time of signature verification can be reduced. The interface Sysfs is a read-write interface for the user space in the interface file added in the embodiment, and is used for interacting with the device.
For more specific processing in step S22, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here.
In the application, write operation is firstly performed by the test program based on the pre-configured interface file, so that the SPI register obtains a plurality of data packets to be checked sent by the test program, and sequentially sends the plurality of data packets to be checked to the security chip, and when the working state of the security chip is a ready state, read operation is firstly performed by the test program based on the interface file, so that the SPI register reads the check result returned by the security chip and aiming at the data packets to be checked, and the check result is sent to the test program. Through the technical scheme of adding the interface file in the SPI controller drive, the transmission efficiency of the SPI can be effectively improved.
Referring to fig. 8, an embodiment of the present application discloses a specific method for transmitting signature verification data, and compared with the previous embodiment, the present embodiment further describes and optimizes a technical scheme. The method specifically comprises the following steps:
Step S31: an interface file is added in an SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then a plurality of data packets to be checked, which are sent by a test program, are sequentially sent to a security chip through the SPI register.
In this embodiment, before the above-mentioned several to-be-checked data packets sent by the test program are sequentially sent to the security chip through the SPI register, the method further includes: packaging the signing verification operation command, the signing verification data segment and the verification code to obtain the data packet to be signed; the signature verification data segment comprises a signature verification instruction. That is, the master control SOC chip needs to encapsulate the signature verification operation command, the signature verification data segment and the check code according to a specified format to obtain a data packet to be verified.
Step S32: returning response information used for representing that the main control SOC chip has received all the data packets to be checked to the main control SOC chip through the safety chip, so that the main control SOC chip determines that the safety chip has received all the data packets to be checked based on the response information; analyzing each received data packet to be checked in sequence by the security chip in the process of receiving the data packet to be checked so as to obtain the data segment to be checked corresponding to each data packet to be checked; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
In this embodiment, after receiving all the data packets to be checked, the security chip needs to return response information to the master control SOC chip, so that the master control SOC chip determines, based on the response information, that the security chip has received all the data packets to be checked. In addition, in the process of receiving the data packets to be checked, the security chip needs to analyze each received data packet to be checked in turn, and perform the check operation on the check data segment obtained by analysis according to the check instruction to obtain the check result. Specifically, the security chip starts operation after receiving the first data packet to be checked, and can continuously receive the subsequent data packet to be checked, so that the concurrence processing of SPI transmission and algorithm operation is realized, and the operation performance and the SPI utilization rate can be effectively improved.
Step S33: and when the security chip is detected to have received all the data packets to be checked, sending a reading instruction for reading the working state of the security chip to obtain a reading result.
In this embodiment, the main control SOC chip obtains whether the signature verification instruction is executed or not through the read instruction, and when the signature verification instruction is executed, the working state of the security chip is changed from the busy state to the ready state, and then the corresponding read result is the ready state. It should be noted that, the sending, to the security chip, a reading instruction for reading the working state of the security chip to obtain a reading result may specifically include: if the number of the data packets to be checked is multiple, a reading instruction for reading the working state of the security chip for checking the last data packet to be checked is sent to the security chip, so that a corresponding reading result is obtained. That is, when the number of the data packets to be checked is more than one, only the working state of the security chip for checking the last data packet to be checked is required to be queried. For example, fig. 9 discloses a transmission and signature verification operation flowchart of a plurality of data packets to be verified, when the number of the data packets to be verified is 4, each data packet to be verified is marked as one Job, job0, job1, job2, job3 in turn, job0, job1, job2, job3 are transmitted to a security chip, and each data packet to be verified includes an SSI Bridge write instruction, a signature verification data segment and a CRC32 check code. And when receiving the Job0, the security chip starts to execute the signature verification operation on the signature verification instruction of the Job0, and simultaneously continues to receive the Job1, so as to realize concurrent processing of the received data and the signature verification operation, and ensure that Job0, job1, job2 and Job3 are operated in sequence when executing the signature verification operation. When Job3 transmission is completed, it represents that all the 4 to-be-checked signature data packets are transmitted. At this time, a reading instruction is sent to the security chip to inquire the working state of the security chip, and because the security chip sequentially executes the label checking operation on Job0, job1, job2 and Job3, the master control SOC end only needs to inquire the state of Job3, and when the master control SOC chip inquires that the working state of the security chip aiming at Job3 is the ready state, the label checking result starts to be read.
Step S34: and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register.
For more specific processing in step S34, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here.
In the application, the data packet to be checked is obtained by packaging the check operation command, the check data segment and the check code; the security chip analyzes each received data packet to be checked in sequence in the process of receiving a plurality of data packets to be checked, performs the check operation on the check data segments obtained through analysis according to the check instruction to obtain a check result, starts operation after receiving the first data packet to be checked, can continuously receive the subsequent data packets to be checked, realizes the concurrence of SPI transmission and algorithm operation, and can effectively improve the operation performance and the SPI utilization rate. In addition, when the number of the data packets to be checked is more than one, only the working state of the security chip for checking the signature operation of the last data packet to be checked is required to be inquired.
Taking SM2 signature verification operation as an example, before the technical scheme in the present application is not adopted, for the transmission waveforms of APDU (16 bytes) + KeyData (64 bytes) +msg (32 bytes) +rs (64 bytes) in the data segment, as shown in fig. 10, in the signature verification flow of the data segment, the transmission time of the main control SOC chip for issuing the data packet to be verified is 279us, the execution time of the signature verification command is 377us, the transmission time of the response data packet is 123us, and the total time is 779us. The test was cycled 1000 times for about 787ms, resulting in a signature verification performance of 1271 times/second. According to this driving scheme, the interval time between SCKs (i.e. serial clocks) in the SPI waveform is relatively long, and taking the i.mx8m SOC of NXP as an example, the specific analysis is as follows:
In the DMA (Direct Memory Access, i.e., direct memory access) mode, as shown in fig. 11, the minimum interval between every 16Bytes is 220ns, and every 64Bytes has an indefinite interval, so as to ensure that FIFO data transmission and reception are completed. Starting from the VFS interface call to the SPI data transceiving, the system takes about 50us, which is the CPU overhead for the VFS to SPI controller to send out the data. Based on the characteristics, taking a signature verification command as an example, the main control end transmits data as follows: APDU (16 bytes) + KeyData (64 bytes) +msg (32 bytes) +rs (64 bytes) =176 bytes) has a transmission time of 279us. And adding the transmission time of the response packet, wherein the SPI transmission time of one-time signature verification operation is more than 400 us. The SPI transmission becomes a performance bottleneck of the master control SOC chip signature verification interface.
After the technical scheme of the application is adopted, the interval diagram between the transmission waveform diagram and the Byte is shown in fig. 12 and 13, and in the data receiving and transmitting process, the interval of every 64bytes is 8us, and compared with the original driving scheme, the transmission of 64bytes is reduced by 24us; the interval of every 4Bytes is 220ns, and every 4Bytes are reduced by 660ns compared with the original driving; because data is received and transmitted without passing through the Linux SPI driving frame, SPI controller registers are directly operated, system scheduling overhead is reduced, and the time is shortened by about 45 us. The time for transmitting APDU (16 bytes) + KeyData (64 bytes) +msg (32 bytes) +rs (64 bytes) =176 bytes after optimization was 157us. The whole signature verification operation is carried out, and the transmission time is changed from 402us to 253us. The transmission efficiency is improved by 60 percent.
And by adopting a multi-data packet sending scheme, the concurrency data of SPI transmission and signature verification operation can be realized, and after the test, the SM2 signature verification performance can be improved from 1200 times/second to 2600 times/second. Can meet the requirement of V2X on the signing rate. Therefore, through the technical scheme of the application, the transmission efficiency and the utilization rate of the SPI can be effectively improved, and the requirement of V2X on the signature verification rate is met.
Referring to fig. 14, the embodiment of the application discloses a signature verification data transmission device, which is applied to a main control SOC chip in V2X, and includes:
The data transmitting module 11 is configured to add an interface file in advance in an SPI controller driver, configure an SPI register with the interface file, and sequentially transmit a plurality of to-be-checked data packets transmitted by a test program to a security chip through the SPI register;
the instruction sending module 12 is configured to send a reading instruction for reading the working state of the security chip to the security chip when it is detected that the security chip has received all the data packets to be checked, so as to obtain a reading result;
And the data acquisition module 13 is configured to acquire a signature verification result returned by the security chip for the data packet to be signed through the SPI register if the read result indicates that the working state of the security chip is a ready state.
Therefore, an interface file is added in the SPI controller driver in advance, an SPI register is configured by utilizing the interface file, and then a plurality of data packets to be checked, which are sent by a test program, are sequentially sent to a security chip through the SPI register; when the security chip is detected to have received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result; and if the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register. Therefore, the SPI controller driver is added with the interface file, and the SPI register configured by the interface file is utilized to complete the receiving and transmitting work of the label checking data, so that the SPI controller driver can be avoided, and the system overhead of the main control SOC chip is further reduced; and when data are transmitted, a plurality of data packets to be checked, which are transmitted by the test program, are sequentially transmitted to the security chip through the SPI register, and a reading instruction is transmitted to the security chip after the security chip is detected to receive all the data packets to be checked, so that the transmission efficiency and the utilization rate of the SPI can be effectively improved by the technical scheme.
Fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Specifically, the method comprises the following steps: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is configured to store a computer program that is loaded and executed by the processor 21 to implement the relevant steps in the signature data transmission method performed by the computer device as disclosed in any of the foregoing embodiments.
In this embodiment, the power supply 23 is used to provide an operating voltage for each hardware device on the computer device 20; the communication interface 24 can create a data transmission channel between the computer device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented in at least one hardware form of DSP (DIGITAL SIGNAL Processing), FPGA (Field-Programmable gate array), PLA (Programmable Logic Array ). The processor 21 may also include a main processor, which is a processor for processing data in an awake state, also called a CPU (Central Processing Unit ), and a coprocessor; a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an AI (ARTIFICIAL INTELLIGENCE ) processor for processing computing operations related to machine learning.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon include an operating system 221, a computer program 222, and data 223, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the computer device 20 and the computer program 222, so as to implement the operation and processing of the processor 21 on the mass data 223 in the memory 22, which may be Windows, unix, linux. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the method of authenticating data transmission performed by the computer device 20 as disclosed in any of the embodiments previously described. The data 223 may include, in addition to data received by the computer device and transmitted from an external device, data collected by the input/output interface 25 itself, and so on.
Further, the embodiment of the application also discloses a computer readable storage medium, wherein the storage medium stores a computer program, and when the computer program is loaded and executed by a processor, the method steps executed in the signature verification data transmission process disclosed in any embodiment are realized.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above detailed description of the method, the device, the equipment and the storage medium for transmitting the signature verification data provided by the invention applies specific examples to illustrate the principle and the implementation of the invention, and the above examples are only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (9)
1. The signature verification data transmission method is applied to a main control SOC chip in V2X and is characterized by comprising the following steps of:
Adding an interface file in an SPI controller driver in advance, configuring an SPI register by utilizing the interface file, and sequentially transmitting a plurality of data packets to be checked sent by a test program to a security chip through the SPI register;
when the security chip is detected to have received all the data packets to be checked, a reading instruction for reading the working state of the security chip is sent to the security chip to obtain a reading result;
If the read result is that the working state representing the security chip is a ready state, acquiring a signature verification result returned by the security chip and aiming at the data packet to be signed through the SPI register;
the sending, to the security chip, a reading instruction for reading the working state of the security chip to obtain a reading result includes:
If the number of the data packets to be checked is multiple, a reading instruction for reading the working state of the security chip for checking the last data packet to be checked is sent to the security chip, so that a corresponding reading result is obtained.
2. The method for transmitting signature verification data according to claim 1, wherein the sequentially transmitting the number of the data packets to be signed transmitted by the test program to the security chip through the SPI register includes:
Performing writing operation based on the interface file through a test program, so that the SPI register obtains a plurality of data packets to be checked sent by the test program, and sequentially sends the plurality of data packets to be checked to a security chip;
Correspondingly, the step of obtaining, by the SPI register, the signature verification result returned by the security chip for the data packet to be signed, includes:
And executing reading operation based on the interface file through the test program, so that the SPI register reads the signature verification result returned by the security chip and aiming at the data packet to be verified, and sending the signature verification result to the test program.
3. The method for transmitting signature verification data according to claim 1, wherein before sequentially transmitting the number of data packets to be signed sent by the test program to the security chip through the SPI register, the method further comprises:
packaging the signing verification operation command, the signing verification data segment and the verification code to obtain the data packet to be signed; the signature verification data segment comprises a signature verification instruction.
4. The method for transmitting signature verification data according to claim 3, wherein after the number of the to-be-verified data packets sent by the test program are sequentially sent to the security chip through the SPI register, the method further comprises:
Returning response information used for representing that the main control SOC chip has received all the data packets to be checked to the main control SOC chip through the safety chip, so that the main control SOC chip determines that the safety chip has received all the data packets to be checked based on the response information; analyzing each received data packet to be checked in sequence by the security chip in the process of receiving the data packet to be checked so as to obtain the data segment to be checked corresponding to each data packet to be checked; and executing corresponding signature verification operation on each signature verification data segment based on the signature verification instruction in the signature verification data segment to obtain the signature verification result.
5. The method for transmitting verification data according to claim 4, further comprising:
Setting the working state to be a busy state in the signing verification operation process, and setting the working state to be a ready state after the signing verification operation is completed.
6. The method for transmitting tag verification data according to claim 5, wherein after transmitting a reading instruction for reading an operation state of the security chip to obtain a reading result, further comprising:
And if the reading result is the busy state representing the working state of the security chip, re-executing the step of sending the reading instruction for reading the working state of the security chip to the security chip at preset time intervals until the reading result is the ready state.
7. The utility model provides a signature verification data transmission device, is applied to the master control SOC chip in V2X, and its characterized in that includes:
The data transmission module is used for adding an interface file in the SPI controller driver in advance, configuring an SPI register by utilizing the interface file, and sequentially transmitting a plurality of to-be-checked data packets transmitted by the test program to the security chip through the SPI register;
the instruction sending module is used for sending a reading instruction for reading the working state of the security chip to the security chip when the security chip is detected to receive all the data packets to be checked, so as to obtain a reading result;
the data acquisition module is used for acquiring a signature verification result returned by the security chip aiming at the data packet to be signed through the SPI register if the reading result is used for indicating that the working state of the security chip is a ready state;
The instruction sending module is specifically configured to send a reading instruction for reading a working state of the security chip for performing the signature verification operation on the last data packet to be verified to the security chip if the number of the data packets to be verified is multiple, so as to obtain a corresponding reading result.
8. An electronic device, comprising:
a memory for storing a computer program;
A processor for executing the computer program to implement the steps of the method for transmission of signature verification data as claimed in any one of claims 1 to 6.
9. A computer-readable storage medium storing a computer program; wherein the computer program when executed by a processor implements the steps of the method for transmission of signature verification data as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210191172.6A CN114567445B (en) | 2022-02-28 | 2022-02-28 | Method, device, equipment and medium for transmitting signature verification data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210191172.6A CN114567445B (en) | 2022-02-28 | 2022-02-28 | Method, device, equipment and medium for transmitting signature verification data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114567445A CN114567445A (en) | 2022-05-31 |
| CN114567445B true CN114567445B (en) | 2024-09-06 |
Family
ID=81714982
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210191172.6A Active CN114567445B (en) | 2022-02-28 | 2022-02-28 | Method, device, equipment and medium for transmitting signature verification data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114567445B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116627775B (en) * | 2023-07-24 | 2023-09-29 | 北京大学 | Writing optimization method and device for stateful server non-perception function |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143259A (en) * | 2019-12-31 | 2020-05-12 | 大唐半导体科技有限公司 | A multi-wire SPI flash controller |
| CN112702173A (en) * | 2020-12-23 | 2021-04-23 | 上海芯钛信息科技有限公司 | Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on batch operation mechanism |
| CN112737789A (en) * | 2020-12-23 | 2021-04-30 | 上海芯钛信息科技有限公司 | Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on two-way SPI (Serial peripheral interface) concurrency |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101630599B1 (en) * | 2015-02-16 | 2016-06-16 | 주식회사 이노와이어리스 | Serial peripheral interface with control logic for system performance improvement, and method therefor |
| CN210609141U (en) * | 2019-12-16 | 2020-05-22 | 东软睿驰汽车技术(沈阳)有限公司 | Vehicle-mounted unit |
| US11443074B2 (en) * | 2020-04-09 | 2022-09-13 | Hewlett Packard Enterprise Development Lp | Verification of programmable logic devices |
| CN113572795B (en) * | 2020-04-28 | 2023-10-27 | 广州汽车集团股份有限公司 | Vehicle safety communication method, system and vehicle-mounted terminal |
| CN113795008B (en) * | 2021-03-29 | 2022-08-02 | 荣耀终端有限公司 | V2X signature verification method and device, electronic equipment and readable storage medium |
-
2022
- 2022-02-28 CN CN202210191172.6A patent/CN114567445B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111143259A (en) * | 2019-12-31 | 2020-05-12 | 大唐半导体科技有限公司 | A multi-wire SPI flash controller |
| CN112702173A (en) * | 2020-12-23 | 2021-04-23 | 上海芯钛信息科技有限公司 | Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on batch operation mechanism |
| CN112737789A (en) * | 2020-12-23 | 2021-04-30 | 上海芯钛信息科技有限公司 | Method for realizing high-speed cryptographic operation of vehicle-mounted communication gateway based on two-way SPI (Serial peripheral interface) concurrency |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114567445A (en) | 2022-05-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN211376201U (en) | Command read-write device and memory | |
| CN108574580A (en) | Real-time simulation communication system and method | |
| CN113849238B (en) | Data communication method, device, electronic equipment and readable storage medium | |
| CN114567445B (en) | Method, device, equipment and medium for transmitting signature verification data | |
| CN108920193A (en) | SDIO communication interface realization method and device between FPGA and CPU | |
| CN117472815A (en) | Storage module conversion interface under AXI protocol and conversion method thereof | |
| CN115904259B (en) | Processing method and related device of nonvolatile memory standard NVMe instruction | |
| CN117708029A (en) | PCIE topology structure simulation method, device, equipment and medium | |
| CN117724874A (en) | Method, computer device and medium for managing shared receive queues | |
| CN111371799B (en) | Method, device and equipment for controlling data receiving and transmitting of MCTP (Multi-channel media Port) controller | |
| Visconti et al. | Operation principle, advanced procedures and validation of a new Flex-SPI communication Protocol for smart IoT devices | |
| CN114095303B (en) | Communication device, data transmission method and electronic device | |
| JP2008521080A5 (en) | ||
| CN115756322A (en) | Data storage method and device, electronic equipment and storage medium | |
| CN113721999A (en) | Descriptor linked list processing method, device, equipment, system and medium | |
| CN112882985A (en) | Data transmission system, method, device and medium | |
| CN117176837A (en) | Data transmission method, device, equipment and medium | |
| CN114510443B (en) | Data transmission method and system | |
| CN114953465B (en) | 3D printing method based on Marlin firmware | |
| CN112631975B (en) | SPI transmission method based on Linux | |
| CN102466761B (en) | Method and system for obtaining completed spectral data and apparatuses | |
| CN109947572B (en) | Communication control method, device, electronic device and storage medium | |
| CN117407336A (en) | DMA transmission method and device, SOC and electronic equipment | |
| CN110399322B (en) | A data transmission method and ping-pong DMA architecture | |
| CN117472819A (en) | PXIe-based DMA data transmission processing method, system and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |