TWI351864B - Apparatus and method for employing cyrptographic f - Google Patents

Description

。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 This is related to the following undetermined U.S. patent applications having the same assignee and at least one of the same inventors.

No. Application Title 60/556093 03/25/04 APPARATUS AND METHOD FOR EMPLOYING CYRPTOGRAPHIC FUNCTIONS TO GENERATE A MESSAGE DIGEST 60/571122 05/14/04 APPARATUS AND METHOD FOR EMPLOYING CYRPTOGRAPHIC FUNCTIONS TO GENERATE A MESSAGE DIGEST 60/582422 06/ 24/04 SECURITY APPLICATION NOTE 10/674057 09/29/03 MICROPROCESSOR APPARATUS AND METHOD FOR PERFORMING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 10/800768 03/15/04 MICROPROCESSOR APPARATUS AND METHOD FOR OPTIMIZING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 6 1351864

10/727973 12/04/03 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 10/800938 03/15/04 MICROPROCESSOR APPARATUS AND METHOD FOR EMPLOYING CONFIGURABLE BLOCK CIPHER CRYPTOGRAPHIC ALGORITHMS 10/800983 03/15/04 APPARATUS AND METHOD FOR PROVIDING USER-GENERATED KEY SCHEDULE IN A MICROPROCESSOR CRYPTOGRAPHIC ENGINE 10/826435 04/16/04 MICROPROCESSOR APPARATUS AND METHOD FOR PROVIDING CONFIGURABLE CRYPTOGRAPHIC BLOCK CIPHER ROUND RESULTS 10/82643 04/16/04 MICROPROCESSOR APPARATUS AND METHOD FOR ENABLING CONFIGURABLE DATA BLOCK SIZE IN A CRYPTOGRAPHIC ENGINE 10/826475 04/16/04 ( < MICROPROCESSOR APPARATUS AND METHOD FOR PROVIDING CONFIGURABLE CRYPTOGRAPHIC KEY SIZE 7 1351864

10/730167 12/05/03 MICROPROCESSOR APPARATUS AND METHOD FOR PERFORMING BLOCK CIPHER CRYPTOGRAPHIC FUNCTIONS 10/826814 04/16/04 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT CIPHER BLOCK CHAINING MODE CRYPTOGRAPHIC FUNCTIONS 10/826428 04/16/04 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT CIPHER FEEDBACK MODE CRYPTOGRAPHIC FUNCTIONS 10/826745 04/16/04 APPARATUS AND METHOD FOR PERFORMING TRANSPARENT OUTPUT FEEDBACK MODE CRYPTOGRAPIC FUNCTIONS 10/826632 04/16/04 APPARATUS AND METHOD FOR GENERATING A CRYPTOGRAPHIC KEY SCHEDULE IN A MICROPROCESSOR The field of electronics, in particular, relates to devices and methods for generating message digests in microprocessors. [Prior Art] Early computer systems and other computer systems operate in an independent manner, since the input data required for the application being executed is not located therein and is provided by the application designer at the time of execution. When the application is executed, its 8 !351864 will generate an output file, and the formula is written to the tape, the form of the optical tablet 'i 9-side output data device: or:! In the storage system, the lower-two;:two!_ can be used as the same-computer first in the recognition case or when the output data file is a portable storage device (4), which can be used as the computer of the same phase. In the system, the application's round-in /=T=t, generally TM 2: 2, so that the η times and other protection measures have been developed to protect sensitive resources." One or two: Allowed to disclose 'the general practice is to secretly = r cut the number of rounds of the job in the job, add a point, have a better than the sharing, the sharing of data more prominent functions. Use today's computer workstations It is generally available on different workstations, or you can use the Internet to get new /, mube, or send and receive e-mails between screen computers, or with a vendor computer. The system is connected to provide a letter card or silver _ _ information to the vendor (4) to order products, or to use any wireless network in restaurants, airports or other public places to carry out any of the above (4). Therefore, the need for unauthorized access to sensitive information is not sufficient. There are also many examples of the need to protect sensitive information during the period. It is not difficult to know from various news headlines, 'the horrific issues of computer information security are on the table ^ 9 1351864 Spam, Internet 骇Customer, identity theft, reverse engineering, network fooling and credit card fraud, etc., and other means related to the public, etc., and because of the intrusion of such privacy violations, the network has been premeditated, so k related The units have been countered by various new laws, strict terms and public education; however, none of these measures have been deterring this computer information.

I achieved effective results in the crisis, so the issue that was only of concern to governments, financial institutions, military units, and spies in the past has now become a problem for people who use their computers to read e-mails or conduct account transactions. Be alert to one of the big problems. It is not difficult for computer network practitioners to understand that existing large and small companies are required to place a considerable portion of their resources on the protection of their private information in commercial transactions. The techniques and mechanisms that provide users with a password to encrypt the data and only have to decode it for a particular person or entity are called encryption techniques. When using encryption technology to protect data on a computer or between computers, it most often converts sensitive information (the industry becomes "plaintext" or "cleartext") into an uninterpretable format. (The industry calls it "ciphertext"). This method of converting unencrypted files into ciphertext is called "encryption", "password compilation" or "password addition", and the ciphertext is converted back to The reverse conversion method of the encrypted file is called "decryption", "password cracking" or "password removal". In terms of encryption technology, a variety of encryption programs and protocols have been developed for users to enable users to transmit their information in encrypted form without the need for extensive background knowledge and research' or to encrypt their information products. Available to other different users in the form. In addition to providing such encrypted information, the 10 1351864 sending end user generally also provides a receiving end user with a "password key" to enable the receiving end user to decode the encrypted information, so that the receiving end user The encrypted original information may be replied to readable information or used to obtain the original information, and the programs and agreements are known to those skilled in the art.

Known by V. « When encrypting or decoding data, the algorithm for this type of password (ie public key cryptographic algorithm such as RSA algorithm) is based on a second cryptographic key, which is public key and private. Use the key. In some public key algorithms, the sender encrypts the data to be transmitted to the receiving end using a receiving public key. Since the user's public and private keys have a mathematical relationship, the receiving end must decode the transmitted data with its private key to reply to the original appearance of the data. Although this type of cryptographic algorithm is widely used in today's password usage technology, the encryption and decoding operations are too slow, and the application of a small amount of data is also true. A second type of algorithm called symmetric keying algorithm provides peer-to-peer data security* levels, which are much faster than the previous algorithm. These algorithms are called symmetric keying algorithms because they use a single cryptographic key for both encryption and decoding of information. In terms of public key, there are currently three common single-key cryptographic algorithms, namely Data Encryption Standard (DES), Triple DES, and Advanced Encryption Standard (AES) algorithms. Because these algorithms are quite sensitive to data protection, they are being used by US government agencies. But those skilled in the art know that one or more of these algorithms will become commercial and private exchanges in the near future. The standard used. In all of these symmetric gold recording variants, unencrypted files and ciphertext are cut into blocks of a specified size, 1351864 for encryption and decoding. For example, AES performs cryptographic operations on blocks of 128-bit size and uses 128-bit, 192-bit, and 256-bit cryptographic keys. Other symmetric key algorithms include Rijndael Cipher et al., which also protects the 192 and 256-bit data blocks. Therefore, in the data block encryption operation, a 1024-bit unencrypted file is encrypted in the form of eight 128-bit blocks. When encrypting unencrypted blocks, all symmetric key algorithms use the same type of sub-operations, and a common symmetry key algorithm often starts with a cryptographic key that is expanded into a plurality of keys ( That is, a "key schedule"), each of the plurality of keys is responsible for the encryption operation of the unencrypted block for the corresponding encryption operation of the sub-operations. For example, one of the first records of the golden record schedule is used to perform a first encryption operation round in the sub-operation on the unencrypted Tan block, and the result of the first round is input as a second round, wherein The second round uses the second key in the key schedule to obtain a second result. Next, a subsequent round of a particular number is executed, respectively, to produce a final round result, the cipher body. When using this AES algorithm, the sub-operations in each round are called SubBytes or S-box, ShiftRows, MixColumns, and AddRoundKey transformations in the literature. The decoding of the ciphertext block can be completed in a similar manner, but the ciphertext is the input of the decoding at the time of execution of each round, and the executor is the anti-sub-operation action, and the final result obtained after the execution of the rounds is the unencrypted file. Block. The DES and Triple DES algorithms use sub-operations of different specifications, but 12 1351864 2, which is similar to the AES algorithm, because it is converted into a ciphertext block in a similar way: "There will be no more follow-up texts. The block is password-transported. Both the Japanese and Japanese golden bell algorithms use the same type of material, the symmetry and output fun (_ mode. In the execution of these sub-operations ^ two = mode

The one uses an extra start vector, and some uses a pair of two: ί the secret obtained by the - block-encrypted round executed in the ^ block, the = ciphertext round as un-encrypted for a second block File execution second second = encryption round - plus input. For the various cryptographic algorithms and the current 金 演 演 使 使 使 , , , , , , , , 本 = = = = = = = = = = = = = = = = = = = = = = = = = =曰If you want to know more about the detailed implementation standards of DES and Triple DES algorithms, please refer to FedeJi Information Processing Standards Publication 46-3 (FIPS-46-3) published on October 25, 1999; details of AES algorithm For the reader's instructions, please refer to the Federal Information Processing published on November 26, 2001.

The content of the paper by Standards Publication 197 (FIPS-197). These standards are published and maintained by the National Institute of Standards and Technology (NIST) and are hereby incorporated into this case for various purposes. In addition to the above criteria, a variety of teaching, white papers, toolkits, and source articles are available from the NIST Computer Security Resource Center (CSRS) on the Internet at http://csrc.nist.gov/. In addition to the encryption and decryption of information, there is another information security measure for confirming the contents of a specific data string 'file or 13 13351864 files stored in a hard disk device, tape or other storage device. Known as a message digest, an application that performs these functions generates a message digest that is called a one-way hash function, a hash function, a compression application, a shrink function, a fingerprint, a password check, and a message integrity check. And operation detection code. Regardless of their name, these applications typically have input strings of various lengths, « These input strings are called messages or pre-images. The applications convert the message or pre-image into a fixed-length, and usually smaller, round-out string, which is called a hash or message digest. For example, if the file contains the financial, contract, legal or any other kind of information that the sender and the recipient must confirm is not damaged, the sender will perform the file on the Internet. A hash is processed and a message digest is sent to the recipient along with the file. If the file is changed for various reasons during the transfer, the recipient performs the file upon receiving the file, and the file is received when the same hash processing (ie, performing the same hash function as the sender performs) The summary of the message generated at the time will be different from the summary of the message sent, so that the content of the file has been changed when it was sent. Of course, the file may be destroyed and the message and hashes are changed. The changed hash is just like the changed message. Such damage is regarded as the destruction of success. This is the security agreement outside the message summary function. Another reason to use other information protection technologies such as encryption and security authentication. In the field of password usage, there are a variety of programs and protocols that allow users to perform hash processing without extensive knowledge or effort, and allow users to simultaneously transmit or provide their information products. Send a corresponding message digest to different users. Those skilled in the art will be able to understand that the programs and protocols are usually in the form of mathematical algorithms, and the applications formed by them can be implemented one by one to complete the hash processing of sensitive information. Several algorithms have been implemented for the implementation of digital hash functions, including ‘Hardware Matching Algorithm (SHA), N-Hash, Snerfu, Md2, MD4 'MD5, Ripe-MD, Haval, etc., and other algorithms. However, the inventors of the present invention have observed a tendency to provide a one-way hash function using a symmetric key algorithm in the same field, wherein the symmetric key algorithm includes the AES algorithm described above. For example, encrypting a 128-bit block of 1024-bit unencrypted files using the AES ciphertext blockchain (CBC) mode yields a 1024-bit ciphertext output. When the blocks are used as a hash algorithm, all blocks except the last processed data block are discarded, so the above 1024-bit element is encrypted by 128-bit block AES according to CBC mode. A hash operation produces a 128-bit message digest. It is well known to those skilled in the art that a cryptographic algorithm must also be used by the receiving client when a message digest is generated at one end by a symmetric cipher encryption algorithm to make the transmitted message valid. Those skilled in the art also understand that the decoding algorithm can also be used on both the transmitting and receiving sides to generate a message digest and to make the message digest a founder for a given message. And because the message digest is generated by a symmetric key algorithm by encrypting a message and discarding the last encrypted (or decoded) block to form a meaningful hash process, the block ciphertext for performing the hash function. The pattern must be one of the modes forwarded to the data block for a previously calculated intermediate hash result, wherein the result is sent to the hash function added to the next data block. Therefore, a message (i.e., "input text") 15 1351864 is divided into a plurality of blocks of a specific size depending on the symmetric key algorithm selected to perform the hash function. For example, AES hash processing can be performed on a 128-bit '192-bit or 256-bit size message block, respectively. After the hash function is applied to each of the message blocks, an intermediate hash value is generated, and the intermediate hash value is forwarded in the block ciphertext mode for performing the hash function execution on the next message block. Those skilled in the art will be able to understand that a variety of applications can be executed on computer systems that perform dense φ code operations (encryption and decoding). In fact, some operating systems (such as Microsoft Windows XP and Linux) are password-related. Direct encryption and decoding services are provided in the original form and password-related application interface. However, the inventor of the present invention has observed that the current computer password related technology is still insufficient at some levels, and the shortcomings will be described below in conjunction with FIG. Figure 1 is a block diagram 100 illustrating the current application of computer passwords. The block diagram shows a first computer workstation 101 and a regional network 105®, a second computer workstation 102, a network file storage device 106, a first router 107 or a wide area network such as the Internet. The other forms of the interface (WAN) connected to each other and a wireless network router 108 complying with the IEEE standard 802.11 are also connected to the area network 105. A laptop 104 interfaces with the wireless network router 108 via a wireless network 109, and a second router 111 interfaces with the third computer workstation at the wide area network 110. As mentioned in the previous section, the problem of computer information security faced by users today is much more serious than in the past. For example, under the control of the current multitasking operating system of 16 1351864, the user of the first computer workstation ιοί can perform multiple tasks at the same time, and each job needs to be encrypted. The user of the first computer workstation ιοί needs to perform an encryption 'decoding or hashing application 112 (whether the application is integrated into the operating system or evoked by the operating system) to bring its first computer workstation The files on 101 are stored in network file storage 106. While performing the file storage, the user can transmit a φ encrypted message with or without a message digest to a second user at the second computer workstation 102, which also needs to perform the encryption on the second computer workstation 102. , decoding or hashing application 112, wherein the provision of the encrypted message can be in the form of an instant (such as a synchronous message) or a non-instant (ie, email). In addition, the user can use or provide financial information (such as credit card numbers and financial transactions) or other forms of sensitive information through the wide area network 110 at the remote computer 103. The remote computer 103 can also represent a central office or other remote computer 101. The first computer workstation 101 user can use the first computer workstation 101 in the office to use the shared source on the regional network 105. 101, 102, 106, 107, 108, 109. Execution of either of the above actions must invoke the corresponding encryption, decoding or hash application Π2. Furthermore, the wireless network 109 is now routinely located in coffee shops, airports, schools and other public places, so users not only need to encrypt and decode the incoming and outgoing messages with other users, in fact all through the wireless network. The communication data transmitted to the wireless network router 108 by the path 109 needs to be encrypted/decoded/hybridized. Therefore, those skilled in the art can understand that any password-related actions on a workstation 101-104 need to evoke encryption, decoding or 17 1351864 hash application 112, so the computer 101-104 will be in the near future. It is possible to perform hundreds of cryptographic operations simultaneously. The inventors of the present invention have referred to the above-mentioned number of restrictions on the cryptographic operations performed by one or more instances of the encryption, decoding or hashing application 112. For example, performing a specified function via a stylized software is excessively slow compared to performing the same function via a dedicated hardware; whenever the encryption, decoding, or hash application 112 needs to be executed, it is executed on the computer 101-104. The work of φ line must be suspended, and the parameters of the cryptographic operation (ie unencrypted file, ciphertext, message block, intermediate hash value, block ciphertext mode and cryptographic key) must be transmitted to the encryption system through the operating system. The individual performing the decoding or hashing application 112, the action of the individual sent to the encryption, decoding or hash application 112 must be invoked to complete the cryptographic operation. Since the cryptographic algorithm necessarily includes a plurality of sub-operational rounds for a particular data block, the execution of the encryption, decoding, or hashing application 112 includes the execution of a number of computer instructions that adversely affect the overall system processing speed. Those skilled in the art can understand that Microsoft Outlook software spends five times as long as sending an encrypted small email message to send an unencrypted email message. In addition, current MM-related technologies are delayed due to the involvement of operating systems. Most applications do not provide integrated key generation or encryption/decoding/heap control components, which are controlled by operating systems or plug-ins. To complete the password-related work. Furthermore, the operating system needs to be distracted to cope with the various interrupts and other currently executing applications. Furthermore, the inventor of the present invention has mentioned that the completion of the 18 1351864 code operation on the current computer system 101-104 is very similar to the floating point math operation before using the dedicated floating point unit in the microprocessor; the early floating point operation is software. Completion, so its execution speed is quite slow, and the cryptographic operation via software is equally impressive. Unacceptably slow. With the further development of floating-point technology, floating-point instructions are executed in floating-point coprocessors, which perform floating-point operations much faster than software-executables, but this also increases the system. the cost of. Similarly, today's cryptographic coprocessors come in the form of a card or external device φ; when presented as an external device, the cryptographic coprocessor is interfaced with a master via parallel 淳 or other interface bus (eg USB) The processors are connected. Of course, these coprocessors can make cryptographic operations much faster than pure software executors, but cryptographic coprocessors increase the cost of system setup and require additional power and reduce overall system reliability. In addition, the implementation of the coprocessor with the password does not prevent snooping because the data channel is not in the same crystal as the main microprocessor. Therefore, the inventor of the present invention has learned that today's microprocessors need to have a dedicated password* associated hardware so that an application requiring cryptographic operations can cause the microprocessor to perform cryptographic operations via a single and very small password related instruction. The inventor of the case also learned that the provision of such capabilities must be based on the principle that the requirements for the intervention and management of the operating system are reduced to a certain extent. In addition, password-related instructions are preferred for priority use in applications, and proprietary password-related hardware is preferred to be compatible with the common architecture of today's microprocessors. In addition, the presence of password-related hardware and related password-related instructions needs to be compatible with previous generation operating systems and applications. Furthermore, an apparatus and method capable of performing cryptographic operations for preventing unauthorized snooping are also necessary to provide 19 J) 1864, which must support and be programmed to support a plurality of cryptographic related algorithms. Confirmation and testing of the executed password-related algorithms. The use of the gold-painted and self-generated gold records provided by the party users, the support of multiple data block sizes and password keys of various bit sizes, and the provision of ecb, Programmable block encryption and decoding modes such as cbc'cfb and 0FB, and block ciphertext encryption using the above-described programmable block ciphertext mode can be effectively executed on multiple data blocks. SUMMARY OF THE INVENTION The present invention has been made to solve the above problems and disadvantages in the prior art, and proposes an excellent technique for performing cryptographic operations in a microprocessor.

In the case of a fine example, the present invention is a device for performing a cryptographic operation in a microprocessor, the device comprising a logic circuit and an execution logic circuit, the conversion logic circuit receiving a password-related instruction from the source, wherein The MU-related instructions specify the generation of a message digest based on the cryptographic operations. The conversion logic also causes the cryptographic phase (4) to cause a sequence of microinstructions ‘for cryptographic operations to specify the completion of the message digest to produce the required sub-operations. A hash logic circuit is operatively coupled to the conversion logic circuit. The execution logic circuit receives the sequence of microinstructions and performs the equalization operations to generate the message digest. Performing a cryptographic operation in a device to receive a password-related instruction and a message-summary, wherein the received message specifies a message summary. A further embodiment of the present invention is a method, the method comprising the steps of: The password-related instructions generated by one of the cryptographic operations are generated according to the pebbles. 20 1351864 [Embodiment] The following description is directed to one of the specific applications of the present invention and its needs, so that those skilled in the art can make and use the present invention, but those skilled in the art can easily Various changes are made to the embodiments, and the basic principles can be applied to other embodiments. Therefore, the scope of the invention is not to be construed as being limited In the foregoing discussion of cryptographic operations, techniques for encrypting and decoding data in today's computer systems, and summaries of messages generated by corresponding poor blocks, the following will be incorporated in Figure 2 with Its restrictions continue to be discussed. Next, the description of the present invention will be made in conjunction with the description of Figs. 3 to 14 . The present invention provides an apparatus and method for performing cryptographic operations in a computer system today, which has superior performance over conventional mechanisms and can meet the above-mentioned limitations of operational enthusiasm, minimality, and front-end architecture compatibility. The exemplification of calculus and patterns, the prevention of hacking and the measurability of hackers. Referring now to Figure 2, there is shown a block diagram 200 illustrating the implementation of cryptographic techniques in a computer system as described above. The block diagram includes a microprocessor 201 for capturing instructions and processing An application-related data, wherein the instructions and data elements are in a system memory area called application memory 203, and the program control and actions of the data in the application memory 203 are generally performed by the system. The operating system software 202 in one of the protected areas of the memory is managed. As described above, if an execution application (such as an e-mail program or a file storage program) requires the operation of the password 21 1351864, the execution application must execute a considerable number of instructions by the microprocessor 201 to complete the password. An operation, wherein the instructions may be a subprogram in the execution of the application itself, such as an application that can be connected to the execution application, or an application that can be provided to the operating system software 202; regardless of the instructions What is the form, those who are familiar with the technology can understand that the instructions are stored in the specified or allocated memory area. For the purpose of illustration, the memory areas are displayed in the application memory 203, and the package φ includes a cryptographic key generation application 204, wherein the cryptographic key generation application 204 generates or receives a cryptographic key. The key is extended to a key schedule 205 for use in the password round operation. When a multi-block encryption operation is performed, a block encryption application 206 needs to be invoked first to execute the unencrypted file 210 block, the key schedule 205, the specified mode, and the like, and the encryption parameter details 209 and the golden record. The instruction to use the right to schedule the location. A start vector 208 is also used if the 'encrypted application 206' is required for the mode in the specification. After executing the instructions therein, the encryption® application 206 generates a corresponding ciphertext block (referred to as "message digest" 211 in the hash), and a block decoding application 207 is also invoked to perform the message digest operation ( As previously mentioned, the instructions required to obtain the message, the gold order 205, the password parameter 209 that further specifies the particular block decoding operation, etc., are used to generate the corresponding message digest 211. The block decoding application 207 also uses a starting vector 208 if required for the mode in the specification. It should be emphasized that the number of instructions that need to be executed is quite large when generating a cryptographic key and encrypting and decoding a text block; the above FIPS specification 22 1351864 contains a number of virtual numbers that can form an equivalent number of estimated instructions. Code examples, so those skilled in the art understand that a simple block cryptographic operation requires hundreds of instructions to complete, and each of these instructions must be executed by the microprocessor 201. The required cryptographic operations. Furthermore, for the main purpose of existing application execution (such as file management, instant messaging function, email function, remote file acquisition and credit card transaction, etc.), it is generally considered unnecessary to execute instructions to complete the password operation. The function, so the user of the existing execution application feels that the execution of the existing execution application is not efficient. If the application used is an independent or external encryption/decryption application 206, 207, the arousal and management of the applications 206, 207 also takes into account other requirements of the operating system software 202, such as support for interrupts, exceptions, and the like that cause problems to worsen. Wait. Moreover, for each cryptographic operation performed simultaneously in a computer system, the independent executing entities of the applications 204, 206, 207 must have their space in the application memory 203, and it is foreseen that it is simultaneously a microprocessor 201. The cryptographic operands that are executed will continue to increase over time B as previously described. The inventor of the present invention has mentioned the problems and limitations of the current cryptographic technology of the computer system, and also understands the necessity of implementing a cryptographic operation device and method including the generation of a message digest in a microprocessor, wherein the message digest The use of symmetric key algorithm in the microprocessor, but there is no program delay. Referring to FIG. 3, there is shown a block diagram 300 of the present invention for performing cryptographic operations associated with a microprocessor device. The block diagram shows a microprocessor 301 coupled to a memory bus 319 via a memory bus 319. System memory 23 1351864 body 321 comprising conversion logic 303 for receiving instructions from an instruction register, the conversion logic 303 comprising logic, circuitry, device microcode (ie, microinstructions or original instructions), or logic, circuitry, A combination of devices or microcodes, or it is used to convert instructions into equivalent controls of a sequence of related microinstructions. The control items used to perform the conversion operation in the conversion logic 303 may be shared by other circuits, microcodes, etc. for performing other functions in the microprocessor 301. For the purposes of the present invention, the term microcode refers to a plurality of microinstructions 'φ and the hierarchy of microinstructions (also referred to as original instructions) belongs to a unit.

V level. For example, microinstructions are executed directly by a reduced instruction set (RISC) microprocessor. In the case of a Complex Instruction Set Computer (CISC) microprocessor such as an X86 compatible microprocessor, the x86 instructions are converted into associated microinstructions, and the associated microinstructions are directly a unit of a CISI microprocessor or Multi-unit execution. In addition, conversion logic 303 is coupled to a microinstruction column 304 having a plurality of microinstruction entries 305, 306 and provided from microinstruction column 304 to a register level logic containing a scratchpad file 307. * Path, wherein the scratchpad file 307 has a plurality of registers 308-313, and the contents of the registers 308-313 are established prior to execution of a specified cryptographic operation. The registers 308-312 point to corresponding locations 323-327 in the system memory 321, which contain the data needed to perform the specified cryptographic operations. The register stage is coupled to the load logic circuit 314, and the load logic circuit 314 is interfaced with a data cache 315 to obtain the data needed to perform the specified cryptographic operation. The data cache memory 315 is coupled to the system memory 321 via the memory bus 319, the execution logic 328 is coupled to the load logic circuit 314, and the micro-finger 24 1351864 sent by the previous stage is executed to specify the operation, which includes logic. , circuit, device or microcode (ie, microinstruction or original instruction), or a combination of logic, circuitry, device or microcode, or other equivalent control used to perform the operations specified by the instruction, where such use. The control items in the execution logic 328 can be used for other circuits, microcodes, etc. to execute other passwords in the microprocessor 301. The cryptographic use unit 316 receives the data required to perform the specified cryptographic operations from the load logic circuit 314. The password using unit 316 performs a specified cryptographic operation on a plurality of input text blocks ("message_word" 326) to generate a corresponding message digest 327. The password usage unit 316 includes logic, circuitry, devices, or microcode (ie, microinstructions or original instructions), or a combination of logic, circuitry, devices, or microcode, or other equivalent control for performing cryptographic operations, where Controls used to perform cryptographic operations in the cryptographic usage unit 316 may be shared by other circuitry, microcode, etc. for performing other functions in the microprocessor 301. In one embodiment, the cryptographic usage unit 316 operates in parallel with other execution units (not shown) in the execution logic 328, such as integer units and floating point units. The "unit" embodiment corresponding to the scope of the present invention encompasses a combination of logic, circuitry, devices or microcode (i.e., microinstructions or original instructions), or other equivalent control means for performing a specified function or action. Controls for performing other functions or actions in a particular unit may be shared by other circuits and microcodes for performing other functions in microprocessor 301. For example, an integer unit in an embodiment comprises a combination of logic, circuitry, means or microcode (i.e., microinstructions or original instructions), or other equivalent control means for performing integer instructions. A floating point unit comprises a combination of logic, circuitry, means or microcode (ie, microinstructions or original instructions), or other equivalent 25 1351864 control for performing a floating point instruction, wherein the elements are used in the integer unit The control item that executes the integer instruction can be shared by other circuits, microcodes, and the like for executing floating point instructions in the floating point unit. In an embodiment compatible with the χ86 architecture, the cryptographic usage unit 316 operates in parallel with a χ86 integer unit, a χ86 floating point unit, a χ86 ΜΜΧ® unit, and a Χ86 stream extended set SSE® unit. In the scope of the present invention, if most of the application φ patterns designed for execution in the χ86 microprocessor can be performed by the embodiment, the embodiment is compatible with the x86 architecture, and an application is correctly Execution means that it can achieve the desired result. In other x86 compatible embodiments, the cryptographic usage unit operates in parallel with a subset of the aforementioned x86 execution units, wherein cryptographic usage unit 316 is coupled to storage logic 317 and provides a corresponding message digest 327. In addition, the storage logic circuit 317 is also coupled to the data cache 315, which forwards the message summary 327 to the system memory 321 for storage. The storage logic circuit 317 is coupled to the write back logic circuit 318. When the specified password hash operation is complete, the write back logic 318 updates the registers 308-313 in the scratchpad file 307 when the specified cryptographic operation is complete. In one embodiment, the microinstruction flows through each of the logic levels 302, 303, 304, 307, 314, 316-318 in synchronization with a clock signal, such that the operations can be performed simultaneously in a manner substantially similar to the actions performed on a combination line. In system memory 321, an application that performs a specified cryptographic operation can cause microprocessor 301 to perform the operation via a single cryptographic instruction 322, which in the present case is referred to as an XCRYPT finger 26 1351864. In a CISC embodiment, the cryptographic instructions 322 include a microinstruction that specifies a cryptographic operation, and in the RSIC embodiment, a microinstruction that specifies a cryptographic operation. In one embodiment, the cryptographic instructions 322 use an instruction opcode that is idle or unused in an existing instruction set architecture. In an x86-compatible embodiment, the cryptographic instruction 322 is a 4-bit tuple instruction that includes a t-x86 REP preamble (ie, 0xF3) followed by an unused 2-bit x86 opcode (eg, 〇 x〇FA7), followed by a byte to illustrate the block cipher mode used during the specified password operation. In one embodiment, the execution level of the ML instruction 322 of the present invention can be a system priority level used by the application, and thus can be programmed into a program stream of instructions, wherein the program stream is sent directly to an application. The microprocessor 301 is sent to the microprocessor 301 via control of the operating system 320. Since the cryptographic instructions 322 that cause the microprocessor 301 to perform the specified cryptographic operations need only be one, the completion of the operations can be fully known to the operating system 320. In actual operation, the operating system 320 evokes an application to execute in the Micro® processor 301, and a password command 322 in the instruction stream is sent from the system memory 321 to the capture logic circuit 302 when the application is executed. This action is also considered part of the instruction flow during application execution. However, prior to execution of the cryptographic instructions 322, the instructions in the program stream cause the microprocessor 301 to initialize the contents of the registers 308-312 such that the contents of the registers 308-312 point to the system memory 321 containing a cryptographic control block. 323. A start password key schedule 324, a start vector 325 (if desired), a message text 326 for operation, and a location 323-327 of message digest 327. Before the execution of the password command 322, the scratchpads 308-312 need to be initialized, because the password command 322 27 1351864 ίΓί is a reference, the register 3G8'312 and the data containing the block count 313 are temporarily stored (10) as ' The additional block count 313 registers the number of data blocks in the area of the message text 326 to be hashed. Person, change logic 303 from the operation logic circuit 3〇2 to obtain the XCR, the finger m2 is replaced by the corresponding micro-instruction sequence 'to make the microprocessor 301 ^ Ding Yuan "cryptographic operation. In the corresponding difficult order _ first (four) =: command 3 〇 5-3 ° 6 to make the password use unit training load loading logic; : 2 4 sent data 'and start to execute a specified number of passwords back to the block, and provide the corresponding output data area Block to the statistical 321, so that the 侠 侠 取 315 315 stored in the Department •, Yuan 3 has concealed 321 message summary 32? F seven columns in the corresponding micro-instruction group Wei micro-instruction (not shown ), in the microprocessor, the silk lamp is difficult to display.) Perform other completions of the specified secret action, such as the update of the input and output indicators of the 312 register containing the _ fruit and the pure object _ save ==) In a message, =) Wenzi 326 block encryption / solution to the start vector refers to the = = and the processing of the unprocessed interrupt #. In the _ real _ = force 曰 mouth 5 G8.3U material An architectural register in the instruction architecture (ISA) used for the specific execution of the microprocessor. 7 In an embodiment, the password usage unit 316 The block diagram jOO which can be used for the control of the present invention is used for the pipeline processing/number of blocks, and the block diagram related to the microprocessor device with 300 m of n-butyl cryptography. In the block diagram, it is clear to the province 28 1351864. However, those skilled in the art can understand that today's microprocessor 301 contains many levels of logic circuit control, depending on its specific application, and some of the stages and logic control items are This case has been integrated to make the description more concise. For example, the loading logic circuit 314 can be integrated with an address generation level, and then there can be a cache memory interface level, and then a fast

V takes the memory line alignment level. It should be particularly noted that the complete operation of the cryptographic operations for the plurality of message texts 326 blocks is via a single cipher φ command 322, and the action of the single cryptographic command 322 is known to the operating system 320. This is done via a dedicated password usage unit 316, wherein the operation of the dedicated password usage unit 316 is performed in parallel and consistent with other execution units in the microprocessor 301. In addition, the inventor of the present invention proposes a different embodiment of the cryptographic use unit 316, which is similar to the dedicated floating point unit of the microprocessor proposed in the past, and the operation of the associated cryptographic command 322 is completely related to the operation of the operating system 320 and the application. Rong, the following will be more detailed introduction. ® Referring now to Figure 4, there is shown a block diagram illustrating an embodiment of an extremely pico-coded instruction 400 of the present invention. The Mini-Cryptographic Instruction 400 includes a Selective Preamble Field 401 followed by a Repetitive Preamble Block 402 followed by an Opcode Block 403 followed by a Block Ciphertext Mode Field 404. In one embodiment, the contents of the blocks 401-404 are compatible with the x86 instruction set architecture. In other various embodiments, the contents of fields 401-404 are compatible with other instruction set architectures. In operation, the selective pre-code field 401 is used in many instruction set architectures to enable or disable certain processing capabilities of a main microprocessor, such as 29 1351864 for 16-bit or 32-bit operations or processing. , or process or use a specific memory block, etc. The repeat pre-code block 402 indicates that the cryptographic operation specified by the cryptographic command 400 requires a plurality of input data (i.e., unencrypted ciphertext or ciphertext) blocks. Repeating the pre-code block 402 to enable a compatible microprocessor to use the contents of the plurality of architectural registers as locations in the system memory

The indicator of W, where the system memory location contains the password data and parameters required to complete the predetermined cryptographic operation. As described above, the φ value of the repeated preamble block 402 is 0xF3 in an x86 compatible embodiment; and according to the x86 architecture protocol, the form of the cryptographic instruction is very similar to the x86 repetitive string instruction such as REP.MOVS. . For example, when the same microprocessor embodiment of x68 of the present invention is used, the repeated preamble actually refers to a block count variable stored in the architectural register ECX, and is stored in the temporary register. The source address indicator in ESI (pointing to the input data corresponding to the cryptographic operation) and a destination bit address indicator (pointing to the output data area in the memory) stored in the temporary register EDI. In an x86-compatible embodiment, the present invention further extends the conventional re-sequence instruction concept to refer to a control block indicator stored in the temporary register EDX, and a password stored in the temporary register EBX. The key indicator and an indicator in the scratchpad EAX that points to a starting vector (if required for the specified ciphertext kernel). The opcode intercept 403 specifies that the micro-processing completes the cryptographic operation specified for a control block in a memory, wherein the reference to the control block is via the control block metric. In the present invention, the preferred opcode value is one of the unused or unused opcode values in an existing instruction set architecture to maintain compatibility with a microprocessor compatible with the operating system and application software. For example, one of the aforementioned opcodes compatible with X 8 6 is used. Embodiment 30 1351864 uses the value OxOFA7 to perform the execution of the predetermined cryptographic operation, and the block ciphertext mode block 404 is specified in the predetermined cryptographic operation. The specific block ciphertext mode is used during the period, which will be explained below in conjunction with Figure 5. • Figure 5 is a block ciphertext mode field value example table 500 used in the Mini-Password instruction of Figure 4, where the value 0xC8 specifies the cryptographic operation in the electronic codebook (ECB) 0 mode, and the value 0XD0 specifies the ciphertext. The blockchain (CBC) mode performs the cryptographic operation, the value OxEO specifies the ciphertext feedback (CFB) mode to complete the cryptographic operation, and the value 0 χΕ8 specifies the octave operation in the output feedback (OFB) mode. In addition, all other values of the block ciphertext mode block 404 are retained, and the description of these modes can be found in the contents of the aforementioned FIPS file. Referring now to Figure 6, a block diagram of a cryptographic usage unit 617 in an x86 compatible microprocessor 600 in accordance with the present invention is illustrated. The microprocessor 600 includes a capture logic circuit 601 that retrieves instructions from a memory (not shown) for execution and is coupled to the conversion logic 602. Conversion logic 602 includes logic, circuitry, devices, or microcode (ie, micro-finger* or natural instructions), or a combination of logic, circuitry, devices, or microcode, or other means for converting instructions into related microinstructions. Equivalent control. The control items used to perform the conversion in the conversion logic 602 can be shared by other circuits and microcodes to perform other functions in the microprocessor 600. The conversion logic 602 includes message digest logic 640 coupled to a translator 603 and a microcode read only memory (ROM) 604. Interrupt logic circuit 626 is coupled to the conversion logic 602 circuit via bus 628. A plurality of software and hardware interrupt signals 627 are processed by interrupt logic circuit 626, which may indicate an interrupt that has not been processed by the conversion logic 602 31 1351864 circuit. The conversion logic 602 circuit is coupled to the subsequent stages of the microprocessor 600 and includes a register stage 605, an address stage 606, a load stage 607, an execution stage 608, a storage stage 618, and a write back stage 619. Each of the subsequent stages includes logic circuitry for performing the specific functions associated with the execution of the instructions, wherein the instructions are referenced to the logic of the similar component numbers in the microprocessor of FIG. 601 providers. The x86 compatible implementation shown in Figure 6 shows execution logic φ 632 in execution stage 608, which includes parallel execution units 610, 612, 614, 616, 617; - integer unit 610 receives integer micro instructions from microinstruction column 609; a floating point unit 612 receives execution floating point microinstructions from microinstruction column 611; a multimedia extended instruction set unit 614 receives execution MMX microinstructions from microinstruction column 613; a stream extended set (SSE) unit 616 receives execution from microinstruction column 615 Use the SSE microinstruction. In the illustrated x86 implementation, the cryptographic usage unit 617 is coupled to the SSE unit 616 via a load bus 620, a stall signal 621, and a storage bus 622, and shares the microinstruction column B 615 of the SSE unit. In another different embodiment, the cryptographic usage unit 617 operates in a separate parallel manner similar to the units 610, 612 and 614, the integer unit 610 being coupled to an x86 flag (EFLAGS) register 624, wherein the flag register 624 includes An X bit 625 is used to indicate whether the cryptographic operation is in progress. In one embodiment, the X bit 625 is a bit 30 of an x86 flag register 624. In addition, integer unit 610 estimates the state of an E bit 629 by using a machine designation register 633, wherein the status of the E bit 629 indicates whether the password usage unit 617 is present in the microprocessor 600. In addition, integer unit 610 also uses a D bit 631 in a feature control register 630 32 1351864 to enable or disable password usage unit 617. As for the microprocessor embodiment 301 in FIG. 3, the microprocessor 600 in FIG. 6 has been shown to teach the main control items required by the present invention, and the control items are also described in an x86 compatible embodiment. In the content, the other control items in the microprocessor are integrated or omitted, so that the description of the drawing is relatively simple. Those skilled in the art are aware that there are other control items required to complete the interface, such as a data cache memory, a bus interface unit, and a φ and distribution logic. After the XCRYPT instruction is retrieved as described above, the conversion logic 602 generates associated microinstructions for the subsequent stages 605-608, 618, 619 of the microprocessor 600 to perform the specified cryptographic operations, wherein a first plurality of related microinstructions are sent directly to the password. Unit 617, and causes the password usage unit 617 to load the poor stuff on the load bus 62 0 or load an input lean block and start executing a specified number of password rounds to generate an output data block, or A generated output data block is provided to the storage bus 622 so that the * storage logic is stored in the memory. A second plurality of related microinstructions in the microinstructions are sent to the other execution units 610, 612, 614, 616 to perform a sub-operation required to complete the specified cryptographic operation such as the test of the E-bit 629, so that the D-bit 631 is enabled. Setting the X bit 625 to indicate that a cryptographic operation is being executed, updating the register level 605 to the temporary register (such as the count register, the input text indicator register, the output text indicator register), and processing The interrupt circuit 626 refers to an interrupt or the like. The associated microinstructions are ordered to utilize the interleaved integer unit microinstructions in the cryptographically used unit microinstruction sequence to optimize the performance of the given ciphers by interleaving 33 1351864 integer unit microinstructions to enable Integer operations can be operated with cryptographic units and behave as a principle. The associated microinstructions contain microinstructions for the presence of the software and hardware interrupt signal 627 and can be recovered from the software and hardware interrupt _ signal 627. Since all indicators pointing to password parameters and data are located in the x86 architecture register, the status of these indicators is stored when the interrupt is processed, and the status is replied after the interrupt is completed. Therefore, when an interrupt occurs, program control is transferred to a corresponding interrupt service sub-program. At the time of program control transfer, the X bit 625 is cleared to indicate that the key data and the control block data are no longer valid; when the interrupt ends, the program control is transferred back to the XCRYPT command to determine the key data. And if the control block data is valid; if so, the operation is repeated for the specific input data block when the interrupt occurs. If the state of the X bit 625 indicates that the key data and the control block data are no longer valid, the key data and the control block are loaded again from the memory and the specific input data block being processed at the time of the interruption. . In summary, the execution of the XCRYPT instruction of the present invention must include an initial test of the bit bit to determine the validity of the key information and control block data in the password usage unit 617. If the key data and the control self-organization data are invalid, the gold record data and the control block data are loaded from the memory, and the input data block indicated by the input index register content is loaded, and the input data area is loaded. The block is executed with the specified cryptographic operation. On the other hand, the input data block is loaded, and the execution of the specified cryptographic operation is performed without first downloading the key data and controlling the block data. If the new key data or the new control block exists, the X bit 625 needs to be cleared before the execution of a new CRYPT instruction, and the subsequent XCRYPT refers to the condition that the 341351864 can use the same key data and control the group data. Execute. In this example, the X bit 625 need not be cleared after the start key data and control block data are loaded. For example, in order to optimize the memory bus speed, the user can interrupt the encryption/decoding of 5 input data blocks into 5 XCRYPT instructions, wherein each XCRYp instruction has 100 input data. Block. The summary summary browsing circuit 640 is used to enhance the performance of the message digest generating operation. 'It can ensure that the relevant micro-instructions are sorted so that the index register and the intermediate hash result of the block cipher operation sequence of the message block sequence are in the software. And the hardware interrupt signal 627 is updated before being processed. The message summary logic circuit _ and insert the micro-instruction into the relevant micro-instruction stream, so that the index of the round-in f-block can be in the memory - the password operation of the - message data block: ie: code or :) _ • 'Temple is depreciated' to reproduce the parent-subsequent intermediate hash result on the hash result of the previous production 2. In addition, the message summary logic circuit 640 causes the micro# person == to correct the block counter to indicate that the secret two # has been completed for the target I, - bedding block. For example, you can understand that in the output grant_) mode, use encryption = :: digest to use one and one - message text blocks and: generate a first intermediate hash block of the same size, and start The production of a forward ciphertext operation produces a -first ciphertext round-out area in which the ciphertext output block system is reused for the first ciphertext round: the brother-in-law block is mutually exclusive. Then, the second ‘, 罘一中杂 is sent forward as a starting vector, and waits for a ciphertext output block, "·sub-苐2 message block plus 35 1351864 密. The message digest operation decoded by the OFB mode is very similar to the message digest operation by using the OFB encryption method, but the middle hash block is generated by mutually exclusive or overlapping the message block and the ciphertext output block. The start vector and its subsequent start vector and its equivalent vector need to be forward ciphertext operation to generate a ciphertext output block. * In one embodiment, the message digest logic circuit 640 performs a specified message digest generation operation according to the predetermined block ciphertext mode, and provides a sequence of microinstructions φ to update the index of the architecture register to ensure a first message area. The block after the block has the correct block data to be forwarded to produce the next intermediate hash value. Referring now to Figure 7, a block diagram of an example of a microinstruction 700 for codoning a microprocessor in Figure 6 is illustrated. In the figure, the microinstruction 700 includes a micro-opcode 701 field, a data register 702, and a register 703. The microcode 701 field specifies a sub-operation to be executed, and specifies one or more stages of the microprocessor 600 to perform the sub-operation, wherein the value in the micro-code 701 intercept specifies the micro-instruction as The password is used by the unit of the present invention. In an embodiment, the micro-opcode 701 is blocked by a binary value, wherein the first value (XL0AD) specifies that the data is obtained from a memory address specified by an architectural register content, wherein the architectural temporary storage The device is the one referred to by the content of the data register 702, and the data is then loaded into a register in the password using unit, and the register is specified by the contents of the register 703, and the above The information obtained (such as the Mimma clock, control blocks, message data, and start vector) is sent to the password usage unit. The second value of the micro-code 701 field (XSTOR) 36 ^51864 The data generated by the specified password-using unit is stored in a memory address indicated by an architectural temporary storage content, wherein the architectural temporary The memory is calibrated by the content of the data temporary storage benefit 702. In the case of a multi-level password using unit η%, the contents of the register 7〇3 field specify one of the plurality of output data blocks to be stored in the memory, and the output data block is used for the password in the data field. Provided by the unit for action on the storage logic. The XL〇A]D and xst〇r 嘁 instructions executed by the cryptographic unit of the present invention will be described in more detail below, and the description will be made in conjunction with Figs. 8 and 9. The May tea is read in Fig. 8, wherein a table 800 of _ - · -^ m 1iL thresholds is used to describe the register 703 field of the XL0AD microinstruction in Fig. 7. As described above, a microinstruction sequence is generated after a xcRYpT index conversion, the microinstruction sequence including a first plurality of microinstructions and a first group of microinstructions, wherein the first plurality of microinstructions are The secret of the second use of the early implementation of the 'the second group of healthy age is the micro-processing cry = code to make the material element (four) parallel Wei one-touch execution, and ^ pirate update, temporary register, architectural register, The machine specifies the temporary crying = status bit ❹ m and setting the sub-actions to perform 1 - group plurals: 2 to provide money (4), password parameters and message data to the password use unit: the production of gold _ Cheng (or the person has been The memory obtained by the memory), = loading and encrypting (or decoding) the message data, and storing the message digest 2, in addition, an XL0AD micro-instruction is sent to the password usage unit to load the 2-word group (4) Person—(4) Gold or Gold (4), load the starting ribs, load the message data, and load the wheeled text, and have the password cause the 1351864 to start a specified cryptographic operation with the unit. At this time, an XLO AD micro-instruction register 703 intercepts the value ObOlO to cause the cryptographic unit to load a control block into its internal control block register. When the microinstruction is made in the pipeline, the memory address of the control word store is available via the use of the architectural control block indicator register contents in a register stage. The memory logic circuit* converts the bit address into a physical address of the memory access; the loading logic circuit obtains the control block from the cache memory, and places the control block into the data block φ bit, and the control word The group is then sent to the password usage unit. Similarly, the register field value OblOO causes the password usage unit to load the data block into the text data, and then begins the specified cryptographic operation. The entry of the input data is via an indicator stored in an architectural register, which is equivalent to the control block. The value 〇bl〇l causes the input data in the data field to be loaded into the internal register IN-1, which can be the input text data (during pipeline operation) or the starting vector; the values 〇bl 10 and Obllll The password usage unit loads a cryptographic key or an inefficient* and efficient bit of a key in the user-generated key schedule. In the present invention, a user is defined as performing a specific function or actor, which can embody an application 'operating system, machine or person, and the like. Thus, a user-generated key scheduling embodiment is generated by an application, which is produced by one person in a different embodiment. If the cryptographic operation is performed by a user-generated key schedule, a plurality of XLOAD micro-instructions corresponding to the number of keys in the key schedule generated by the user are sent to the password-using unit, so that the unit carries Every alloy clock in the Golden Bell schedule. All other values latched by the scratchpad 703 in the XLOAD microinstruction are reserved by 38 1351864. Please refer to FIG. 9 , which is a table 900 of the register header value of the XST 〇 R micro-instruction. The temporary S7 of the XSTOR micro-instruction in the format shown in FIG. 7 (^ field - XST 〇 R micro-instruction) It is sent to the password use unit to cause the output text block (added or decoded) to be stored in the storage logic circuit for storage in the location specified by the data register 7〇2 in the memory. Therefore, The conversion logic circuit of the present invention first issues a one-to-one XSTOR micro-instruction for a specific input text block operation, and then issues an XLOAD micro-instruction for which the corresponding text block action should be output. The scratchpad 7〇3襕The value OblOO causes the password usage unit to provide an output text block associated with its internal output_〇 register to the storage logic for storage, and the valley of the 〇υτ is associated with the input text block sent to ΓΝ-0. Similarly, the contents of the internal output ·i register referenced by the scratchpad block value 0Μ01 are related to the input text data sent to IN-1. Therefore, multiple input text blocks are in the key and control block data. After loading, you can add a line pipe to the password unit. By XLOAD.IN-b XLOAD.IN-0 (XLOAD.IN-0 makes the use of the unit also start the execution of the escrow operation), XST0R.0UT-1, XSTOROUT-O, XLOAD.IN- ;!, XL〇AD.IN-0 (starting the operation or action of the subsequent two input text blocks), etc., can be achieved by issuing a password micro-instruction. Now 5 Qing Cang Xia 1 〇 图' An example of a control block format for specifying a mom's parameter of a password carrier is described in the present invention. Control character 1 is programmed into a memory by a user, and its index is sent before the cryptographic operation is performed. An architectural register in a compatible microprocessor. Therefore, an x1 〇 AD micro 39 in the microinstruction sequence corresponding to the supplied XCRYPT instruction. 曰 7 is 11 out 'to read the micro processing 3 An architectural scratchpad containing the indicator to convert the indicator into an actual memory address to obtain a control character from the memory (cache memory) and to load the control character into the code The internal control block of the unit is in the scratchpad. Control character 1000 • Included—represents the reservation reserved (RSVD) Blocking surface, KSIZE, such as standing 1002, an encryption / solution stone (£ / chat 1 〇〇 3, an intermediate result (IRSLT) field 1004, a gold record generation field Φ 1005 , an alienation (ALG) block 1006, a message digest (MD) field 1007, and a round count (RCNT) block _. All values of the reserved block 10 01 are reserved. Key size field 10 In the case of 0, the size of the cipher clock is used to increase the size of the cipher clock. In the example, the size of the block is 128 bits = 192 bits or 256 bits. Encryption/decoding field 1〇〇3 specifies the password to be operated. τ9 will be used for abandoning or decoding operations. The key generation field 1〇〇5 indicates whether the gold theory schedule generated by the Lu user is stored in the memory, or whether a single password is read in the reading body. If a single-Mitsubishi gold input does exist, then the micro-instruction and password gold scores are sent to the password usage unit, so that the unit can block the gold silk algorithm to make the content-specified Qianmima algorithm into - Jin Lai Cheng. In the embodiment, the algorithm blocker i〇〇6 refers to the use of the W-right DES algorithm, the three-wise algorithm or the fine-calculation algorithm. In the other different embodiments, the algorithm used is the post-c batch and the Twofish Cipher variant. The content of the message digest block (10) 7 is determined to be generated - a message digest or when a general encryption or decoding operation is performed. The round count age (4) refers to the number of password rounds used by the linear method to calculate the input text block for every 40 1351864; although the standard used in the above algorithm uses the specified fixed calculus number for each input text block. However, the programmer has to use the round count block 1008 to change the number of rounds specified by the criteria. In one embodiment, the programmer sets a different round of 0 to 15 for each block. Finally, the content of the intermediate result field 1004 specifies whether an input text block is counted according to the cryptographic algorithm standard specified by the message summary block 1007, or the number of rounds specified in the round count block 1008, or whether the round is counted. Encryption/decoding is performed on the number of rounds specified in block 1008, where the last round executed represents an intermediate result rather than a final result. Those skilled in the art are aware that many cryptographic algorithms perform the same sub-operations in each round, but the last round is different. Therefore, it is advantageous to program the intermediate result block 1004 to provide intermediate results rather than the final result, as it allows the programmer to confirm the intermediate steps of the algorithm. For example, the gradual intermediate result of confirming the performance of the algorithm can be achieved by performing an encryption round on a text block, then performing two rounds on the same text block, and then performing three rounds. In addition, the achievement of programmable rounds and intermediate results allows users to confirm password-related performance and to resolve and examine the usefulness of various key structures and rounds. Referring now to the drawings, which are block diagrams illustrating an example of a cryptographic use unit of the present invention. In the figure, the password using unit 1100 includes a micro-opcode 1103 register, which receives a cryptographic micro-instruction (ie, XLOAD and XSTOR micro-instructions) via a micro-instruction bus 1114, and has a control block 1104 register, a Input-0 register 1105, input-1 register 1106, one gold 41 1351864 = 11G7 and - key 1 register 11G8. According to the micro-opcode, the content specified by the content of a xloam instruction in the scratchpad, the data is sent to the scratchpad by one, and the stream is sent to the scratchpad. In addition, the key ς 1100 also includes a block ciphertext logic circuit 1101, the block: ♦ Logic circuit 1 (8) lightly coupled to each of the temporary S 1103-1108, and = lightly coupled to the cryptographic key Random access memory (RAM) 1102. In addition, the block escaping circuit 1101 also provides a delay signal 1113, and also provides "Shen guo zhi, 〇 - 〇 register 11 〇 9 and - output" register ln heart " temporary storage benefit 1109- The 1110 stores its internal contents through the storage bus 1111 to the subsequent stage of the compatible microprocessor. In the embodiment, the size of the microinstruction 1103 register is 32 bits, and the register 11〇4 _ Hawthorn's ^ is 128 bits. The password micro-instruction and the data assigned to the control block register 1104 are selectively and sequentially supplied to the register of the micro-instruction code u, input temporarily, U05.H06 Its 4 gold register register 11G7] (10); its - in the embodiment shown in Figures 8 and 9 '- control word group is loaded into the control block u〇4 register via an XLOAD microinstruction Then, the cryptographic key or key schedule is recorded as 128 bits by the subsequent XL〇AD microinstruction, and then a XL〇AD microinstruction is used to specify the golden record-01 register 1107. The loaded password key is greater than the US bit, then an XLOAD microinstruction specifies the key _〇 register u〇7, and an xl〇ad microinstruction specifies the Admiralty_1 register register circle. For the user-generated key schedule, the subsequent XL〇AD micro-instruction specifies the key _〇 register 1107. Each of the gold balances in the loaded gold record schedule is placed in the gold draw randomly. The access memory (10) is used for the execution of the relative gold record round 42 1351864. After that, the input text data (if no start vector is needed) is carried to the IN-1 register 1106. If the start is used The vector is then loaded via an XLOAD microinstruction to the input-1 register 1106. A microinstruction sent to the input-〇 register 1105 causes the password usage unit to load the input literal into the input-〇 register 1105. And start using the input-1 or two input registers 1105-1106 (when the input data is being processed by the pipeline) the start vector performs a password round on the input text in the input-0 register 1105, wherein The execution of the password round φ is based on the parameters provided by the contents of the control block 1104 register. When a XLOAD micro-instruction is received and specified, the block ciphertext logic begins. Execute the cryptographic operations specified by the control block contents. When a single cryptographic key needs to be expanded, the block ciphertext logic circuit generates each key in the key schedule and stores it in the key random access memory 1102. In a different embodiment, the block The ciphertext logic circuit generates each key in the key schedule before receiving the LOAD microinstruction specifying the input-〇 register 1105. Whether or not the block ciphertext logic circuit H01 generates a key schedule or key Whether the schedule is carried out from the memory, the key used in the first round is cached in the block ciphertext logic circuit 1101, so that the first block password round can be used without using the key random access memory. The condition of the body 1102 is carried out. The block ciphertext logic circuit 1101 continues to perform a specified cryptographic operation on one or more input text blocks upon activation until the operation is completed. Next, the back alloy key required for the cryptographic algorithm used is retrieved from the key random access memory 1102. The password using unit 1100 performs a predetermined block cryptographic operation on the designated input text block, and the subsequent input text block is encrypted or undefined by the execution of the 43 X351864 relative to the subsequent XLOAD and XSTOR microinstructions ( That is, when the §-draw micro-instruction is executed, if _ has not been completely generated = 〇 register 1109 or turn-out -1 register 1113. - The output block ciphertext logic circuit sends * delay signal 1109-1110 , then the second shame is placed and placed - corresponding to the wheeled register bus 1112. ^ UG9] 11G content is transferred to the wrong memory, please refer to Figure 12, the dragon goes to ^

In order to explain the implementation of the present invention, it is based on the advanced encryption rate (AES) implementation code calculation circuit of the π & block 轲 轲 轲 。 。 circuit. Block ciphertext logic Zengmu 1〇ΛΛ - Human, Section Circuit 1200 includes a round engine 122〇, the round engine 1220 through the m weep row 1〇Ί1 ', the field hits the row 1211-1214 and the bus bar 1216-1218 Coupled to a round engine controller 121, the round engine controller 1210 uses a microinstruction ι 201 register, a control block 12 〇 2 register, a key 〇 register 1203, and a key -1 temporary storage The device 12〇4 accesses the gold data, the microinstruction, and the parameters of the cryptographic operations performed. The contents of the input temporary cry 1205-1206 are sent to the round engine 1220, and the round engine 122 provides the corresponding output text to the output registers 1207-1208. The output registers 1207-1208 are also coupled to the round engine controller 1210 via the bus bars 1216-1217 to cause the round engine controller 1210 to use the results of each subsequent password round, wherein the results are entered via the lower round input bus 1218 And send it to a password round. The cryptographic key in the golden record Ram (not shown) can be accessed via the key to the bus 1215. The encryption/decryption bus 1211 causes the round engine to perform encryption (such as S-Box) or decoding using sub-operations ( For example, the reverse S-Box); the content of the round count bus bar 212 causes the round engine 1220 to perform a first AES round, an intermediate AES round, or a final AES round. 44 1351864 The key generation bus 1214 is issued to cause the round engine 1220 to generate a key schedule based on the key provided by the key bus 1213, and the key bus 1213 is also provided each time the alloy record is executed. Corresponding back to the alloy clock to the turn engine 1220. The round engine 1220 includes a first key x〇R logic circuit 1221. The first key XOR logic circuit 1221 is coupled to a REG-0 register 1222. The REG-0 register 1222 is coupled to the S-box logic 1223. The S-box logic circuit 1223 is coupled to a Shift Row logic circuit 1224, which is coupled to a REG-1 register 1225, and the REG-1 register 1225 is coupled to the hybrid column. (Mix Column) logic circuit 1226 'mixed column logic circuit ms is coupled to a REG-2 register 1227. The first key x〇r logic circuit 1221, the S-box logic circuit 1223, the shift logic circuit 1224, and the mixed column logic circuit 1226 are configured to perform a sub-operation of a similar name on the input text data, wherein the sub-operations of the execution are Designated in the above AES FIPS standard. In addition, the hybrid column logic circuit 1226 is additionally configured to perform an aes XOR function on the input data via the return alloy key provided by the key bus 1213 during the desired intermediate round. The first key XOR logic circuit 1221, the S-box logic circuit 1223, the shift logic circuit 1224, and the mixed column logic circuit 1226 are also set to initiate execution of their corresponding inverse AES via the state of the encryption/decryption bus 1211 during decoding. Sub-operation. Those skilled in the art will be able to understand that the intermediate back-to-back joint venture material is returned to the round engine m according to the specific block encryption mode, which is specified by the control sub-group 1202 register. The starting vector data (if needed) is sent to the round engine 1220 via the next round input bus 1218. 45 1351864 In the embodiment shown in Fig. 12, the round engine is divided into a first stage and a second stage, wherein the first stage is located between the REG-0 register 1222 and the REG-1 register 1225, the second stage It is then located between the REG-1 register 1225 and the REG-2 register 1227. The intermediate round data is managed by the pipeline between the two levels, and the pipeline management system is synchronized with a clock signal. When a cryptographic operation on one of the input data blocks is completed, the associated output data is placed in a corresponding output register 1207-1208. When an XSTOR microinstruction is executed, a designated output register 1207-1208 is sent to a storage bus. Referring now to Figure 13, there is shown a flow diagram of a method S1300 for illustrating the preservation of the state of a cryptographic parameter when an interrupt occurs. The process begins in step S1302, where an instruction stream is executed by a microprocessor, wherein the instruction stream does not need to include the XCRYPT instruction described in this case. Then, the flow moves to step S1304. At step S1304, an interrupt event (such as a maskable interrupt, a non-maskable interrupt, a page fault, a work switch, etc.) is judged whether an interrupt is occurring, and a change is required in the instruction stream to form an instruction stream. ("Interrupt handler") to handle the interrupt event. If the interrupt is indeed in progress, the flow proceeds to step S1306; if not, the flow is repeatedly judged in step S1304 until an interrupt event occurs, wherein the action of the command execution continues during the repeated judgment. At step S1306, since an interrupt event has occurred before the program control is transferred to a corresponding interrupt handler, the interrupt logic circuit of the present invention clears the X bit in a flag register, thus ensuring 46 1351864 If a block cipher operation is in progress when the interrupt handler returns, the occurrence of one or more interrupt events will be indicated and the control block data and key data must be loaded before the block cipher operation is continued. The input data block for which the cryptographic operation is directed is the one indicated by the content of the input indicator register. Next, the flow proceeds to step S1308. At step S1308, the indicator and counter architectural register containing the block cipher performance of the present invention are stored in the memory. Those skilled in the art will be able to understand that the storage of architectural registers in today's data computing devices is typically performed prior to the transfer control to the interrupt handler. Therefore, the present invention proposes this data architecture to allow the interrupt event to occur throughout the process. Has execution transparency. After the registers are stored, the flow advances to step S1310. At step S1310, the program stream is sent to the interrupt handler. Then, the flow advances to step S1312. The method ends at step S1312. Those skilled in the art will be able to understand that the method of Figure 13 begins again at block 1302 when the interrupt handler returns. Referring now to Figure 14, there is shown a method S1400 for illustrating a method for generating a message digest for a plurality of message blocks at the time of occurrence of one or more interrupt events using a symmetric key algorithm of the present invention. flow chart. Although those skilled in the art are aware that there are still some negligible changes in the use of one of the other block ciphertext modes (such as CBC, CTR, CFB, etc.), the steps of the method are based on the output. The block ciphertext mode is indicated to make the description easier. 47 1351864 The flow begins in step S1402, at which time an XCRYPT instruction of the present invention causes the generation of a message digest to begin execution. The execution of the XCRYPT instruction may be a first execution, or may be performed after a first execution due to an interrupt event caused by an interrupt event, wherein the interrupt event is executed after the interrupt is executed by an interrupt handler Transfer back to the XCRYPT command. Next, the flow proceeds to step S1404. In step S1404, a memory data block indicated by the input index register content of the present invention is loaded from the memory, and the message digest generation is also started according to a specified cryptographic operation. The used input index register is used, and a specific mbma operation (such as encryption or decoding) is determined according to the input index register, and the block cipher mode (such as CBC, CTR, CFB or OFB) ) is also determined by the input indicator register. For example, if the OFB mode is used for the encryption operation to generate the message digest, the input indicator register and a start indicator register are used to load the data, so the input indicator register points to be encrypted. The message block, the result is an intermediate hash value. If a message digest is generated using the OFB mode decoding operation, the input indicator register points to the same next message block, and this is done by decoding algorithm instead of encryption. Regardless of the mode (ie, OFB encryption or OFB decoding), the start vector register points to a starting vector position in the memory, and its content is a starting vector for a first message block, and for a subsequent message block. Corresponding to the output ciphertext block of the previous message block (ie, the intermediate hash value), wherein the previous message block is used as a start vector equivalent to a current message block. At step S1406, whether the X bit in a flag register is set to 48 1351864 is judged. If the X bit is set, the control word group and the value of the key schedule loaded into the password use unit of the present invention are established; if the X bit is cleared, the control word group and the control word group are loaded into the present invention. The value of the key schedule for the password usage unit does not hold. As mentioned above in conjunction with Figure 13, the X bit is cleared at the time an interrupt event occurs. In addition, when a new control block or key schedule or both needs to be loaded, the instructions must be executed to clear before the XCRYPT instruction is issued, as described above. In an X86-compatible embodiment using bit 30 in the X86 EFLAGS register, the clearing of the X bit can be performed by a PQPFD instruction followed by a PUSHFD instruction. However, those skilled in the art are aware that the elimination of X bits must rely on other instructions in other different embodiments. If the X bit is set, the flow proceeds to step S1412; if the X bit is cleared, the flow proceeds to step S1408. At step S1408, a control word is loaded from the memory since a cleared X bit has indicated that an interrupt event has occurred or a new control block and/or key data will be loaded. . In one embodiment, the loading of the control block causes the specified cryptographic operation of the cryptographic use unit to cease, as described above in conjunction with step S1404. In the present embodiment, the start of a cryptographic operation in step S1404 optimizes the plurality of block cryptographic operations by assuming that a current control block and a poorly recorded material are to be used. Therefore, the input data block is currently loaded, and the cryptographic operation has started before the X bit state in the check step S1406. Then, the flow proceeds to step S1410. At step S1410, the key material (i.e., an encryption key or a complete gold 49 1351864 key schedule) is loaded from the memory. In addition, the input message block and the start vector (or the equivalent of the start vector) in step S] 404 are reloaded, and the cryptographic operation starts according to the newly loaded control block and key schedule. get on. Next, the flow proceeds to step S1412. At step S1412, the input message block loaded at step S1404 or step S1410 is stored to an internal register TEMP. Then, the flow proceeds to step S1414. At step S1414, an intermediate hash value of a pair of message blocks to be loaded is generated. Next, the flow proceeds to step S1416. At step S1416, the equivalent of the start vector IVEQ is generated by mutually exclusive or mutating the contents of the intermediate hash value and TEMP. Then, the flow proceeds to step S1418. At step S1418, the equivalent vector IVEQ of the start vector is written to the memory location indicated by the content of the start vector index register IVPTR, so that the specified OFB mode cryptographic operation for the next input message block is used correctly. The starting vector equivalent. Next, the flow proceeds to step S1420. The steps described in steps S1412, S1414, S1416 and S1418 ensure that an XCRYPT instruction is executed at any time using the OFB mode block cipher mode to be interrupted. At step S1420, the generated intermediate hash value is stored in the memory. Next, the flow proceeds to step S1422. At step S1422, the contents of the input block indicator register are modified to point to the next input message block. Since the function of this process S1400 is to generate a message digest, the content of the round-out indicator register is not changed, 50 1351864, so that each subsequent intermediate hash value generated is overwritten on the previously generated value, and finally The message digest itself is formed on the previous message block after the specified cryptographic operation is performed. In addition, the block count register contents are modified to indicate that the cryptographic operation on the current input message block has been completed. In the embodiment shown in FIG. 14, the block count register value is decremented, but those skilled in the art are aware that other embodiments can process and test the block count register contents to make the input message area. Blocks can also be processed in a pipeline. Then, the flow proceeds to step S1424. At step S1424, whether the input message block is still added by the addition operation is determined. This embodiment determines whether the block counter determines whether the block counter is zero, but this is for illustrative purposes only, and there are still other embodiments. . If no block has been subjected to arithmetic processing, the flow proceeds to step S1428. If a block is still subjected to arithmetic processing, the flow proceeds to step S1426. At step S1426, the next input message data block is loaded with the equivalent of the start vector, and the equivalent of the start vector is indicated by the input index register and the start vector register. Then, the flow proceeds to step S1412. At step S1428, the method ends. It is well known to those skilled in the art that the steps of the steps corresponding to steps S1416, S1418, S1420, S1422 and S1424 may differ from the above, which may even be parallel. The objects, features, and advantages of the invention are set forth in the Detailed Description. For example, the embodiments of the present invention that are compatible with the x86 architecture have been described in detail above, but are merely exemplified by the fact that the x86 architecture is widely known as a 53 1351864, so that discussion thereof can be used to teach Other parts of the invention. That is, the scope of the present invention extends to other instruction set architectures such as PowerPC and MIPS, and is also applicable to other new instruction set architectures. Moreover, the cryptographic operation of the present invention can also be performed in a control component other than the microprocessor itself in a computing system, such as in a computing system that is different from a cryptographic use unit on the integrated circuit in which the microprocessor is located. The embodiments may be sequentially integrated into a micro-processed chipset (such as a north bridge and a south bridge), or may constitute a dedicated processor for performing cryptographic operations, in which case the password command is controlled by a main microprocessor. Sent to the processor. The invention can also be used in embedded controllers, industrial controllers, signal processors, array processors, and various similar devices for processing data. Moreover, the present invention also encompasses an embodiment having only the controls necessary to perform cryptographic operations as described above. The device embodied in the above manner does have to implement a low-cost and low-power substitute for performing a password operation by an encryption/decoding processor or the like in a communication system. For convenience of explanation, the inventors of the present invention collectively refer to the above different processing control items as processors. In addition, although the above invention is represented by a 128-bit block, other various block sizes are also used, and only the temporary storage of the input data, the rounded data, the key, and the control block need to be changed. The size of the device can be achieved. Furthermore, although the features of DES, Triple DES, and AES have been described in detail in this case, the inventor of the present invention specifically states that the present invention actually includes a generally less commonly used block cipher use algorithm, such as MARS ciphertext, 52 1351864

Rijndael ciphertext 'Twofish ciphertext and Blowfish ciphertext, Serpent ciphertext and RC6 ciphertext. After reading the above description, the dedicated block cipher device and the support method in the microprocessor of the present invention are generally understood, and the message digest generating operation can be invoked by performing a single instruction. Finally, the present invention has been described in detail that a single cryptographic usage unit can support a plurality of block cipher algorithms, but the scope of the present invention also encompasses the use of multiple cryptographic usage units that are operationally compatible with other microprocessors. The execution units are coupled in parallel and are each configured to perform a specified block cipher algorithm. For example, a first unit is set to perform an AES algorithm, a second unit is set to perform a DES algorithm, and the like. The present invention has been described in detail above with reference to the specific embodiments of the present invention, which may be modified or modified without departing from the spirit and scope of the invention. The spirit and scope of the invention will be defined in the scope of the claims below. The above and other objects, features and advantages of the present invention will become more <RTIgt; BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing a conventional password-related application; FIG. 2 is a block diagram showing a technique for performing a cryptographic operation; and FIG. 3 is a diagram showing a micro-operation for performing a cryptographic operation of the present invention. Block diagram of a processor device, FIG. 4 is a block diagram of an embodiment of a very small cipher command of the present invention; 53 1351864: &gt; Figure 1 is an example of a block ciphertext mode block value in a very small cipher command in FIG. Figure 6 is a block diagram of a unit used in a microprocessor in the same microprocessor as the χ86. The figure is a microinstruction example for the cryptographic correlation sub-operation in the microprocessor of the second figure. The field map in the middle; the 8th picture is a table of the scratchpad bits of the XLOAD microinstruction in the format of Figure 7; the picture of the 9th is the XSTOR microinstruction in the format of the 7th figure. a table of the register block value of the register; the figure is a block diagram of the control character format example used to specify a password-related parameter of a password use operation; A block diagram of the password usage unit example details Figure 2 is a block diagram showing an embodiment of a block cipher logic circuit for performing an advanced cryptographic standard (eight singularity) of the present invention; * $ is: illustrating the present invention for use during an interruption event A flowchart of a method for storing a password/related worm state; and FIG. 4 is a summary of a message of a plurality of message blocks using a symmetric gold recording algorithm in the presence of one or more interruption events. A flow chart of the method. [Main component symbol description] 1〇0 computer password application technology block diagram 54 first computer workstation second computer workstation remote computer laptop computer network network file storage device first router wireless network router wireless network WAN second router encryption, decoding or hash application block diagram of cryptographic operation technology microprocessor operating system software application memory password gold output generation application gold record scheduling encryption application decoding application start vector password parameter Unencrypted File Message Summary 1351864 300 Block Diagram for Performing Cryptographic Operations Related to Microprocessor Devices 301 Microprocessor 302 Capture Logic Circuitry 303 Conversion Logic 304 Microinstruction Columns 305 Storage 306 Loading 307 Register File 308 Control Indicators 309 Gold Record indicator 310 Key generation 311 Input indicator 312 Output indicator 313 Block count 314 Load logic circuit 315 Data cache memory 316 Password use unit 317 Storage logic circuit 318 Write back logic circuit 319 Memory bus 320 Operating system 321 System memory body 322 password command 323 password control block 56 1351864

324 Start Password Key Schedule 325 Start Vector 326 Message Text 327 Message Summary 328 Execution Logic 400 Very Password Command 401 Selective Pre-Code Field 402 Repeat Pre-Code Field 403 Compute Slot 404 Block Ciphertext Mode Field 500 Block Ciphertext Mode Field Value Example Table 600 Microprocessor 601 Desk Logic 602 Conversion Logic 604 Translator 604 Microcode Read Only Memory 605 Register Level 606 Address Level 607 Load Level 608 Execution Level 609 Micro-instruction column 610 Integer unit 611 Micro-instruction column 612 Floating-point unit 57 Micro-instruction column Multimedia extension instruction set unit Micro-instruction column Stream extension set unit password Usage unit Storage level Write back level load bus stall delay signal storage bus header flag Standard register X bit interrupt logic circuit software and hardware interrupt signal bus E bit feature control register D bit execution logic circuit machine specified register · message summary logic circuit micro instruction micro code data temporary storage 1351864 703 register 800 XLOAD micro-instruction register field bit value table 900 XSTOR micro-instruction Table of the storage field bit value 1000 Control character 1001 Reserved block 1002 Key size block 1003 Encryption/decoding block 1004 Intermediate result field 1005 Key generation block 1006 Algorithm block 10 0 7 Message summary Bit 1008 Round Count Block 1100 Password Usage Unit 1101 Block Ciphertext Logic 1102 Key Random Access Memory 1103 Micro Code 1104 Control Block 1105 Input-0 Register 1106 Input -1 Register 1107 Gold Key-0 register 1108 Gold record-1 register 1109 Output-0 register 1110 Output-1 register load bus 59 1111 1351864

1112 Storage Bus 1113 Delay Signal 1114 Micro Command Bus 1200 Block Ciphertext Logic Circuit 1201 Micro Command 1202 Control Word Group 1203 Gold Recorder-0 Register 1204 Gold Recorder-1 Register 1205 Input-0 Register 1206 Input-1 register 1207 output-0 register 1208 output-1 register 1210 round engine controller 1211 encryption/decryption bus 1212 round count bus 1213 key bus 1214 key generation bus 1215 to Key Bus 1216 Bus 1217 Bus 1218 Next Round Input Bus 1220 Round Engine 1221 First Key XOR Logic 1222 REG-0 Register 60 1351864 1223 S-box Logic 1224 Shift Logic 1225 REG- 1 register 1226 mixed column logic circuit 1227 REG-2 register S1300 method for saving password parameter state when interrupt occurs S1400 method for generating a message digest for a plurality of message blocks

61

Claims (1)

Case No. 095Π0349 May 25, 1999 曰 Amendment of this tenth, the scope of application for patents: The equipment of the type of device t, used to achieve the cryptographic operation, 1 contains the circuit, used to receive a secret from the source: the horse command , = = : - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ In operation _ to the conversion logic circuit, a sequence of microinstructions, and to perform the equalization operations to generate 2:=:: first: -^ to two plus; operation 'the cryptographic operation includes adding a plurality of message blocks A plurality of inter-order hash values corresponding to the mouth, wherein the last value of one of the intermediate hash values is the message digest. 3. The device of the microprocessor of claim 1, wherein the one of the four cryptographic operations comprises: solving the Ma Yun# stomach decoding operation comprises adding a weight to the plurality of message blocks to generate Corresponding to a plurality of intermediate hash values, wherein the last one of the intermediate hash values is the message digest. 4 == Patent _ The device in the microprocessor of item 1, wherein the implementation of the cipher is based on the advanced cryptographic standard algorithm. • A device in a microprocessor as described in claim 1 of the patent application, wherein 62: the password command specifies that the ciphertext mode is to be used. One block of one bite 6. As described in the application (4), the ciphertext mode of the block contains at least the following modes: its Chinese blockchain, ciphertext grant mode, and output grant mode. The equipment in the microprocessor described in item 1 of the patent scope is specified in accordance with the X86 instruction format. 8. The device in the microprocessor as described in item 1 of the material profit range. The push code command refers to the micro-processing wipes. The microprocessor 2 device of the scope item 8 includes a plurality of scratchpads including a register, wherein the content package of the register: the first indicator of the first-memory address, the first memory bit The first place in the memory used to access a plurality of message blocks Wherein, the cryptographic operations are performed for the plurality of message blocks to generate the message digest. 10. The device of the microprocessor of claim 8, wherein the plurality of registers comprise a register, wherein the contents of the register are 3 · m memory address - an indicator, the first memory address is in the heart of the memory - the first position to store a corresponding plurality of median hash values, the corresponding plurality of money - a value of one of the cryptographic operations Generated by the action of the message block. η. The device in the microprocessor of claim 8, wherein 63 1351864 = a plurality of temporary storage ports - a temporary storage device, wherein the contents of the temporary storage device indicate a plurality of information block A The number of blocks. 12. The device of the microprocessor of claim 8, wherein the plurality of registers comprise a register, wherein the contents of the register comprise:: a pointing-first memory address The first indicator is a first address located in the body of the It is used to access the first address of the password, to complete one of the cryptographic operations using the cryptographic data. The device in the microprocessor of the eighth aspect, wherein: the plurality of registers comprise a register, wherein the contents of the register are the first indicator of the memory-memory address, and the first memory bit A first position in the memory of the start vector, wherein the cryptographic operation is performed by the money start vector. The device in the microprocessor of the eighth aspect, wherein the solid register comprises a temporary register 'where the contents of the register are directed to the first indicator of the δ 忆 位 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , The cryptographic parameter that controls one of the secret operations. The method of performing the secret calculation in the _ _ The following steps are included to receive a pebbly horse command, wherein the cryptographic command specifies a message digest according to the 64 丄丄 504 of the cryptographic operation; and performs a cryptographic operation to generate a message digest. ^申/月专(四)围15 The method of executing a secret stone in a processor, wherein the step of receiving a password command comprises the following steps The definite-encryption operation is the operation of the cryptographic operations, wherein the encryption comprises: encrypting the plurality of message blocks to generate a corresponding complex intermediate hash value, and the last of the towel values is The message is as claimed in the patent, and the method described in the fifteenth patent is performed in a processor, wherein the step of receiving the password command includes the following steps. The decoding operation is designated as a categorization operation, and the decoding operation decodes the plurality of message blocks to generate a corresponding plurality of hash values and the last intermediate hash value is the message digest. The process of generating a message digest in the processor described in claim 15 includes the following steps: The cryptographic operation is performed according to the advanced encryption standard algorithm. The method of performing the password calculation in the processor as described in the claim 15 includes the following steps: the step of receiving the password instruction is specified in the password instruction - the password is to be completed by the heart - Block ciphertext mode to generate a summary of the message. 65 1351864 20 such as! ^ Patent &amp; 帛 帛 帛 帛 — — 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 处理器 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中 其中Mode: A method of performing a password dilemma in a processor as described in item 15 wherein the step of receiving a password instruction comprises the step of specifying the password instruction in accordance with the instruction format of the file. 66