公开(公告)号：US08671285B2

公开(公告)日：2014-03-11

申请号：US13091487

申请日：2011-04-21

申请人： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

发明人： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC分类号： G06F21/00

CPC分类号： H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

摘要： A fetch unit (a) fetches a block of instruction data from an instruction cache of the microprocessor; (b) performs an XOR on the block with a data entity to generate plain text instruction data; and (c) provides the plain text instruction data to an instruction decode unit. In a first instance the block comprises encrypted instruction data and the data entity is a decryption key. In a second instance the block comprises unencrypted instruction data and the data entity is Boolean zeroes. The time required to perform (a), (b), and (c) is the same in the first and second instances regardless of whether the block is encrypted or unencrypted. A decryption key generator selects first and second keys from a plurality of keys, rotates the first key, and adds/subtracts the rotated first key to/from the second key, all based on portions of the fetch address, to generate the decryption key.

摘要翻译： 提取单元（a）从微处理器的指令高速缓冲存储器获取指令数据块; （b）使用数据实体在块上执行异或以产生明文指令数据; 和（c）将明文指令数据提供给指令译码单元。 在第一种情况下，块包括加密指令数据，数据实体是解密密钥。 在第二种情况下，该块包括未加密的指令数据，并且数据实体为布尔零。 执行（a），（b）和（c）所需的时间在第一和第二实例中是相同的，而不管该块是加密还是未加密。 解密密钥生成器从多个密钥中选择第一和第二密钥，旋转第一密钥，并且基于获取地址的部分，将旋转后的第一密钥加到/从第二密钥中加减乘以产生解密密钥。

公开(公告)号：US08132022B2

公开(公告)日：2012-03-06

申请号：US12977803

申请日：2010-12-23

申请人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

发明人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

IPC分类号： G06F12/14 ,  G06F9/30 ,  H04L9/32 ,  H04K1/00

CPC分类号： H04L9/3239 ,  G06F9/30007 ,  G06F9/30065 ,  G06F9/30185 ,  G06F9/3895 ,  G06F21/64 ,  G06F21/72 ,  H04L9/0643 ,  H04L2209/125 ,  H04L2209/60

摘要： A method for performing hash operations including: receiving a hash instruction that is part of an application program, where the hash instruction prescribes one of the hash operations and one of a plurality of hash algorithms; translating the hash instruction into a first plurality of micro instructions and a second plurality of micro instructions; and via a hash unit disposed within execution logic, executing the one of the hash operations. The executing includes first executing the first plurality of micro instructions within the hash unit to produce output data; second executing the second plurality of micro instructions within an x86 integer unit in parallel with the first executing to test a bit in a flags register, to update text pointer registers, and to process interrupts during execution of the hash operation; and storing a corresponding intermediate hash value to memory prior to allowing a pending interrupt to proceed.

摘要翻译： 一种用于执行散列操作的方法，包括：接收作为应用程序的一部分的散列指令，其中所述散列指令规定所述散列操作之一和多个散列算法之一; 将所述散列指令转换成第一多个微指令和第二多个微指令; 并且经由布置在执行逻辑内的哈希单元，执行所述散列操作之一。 所述执行包括首先执行所述散列单元内的所述第一多个微指令以产生输出数据; 第二执行x86整数单元内的第二多个微指令，与第一次执行一起执行以测试标志寄存器中的位，更新文本指针寄存器，以及在执行散列操作期间处理中断; 以及在允许待决中断进行之前将相应的中间散列值存储到存储器。

公开(公告)号：US07844053B2

公开(公告)日：2010-11-30

申请号：US10730167

申请日：2003-12-05

申请人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

发明人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

IPC分类号： G06F15/76

CPC分类号： G06F9/30003 ,  G06F9/30007 ,  G06F9/30047 ,  G06F9/30065 ,  G06F9/30087 ,  G06F9/3017 ,  G06F9/30178 ,  G06F9/3885 ,  G06F21/602 ,  G06F21/6245 ,  G06F21/72 ,  H04L9/06

摘要： A microprocessor apparatus is provided, for performing a cryptographic operation. The microprocessor apparatus includes an x86-compatible microprocessor that has fetch logic, a cryptography unit, and an integer unit. The fetch logic is configured to fetch an application program from memory for execution by the x86-compatible microprocessor. The application program includes an atomic instruction that directs the x86-compatible microprocessor to perform the cryptographic operation. The atomic instruction has and opcode field and a repeat prefix field. The opcode field prescribes that the device accomplish the cryptographic operation as further specified within a control word stored in a memory. The repeat prefix field is coupled to the opcode field. The repeat prefix field indicates that the cryptographic operation prescribed by the atomic instruction is to be accomplished on a plurality of blocks of input data.

摘要翻译： 提供了一种用于执行密码操作的微处理器装置。 微处理器装置包括具有取指逻辑的x86兼容微处理器，加密单元和整数单元。 提取逻辑被配置为从存储器获取应用程序以由x86兼容的微处理器执行。 应用程序包括指导x86兼容微处理器执行加密操作的原子指令。 原子指令具有和操作码字段和重复前缀字段。 操作码字段规定设备完成在存储在存储器中的控制字中进一步指定的加密操作。 重复前缀字段耦合到操作码字段。 重复前缀字段指示由原子指令规定的加密操作将在多个输入数据块上完成。

公开(公告)号：US07536560B2

公开(公告)日：2009-05-19

申请号：US10826475

申请日：2004-04-16

申请人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

发明人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

IPC分类号： H04L9/06

CPC分类号： G06F9/30181 ,  G06F9/30003 ,  G06F9/30007 ,  G06F9/30174 ,  G06F9/3877 ,  G06F21/72 ,  H04L9/0631 ,  H04L9/0637 ,  H04L2209/125 ,  H04L2209/24

摘要： The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a microprocessor, where the size cryptographic key that is employed is programmable. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes fetch logic and execution logic. The fetch logic is disposed within a microprocessor, and receives a cryptographic instructionsingle atomic cryptographic instruction as part of an instruction flow executing on the microprocessor. The cryptographic instructionsingle atomic cryptographic instruction prescribes one of the cryptographic operations, and also one of a plurality of cryptographic key sizes. The execution logic disposed within the microprocessor and is operatively coupled to the single atomic cryptographic instruction. The execution logic executes the one of the cryptographic operations. The execution logic has a cryptographic key size controller that employs the one of a plurality of cryptographic key sizes during execution of the one of the cryptographic operations.

摘要翻译： 本发明提供一种用于对微处理器内的多个输入数据块执行密码操作的装置和方法，其中使用的大小密码密钥是可编程的。 在一个实施例中，提供了一种用于执行密码操作的装置。 该装置包括提取逻辑和执行逻辑。 提取逻辑设置在微处理器内，并且接收作为在微处理器上执行的指令流的一部分的加密指令单原子加密指令。 加密指令单原子加密指令规定了密码操作之一以及多个加密密钥大小之一。 执行逻辑设置在微处理器内，并且可操作地耦合到单原子加密指令。 执行逻辑执行加密操作之一。 执行逻辑具有加密密钥大小控制器，该加密密钥大小控制器在执行所述密码操作之一期间采用多个密码密钥大小中的一个。

公开(公告)号：US07529368B2

公开(公告)日：2009-05-05

申请号：US10826745

申请日：2004-04-16

申请人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

发明人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

IPC分类号： H04J1/06

CPC分类号： G06F9/3017 ,  G06F9/30003 ,  G06F9/30007 ,  G06F9/30178 ,  G06F9/3877 ,  G06F21/72 ,  H04L9/0631 ,  H04L9/0637 ,  H04L2209/125 ,  H04L2209/24

摘要： An apparatus and method for performing cryptographic operations on a plurality of input data blocks. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, OFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of OFB block cryptographic operations performed on a corresponding plurality of input text blocks. The OFB mode logic is operatively coupled to the cryptographic instruction. The OFB mode logic directs the pipeline microprocessor to update pointer registers and an initialization vector location for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the OFB mode logic. The execution logic executes the one of the cryptographic operations.

摘要翻译： 一种用于对多个输入数据块执行密码操作的装置和方法。 在一个实施例中，提供了一种用于执行密码操作的装置。 该装置包括密码指令，OFB模式逻辑和执行逻辑。 密码指令由流水线微处理器接收，作为在流水线微处理器上执行的应用程序的一部分。 加密指令规定了一种加密操作。 密码操作之一包括对相应的多个输入文本块执行的多个OFB块密码操作。 OFB模式逻辑可操作地耦合到密码指令。 OFB模式逻辑指示流水线微处理器更新多个CFB块加密操作中的每一个的指针寄存器和初始化向量位置。 执行逻辑可操作地耦合到OFB模式逻辑。 执行逻辑执行加密操作之一。

公开(公告)号：US07529367B2

公开(公告)日：2009-05-05

申请号：US10826428

申请日：2004-04-16

申请人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

发明人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

IPC分类号： H04K1/06

CPC分类号： H04L9/0631 ,  G06F9/30007 ,  H04L9/0637 ,  H04L2209/125 ,  H04L2209/24

摘要： An apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CFB mode logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CFB block cryptographic operations performed on a corresponding plurality of input text blocks. The CFB mode logic is operatively coupled to the cryptographic instruction. The CFB mode logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CFB block cryptographic operations. The execution logic is operatively coupled to the CFB mode logic. The execution logic executes the one of the cryptographic operations.

摘要翻译： 一种用于对处理器内的多个输入数据块执行加密操作的装置和方法。 在一个实施例中，提供了一种用于执行密码操作的装置。 该装置包括密码指令，CFB模式逻辑和执行逻辑。 密码指令由流水线微处理器接收，作为在流水线微处理器上执行的应用程序的一部分。 加密指令规定了一种加密操作。 密码操作之一包括对相应的多个输入文本块执行的多个CFB块加密操作。 CFB模式逻辑可操作地耦合到密码指令。 CFB模式逻辑指示流水线微处理器为多个CFB块加密操作中的每一个更新指针寄存器和中间结果。 执行逻辑可操作地耦合到CFB模式逻辑。 执行逻辑执行加密操作之一。

公开(公告)号：US07392400B2

公开(公告)日：2008-06-24

申请号：US10800768

申请日：2004-03-15

申请人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

发明人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

IPC分类号： G06F11/30

CPC分类号： G06F9/3017 ,  G06F9/30003 ,  G06F9/30007 ,  G06F9/30178 ,  G06F9/3877 ,  G06F21/72 ,  H04L9/0631 ,  H04L2209/125 ,  H04L2209/24

摘要： The present invention provides an apparatus and method for performing cryptographic operations on a plurality of input data blocks within a processor. In one embodiment, an apparatus for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction and translation logic. The cryptographic instruction is received by fetch logic in a microprocessor as part of an instruction flow. The cryptographic instruction prescribes one of the cryptographic operations. The translation logic translates the cryptographic instruction into micro instructions. The micro instructions are ordered to direct the microprocessor to load a second input text block and to execute the one of the cryptographic operations on the second input text block prior to directing the microprocessor to store an output text block corresponding to a first input text block. Consequently, the output text block is stored during execution of the one of the cryptographic operations on the second input text block.

摘要翻译： 本发明提供一种用于对处理器内的多个输入数据块执行密码操作的装置和方法。 在一个实施例中，提供了一种用于执行密码操作的装置。 该装置包括加密指令和翻译逻辑。 作为指令流的一部分，加密指令由微处理器中的提取逻辑接收。 加密指令规定了一种加密操作。 翻译逻辑将加密指令转换为微指令。 命令微指令指导微处理器加载第二输入文本块，并且在指示微处理器存储对应于第一输入文本块的输出文本块之前对第二输入文本块执行加密操作之一。 因此，输出文本块在对第二输入文本块的密码操作之一的执行期间被存储。

公开(公告)号：US20110296205A1

公开(公告)日：2011-12-01

申请号：US13091785

申请日：2011-04-21

申请人： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

发明人： G. Glenn Henry ,  Terry Parks ,  Brent Bean ,  Thomas A. Crispin

IPC分类号： G06F12/14

CPC分类号： H04L9/0827 ,  G06F9/30003 ,  G06F9/30079 ,  G06F9/30178 ,  G06F9/30189 ,  G06F12/0875 ,  G06F21/52 ,  G06F21/54 ,  G06F21/602 ,  G06F21/71 ,  G06F21/72 ,  G06F2212/402 ,  G06F2212/452 ,  G06F2221/2107 ,  H04L9/0618 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L2209/12 ,  H04L2209/20

摘要： A microprocessor includes a storage element having a plurality of locations each storing decryption key data associated with an encrypted program. A control register field (may be x86 EFLAGS register reserved field) specifies a storage element location associated with a currently executing encrypted program. The microprocessor restores from memory to the control register a previously saved value of the field in response to executing a return from interrupt instruction. A fetch unit fetches encrypted instructions of the currently executing encrypted program and decrypts them using the decryption key data stored the storage element location specified by the restored field value. A kill bit associated with each storage element location may be employed if the location is clobbered because more encrypted programs are multitasked than available locations in the storage element, in which case an exception is generated to re-load the clobbered decryption key data in response to the return from interrupt instruction.

摘要翻译： 微处理器包括具有多个位置的存储元件，每个位置存储与加密程序相关联的解密密钥数据。 控制寄存器字段（可以是x86 EFLAGS寄存器保留字段）指定与当前执行的加密程序相关联的存储元件位置。 响应于执行中断指令的返回，微处理器从存储器恢复到控制寄存器先前保存的字段值。 提取单元获取当前执行的加密程序的加密指令，并使用存储由恢复的字段值指定的存储单元位置的解密密钥数据进行解密。 如果位置被破坏，则可以采用与每个存储元件位置相关联的杀死位，因为更多的加密程序比存储元件中的可用位置多任务，在这种情况下生成异常以重新加载被破译的解密密钥数据，以响应于 从中断指令返回。

公开(公告)号：US07925891B2

公开(公告)日：2011-04-12

申请号：US11090690

申请日：2005-03-25

申请人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

发明人： Thomas A. Crispin ,  G. Glenn Henry ,  Terry Parks

IPC分类号： G06F11/30 ,  G06F12/14

CPC分类号： H04L9/0637 ,  G06F9/30007 ,  H04L9/0643 ,  H04L2209/125 ,  H04L2209/24 ,  H04L2209/56 ,  H04L2209/60 ,  H04L2209/80

摘要： The present invention provides an apparatus and method for performing cryptographic operations on a plurality of message blocks within a processor to generate a message digest. In one embodiment, the apparatus has an x86-compatible microprocessor that includes translation logic and execution logic. The translation logic receives a single, atomic cryptographic instruction from a source therefrom, where the single, atomic cryptographic instruction prescribes generation of the message digest according to one of the cryptographic operations. The translation logic also translates the single, atomic cryptographic instruction into a sequence of micro instructions specifying sub-operations required to accomplish generation of the message digest according to the one of the cryptographic operations. The execution logic is operatively coupled to the translation logic. The execution logic receives the sequence of micro instructions, and performs the sub-operations to generate the message digest.

摘要翻译： 本发明提供了一种用于对处理器内的多个消息块执行密码操作以生成消息摘要的装置和方法。 在一个实施例中，该装置具有包括翻译逻辑和执行逻辑的x86兼容的微处理器。 翻译逻辑从其源头接收单个原子加密指令，其中单个原子加密指令根据密码操作之一规定生成消息摘要。 翻译逻辑还将单个原子加密指令转换为指定根据密码操作之一完成消息摘要生成所需的子操作的微指令序列。 执行逻辑可操作地耦合到翻译逻辑。 执行逻辑接收微指令的序列，并执行子操作以生成消息摘要。

公开(公告)号：US07542566B2

公开(公告)日：2009-06-02

申请号：US10826814

申请日：2004-04-16

申请人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

发明人： G. Glenn Henry ,  Thomas A. Crispin ,  Terry Parks

IPC分类号： H04K1/06

CPC分类号： G06F9/3017 ,  G06F9/30003 ,  G06F9/30007 ,  G06F9/30178 ,  G06F9/3877 ,  G06F21/72 ,  H04L9/0631 ,  H04L9/0637 ,  H04L2209/125

摘要： An apparatus and method for performing cryptographic operations is provided. The apparatus includes a cryptographic instruction, CBC block pointer logic, and execution logic. The cryptographic instruction is received by a pipeline microprocessor as part of an application program executing on the pipeline microprocessor. The cryptographic instruction prescribes one of the cryptographic operations. The one of the cryptographic operations includes a plurality of CBC block cryptographic operations performed on a corresponding plurality of input text blocks. The CBC block pointer logic is operatively coupled to the cryptographic instruction. The CBC block pointer logic directs the pipeline microprocessor to update pointer registers and intermediate results for each of the plurality of CBC block cryptographic operations. The execution logic is operatively coupled to the CBC block pointer logic. The execution logic executes the one of the cryptographic operations.

摘要翻译： 提供了一种用于执行密码操作的装置和方法。 该装置包括加密指令，CBC块指针逻辑和执行逻辑。 密码指令由流水线微处理器接收，作为在流水线微处理器上执行的应用程序的一部分。 加密指令规定了一种加密操作。 密码操作之一包括对相应的多个输入文本块执行的多个CBC块加密操作。 CBC块指针逻辑可操作地耦合到加密指令。 CBC块指针逻辑引导流水线微处理器更新多个CBC块加密操作中的每一个的指针寄存器和中间结果。 执行逻辑可操作地耦合到CBC块指针逻辑。 执行逻辑执行加密操作之一。