441 lines
55 KiB
HTML
441 lines
55 KiB
HTML
<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-cn" lang="zh-cn" data-whc_version="27.0">
|
||
<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="description" content="算法的分类注册 CE 硬件实现了多组不同类型的加密算法加速单元,分别对应内核加密子系统中的几种类型加密算法。在驱动实现时,根据不同的算法类型,将 CE 硬件抽象出三个不同的算法加速器: 对称密钥算法加速器 非对称密钥算法加速器 消息摘要算法加速器 驱动按照不同的算法加速器进行资源分配和实现,每个算法加速器支持多种不同的具体算法,并且将具体算法注册到加密子系统。 图 1 . CE 算法分类 驱动为 ..."/><meta name="DC.rights.owner" content="(C) 版权 2025"/><meta name="copyright" content="(C) 版权 2025"/><meta name="generator" content="DITA-OT"/><meta name="DC.type" content="concept"/><meta name="DC.relation" content="../../../topics/sdk/ce/ce-design_intro.html"/><meta name="DC.relation" content="../../../topics/sdk/ce/ce_architecture.html"/><meta name="DC.relation" content="../../../topics/sdk/ce/ce-key_procedures.html"/><meta name="DC.contributor" content="yan.wang"/><meta name="DC.creator" content="yan.wang"/><meta name="DC.date.modified" content="2024-01-15"/><meta name="DC.format" content="HTML5"/><meta name="DC.identifier" content="ce_key_design_intro"/><meta name="DC.language" content="zh-CN"/><title>设计要点</title><!-- Generated with build number 2024112209. --><meta name="wh-path2root" content="../../../"/><meta name="wh-toc-id" content="ce_key_design_intro-d4445e8045"/><meta name="wh-source-relpath" content="topics/sdk/ce/ce-key_design_intro.dita"/><meta name="wh-out-relpath" content="topics/sdk/ce/ce-key_design_intro.html"/>
|
||
|
||
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/commons.css?buildId=2024112209"/>
|
||
<link rel="stylesheet" type="text/css" href="../../../webhelp/app/topic.css?buildId=2024112209"/>
|
||
|
||
<script src="../../../webhelp/app/options/properties.js?buildId=20250123154945"></script>
|
||
<script src="../../../webhelp/app/localization/strings.js?buildId=2024112209"></script>
|
||
<script src="../../../webhelp/app/search/index/keywords.js?buildId=20250123154945"></script>
|
||
<script defer="defer" src="../../../webhelp/app/commons.js?buildId=2024112209"></script>
|
||
<script defer="defer" src="../../../webhelp/app/topic.js?buildId=2024112209"></script>
|
||
<link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-styles-web.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/notes.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-common.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-images.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/footnote.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/aic-web-watermark.css?buildId=2024112209"/><link rel="stylesheet" type="text/css" href="../../../webhelp/template/topic-body-list.css?buildId=2024112209"/></head>
|
||
|
||
<body id="ce_key_design_intro" class="wh_topic_page frmBody">
|
||
<a href="#wh_topic_body" class="sr-only sr-only-focusable">
|
||
跳转到主要内容
|
||
</a>
|
||
|
||
|
||
|
||
|
||
<header class="navbar navbar-default wh_header">
|
||
<div class="container-fluid">
|
||
<div class="wh_header_flex_container navbar-nav navbar-expand-md navbar-dark">
|
||
<div class="wh_logo_and_publication_title_container">
|
||
<div class="wh_logo_and_publication_title">
|
||
|
||
<a href="http://www.artinchip.com" class=" wh_logo d-none d-sm-block "><img src="../../../company-logo-white.png" alt=" Linux SDK 使用指南 SDK 指南文件 "/></a>
|
||
<div class=" wh_publication_title "><a href="../../../index.html"><span class="booktitle"> <span class="ph mainbooktitle">Linux SDK 使用指南</span> <span class="ph booktitlealt">SDK 指南文件</span> </span></a></div>
|
||
|
||
</div>
|
||
|
||
|
||
</div>
|
||
|
||
<div class="wh_top_menu_and_indexterms_link collapse navbar-collapse" id="wh_top_menu_and_indexterms_link">
|
||
|
||
|
||
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</header>
|
||
|
||
|
||
|
||
|
||
<div class=" wh_search_input navbar-form wh_topic_page_search search " role="form">
|
||
|
||
|
||
|
||
<form id="searchForm" method="get" role="search" action="../../../search.html"><div><input type="search" placeholder="搜索 " class="wh_search_textfield" id="textToSearch" name="searchQuery" aria-label="搜索查询" required="required"/><button type="submit" class="wh_search_button" aria-label="搜索"><span class="search_input_text">搜索</span></button></div></form>
|
||
|
||
|
||
|
||
</div>
|
||
|
||
<div class="container-fluid" id="wh_topic_container">
|
||
<div class="row">
|
||
|
||
<nav class="wh_tools d-print-none navbar-expand-md" aria-label="Tools">
|
||
|
||
<div data-tooltip-position="bottom" class=" wh_breadcrumb "><ol class="d-print-none"><li><span class="home"><a href="../../../index.html"><span>主页</span></a></span></li><li><div class="topicref" data-id="id"><div class="title"><a href="../../../topics/sdk/chapter-advanced-app.html">高级应用</a><div class="wh-tooltip"><p class="shortdesc">系统、存储、多媒体、接口、安全等模块的详细配置和设计说明。</p></div></div></div></li><li><div class="topicref" data-id="chapter-safety"><div class="title"><a href="../../../topics/chapter-title/chapter-safety-sdk.html">安全</a><div class="wh-tooltip"><p class="shortdesc">SPI ENC、CE、eFuse 等安全模块的介绍和使用说明。</p></div></div></div></li><li><div class="topicref" data-id="ce_user_guide"><div class="title"><a href="../../../topics/sdk/ce/ce_user_guide.html">CE 使用指南</a></div></div></li><li><div class="topicref" data-id="ce_design_intro"><div class="title"><a href="../../../topics/sdk/ce/ce-design_intro.html">设计说明</a></div></div></li><li class="active"><div class="topicref" data-id="ce_key_design_intro"><div class="title"><a href="../../../topics/sdk/ce/ce-key_design_intro.html">设计要点</a></div></div></li></ol></div>
|
||
|
||
|
||
|
||
<div class="wh_right_tools">
|
||
<button class="wh_hide_highlight" aria-label="切换搜索突出显示" title="切换搜索突出显示"></button>
|
||
<button class="webhelp_expand_collapse_sections" data-next-state="collapsed" aria-label="折叠截面" title="折叠截面"></button>
|
||
<div class=" wh_navigation_links "><span id="topic_navigation_links" class="navheader">
|
||
|
||
<span class="navprev"><a class="- topic/link link" href="../../../topics/sdk/ce/ce_architecture.html" title="模块架构" aria-label="上一主题: 模块架构" rel="prev"></a></span>
|
||
<span class="navnext"><a class="- topic/link link" href="../../../topics/sdk/ce/ce-key_procedures.html" title="关键流程设计" aria-label="下一主题: 关键流程设计" rel="next"></a></span> </span></div>
|
||
|
||
|
||
|
||
<div class=" wh_print_link print d-none d-md-inline-block "><button onClick="window.print()" title="打印此页" aria-label="打印此页"></button></div>
|
||
|
||
<button type="button" id="wh_toc_button" class="custom-toggler navbar-toggler collapsed wh_toggle_button navbar-light" aria-expanded="false" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc">
|
||
<span class="navbar-toggler-icon"></span>
|
||
</button>
|
||
</div>
|
||
|
||
</nav>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="wh_content_area">
|
||
<div class="row">
|
||
|
||
<nav id="wh_publication_toc" class="col-lg-3 col-md-3 col-sm-12 d-md-block d-none d-print-none" aria-label="Table of Contents Container">
|
||
<div id="wh_publication_toc_content">
|
||
|
||
<div class=" wh_publication_toc " data-tooltip-position="right"><span class="expand-button-action-labels"><span id="button-expand-action" role="button" aria-label="Expand"></span><span id="button-collapse-action" role="button" aria-label="Collapse"></span><span id="button-pending-action" role="button" aria-label="Pending"></span></span><ul role="tree" aria-label="Table of Contents"><li role="treeitem"><div data-tocid="revinfo_linux-d4445e1079" class="topicref" data-id="revinfo_linux" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/revinfo/revinfo_linux.html" id="revinfo_linux-d4445e1079-link">修订记录</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d4445e1096" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d4445e1096-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/env/sdk-compile.html" id="id-d4445e1096-link">SDK 编译</a><div class="wh-tooltip"><p class="shortdesc">介绍不同编译环境下 SDK 的详细编译流程。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="tocId-d4445e1240" class="topicref" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action tocId-d4445e1240-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/advanced/lb_usage_commands.html" id="tocId-d4445e1240-link">使用指南</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="concept_rcx_czh_pzb-d4445e1360" class="topicref" data-id="concept_rcx_czh_pzb" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action concept_rcx_czh_pzb-d4445e1360-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-app.html" id="concept_rcx_czh_pzb-d4445e1360-link">应用场景</a><div class="wh-tooltip"><p class="shortdesc">描述了 SDK 在不同应用场景中的配置和使用,包括系统更新、OTA、安全方案等。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d4445e1678" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d4445e1678-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/peripheral/peripheral-intro.html" id="id-d4445e1678-link">外设移植</a><div class="wh-tooltip"><p class="shortdesc"><span class="ph">触摸屏、显示器、WIFI 模块、按键</span>等外设的介绍和使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="id-d4445e1964" class="topicref" data-id="id" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action id-d4445e1964-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/bringup/chapter-bringup.html" id="id-d4445e1964-link">BringUp</a><div class="wh-tooltip"><p class="shortdesc">在硬件上电后快速初始化系统,为操作系统的启动准备好必要的硬件环境。</p></div></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="id-d4445e2153" class="topicref" data-id="id" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action id-d4445e2153-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/chapter-advanced-app.html" id="id-d4445e2153-link">高级应用</a><div class="wh-tooltip"><p class="shortdesc">系统、存储、多媒体、接口、安全等模块的详细配置和设计说明。</p></div></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem" aria-expanded="false"><div data-tocid="uBoot-d4445e2170" class="topicref" data-id="uBoot" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action uBoot-d4445e2170-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/boot/uboot-module.html" id="uBoot-d4445e2170-link">U-Boot</a><div class="wh-tooltip"><p class="shortdesc">启动支持的基本功能以及运行时的基本硬件环境。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="concept_mtx_tk3_pzb-d4445e3028" class="topicref" data-id="concept_mtx_tk3_pzb" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action concept_mtx_tk3_pzb-d4445e3028-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/linux/chapter_linux.html" id="concept_mtx_tk3_pzb-d4445e3028-link">Linux</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="chapter-system-d4445e3198" class="topicref" data-id="chapter-system" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action chapter-system-d4445e3198-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/chapter-title/chapter-system.html" id="chapter-system-d4445e3198-link">系统</a><div class="wh-tooltip"><p class="shortdesc"></p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="chapter-memory-d4445e4054" class="topicref" data-id="chapter-memory" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action chapter-memory-d4445e4054-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/chapter-title/chapter-memory-sdk.html" id="chapter-memory-d4445e4054-link">存储</a><div class="wh-tooltip"><p class="shortdesc">SDMC、SPI NAND、SPI NOR 等存储模块的介绍和使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="concept_mcc_32s_nbc-d4445e4438" class="topicref" data-id="concept_mcc_32s_nbc" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action concept_mcc_32s_nbc-d4445e4438-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/chapter-title/chapter-multi-media-sdk.html" id="concept_mcc_32s_nbc-d4445e4438-link">多媒体</a><div class="wh-tooltip"><p class="shortdesc">GE、VE、Display、DVP、MPP、MPP 播放器等多媒体模块的介绍和使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="concept_nww_hzh_pzb-d4445e5947" class="topicref" data-id="concept_nww_hzh_pzb" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action concept_nww_hzh_pzb-d4445e5947-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/chapter-title/chapter-interface-sdk.html" id="concept_nww_hzh_pzb-d4445e5947-link">接口</a><div class="wh-tooltip"><p class="shortdesc">CAN、CIR、GPAI、GPIO、I2C、PSADC、PWM 等接口模块的介绍和使用说明。</p></div></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="chapter-safety-d4445e7944" class="topicref" data-id="chapter-safety" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action chapter-safety-d4445e7944-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/chapter-title/chapter-safety-sdk.html" id="chapter-safety-d4445e7944-link">安全</a><div class="wh-tooltip"><p class="shortdesc">SPI ENC、CE、eFuse 等安全模块的介绍和使用说明。</p></div></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem" aria-expanded="true"><div data-tocid="ce_user_guide-d4445e7961" class="topicref" data-id="ce_user_guide" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action ce_user_guide-d4445e7961-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_user_guide.html" id="ce_user_guide-d4445e7961-link">CE 使用指南</a></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="ce_configuration-d4445e7975" class="topicref" data-id="ce_configuration" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_config.html" id="ce_configuration-d4445e7975-link">CE 配置</a></div></div></li><li role="treeitem"><div data-tocid="ce_debug_guide-d4445e7989" class="topicref" data-id="ce_debug_guide" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_debug.html" id="ce_debug_guide-d4445e7989-link">调试指南</a></div></div></li><li role="treeitem"><div data-tocid="ce_test_guide-d4445e8003" class="topicref" data-id="ce_test_guide" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_test.html" id="ce_test_guide-d4445e8003-link">测试指南</a></div></div></li><li role="treeitem" aria-expanded="true"><div data-tocid="ce_design_intro-d4445e8017" class="topicref" data-id="ce_design_intro" data-state="expanded"><span role="button" tabindex="0" aria-labelledby="button-collapse-action ce_design_intro-d4445e8017-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce-design_intro.html" id="ce_design_intro-d4445e8017-link">设计说明</a></div></div><ul role="group" class="navbar-nav nav-list"><li role="treeitem"><div data-tocid="ce_architecture-d4445e8031" class="topicref" data-id="ce_architecture" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_architecture.html" id="ce_architecture-d4445e8031-link">模块架构</a></div></div></li><li role="treeitem" class="active"><div data-tocid="ce_key_design_intro-d4445e8045" class="topicref" data-id="ce_key_design_intro" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce-key_design_intro.html" id="ce_key_design_intro-d4445e8045-link">设计要点</a></div></div></li><li role="treeitem"><div data-tocid="ce_key_procedures-d4445e8059" class="topicref" data-id="ce_key_procedures" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce-key_procedures.html" id="ce_key_procedures-d4445e8059-link">关键流程设计</a></div></div></li><li role="treeitem"><div data-tocid="ce_data_structure_design-d4445e8073" class="topicref" data-id="ce_data_structure_design" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce_data_struct.html" id="ce_data_structure_design-d4445e8073-link">数据结构设计</a></div></div></li><li role="treeitem"><div data-tocid="ce_interface_design-d4445e8087" class="topicref" data-id="ce_interface_design" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce-interface_design.html" id="ce_interface_design-d4445e8087-link">接口设计</a></div></div></li><li role="treeitem"><div data-tocid="ce_demo-d4445e8101" class="topicref" data-id="ce_demo" data-state="leaf"><span role="button" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/ce/ce-demo.html" id="ce_demo-d4445e8101-link">应用编程</a></div></div></li></ul></li></ul></li><li role="treeitem" aria-expanded="false"><div data-tocid="efuse_user_guide-d4445e8115" class="topicref" data-id="efuse_user_guide" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action efuse_user_guide-d4445e8115-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/efuse/efuse_user_guide.html" id="efuse_user_guide-d4445e8115-link">eFuse 使用指南</a></div></div></li><li role="treeitem" aria-expanded="false"><div data-tocid="spi_enc_user_guide-d4445e8185" class="topicref" data-id="spi_enc_user_guide" data-state="not-ready"><span role="button" tabindex="0" aria-labelledby="button-expand-action spi_enc_user_guide-d4445e8185-link" class="wh-expand-btn"></span><div class="title"><a href="../../../topics/sdk/spienc/spi-enc-user-guide.html" id="spi_enc_user_guide-d4445e8185-link">SPI ENC</a></div></div></li></ul></li></ul></li></ul></div>
|
||
|
||
</div>
|
||
</nav>
|
||
|
||
|
||
<div class="col-lg-7 col-md-9 col-sm-12" id="wh_topic_body">
|
||
<button id="wh_close_publication_toc_button" class="close-toc-button d-none" aria-label="Toggle publishing table of content" aria-controls="wh_publication_toc" aria-expanded="true">
|
||
<span class="close-toc-icon-container">
|
||
<span class="close-toc-icon"></span>
|
||
</span>
|
||
</button>
|
||
<button id="wh_close_topic_toc_button" class="close-toc-button d-none" aria-label="Toggle topic table of content" aria-controls="wh_topic_toc" aria-expanded="true">
|
||
<span class="close-toc-icon-container">
|
||
<span class="close-toc-icon"></span>
|
||
</span>
|
||
</button>
|
||
|
||
<div class=" wh_topic_content body "><main role="main"><article class="- topic/topic concept/concept topic concept" role="article" aria-labelledby="ariaid-title1">
|
||
<span class="edit-link" style="font-size:12px; opacity:0.6; text-align:right; vertical-align:middle"><a target="_blank" title="Edit this document" href="http://172.16.35.88/tasks/jdssno1uvvbf2mltu9kb9v3if05d5gopuakboe8hlud18rma/edit/F:/aicdita/aicdita-cn/topics/sdk/ce/ce-key_design_intro.dita">Edit online</a></span><h1 class="- topic/title title topictitle1" id="ariaid-title1">设计要点</h1>
|
||
|
||
<div class="date inPage">15 Jan 2024</div><div style="color: gray;">
|
||
Read time: 4 minute(s)
|
||
</div>
|
||
<div class="- topic/body concept/conbody body conbody">
|
||
<section class="- topic/section section" id="ce_key_design_intro__section_cmg_n1y_21c" data-ofbid="ce_key_design_intro__section_cmg_n1y_21c"><h2 class="- topic/title title sectiontitle">算法的分类注册</h2>
|
||
|
||
<p class="- topic/p p" data-ofbid="d182458e38__20250123155219">CE 硬件实现了多组不同类型的加密算法加速单元,分别对应内核加密子系统中的几种类型加密算法。在驱动实现时,根据不同的算法类型,将 CE
|
||
硬件抽象出三个不同的算法加速器:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_emg_n1y_21c" data-ofbid="ce_key_design_intro__ol_emg_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e43__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e45__20250123155219">对称密钥算法加速器</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e49__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e51__20250123155219">非对称密钥算法加速器</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e55__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e57__20250123155219">消息摘要算法加速器</p>
|
||
</li>
|
||
</ol>
|
||
<p class="- topic/p p" data-ofbid="d182458e62__20250123155219">驱动按照不同的算法加速器进行资源分配和实现,每个算法加速器支持多种不同的具体算法,并且将具体算法注册到加密子系统。</p>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_qsj_41y_21c" data-ofbid="ce_key_design_intro__fig_qsj_41y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_fmg_n1y_21c" src="../../../images/ce/ce_alg_and_accel.png" alt="ce_alg_and_accel"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 1</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">CE 算法分类</span></figcaption></figure>
|
||
<div class="- topic/p p" data-ofbid="d182458e78__20250123155219">驱动为 每一个 CE 算法实现一个实例,然后注册到内核加密子系统。 内核加密子系统使用链表的方式管理所有注册的算法,后续的使用者通过两个名字(
|
||
<span class="+ topic/keyword pr-d/parmname keyword parmname">cra_name</span>, <span class="+ topic/keyword pr-d/parmname keyword parmname">cra_driver_name</span> )可以查找到对应的算法。
|
||
例如:<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="ce_key_design_intro__codeblock_igr_p1y_21c" data-ofbid="ce_key_design_intro__codeblock_igr_p1y_21c"><code><strong class="hl-keyword">struct</strong> skcipher_alg alg = {
|
||
.base.cra_name = <span class="hl-string">"ecb(aes)"</span>,
|
||
.base.cra_driver_name = <span class="hl-string">"ecb-aes-aic"</span>,
|
||
.base.cra_priority = <span class="hl-number">400</span>,
|
||
.base.cra_flags = CRYPTO_ALG_ASYNC | CRYPTO_ALG_ALLOCATES_MEMORY,
|
||
.base.cra_blocksize = AES_BLOCK_SIZE,
|
||
.base.cra_ctxsize = <strong class="hl-keyword">sizeof</strong>(<strong class="hl-keyword">struct</strong> aic_skcipher_tfm_ctx),
|
||
.base.cra_alignmask = <span class="hl-number">0</span>,
|
||
.base.cra_module = THIS_MODULE,
|
||
.init = aic_skcipher_alg_init,
|
||
.exit = aic_skcipher_alg_exit,
|
||
.setkey = aic_skcipher_alg_setkey,
|
||
.decrypt = aic_skcipher_aes_ecb_decrypt,
|
||
.encrypt = aic_skcipher_aes_ecb_encrypt,
|
||
.min_keysize = AES_MIN_KEY_SIZE,
|
||
.max_keysize = AES_MAX_KEY_SIZE,
|
||
.ivsize = <span class="hl-number">0</span>,
|
||
};</code></pre></div>
|
||
<p class="- topic/p p" data-ofbid="d182458e89__20250123155219">各驱动和算法实现模块,通过下列接口向加密子系统注册算法。</p>
|
||
<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="ce_key_design_intro__codeblock_bwg_q1y_21c" data-ofbid="ce_key_design_intro__codeblock_bwg_q1y_21c"><code><strong class="hl-keyword">int</strong> crypto_register_skcipher(<strong class="hl-keyword">struct</strong> skcipher_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_skcipher(<strong class="hl-keyword">struct</strong> skcipher_alg *alg);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_register_akcipher(<strong class="hl-keyword">struct</strong> akcipher_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_akcipher(<strong class="hl-keyword">struct</strong> akcipher_alg *alg);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_register_ahash(<strong class="hl-keyword">struct</strong> ahash_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_ahash(<strong class="hl-keyword">struct</strong> ahash_alg *alg);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_register_aead(<strong class="hl-keyword">struct</strong> aead_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_aead(<strong class="hl-keyword">struct</strong> aead_alg *alg);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_register_kpp(<strong class="hl-keyword">struct</strong> kpp_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_kpp(<strong class="hl-keyword">struct</strong> kpp_alg *alg);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_register_rng(<strong class="hl-keyword">struct</strong> rng_alg *alg);
|
||
<strong class="hl-keyword">void</strong> crypto_unregister_rng(<strong class="hl-keyword">struct</strong> rng_alg *alg);</code></pre>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_evv_q1y_21c" data-ofbid="ce_key_design_intro__fig_evv_q1y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_img_n1y_21c" src="../../../images/ce/ce_subsystem_alg_list.png" alt="ce_subsystem_alg_list"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 2</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">加密子系统的算法列表</span></figcaption></figure>
|
||
<div class="- topic/p p" data-ofbid="d182458e107__20250123155219">使用时,使用者需要使用对应的
|
||
API,创建对应算法的数据处理实例,然后使用对应类型算法的接口,进行数据的处理。如对称密钥算法使用下列的接口。<pre class="+ topic/pre pr-d/codeblock pre codeblock language-c" id="ce_key_design_intro__codeblock_sdm_r1y_21c" data-ofbid="ce_key_design_intro__codeblock_sdm_r1y_21c"><code><strong class="hl-keyword">struct</strong> crypto_skcipher *
|
||
crypto_alloc_skcipher(<strong class="hl-keyword">const</strong> <strong class="hl-keyword">char</strong> *alg_name, u32 type, u32 mask);
|
||
|
||
<strong class="hl-keyword">struct</strong> skcipher_request *
|
||
skcipher_request_alloc(<strong class="hl-keyword">struct</strong> crypto_skcipher *tfm, gfp_t gfp);
|
||
|
||
<strong class="hl-keyword">int</strong> crypto_skcipher_encrypt(<strong class="hl-keyword">struct</strong> skcipher_request *req);
|
||
<strong class="hl-keyword">int</strong> crypto_skcipher_decrypt(<strong class="hl-keyword">struct</strong> skcipher_request *req);</code></pre></div>
|
||
<div class="- topic/note note note note_note" id="ce_key_design_intro__note_srw_r1y_21c" data-ofbid="ce_key_design_intro__note_srw_r1y_21c"><span class="note__title">注:</span> <div class="note__body">
|
||
<p class="- topic/p p" data-ofbid="d182458e114__20250123155219">可以留意,以对对称密钥算法为例,向加密子系统注册算法实例时,使用的结构体为 <span class="+ topic/keyword pr-d/parmname keyword parmname">struct skciper_alg</span>, 用户 API
|
||
使用时,使用的结构体为 <span class="+ topic/keyword pr-d/parmname keyword parmname">struct crypto_skcipher</span> 。这里的区别是,前者是对内,
|
||
是具体算法的实现。后者是对外,代表一个对称密钥算法。</p>
|
||
</div></div>
|
||
</section>
|
||
<section class="- topic/section section" id="ce_key_design_intro__section_kmg_n1y_21c" data-ofbid="ce_key_design_intro__section_kmg_n1y_21c"><h2 class="- topic/title title sectiontitle">异步调用和处理</h2>
|
||
|
||
<p class="- topic/p p" data-ofbid="d182458e130__20250123155219">为了支持更广泛的应用场景,CE 的算法驱动需要实现异步调用,即每一个请求调用,都会立刻返回, 然后通过注册的回调函数来获取请求处理完成的通知。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e133__20250123155219">要实现异步调用需要为每一个加速器实现对应的任务队列,以及相应的执行线程。内核加密子系统提供的公共模块 <code class="+ topic/ph pr-d/codeph ph codeph">crypto_engine</code>
|
||
已经实现了对应的功能,只需为每个加速器创建 <code class="+ topic/ph pr-d/codeph ph codeph">crypto_engine</code> 即可。</p>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_tkp_s1y_21c" data-ofbid="ce_key_design_intro__fig_tkp_s1y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_lmg_n1y_21c" src="../../../images/ce/ce_async_call.png" alt="ce_async_call"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 3</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">Crypto Engine 的异步工作流程</span></figcaption></figure>
|
||
<p class="- topic/p p" data-ofbid="d182458e154__20250123155219">如上图所示,当算法驱动接收到一个数据处理请求时,只需做一些基本的标记工作,然后将该请求转发给对应的 <code class="+ topic/ph pr-d/codeph ph codeph">crypto_engine</code>
|
||
进行管理。<code class="+ topic/ph pr-d/codeph ph codeph">crypto_engine</code> 包含一个任务队列,以及一个工作线程。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e164__20250123155219">工作线程总是检查当前队列是否有待处理的任务,如果有任务需要处理,则对当前任务按顺序调用对应的回调函数:</p>
|
||
<div class="table-container"><table class="- topic/table table frame-all" id="ce_key_design_intro__table_mmg_n1y_21c" data-ofbid="ce_key_design_intro__table_mmg_n1y_21c" data-cols="2"><caption></caption><colgroup><col style="width:50%"/><col style="width:50%"/></colgroup><thead class="- topic/thead thead">
|
||
<tr class="- topic/row">
|
||
<th class="- topic/entry entry colsep-1 rowsep-1" id="ce_key_design_intro__table_mmg_n1y_21c__entry__1">回调函数</th>
|
||
<th class="- topic/entry entry colsep-0 rowsep-1" id="ce_key_design_intro__table_mmg_n1y_21c__entry__2">说明</th>
|
||
</tr>
|
||
</thead><tbody class="- topic/tbody tbody">
|
||
<tr class="- topic/row">
|
||
<td class="- topic/entry entry colsep-1 rowsep-1" headers="ce_key_design_intro__table_mmg_n1y_21c__entry__1">prepare(…)</td>
|
||
<td class="- topic/entry entry colsep-0 rowsep-1" headers="ce_key_design_intro__table_mmg_n1y_21c__entry__2">准备硬件以及对将要送给硬件的数据进行预处理</td>
|
||
</tr>
|
||
<tr class="- topic/row">
|
||
<td class="- topic/entry entry colsep-1 rowsep-0" headers="ce_key_design_intro__table_mmg_n1y_21c__entry__1">do_one_request(…)</td>
|
||
<td class="- topic/entry entry colsep-0 rowsep-0" headers="ce_key_design_intro__table_mmg_n1y_21c__entry__2">启动硬件,处理数据</td>
|
||
</tr>
|
||
</tbody></table></div>
|
||
<p class="- topic/p p" data-ofbid="d182458e210__20250123155219">硬件完成处理之后,在对一个的 IRQ 处理线程中处理输出数据,并且调用该请求的回调函数,以及释放本次数据处理请求所申请的资源。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e213__20250123155219">CE 的每一个算法处理单元对应一个 <code class="+ topic/ph pr-d/codeph ph codeph">crypto_engine</code>, 即有:skcipher engine,akcipher
|
||
engine,hash engine</p>
|
||
</section>
|
||
<section class="- topic/section section" id="ce_key_design_intro__section_nmg_n1y_21c" data-ofbid="ce_key_design_intro__section_nmg_n1y_21c"><h2 class="- topic/title title sectiontitle">eFuse 密钥和安全 SRAM</h2>
|
||
|
||
<p class="- topic/p p" data-ofbid="d182458e225__20250123155219">安全 SRAM 是 CE 中的一块专用 SRAM,该 SRAM 与其他模块安全隔离,仅 CE 可以访问, 因此用其保存的密钥和数据可以保证不被其他模块窃取。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e228__20250123155219">安全 SRAM 的设计目的是要解决密钥的本地存储的安全问题。在一些数据加密的应用场景中,用户生成了一个密钥,
|
||
并且使用该密钥对数据进行加密。本地存储了加密后的数据,但是密钥要如何保存才安全又成了新的问题。 如果明文保存在本地,则很容易被窃取。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e231__20250123155219">使用安全 SRAM 如何解决密钥的本地存储的安全问题?具体做法是:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_pmg_n1y_21c" data-ofbid="ce_key_design_intro__ol_pmg_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e236__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e238__20250123155219">本地不保存明文密钥,只保存经过 eFuse 密钥加密后的密钥数据(eFuse 密钥 CPU 不可读,仅 CE 可读)</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e242__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e244__20250123155219">需要使用密钥时,首先将加密后的密钥数据,解密到安全 SRAM,CE 再从安全 SRAM 读取密钥明文</p>
|
||
</li>
|
||
</ol>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_kfb_51y_21c" data-ofbid="ce_key_design_intro__fig_kfb_51y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_qmg_n1y_21c" src="../../../images/ce/secure_sram_1.png" alt="secure_sram_1"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 4</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">安全密钥的生成</span></figcaption></figure>
|
||
<p class="- topic/p p" data-ofbid="d182458e262__20250123155219">在需要使用安全 SRAM 进行加解密处理时,需要完成下列操作:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_smg_n1y_21c" data-ofbid="ce_key_design_intro__ol_smg_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e267__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e269__20250123155219">用户指定一种对称密钥算法,指定 eFuse 密钥,对加密后的密钥数据进行解密</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e273__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e275__20250123155219">用户指定解密后的明文密钥输出的安全 SRAM 位置</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e279__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e281__20250123155219">配置 CE 使用特定安全 SRAM 中的明文密钥,对数据进行加解密处理</p>
|
||
</li>
|
||
</ol>
|
||
<p class="- topic/p p" data-ofbid="d182458e286__20250123155219">问题:</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e289__20250123155219">该流程是 AIC CE 特有,用户提供了更多的输入信息,中间多了密钥的解密、安全 SRAM 的管理等。
|
||
该处理流程如何融入到内核加密子系统的算法处理流程成为了问题。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e292__20250123155219">为了很好的对接内核加密子系统,并且方便用户使用,CE 驱动采取的方案是:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_vmg_n1y_21c" data-ofbid="ce_key_design_intro__ol_vmg_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e298__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e300__20250123155219">将安全 SRAM 的使用场景具体化,限制到具体的应用需求</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e304__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e306__20250123155219">将使用安全 SRAM 的算法抽象为一种特殊的算法,注册到内核加密子系统中</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e310__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e312__20250123155219">算法的处理过程中首先进行一个密钥的解密,然后再进行数据的处理</p>
|
||
</li>
|
||
</ol>
|
||
<p class="- topic/p p" data-ofbid="d182458e317__20250123155219">具体实现是为每一个场景实现一个对应的特殊算法,如为需要使用 eFuse HUK 进行密钥解密的 AES ECB 算法,实现一个名为
|
||
<span class="+ topic/keyword pr-d/apiname keyword apiname">huk-protected(ecb(aes))</span> 的算法,并且注册到内核加密子系统中。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e323__20250123155219">当用户指定使用该算法时:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_xmg_n1y_21c" data-ofbid="ce_key_design_intro__ol_xmg_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e328__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e330__20250123155219">对应的驱动总是先申请一块安全 SRAM 空间</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e334__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e336__20250123155219">使用 eFuse HUK 对用户所提供的密钥数据进行解密,并输出到安全 SRAM 空间</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e340__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e342__20250123155219">然后指定 CE 使用安全 SRAM 中生成的明文密钥,对数据进行处理</p>
|
||
</li>
|
||
</ol>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_a1m_v1y_21c" data-ofbid="ce_key_design_intro__fig_a1m_v1y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_ymg_n1y_21c" src="../../../images/ce/secure_sram_2.png" alt="secure_sram_2"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 5</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">算法使用安全 SRAM 的示意图</span></figcaption></figure>
|
||
<p class="- topic/p p" data-ofbid="d182458e359__20250123155219">通过这种方式,既可以让用户选择符合条件的处理算法,又避免了用户参与处理 eFuse 密钥等额外流程,
|
||
还与当前内核加密子系统中其他算法的使用流程保持一致,用户只要指定正确的名字即可使用这些特殊算法。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e363__20250123155219">当前 CE 驱动为下列几个应用场景定义了特殊算法。</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_ang_n1y_21c" data-ofbid="ce_key_design_intro__ol_ang_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e368__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e370__20250123155219">数据安全保护:将数据与设备型号加密绑定</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e373__20250123155219">eFuse SSK 密钥,一型一密(厂商定义,一个型号共用相同密码),通过
|
||
<code class="+ topic/ph pr-d/codeph ph codeph">ssk-protected(ecb(aes))</code> 和
|
||
<code class="+ topic/ph pr-d/codeph ph codeph">ssk-protected(cbc(aes))</code>
|
||
算法加密的数据,结合本地密钥可在相同型号的机器上进行解密。</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e383__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e385__20250123155219">数据安全保护:将数据与具体设备加密绑定</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e388__20250123155219">eFuse HUK 密钥,一机一密(芯片出厂时随机生成,每台唯一),通过 <code class="+ topic/ph pr-d/codeph ph codeph">huk-proteced(ecb(aes))</code>
|
||
和 <code class="+ topic/ph pr-d/codeph ph codeph">huk-proteced(cbc(aes))</code> 算法加密的数据,只能在当前设备可以解密。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e397__20250123155219"><code class="+ topic/ph pr-d/codeph ph codeph">huk-proteced(cts(aes))</code> 和
|
||
<code class="+ topic/ph pr-d/codeph ph codeph">huk-proteced(xts(aes))</code> 可用于当前设备的文件系统加密,
|
||
保证加密后的文件系统只有当前设备可以解密使用。</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e406__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e408__20250123155219">设备身份安全认证</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e411__20250123155219">RSA 算法可以用于设备身份认证,前提是设备可以安全的保存其特有的私钥。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e414__20250123155219">AIC 的方案中可以使用 eFuse 密钥 PNK、PSK 对私钥进行加密保存在设备本地,然后使用
|
||
<code class="+ topic/ph pr-d/codeph ph codeph">pnk-proteced(rsa)</code> 算法,或者
|
||
<code class="+ topic/ph pr-d/codeph ph codeph">pskx-proteced(rsa)</code> 算法,将对应的私钥解密到安全 SRAM 中使用。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e423__20250123155219">PNK、PSK 是仅 CE 可访问的安全 eFuse 空间,可根据实际情况,分配给不同的厂商/用户使用。
|
||
当用户需要对设备进行身份认证时,可使用这些算法。</p>
|
||
</li>
|
||
</ol>
|
||
<figure class="- topic/fig fig fignone" id="ce_key_design_intro__fig_tth_w1y_21c" data-ofbid="ce_key_design_intro__fig_tth_w1y_21c">
|
||
|
||
<br/><div class="imagecenter"><img class="- topic/image image imagecenter" id="ce_key_design_intro__image_bng_n1y_21c" src="../../../images/ce/secure_sram_3.png" alt="secure_sram_3"/></div><br/>
|
||
<figcaption data-caption-side="bottom" class="- topic/title title figcapcenter"><span class="figtitleprefix fig--title-label">图<span class="fig--title-label-number"> 6</span><span class="fig--title-label-punctuation">. </span></span><span class="fig--title">使用安全 SRAM 的特殊算法</span></figcaption></figure>
|
||
</section>
|
||
<section class="- topic/section section" id="ce_key_design_intro__section_cng_n1y_21c" data-ofbid="ce_key_design_intro__section_cng_n1y_21c"><h2 class="- topic/title title sectiontitle">Fallback 机制</h2>
|
||
|
||
<p class="- topic/p p" data-ofbid="d182458e446__20250123155219">当用户使用指定的 CE 算法时,遇到一些 CE 无法支持的边角情况,此时需要通过 Fallback 机制, 使用软件实现的算法完成用户指定的数据处理任务。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e449__20250123155219">目前可能需要使用 Fallback 机制的是 RSA 算法。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e452__20250123155219">RSA 算法共有 5 种密钥长度,但是目前 CE 仅支持三种(512、1024、2048),当用户需要使用 3072, 4096 比特的密钥时,需要使用 Fallback
|
||
机制,使用软件计算。</p>
|
||
</section>
|
||
<section class="- topic/section section" id="ce_key_design_intro__section_dng_n1y_21c" data-ofbid="ce_key_design_intro__section_dng_n1y_21c"><h2 class="- topic/title title sectiontitle">内核补丁</h2>
|
||
|
||
<p class="- topic/p p" data-ofbid="d182458e461__20250123155219">如前面所述,内核加密子系统通过 AF_ALG Socket 接口向用户空间程序提供了部分算法服务,包括下面四中类型的算法:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_fng_n1y_21c" data-ofbid="ce_key_design_intro__ol_fng_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e466__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e468__20250123155219">SKCIPHER 对称密钥类算法,如 AES、DES 等算法</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e472__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e474__20250123155219">AEAD 关联数据的认证加密类算法,如 GCM-AES, CCM-AES 等算法</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e478__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e480__20250123155219">HASH 消息摘要类算法,如 MD5,SHA-256 等算法</p>
|
||
</li>
|
||
<li class="- topic/li li" data-ofbid="d182458e484__20250123155219">
|
||
<p class="- topic/p p" data-ofbid="d182458e486__20250123155219">RNG 随机数类算法</p>
|
||
</li>
|
||
</ol>
|
||
<p class="- topic/p p" data-ofbid="d182458e491__20250123155219">默认情况下,非对称密钥算法,如 RSA、ECC
|
||
等算法内核并没有提供接口给用户空间程序使用。这里有部分原因是这类算法运算量大,在应用中不会用来直接对数据进行处理,仅用于对小量的关键数据进行加解密,因此直接使用用户空间的算法库效率更高,避免了系统调用等的额外开销。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e494__20250123155219">但是提供非对称密钥算法的接口在一些情况下是有意义的,比如平台支持非对称密钥算法的硬件加速,并且运算速度明显比 CPU
|
||
计算更快。或者硬件提供基于非对称密钥算法的额外安全功能,比如 AIC 的 CE 可以提供基于 RSA 算法的硬件设备身份安全认证功能,用户空间程序需要有接口可以使用
|
||
CE 的 RSA 算法加速器。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e498__20250123155219">虽然主线的内核并没有提供非对称密钥算法的 AF_ALG 接口,但是社区中有相关接口的补丁。Libkcapi 是一个对内核加密子系统 AF_ALG
|
||
接口进行封装的开源库,该库将 AF_ALG 接口封装成用户空间更容易使用的 API 接口,并且为若干内核版本提供了非对称密钥的 AF_ALG
|
||
接口补丁,通过使用这些补丁,用户空间程序可以使用内核中的非对称密钥算法。</p>
|
||
<p class="- topic/p p" data-ofbid="d182458e501__20250123155219">相关的信息链接:</p>
|
||
<ol class="- topic/ol ol" id="ce_key_design_intro__ol_hng_n1y_21c" data-ofbid="ce_key_design_intro__ol_hng_n1y_21c">
|
||
<li class="- topic/li li" data-ofbid="d182458e506__20250123155219"><a class="- topic/xref xref" href="https://www.chronox.de/libkcapi.html" target="_blank" rel="external noopener">https://www.chronox.de/libkcapi.html</a></li>
|
||
<li class="- topic/li li" data-ofbid="d182458e509__20250123155219"><a class="- topic/xref xref" href="https://github.com/smuellerDD/libkcapi" target="_blank" rel="external noopener">https://github.com/smuellerDD/libkcapi</a></li>
|
||
</ol>
|
||
</section>
|
||
</div>
|
||
</article></main></div>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
</div>
|
||
|
||
<nav role="navigation" id="wh_topic_toc" aria-label="On this page" class="col-lg-2 d-none d-lg-block navbar d-print-none">
|
||
<div id="wh_topic_toc_content">
|
||
|
||
<div class=" wh_topic_toc "><div class="wh_topic_label">在本页上</div><ul><li class="section-item"><div class="section-title"><a href="#ce_key_design_intro__section_cmg_n1y_21c" data-tocid="ce_key_design_intro__section_cmg_n1y_21c">算法的分类注册</a></div></li><li class="section-item"><div class="section-title"><a href="#ce_key_design_intro__section_kmg_n1y_21c" data-tocid="ce_key_design_intro__section_kmg_n1y_21c">异步调用和处理</a></div></li><li class="section-item"><div class="section-title"><a href="#ce_key_design_intro__section_nmg_n1y_21c" data-tocid="ce_key_design_intro__section_nmg_n1y_21c">eFuse 密钥和安全 SRAM</a></div></li><li class="section-item"><div class="section-title"><a href="#ce_key_design_intro__section_cng_n1y_21c" data-tocid="ce_key_design_intro__section_cng_n1y_21c">Fallback 机制</a></div></li><li class="section-item"><div class="section-title"><a href="#ce_key_design_intro__section_dng_n1y_21c" data-tocid="ce_key_design_intro__section_dng_n1y_21c">内核补丁</a></div></li></ul></div>
|
||
|
||
</div>
|
||
</nav>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
|
||
|
||
</div>
|
||
<footer class="navbar navbar-default wh_footer">
|
||
<div class=" footer-container mx-auto ">
|
||
<title>footer def</title>
|
||
<style><!--
|
||
|
||
.p1 {
|
||
font-family: FangZhengShuSong, Times, serif;
|
||
}
|
||
.p2 {
|
||
font-family: Arial, Helvetica, sans-serif;
|
||
}
|
||
.p3 {
|
||
font-family: "Lucida Console", "Courier New", monospace;
|
||
}
|
||
|
||
--></style>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<div class="webhelp.fragment.footer">
|
||
<p class="p1">Copyright © 2019-2024 广东匠芯创科技有限公司. All rights reserved.</p>
|
||
</div><div>
|
||
<div class="generation_time">
|
||
Update Time: 2025-01-23
|
||
</div>
|
||
</div>
|
||
</div>
|
||
</footer>
|
||
|
||
<button id="go2top" class="d-print-none" title="返回顶部">
|
||
<span class="oxy-icon oxy-icon-up"></span>
|
||
</button>
|
||
|
||
<div id="modal_img_large" class="modal">
|
||
<span class="close oxy-icon oxy-icon-remove"></span>
|
||
<div id="modal_img_container"></div>
|
||
<div id="caption"></div>
|
||
</div>
|
||
|
||
|
||
<script src="${pd}/publishing/publishing-styles-AIC-template/js/custom.js" defer="defer"></script>
|
||
|
||
|
||
</body>
|
||
</html> |