1. Field of the Invention
The present invention relates to an information processing apparatus which adopts an AES (Advanced Encryption Standard) algorithm for both encryption/decryption processing and message authentication processing.
2. Description of the Related Art
These days, large-capacity communication via the Internet is prevalent. Along with this trend, to ensure communication security, digital data is encrypted by a predetermined algorithm, and at the same time undergoes message authentication processing by a predetermined algorithm so as to detect tampering in the process of communication. IPSEC (IP Security) as one protocol to attain secure communication has recently adopted AES-based AES-XCBC-MAC-96 as a message authentication algorithm. AES-XCBC-MAC-96 is characterized by high processing speed and high security.
A hash function called MD5 or SHA-1 has been conventionally used to generate a MAC (Message Authentication Code) value for message authentication. MD5 and SHA-1 process input data for each 64-byte block. However, these hash functions cannot achieve high-speed processing because they use a block length as long as 64 bytes. In addition, security vulnerability attributed to the use of a MAC value of 160 bits has begun to be pointed out.
A case in which parallel IPSEC protocol processing is necessary for a plurality of messages will be considered herein. In this case, it is a common practice to use only one resource for each of encryption/decryption processing and message authentication processing in IPSEC, therefore efficient parallel processing is naturally difficult. That is, to process one message, temporarily suspend its processing, process the other message, and resume processing of the first message, software control for suspending and resuming encryption/decryption processing and message authentication processing is necessary in that case.
Under the circumstance, Japanese Patent Laid-Open No. 2005-148894 (patent reference 1), for example, discloses a technique of, when the ranges of encryption/decryption processing and message authentication processing are different from each other, performing parallel processing upon transferring the identical data at once.
Unfortunately, to process a plurality of messages in parallel, the technique described in patent reference 1 mentioned above requires switching between the input data and output data to and from an encryption/decryption processing unit and a message authentication processing unit under software control, and suspending and resuming processing of each message. This poses a problem of large processing overheads inevitably imposed on these processing units by software control.
Also, when a combination of, for example, AES-CBC as an encryption/decryption algorithm which uses a block length of 16 bytes and SHA-1 as a message authentication processing algorithm which uses a block length of 64 bytes in IPSEC is employed, the following problem is posed. That is, one processing unit needs to transfer data to the other processing unit at the timing for processing (message authentication processing in this case) having a relatively large minimum unit of processing. This is because encryption/decryption processing and message authentication processing have dependencies between them in IPSEC; the latter processing follows the former processing. In view of this, even if encryption/decryption processing and message authentication processing are simply performed in parallel via a pipeline, their parallel operation has limited speedup as compared with a case in which the same unit of processing is used.