1. Field of the Invention
The present invention relates to a data encryption apparatus, a data decryption apparatus, a data encryption method, a data decryption method, and a data transfer controlling apparatus that encrypt and decrypt data transferred between a first apparatus and a second apparatus. The present invention particularly relates to a data encryption apparatus, a data decryption apparatus, a data encryption method, a data decryption method, and a data transfer controlling apparatus that are capable of encrypting and decrypting data for each channel by identifying a channel used to transfer the data, even when a data size as a unit for data transfer differs from a data size as a unit for crypto processing.
2. Description of the Related Art
Conventionally, in magnetic disk devices, optical disk devices, and other memory devices, data is encrypted when recorded in storage media (such as magnetic disks and optical disks) or when transmitted to and received from a host apparatus of a network system such as a host computer, for the purpose of preventing information leakage due to theft and unauthorized access. Conventional technologies have been disclosed in, for example, Japanese Patent Applications Laid-Open No. 2005-322201 and No. 2006-39000.
In a computer network system, a typical RAID system (redundant array of inexpensive disks) is well known. The RAID system includes, for example, a disk apparatus of a plurality of disks as storage media, a high-level apparatus that requests to read and write data from and to the disk apparatus, and a RAID controller that controls data input and output to and from the disk apparatus based on the request from the high-level apparatus.
FIGS. 17A and 17B are schematics showing an example of a conventional RAID system. As shown in the schematics, the RAID system includes a RAID controller 10, a host apparatus 20 serving as the high-level apparatus, and a disk apparatus 30. The RAID controller 10 is connected in between the host apparatus 20 and the disk apparatus 30.
The RAID controller 10 includes a host interface controller 11, a main memory 12, a memory controller 13, a central processing unit (CPU) 14, and a disk interface controller 16, as shown in FIGS. 17A and 17B.
The function units will now be briefly described. The host interface controller 11 controls data transfer to and from the host apparatus 20. The main memory 12 includes a cache area used as a cache.
The memory controller 13 controls reading and writing data from and to the main memory 12. The CPU 14 is a central processing unit that implements firmware that controls the entire RAID controller 10. The disk interface controller 16 controls data transfer to and from the disk apparatus 30.
Referring to FIGS. 17A and 17B, an operation performed by the RAID controller 10 is briefly described. The following describes an operation performed when a write request is received from the host apparatus 20 (hereinafter, “write operation”), and an operation performed when a read request is received from the host apparatus 20 (hereinafter, “read operation”).
In write operation, as shown in FIG. 17A, when a write request is sent from the host apparatus 20 (reference number (1) in FIG. 17A), the host interface controller 11 receives data sent together with the write request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12 (reference number (2) in FIG. 17A). The disk interface controller 16 reads out the data from the cache area via the memory controller 13 (reference number (3) in FIG. 17A), and transfers it to the disk apparatus 30 (reference number (4) in FIG. 17A).
In read operation, on the other hand, as shown in FIG. 17B, when a read request is sent from the host apparatus 20 (reference number (1) in FIG. 17B), the disk interface controller 16 reads out from the disk apparatus 30 data requested in the read request (reference number (2) in FIG. 17B), and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12 (reference number (3) in FIG. 17B). Then, the host interface controller 11 reads out the data from the cache area via the memory controller 13 (reference number (4) in FIG. 17B), and transfers it to the host apparatus 20 (reference number (5) in FIG. 17B).
In such a RAID system, crypto processing (encryption and decryption) is performed on data to be stored in the disk apparatus 30 by the RAID controller 10 in general.
The crypto processing is possibly performed on data transferred between the host apparatus 20 and the main memory 12 and data transferred between the main memory 12 and the disk apparatus 30.
As to the data transferred between the host apparatus 20 and the main memory 12, data to be stored in the main memory 12 is all encrypted. Thus, the data stored in the main memory 12 needs to be decrypted every time it is referred to by the firmware for processing, which means low process efficiency.
Thus, when the RAID controller 10 performs the crypto processing on data to be stored in the disk apparatus 30, it is practical to perform the crypto processing while the data is being transferred between the main memory 12 and the disk apparatus 30.
Such crypto processing is generally realized by embedding processes of the crypto processing in the firmware. The following briefly describes typical crypto processing performed by the firmware.
In write operation, when a write request is sent from the host apparatus 20, the host interface controller 11 receives data sent together with the write request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12. The firmware controls the memory controller 13 to sequentially read out the data from the cache area, encrypt it, and save the encrypted data in a save area that is different from the cache area in the main memory 12. Then the disk interface controller 16 reads out the encrypted data from the save area via the memory controller 13, and transfers it to the disk apparatus 30.
In read operation, on the other hand, when a read request is sent from the host apparatus 20, the disk interface controller 16 reads out from the disk apparatus 30 data requested in the read request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12. The firmware controls the memory controller 13 to sequentially read out the data stored in the cache area, decrypt it, and save the decrypted data in the save area that is different from the cache area of the main memory 12. The host interface controller 11 reads out the decrypted data from the save area via the memory controller 13, and transfers it to the host apparatus 20.
Accordingly, the firmware performs the crypto processing on data transferred between the main memory 12 and the disk apparatus 30, enabling to encrypt data to be stored in the disk apparatus 30.
Causing the firmware to perform the crypto processing, however, requires the save area to save data temporally before and after the crypto processing as described. This poses a problem of increasing the capacity of a memory (main memory or other memory) to be installed in the RAID controller 10. The increase in memory capacity leads to a cost increase in the RAID controller 10.
In this arrangement, data input and output to and from the disk apparatus always require the crypto processing to be performed by the firmware, which results in an increase in response time for data input and output. Further, because the firmware performs the crypto processing, an increased load is placed on the CPU of the RAID controller 10, causing an increased busy ratio of the disk controlling apparatus and requiring heavy traffic of a main memory bus for the crypto processing. Consequently, the overall RAID system performance declines.
Considering this, suppose the RAID controller 10 is arranged such that an encryption chip capable of realizing encryption and decryption functions by hardware, such as an integrated circuit, is used to perform the crypto processing on data to be stored in the disk apparatus 30, without causing the firmware to perform the crypto processing.
FIGS. 18A and 18B are schematics showing the RAID controller 10 using an encryption chip. In the RAID controller 10, a crypto processor 15 including an encryption chip is connected in between the memory controller 13 and the disk interface controller 16 via a bus, as shown in the schematics.
The following describes an operation performed by the RAID controller 10. In write operation, as shown in FIG. 18A, when a write request is sent from the host apparatus 20 (reference number (1) in FIG. 18A), the host interface controller 11 receives data sent together with the write request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12 (reference number (2) in FIG. 18A). Then, the crypto processor 15 sequentially reads out the data from the cache area via the memory controller 13, encrypts the data thus read out, and passes it to the disk interface controller 16 (reference number (3) in FIG. 18A). The disk interface controller 16, when receiving the encrypted data, transfers it to the disk apparatus 30 (reference number (4) in FIG. 18A).
In read operation, on the other hand, as shown in FIG. 18B, when a read request is sent from the host apparatus 20 (reference number (1) in FIG. 18B), the disk interface controller 16 reads out from the disk apparatus 30 data requested in the read request (reference number (2) in FIG. 18B), and passes it to the crypto processor 15. The crypto processor 15 decrypts the received data, and sequentially stores it in the cache area of the main memory 12 via the memory controller 13 (reference number (3) in FIG. 18B). The host interface controller 11 reads out the decrypted data from the cache area via the memory controller 13 ((4) in FIG. 18B), and transfers it to the host apparatus 20 (reference number (5) in FIG. 18B).
When such an encryption chip is used to perform the crypto processing, the save area is not needed. This arrangement solves the problems of the cost increase and processing degradation arising from the crypto processing performed by the firmware.
However, using the encryption chip to perform the crypto processing leads to a problem of requiring complicated control when there is a difference between a data size as a unit for data transfer on a bus connecting the devices in the RAID controller 10 and a data size as a unit for the crypto processing performed by using the encryption chip. This problem is described below in detail.
The following describes, for example, an arrangement in which a peripheral component interconnect express (PCIe) is used as a bus standard and an advanced encryption standard (AES) is used as a format of crypto processing performed by using the encryption chip. In this arrangement, the size as a unit for data transfer on the bus is multiple of 4 bytes (32 bits), and the size as a unit for the crypto processing is 16 bytes (128 bits).
When the AES is used to encrypt data transferred on a PCIe bus, data below 16 bytes may remain without being encrypted (same as in decryption). In this case, the crypto processor 15 holds the remaining data (hereinafter, “fraction data”) and combines it with the subsequently transferred data, so as to make and encrypt data over 16 bytes.
In PCIe, data is transferred in the form of a transaction layer packet (TLP), which has a specified upper limit size of data that can be transferred by a single TLP. Thus, when data to be transferred exceeds the upper limit size, the data is separated into a plurality of TLPs and then transferred.
Further, data to be transferred on a bus connecting to the main memory 12 via the memory controller 13 is generally transferred by direct memory access (DMA), aiming to reduce the load on the CPU. DMA allows parallel data transfer using a plurality of DMA channels.
The separate TLPs of one data set are transferred by using the same DMA channel. Thus, when fraction data and the subsequently transferred data are combined, it is necessary to identify whether these data items have been transferred via the same channel.
Each TLP is provided with a header that includes a command of various types (such as read command and write command), an address, and other information. A DMA channel used for data transfer can be identified using Tag information included in the header of the TLP.
In general, how to set information in the Tag area differs depending on the specification of a device (such as the memory controller 13 or the disk interface controller 16) that transfers data. To realize a universal encryption chip independent from the device specification, the Tag information cannot be used as a factor for identifying a DMA channel.
This poses a significant issue regarding how to identify a channel used to transfer data to encrypt and decrypt the data for each channel, even when the data size as a unit for data transfer differs from the data size as a unit for crypto processing.