1. Field of Invention
The present invention relates generally to the field of computing systems and particularly to high speed data encryption.
2. Description of Related Art
Military and commercial computing, communication and navigation products often require high speed encryption and decryption of data. The Programmable Cryptography Processor (PCP) architecture, as disclosed in U.S. patent application Ser. No. 10/616,199, has been developed by Rockwell Collins to address the security needs of several military products. The PCP provides a fully configurable, non-classified encryption core that supports a variety of legacy and modern algorithms.
Future systems using modern algorithms may have throughput requirements much greater than the current capabilities of the PCP design. Coinciding with these high speed data requirements, modern cryptosystems require support for running multiple concurrent algorithms each with its own unique set of cryptographic keys. Algorithm and key agility also requires that the process of switching and reloading of algorithms and keys be transparent. Current approaches require the user to pre-allocate blocks of key storage per algorithm, creating a static key map for a given system. The present invention provides a method and apparatus that is more flexible.
Content Addressable Memory (CAM), also known as “associative storage,” is typically memory hardware which receives input search data, in the form of a word, to be compared, bit by bit, against stored data held in the CAM, with the address of any matching data returned in a single clock cycle, rather than having to transfer data to an arithmetic logic unit (ALU) in more than one cycle, as in conventional memory. The speed of a CAM is achieved at the expense of increased silicon die hardware and power consumption. A typical CAM has a search word (N-bits per word) broadcast into searchlines in the CAM, which address 2^n bits of address space in the CAM, e.g. 215=32K entries. The CAM has stored words that have a matchline to indicate whether each stored word in the CAM is identical or not to the search word. A simple encoder, in the case where a single match is expected, or a priority encoder, in the case where multiple matches are expected, is used to indicate the address location of the match in the CAM. Typical applications of CAM, combined with RAM, are in network routers to forward data packets from an incoming port to an outgoing port using an address-lookup table. Other applications include Huffman coding/decoding, image coding and Lempel-Ziv compression of data.
In the present invention, to provide the flexibility required for algorithm and key agile cryptographic systems, a novel approach is disclosed to creating a virtualized cryptographic key cache that behaves as a type of CAM.