1. Field of the Invention
The present invention relates to a data encryption apparatus, a data decryption apparatus, a data encryption method, a data decryption method, and a data relay apparatus that encrypt and decrypt data transferred between a first apparatus and a second apparatus. The present invention particularly relates to a data encryption apparatus, a data decryption apparatus, a data encryption method, a data decryption method, and a data relay apparatus that are capable of encrypting and decrypting data without interrupting data transfer, even when a data size as a unit for data transfer differs from a data size as a unit for crypto processing.
2. Description of the Related Art
Conventionally, in magnetic disk devices, optical disk devices, and other memory devices, data is encrypted when recorded in storage media (such as magnetic disks and optical disks) or when transmitted to and received from a host apparatus of a network system such as a host computer, for the purpose of preventing information leakage due to theft and unauthorized access. Conventional technologies have been disclosed in, for example, Japanese Patent Applications Laid-Open No. 2003-271460 and No. 2006-41684.
In a computer network system, a typical RAID system (redundant array of inexpensive disks) is well known. The RAID system includes, for example, a disk apparatus of a plurality of disks as storage media, a high-level apparatus that requests to read and write data from and to the disk apparatus, and a RAID controller that controls data input and output to and from the disk apparatus based on the request from the high-level apparatus.
FIGS. 11A and 11B are schematics showing an example of a conventional RAID system. As shown in the schematics, the RAID system includes a RAID controller 10, a host apparatus 20 serving as the high-level apparatus, and a disk apparatus 30. The RAID controller 10 is connected in between the host apparatus 20 and the disk apparatus 30.
The RAID controller 10 includes a host interface controller 11, a main memory 12, a memory controller 13, a central processing unit (CPU) 14, and a disk interface controller 15, as shown in FIGS. 11A and 11B.
The function units will now be briefly described. The host interface controller 11 controls data transfer to and from the host apparatus 20. The main memory 12 includes a cache area used as a cache memory.
The memory controller 13 controls reading and writing data from and to the main memory 12. The CPU 14 is a central processing unit that implements firmware that controls the entire RAID controller 10. The disk interface controller 15 controls data transfer to and from the disk apparatus 30.
Referring to FIGS. 11A and 11B, an operation performed by the RAID controller 10 is briefly described. The following describes an operation performed when a write request is received from the host apparatus 20 (hereinafter, “write operation”), and an operation performed when a read request is received from the host apparatus 20 (hereinafter, “read operation”).
In write operation, as shown in FIG. 11A, when a write request is sent from the host apparatus 20 (reference numeral (1) in FIG. 11A), the host interface controller 11 receives data sent together with the write request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12 (reference number (2) in FIG. 11A). The disk interface controller 15 reads out the data from the cache area via the memory controller 13 (reference numeral (3) in FIG. 11A), and transfers it to the disk apparatus 30 (reference numeral (4) in FIG. 11A).
In read operation, on the other hand, as shown in FIG. 11B, when a read request is sent from the host apparatus 20 (reference numeral (1) in FIG. 11B), the disk interface controller 15 reads out from the disk apparatus 30 data requested in the read request (reference numeral (2) in FIG. 11B), and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12 (reference numeral (3) in FIG. 11B). Then, the host interface controller 11 reads out the data from the cache area via the memory controller 13 (reference numeral (4) in FIG. 11B), and transfers it to the host apparatus 20 (reference numeral (5) in FIG. 11B).
In such a RAID system, crypto processing (encryption and decryption) is performed on data to be stored in the disk apparatus 30 by the RAID controller 10 in general.
The crypto processing is possibly performed on data transferred between the host apparatus 20 and the main memory 12 and data transferred between the main memory 12 and the disk apparatus 30.
As to the data transferred between the host apparatus 20 and the main memory 12, data to be stored in the main memory 12 is all encrypted. Thus, the data stored in the main memory 12 needs to be decrypted every time it is referred to by the firmware for processing, which means low process efficiency.
Thus, when the RAID controller 10 performs the crypto processing on data to be stored in the disk apparatus 30, it is practical to perform the crypto processing while the data is being transferred between the main memory 12 and the disk apparatus 30.
Such crypto processing is generally realized by embedding processes of the crypto processing in the firmware. The following briefly describes typical crypto processing performed by the firmware.
In write operation, when a write request is sent from the host apparatus 20, the host interface controller 11 receives data sent together with the write request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12. The firmware controls the memory controller 13 to sequentially read out the data from the cache area, encrypt it, and save the encrypted data in a save area that is different from the cache area in the main memory 12. Then the disk interface controller 15 reads out the encrypted data from the save area via the memory controller 13, and transfers it to the disk apparatus 30.
In read operation, when a read request is sent from the host apparatus 20, the disk interface controller 15 reads out from the disk apparatus 30 data requested in the read request, and passes it to the memory controller 13. The memory controller 13 sequentially stores the received data in the cache area of the main memory 12. The firmware controls the memory controller 13 to sequentially read out the data stored in the cache area, decrypt it, and save the decrypted data in the save area that is different from the cache area of the main memory 12. The host interface controller 11 reads out the decrypted data from the save area via the memory controller 13, and transfers it to the host apparatus 20.
Accordingly, the firmware performs the crypto processing on data transferred between the main memory 12 and the disk apparatus 30, enabling to encrypt data to be stored in the disk apparatus 30.
Causing the firmware to perform the crypto processing, however, requires the save area to save data temporally before and after the crypto processing as described. This poses a problem of increasing the capacity of a memory (main memory or other memory) to be installed in the RAID controller 10. The increase in memory capacity leads to a cost increase in the RAID controller 10.
In this arrangement, data input and output to and from the disk apparatus always require the crypto processing to be performed by the firmware, which results in an increase in response time for data input and output. Further, because the firmware performs the crypto processing, an increased load is placed on the CPU of the RAID controller 10, causing an increased busy ratio of the disk controlling apparatus and requiring heavy traffic of a main memory bus for the crypto processing. Consequently, the overall RAID system performance declines.
Considering this, suppose the RAID controller 10 is arranged such that an encryption chip capable of realizing encryption and decryption functions by hardware, such as an integrated circuit, is used to perform the crypto processing on data to be stored in the disk apparatus 30, without causing the firmware to perform the crypto processing.
In this arrangement, for example, a data relay apparatus including an encryption chip is connected to and shared between the RAID controller 10 and the disk apparatus 30. The data relay apparatus encrypts data to be transferred from the RAID controller 10 to the disk apparatus 30, and decrypts data to be transferred from the disk apparatus 30 to the RAID controller 10.
This allows the RAID controller 10 not to have the data save area, enabling to solve the problems of the cost increase and processing degradation arising from the crypto processing performed by the firmware.
When the data relay apparatus performs the crypto processing, however, such a problem may occur that data cannot be transferred depending on the type of an interface connecting the RAID controller and the disk apparatus and the format type of the crypto processing used in the encryption chip. This problem is described in detail below.
For example, the following concerns a Fibre Channel (FC) or a Serial Attached SCSI (SAS) used as the data transfer interface connecting the RAID controller and the disk apparatus. In the FC and SAS, data is transferred in units of a size of a multiple of 4 bytes (32 bits), and the data is transferred using a protocol in a Small Computer System Interface (SCSI) specification.
To begin with, data transfer in the SCSI is described. In the SCSI, one side requesting data transfer is referred to as an initiator, and the other side providing data is referred to as a target.
For example, the following describes data transfer from the initiator to the target. FIG. 12 is a schematic diagram for explaining data transfer in the SCSI. As shown in FIG. 12, the initiator sends to the target a write command packet including a write command set therein (reference numeral (1) in FIG. 12).
The target, when receiving the write command packet, sends to the initiator a data transfer request packet in which a receivable size is defined. Based on the receivable size, the initiator sends to the target a data packet with write data set therein.
In the SCSI, an upper limit is defined for a receivable size that can be set in a single data transfer request packet and a data size that can be set in a single data packet. Thus, when transfer data is relatively large in size, the data is split into a plurality of data transfer packets or data packets based on the upper limit and then transferred.
For example, as shown in FIG. 12, the target sends to the initiator a data transfer request packet specifying receivable size as A (reference numeral (2) in FIG. 12). In response, the initiator sends to the target a data packet including a data item 1 with a data size of B bytes and a data packet including a data item 2 with a data size of C bytes (reference numerals (3) and (4) in FIG. 12). Note that C=A−B.
The target, every time it receives the data packet, sums up the size of the received data. When receiving from the initiator data of the receivable size set in the data transfer request packet thus sent, the target sends the next data transfer request packet to the initiator.
For example, as shown in FIG. 12, when receiving from the initiator the data packet including the data item 1 and the data packet including the data item 2, the target sends the next data transfer request packet to the initiator because the size of the received data items becomes B+C=A bytes (reference numeral (5) in FIG. 12).
As such, in the SCSI, the target does not send the next data transfer request packet until it receives from the initiator data of a receivable size set in the data transfer packet thus sent.
Considering such features of the SCSI, the problems with the crypto processing performed by the data relay apparatus are described in detail. FIG. 13 is a schematic diagram for explaining the problems with the crypto processing performed by the data relay apparatus.
For example, as shown in FIG. 13, a RAID controller and a disk apparatus, connected via FC, are connected to a FC switch shared in between. Further, the FC switch performs crypto processing according to the advanced encryption standard (AES). In this arrangement, the RAID controller is the initiator, and the target is the disk apparatus.
The following describes write operation in which data is transferred from the RAID controller to the disk apparatus. As shown in FIG. 13, in write operation, the RAID controller sends a write command packet to the disk apparatus via the FC switch (reference numeral (1) in FIG. 13).
The disk apparatus, when receiving the write command packet, sends a data transfer request packet including a receivable size of 16×A+a bytes (A and a are integral numbers equal to or greater than 0) to the RAID controller via the FC switch (reference numeral (2) in FIG. 13). Note that a<16.
The RAID controller, when receiving the data transfer request packet, sends to the FC switch a data packet including a data item 1 with a data size of 16×B bytes (B is an integral number equal to or greater than 0) (reference numeral (3) in FIG. 13).
The FC switch, when receiving the data packet, encrypts according to the AES the data item 1 included in the data packet. Because data is encrypted in units of 16 bytes (128 bits) in the AES, the FC switch can encrypt the entire data item 1, and sends to the disk apparatus a data packet including the encrypted data item 1 (reference numeral (4) in FIG. 13).
The disk apparatus receives the data packet sent from the FC switch, and writes the data item 1 included in the received data packet to disks serving as storage media. Thereupon, the accumulated size of the received data in the disk apparatus becomes 16×B bytes.
Subsequently, the RAID controller sends to the FC switch a data packet including the data item 2 with a data size of 16×C+a bytes (C and a are integral numbers equal to or greater than 0) (reference numeral (5) in FIG. 13). Note that C=A−B.
The FC switch encrypts only a portion of the data item 2 included in the received data packet, i.e., data of 16×C bytes. As a result, a-byte data below 16 bytes remains without being encrypted. The possible process performed by the FC switch here is either sending no data to the disk apparatus because the entire data has not been encrypted (reference numeral (6) in FIG. 13), or sending to the disk apparatus a data packet including the encrypted data of 16×C bytes (reference numeral (7) in FIG. 13).
In either case, the accumulated size of the received data does not become the receivable size set in the data transfer request packet, i.e., 16×A+a bytes. Thus, the disk apparatus cannot send the next transfer request packet (reference numeral (8) in FIG. 13).
As such, in data transfer via FC and SAS, when a data size as a unit for data transfer differs from a data size as a unit for crypto processing, the data transfer is interrupted before the data to be transferred from the RAID controller to the disk apparatus is all transferred.
This poses a significant issue regarding how to perform encryption and decryption without interrupting data transfer, even when a data size as a unit for data transfer differs from a data size as a unit for crypto processing.