1. Field of the Invention
The present invention relates to communication processors, and, in particular, to processing of multiple crypto functions.
2. Description of the Related Art
Cryptography (or “crypto”) modules are increasingly incorporated into modern ASIC designs for various applications. These crypto modules generally support crypto functions specified in different standards (e.g. IPsec, 3GPP). Crypto modules find application for processing both cryptographic hash functions and computationally secure cryptographic functions.
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value. Important applications of secure hashes include verification of message integrity and password verification. Determining whether any changes have been made, for example, can be accomplished by comparing hash values calculated before, and after, transmission (or any other event). Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. In information security applications, cryptographic hash values are sometimes called (digital) fingerprints, checksums, or just hash values, even though all these terms stand for functions with rather different properties and purposes. The SHA-1 and SHA-2 families of cryptographic hash function are commonly employed for these purposes.
Conventional computationally secure cryptography generally uses a shared secret key of limited length to provide message security, since these schemes are generally computationally infeasible to break (for limited computational resources) to determine the key for the encrypted message. Two common types of computationally secure cryptographic ciphers include block ciphers and stream ciphers. Block ciphers divide the data stream into discrete blocks (e.g., 64 or 128 bits), and apply the cipher on a block by block basis to provide encrypted message data (sometimes referred to as ciphertext blocks). The cipher key need not be of the same length as the block, and is reused over multiple blocks, requiring that this key be combined with the message in a complex or otherwise non-obvious manner. A popular class of block ciphers is Feistal ciphers, where encryption operations are grouped and repeated in rounds. The national Data Encryption Standard (DES) is based on Feistal ciphers with a 64-bit message block, 56-bit key and sixteen rounds. Other types of important block ciphers include IDEA used in (PGP) and RC5. The Advanced Encryption Standard (AES), a replacement for DES, employs 128-bit blocks with key sizes of 128, 192 or 256 bits. Modes of operation for block ciphers include Electronic Codebook (ECB), Counter Mode, Output Feedback Mode, and Cipher Block Chaining (CBC). AES, for example, includes such (e.g., NIST-approved) modes of operation as XEX-based Tweaked ECB mode with Cipher Text Stealing (XTS), Galois Counter mode (GCM), Counter mode with CBC-MAC(CCM) and the like.
KASUMI is a block cipher used in UMTS, GSM, and GPRS mobile communications systems, with the KASUMI algorithm specified in a 3GPP technical specification. KASUMI is a block cipher with 128-bit key and 64-bit input/output having an eight-round Feistel network. The round functions are irreversible Feistel network transformations, and, in each round, the round function uses a round key that comprises eight 16-bit sub keys derived from the original 128-bit key using a fixed key schedule. In UMTS, KASUMI is used in the confidentiality (f8) and integrity algorithms (f9), referred to as UEA1 and UIA1, respectively. In GSM, KASUMI is used in the A5/3 key stream generator and in GPRS in the GEA3 key stream generator.
Stream ciphers employ a one-time pad, usually generated with a seed, to generate a random or pseudo-random stream of bits that are logically combined with the data stream (e.g., a pseudo-random bit stream is generated from a seed and xor-ed with bits of the data stream). Often, the seed is changed on a message-by message basis to prevent detection of a particular seed. A commonly used stream cipher is RC4, which is a variable key-size cipher.
A commonly employed stream cipher is the SNOW family of ciphers (e.g., SNOW 1.0, SNOW 2.0, and SNOW 3G). SNOW ciphers are word-based synchronous stream ciphers, with SNOW 3G employed for the 3GPP encryption algorithms UEA2 and UIA2. The SNOW family of ciphers is characterized by a short initialization phase, works on 32-bit words, and supports both 128- and 256-bit keys. The cipher is a combination of a linear feedback shift register (LFSR) and a Finite State Machine (FSM), where the LFSR output also feeds the next state function of the FSM.
Crypto-function algorithms and protocols for security further include public key cryptography (such as digital signature generation and verification operations of, for example the Digital Signature Standard (DSS)). Other examples include elliptic curve cryptography (ECC) and RSA operations, and also Diffie-Hellman (DH) based protocols.
Several methods are employed to use a block cipher to build a cryptographic hash function, such as by use of a one-way compression function. The methods resemble the block cipher modes of operation usually used for encryption. Many well-known hash functions, including MD4, MD5, SHA-1 and SHA-2 are built from block-cipher-like components designed for the purpose, with feedback to ensure that the resulting function is not bijective. SHA-3 finalists include functions with block-cipher-like components (e.g., Skein, BLAKE) and functions based on other designs (e.g., Cube Hash, JH). A standard block cipher, such as AES can be used in place of these custom block ciphers when an embedded system needs to implement both encryption and hashing with minimal code size or hardware area.
Often, these crypto modules use different interfaces, and these crypto modules also require very specific and precise timing schedules for the input/output information. User's of these crypto modules generally prefer standardized interfaces, and/or integrated unified crypto blocks/crypto functional units (CFUs) instead of dozen of individual cipher blocks that are needed for implementation of various crypto algorithms/functions and protocols. Development of this complex structure requires also elaborating of the comprehensive debugging and testing system. Existing approaches lack parallelism and have poor support for drop-in security solutions. The existing approaches also require cumbersome testing and debugging during the development and implementation phases.