CN115842628A

Movatterモバイル変換

Info

Publication number: CN115842628A
Application number: CN202211529312.2A
Authority: CN
Inventors: 顾申
Original assignee: Hefei Datang Storage Technology Co ltd
Current assignee: Hefei Datang Storage Technology Co ltd
Priority date: 2022-11-30
Filing date: 2022-11-30
Publication date: 2023-03-24
Anticipated expiration: 2042-11-30
Also published as: CN115842628B

Abstract

本文公开一种实现密钥处理的方法、装置、计算机存储介质及固态硬盘，本发明实施例由物理随机源生成密钥加密密钥(KEK)和数据加密密钥(MEK)，提升了初始生成的KEK和MEK的随机性，在生成、存储和使用过程均通过硬加密对KEK和MEK进行掩码保护处理，防止了物理破解，提升了KEK和MEK抵抗侧信道攻击的性能，提高了密钥应用的安全性。

This paper discloses a method, device, computer storage medium, and solid-state hard disk for key processing. The embodiment of the invention generates a key encryption key (KEK) and a data encryption key (MEK) from a physical random source, which improves the initial generation The randomness of KEK and MEK, in the process of generation, storage and use, KEK and MEK are masked and protected by hard encryption, which prevents physical cracking, improves the performance of KEK and MEK against side channel attacks, and improves the key security. App security.

Description

Translated fromChinese

实现密钥处理的方法、装置、计算机存储介质及固态硬盘Method, device, computer storage medium and solid state hard disk for realizing key processing

技术领域technical field

本文涉及但不限于信息安全技术，尤指一种实现密钥处理的方法、装置、计算机存储介质及固态硬盘。This article involves but is not limited to information security technology, especially a method, device, computer storage medium and solid-state hard disk for realizing key processing.

背景技术Background technique

随着安全攻击技术的不断发展，数据存储领域的信息安全受到越来越多的重视。加密硬盘的出现，对数据存储安全起到了一定促进作用；但是随着侧信道等攻击技术的不断成熟，密钥加密密钥(KEK，Key Encryption Key)和数据加密密钥(MEK，MessageEncryption Key)逐渐成为攻击者可利用的攻击目标；目前，KEK和MEK的生成、存储和使用等环节均存在泄露的风险，如何提升KEK和MEK抵抗侧信道攻击的性能，提高KEK和MEK应用的安全性，成为一个有待解决的问题。With the continuous development of security attack technology, information security in the field of data storage has received more and more attention. The emergence of encrypted hard drives has played a certain role in promoting the security of data storage; however, with the continuous maturity of attack technologies such as side channels, key encryption keys (KEK, Key Encryption Key) and data encryption keys (MEK, Message Encryption Key) It has gradually become an attack target that attackers can use; at present, there are risks of leakage in the generation, storage and use of KEK and MEK. How to improve the performance of KEK and MEK against side channel attacks and improve the security of KEK and MEK applications, become a problem to be solved.

发明内容Contents of the invention

以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics described in detail in this article. This summary is not intended to limit the scope of the claims.

本发明实施例提供一种实现密钥处理的方法、装置、计算机存储介质及固态硬盘，能够提升密钥加密密钥和数据加密密钥抵抗侧信道攻击的性能，提高密钥应用的安全性。Embodiments of the present invention provide a method, device, computer storage medium, and solid-state hard disk for key processing, which can improve the performance of key encryption keys and data encryption keys against side-channel attacks, and improve the security of key application.

本发明实施例提供了一种实现密钥处理的方法，包括：An embodiment of the present invention provides a method for implementing key processing, including:

接收到预设的封装指令时，通过预设的物理随机源TRNG产生第一预设数值个初始密钥加密密钥KEK和第二预设数值个数据加密密钥MEK；When a preset encapsulation instruction is received, a first preset number of initial key encryption keys KEK and a second preset number of data encryption keys MEK are generated through a preset physical random source TRNG;

对每一个初始KEK分别通过第一随机数进行第一硬加密，并将所有经过第一硬加密的初始KEK作为第一KEK写入一次性可编程密码OTP存储器中；Each initial KEK is respectively first hard-encrypted by the first random number, and all the first hard-encrypted initial KEKs are written into the one-time programmable password OTP memory as the first KEK;

依次通过第二随机数和第一随机数对第一KEK进行第二硬加密，并将经过第二硬加密的第一KEK作为第二KEK写入存储密钥的随机存取存储器RAM；Carry out second hard encryption to the first KEK by the second random number and the first random number in turn, and write the first KEK through the second hard encryption as the second KEK into the random access memory RAM storing the key;

依次通过第三随机数和第二随机数对第二KEK进行第三硬加密，并将经过第三硬加密的第二KEK作为第三KEK写入密钥缓存器；Carrying out third hard encryption to the second KEK by the third random number and the second random number in turn, and writing the third hard encrypted second KEK into the key buffer as the third KEK;

以第三KEK作为密钥，对生成的每一个MEK分别进行对称加密运算，并将所有经过对称加密运算的MEK作为加密MEK写入OTP存储器；Using the third KEK as a key, perform symmetric encryption operations on each generated MEK, and write all MEKs that have undergone symmetric encryption operations into the OTP memory as encrypted MEKs;

其中，所述第一随机数为固定随机数。Wherein, the first random number is a fixed random number.

另一方面，本发明实施例还提供一种计算机存储介质，所述计算机存储介质中存储有计算机程序，所述计算机程序被处理器执行时实现上述实现密钥处理的方法。On the other hand, an embodiment of the present invention further provides a computer storage medium, where a computer program is stored in the computer storage medium, and when the computer program is executed by a processor, the foregoing method for implementing key processing is implemented.

再一方面，本发明实施例还提供一种终端，包括：存储器和处理器，所述存储器中保存有计算机程序；其中，In yet another aspect, an embodiment of the present invention also provides a terminal, including: a memory and a processor, and a computer program is stored in the memory; wherein,

处理器被配置为执行存储器中的计算机程序；the processor is configured to execute the computer program in the memory;

所述计算机程序被所述处理器执行时实现如上述实现密钥处理的方法。When the computer program is executed by the processor, the above-mentioned key processing method is realized.

还一方面，本发明实施例还提供一种实现密钥处理的固态硬盘，包括：生成单元、第一硬加密单元、第二硬加密单元、第三硬加密单元和加密处理单元；其中，In another aspect, the embodiment of the present invention also provides a solid-state hard disk for key processing, including: a generation unit, a first hard encryption unit, a second hard encryption unit, a third hard encryption unit, and an encryption processing unit; wherein,

生成单元设置为：接收到预设的封装指令时，通过预设的物理随机源TRNG产生第一预设数值个初始密钥加密密钥KEK和第二预设数值个数据加密密钥MEK；The generation unit is set to: when receiving a preset encapsulation instruction, generate a first preset number of initial key encryption keys KEK and a second preset number of data encryption keys MEK through a preset physical random source TRNG;

第一硬加密单元设置为：对每一个初始KEK分别通过第一随机数进行第一硬加密，并将所有经过第一硬加密的初始KEK作为第一KEK写入OTP存储器中；The first hard encryption unit is set to: carry out the first hard encryption to each initial KEK respectively by the first random number, and write all initial KEKs through the first hard encryption as the first KEK into the OTP memory;

第二硬加密单元设置为：依次通过第二随机数和第一随机数对第一KEK进行第二硬加密，并将经过第二硬加密的第一KEK作为第二KEK写入存储密钥的随机存取存储器RAM；The second hard encryption unit is set to: perform second hard encryption on the first KEK through the second random number and the first random number in turn, and write the first KEK through the second hard encryption as the second KEK into the storage key random access memory RAM;

第三硬加密单元设置为：依次通过第三随机数和第二随机数对第二KEK进行第三硬加密，并将经过第三硬加密的第二KEK作为第三KEK写入密钥缓存器；The third hard encryption unit is set to: perform third hard encryption on the second KEK through the third random number and the second random number in turn, and write the third hard encrypted second KEK into the key buffer as the third KEK ;

加密处理单元设置为：以第三KEK作为密钥，对生成的每一个MEK分别进行对称加密运算，并将所有经过对称加密运算的MEK作为加密MEK写入OTP存储器；The encryption processing unit is set to: use the third KEK as a key to perform symmetric encryption operations on each generated MEK, and write all MEKs that have undergone symmetric encryption operations into the OTP memory as encrypted MEKs;

本申请技术方案包括：接收到预设的封装指令时，通过预设的物理随机源(TRNG)产生第一预设数值个初始密钥加密密钥(KEK)和第二预设数值个数据加密密钥(MEK)；对每一个初始KEK分别通过第一随机数进行第一硬加密，并将所有经过第一硬加密的初始KEK作为第一KEK写入一次性可编程密码(OTP)存储器中；依次通过第二随机数和第一随机数对第一KEK进行第二硬加密，并将经过第二硬加密的第一KEK作为第二KEK写入存储密钥的随机存取存储器(RAM)；依次通过第三随机数和第二随机数对第二KEK进行第三硬加密，并将经过第三硬加密的第二KEK作为第三KEK写入密钥缓存器；以第三KEK作为密钥，对生成的每一个MEK分别进行对称加密运算，并将所有经过对称加密运算的MEK作为加密MEK写入OTP存储器；其中，所述第一随机数为固定随机数。本发明实施例由物理随机源生成密钥加密密钥和数据加密密钥，提升了初始生成的KEK和MEK的随机性，在生成、存储和使用过程均通过硬加密对KEK和MEK进行掩码保护处理，防止了物理破解，提升了KEK和MEK抵抗侧信道攻击的性能，提高了密钥应用的安全性。The technical solution of the present application includes: when a preset packaging instruction is received, a first preset number of initial key encryption keys (KEK) and a second preset number of data encryption keys are generated by a preset physical random source (TRNG) Secret key (MEK); each initial KEK is respectively carried out the first hard encryption by the first random number, and all initial KEKs through the first hard encryption are written in the one-time programmable password (OTP) memory as the first KEK Carry out the second hard encryption to the first KEK by the second random number and the first random number in turn, and write the random access memory (RAM) of the storage key through the second hard encrypted first KEK as the second KEK Carry out the third hard encryption to the second KEK by the third random number and the second random number in turn, and write the second KEK through the third hard encryption into the key buffer as the third KEK; use the third KEK as the encryption key, perform symmetric encryption operations on each generated MEK, and write all MEKs that have undergone symmetric encryption operations as encrypted MEKs into the OTP memory; wherein, the first random number is a fixed random number. The embodiment of the present invention generates a key encryption key and a data encryption key from a physical random source, which improves the randomness of the initially generated KEK and MEK, and masks the KEK and MEK through hard encryption during generation, storage, and use The protection process prevents physical cracking, improves the performance of KEK and MEK against side channel attacks, and improves the security of key application.

本发明的其它特征和优点将在随后的说明书中阐述，并且，部分地从说明书中变得显而易见，或者通过实施本发明而了解。本发明的目的和其他优点可通过在说明书、权利要求书以及附图中所特别指出的结构来实现和获得。Additional features and advantages of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.

附图说明Description of drawings

附图用来提供对本发明技术方案的进一步理解，并且构成说明书的一部分，与本申请的实施例一起用于解释本发明的技术方案，并不构成对本发明技术方案的限制。The accompanying drawings are used to provide a further understanding of the technical solution of the present invention, and constitute a part of the description, and are used together with the embodiments of the application to explain the technical solution of the present invention, and do not constitute a limitation to the technical solution of the present invention.

图1为本发明实施例实现密钥处理的方法的流程图；Fig. 1 is the flowchart of the method that realizes key processing in the embodiment of the present invention;

图2为本发明实施例实现密钥处理的固态硬盘的结构框图；Fig. 2 is the structural block diagram of the solid-state hard disk that realizes key processing in the embodiment of the present invention;

图3为本发明应用示例固态硬盘的结构示意图。FIG. 3 is a schematic structural diagram of a solid-state hard disk of an application example of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白，下文中将结合附图对本发明的实施例进行详细说明。需要说明的是，在不冲突的情况下，本申请中的实施例及实施例中的特征可以相互任意组合。In order to make the purpose, technical solution and advantages of the present invention more clear, the embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings. It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined arbitrarily with each other.

在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行。并且，虽然在流程图中示出了逻辑顺序，但是在某些情况下，可以以不同于此处的顺序执行所示出或描述的步骤。The steps shown in the flowcharts of the figures may be performed in a computer system, such as a set of computer-executable instructions. Also, although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

图1为本发明实施例实现密钥处理的方法的流程图，如图1所示，包括：Fig. 1 is the flowchart of the method for realizing key processing in the embodiment of the present invention, as shown in Fig. 1, comprising:

步骤101、接收到预设的封装指令时，通过预设的物理随机源(TRNG)产生第一预设数值个初始密钥加密密钥(KEK)和第二预设数值个数据加密密钥(MEK)；Step 101, when receiving a preset encapsulation instruction, generate a first preset number of initial key encryption keys (KEK) and a second preset number of data encryption keys ( MEK);

步骤102、对每一个初始KEK分别通过第一随机数进行第一硬加密，并将所有经过第一硬加密的初始KEK作为第一KEK写入一次性可编程密码(OTP)存储器中；Step 102, carry out the first hard encryption to each initial KEK respectively by the first random number, and write all initial KEKs through the first hard encryption as the first KEK in the one-time programmable password (OTP) memory;

步骤103、依次通过第二随机数和第一随机数对第一KEK进行第二硬加密，并将经过第二硬加密的第一KEK作为第二KEK写入存储密钥的随机存取存储器(RAM)；Step 103, carry out the second hard encryption to the first KEK by the second random number and the first random number in turn, and write the first KEK through the second hard encryption as the second KEK into the random access memory ( RAM);

步骤104、依次通过第三随机数和第二随机数对第二KEK进行第三硬加密，并将经过第三硬加密的第二KEK作为第三KEK写入密钥缓存器；Step 104, performing third hard encryption on the second KEK by using the third random number and the second random number in turn, and writing the third hard encrypted second KEK into the key buffer as the third KEK;

步骤105、以第三KEK作为密钥，对生成的每一个MEK分别进行对称加密运算，并将所有经过对称加密运算的MEK作为加密MEK写入OTP存储器；Step 105, using the third KEK as a key, performing symmetric encryption operations on each generated MEK, and writing all MEKs that have undergone symmetric encryption operations into the OTP memory as encrypted MEKs;

其中，第一随机数为固定随机数。Wherein, the first random number is a fixed random number.

本发明实施例由物理随机源生成密钥加密密钥和数据加密密钥，提升了初始生成的KEK和MEK的随机性，在生成、存储和使用过程均通过硬加密对KEK和MEK进行掩码保护处理，防止了物理破解，提升了KEK和MEK抵抗侧信道攻击的性能，提高了密钥应用的安全性。The embodiment of the present invention generates a key encryption key and a data encryption key from a physical random source, which improves the randomness of the initially generated KEK and MEK, and masks the KEK and MEK through hard encryption during generation, storage, and use The protection process prevents physical cracking, improves the performance of KEK and MEK against side channel attacks, and improves the security of key application.

在一种示例性实例中，本发明实施例中的第一预设数值个经过第一硬加密的初始KEK，按照先后顺序连接获得第一KEK。In an illustrative example, the first preset number of initial KEKs that have undergone the first hard encryption in the embodiment of the present invention are connected sequentially to obtain the first KEK.

在一种示例性实例中，本发明实施例中的经过对称加密运算的MEK，按照先后顺序连接获得加密MEK。In an illustrative example, the MEKs that have undergone symmetric encryption operations in the embodiment of the present invention are connected in sequence to obtain encrypted MEKs.

在一种示例性实例中，本发明实施例第一预设数值，可以由本领域技术人员预先确定；第二预设数值，可以由本领域技术人员根据加密MEK的使用场景预先确定；In an exemplary example, the first preset value in the embodiment of the present invention may be predetermined by those skilled in the art; the second preset value may be predetermined by those skilled in the art according to the usage scenario of the encrypted MEK;

在一种示例性实例中，本发明实施例第一KEK写入OTP存储器的位置，和加密MEK写入OTP存储器的位置可以参照相关技术来设定，在此不作赘述。In an exemplary example, the location where the first KEK is written into the OTP memory and the location where the encrypted MEK is written into the OTP memory in the embodiment of the present invention can be set with reference to related technologies, and details are not described here.

在一种示例性实例中，本发明实施例中的，第一硬加密包括第一异或运算；第二硬加密包括第二异或运算；第三硬加密包括第三异或运算。在一种示例性实例中，通过第二随机数和第一随机数对第一KEK进行第一硬加密，包括：通过第二随机数对第一KEK进行第一异或运算后，通过第一随机数对第一异或运算后的第一KEK进行第一异或运算；需要说明的是，第一硬加密中的上述两次第一异或运算可以相同，也可以不同；同理，第二硬加密处理过程中包含的异或运算可以相同，也可以不同；第三硬加密处理过程中包含的异或运算可以相同，也可以不同；In an exemplary example, in the embodiment of the present invention, the first hard encryption includes a first XOR operation; the second hard encryption includes a second XOR operation; and the third hard encryption includes a third XOR operation. In an illustrative example, performing first hard encryption on the first KEK by using the second random number and the first random number includes: after performing the first XOR operation on the first KEK by using the second random number, then by using the first The random number performs the first XOR operation on the first KEK after the first XOR operation; it should be noted that the above two first XOR operations in the first hard encryption can be the same or different; The XOR operations included in the second hard encryption process may be the same or different; the XOR operations included in the third hard encryption process may be the same or different;

在一种示例性实例中，本发明实施例第一异或运算、第二异或运算和第三异或运算的具体算法可以相同，也可以不同。在一种示例性实例中，本发明实施例第一硬加密、第二硬加密和第三硬加密，可以包括除异或运算以外的其他线性运算。In an exemplary example, the specific algorithms of the first XOR operation, the second XOR operation, and the third XOR operation in this embodiment of the present invention may be the same or different. In an exemplary example, the first hard encryption, the second hard encryption, and the third hard encryption in this embodiment of the present invention may include other linear operations except the XOR operation.

在一种示例性实例中，本发明实施例中的第二随机数为临时产生的随机数，或固定随机数。In an exemplary example, the second random number in this embodiment of the present invention is a temporarily generated random number, or a fixed random number.

在一种示例性实例中，本发明实施例中的第三随机数为临时产生的随机数，或固定随机数。In an exemplary example, the third random number in the embodiment of the present invention is a temporarily generated random number, or a fixed random number.

在一种示例性实例中，本发明实施例中的对称加密运算包括以下任意算法之一：高级加密标准算法(AES)、国密算法(SM4)或数据加密标准算法(DES)。In an exemplary instance, the symmetric encryption operation in the embodiment of the present invention includes any one of the following algorithms: Advanced Encryption Standard Algorithm (AES), State Secret Algorithm (SM4) or Data Encryption Standard Algorithm (DES).

在一种示例性实例中，将所有经过对称加密运算的MEK作为加密MEK写入OTP存储器之后，本发明实施例方法还包括：In an exemplary example, after writing all MEKs that have undergone symmetric encryption operations into the OTP memory as encrypted MEKs, the method in the embodiment of the present invention further includes:

接收到预设的解封装指令时，从OTP存储器中读取加密MEK和第一KEK；When receiving the preset decapsulation instruction, read the encrypted MEK and the first KEK from the OTP memory;

依次通过第一随机数和第二随机数对第一KEK进行第四硬加密，并将经过第四硬加密的第一KEK作为第四KEK写入RAM；Carry out the fourth hard encryption to the first KEK by the first random number and the second random number in turn, and write the first KEK through the fourth hard encryption into RAM as the fourth KEK;

依次通过第二随机数和第三随机数对第四KEK进行第五硬加密，并将经过第五硬加密的第四KEK作为第五KEK写入密钥缓存器；Carrying out the fifth hard encryption to the fourth KEK by the second random number and the third random number in turn, and writing the fifth hard encrypted fourth KEK into the key buffer as the fifth KEK;

以获得的第五KEK作为密钥，对读取的加密MEK进行解密运算，获得解密运算结果；The obtained fifth KEK is used as a key to decrypt the read encrypted MEK to obtain the result of the decryption operation;

将第二预设数值个解密运算结果依次通过第二随机数和第三随机数进行第六硬加密，获得写入RAM的完成解密的MEK。The sixth hard encryption is performed on the second preset number of decryption operation results sequentially by the second random number and the third random number, and the decrypted MEK written into the RAM is obtained.

在一种示例性实例中，本发明实施例可以由固态硬盘的主控芯片中，运行的用于对密钥进行处理的固件执行上述处理。在一种示例性实例中，本发明实施例KEK和MEK的生成、封装、解封装等存储和使用，均在固态硬盘主控芯片的内部完成。In an exemplary example, in this embodiment of the present invention, the above-mentioned processing may be performed by firmware running on the main control chip of the solid-state disk for processing the key. In an exemplary example, the storage and use of the KEK and MEK according to the embodiment of the present invention, such as packaging and decapsulation, are all completed inside the main control chip of the solid state disk.

本发明实施例还提供一种计算机存储介质，计算机存储介质中存储有计算机程序，计算机程序被处理器执行时实现上述实现密钥处理的方法。An embodiment of the present invention also provides a computer storage medium, in which a computer program is stored, and when the computer program is executed by a processor, the foregoing method for implementing key processing is implemented.

本发明实施例还提供一种终端，包括：存储器和处理器，存储器中保存有计算机程序；其中，An embodiment of the present invention also provides a terminal, including: a memory and a processor, and a computer program is stored in the memory; wherein,

计算机程序被处理器执行时实现如上述实现密钥处理的方法。When the computer program is executed by the processor, the above-mentioned key processing method is realized.

图2为本发明实施例实现密钥处理的固态硬盘的结构框图，如图2所示，包括：生成单元、第一硬加密单元、第二硬加密单元、第三硬加密单元和加密处理单元；其中，Fig. 2 is a structural block diagram of a solid-state hard disk for key processing in an embodiment of the present invention, as shown in Fig. 2 , including: a generation unit, a first hard encryption unit, a second hard encryption unit, a third hard encryption unit, and an encryption processing unit ;in,

在一种示例性实例中，本发明实施例装置还包括读取单元和解密处理单元；其中，In an exemplary example, the device in the embodiment of the present invention further includes a reading unit and a decryption processing unit; wherein,

读取单元设置为：接收到预设的解封装指令时，从OTP存储器中读取加密MEK和第一KEK；The reading unit is set to: read the encrypted MEK and the first KEK from the OTP memory when a preset decapsulation instruction is received;

第二硬加密单元还设置为：依次通过第一随机数和第二随机数对第一KEK进行第四硬加密，并将经过第四硬加密的第一KEK作为第四KEK写入RAM；The second hard encryption unit is also configured to: carry out fourth hard encryption to the first KEK through the first random number and the second random number in turn, and write the first KEK through the fourth hard encryption into the RAM as the fourth KEK;

第三硬加密单元还设置为：依次通过第二随机数和第三随机数对第四KEK进行第五硬加密，并将经过第五硬加密的第四KEK作为第五KEK写入密钥缓存器；The third hard encryption unit is also configured to: perform fifth hard encryption on the fourth KEK through the second random number and the third random number in turn, and write the fifth hard encrypted fourth KEK into the key cache as the fifth KEK device;

解密处理单元还设置为：以获得的第五KEK作为密钥，对读取的加密MEK进行解密运算，获得解密运算结果；将第二预设数值个解密运算结果依次通过第二随机数和第三随机数进行第六硬加密，获得写入RAM的完成解密的MEK。The decryption processing unit is further configured to: use the obtained fifth KEK as a key to perform decryption operations on the read encrypted MEK to obtain a decryption operation result; pass the second preset numerical values of the decryption operation results sequentially through the second random number and the second random number. The sixth hard encryption is performed on the three random numbers to obtain the decrypted MEK written into the RAM.

以下通过应用示例对本发明实施例进行简要说明，应用示例仅用于陈述本发明实施例，并不用于限定本发明实施例的保护范围。The following briefly describes the embodiments of the present invention through application examples. The application examples are only used to describe the embodiments of the present invention, and are not intended to limit the protection scope of the embodiments of the present invention.

应用示例Application example

图3为本发明应用示例固态硬盘的结构示意图，本发明应用示例通过对加密固态硬盘中的密钥生成、密钥存储和密钥使用环节进行安全防护，降低了密钥在整个加密固态硬盘生命周期内密钥泄露风险。具体的，KEK和MEK均由加密固态硬盘内部主控芯片的物理随机源(TRNG)产生，不需要从外部生成并导入；KEK和MEK生成后，均加密存储在加密固态硬盘内部的OTP存储器中；在使用过程中，KEK和MEK被加密存储在加密固态硬盘内部的存储密钥的RAM(或寄存器)中，密钥加密密钥KEK从OTP传输到RAM(或密钥寄存器)的通路上也进行加密传输；密文形式的KEK参与对MEK的密钥封装或者密钥解封装过程中；协处理器(Engine)用于执行对称加密运算或解密运算；本发明应用示例由固态硬盘的主控芯片上，用于对密钥进行处理的固件执行本发明实施例的密钥处理。Fig. 3 is a schematic structural diagram of the solid-state hard disk of the application example of the present invention. The application example of the present invention protects the key generation, key storage and key use links in the encrypted solid-state hard disk, reducing the life of the key in the entire encrypted solid-state hard disk. Risk of key disclosure during the cycle. Specifically, both KEK and MEK are generated by the physical random source (TRNG) of the main control chip inside the encrypted solid-state drive, and do not need to be generated and imported from the outside; after KEK and MEK are generated, they are encrypted and stored in the OTP memory inside the encrypted solid-state drive ; During use, KEK and MEK are encrypted and stored in the RAM (or register) of the storage key inside the encrypted solid-state hard disk, and the key encryption key KEK is also transmitted from OTP to RAM (or key register) on the path Encrypted transmission; KEK in ciphertext form participates in the key encapsulation or key decapsulation process of MEK; coprocessor (Engine) is used to perform symmetric encryption operation or decryption operation; the application example of the present invention is controlled by the solid state hard disk On the chip, the firmware for processing the key executes the key processing of the embodiment of the present invention.

KEK生成过程：KEK generation process:

固件触发物理随机源(TRNG)产生真随机数(第一预设数值个初始KEK)，初始KEK经过第一随机数(Mask R1)进行第一硬加密，获得(KEK R1)写入OTP存储器指定地址存放；其中，Mask R1是固化在芯片内部的固定随机数；The firmware triggers the physical random source (TRNG) to generate a true random number (the first preset initial KEK), and the initial KEK undergoes the first hard encryption through the first random number (Mask R1), and the obtained (KEK R1) is written into the OTP memory specified The address is stored; among them, Mask R1 is a fixed random number solidified inside the chip;

对第一预设数值个初始KEK重复上述处理，直到第一数值个初始KEK均进行第一硬加密并存储在OTP中；Repeat the above process for the first preset number of initial KEKs until the first number of initial KEKs are first hard-encrypted and stored in the OTP;

封装过程：Packaging process:

固件触发密钥封装开始，主控芯片将第一KEK从OTP装载到存储密钥的RAM，装载过程中第一KEK首先经过Mask R2进行硬加密得到KEK^∧R1^∧R2，再经过Mask R1进行硬加密得到KEK^∧R2，上述硬加密过程为本发明实施例第二硬加密的处理过程，第二硬加密不暴露KEK明文。第二硬加密之后的第二KEK被Mask R2掩码保护，存入RAM中；本发明应用示例，上述硬加密包括但不限于异或运算，Mask R2为临时产生的随机数；The firmware triggers the key encapsulation to^start , and the main control chip loads the first KEK from the OTP to the RAM where the key is stored^. Encrypt to get KEK^∧ R2, the above hard encryption process is the processing process of the second hard encryption in the embodiment of the present invention, and the second hard encryption does not expose the KEK plaintext. The second KEK after the second hard encryption is protected by Mask R2 and stored in RAM; the application example of the present invention, the above-mentioned hard encryption includes but not limited to XOR operation, and Mask R2 is a random number generated temporarily;

固件触发密钥加载过程，主控芯片将被Mask R2掩码保护的第二KEK(KEK^∧R2)从RAM装载到缓存器(Register)，装载过程中首先经过Mask R3进行硬加密KEK^∧R2^∧R3，再经过Mask R2进行硬加密获得第三KEK(KEK^∧R3)，上述硬加密过程为本发明实施例第三硬加密的处理过程，第三硬加密过程不暴露KEK明文。硬加密之后的KEK被Mask R3掩码保护，存入Register；其中，上述硬加密包括但不限于异或运算，Mask R2为临时产生的随机数。The firmware triggers the key loading process, and the main control chip loads the second KEK (KEK^∧ R2 ) protected by the mask of Mask R2 from RAM to the register (Register). During the loading process, the hard encryption KEK^∧ R2^∧ R3, and then perform hard encryption through Mask R2 to obtain the third KEK (KEK^∧ R3). The above hard encryption process is the third hard encryption process of the embodiment of the present invention, and the third hard encryption process does not expose the KEK plaintext. The hard-encrypted KEK is protected by Mask R3 and stored in Register; the above-mentioned hard encryption includes but not limited to XOR operation, and Mask R2 is a temporarily generated random number.

固件触发物理随机源(TRNG)产生和第二预设数值个MEK，并将产生的MEK输出给协处理器(Engine)；The firmware triggers a physical random source (TRNG) to generate and a second preset number of MEKs, and outputs the generated MEKs to the coprocessor (Engine);

固件触发密钥封装运算，Engine使用KEK^R3作为密钥，每一个MEK作为明文，分别进行带掩码防护的对称加密运算；The firmware triggers the key encapsulation operation, and the Engine uses KEK^R3 as the key, and each MEK as the plaintext, respectively performs the symmetric encryption operation with mask protection;

固件将对称加密运算结果作为加密(Encryped)MEK，从寄存器读出并将所有加密MEK写入OTP存储器中；The firmware uses the result of the symmetric encryption operation as an encrypted (Encrypted) MEK, reads it from the register and writes all encrypted MEKs into the OTP memory;

解封装过程：Decapsulation process:

固件触发密钥解封装开始，主控芯片将第一KEK从OTP装载到RAM，装载过程中首先经过Mask R2进行硬加密，再经过Mask R1进行硬加密，获得第四KEK，硬加密过程不暴露KEK明文。上述硬加密过程为本发明实施例中的第四硬加密，第四硬加密之后的KEK被Mask R2掩码保护，存入RAM；其中，第四硬加密包括但不限于异或运算；The firmware triggers the key decapsulation to start, and the main control chip loads the first KEK from OTP to RAM. During the loading process, it is first hard-encrypted by Mask R2, and then hard-encrypted by Mask R1 to obtain the fourth KEK. The hard-encryption process is not exposed KEK plaintext. The above-mentioned hard encryption process is the fourth hard encryption in the embodiment of the present invention, and the KEK after the fourth hard encryption is protected by Mask R2 mask and stored in RAM; wherein, the fourth hard encryption includes but not limited to XOR operation;

固件触发密钥加载过程，硬件自动将第四KEK从RAM装载到Register，装载过程中首先经过Mask R3进行硬加密，再经过Mask R2进行硬加密，获得第五KEK，硬加密过程不暴露KEK明文。上述硬加密过程为本发明实施例中的第五硬加密，第五硬加密之后的KEK被Mask R3掩码保护，存入Register；其中，第五硬加密包括但不限于异或运算；The firmware triggers the key loading process, and the hardware automatically loads the fourth KEK from RAM to the Register. During the loading process, it is first hard-encrypted by Mask R3, and then hard-encrypted by Mask R2 to obtain the fifth KEK. The hard-encryption process does not expose the KEK plaintext . The above-mentioned hard encryption process is the fifth hard encryption in the embodiment of the present invention, and the KEK after the fifth hard encryption is protected by Mask R3 mask and stored in Register; wherein, the fifth hard encryption includes but not limited to XOR operation;

固件从OTP中读取通过对称加密运算的加密MEK，输出给Engine；The firmware reads the encrypted MEK through the symmetric encryption operation from the OTP, and outputs it to the Engine;

固件触发密钥解封装运算，Engine使用KEK^R3作为密钥，加密MEK作为密文，进行带掩码防护的解密运算；The firmware triggers the key decapsulation operation, Engine uses KEK^R3 as the key, encrypts MEK as the ciphertext, and performs the decryption operation with mask protection;

固件将带R3掩码的解密运算结果从寄存器读出并写入RAM；写入过程中首先经过Mask R2进行硬加密，再经过Mask R3进行硬加密，硬加密过程不暴露MEK明文；上述硬加密过程为本发明实施例中的第六硬加密，第六硬加密之后MEK被Mask R2掩码保护，存入RAM；其中，第六硬加密包括但不限于异或运算。The firmware reads the result of the decryption operation masked with R3 from the register and writes it into RAM; during the writing process, it is first hard-encrypted by Mask R2, and then hard-encrypted by Mask R3. The hard-encryption process does not expose the MEK plaintext; the above-mentioned hard encryption The process is the sixth hard encryption in the embodiment of the present invention. After the sixth hard encryption, MEK is protected by Mask R2 and stored in RAM; wherein, the sixth hard encryption includes but not limited to XOR operation.

根据MEK实际长度，重复第二预设数值次上述解封装处理，直到获得所有的解密的MEK，供后续数据加密过程使用。According to the actual length of the MEK, the above decapsulation process is repeated for a second preset number of times until all decrypted MEKs are obtained for use in the subsequent data encryption process.

本发明应用示例从密钥的生成、存储、使用全过程考虑，为密钥提供全生命周期的安全防护，密钥的生命周期全部在固态硬盘主控芯片的内部，防止物理破解。且生成、存储、使用过程均有掩码保护；本发明实施例第二随机数和第三随机数可以是临时产生的随机数；第二随机数和第三随机数为临时产生的随机数时，每次密钥封装和密钥解封装过程均可以变化，可有效抵抗各种侧信道攻击。本应用示例在实现密钥封装和解封装基本功能的同时，提高了加密固态硬盘的数据安全性。The application example of the present invention considers the whole process of key generation, storage and use, and provides security protection for the whole life cycle of the key. The life cycle of the key is all inside the main control chip of the solid-state hard disk to prevent physical cracking. And the process of generation, storage, and use is protected by a mask; the second random number and the third random number in the embodiment of the present invention can be temporarily generated random numbers; when the second random number and the third random number are temporarily generated random numbers , each key encapsulation and key decapsulation process can be changed, which can effectively resist various side channel attacks. This application example improves the data security of encrypted solid-state drives while realizing the basic functions of key encapsulation and decapsulation.

本领域普通技术人员可以理解，上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中，在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分；例如，一个物理组件可以具有多个功能，或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器，如数字信号处理器或微处理器执行的软件，或者被实施为硬件，或者被实施为集成电路，如专用集成电路。这样的软件可以分布在计算机可读介质上，计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的，术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于RAM、ROM、EEPROM、闪存或其他存储器技术、CD-ROM、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外，本领域普通技术人员公知的是，通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据，并且可包括任何信息递送介质。Those of ordinary skill in the art can understand that all or some of the steps in the methods disclosed above, the functional modules/units in the system, and the device can be implemented as software, firmware, hardware, and an appropriate combination thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical components. Components cooperate to execute. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As known to those of ordinary skill in the art, the term computer storage media includes both volatile and nonvolatile media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, program modules, or other data. permanent, removable and non-removable media. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage, magnetic cartridges, tape, magnetic disk storage or other magnetic storage devices, or can Any other medium used to store desired information and which can be accessed by a computer. In addition, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and may include any information delivery media .