| In the era of big data information,ensuring the security of information transmission is particularly critical.The IPSec security protocol provides security protection by encrypting and authenticating information,so it plays an important role in protecting information security.Although the current IPSec protocol only supports international standard algorithms,it also reserves configuration space for supporting national standard cryptographic algorithms.With the deepening of domestic informatization construction,higher requirements are put forward for domestic information security.Therefore,it is of great significance to study the national standard cryptographic algorithms applied to the IPSec security protocol.The thesis designs and implements the reconfigurable authentication and encryption algorithm hardware circuit applied to the national and international standard algorithms of the IPSec protocol,which can support a variety of algorithm modes specified in the IPSec protocol.A high-efficiency and high-speed algorithm scheduling scheme is proposed,and the marginfirst method is adopted to optimize the algorithm scheduling of the IPSec protocol and improve the efficiency of the algorithm module.Four reconfigurable authentication algorithm circuits based on MAC algorithm are designed,including national standard SM3,international standard SHA1,SHA224 and SHA256.Methods such as advance grouping,dynamic expansion,and iterative multiplexing are proposed,and three calculation paths are constructed to realize the iterative operation of the four algorithms.Through the configurable control module,the design of configurable multiplexing circuit is carried out according to different authentication algorithms under national and international standards.Designed a multi-mode reconfigurable encryption circuit that supports the national standard SM4 algorithm and the international standard AES algorithm.Aiming at the similar structure of S-box,a composite domain decomposition technique is proposed to realize a dynamically configurable S-box byte replacement circuit.By adjusting the process,a unified configurable control circuit,an iterative circuit,and a key expansion circuit are constructed to realize a multi-mode reconfigurable encryption circuit that can support ECB,CBC,and CTR through configuration.The software and hardware cooperative comparison method is used to verify the correctness of the circuit function,and the algorithm function test is fully covered by analyzing the test points of the algorithm.Integrate the algorithm module into the hardware circuit that supports the IPSec protocol,verify on the FPGA board on the Intel Stratix10 development board,and successfully communicate with the IPSec protocol stack on the PC side.The overall test of the system shows that the algorithm module supports multiple algorithm combinations of the AH protocol and the ESP protocol,and successfully realizes the message encryption and decryption authentication function.At a frequency of 100 MHz,the maximum throughput rate of its algorithm module can reach 1.28 Gpbs.This design can be applied to the international and national cryptographic algorithm network security processors developed by the IPSec protocol,and can also be directly used in cryptographic chip-related projects to provide communication security protection for individual users and enterprises. |
PDF Full Text Request