Design of DES encryption system based on TMS320VC5410

Data encryption is to ensure the security of the transmitted information by artificially disturbing the original data according to a certain rule under the control of specific parameters (called keys) to convert it into secret information. The Data Encryption Standard (DES) is the first widely used public cryptographic algorithm for commercial data confidentiality. After its publication and formal implementation, it has become the information security processing standard for many national governments, banks and standard organizations. However, the premise of DES to achieve information confidentiality is the effective management of keys, which requires that the encryption system based on DES must provide reliable and convenient key storage devices. At the same time, in the past 20 years, the performance of DSP processors has been greatly improved, software and development tools have also been developed accordingly, prices have dropped significantly, and applications have become more and more extensive. This article selects TI's TMS320VC54x series DSP, implements the DES encryption algorithm in software, and uses an integrated circuit card as a key storage device. In order to solve the problem of fewer general IO ports on the DSP, it is particularly important to make some special function pins on the DSP chip work in the general input and output pin state. This paper combines the characteristics of DSP's fast computing speed and abundant on-chip resources to study and implement a DSP-based DES encryption system and its communication protocol with the IC card and terminal PC.

1 Introduction to DES algorithm:

As the US national standard encryption algorithm, DES can be used for both encryption and decryption. Its encryption process is mainly divided into three parts, as shown in Figure 1.

First, the input data bit stream is grouped into groups of 64 bits each to obtain the plaintext x, followed by an initial permutation IP, denoted as x0=IP(x)=L0R0 (L0 represents the left 32 bits, R0 represents the right 32 bits); then each group is used as an encryption unit, and LiRi (1≤i≤16) is calculated according to the following rules under the control of 16 subkeys (each subkey is 48 bits long), and 16 rounds of nonlinear transformation are performed:

There are transposition and substitution operations in each round; finally, after an inverse initial permutation IP-1 (the inverse transformation of IP), a set of 64-bit ciphertext is output.

For encryption of files with large data, the chip must have a high processing speed. Due to the needs of confidential communication systems, the system is designed to use IC cards as key storage devices, and uses TI's TMS320VC54x series DSP to implement DES encryption of plain text data from PCs. This solution has fast computing speed, good confidentiality, and high scalability. It is used in confidential data acquisition systems to encrypt signals from data acquisition modules with DES before transmitting them to PCs.

2 System hardware design:

Considering the operation speed, peripheral interface and cost performance, TI's TMS320VC54x series 16-bit fixed-point TMS320VC5410 DSP is selected as the hardware platform for implementing DES encryption. It has low power consumption and outstanding performance, and the maximum clock frequency can reach 100 MHz. In addition, the TMS320VC5410 chip provides 3 multi-channel buffered serial ports (McBSP) that can be set as GPIO interfaces, which is crucial to the design of the peripheral device interface subsystem. In addition to the basic working peripheral circuits of TMS320VC5410 such as the power crystal oscillator module, Flash module and JTAG interface module, the system also mainly includes the following two parts: 1) The interface module between TMS320VC5410 and SLE5542 IC card, which is mainly used for the IC card to transmit the key for data encryption and other user information stored in the card to DSP when the system is working; 2) The communication interface module between DSP and PC host, which is the communication interface between DSP and personal computer, is mainly used for DSP to receive plaintext data and feed back encrypted data to PC.

2.1 McBSP Introduction:

The TMS320VC5410 chip contains three full-duplex multichannel buffered serial ports (McBSP), namely McBSP0, McBSP1 and McBSP2. They can provide full-duplex communication, double-buffered data registers for continuous data flow, independent frames and clocks for receiving and sending, can be directly connected to other device interfaces in the system and can be configured as general-purpose IO ports. The data exchange between McBSP and peripherals is sent through the DX pin and received through the RX pin. The clock and frame signals of the communication are controlled by the CLKX, CLKR, FSX and FSR pins. The control of McBSP by TMS320VC5410 is realized by two 16-bit serial port control registers (SPCR[1, 2]) and the pin control register (PCR). The DSP's CPU or DMA reads the received data from the data receiving register (DRR [1, 2]); when sending, write data to the data sending register (DXR [1, 2]), and after the data is written, it is shifted and output to DX through the transmission shift register (XSR [1, 2]). Similarly, the data received from DR is shifted and stored in the receiving shift register (RSR [1, 2]), and copied to the receiving buffer register (RBR [1, 2]). Then, it is copied from (RBR [1, 2]) to DRR [1, 2]. DRR [1, 2] can be read by the CPU or DMA.

2.2 DSP and IC card connection module:

Siemens SLE5542 card is selected, and its pin definition and function description are shown in Table 1. It is a multi-memory logic encryption card operated by bytes, and the response reset complies with the ISO7816-3 standard. This card has three built-in memories: 32 × 1 bit PROM type protection memory, 256 × 1 bit EEPROM type main memory and 32 × 1 bit EEPROM type encryption memory. The main memory can be erased and used repeatedly, operated by bytes, and is divided into a protection data area and an application data area. There is no restriction on reading, but the erasure and writing of the application data area are protected by the password and password counter in the encryption memory.

Table 1 SLE5542 pin definition and function description

The IC card connection circuit is shown in Figure 2.

In order to improve the utilization of hardware and solve the problem of fewer general IO ports on the DSP chip, this system design configures McBSP1 as a module that realizes communication with IC cards through IO ports. Since the DX pin in McBSP can only be configured as a general output pin, and the DR pin can only be configured as a general input pin, it is not convenient to program the control of the pin status. Therefore, the four pins FSR1, CLKR1, CLKX1, and FSX1 of McBSP1 are selected in the hardware circuit of DSP reading and writing cards. They can all be configured as general I/O pins through the 16-bit pin control register (PCR). The FSR1 pin controls the power-on and power-off of the SLE5542 card through the CD4066 switching power supply chip; CLKR1 is connected to the RST contact of the card, and the high and low level states of the pin are changed when the card is reset; the CLKX1 pin is connected to the clock contact CLK of the IC card, and the high and low changes of the pin state provide a clock signal for the normal operation of the card; FSX1 is connected to the card data I/O contact, responsible for the transmission of read and write command words and user useful data between the DSP and the IC card. Note that the CLKX1 and FSX1 pins must be connected to pull-up resistors, and the input or output state of the FSX1 configuration must be determined according to the data flow between the DSP and the IC card.

In order to make the relevant pins of McBSP1 work in the general I/O state required by the system, first set the RRST bit in the serial port control register SPCR1 and the XRST bit in SPCR2 to '0' to reset the serial port and prohibit serial port operations. Then set the XIOEN and RIOEN in the pin control register PCR to '1' to make the receiving and transmitting pins of the serial port work in the general I/O mode; in addition, set the FSRM, CLKXM and CLKRM bits to '1' to make the FSR1, CLKX and CLKR pins as general output pins, and store the values ​​to be output in the FSRP bit, CLKXP and CLKRP in PCR respectively; the setting of the FSXM bit needs to be determined according to the specific situation during communication.

2.3 DSP and PC communication module design:

In the system design, McBSP0 is selected as the channel for TMS320VC5410 to receive plaintext data from the external PC and output ciphertext, and the encrypted and decrypted data is transmitted directly between the PC's RS232 asynchronous serial port and TMS320VC5410. This method realizes serial duplex communication between PC and DSP through software. Its hardware design is simple and does not occupy too much CPU time, and can achieve high-speed data transmission.

RS232 asynchronous serial port uses negative logic to transmit data, with 10 V voltage state representing data '0' and -10 V voltage state representing data '1'; while DSP IO port uses 3.3 V to represent high level '1' state or no data transmission, and 0 V to represent low level '0' state. Therefore, in order to make the multi-channel buffered serial port of TMS320VC5410 communicate with the RS232 interface, a level conversion circuit is required. This article uses MAXIM's MAX232 level converter, as shown in Figure 3.

[page]

3 System software design:

TI's CCS (Code Composer Studio) was selected as the development and debugging tool for the encryption system software design, and the software design was completed using a mixed programming mode of C language and assembly language. Since C language programming is easy to read, maintain, communicate and has good portability, C language is used to complete the main framework design of the entire program. Assembly instructions are used in places where time requirements are more stringent or where the code running efficiency has a greater impact.

3.1 DSP IC card reading software implementation:

3.1.1 McBSP1 serial port configuration:

When the card is inserted into the card holder, the status switch is turned on, and the indicator light on the circuit board is on to indicate that the card is in place, and the card reading status flag in the DSP memory is set to '1'. TMS320VC5410 starts to initialize McBSP1, making it work in the general IO port state, and uses sub-address addressing to configure registers such as SPCR11 (mapped address is 0049h, sub-address is 00h), SPCR12 (sub-address is 01h) and PCR1 (sub-address is 0Eh). The configuration code is as follows:

SPCR11 = 0x0000;

SPCR12 = 0x0000;

PCR1 = 0x3F00;

At this time, FSR1, FSX1, CLKR1 and CLKX1 are all used as general output pins. Set the FSRP bit in PCR to '0', PCR1&= 0xFFFB; then the card VCC contact level is low, and the card is in power-off state; through the statement PCR1|= 0x0004, set the FSR1 pin high to power on the card.

Since the FSX1 pin of DSP is connected to the data I/O contact of the card, the FSX1 pin is required to have the function of bidirectional transmission, but the pin can only be in one state of input or output at the same time. Therefore, the following two macros are defined to realize the change of the pin between input and output states.

#define set_IOout () SPSA1=PCR1; SPSD1|=0x0800; FSX1 pin is in output state

#define set_IOin () SPSA1=PCR1; SPSD1&=0xF7FF; FSX1 pin is in input state

3.1.2 Reset and reset response:

When the DSP detects that the card reading status bit is '1', the card is powered on, CLK and RST remain in state L, and the card reading program is started to read the key stored in the card into the memory. First, the SLE5542 card is reset according to the ISO7816-3 standard. The reset can occur at any time during the operation. After that, the RST line is placed in the H state and maintained for at least 15 μs. During the transition of the RST state from high level to low level, CLK provides a clock pulse, the address counter in the card is cleared, and the I/O pin outputs the first bit of valid data, which can be regarded as a reset response [5]; under the action of 31 consecutive clock pulses thereafter, the 32-bit header data in the first 4 addresses in the main memory are read out; the next clock pulse causes the I/O pin to become a high-impedance state, at which time the card reset and reset response are completed.

3.1.3 DSP card reading main program design:

Figure 4 shows the design of the main program for DSP to read IC cards. After the card resets and responds, it is in a state of waiting for instruction input. Each instruction of SLE5542 consists of a control byte, an address byte, and a data byte, and the transmission starts from the lowest bit of the control byte. After the control byte is transmitted, the address byte and the data byte are transmitted in sequence, all with the low bit first. The transmission of each instruction starts with a Start condition (when the clock signal is in a high level state, a falling edge is sent to the card IO port through the DSP) and ends with a Stop condition (when the clock signal is in a high level state, a rising edge is sent to the card IO port through the DSP). Depending on the function of the instruction, SLE5542 may be in data output mode (DSP card reading) or internal processing mode (DSP card writing) after receiving it.

After sending the card read command and the address of the content to be read (N=0, ..., 255) through TMS320VC5410, the card will move the data in the main memory to the I/O pin bit by bit under the action of the CLK signal and send it to the DSP memory. After the data is read, an additional clock signal will make the I/O pin become a high-impedance state, and the card will exit the output mode and wait for new instructions. The Break condition (when CLK is low, change the RST signal from low level to high level state) can also be used to end this operation.

Figure 5 shows the debugging result of the SLE5542 card reader program by TMS320VC5410. In order to verify the realization of the card reading function, the system reads all the bytes in the card. The first 8 bytes are 'A2131091FFFF8115', which is the manufacturer's ID of the IC card; the 13 bytes at addresses 8 to 20 are all 'FF', which is the write protection area; addresses 21 to 26 are 6 bytes of user code 'D27600000400', followed by another 5 bytes of write protection area; the data from addresses 32 to 255 is the user data area, and the encryption system key and other user information can be stored in these addresses.

3.2 PC communication software design:

3.2.1 Initialization configuration of McBSP0:

First, set the RRST and XRST bits to '0' through SPCR10 = 0x0000, SPCR20 = 0x0000 to reset the serial port. Set PCR0 = 0x0B0C; the sampling rate is generated by the DSP internally, the receiving and sending frame synchronization signals are low effective, and the rising edge of the clock sends data and the falling edge receives data. Secondly, set the DSP serial port receiving mode through the receiving control register RCR10 (subaddress is 02h) and RCR20 (subaddress is 03h), set RCR10 = 0x0940; RCR20 = 0x0004; the receiving frame length is 10 words, each word is 16 bits, and other frame synchronization signals except the first frame synchronization are ignored. The DSP serial port transmission mode is set through the transmission control register XCR10 (subaddress 04h) and XCR20 (subaddress 05h), and XCR10 = 0x0940; XCR20 = 0x0004; so that the data transmission and reception modes are consistent. In addition, the sampling rate generator control register SRGR10 (subaddress 06h) and SRGR20 (subaddress 07h) control the working mode of the sampling rate generator. In this system, the serial port working baud rate of the PC is selected as 38400, and the sampling rate generator calculation formula is:

CLKGDV = CPU operating frequency / (16 × baud rate) - 1

Since the operating frequency of TMS320VC5410 is 100 MHz, CLKGDV=100 000 000/(16×38 400)-1=161, set SRGR1=0x00A1, SRGR2=0x2000; finally, enable the serial port through SPCR1=0x0001, SRGR2=0x2000, and it is in an operational state. The initialization configuration of McBSP0 is completed.

3.2.2 Unification of data formats

DSP receives external PC data through McBSP0 in interrupt mode.

In order to unify the data format when the synchronous serial port of TMS320VC5410 communicates with the asynchronous serial port of PC, a 16-bit word of McBSP is equivalent to 1 bit of 8N1 mode data (1 start bit + 8 data bits + 1 stop bit) transmitted by the PC serial port. Every time the PC serial port sends 1 bit of data, the DSP samples 16 times and temporarily stores it in the data receiving register DRR10 (address 21h). For example, if the data transmitted by the PC through the RS232 serial port is '1', then DRR10 receives a word of data after 16 samplings, which is 'FFFFh'. Similarly, if the former is followed by '0', the latter is '0000h'. After that, the McBSP0 serial port receiving interrupt is triggered, and the DSP executes the interrupt service program to take the valid data (excluding the start bit and stop bit) in DRR10 to the memory and add 1 to the counter. After receiving a complete frame, DSP sets the serial port data decoding flag to '1', and starts running the decoding program, converting 'FFFFh' and '0000h' to a bit '1' and '0' respectively, thereby restoring the original data frame.

After the DSP completes the encryption of the received data, it needs to feedback and output. The process of sending the serial port data of TMS320VC5410 to the PC is exactly the opposite of the process of receiving data. Each frame of data needs to be serially encoded and then sent through the data transmission register DXR10 (address 23h). That is, the '0' in the 8-bit valid data is encoded as '0000h', and the '1' is encoded as 'FFFFh'. The encoded data is rearranged in the order from low to high, and the start bit '0000h' and the end bit 'FFFFh' are added at the beginning and end of the frame respectively, and each group of 10 data is sent as a frame signal.

Figure 6 shows the experimental results of the encryption system designed in this paper. The hexadecimal form of the character '11112222' sent through the PC and RS-232 serial port is '3131313132323232', a total of 64 bits. After TMS320VC5410 receives the 64-bit plaintext data, it reads the 64-bit key '3100000000000031' in the IC card and encrypts the plaintext with DES. The hexadecimal form of the output ciphertext is '9*66D*DE9A2D'. The results show that the system works stably and reliably and meets the design requirements.

4 Conclusion

This paper uses SLE5542 IC card to store keys. The McBSP pins in TMS320VC5410 are connected to the card contacts to realize the card response reset and content reading. At the same time, it exchanges data with a personal PC in real time through the RS232 serial port, receives the plain text sent by the PC, encrypts it with DES and then feeds it back.

Since the working mechanism of McBSP is synchronous serial port, when using it as general I/O port and asynchronous serial port, attention must be paid to the setting of internal registers and the setting of input and output direction. After software and hardware debugging, the experimental results show that this scheme can fully meet the encryption of large amounts of data, reasonably use hardware resources, and can be further upgraded and expanded as an encryption module for data acquisition security system.