Search

EP-4736364-A1 - MULTI-PART TRANSACTION INTEGRITY PROTECTION AND ENCRYPTION

EP4736364A1EP 4736364 A1EP4736364 A1EP 4736364A1EP-4736364-A1

Abstract

Multi-part transaction integrity protection and encryption is disclosed, including generating, by a first device, a first message authentication code (MAC) for authenticating a plurality of packets of a transaction, the plurality of packets including at least a first packet received from a second device over a data link and a second packet generated by the first device in response to receiving the first packet, wherein the first MAC is generated using data included in the plurality of packets; and sending, by the first device to the second device, the second packet and the first MAC over the data link.

Inventors

  • JOHNS, CHARLES
  • HUNT, GUERNEY
  • AUERNHAMMER, FLORIAN

Assignees

  • International Business Machines Corporation

Dates

Publication Date
20260506
Application Date
20240411

Claims (20)

  1. 1. A method for multi-part transaction integrity protection and encryption, the method comprising: generating, by a first device, a first message authentication code (MAC) for authenticating a plurality of packets of a transaction, the plurality of packets including at least a first packet received from a second device over a data link and a second packet generated by the first device in response to receiving the first packet, wherein the first MAC is generated using data included in the plurality of packets; and sending, by the first device to the second device, the second packet and the first MAC over the data link.
  2. 2. The method of claim 1 , wherein the plurality of packets includes at least one of a request packet and a response packet.
  3. 3. The method of claim 1, wherein the plurality of packets includes a data header packet and one or more data transmission packets.
  4. 4. The method of claim 1 further comprising: receiving, by the first device from the second device, one or more additional packets of the transaction and a second MAC for authenticating the plurality of packets of the transaction including the one or more additional packets; decrypting, by the first device, the one or more additional packets; generating, by the first device, a third MAC for authenticating the plurality of packets of the transaction, including the one or more additional packets, using data included in the plurality of packets; and authenticating, by the first device, the plurality of packets including the one or more additional packets based on a comparison of the second MAC and the third MAC.
  5. 5. The method of claim 1 further comprising: generating, by the first device, an initialization vector (IV) based on a combination of a pre-shared information and information included in the first packet, wherein the IV is used to decrypt data in the first packet.
  6. 6. The method of claim 5, wherein the pre-shared information includes at least one of an IV base and a generation count.
  7. 7. The method of claim 6, wherein one or more commands are used to update at least one of the IV base and the generation count.
  8. 8. The method of claim 5, wherein the information included in the first packet includes at least a tag and a generation identifier for the tag.
  9. 9. The method of claim 1, wherein transactions are reordered by the data link.
  10. 10. The method of claim 1, wherein the data link is a bus.
  11. 11. The method of claim 10, wherein the bus is a compute express link (CXL) bus.
  12. 12. The method of claim 1, wherein the first device is a host processor.
  13. 13. The method of claim 1, wherein the second device is a host processor.
  14. 14. An apparatus for multi-part transaction integrity protection and encryption, the apparatus including a first device coupled to a data link for exchanging packetized data in multipart transactions over the data link with one or more other devices, wherein the first device is configured to: generate, by the first device, a first message authentication code (MAC) for authenticating a plurality of packets of a transaction, the plurality of packets including at least a first packet received from a second device over a data link and a second packet generated by the first device in response to receiving the first packet, wherein the first MAC is generated using data the plurality of packets; and send, by the first device to the second device, the second packet and the first MAC over the data link.
  15. 15. The apparatus of claim 14, wherein the plurality of packets includes at least one of a request packet and a response packet.
  16. 16. The apparatus of claim 14, wherein the plurality of packets includes a data header packet and one or more data transmission packets.
  17. 17. The apparatus of claim 14, wherein the first device is further configured to: receive, by the first device from the second device, one or more additional packets of the transaction and a second MAC for authenticating the plurality of packets of the transaction including the one or more additional packets; decrypt, by the first device, the one or more additional packets; generate, by the first device, a third MAC for authenticating the plurality of packets of the transaction, including the one or more additional packets, using data included in the plurality of packets; and authenticate, by the first device, the plurality of packets including the one or more additional packets based on a comparison of the second MAC and the third MAC.
  18. 18. The apparatus of claim 14, wherein the first device is further configured to: generate, by the first device, an initialization vector (IV) based on a combination of a preshared information and information included in the first packet, wherein the IV is used to decrypt data in the first packet.
  19. 19. The apparatus of claim 18, wherein the pre-shared information includes at least one of an IV base and a generation count.
  20. 20. The apparatus of claim 19, wherein one or more commands are used to update at least one of the IV base and the generation count.

Description

MULTI-PART TRANSACTION INTEGRITY PROTECTION AND ENCRYPTION BACKGROUND Field of the Disclosure [0001] The field of the disclosure is integrity and data encryption, or, more specifically, methods, apparatus, and products for multi-part transaction integrity protection and encryption. Description Of Related Art [0002] The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely complicated devices. Today's computers are much more sophisticated than early systems such as the EDVAC. Computer systems typically include a combination of hardware and software components, application programs, operating systems, processors, microcode, buses, memory, input/output devices, and so on. As advances in semiconductor processing and computer architecture push the performance of the computer higher and higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago. [0003] There are many methods for integrity and data encryption (IDE) of data transferred from one party to another party. These methods are commonly deployed in buses, networks, and other types of links. A transaction is a sequence of requests and responses between two parties on a bus, network, or other type of link. When a transaction is split into multiple parts or phases, conventional encryption and authentication techniques require significant overhead and do not typically work for out-of-order transactions. [0004] Conventional IDE methods typically consist of a packet of data transmitted from a source to a destination. As an example, the following description will employ an Advanced Encryption Standard (AES) with Galois/Counter Mode (AES-GCM) encryption algorithm. The AES specifies a cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information using a shared initialization vector (IV) (i.e., a nonce) and encryption key. Encryption converts plaintext data into an unintelligible form referred to as ciphertext; and decrypting the ciphertext converts the data back into its original form which is referred to as plaintext. AES-GCM provides both authenticated encryption (confidentiality and authentication) and the ability to check the integrity and authentication using a message authentication code (MAC) that is calculated using the plaintext data and the authentication data. [0005] For transmission, the data packet may be first split into plaintext and authentication data. The data packet may then be encrypted using AES-GCM encryption. The resulting ciphertext and authentication data are then transmitted to the destination along with the MAC. The receiver (destination) performs the same encryption method for decryption using the ciphertext received as the plaintext input. The resulting ciphertext is the decrypted data. Finally, the MAC calculated by the receiver is then compared with the MAC received from the source to validate the integrity of the data received. A device monitoring the link may see the authentication data but may not change the authentication data without the change being detected by the MAC check. The plaintext blocks are both encrypted and integrity protected, thus a device monitoring the link can neither see the information in the clear nor change the information without the change being detected. [0006] For a request and response between two parties, conventional methods require the requestor to encrypt the data, calculate a MAC, and send the ciphertext to the destination. The responder receiving the request decrypts the data, calculates a MAC, and compares the MAC to the MAC received from the requestor for validating the integrity of the received data. The responder then generates a response, encrypts the data, calculates a MAC, and sends the ciphertext to the requestor. The requestor receiving the response decrypts the data, calculates a MAC, and compares the MAC to the MAC received from the responder for validating the integrity of the received data. In many cases, the conventional methods are sufficient for protecting the confidentiality (encryption) and integrity (MAC check) for a transaction. However, as is apparent, the transmission of a MAC with each message contributes to a significant amount of traffic on the data link. [0007] When performing transactions across a bus like Compute Express Link (CXL), the transactions are split into multiple phases. In CXL, for example, the CXL. cache protocol allows devices to coherently access and cache host CPU memory with a low latency request/response interface. CXL defines a host-to-device (H2D) channel for messages originating from the host to the target device and a device-to-host (D2H) channel for messages originating from th