| 主权项 |
1. An electronic circuit comprising:
a module configured in hardware and/or firmware that performs cryptographic processing for a predetermined security protocol comprising random number checking, wherein the module accesses a descriptor from system memory, and the module executes the descriptor; and the descriptor for storing a previously-accessed random number, wherein the descriptor includes instructions and descriptor memory for storing the previously-accessed random number, wherein the previously-accessed random number is a random number that the module accessed during a previous execution of the descriptor, and wherein the descriptor instructions include instructions that cause the module to newly access a random number, referred to as a newly-accessed random number, to compare the newly-accessed random number to the previously-accessed random number stored in the descriptor storage, to generate an error signal when the newly-accessed random number and the previously-accessed random number are equal, and to store the newly-accessed random number into the descriptor in system memory, and wherein the module is configured by the descriptor to:
process a stream of Datagram Transport Layer Security packets that arrive in a stream of input frames and associated output frames,generate a number for use as an initialization vector (IV), wherein the IV is a random number exclusive-ORed (XORed) with a mask that is selected from a constant and a last cipherblock from a previous frame, and wherein an options bit is used to configure whether or not the mask is the constant,compare the IV to a previously generated IV previously written to an output frame in a system memory,store the generated IV and a stored IV copy in at least one register,compare the generated IV and the stored IV copy by exclusive-OR (XOR), andflag an error for a zero result of the comparison. |
