summaryrefslogblamecommitdiff
path: root/wiki/OpenCryptoChip.trac
blob: d924ccfcfbf86df7b534b283f66a99480d80c8f2 (plain) (tree)














































































































































                                                                                                                                                                                                                                                                                                                  
[[PageOutline]]

= An Open Crypto Chip =

== The Layer Cake Architecture Picture ==
\\
[[Image(layer-cake.jpg)]]

\\
\\
== Use Cases ==
* RPKI/DNSSEC Signing
* Transport VPNs
* Routers and TCP/AO
* Email
* Federations, Identity Systems, SSO etc
* Password Stretching & HMAC:ing
* PGP and SSH Keys on a Stick
* High Quality Entropy Randomness
* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages)
* Password management

[[Image(cryptech venn.png)]]

== Basic Functions of Crypto Chip ==
* Key Generation
* Key Storage
* Key Wrap
* Key Unwrap
* Hash
* Sign
* M of N Sign
* Verify Signature
* Encrypt
* Decrypt
* KDFs, e.g. Password Stretching (a la PBKDF2)
* Random (RO + noisy diode?)

== Key wrapping ==
We need to support key wrapping. Some pointers:

- https://en.wikipedia.org/wiki/Key_Wrap
- http://tools.ietf.org/html/rfc5297
- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
- https://tools.ietf.org/html/rfc3394
- https://tools.ietf.org/html/rfc5649


== Things we Should Try To Do, Even if we Can't Do Them Perfectly ==
* Tamper Protection (wipe on signal, suggest detectors, suggest potting features)
* Side Channel Attack Reduction



= Rough Cut at v0.01 Proof of Concept Feature Set =
As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture
\\
\\
= Ongoing Decisions and Research =
* Security Target Description
* Performance Target(s)
* Tool-Chain Investigation
* Prototype Design
* Testing / Assurance Methods for all Components
* Verilog/RTL assurance, with open source and with proprietary
* Prototyping Platform(s)
* Documentation, Decision History, & Transparency
\\
\\

= Ongoing Development =
* [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done.
* [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"]
* [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"]
* [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"]

= v0.1 Major Sub-Projects =

== Security Goals and Documentation ==
* Agreement
* Specification

== Development Platform ==
* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page

* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830

Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"].

* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593


== Hardware Development Tools ==


== Component Libraries ==
* Research
* Select
* [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use.

== Methods and Validation ==
* Overall Strategy
* Following the Tool-Chain

== Detailed Specification  ==
* Feature Set

== QA & Documentation ==

== !Green/Yellow Software Support ==
* Spec / ABI
* Development
* Documentationa and Testing

== Assured Linux Platform ==
* DDC Compiler
* System Build
* Minimal Component Set

= v0.1 Project Timeline =

== February 2014 ==
* Specification of v0.1 Goals and Feature Set
* Security Goals & Documentation Outline

== July 2014 ==
* SHA & AES

== September 2014 ==
* TRNG
* Assured Linux Platform - Initial Report

== November 2014 ==
* Security Goals & Documentation Overall and v0.1
* RSA Signing on Bunnie Board
* Assured Linux Platform - Compiler

== March 2015 ==
* v0.1 Protoype

= Future Development =
The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"].