Hack images, store outputs in git again for now

Easier to track what each script change does if we keep the before and
after versions of the markdown in git too.  Clean this up eventually,
but simplifies development.

1 files changed, 183 insertions, 0 deletions

diff --git a/markdown/OpenCryptoChip.md b/markdown/OpenCryptoChip.md
new file mode 100644
index 0000000..521d19c
--- /dev/null
+++ b/markdown/OpenCryptoChip.md
@@ -0,0 +1,183 @@
+[[PageOutline]]
+
+# An Open Crypto Chip
+
+## The Layer Cake Architecture Picture
+\\
+[[Image(layer-cake.jpg)]]
+
+\\
+\\
+## Use Cases
+
+* RPKI/DNSSEC Signing
+* Transport VPNs
+* Routers and TCP/AO
+* Email
+* Federations, Identity Systems, SSO etc
+* Password Stretching & HMAC:ing
+* PGP and SSH Keys on a Stick
+* High Quality Entropy Randomness
+* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
+* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages)
+* Password management
+
+
+[[Image(cryptech venn.png)]]
+
+## Basic Functions of Crypto Chip
+
+* Key Generation
+* Key Storage
+* Key Wrap
+* Key Unwrap
+* Hash
+* Sign
+* M of N Sign
+* Verify Signature
+* Encrypt
+* Decrypt
+* KDFs, e.g. Password Stretching (a la PBKDF2)
+* Random (RO + noisy diode?)
+
+
+## Key wrapping
+We need to support key wrapping. Some pointers:
+
+
+- https://en.wikipedia.org/wiki/Key_Wrap
+- http://tools.ietf.org/html/rfc5297
+- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
+- https://tools.ietf.org/html/rfc3394
+- https://tools.ietf.org/html/rfc5649
+
+
+
+## Things we Should Try To Do, Even if we Can't Do Them Perfectly
+
+* Tamper Protection (wipe on signal, suggest detectors, suggest potting features)
+* Side Channel Attack Reduction
+
+
+
+
+# Rough Cut at v0.01 Proof of Concept Feature Set
+As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture
+\\
+\\
+# Ongoing Decisions and Research
+
+* Security Target Description
+* Performance Target(s)
+* Tool-Chain Investigation
+* Prototype Design
+* Testing / Assurance Methods for all Components
+* Verilog/RTL assurance, with open source and with proprietary
+* Prototyping Platform(s)
+* Documentation, Decision History, & Transparency
+
+\\
+\\
+
+# Ongoing Development
+
+* [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done.
+* [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"]
+* [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"]
+* [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"]
+
+
+# v0.1 Major Sub-Projects
+
+## Security Goals and Documentation
+
+* Agreement
+* Specification
+
+
+## Development Platform
+
+* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page
+
+
+
+* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830
+
+
+Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"].
+
+
+* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593
+
+
+
+## Hardware Development Tools
+
+
+## Component Libraries
+
+* Research
+* Select
+* [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use.
+
+
+## Methods and Validation
+
+* Overall Strategy
+* Following the Tool-Chain
+
+
+## Detailed Specification
+
+* Feature Set
+
+
+## QA & Documentation
+
+## Green/Yellow Software Support
+
+* Spec / ABI
+* Development
+* Documentationa and Testing
+
+
+## Assured Linux Platform
+
+* DDC Compiler
+* System Build
+* Minimal Component Set
+
+
+# v0.1 Project Timeline
+
+## February 2014
+
+* Specification of v0.1 Goals and Feature Set
+* Security Goals & Documentation Outline
+
+
+## July 2014
+
+* SHA & AES
+
+
+## September 2014
+
+* TRNG
+* Assured Linux Platform - Initial Report
+
+
+## November 2014
+
+* Security Goals & Documentation Overall and v0.1
+* RSA Signing on Bunnie Board
+* Assured Linux Platform - Compiler
+
+
+## March 2015
+
+* v0.1 Protoype
+
+
+# Future Development
+The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"].