diff options
author | Rob Austein <sra@hactrn.net> | 2020-09-13 23:04:30 +0000 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2020-09-13 23:04:30 +0000 |
commit | b092ffbcbe2c9398494f7dc9db6f0796971633e0 (patch) | |
tree | 6fabf690f1ebf485a9fea9af5298e44ad2a59a3e /raw-wiki-dump/OpenCryptoChip | |
parent | 9d927e49d9c10fc16c6dfa4a2a96cdb6216e4e2b (diff) |
Import Cryptech wiki dump
Diffstat (limited to 'raw-wiki-dump/OpenCryptoChip')
-rw-r--r-- | raw-wiki-dump/OpenCryptoChip | 143 |
1 files changed, 143 insertions, 0 deletions
diff --git a/raw-wiki-dump/OpenCryptoChip b/raw-wiki-dump/OpenCryptoChip new file mode 100644 index 0000000..d924ccf --- /dev/null +++ b/raw-wiki-dump/OpenCryptoChip @@ -0,0 +1,143 @@ +[[PageOutline]]
+
+= An Open Crypto Chip =
+
+== The Layer Cake Architecture Picture ==
+\\
+[[Image(layer-cake.jpg)]]
+
+\\
+\\
+== Use Cases ==
+* RPKI/DNSSEC Signing
+* Transport VPNs
+* Routers and TCP/AO
+* Email
+* Federations, Identity Systems, SSO etc
+* Password Stretching & HMAC:ing
+* PGP and SSH Keys on a Stick
+* High Quality Entropy Randomness
+* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11
+* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages)
+* Password management
+
+[[Image(cryptech venn.png)]]
+
+== Basic Functions of Crypto Chip ==
+* Key Generation
+* Key Storage
+* Key Wrap
+* Key Unwrap
+* Hash
+* Sign
+* M of N Sign
+* Verify Signature
+* Encrypt
+* Decrypt
+* KDFs, e.g. Password Stretching (a la PBKDF2)
+* Random (RO + noisy diode?)
+
+== Key wrapping ==
+We need to support key wrapping. Some pointers:
+
+- https://en.wikipedia.org/wiki/Key_Wrap
+- http://tools.ietf.org/html/rfc5297
+- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf
+- https://tools.ietf.org/html/rfc3394
+- https://tools.ietf.org/html/rfc5649
+
+
+== Things we Should Try To Do, Even if we Can't Do Them Perfectly ==
+* Tamper Protection (wipe on signal, suggest detectors, suggest potting features)
+* Side Channel Attack Reduction
+
+
+
+= Rough Cut at v0.01 Proof of Concept Feature Set =
+As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture
+\\
+\\
+= Ongoing Decisions and Research =
+* Security Target Description
+* Performance Target(s)
+* Tool-Chain Investigation
+* Prototype Design
+* Testing / Assurance Methods for all Components
+* Verilog/RTL assurance, with open source and with proprietary
+* Prototyping Platform(s)
+* Documentation, Decision History, & Transparency
+\\
+\\
+
+= Ongoing Development =
+* [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done.
+* [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"]
+* [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"]
+* [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"]
+
+= v0.1 Major Sub-Projects =
+
+== Security Goals and Documentation ==
+* Agreement
+* Specification
+
+== Development Platform ==
+* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page
+
+* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830
+
+Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"].
+
+* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593
+
+
+== Hardware Development Tools ==
+
+
+== Component Libraries ==
+* Research
+* Select
+* [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use.
+
+== Methods and Validation ==
+* Overall Strategy
+* Following the Tool-Chain
+
+== Detailed Specification ==
+* Feature Set
+
+== QA & Documentation ==
+
+== !Green/Yellow Software Support ==
+* Spec / ABI
+* Development
+* Documentationa and Testing
+
+== Assured Linux Platform ==
+* DDC Compiler
+* System Build
+* Minimal Component Set
+
+= v0.1 Project Timeline =
+
+== February 2014 ==
+* Specification of v0.1 Goals and Feature Set
+* Security Goals & Documentation Outline
+
+== July 2014 ==
+* SHA & AES
+
+== September 2014 ==
+* TRNG
+* Assured Linux Platform - Initial Report
+
+== November 2014 ==
+* Security Goals & Documentation Overall and v0.1
+* RSA Signing on Bunnie Board
+* Assured Linux Platform - Compiler
+
+== March 2015 ==
+* v0.1 Protoype
+
+= Future Development =
+The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"].
\ No newline at end of file |