From b092ffbcbe2c9398494f7dc9db6f0796971633e0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 13 Sep 2020 23:04:30 +0000 Subject: Import Cryptech wiki dump --- raw-wiki-dump/Joachim%20Str%C3%B6mbergson | 253 ++++++++++++++++++++++++++++++ 1 file changed, 253 insertions(+) create mode 100644 raw-wiki-dump/Joachim%20Str%C3%B6mbergson (limited to 'raw-wiki-dump/Joachim%20Str%C3%B6mbergson') diff --git a/raw-wiki-dump/Joachim%20Str%C3%B6mbergson b/raw-wiki-dump/Joachim%20Str%C3%B6mbergson new file mode 100644 index 0000000..151b814 --- /dev/null +++ b/raw-wiki-dump/Joachim%20Str%C3%B6mbergson @@ -0,0 +1,253 @@ += Joachim Strömbergson = +== Bio == + + +== Current activities == +* Developing coretest - a core testing framework for FPGAs. +* Implementation of UART +* Verification of SHA-256 +* Verification of SHA-1 +* Implementation of AES-128 +* Design proposal for TRNG +* Design proposal for Curve25519 accelerator + + +== Work Notes == +=== Presentations from meeting 2014-03-10 (updated and extended): +* [browser:/doc/presentations/Cryptech_HW_status_2014-03-10.pdf "Cryptech HW status 2014-03-10"] +* [browser:/doc/presentations/Cryptech_TRNG_Ideas_2014-03-17.pdf "Cryptech TRNG Ideas 2014-03-17"] + +=== Open EDA Tools === +* http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing + + +=== Curve25519 === +We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work: + +* http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519 +* http://cryptojedi.org/crypto/index.shtml - The code to the implementation +* http://nacl.cr.yp.to/ - The main NaCl library by DJB. +* http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB. + + +== Pre meeting notes == + +=== Stockholm 2013-12-05 - 2012-12-06 === +Preparation notes for the OpenHSM meeting 2013-12-05 -- +2013-12-06. The notes contains topics, questions and ideas +I want to bring up, check and discuss on the meeting. + +Philosophy +---------- +- How to build trust in the project? + - Total openess and transparency + - Traceability of decisions + - Focus on simple third party validation + - Partitioning of security functions + + +Project goal +------------ +- Low cost vs high performance + +- Scalability + - Functionality + - Performance + - Security + +- Target system + - Performance + + - Self contained, external + - USB, + - Ethernet + + - Integrated + - PCIe + - Mem module + - SD card + +- Target users + - Single user + - Enterprise + +- Roadmap and development plan + - Prototyp - första målplattform + - Establish first Use cases + +- Deliveries + - Proof of concept, prototype + - Self assembly and/or finished product + - Source code for SW, HW + - PCB + - Enclosures + - Development environment + - Test, validation environment + - Tool development + + - Time plan + - Start when + - Proto when + - v 1.0 when + + + +Project management +------------------ +- Status financing + +- Ownership + +- Oveerseeing board + - IETF, ISOC,... ? + +- Advisory board + - Reviewers, external experts + - FPGA key extract dude + - DJB + +- Team + - Addtiona competency needed? + +- Project security + - Communication + - ... + + +Development general +------------------- +- License(s) + - GPLv2, v3 + - BSD + +- Methodology + - Agile + - Minimal functionality in PoC + - Clear increments + +- Repository + - Github + + +Technology +---------- +- Target technologies + - FPGA (+ internal, external CPUs) + - ASIC + - Pure CPU based + +- Target PoC board + - Select one early + +- Toolchains and languages + - SW + - HW + - Verilog 2001, 2005, SystemVerilog + - Icarus, gplcver + - Vendor specific + - Validation of bitstream + - Edge of trust, dowm the Rabbit hole + +- Security support in design + - JTAG + - BIST for functionality + - BIST for security + - KATS + + - On-line self check + - RNG + - Pathological problems + - Stuck at fixed values + - variance + - bias + +- Reuse of existing design, code? + - Cores - OpenCores + - OpenRISC + - AES, SHA, RSA + - SoftHSM - DNSSEC PKCS#11 + - Nettle + - ... + +- On chip 32-bit or 64 bit CPU core + - OpenRISC + - LGPL + - http://openrisc.net/ + - http://opencores.org/or1k/Main_Page + - https://en.wikipedia.org/wiki/OpenRISC + +- RNG + - More than one entropy source + - Just external sources + - User/vendor/implemented supplied + - One external, one internal + - YubiHSM entropy source: https://www.yubico.com/products/yubihsm/ + - Haveged: http://www.issihosts.com/haveged/ + - DakaRand: http://dankaminsky.com/2012/08/15/dakarand/ + - Jytter a userspace RNG: http://www.chronox.de/ + - CPU Jitter RNG: http://www.chronox.de/ + - CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc. + - NIST SP 800-90. CTR_DRBG + - Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG + - Schneier, Ferguson. No estimator needed. + - OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3 + - Raw read access in test mode to collected entropy pre whitening + - Write access in test mode to CSPRNG + - No key generation etc allowed during test mode. + + +Technical requirements +---------------------- +- Functional requirements + - TLS 1.x + - Need roadmap for functions + - AES, SHA-256, DH, RSA first iteration + - Why GOST? + - Why MD5? + - Curves supported? + - Curve25519 + - NIST, IEEE, RFC 4xxx + +- HW/SW partitioning + - Modularity + +- API + - DMA, buffering, formats + - PKCS#11 + - Observability and control + +- Security requirements + - Common Criteria - EAL + - FIPS 140-2 level 3-4 + +- Performance + - Operations/s + - Packets per second + - Latency + + +Validaiton +---------- +- Methodology + - Unit tests, KATs + +- Documentation + - What to document + - How + +- Reviews + - Plan for them + - Who to ask + +- Tools + - Valgrind, Purify, linters + + +Documentation +------------- +- Meetings + - Discussions, MoMs + - Decisiona - motivation + + - Design + - Test and validation -- cgit v1.2.3