From b092ffbcbe2c9398494f7dc9db6f0796971633e0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 13 Sep 2020 23:04:30 +0000 Subject: Import Cryptech wiki dump --- raw-wiki-dump/OpenCryptoChip | 143 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 143 insertions(+) create mode 100644 raw-wiki-dump/OpenCryptoChip (limited to 'raw-wiki-dump/OpenCryptoChip') diff --git a/raw-wiki-dump/OpenCryptoChip b/raw-wiki-dump/OpenCryptoChip new file mode 100644 index 0000000..d924ccf --- /dev/null +++ b/raw-wiki-dump/OpenCryptoChip @@ -0,0 +1,143 @@ +[[PageOutline]] + += An Open Crypto Chip = + +== The Layer Cake Architecture Picture == +\\ +[[Image(layer-cake.jpg)]] + +\\ +\\ +== Use Cases == +* RPKI/DNSSEC Signing +* Transport VPNs +* Routers and TCP/AO +* Email +* Federations, Identity Systems, SSO etc +* Password Stretching & HMAC:ing +* PGP and SSH Keys on a Stick +* High Quality Entropy Randomness +* A Communications Terminal Doing One Thing Well, Like Jabber w/o X11 +* HSM for Pond, OTR identity keys, ssh private keys, etc. (i.e. key gen, store, import/export non X.509 packages) +* Password management + +[[Image(cryptech venn.png)]] + +== Basic Functions of Crypto Chip == +* Key Generation +* Key Storage +* Key Wrap +* Key Unwrap +* Hash +* Sign +* M of N Sign +* Verify Signature +* Encrypt +* Decrypt +* KDFs, e.g. Password Stretching (a la PBKDF2) +* Random (RO + noisy diode?) + +== Key wrapping == +We need to support key wrapping. Some pointers: + +- https://en.wikipedia.org/wiki/Key_Wrap +- http://tools.ietf.org/html/rfc5297 +- http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf +- https://tools.ietf.org/html/rfc3394 +- https://tools.ietf.org/html/rfc5649 + + +== Things we Should Try To Do, Even if we Can't Do Them Perfectly == +* Tamper Protection (wipe on signal, suggest detectors, suggest potting features) +* Side Channel Attack Reduction + + + += Rough Cut at v0.01 Proof of Concept Feature Set = +As a proof of concept, to validate as much as possible the assurance of the tools and methods, and as a demonstration of the project tools, team, and architecture, we have a [wiki:RoughV1 proposed version 0.01 product] as a proof of concept and a demonstration of the project tools, team, and architecture +\\ +\\ += Ongoing Decisions and Research = +* Security Target Description +* Performance Target(s) +* Tool-Chain Investigation +* Prototype Design +* Testing / Assurance Methods for all Components +* Verilog/RTL assurance, with open source and with proprietary +* Prototyping Platform(s) +* Documentation, Decision History, & Transparency +\\ +\\ + += Ongoing Development = +* [wiki:SunetInitialDevelopment "SUNET is sponsoring the first two development steps"] currently being done. +* [wiki:TRNGDevelopment " Investigation and planning of a TRNG with entropy sources"] +* [wiki:EDAToolchainSurvey" Investigation of possible EDA tools and ways to do open and assured HW development"] +* [wiki:SideChannel" Collection about side-channel attacks and detection, mitigation methods"] + += v0.1 Major Sub-Projects = + +== Security Goals and Documentation == +* Agreement +* Specification + +== Development Platform == +* The Bunnie laptop Novena. Includes a Xilinx Spartan 6 LX45 FPGHA. The specs, drivers, source for Novena can be found here: http://www.kosagi.com/w/index.php?title=Novena_Main_Page + +* TerasIC C5G Cyclone 5 GX Starter Kit. Includes an Altera C5GX FPGA. This board is used for core, subsystem development and verification. Info, documentation and ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=167&No=830 + +Here is a writeup on how to [wiki:CoretestHashesC5G "setup and run coretest_hashes on the C5G board"]. + +* TerasIC DE0-Nano board. This tiny, USB powered board is used for core development and verification. Info, documentation, resources, ordering of the TerasIC board can be found here: http://www.terasic.com.tw/cgi-bin/page/archive.pl?Language=English&CategoryNo=139&No=593 + + +== Hardware Development Tools == + + +== Component Libraries == +* Research +* Select +* [wiki:InterconnectStandards "On-chip Interconnect Standards"] to use. + +== Methods and Validation == +* Overall Strategy +* Following the Tool-Chain + +== Detailed Specification == +* Feature Set + +== QA & Documentation == + +== !Green/Yellow Software Support == +* Spec / ABI +* Development +* Documentationa and Testing + +== Assured Linux Platform == +* DDC Compiler +* System Build +* Minimal Component Set + += v0.1 Project Timeline = + +== February 2014 == +* Specification of v0.1 Goals and Feature Set +* Security Goals & Documentation Outline + +== July 2014 == +* SHA & AES + +== September 2014 == +* TRNG +* Assured Linux Platform - Initial Report + +== November 2014 == +* Security Goals & Documentation Overall and v0.1 +* RSA Signing on Bunnie Board +* Assured Linux Platform - Compiler + +== March 2015 == +* v0.1 Protoype + += Future Development = +The v0.1 version of CrypTech is not the last version nor the only possible version. The project for example consider possible [wiki:ASICImplementations "ASIC Implementations"]. \ No newline at end of file -- cgit v1.2.3