Title: Joachim Strömbergson Author: trac Date: 2016-12-15 22:54 # Joachim Strömbergson ## Bio ## Current activities * Developing coretest - a core testing framework for FPGAs. * Implementation of UART * Verification of SHA-256 * Verification of SHA-1 * Implementation of AES-128 * Design proposal for TRNG * Design proposal for Curve25519 accelerator ## Work Notes ### Presentations from meeting 2014-03-10 (updated and extended): * [Cryptech HW status 2014-03-10](https://git.cryptech.is/doc/presentations.git/tree/Cryptech_HW_status_2014-03-10.pdf) * [Cryptech TRNG Ideas 2014-03-17](https://git.cryptech.is/doc/presentations.git/tree/Cryptech_TRNG_Ideas_2014-03-17.pdf) ### Open EDA Tools * http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing ### Curve25519 We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work: * http://eprint.iacr.org/2013/375 - [NaCl]({filename}NaCl.md) on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519 * http://cryptojedi.org/crypto/index.shtml - The code to the implementation * http://nacl.cr.yp.to/ - The main [NaCl]({filename}NaCl.md) library by DJB. * http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB. ## Pre meeting notes ### Stockholm 2013-12-05 - 2012-12-06 Preparation notes for the OpenHSM meeting 2013-12-05 -- 2013-12-06. The notes contains topics, questions and ideas I want to bring up, check and discuss on the meeting. Philosophy ---------- - How to build trust in the project? - Total openess and transparency - Traceability of decisions - Focus on simple third party validation - Partitioning of security functions Project goal ------------ - Low cost vs high performance - Scalability - Functionality - Performance - Security - Target system - Performance - Self contained, external - USB, - Ethernet - Integrated - PCIe - Mem module - SD card - Target users - Single user - Enterprise - Roadmap and development plan - Prototyp - första målplattform - Establish first Use cases - Deliveries - Proof of concept, prototype - Self assembly and/or finished product - Source code for SW, HW - PCB - Enclosures - Development environment - Test, validation environment - Tool development - Time plan - Start when - Proto when - v 1.0 when Project management ------------------ - Status financing - Ownership - Oveerseeing board - IETF, ISOC,... ? - Advisory board - Reviewers, external experts - FPGA key extract dude - DJB - Team - Addtiona competency needed? - Project security - Communication - ... Development general ------------------- - License(s) - GPLv2, v3 - BSD - Methodology - Agile - Minimal functionality in PoC - Clear increments - Repository - Github Technology ---------- - Target technologies - FPGA (+ internal, external CPUs) - ASIC - Pure CPU based - Target PoC board - Select one early - Toolchains and languages - SW - HW - Verilog 2001, 2005, [SystemVerilog]({filename}SystemVerilog.md) - Icarus, gplcver - Vendor specific - Validation of bitstream - Edge of trust, dowm the Rabbit hole - Security support in design - JTAG - BIST for functionality - BIST for security - KATS - On-line self check - RNG - Pathological problems - Stuck at fixed values - variance - bias - Reuse of existing design, code? - Cores - [OpenCores]({filename}OpenCores.md) - OpenRISC - AES, SHA, RSA - SoftHSM - DNSSEC PKCS#11 - Nettle - ... - On chip 32-bit or 64 bit CPU core - OpenRISC - LGPL - http://openrisc.net/ - http://opencores.org/or1k/Main_Page - https://en.wikipedia.org/wiki/OpenRISC - RNG - More than one entropy source - Just external sources - User/vendor/implemented supplied - One external, one internal - YubiHSM entropy source: https://www.yubico.com/products/yubihsm/ - Haveged: http://www.issihosts.com/haveged/ - DakaRand: http://dankaminsky.com/2012/08/15/dakarand/ - Jytter a userspace RNG: http://www.chronox.de/ - CPU Jitter RNG: http://www.chronox.de/ - CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc. - NIST SP 800-90. CTR_DRBG - Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG - Schneier, Ferguson. No estimator needed. - OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3 - Raw read access in test mode to collected entropy pre whitening - Write access in test mode to CSPRNG - No key generation etc allowed during test mode. Technical requirements ---------------------- - Functional requirements - TLS 1.x - Need roadmap for functions - AES, SHA-256, DH, RSA first iteration - Why GOST? - Why MD5? - Curves supported? - Curve25519 - NIST, IEEE, RFC 4xxx - HW/SW partitioning - Modularity - API - DMA, buffering, formats - PKCS#11 - Observability and control - Security requirements - Common Criteria - EAL - FIPS 140-2 level 3-4 - Performance - Operations/s - Packets per second - Latency Validaiton ---------- - Methodology - Unit tests, KATs - Documentation - What to document - How - Reviews - Plan for them - Who to ask - Tools - Valgrind, Purify, linters Documentation ------------- - Meetings - Discussions, [MoMs]({filename}MoMs.md) - Decisiona - motivation - Design - Test and validation