= Joachim Strömbergson = == Bio == == Current activities == * Developing coretest - a core testing framework for FPGAs. * Implementation of UART * Verification of SHA-256 * Verification of SHA-1 * Implementation of AES-128 * Design proposal for TRNG * Design proposal for Curve25519 accelerator == Work Notes == === Presentations from meeting 2014-03-10 (updated and extended): * [browser:/doc/presentations/Cryptech_HW_status_2014-03-10.pdf "Cryptech HW status 2014-03-10"] * [browser:/doc/presentations/Cryptech_TRNG_Ideas_2014-03-17.pdf "Cryptech TRNG Ideas 2014-03-17"] === Open EDA Tools === * http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing === Curve25519 === We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work: * http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519 * http://cryptojedi.org/crypto/index.shtml - The code to the implementation * http://nacl.cr.yp.to/ - The main NaCl library by DJB. * http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB. == Pre meeting notes == === Stockholm 2013-12-05 - 2012-12-06 === Preparation notes for the OpenHSM meeting 2013-12-05 -- 2013-12-06. The notes contains topics, questions and ideas I want to bring up, check and discuss on the meeting. Philosophy ---------- - How to build trust in the project? - Total openess and transparency - Traceability of decisions - Focus on simple third party validation - Partitioning of security functions Project goal ------------ - Low cost vs high performance - Scalability - Functionality - Performance - Security - Target system - Performance - Self contained, external - USB, - Ethernet - Integrated - PCIe - Mem module - SD card - Target users - Single user - Enterprise - Roadmap and development plan - Prototyp - första målplattform - Establish first Use cases - Deliveries - Proof of concept, prototype - Self assembly and/or finished product - Source code for SW, HW - PCB - Enclosures - Development environment - Test, validation environment - Tool development - Time plan - Start when - Proto when - v 1.0 when Project management ------------------ - Status financing - Ownership - Oveerseeing board - IETF, ISOC,... ? - Advisory board - Reviewers, external experts - FPGA key extract dude - DJB - Team - Addtiona competency needed? - Project security - Communication - ... Development general ------------------- - License(s) - GPLv2, v3 - BSD - Methodology - Agile - Minimal functionality in PoC - Clear increments - Repository - Github Technology ---------- - Target technologies - FPGA (+ internal, external CPUs) - ASIC - Pure CPU based - Target PoC board - Select one early - Toolchains and languages - SW - HW - Verilog 2001, 2005, SystemVerilog - Icarus, gplcver - Vendor specific - Validation of bitstream - Edge of trust, dowm the Rabbit hole - Security support in design - JTAG - BIST for functionality - BIST for security - KATS - On-line self check - RNG - Pathological problems - Stuck at fixed values - variance - bias - Reuse of existing design, code? - Cores - OpenCores - OpenRISC - AES, SHA, RSA - SoftHSM - DNSSEC PKCS#11 - Nettle - ... - On chip 32-bit or 64 bit CPU core - OpenRISC - LGPL - http://openrisc.net/ - http://opencores.org/or1k/Main_Page - https://en.wikipedia.org/wiki/OpenRISC - RNG - More than one entropy source - Just external sources - User/vendor/implemented supplied - One external, one internal - YubiHSM entropy source: https://www.yubico.com/products/yubihsm/ - Haveged: http://www.issihosts.com/haveged/ - DakaRand: http://dankaminsky.com/2012/08/15/dakarand/ - Jytter a userspace RNG: http://www.chronox.de/ - CPU Jitter RNG: http://www.chronox.de/ - CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc. - NIST SP 800-90. CTR_DRBG - Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG - Schneier, Ferguson. No estimator needed. - OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3 - Raw read access in test mode to collected entropy pre whitening - Write access in test mode to CSPRNG - No key generation etc allowed during test mode. Technical requirements ---------------------- - Functional requirements - TLS 1.x - Need roadmap for functions - AES, SHA-256, DH, RSA first iteration - Why GOST? - Why MD5? - Curves supported? - Curve25519 - NIST, IEEE, RFC 4xxx - HW/SW partitioning - Modularity - API - DMA, buffering, formats - PKCS#11 - Observability and control - Security requirements - Common Criteria - EAL - FIPS 140-2 level 3-4 - Performance - Operations/s - Packets per second - Latency Validaiton ---------- - Methodology - Unit tests, KATs - Documentation - What to document - How - Reviews - Plan for them - Who to ask - Tools - Valgrind, Purify, linters Documentation ------------- - Meetings - Discussions, MoMs - Decisiona - motivation - Design - Test and validation