pelican/content/Joachim Strömbergson.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340


Title: Joachim Strömbergson
Author: trac
Date: 2016-12-15 22:54
Joachim Strömbergson
Bio
Current activities

Developing coretest - a core testing framework for FPGAs.
Implementation of UART
Verification of SHA-256
Verification of SHA-1
Implementation of AES-128
Design proposal for TRNG
Design proposal for Curve25519 accelerator

Work Notes
Presentations from meeting 2014-03-10 (updated and extended):

Cryptech HW status 2014-03-10
Cryptech TRNG Ideas 2014-03-17

Open EDA Tools

http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing

Curve25519
We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange.  We should be able to look at some previous work:

http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519
http://cryptojedi.org/crypto/index.shtml - The code to the implementation
http://nacl.cr.yp.to/ - The main NaCl library by DJB.
http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB.

Pre meeting notes
Stockholm 2013-12-05 - 2012-12-06
Preparation notes for the OpenHSM meeting 2013-12-05 --
2013-12-06. The notes contains topics, questions and ideas
I want to bring up, check and discuss on the meeting.
Philosophy

How to build trust in the project?
Total openess and transparency
Traceability of decisions
Focus on simple third party validation
Partitioning of security functions


Project goal


Low cost vs high performance


Scalability

Functionality
Performance
Security


Target system

Performance


Self contained, external

USB,
Ethernet


Integrated

PCIe
Mem module
SD card


Target users

Single user
Enterprise


Roadmap and development plan

Prototyp - första målplattform
Establish first Use cases


Deliveries

Proof of concept, prototype
Self assembly and/or finished product
Source code for SW, HW
PCB
Enclosures
Development environment
Test, validation environment
Tool development


Time plan

Start when
Proto when
v 1.0 when


Project management


Status financing


Ownership


Oveerseeing board

IETF, ISOC,... ?


Advisory board

Reviewers, external experts
FPGA key extract dude
DJB


Team

Addtiona competency needed?


Project security

Communication
...


Development general


License(s)

GPLv2, v3
BSD


Methodology

Agile
Minimal functionality in PoC
Clear increments


Repository

Github


Technology


Target technologies

FPGA (+ internal, external CPUs)
ASIC
Pure CPU based


Target PoC board

Select one early


Toolchains and languages

SW
HW
Verilog 2001, 2005, SystemVerilog
Icarus, gplcver
Vendor specific
Validation of bitstream
Edge of trust, dowm the Rabbit hole


Security support in design

JTAG
BIST for functionality
BIST for security
KATS


On-line self check

RNG
Pathological problems
Stuck at fixed values
variance
bias


Reuse of existing design, code?

Cores - OpenCores
OpenRISC
AES, SHA, RSA


SoftHSM - DNSSEC PKCS#11
Nettle
...


On chip 32-bit or 64 bit CPU core

OpenRISC
LGPL
http://openrisc.net/
http://opencores.org/or1k/Main_Page
https://en.wikipedia.org/wiki/OpenRISC


RNG

More than one entropy source
Just external sources
User/vendor/implemented supplied


One external, one internal
YubiHSM entropy source: https://www.yubico.com/products/yubihsm/
Haveged: http://www.issihosts.com/haveged/
DakaRand: http://dankaminsky.com/2012/08/15/dakarand/
Jytter a userspace RNG: http://www.chronox.de/
CPU Jitter RNG: http://www.chronox.de/


CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc.
NIST SP 800-90. CTR_DRBG
Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG
Schneier, Ferguson. No estimator needed.


OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3


Raw read access in test mode to collected entropy pre whitening
Write access in test mode to CSPRNG
No key generation etc allowed during test mode.


Technical requirements


Functional requirements

TLS 1.x
Need roadmap for functions
AES, SHA-256, DH, RSA first iteration


Why GOST?
Why MD5?
Curves supported?
Curve25519
NIST, IEEE, RFC 4xxx


HW/SW partitioning

Modularity


API

DMA, buffering, formats
PKCS#11
Observability and control


Security requirements

Common Criteria - EAL
FIPS 140-2 level 3-4


Performance

Operations/s
Packets per second
Latency


Validaiton


Methodology

Unit tests, KATs


Documentation

What to document
How


Reviews

Plan for them
Who to ask


Tools

Valgrind, Purify, linters


Documentation


Meetings

Discussions, MoMs
Decisiona - motivation


Design

Test and validation