Title: Joachim Strömbergson
Author: trac
Date: 2016-12-15 22:54
- Developing coretest - a core testing framework for FPGAs.
- Implementation of UART
- Verification of SHA-256
- Verification of SHA-1
- Implementation of AES-128
- Design proposal for TRNG
- Design proposal for Curve25519 accelerator
- http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing
We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work:
- http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519
- http://cryptojedi.org/crypto/index.shtml - The code to the implementation
- http://nacl.cr.yp.to/ - The main NaCl library by DJB.
- http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB.
Preparation notes for the OpenHSM meeting 2013-12-05 --
2013-12-06. The notes contains topics, questions and ideas
I want to bring up, check and discuss on the meeting.
- How to build trust in the project?
- Total openess and transparency
- Traceability of decisions
- Focus on simple third party validation
- Partitioning of security functions
-
Status financing
-
Ownership
-
Oveerseeing board
-
Advisory board
- Reviewers, external experts
- FPGA key extract dude
- DJB
-
Team
- Addtiona competency needed?
-
Project security
-
License(s)
-
Methodology
- Agile
- Minimal functionality in PoC
- Clear increments
-
Repository
-
Target technologies
- FPGA (+ internal, external CPUs)
- ASIC
- Pure CPU based
-
Target PoC board
-
Toolchains and languages
- SW
- HW
- Verilog 2001, 2005, SystemVerilog
- Icarus, gplcver
- Vendor specific
- Validation of bitstream
- Edge of trust, dowm the Rabbit hole
-
Security support in design
- JTAG
- BIST for functionality
-
BIST for security
-
On-line self check
- RNG
- Pathological problems
- Stuck at fixed values
- variance
- bias
-
Reuse of existing design, code?
- Cores - OpenCores
- SoftHSM - DNSSEC PKCS#11
- Nettle
- ...
-
On chip 32-bit or 64 bit CPU core
- OpenRISC
- LGPL
- http://openrisc.net/
- http://opencores.org/or1k/Main_Page
- https://en.wikipedia.org/wiki/OpenRISC
-
RNG
- More than one entropy source
- Just external sources
- User/vendor/implemented supplied
- One external, one internal
- YubiHSM entropy source: https://www.yubico.com/products/yubihsm/
- Haveged: http://www.issihosts.com/haveged/
- DakaRand: http://dankaminsky.com/2012/08/15/dakarand/
- Jytter a userspace RNG: http://www.chronox.de/
- CPU Jitter RNG: http://www.chronox.de/
- CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc.
- NIST SP 800-90. CTR_DRBG
- Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG
- Schneier, Ferguson. No estimator needed.
- OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3
- Raw read access in test mode to collected entropy pre whitening
- Write access in test mode to CSPRNG
- No key generation etc allowed during test mode.
-
Functional requirements
- TLS 1.x
- Need roadmap for functions
- AES, SHA-256, DH, RSA first iteration
- Why GOST?
- Why MD5?
- Curves supported?
- Curve25519
- NIST, IEEE, RFC 4xxx
-
HW/SW partitioning
-
API
- DMA, buffering, formats
- PKCS#11
- Observability and control
-
Security requirements
- Common Criteria - EAL
- FIPS 140-2 level 3-4
-
Performance
- Operations/s
- Packets per second
- Latency
-
Methodology
-
Documentation
-
Reviews
-
Tools
- Valgrind, Purify, linters
-
Meetings
- Discussions, MoMs
-
Decisiona - motivation
-
Design
- Test and validation