Joachim Strömbergson

Bio

Current activities

  • Developing coretest - a core testing framework for FPGAs.
  • Implementation of UART
  • Verification of SHA-256
  • Verification of SHA-1
  • Implementation of AES-128
  • Design proposal for TRNG
  • Design proposal for Curve25519 accelerator

Work Notes

Presentations from meeting 2014-03-10 (updated and extended):

Open EDA Tools

  • http://torc-isi.sourceforge.net/index.php - Torc is an open-source C++ infrastructure and tool set for reconfigurable computing

Curve25519

We need to create an accelerator or possibly a complete implementation of the Curve25519 EC based DH-excgange. We should be able to look at some previous work:

  • http://eprint.iacr.org/2013/375 - NaCl on 8-Bit AVR Microcontrollers. Includes an iterative implementation of Curve25519
  • http://cryptojedi.org/crypto/index.shtml - The code to the implementation
  • http://nacl.cr.yp.to/ - The main NaCl library by DJB.
  • http://cr.yp.to/ecdh/curve25519-20060209.pdf - The Curve25519 paper by DJB.

Pre meeting notes

Stockholm 2013-12-05 - 2012-12-06

Preparation notes for the OpenHSM meeting 2013-12-05 -- 2013-12-06. The notes contains topics, questions and ideas I want to bring up, check and discuss on the meeting.

Philosophy

  • How to build trust in the project?
    • Total openess and transparency
    • Traceability of decisions
    • Focus on simple third party validation
    • Partitioning of security functions

Project goal

  • Low cost vs high performance

  • Scalability

    • Functionality
    • Performance
    • Security

  • Target system

    • Performance

  • Self contained, external

    • USB,
    • Ethernet

  • Integrated

    • PCIe
    • Mem module
    • SD card

  • Target users

    • Single user
    • Enterprise

  • Roadmap and development plan

    • Prototyp - första målplattform
    • Establish first Use cases

  • Deliveries

    • Proof of concept, prototype
    • Self assembly and/or finished product
    • Source code for SW, HW
    • PCB
    • Enclosures
    • Development environment
    • Test, validation environment
    • Tool development

  • Time plan

    • Start when
    • Proto when
    • v 1.0 when

Project management

  • Status financing

  • Ownership

  • Oveerseeing board

    • IETF, ISOC,... ?

  • Advisory board

    • Reviewers, external experts
      • FPGA key extract dude
      • DJB

  • Team

    • Addtiona competency needed?

  • Project security

    • Communication
    • ...

Development general

  • License(s)

    • GPLv2, v3
    • BSD

  • Methodology

    • Agile
    • Minimal functionality in PoC
    • Clear increments

  • Repository

    • Github

Technology

  • Target technologies

    • FPGA (+ internal, external CPUs)
    • ASIC
    • Pure CPU based

  • Target PoC board

    • Select one early

  • Toolchains and languages

    • SW
    • HW
      • Verilog 2001, 2005, SystemVerilog
      • Icarus, gplcver
      • Vendor specific
      • Validation of bitstream
        • Edge of trust, dowm the Rabbit hole

  • Security support in design

    • JTAG
    • BIST for functionality
    • BIST for security
      • KATS

  • On-line self check

    • RNG
      • Pathological problems
        • Stuck at fixed values
        • variance
        • bias

  • Reuse of existing design, code?

    • Cores - OpenCores
      • OpenRISC
      • AES, SHA, RSA
    • SoftHSM - DNSSEC PKCS#11
    • Nettle
    • ...

  • On chip 32-bit or 64 bit CPU core

    • OpenRISC
      • LGPL
      • http://openrisc.net/
      • http://opencores.org/or1k/Main_Page
      • https://en.wikipedia.org/wiki/OpenRISC

  • RNG

    • More than one entropy source
      • Just external sources
        • User/vendor/implemented supplied
      • One external, one internal
        • YubiHSM entropy source: https://www.yubico.com/products/yubihsm/
        • Haveged: http://www.issihosts.com/haveged/
        • DakaRand: http://dankaminsky.com/2012/08/15/dakarand/
        • Jytter a userspace RNG: http://www.chronox.de/
        • CPU Jitter RNG: http://www.chronox.de/
      • CSPRNG based on Linux, OpenBSD, Fortuna, NIST etc.
        • NIST SP 800-90. CTR_DRBG
        • Fortuna https://en.wikipedia.org/wiki/Fortuna_PRNG
          • Schneier, Ferguson. No estimator needed.
        • OpenBSD arc4random: http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=3
      • Raw read access in test mode to collected entropy pre whitening
      • Write access in test mode to CSPRNG
      • No key generation etc allowed during test mode.

Technical requirements

  • Functional requirements

    • TLS 1.x
    • Need roadmap for functions
      • AES, SHA-256, DH, RSA first iteration
    • Why GOST?
    • Why MD5?
    • Curves supported?
      • Curve25519
      • NIST, IEEE, RFC 4xxx

  • HW/SW partitioning

    • Modularity

  • API

    • DMA, buffering, formats
    • PKCS#11
    • Observability and control

  • Security requirements

    • Common Criteria - EAL
    • FIPS 140-2 level 3-4

  • Performance

    • Operations/s
    • Packets per second
    • Latency

Validaiton

  • Methodology

    • Unit tests, KATs

  • Documentation

    • What to document
    • How

  • Reviews

    • Plan for them
    • Who to ask

  • Tools

    • Valgrind, Purify, linters

Documentation

  • Meetings

    • Discussions, MoMs
    • Decisiona - motivation

  • Design

  • Test and validation