cryptech - ietf datatracker
Post on 08-May-2022
3 Views
Preview:
TRANSCRIPT
CrypTech
2015.07.23 Praha
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 1
Origins • This effort was started at the suggestion of
Russ Housley, Jari Arkko, and Stephen Farrell of the IETF, to meet the assurance needs of supporting IETF protocols in an open and transparent manner.
• But this is NOT an IETF, ISOC, ... project, though both contribute. As the saying goes, “We work for the Internet.”
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 2
Goals • An open-source reference design for
HSMs, not a manufactured product
• Scalable, first cut in an FPGA and CPU, plan higher speed (ASIC)options later
• Composable, e.g. “Give me a key store and signer suitable for DNSsec”
• Reasonable assurance by being open, diverse design team, and an increasingly assured tool-chain
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 3
CrypTech Project • An Open Design, not a Product
• Open – everything (docs, design, code)
• BSD, CC license for all we develop
• Diverse engineers and review
• Support for transparency, testing, …
• Multiple contributors: IETF, Comcast, Google, .SE, SUNET, PIR, ISOC, Afilias, RIPE, IANA, Cisco, etc.
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 4
Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Diverse Engineering Verilog Göteborg & Moscow Hardware Adaption Layer (HAL) in Boston Software, PKCS#11, … from Boston TRNG advice from Germany and States Hardware Design & Build from Stockholm DNSsec from Göteborg & Stockholm Engineering coordination from Tokyo
150723CrypTech 5 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
150723CrypTech 6 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
150718 CrypTech 7 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
FPGA (ASIC) Hashes: SHA*/MD5/GOST Encrypt: AES/Camellia PublicKey RSA/ECC/DSA, Block Crypto Modes
TRNG, BigNum, Modular Exponentiation
On-Chip Core(s) KeyGen/Store, Hash, Sign, Verify, Encrypt, Decrypt, DH, ECDH,
PKCS#1/5/8, [Un]Load, Stretching, Device Activation/Wipe
Off-ChipSupport Code X.509/PGP/… Packaging, PKCS#7/10/11/15, Backup
Applications DNSSEC, RPKI, PGP, VPN, OTR, random, TCP/AO, …
Security Boundary
& Tamper Power Timing
Layer Cake Model
7 7 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Novena Spartan ‘Laptop’
FPGA
ARM
150718 CrypTech 8 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 8
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Entropy Noise Board
9 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Alpha Board Blocks
150718 CrypTech 10 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 10
Alpha Board EOY 2015
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 11
CPUARM Cortex-M4
STM32F429BIT6208-PIN LQFP
FPGA
Xilinx Artix-7 200TFBG484-3
Layout compatible withFGG484
Cryptech Alpha BoardRev 0.0102015-05-27 (JoachimS)
Tamper Detect MCUAtmel AVR @ 20 MHzClocked using internal
oscillator
AT Tiny 828R-AYTQFP-32
SDRAM 64 MbitISSI IS42S16400J
TSOP
USB-UARTinterface
FT232H LQFP48
USB-UARTinterface
FT232H LQFP48
On boardPower Suppy
block
DCconnector
USBconnector
USBconnector
12V5V3V3
2V5
3V1V2
1V37
5
12-1
9V D
C2.
5A ty
pM
ax 3
A pe
ak @
12V
MicroSD Card2 GByte
4-bit MMC
Keystore memSerial Flash
At least 64 Mbit
SPI
Real Time ClockMicrochip
MCP79412TSSOP
I2C
CPULEDs
4 G
PIO
s
8 GPIOsCPU
GPIOsCPUJTAG
Tamper eventsto CPU
TamperJTAG
2GPIOs
JTAG
JTAG
TamperLEDs
4 GPIOs
FMC SRAM IF @ 45-90 MHz
32 bit data bus26 bit separate address bus
FPGA Events
4 GPIOs
TamperGPIOs
8 GPIOs
CPU - Tamperserial port
via jumpersto disable
Rx, Tx2 wire UART or 2 GPIOs
3V31 GPIO
Tamper button
Tamper eventsto FPGA
2GPIOs
3V3TamperPower Supply
can be replacedby power fromPSU by setting
jumper
FPGA LEDs4 + 8 GPIOs
FPGA GPIOs8 GPIOs
Xilinx Platform CableJTAG
Master KeyMemory
8 kByteSerial SRAM
Microchip23A640 8TSSOP
Analog Switch
OnSemiMC14551B
FPG
A M
KM S
PI
MISO can bepulled low by setting
jumper
Switch control
MKM Tamper SPI
1 GPIOMKM Tamper power control
1V8
MKM power supply can beconnected to PSU by
Setting jumperMKM
Battery1V8
FPGAConfig mem
Analog Switch
OnSemiMC14551B
CPU FPGA Config Mem SPI
CPU FPGA Config Mem Switch Control
SPI
1 GPIO
SPI from CPU to FPGAConfig Mem
and control of switchcan be disabled byremoving jumpers
SPI
SPI
SPI
1V8Write Enable ofConfig Mem
can be disabled byremoving jumper
CryptechAvalanche
noiseblock
FPGAresetblock
FPGAclock
source@ 50 MHz
CPU FPGA Reset
1 GPIO
Reset of FPGA by CPUcan be disabled byremoving jumper
Noise1 GPIO
Reset_n
FPGA clk
12V must be stable,low noise since itfeeds the noise
source.
UARTUART
USB 2.0USB 2.0
SPI
3VBattery
32.768 kHzCrystal
CPUreset block
CPUclock
source
CPUreset block
FPGA chip select and clock
32 bit data bus26 bit address bus
SDRAM 512 MbitISSI IS45S32160F
TSOP-II
One chip for each of thetwo SDRAM interfaces
SDRAM control foreach SDRAM IF
USART with ISO 7816-3
I2C
Interfaces for possibleSmart Card readerand display/controlon separate board
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
150718 CrypTech 12 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Bridge Board
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 12
150718 CrypTech 13 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
PKCS#11
Entropy (noise board)
Hashes (SHA-1/256/512, SHA-3, GOST) Symmetric (AES, ChaCha)
Entropy (Ring Oscillators)
CSPRNG (ChaCha) Mixer (SHA-512)
Entropy Provider Sensing
TRNG Control & Test
ModExp / BigNum
AES Key-Wrap, CRT, ...
FPGA
ARM RSA Sign & Verify
Ethernet / USB
Applications (DNSsec, RPKI, ...) Off Board
Core Selector and Interface
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 13
General Core Design l Plain Verilog 2001 compliant RTL code l FPGA vendor and FPGA/ASIC agnostic design
- No explicitly instantiated technology specific macros
l All cores are independent co-processors - Cores do not share resources - Load data and configure, start core and wait for ready signal
l 32-bit memory like interface - Implemented by core wrapper - API structured similarly for all cores
l The real functionality is in _core.v and its sub modules
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 14 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 14
General Core Structure
foo_core.v
mux
and
hold- regs
foo.v
clk reset_n
read_data
write_data
address
cs
write_data
we
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 15 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 15
API Example ADDR_NAME0 = 8'h00; ADDR_NAME1 = 8'h01; ADDR_VERSION = 8'h02; ADDR_CTRL = 8'h08; CTRL_INIT_BIT = 0; CTRL_NEXT_BIT = 1; ADDR_STATUS = 8'h09; STATUS_READY_BIT = 0; STATUS_VALID_BIT = 1; ADDR_BLOCK0 = 8'h10; ... ... ADDR_BLOCK15 = 8'h1f; ADDR_DIGEST0 = 8'h20; ... ... ADDR_DIGEST7 = 8'h27;
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 16 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 16
Core Selector l Current version hard coded for the use
case l Next version auto generated - Generate Verilog based on config
l Instantiate types and number of instances of cores
- SW support for discovery of cores in a given FPGA bitstream
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 17 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 17
Cryptech FPGA system
Core 0
Core 1
Core n
core select
system IF
Possible clock boundary
Platform independent Cryptech HW system
Platform specific Cryptech HW/SW
interface
noise input
FPGA
Interface to CPU
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 18 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 18
Core Walk Through
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 19 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 19
SHA1 l Implements SHA-1 as specified in FIPS
180-2
l Iterative, one cycle/round - 82 cycles/block with setup and finish
l Block expansion (W mem) implemented using sliding window with 16 separate 32-bit registers
l Testbenches for w_mem, core and top level - Using NIST test vectors
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 20 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 20
SHA256 l Implements SHA-256 as specified in
FIPS 180-4
l Iterative, one cycle/round - 66 cycles/block with setup and finish
l Block expansion (W mem) implemented using sliding window with 16 separate 32-bit registers
l Testbenches for w_mem, core and top level - Using NIST test vectors
l Heavily tested with SW on the Novena
l Used for DNSSEC
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 21 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 21
SHA512 l Implements SHA-512/x (FIPS 180-4)
- Including SHA-512/224, SHA-512/256, SHA-512/384 and SHA-512
l Iterative, one cycle/round - 82 cycles/block with setup and finish
l Block expansion (W mem) implemented using sliding window with 16 separate 64-bit registers
l Support for work factor processing with up to 2**32-1 iterations/block
l Testbenches for w_mem, core and top level - Using NIST test vectors
l Heavily tested with SW on the Novena l Used in Cryptech as mixer in the TRNG
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 22 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 22
AES (1)
l As specified in FIPS 197 - Support for 128 and 256 bit keys
l Iterative, four cycles/round - 42 cycles/block with setup and finish
for AES-128 - 58 cycles/block with setup and finish
for AES-256
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 23 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 23
AES (2) l Key expansion performed before any block
processing - 10 cycles for 128 bit keys, 14 cycles for 256 bit
keys
l Separate encipher and decipher data paths - Decipher can be removed for use cases where only
encipher is needed (CTR mode etc) - Encipher and decipher share key expansion
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 24 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 24
AES (3) l Four sbox ROMs - Shared between encipher data path and key
expansion
l Testbenches for key expansion, data paths, core and and top level - Using NIST test vectors and vectors by
Sam Trenholme (http://www.samiam.org/key-schedule.html)
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 25 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 25
AES (4)
l Heavily tested with SW on the Novena
l Used in Cryptech to implement AES Key Wrap (RFC 5649, https://tools.ietf.org/html/rfc5649)
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 26 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 26
ChaCha (1) l Implements the ChaCha stream cipher - http://cr.yp.to/chacha/chacha-20080128.pdf - Support for 128 and 256 bit keys - Support for up to 32 rounds - Support for settable 64-bit initial counter value
l Iterative, two cycles/double round - 42 cycles/block with setup and finish for
ChaCha20
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 27 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 27
ChaCha (2) l Testbenches for core and top level - Using DJB test vectors and generated test
vectors for draft https://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-00
l Used in Cryptech as CSPRNG in the TRNG - With 256 bit key and 24 rounds - Key, block, IV and initial counter as seed
150718 CrypTech 28 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 28
TRNG
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 29 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 29
TRNG (1) l Sub system using multiple cores - avalanche noise entropy provider core - ring oscillator entropy provider core - SHA512 core used as entropy mixer - ChaCha core used as CSPRNG
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 30 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 30
TRNG (2) l Modular architecture - Support for adding more entropy sources - Support for replacing SHA512 in mixer and ChaCha
in CSPRNG with other cores
l Support for observability and testing and of all parts and output - Extract raw noise and entropy from the sources - Inject test vectors and extract results to allow
verification of functionality - Planned support for on-line testing and alarms for
entropy sources and CSPRNG 150718 CrypTech 31 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 31
TRNG (3) l Scalable performance and security - Number of rounds (default 24) can be
configured via API - Reseed frequency settable and can be
forced via API - Can generate ~500 Mbps @50 MHz clock
frequency - Can instantiate multiple ChaCha cores
(seeded separately) to scale performance to multiple Gbps performance
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 32 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 32
TRNG (4) l Tested using ent, diehard, dieharder
and several custom tools - TBytes of data generated and tested
so far - Test server that provides public
access to continiously generated data being setup
150718 CrypTech 33 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 33
150723CrypTech 34 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Avalanche Noise Board
150718 CrypTech 35 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Noise Generation
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 35
Raw noise
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 36
Amplified (yellow)
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 37
Digitized (yellow)
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 38
Twitterized explanation • To combat component ageing, measure
time between flanks, use LSB of time delta as entropy. Do whitening.
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 39
Avalanche Entropy (1)
l Entropy provider using external noise source - Used with the Cryptech Avalanche noise
source - Noise digitized by board using a schmitt-
trigger and provided as single bit stream
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 40 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 40
Avalanche Entropy (2)
l Measures time (cycles) between positive flanks on noise source - LSB from cycle counter used as
entropy bit - 32 consecutive bits provided as
entropy data to consumer (mixer)
150718 CrypTech 41 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 41
Avalanche Entropy (3) l Heavily tested using ent, several custom
tools - Good confidence that the entropy provided
has good quality - Long term stability needs to be evaluated
(and being worked on)
l ~10 kbps data rate
150718 CrypTech 42 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 42
Adder based Ring Oscillator
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 43 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 43
ROSC Entropy (1) l Entropy provider using internal
jitter source - Using a novel adder based ring
oscillator (ROSC) suitable for FPGA implementation. - Designed by Bernd Paysan - ~2 kbps data rate
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 44 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 44
ROSC Entropy (2) l Generates entropy using jitter between
ring oscillators - Uses 32 separate ring oscillators (running
at 300+ MHz in Spartan-6) - Samples the output values from the
oscillators every 256 clock cycles - The outputs from the oscillators are XOR
combined into a single bit value - 32 consequtive bits provided as entropy
data to consumer (mixer) 150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 45 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 45
ROSC Entropy (3) l Heavily tested using ent, several custom
tools - Fairly good confidence that the entropy
provides sufficient quality - ROSC feedback path routing critical to
clock frequency. Should preferrably be locked down using Place & Route constraints
- rosc_entropy core should be requalified when moved to a new technology (for example a new FPGA family)
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 46 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 46
Mixer (1) l Combines entropy from providers to
create seeds for the CSPRNG - Strict round robin extraction from a set of
entropy providers
l Decouples the entropy collection from the random number generation by the CSPRNG
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 47 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 47
Mixer (2) l Make it hard to predict seed when trying
to control an entropy source
l Make it hard (infeasible) to guess mixer state and entropy state based on guess of bits in seed
150718 CrypTech 48 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 48
Mixer (3) l Seeds are intermediate digests for an
arbitrarily long message l Unless full restart is forced
l With SHA-512 as mixer primitive, 1024 bits of entropy is needed to generate 512 bits of seed - With the current Cryptech CSPRNG, two
512-bit seed words are needed. In total 2048 bits of entropy is needed to be able to reseed the CSPRNG
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 49 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 49
CSPRNG l Using the ChaCha stream cipher as
primitive - 24 rounds by default
l Cipher initialized by - 256 bit key - 512 bit message block - 64 bit IV - 64 bit initial counter value
896 bits in total
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 50 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 50
CSPRNG (2)
l Blocks of 512 bits of stream data extracted via a FIFO as 32-bit random words by consumers
l Decouples data generation from consumption
150718 CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 51 150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 51
150718 CrypTech 52 Creative Commons: Attribution-NonCommercial-ShareAlike 2.0
Funding From
A Few Private Donations
150723CrypTech Creative Commons: Attribution-NonCommercial-ShareAlike 2.0 52
top related