[Cryptech Tech] Working memory on HSM for decrypted private key components?

[Joachim Strömbergson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Aloha!

Peter Stuge wrote:
> Rob Austein wrote:
>> Where do we place the decrypted private key components?
> 
> If the FPGA is going to use them then it must be able to access them 
> and store them internally.
> 
>> At one point I was hearing muttering about private keys never
>> leaving the FPGA,
> 
> Yes - that sounds familiar to me too!

My impression is that there has been a back and forth about this. The
current solution (to mu mind) is that the keys are stored in external
Flash controlled by the ARM. When to be used they are unwrapped using
AES KEYWRAP by the CPU, but using the AES-core and the master key, which
is only accessible from the FPGA.

The whole keywrap mechanism could be implemented in the FPGA which would
mean that keys are only used in the FPGA and not exposed in cleartext.

But, at least for RSA keys, the CPU needs to be involved in order to
generate them. For EC at least the private key could be generated
totally inside the FPGA (it is after all just a random number). The
public EC keys could probably also be generated inside the FPGA.


>> implying that we'll have some magic storage core implemented in the
>> FPGA and that keys will (somehow) be transformed from their 
>> encrypted form into the forms (sometimes a bit odd) needed by the 
>> various crypto cores.
> 
> Maybe the MKM can take care of all odd transformations?

No, the MKM is just that, a memory. It is not capable of doing any
transformations by itself. The FPGA however would be able to do so given
the correct core.

We will need to have a MKM core anyway that initially provides an
interface to the memory (an i2c interface). But later also generates a
master key inside the FPGA, provides key bit rotation and key movement
to protect against remanence effects. Having key wrap here would be
possible too.


>> At the moment, what I have is software and conventional memory,
>> and unless somebody tells me otherwise, I assume that's what we're
>> to be using for the bridge board implementation.  Are we expecting
>> to do better than this on the Alpha board?

In time, yes. The Alpha board provides the infrastructure in terms of
components and space inside the FPGA to do key wrapping inside the FPGA.

- -- 
Med vänlig hälsning, Yours

Joachim Strömbergson - Alltid i harmonisk svängning.
========================================================================
 Joachim Strömbergson          Secworks AB          joachim at secworks.se
========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJWb8kCAAoJEF3cfFQkIuyNOEMP/1+/Ro7Fad7FSSAvnQiVCgmN
PEo1uH28USi4aMFFuDgY2Y0KcoFIoMabNyERHlrFhN7zTa+BGVTzWfubojX3SJW+
MhYBAzpsXi9+OTLn7JHrTclQ0M2KOQSI25IAv8teN7R9J6MQmR0lsV/VDOYfBs+b
gl99qhrVhLdnc8uZJweos1Lj8K0JdPHLvkCKvC5/wQNX/YuPXFIs7saZaxQYH5cq
csbUk2johrM3ma3vCwusp2iEgRzK6TwUyFWrP1pHgBLtLpZes7S/nhMKH0EvqrmL
7pL3BqNu8+vDMhxKKJbMW+1Zuw9DIUtU3+syEiVMaCW7Vk1FTtf+wX/mOw1W2+Z+
fAYPhMVg1E50Gxhrk0KatC3j9aJ2RCz5QJO8Co/oi1rH3HTmIRl/7fAp3csM1AJo
3MxClNyQzZBFs80sXe8uj2/p/Aeufz4ITJFMTgwJ6w9CKQAvWdGjAwSbiUyO3giP
5dtEIC2BE2rDNxm+vajp/P6ZZ5kR4ORusMlEu0F4zNM574FrWUXLU14KcTzhUehs
mDQJC6uUxpIyQx6h3v7uLqMCunrF3RhF56e8Yu35sLGM32/8zuJAe5b5s7HqbpbH
oOuYNij8dXqWgYMcZyJJUUZ76VBGB9jtgiUQhAnEyH97Bko/I8YZzY/87zhPRJ99
iSH2TrDVqKvHLJ7i/ack
=5Ynw
-----END PGP SIGNATURE-----