[Cryptech Tech] goals / use cases

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Jan 26 11:22:08 UTC 2015


=?ISO-8859-1?Q?Joachim_Str=F6mbergson?= <joachim at secworks.se> writes:

>M3 or M4. Whatever can support the space (code and data) as well as
>performance requirements. 

The M3 and M4 are great for very low-cost/low-power devices, but an awful
choice for an HSM.  Taking a typical example, an STM32 F3 (you don't really
need an M4, that just gives you extra DSP functionality of which mostly only
the MAC is useful, things like saturating adds aren't), just to handle the
read and write buffers for SSL (2x18kB or so) you're going to use up almost
all of your RAM with no crypto, certificates, or anything else yet.  Oh, and
with a 72MHz clock performance is going to be underwhelming as well.

The question isn't "can we run it (and for 'it' I'm going to use cryptlib,
since I'm familiar with it) on a bare-bones SoC", because the answer generally
is "yes, if you strip out lots of functionality".  For example it's been used
to implement S/MIME on an ARM7TDMI with 136K of RAM, but that doesn't mean
you'd want to run it in that environment.  If I had a choice, I'd go for an
absolute minimum spec of:

- 1MB of flash
- 512kB of RAM
- 500MHz or so CPU

so you don't have to worry about building custom versions based on whether you 
want to do SSH or TLS or PGP or whatever.  I wouldn't even consider an M- 
series, go for the A-series.  If you can get a full Google TV-type device 
incorporating something like an RK3188 for ~$40 then it can't be that 
expensive to create a decent-specced HSM using the same device, especially if 
you're already prepared to pay hundreds for the FPGA.

Peter.


More information about the Tech mailing list