Cryptech Project - Releases

Release Notes

2017-05-13T19:06:00+00:00

3.0, May 2017

New keystore implementation. Basically a very small flash filesystem, including basic wear leveling. Maximum number of keys varies depending on key size and how many options are attached, but for any reasonable use it should hold on the order of 2,000 keys at least.
In-memory keystore moved to HSM (previously was in memory of the client library), uses same API as flash keystore.
RPC mechanism extended to support the new keystores (hal_rpc_pkey_match(), hal_rpc_pkey_set_attributes(), etc).
PKCS #11 code rewritten to use libhal attribute mechanism, sqlite3 database gone.
Verilog implementations of ECDSA base point multipliers for P-256 and P-384 curves, key generation and signing significantly faster than with software ECDSA implementation.
Key backup mechanism: two more RPC functions, and a Python script cryptech_backup to drive the process.
Private key representation changed to PKCS #8 format (a self-identifying uniform format with optional encryption, supported by many other tools). Key backup uses encrypted form of PKCS #8.
Default build of client software now uses a multiplexer daemon cryptech_muxd which allows multiple clients to talk to the HSM at once (packages such as OpenDNSSEC which uses multiple daemons talking to the same HSM need this). Software can still be built for direct connection to HSM but it is no longer the default.
New trivial script cryptech_console to talk to the HSM's management port via the multiplexer daemon; cryptech_upload now supports both direct connection and connection via the multiplexer daemon.
Python client implementations of libhal RPC mechanism and PKCS #11 now installed as cryptech.libhal and cryptech.py11, respectively.
Python PKCS #11 client hacked to play nicely with pkcs11-spy debugging tool.
RTOS replaced by simple non-preemptive (voluntary yield) tasking system, eliminating a huge morass of potential race conditions, debugging nightmares, priority inversions, and similar horrors. Lack of preemption means that console acess may have to wait for something else to yield the ARM CPU, but it's more than worth it to get rid of all the stability problems the RTOS was causing.
Sample code for using the HSM as an OpenSSL engine is available. This only works with RSA for the moment, due to apparent limitations of the engine implementation.

Getting started with 3.0:

Install the software.
Upgrade the firmware. Please note the warnings about bricking your HSM, how to avoid that, and what to do if you failed to avoid it.
Set the usual environment variables, perhaps using cryptech_probe.
Start the multiplexer daemon cryptech_muxd.

At this point, you should be able to use the PKCS #11 library, the cryptech_backup script, and so forth.

Building Cryptech Software/Firmware/Bitstream From Source

2017-05-13T17:47:00+00:00

Everything you need to build our software, firmware, and FPGA bitstreams from source yourself is publicly available, but the process is a bit complicated. Overall, there are two methods, one of which our developers use while writing this stuff, the other of which we use for the automated reproducible builds which go into our binary distributions. Both methods eventually boil down to "get the source code then run make", but the details differ.

What developers do

We check out copies of all the several dozen separate repositories and carefully arrange them in a tree structure which matches the official naming scheme. Yes, really. It's tedious, but we have a script to automate this. This works by parsing the .gitmodules file in the releng/alpha repository (see "reproducible builds", below).

Once you have this tree, you can hop around within it, building whichever bits are of interest to you. So if you want to rebuild just the HSM firmware (the C code that runs on the ARM), you would go to sw/stm32 and run make there.

What we do for reproducible builds

Reproducible builds use the same tree structure (as they must for the various Makefiles to work properly), but the entire tree is embedded in a git "superrepository" which also contains the release engineering goo necessary to make the whole thing work. Do git help submodule for an introduction to git's submodule mechanism.

With this model, one just checks out a copy of the superrepository, runs make in its top directory, and eventually the complete package pops out the other side.

git clone https://git.cryptech.is/releng/alpha.git
cd alpha
make

That's the good news. The bad news is that this process has higher demands on its build environment: it expects to find the a complete tool set, including the XiLinx synthesis tools, the several different cross compilers for the firmware, and the pbuilder system for building clean room packages for Ubuntu and Debian.

As a compromise, one can use this source tree as if it were the development source tree described above: just use the supermodule to pull down everything else, but then ignore the supermodule and build individual pieces as if you'd checked out all the repositories by hand.

Skip all this git mess and just download a tarball

There's another alternative, which is simpler than any of the above: just download the source tarball. Since the only build environments we support at the moment are Debian Jessie and Ubuntu Xenial, which also happen to be environments for which we build binary packages, you can just use APT:

apt-get source cryptech-alpha

Which will give you the same tree structure, but without all the git fun.

Build environment

Our software and firmware developers use the Debian and Ubuntu Linux distributions. Our current build box for binary packages runs Debian Jessie.

Our Verilog developers use various environments and have been known to use graphical tools, but synthesis of the bitstreams that go in our binary packages is done via the XiLinx command line tools on the same Debian Jessie machine as the software and firmware builds.

Which tools you need will of course depend on exactly what you're trying to do.

Most of the tools work on either 32-bit or 64-bit machines, but if you intend to run the full binary package build script, you'll need a 64-bit machine (or VM) because the tools won't build 64-bit binaries on a 32-bit machine.

Basic tool set (not all required for every purpose, but they're all supported Debian packages so it's usually easier just to install them all and not worry about it):

  apt-get install git pbuilder ubuntu-dev-tools rsync sudo
  apt-get install python-yaml python-serial python-crypto python-ecdsa
  apt-get install gcc-arm-none-eabi gdb-arm-none-eabi
  apt-get install gcc-avr binutils-avr avr-libc
  apt-get -t jessie-backports install debootstrap distro-info-data
  apt-get install reprepro ubuntu-archive-keyring

This is not an exhaustive list, because some of the other packages we use are pulled in by these as dependencies.

You will also need a copy of the XiLinx tools, which is tedious enough that it's described in a separate section, below.

Once you have all the tools installed, you'll need a copy of the source tree, as explained in the preceeding sections.

pbuilder requires a bit of setup (you can skip this if you're not trying to do the full binary package build):

for code in jessie xenial; do for arch in i386 amd64; do pbuilder-dist $code $arch create; done; done
ln -s jessie_result ~/pbuilder/jessie-amd64_result
ln -s xenial_result ~/pbuilder/xenial-amd64_result

Installing the XiLinx tools

XiLinx tools setup is a bit involved. You can skip this section if you don't intend to build FPGA bitstreams.

We use the command line versions of the XiLinx tools, but installing them requires a graphical environment, because the XiLinx installer and license manager are GUI tools. If you're running this on a server and don't already have a graphical environment installed, you can get away with something fairly minimal. For example, if you have a VNC viewer such as "Chicken of the VNC" on your laptop, you can get away with a fairly minimal X11 toolset:

apt-get install tightvncserver xterm icewm

If you're already running X11 on your laptop and are comfortable with extruding that to the build machine, eg, via ssh -Y, you can just use that (not recommended for long-haul use, eg, if the laptop is in Boston and the server is in Reykjavik).

You'll need to start by using a web browser to download the Xilinx ISE Design Suite.

XiLinx only supports specific versions of Red Hat and Suse Linux, but their tools do run on Debian and Ubuntu. A few caveats:

Debian and Ubuntu symlink /bin/sh to /bin/dash, which can't handle some of the syntax used in XiLinx's shell scripts, so you'll need to change that symlink to point to /bin/bash.
Although the XiLinx software can be installed as user or root, by default it wants to install into /opt/Xilinx, so you need to install as root if you want to do that.
The XiLinx tools are disk hogs, so if you're building a VM for this, you'll probably want to give it at least 30-40 GB of disk space.

Step-by-step installation:

Unpack Xilinx_ISE_DS_Lin_14.7_1015_1.tar (or whatever version you have).
In an X11 environment, cd to Xilinx_ISE_DS_Lin_14.7_1015_1, and run sudo ./xsetup
Click through two screens of license agreements.
Select ISE WebPACK.
Unselect (or leave unselected) Install Cable Drivers.
Go!

Well, not quite. You'll need to convince the ISE tools that you have a valid license to use the ISE tools. Go to http://www.xilinx.com/products/design-tools/ise-design-suite/ise-webpack.htm, click the Licensing Solutions link. On the page to which that takes you, expand the section Obtain a license for Free or Evaluation product. To download the ISE Webpack, you should have created an account, so now you can go to the Licensing Site and use that account to create a Certificate Based License.

You do not need to go through the HostID dance, just say Do It. You will then receive a certificate in email (not an X.509 certificate) which you will be able to use. Then start the ISE Webpack by issuing the command ise. Go to the Help menu and Manage Licenses. Use the resulting new License Manager window to install the .lic file. This process is complex and flakey.

Here's another description of installing ISE on Ubuntu.

The ise binary referred to above is in /opt/Xilinx/14.7/ISE_DS/ISE/bin/lin64/ise (or in .../lin/ise, but the pbuilder setup requires a 64-bit build machine).

When running this remotely under tightvncserver, setup looks something like this:

vncserver :0 -geometry 1280x768 -depth 16 -localhost
export DISPLAY=:0 XAUTHORITY=~/.Xauthority
icewm&

Then, either in the same shell as the above or in an xterm in the new display

cd Xilinx_ISE_DS_Lin_14.7_1015_1
sudo ./xsetup

cd
/opt/Xilinx/14.7/ISE_DS/ISE/bin/lin64/ise

It turns out you don't really need to run the whole ise tool to get to the license manager, you can just run

/opt/Xilinx/14.7/ISE_DS/common/bin/lin64/xlcm -manage

But you do have to source the appropriate settings file first, none of the XiLinx tools work properly without that:

. /opt/Xilinx/14.7/ISE_DS/settings64.sh

Upgrading the Cryptech Alpha HSM

2017-05-12T23:15:00+00:00

This page explains how to upgrade the Cryptech Alpha firmware, bootloader, and FPGA bitstream (as needed).

All of the operations here use the Alpha's "management" (MGMT) port, so that cable must be connected to your Linux or OSX host machine.

Upgrading from the stock firmware (Berlin workshop or CrowdSupply)

The main feature of the 3.0 firmware release is a completely new HSM keystore implementation, which makes better use of the Alpha's keystore flash, allows a much larger number of keys, and removes the need for an SQL database on the host. (See ReleaseNotes.)

We did not attempt to provide any sort of backwards compatability to the original minimalistic keystore implementation, so this upgrade process will wipe your keystore. Sorry. More importantly (from the limited viewpoint of the upgrade process), it will change how the HSM stores its PINs, which complicates the upgrade process.

Because we use the bootloader to upgrade the firmware, and the firmware to upgrade the bootloader, both use the PINs stored in the keystore to login, so both need to understand the new keystore, so both need to be upgraded.

Because of the tricky nature of this particular upgrade, you must perform these steps, in the specified order:

Install the new host software package using APT or Homebrew.
Wipe the HSM keystore to reset PINs back to the "factory" state.
Upgrade the main HSM firmware.
Upgrade the HSM bootloader.
Log in to upgraded HSM to set PINs, etc.

Upgrading the bootloader before the main firmware will brick your Alpha. So don't do that.

If something goes horribly wrong and you do somehow manage to brick your Alpha, see DisasterRecovery.

Upgrading from 'ksng'

A few intrepid users are already testing the 'ksng' development branch, using the instructions at UpgradeToKSNG. In this case, and with future upgrades, it it not necessary to either wipe the keystore or upgrade the bootloader.

Install the new host software package using APT or Homebrew.
Upgrade the main HSM firmware.

Install the cryptech-alpha package

using apt-get on Debian or Ubuntu Linux

$ sudo apt-get update
$ sudo apt-get install cryptech-alpha

Yes, you have to install it even if you already had it installed, because APT wants permission before accepting the new package dependencies.

Or you could instead run:

$ sudo apt-get upgrade --with-new-pkgs

but that might upgrade unrelated stuff.

If you had the '-ksng' package installed, you might then want to run:

$ sudo apt-get remove cryptech-alpha-ksng
$ sudo apt-get autoclean

but nothing terrible is likely to happen if you omit those steps.

If you're running on Debian Jessie, you may need to enable jessie-backports and make sure you're getting the python-serial and python-tornado dependencies from the backports (the versions of those packages in the base Debian Jessie distribution are too old).

using Homebrew on OSX

If you're upgrading from the original firmware (have not installed the -ksng package), a normal Homebrew upgrade cycle should suffice:

$ brew update
$ brew upgrade

If you have the -ksng package installed, you need to tell Homebrew that you want to switch back:

$ brew update
$ brew migrate cryptech-alpha-ksng
$ brew update

In either case, you might then want to do something like:

$ brew cleanup

but nothing terrible is likely to happen if you omit that step.

If you've tried doing this and nothing happens, you might be hitting a known old bug in Homebrew itself. Make sure your copy of Homebrew is up to date, and if that still doesn't work, try deinstalling whichever cryptech-alpha* package you have installed and reinstalling cryptech-alpha.

Set usual CRYPTECH_* environment variables

The upgrade process uses the CRYPTECH_CTY_CLIENT_SERIAL_DEVICE environment variable. The easiest way to set it is by using the cryptech_probe script, just as you would for other usage of the Alpha.

$ eval `cryptech_probe`

(Note: you can use the new cryptech_muxd and cryptech_console, but these instructions assume you are familiar with cryptech_miniterm. Or you could be using picocom or kermit or something else. Doesn't matter to us.)

Clear the keystore flash

If you are upgrading from the original firmware, you will need to wipe the keystore, to avoid confusing the new keystore code.

The good news is that we have a utility to back up and restore the new keystore. The bad news is that we don't have a way to back up the old keystore.

$ cryptech_miniterm

Username: wheel
Password: <your-wheel-pin-goes-here>

cryptech> keystore erase YesIAmSure

^]

Upgrade the main HSM firmware

$ cryptech_upload --firmware --user wheel
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

Upgrade the bootloader

$ cryptech_upload --bootloader --user wheel --simon-says-whack-my-bootloader
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

(Optional) Upgrade the FPGA bitstream

This upgrade includes an experimental ECDSA point multiplier in hardware, which the firmware will use if present.

$ cryptech_upload --fpga --user wheel
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

Log in and set PINs, masterkey, etcetera

$ cryptech_miniterm

Username: wheel
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

cryptech> keystore set pin wheel fnord
cryptech> keystore set pin so    fnord
cryptech> keystore set pin user  fnord
cryptech> masterkey set

^]

Upgrading Cryptech Alpha HSM to "ksng" development package

2016-12-22T22:33:00+00:00

This page attempts to explain the upgrade procedure for testing out the new "ksng" development branch of the Cryptech Alpha firmware.

Cavats

This particular upgrade is more complicated than we would have preferred, due to the interaction of two unrelated factors:

As the name (obscurely) implies, the main feature in the ksng branch is a completely new HSM keystore implementation, which makes better use of the Alpha's keystore flash, allows a much larger number of keys, removes the need for an SQL database on the host, gets your laundry 25% brighter, and leaves your breath alone.

We did not attempt to provide any sort of backwards compatability to the old minimalistic keystore implementation, so this upgrade process will wipe your keystore. Sorry. More importantly (from the limited viewpoint of the upgrade process), it will change how the HSM stores its PINs, which complicates the upgrade process.

The "Device Field Upgrade" (DFU) capability in the Alpha's firmware was a last-minute addition before the Berlin workshop in July 2016, and, as last minute additions often do, it turned out to be buggy. There are three distinct pieces of software involved in the upgrade process, and they were all slightly buggy, in different ways. Because of this, one must perform the upgrade steps in a particular order to avoid bricking the HSM. The upgrade includes fixes for all the (known) bugs in the DFU process, so we hope that this will be a one-time annoyance (famous last words).

If something goes horribly wrong and you do somehow manage to brick your Alpha, don't give up, recovery is still possible, it just requires an ST-LINK debugger and cable (more on this below).

Overview

Because of the tricky nature of this particular upgrade, you must perform these steps, in the specified order:

Install the new host software package using APT or Homebrew.
Wipe the HSM keystore to reset PINs back to the "factory" state.
Upgrade the main HSM firmware.
Upgrade the HSM bootloader.
Log in to upgraded HSM to set PINs, etc.

Upgrading the bootloader before the main firmware will brick your Alpha. So don't do that.

All of the operations here use the Alpha's "management" (MGMT) port, so that cable must be connected to your Linux or OSX host machine.

This upgrade procedure was tested on Debian Jessie, with an Alpha whose firmware had been rolled back to the version from the Berlin workshop (APT/Homebrew package version 2.0.1468584175, commit cd445b69b2caa7205f4e1c368aa2c6bf8c2d7692 in repository https://git.cryptech.is/releng/alpha.git).

Install cryptech-alpha-ksng package using apt-get or Homebrew

Binaries for the "ksng" branch are available as a separate set of "cryptech-alpha-ksng" packages, which replace the "cryptech-alpha" packages for the master branch. This seemed the simplest way of letting people experiment with the new code while falling back to the old if necessary. The "cryptech-alpha-ksng" packages are declared to conflict with the "cryptech-alpha" packages, because they install programs by the same name in the same places and you need the version of the host software which goes with the HSM firmware your running.

APT handles package conflicts differently from the way that Homebrew does. If you have "cryptech-alpha" installed and try to install "cryptech-alpha-ksng", APT assumes you meant what you said and will just replace the old package with the new one. Homebrew, on the other hand, reports the conflict and refuses to proceed until you sort it out.

The following assumes that you already had the Cryptech APT repository or Homebrew tap configured; if not, see BinaryPackages.

Installing cryptech-alpha-ksng package using apt-get on Debian or Ubuntu Linux

$ sudo apt-get update
$ sudo apt-get install cryptech-alpha-ksng

Installing cryptech-alpha-ksng package using Homebrew on OSX

$ brew update
$ brew uninstall cryptech-alpha
$ brew install cryptech-alpha-ksng

Set usual CRYPTECH_* environment variables

$ eval `cryptech_probe -v`

Clear the keystore flash

Sorry about this. Yes, we know we need backup and restore, we'll get there. But for this upgrade, it's safest to wipe the keystore.

$ cryptech_miniterm

Username: wheel
Password: <your-wheel-pin-goes-here>

cryptech> keystore erase YesIAmSure

^]

Upgrade the main HSM firmware

$ cryptech_upload --firmware --user wheel
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

Upgrade the bootloader

$ cryptech_upload --bootloader --user wheel --simon-says-whack-my-bootloader
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

Log in and set PINs, masterkey, etcetera

$ cryptech_miniterm

Username: wheel
PIN: YouReallyNeedToChangeThisPINRightNowWeAreNotKidding

cryptech> keystore set pin wheel fnord
cryptech> keystore set pin so    fnord
cryptech> keystore set pin user  fnord
cryptech> masterkey set

^]

What to do if you manage to brick your Alpha

If the above procedure somehow goes horribly wrong and bricks your alpha, you can still recover, but you'll need an ST-LINK programmer. There's some discussion of this at sw/stm32.

Possible sources for the ST-LINK programmer and a suitable cable:

http://www.mouser.com/search/ProductDetail.aspx?R=0virtualkey0virtualkeyNUCLEO-F411RE
https://www.sparkfun.com/products/10376

These are relatively cheap, you'll probably pay as much for the postage as for the parts themselves. If you have a better source, go for it.

The programmer is the important part, you can use any sort of cabling you like so long as it connects the right pins of the programmer to the corresponding pins on the Alpha; the SparkFun cable just happens to be a tidy package which matches the relevant SWD headers.

We'll include a more detailed description of the recovery process here if anybody needs it, but the short version is:

Install OpenOCD on your host machine.
Open up the Alpha's case, take the board out.
Connect the programmer and power the board back up.
Use the flash-target script from the sw/stm32 repository to stuff the hsm.elf and bootloader.elf files from the binary firmware tarball into the HSM.
Power down, disconnect the programmer, put the Alpha back in its case, done.

Binary Packages for Cryptech Software and Firmware

2016-12-15T22:44:00+00:00

The Cryptech Project maintains APT and Homebrew repositories containing packaged software for the Cryptech Alpha board for Debian and Ubuntu Linux and for Mac OS X. The binary packages also include pre-compiled images for the Alpha Board's Artix-7 FPGA, Cortex M4 ARM CPU, and AVR ATtiny828 MCU.

How to get APT packages for Debian Stretch, Debian Buster, Ubuntu Xenial, or Ubuntu Bionic

Fetch and validate the repository key. Presumably you're security concious (otherwise, why are you installing this stuff?), so you may want to pay attention to what gpg --check-sig says here.
```
id=37A8E93F5D7E7B9A
wget https://apt.cryptech.is/apt-gpg-key.gpg
gpg --recv-key $id
gpg --check-sig $id
```
Install the repository key. We used to use apt-key(8) for this, these days the cool kids use the /etc/apt/trusted.gpg.d/ directory:
```
sudo chown root:root apt-gpg-key.gpg
sudo mv apt-gpg-key.gpg /etc/apt/trusted.gpg.d/cryptech.gpg
```

Configure apt to use the repository. You need to add a couple of entries to /etc/apt/source.list.d/; which entries you need to add depends on which distribution you're running.

For Debian Stretch, do:

sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.stretch.list

For Debian Buster, do:

sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.buster.list

For Ubuntu Xenial, do:

sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.xenial.list

For Ubuntu Bionic, do:

sudo wget -q -O /etc/apt/sources.list.d/cryptech.list https://apt.cryptech.is/sources.bionic.list

Update the package index.
```
sudo apt-get update
```
Install the cryptech-alpha package.
```
sudo apt-get install cryptech-alpha
```

Updating APT packages

Once you've performed the steps above you should be able to upgrade to newer version of the code using the normal APT upgrade process:

sudo apt-get update
sudo apt-get upgrade

How to get Homebrew packages for Mac OS X

Fetch and validate the repository key. Presumably you're security concious (otherwise, why are you installing this stuff?), so you may want to pay attention to what gpg --check-sig says here.
```
id=37A8E93F5D7E7B9A
gpg --recv-key $id
gpg --check-sig $id
```

Configure Homebrew to use the repository.

brew tap cryptech/sw https://brew.cryptech.is/tap

Update the package index.
```
brew update
```
Check the commit signature on the cryptech-alpha package formula. This is optional (Homebrew doesn't care whether you do this), but if you want to know whether the formula was signed by the Cryptech project, this is how to check.
```
brew log --max-count=1 --show-signature cryptech-alpha
```
Install the cryptech-alpha package. At the moment, this is only available as a Homebrew source package due to licensing issues in the MacOS Xcode SDK, so the installation will probably take several minutes, as some of the libraries are a bit slow to compile (sorry...).
```
brew install cryptech-alpha
```

Updating Homebrew packages

Once you've performed the steps above you should be able to upgrade to newer version of the code using the normal Homebrew upgrade process:

brew update
brew upgrade
brew cleanup