Abaphandi abavela Iziko likaRhulumente loPhando kwi-Informatics kunye ne-automation (INRIA), Uphando lukaMicrosoft kunye neYunivesithi yaseCarnegie Mellon uhlelo lokuqala lokulingwa Ithala leencwadi le-EverCrypt crypto iphuhliswe ngaphakathi kwiprojekthi ye-Everest kunye nokusebenzisa iindlela zemathematics zokuqinisekisa ngokusesikweni.
Ngenxa yokusebenza kwayo, I-EverCrypt isondele kakhulu kwiilayibrari ezikhoyo ze-crypto (OpenSSL) kodwa, ngokungafaniyo nabo, inika iziqinisekiso ezongezelelweyo zokuthembeka kunye nokhuseleko.
Ngokomzekelo, Inkqubo yokuqinisekisa iyabila ekuchazeni iinkcukacha ezichaziweyo Echaza zonke iindlela zokuziphatha zenkqubo kunye nobungqina bemathematika bokuba ikhowudi ebhaliweyo ihlangabezana neenkcazo ezilungiselelwe.
Ngokungafaniyo neendlela zolawulo lomgangatho ezisekwe kubungqina, ukuqinisekiswa kubonelela ngeziqinisekiso ezinokuthenjwa Ukuba inkqubo izakusebenza kuphela njengoko ababhekisi phambili bejolise kuko kwaye akukho zindidi ezithile zeempazamo.
Umzekelo, ukuthobela imigaqo iqinisekisa umsebenzi okhuselekileyo ngememori kunye nokungabikho kweempazamo ezikhokelela ekuphuphukeni kwetampu, ukungabhekiseli kwizikhombisi, ukufikelela kwiindawo esele zikhululwe kwimemori, okanye ukukhulula kabini iibhloko zememori.
Yintoni i-EverCrypt?
Ngonaphakade ibonelela ngohlobo olomeleleyo kunye nokujonga ixabiso-Icandelo alisoze lidlulise iparameter kwelinye icandelo elingathobeliyo kwaye aliyi kufumana ukufikelela kumazwe angaphakathi kwamanye amacandelo.
Ungeniso / imveliso yokuziphatha ihambelana ngokupheleleyo nezenzo ezilula zomsebenzi wezibalo, ezichazwe kwimigangatho yokubhaliweyo.
Ukukhusela ekuhlaselweni kumajelo eqela lesithathu, indlela yokuziphatha ngexesha lokubala (umzekelo, ixesha lokuphunyezwa okanye ubukho bofikelelo kwimemori ethile) ayixhomekeki kwidatha eyimfihlo esetyenziswayo.
Ikhowudi yeprojekthi ibhalwe ngolwimi olusebenzayo F * (Inkwenkwezi ye-F) , ebonelela ngenkqubo yeentlobo ezixhomekekileyo kunye nokulungiswa, ezivumela ukumisela iinkcukacha ezichanekileyo (imodeli yemathematika) yeenkqubo kunye nokuqinisekisa ukuchaneka nokungabikho kweempazamo ekuphunyezweni kusetyenziswa iifomula zeSMT kunye nezixhobo zovavanyo ezincedisayo.
Ikhowudi kwi-F * isasazwa phantsi kwelayisenisi ye-Apache 2.0, kunye neemodyuli zokugqibela kwi-C kunye nomhlanganisi phantsi kwelayisensi ye-MIT.
Ngokusekwe kwikhowudi yesalathiso F *, Isidibanisi, C, OCaml, iJavaScript yenziwe kunye nekhowudi yendibano yewebhu.
Ezinye iinxalenye zekhowudi ilungisiwe ngeprojekthi sele isetyenzisiwe kwiFirefox, iWindows kernel blockchain ye I-Tezos kunye ne-VPN Wireguard.
Izinto ze-EverCrypt
Kwimeko, I-EverCrypt idibanisa iiprojekthi ezimbini ezazingafani ne-HACL * kunye neVale, Ukubonelela nge-API emanyeneyo esekwe kubo kwaye ibenza ukuba balungele ukusetyenziswa kwiiprojekthi zokwenyani.
I-HACL * ibhaliwe kwiZantsi* Kwaye injongo yayo kukubonelela ngezinto zokuqala eziza kusetyenziswa kwiinkqubo zeC Basebenzisa i-libsodium kunye ne-NaCL yesitayile APIs.
Le projekthi UVale wavelisa ulwimi oluthile thambeka ukwenza ukungqinisisa kwisidibanisi.
Malunga ne-110 lamawaka emigca yekhowudi ye-HACL * kulwimi olusezantsi * kunye nama-25 amawaka emigca yekhowudi yeVale idityanisiwe Kwaye ziphinde zabhalwa malunga nama-70 amawaka emigca yekhowudi kulwimi lwe-F *, ekwenziwayo nayo njengenxalenye yeprojekthi ye-Everest.
Inguqulelo yokuqala yethala leencwadi le-EverCrypt Iimpawu zokufezekiswa okuqinisekisiweyo kwezi algorithms ze-cryptographic zilandelayo icetyiswe kwiinguqulelo ze-C okanye zokudibanisa (xa usebenzisa ifayile ye-.
Koku kulandelayo, phuma kwiphepha leprojekthi:
- I-Hash algorithms: zonke iindidi ze-SHA2, SHA3, SHA1, kunye ne-MD5
- Iikhowudi zokungqinisisa: HMAC ngaphezulu kwe-SHA1, SHA2-256, SHA2-384, kunye ne-SHA2-512 yokuqinisekiswa komthombo wedatha
- I-HKDF yesiGaba esiPhambili seAlgorithm (Ukukhutshelwa okusekwe kwi-HMAC kunye nokwandiswa kokuSebenza kokuSusa)
- I-ChaCha20 ye-encryption yomjelo (engu-C engasebenziyo ekhoyo)
- I-Poly1305 Umyalezo wokuNgqinisisa iAlgorithm (MAC) (C kunye nohlobo lokuhlanganisa)
- Inkqubo yeDiffie-Hellman kwiirveve ze-elliptic Curve25519 (C kunye neenguqulelo zokuhlangana ezinokusekwa ngokusekwe kwi-BMI2 kunye ne-ADX imiyalelo)
- Vimba imo ye-cipher ye-AEAD (i-cipher eqinisekisiweyo) ChachaPoly (inguqulelo C ayilungiswanga)
- I-AEAD AES-GCM ibhloko yokubhala ngokufihlakeleyo (inguqulelo yokudibanisa kunye nokulungiswa kwe-AES-NI).
Kweyokuqala Inguqulelo ye-alpha, ukuqinisekiswa kwekhowudi sele kugqityiwe ubukhulu becala, kodwa kusekho iindawo ezithile ezingatyhilwanga.
Kwakhona, I-API ayizinzanga okwangoku, eyakwandiswa kwezi nguqulelo ze-alpha zilandelayo (Kucetyelwe ukudibanisa izakhiwo zazo zonke ii-API.
Phakathi kweziphene, inkxaso yoyilo lwe-x86_64 ikwacacisiwe (kwinqanaba lokuqala, eyona njongo kukuthembeka, ngelixa ukwenziwa kunye namaqonga kuyakwenziwa kwindawo yesibini).
Umthombo: https://jonathan.protzenko.fr