IMinerva: uchungechunge lokuba sengozini ekusetshenzisweni kwe-ECDSA / EdDSA

Darkcrizt

Imizuzu ye-4

Minerva

Abaphenyi baseMasaryk University baveze imininingwane ezibalulekile mayelana nokuba sengozini ku- okuhlukahlukene iUkuqaliswa kwe-algorithm yesizukulwane sedijithali ye-ECDSA / EdDSA, evumela ukubuyisa inani lokhiye oyimfihlo ngokususelwa ekuhlaziyweni kokuvuza kolwazi kubhithi ngazinye ezivela lapho zisebenzisa izindlela zokuhlaziya ngeziteshi ezivela eceleni. Ukuba sengozini kwenziwa i-codenamed Minerva.

Amaphrojekthi adume kakhulu lokho kuthinta indlela yokuhlasela ehlongozwayo yilena I-OpenJDK, i-OracleJDK (CVE-2019-2894) kanye nomtapo wezincwadi I-Libgcrypt (CVE-2019-13627) esetshenziswe ku-GnuPG. Izinkinga yilezi ithinteka futhi emitatsheni yezincwadi IMatrixSSL, i-Crypto ++, i-wolfCrypt, i-elliptical, i-jsrsasign, i-Python-ECDSA, i-ruby_ecdsa, i-fastecdsa kanye namanye amakhadi ahlakaniphile Athena IDProtect, TecSec Armored Card, SafeNet eToken 4300, Valid S / A IDflex V.

Ngaphezu kokukhubazeka okukhulunywe ngakho okwamanje abathinteki I-OpenSSL, iBotan, i-mbedTLS, ne-BoringSSL. IMozilla NSS, iLibreSSL, iNettle, iBearSSL, i-cryptlib, i-OpenSSL kumodi ye-FIPS. I-Microsoft .NET crypto, Linux kernel libkcapi, Sodium, ne-GnuTLS kusamele zihlolwe.

Sithole ukusetshenziswa okulahlekelwa yibude besikali ngesikhathi sokuphindaphindwa kwesikali ku-ECC. Lokhu kuvuza kungabonakala njenge-miniscule ngoba ubude obuncane bunemininingwane encane kakhulu ekhona ku-scalar. Kodwa-ke, esimweni sokukhiqizwa kwesiginesha se-ECDSA / i-EdDSA, ukuhlunga ubude besilinganiso se-nonce engahleliwe kwanele ukuthola ngokuphelele ukhiye oyimfihlo osetshenzisiwe ngemuva kokubuka amasiginesha ambalwa kuya ezinkulungwaneni ezimbalwa emiyalezweni eyaziwayo, ngenxa yokusetshenziswa amanye amasu.

Sikholwa ukuthi wonke amakhadi wangaphambilini ayathinteka ngoba abelana ngengxenye ejwayelekile ye-ECDSA (module 214 module), echazwa njenge-Athena OS2 ECDSA755 Component in Inside Secure AT90SC A1.0 (Firmware). Sivivinye ukuba sengozini kuphela ekhadini le-Athena IDProtect eline-CPLC nedatha ye-ATR

Inkinga idalwa yikhono lokunquma amanani entwana ngayinye ngesikhathi sokuphindaphindwa ngesikali ngesikhathi sokuhweba kwe-ECC. Izindlela ezingaqondile, njengokulinganisa ukubambezeleka kokwenza izibalo, zisetshenziselwa ukukhipha imininingwane emincane.

Ukuhlasela kudinga ukufinyelela okungenampilo kumsingathi lapho kwenziwa khona isiginesha yedijithali (ukuhlaselwa okukude akukhiywa ngaphandle, kepha kuyinkimbinkimbi kakhulu futhi kudinga inani elikhulu lemininingwane yokuhlaziywa, ngakho-ke kungathathwa njengokungenakwenzeka).

Ngaphandle kobukhulu obuncane bokuvuza, kwi-ECDSA incazelo yamabhithi ambalwa anolwazi mayelana ne-vector yokuqalisa (nonce) yanele ukwenza ukuhlasela ukubuyisa ngokulandelana ukhiye wangasese ophelele.

Ngokusho kwababhali bendlela, ukuthola ukuvuselelwa kokhiye okuyimpumelelo, ukuhlaziywa kwamakhulu ambalwa kuya ezinkulungwaneni eziningana amasiginesha edijithali kwanele ngemilayezo eyaziwa umhlaseli. Isibonelo, ukuthola ukhiye oyimfihlo osetshenziswe ku-Athena IDProtect smart card ngokususelwa ku-Inside Secure AT90SC chip, kusetshenziswa ijika le-elliptic secp256r1, kusayinwe amasiginesha ayi-11 eyidijithali. Isikhathi esiphelele sokuhlaselwa kube yimizuzu engama-30.

Ikhodi yethu yokuhlasela nobufakazi bomqondo bukhuthazwe indlela kaBrumley & Tuveri.

Inkinga isivele ilungisiwe ku-libgcrypt 1.8.5 naku-wolfCrypt 4.1.0, amanye amaphrojekthi awakakhiqizi izibuyekezo. Kungenzeka futhi ukulandelela ukulungiswa kobungozi kwiphakheji ye-libgcrypt ekusabalalisweni kulawa makhasi: Debian, Ubuntu, RHEL, Fedora, vulaSUSE / SUSE, I-FreeBSD, I-Arch.

Abaphenyi baphinde bahlola amanye amakhadi nemitapo yolwazi, okulandelayo okungeyona engcupheni:

  • I-OpenSSL 1.1.1d
  • I-BouncyCastle 1.58
  • I-BoringSSL 974f4dddf
  • I-libtomcrypt 1.18.2
  • I-Botan 2.11.0
  • IMicrosoft CNG
  • I-mbedTLS 2.16.0
  • I-Intel IPP-Crypto

Amakhadi

  • I-ACS ACOSJ 40K
  • I-Feitian A22CR
  • I-G & D SmartCafe 6.0
  • I-G & D SmartCafe 7.0
  • Incazelo: Infineon CJTOP 80K INF SLJ 52GLA080AL M8.4
  • I-Infineon SLE78 Universal JCard
  • I-NXP JCOP31 v2.4.1
  • I-NXP JCOP CJ2A081
  • I-NXP JCOP v2.4.2 R2
  • I-NXP JCOP v2.4.2 R3
  • ISIMOME TaiSYS Vault

Uma ufuna ukwazi kabanzi ngokuhlaselwa okusetshenzisiwe nobungozi obutholakele, ungakwenza lokho kufayela le- isixhumanisi esilandelayo. Amathuluzi asetshenziselwe ukuphindaphinda ukuhlaselwa ayatholakala ukuze alandwe.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.