I-EverCrypt: ilabhulali yokuqinisekisa ye-cryptographic

Darkcrizt

Imizuzu ye-4

iphrojekthi ye-everest

Abaphenyi abavela I-State Institute for Research in Informatics and Automation (INRIA), Kwethulwe iMicrosoft Research kanye neCarnegie Mellon University uhlelo lokuqala lwesilingo lwe umtapo wolwazi we-EverCrypt crypto ithuthukiswe ngaphakathi kohlaka lwephrojekthi ye-Everest futhi isebenzisa izindlela zezibalo zokuqinisekisa okusemthethweni.

Ngamakhono nokusebenza kwayo, I-EverCrypt isondelene kakhulu nemitapo yolwazi ekhona ye-crypto (I-OpenSSL) kepha lokho, ngokungafani nabo, kunikeza iziqinisekiso ezengeziwe zokuthembeka nokuphepha.

Isibonelo, inqubo yokuqinisekisa iphelela ekuchazeni imininingwane ebekiwe ezichaza konke ukuziphatha kohlelo kanye nobufakazi bezibalo bokuthi ikhodi ebhaliwe ihlangabezana nemininingwane elungiselelwe.

Ngokungafani nezindlela zokulawula ikhwalithi ezisekelwe ebufakazini, ukuqinisekiswa kunikeza iziqinisekiso ezinokwethenjelwa ukuthi uhlelo luzosebenza kuphela njengoba onjiniyela behlose futhi azikho izigaba ezithile zamaphutha.

Isibonelo, ukuhambisana nemininingwane kuqinisekisa ukusebenza okuphephile ngememori nokungabikho kwamaphutha okuholela ekuchichimeni kwesikhashana, ukukhomba izikhombisi-ndlela, ukufinyelela ezindaweni zememori esezikhululiwe, noma ukukhululwa kabili kwamabhulokhi wememori.

Yini i-EverCrypt?

I-EverCrypt inikeza uhlobo oluqinile nokubheka inani- Ingxenye ngeke ize idlulise amapharamitha kokunye okungahambisani futhi ngeke ikwazi ukufinyelela izifundazwe zangaphakathi zezinye izingxenye.

Ukuziphatha kokufaka / kokukhiphayo ivumelana ngokugcwele nezenzo ezilula zomsebenzi wezibalo, ezichazwe kumazinga we-cryptographic.

Ukuvikela ekuhlaselweni eziteshini ezivela eceleni, indlela yokuziphatha ngesikhathi sokubala (ngokwesibonelo, ubude bokubulawa noma ukutholakala kokufinyelela kwimemori ethile) akuxhomekile kwimininingwane eyimfihlo esetshenziswayo.

Ikhodi yephrojekthi ibhalwe ngolimi olusebenzayo F * (Inkanyezi F) , enikezela ngohlelo lwezinhlobo ezixhomekile nokulungiswa, okuvumela ukusungula imininingwane ecacisiwe (imodeli yezibalo) yezinhlelo nokuqinisekisa ukunemba nokungabikho kwamaphutha ekusetshenzisweni ngokusebenzisa amafomula we-SMT namathuluzi wokuhlola asizayo.

Ikhodi eku-F * isatshalaliswa ngaphansi kwelayisense le-Apache 2.0, namamojula wokugcina ku-C kanye nokuhlanganisa ngaphansi kwelayisense ye-MIT.

Ngokususelwa kukhodi eyinkomba F *, ukuhlanganisa, C, OCaml, iJavaScript iyenziwa kanye nekhodi lomhlangano wewebhu.

Ezinye izingxenye zekhodi kulungiselelwe ngephrojekthi sekuvele kusetshenziswe kuFirefox, iWindows kernel , i-blockchain ye- ITezos neVPN Wireguard.

Izingxenye ze-EverCrypt

Empeleni, I-EverCrypt ihlanganisa amaphrojekthi amabili ahlukene ngaphambilini avela ku-HACL * naseVale, ukuhlinzeka nge-API ebumbene esuselwa kubo futhi ibenze balungele ukusetshenziswa kumaphrojekthi wangempela.

I-HACL * ibhalwe ngesiLow* futhi inhloso yawo ukuhlinzeka ngama-cryptographic primitives ukuze asetshenziswe ezinhlelweni ze-C basebenzisa ama-API we-libsodium ne-NaCL.

Le phrojekthi UVale wenza ulimi oluthile domain ukudala ukuqinisekiswa kusihlanganisi.

Cishe imigqa eyizinkulungwane eziyi-110 yekhodi ye-HACL * ngolimi oluphansi * nemigqa eyizinkulungwane ezingama-25 yekhodi yeVale ihlangene futhi zibhalwa kabusha emigqeni engama-70 eyizinkulungwane yamakhodi ngolimi lwendawo yonke i-F *, nayo eyenziwayo njengengxenye yephrojekthi ye-Everest.

Uhlobo lokuqala lomtapo wezincwadi we-EverCrypt ifaka ukusetshenziswa okuqinisekisiwe kwama-algorithm alandelayo we-cryptographic kuhlongozwe ngezinguqulo ze-C noma ze-assembler (lapho usebenzisa i-.

Kulokhu, okulandelayo kugqama ekhasini lephrojekthi:

  • AmaHash algorithms: konke okwehlukile kwe-SHA2, SHA3, SHA1, ne-MD5
  • Amakhodi wokufakazela ubuqiniso: HMAC ngaphezulu kwe-SHA1, SHA2-256, SHA2-384 ne-SHA2-512 yokufakazela ubuqiniso bomthombo wedatha
  • I-HKDF Key Generation Algorithm (i-HMAC-based Extract and Expand Key Derivation Function)
  • Ukubethela kokusakaza kwe-ChaCha20 (inguqulo ye-C engenziwanga iyatholakala)
  • I-Poly1305 Algorithm algorithm (MAC) (C kanye ne-assembler version)
  • Iphrothokholi ye-Diffie-Hellman kumajika ama-elliptic Curve25519 (C nezinguqulo ze-assembler ezinokusebenziseka okusekelwe kumiyalo ye-BMI2 ne-ADX)
  • Vimba imodi ye-cipher AEAD (i-cipher eqinisekisiwe) i-ChachaPoly (inguqulo C ayilungiselelwe)
  • Imodi yokubethela ye-AEAD AES-GCM (inguqulo ehlanganayo enokulungiselelwa kwe-AES-NI).

Esokuqala inguqulo ye-alpha, ukuqinisekiswa kwekhodi sekuvele kuqediwe ikakhulu, kepha kusekhona ezinye izindawo ezingambuliwe.

Futhi, I-API ayikaqiniswa okwamanje, ezonwetshwa ezinguqulweni ze-alpha ezilandelayo (Kuhlelwe ukuhlanganisa izakhiwo zawo wonke ama-API.

Phakathi kwamaphutha, ukusekelwa kokwakhiwa kwe-x86_64 nakho kuqokonyisiwe (esigabeni sokuqala, inhloso enkulu ukwethembeka, ngenkathi ukwenziwa kahle nezinkundla kuzosetshenziswa endaweni yesibili).

Umthombo: https://jonathan.protzenko.fr


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.