Updated ECC invalid point recommendations

We now support restricting an ECC key so it can't be used for ECDH and ECDSA at the same time
makinako · Mar 7, 2023 · bd19f24 · bd19f24
1 parent e8dfba3
commit bd19f24
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/SECURITY_NOTES.md b/SECURITY_NOTES.md
@@ -11,16 +11,13 @@
    out to be non-trivial (and probably very slow) in the JavaCard realm because of the limited number of crypto primitives
    supported by `javacardx.framework.math.BigNumber`.
 
-   The current implementation of OpenFIPS201 has no way to limit the crypto operations that can be asked of a particular
-   key. This means that any ECC key which is exposed for ECDSA (e.g. key 9E) may be subject to this attack unless the JCRE
-   or underlying crypto engine defends against it by confirming that the point is on the expected curve. Limiting the
-   crypto operations available to a key will be addressed in issue [#29](https://github.com/makinako/OpenFIPS201/issues/29) 
+   The current implementation of OpenFIPS201 permits limiting the crypto operations available to a key (see issue [#29](https://github.com/makinako/OpenFIPS201/issues/29)) and so we recommend that users:
+   * Confirm that the cards or tokens they use actively defend against the attack
+   * Never enable the `keyAgreement` role in conjunction with either of the `sign` or `authenticate` roles for any given ECC key object.
 
    Information about this attack can be found [here](https://web-in-security.blogspot.com/2015/09/practical-invalid-curve-attacks.html)
 
-   ### Recommendation
-   We recommend that users of OpenFIPS201 confirm that the cards or tokens they use actively defend against the attack.
-
+   ### Recommendation  
    Test points that can be used to confirm the defence are included below. The points can be formed into APDUs by
    prepending the points with the following bytes:
 
@@ -122,4 +119,4 @@
    0462631f38631ff8e7ff1ed3068e13d6878aa1445cf697ba3a26f3aee4d90c451ec795a9411257d298fa33ef5b47b10518fceb1ee10569f030ad043e6679e62cb7567b30612f68e2f3729fb000df0400e0448f09b383ee50c83531010fb52bc008
    047afeafb849823c769f303eb271345983d16ef51ee5284e47444bdc59d14979d928d822cfbbcf59e2e8e08aef3ed7325667be02e63b4f2f2785d32701ad2f287f56f1877e0bcbbfc3fb4da2111548ebcc7a18b048d5e94825a601e965965390b9
    048342438090b7271818868de33b79d85d5ee0357401d137177b42c2f06707b025f7694b34c95ee3c14c0fe8c0d90138896ab7b167f9f7ef37affe4bd237c020c97a4ae452eaabd8cdf5ed8e0a163b614bcd62e90b3841d08147b0ab6896fc1881
-   ```
+   ```