Gnuk version 1.1.0 is released.
This is an experimental first release of version 1.1.x series. Major changes include: replacing thread library to Chopstx, upgrade of the NeuG routine to the one of NeuG 1.0, and an incompatible change to support overriding key.
Because of the incompatible change, please refer new documentation of 1.1.0 for instructions of how to use Gnuk Token. (New documentation can be used for 1.0.x, too.)
- Gnuk Documentation: http://www.fsij.org/doc-gnuk/
RSA computation routine is updated and improved, too. Major change is from upstream PolarSSL 1.2.10 against timing attack, but we don't use RSA blinding for Gnuk. Instead, gniibe fixed all timing differences of original PolarSSL, carefully and correctly. During this change, memory consumption and speed are improved a bit.
Note that the risk by such an attack is not that huge if you follow a general practice of Gnuk Token (inserting the token only when used, and unattended use (for days) couldn't occur), in the first place. Therefore, we don't urge Gnuk 1.0.x users to upgrade 1.1.0 as security upgrade.
Here are the list of changes.
Overriding key import / generation (Incompatible Change)
Gnuk supports overriding key import or key generation even if keys are already installed. Note that it will result password reset of user.
RSA key generation improvement
Prime number generation is done by Fouque-Tibouchi method.
Security fix for RSA computation
PolarSSL had a vulnerability against timing attack. For detail, please see:
Improved RSA routine
RSA computation has been improved using MPI square routine. Note that you should not adopt this modification for general purpose computer, as this change is weak against the Yarom/Falkner flush+reload cache side-channel attack.
Upgrade of NeuG
The true random number generator was upgraded to the one of NeuG 1.0.
Replacement of kernel (thread library)
Instead of ChibiOS/RT, we now use Chopstx.
Removal of obsolete features
The feature named pin-dial, which is pin input with hardware enhancement (with rotary encoder) is removed.