From 0b77c33d970b7a02d08a64f9956e4210856cdae5 Mon Sep 17 00:00:00 2001
From: c0de <c0de@c0de.dev>
Date: Wed, 4 Oct 2023 15:30:08 -0500
Subject: [PATCH] Add a warning about ROCA

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 1c6bf6e..86292bb 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,17 @@ of them depend on underlying hardware support and available
 - Command and response chaining
 - AES 128/256 bits deciphering primitive
 
+## Warnings
+
+### ROCA
+
+[Infineon SLE78](https://www.infineon.com/cms/en/product/security-smart-card-solutions/security-controllers/contactless-and-dual-interface-security-controllers/) chips are vulnerable to [ROCA](https://crocs.fi.muni.cz/public/papers/rsa_ccs17).
+This attack is only relevant if you used on-device key generation. It allows an adversary to obtain your private key, using only your public key.
+
+There isn't much that can be done to rectify this, other than generating the private RSA keys off of your device and importing them. [Other work arounds](https://crocs.fi.muni.cz/public/papers/rsa_ccs17#detection_tools_mitigation_and_workarounds). (Using the [OpenCrypto JCMathLib](https://github.com/OpenCryptoProject/JCMathLib) to handle the cryptographic functions may work too)
+
+Use [this tool](https://github.com/crocs-muni/roca#install-with-pip) to determine if your public keys are vulnerable.
+
 ## Default values
 
 The SmartPGP applet is configured with the following default values: