Fedora Crypto Consolidation Project

Steve Grubb sgrubb at redhat.com
Wed Aug 22 12:32:32 UTC 2007


Hi,

I wanted to announce a new Fedora Project that will span several distro 
releases and outline the reasons why we are starting this project. I believe 
this issue affects the whole Open Source Community. But don't think anyone 
has explained all the issues.

The basic problem is that users want to have high quality, tested crypto that 
can meet any certifications that the user wishes to deploy into, is easy to 
manage, and works seamlessly across all applications. 

Wouldn't it be neat if you could obtain a digital certificate from a CA using 
Firefox, and then immediately turn around and use it to ssh to another 
machine? Wouldn't it be nice to be able to turn off SSL2 in a central control 
panel, and be guaranteed that all apps on your desktop obey that decision? 
Wouldn't it be cool if every app needing crypto noticed that you inserted a 
smart card, and immediately took advantage of it for operations like signing 
email or setting up IPSec connections? 

What prevents this is two problems: lack of tested crypto engine and the 
proliferation of crypto into many packages. In order to deploy Fedora into 
some environments like government or financial settings, you have to have a 
crypto engine that passes FIPS 140-2. This certification ensures that the 
crypto is correct for the algorithms tested.

The other problem is that there are dozens of packages that implement their 
own version of crypto functions. If they make a mistake in one, the others 
need to be checked to see if they copied the same bug. Because they are all 
implemented separately, no sharing of keys, algorithm selection, or other 
configuration data is possible. 

The current state of certified crypto is that OpenSSL has passed a level 1 
certification on a version that Red Hat has never shipped and therefore 
unusable. Then there is NSS which is certified regularly at level 2. A level 
1 crypto cert means that its good for use in Single User Mode, while level 2 
means its good for multi-user mode. I'm not aware of any other FIPS 
certifications of crypto contained within Fedora. So its down to these two.

So, if we want to make crypto easier to manage and enable Fedora's use in 
these environments, that leaves us with a choice to make. We looked at 
OpenSSL which has been supported well in the community, but it seems to have 
a flaw that makes it unsuitable. For some applications like openssh, it draws 
the crypto boundary inside the application. Openssh has to handle raw crypto 
keys. This means that not only does OpenSSL need FIPS certification, but 
openssh does, too.

If the crypto boundary was completely contained within the library and the 
library has been FIPS 140-2 certified, many applications will gain the cert 
just by linking to it. Its that simple. The only requirement is to follow the 
system security policy. Nss only allows applications to have a handle to a 
crypto session and the keys are not accessible to the application.

What we'd like to do in order to enable certified crypto is to update some 
applications so that they can link against either OpenSSL or NSS. For Fedora, 
we would then set the configure option to use NSS. We only want to do 2-3 
packages for Fedora 8 and then some more in Fedora 9. We've already converted 
some apps, like pam_pkcs11. Apache has mod_nss. We've built some tools to 
help with enabling NSS by using an an abstraction library that presents some 
of OpenSSL's API for easy conversion, while allowing other upstream users to 
continue to use other libraries. Now we want to expand the effort and bring 
other packages on-board.

Linux has a plethora of applications which use encryption technologies. Most 
of these applications use encryption as a minor part the the application's 
main functionality, just as it uses name service, file system services, etc. 
Getting these applications on single toolkit will allow new encryption 
technologies (like pkix, new crypto algorithms, etc.) to be added without 
adding a burden on each of the many applications that use crypto.

We're looking for people interested in enabling NSS in their packages and 
feeding the changes upstream.

For those unfamiliar with NSS, its the Secure Sockets library in FireFox. 
There are already several applications using it such as Thunderbird and 
evolution. More information about it can be found here:  

http://www.mozilla.org/projects/security/pki/nss/


For more information about this Fedora Project, please see:
http://fedoraproject.org/wiki/FedoraCryptoConsolidation


Some developer resources:
http://fedoraproject.org/wiki/nss_compat_ossl


And a comparison of crypto libraries:
http://fedoraproject.org/wiki/CryptoConsolidationEval


-Steve Grubb




More information about the devel mailing list