The wikis are now using the new authentication system.
If you did not migrate your account yet, visit https://idp-portal-info.suse.com/

SDB:Crypto-policies

Jump to: navigation, search
The security of the cryptographic algorithms and protocols change over time. In order to have a consistent system-wide way to handle their deprecation we use crypto-policies. This package allows to use predefined policies, to modify existing policies or to create new policies.

Introduction

As promoted by the security-team, we want to unify the cryptographic policies as used by different applications and libraries by introducing the crypto-policies package in Tumbleweed. This package allows to set the cryptographic security level for all applications that use a cryptographic back-end supported by the policies. For now, only OpenSSL and GnuTLS follow these policies but more libraries and applications will be added gradually. Note that, the crypto-policies support was added to Tumbleweed in snapshot 20201216.

Predefined security levels

The main idea is to have three predefined security levels that an administrator can configure by modifying /etc/crypto-policies/config or by using the update-crypto-policies script. These groups of policies are LEGACY, DEFAULT and FUTURE which have the following details:

 * LEGACY
    MACs: All HMAC with SHA-1 or better + all modern MACs (Poly1305, ...)
    Curves: All prime >= 255 bits (including Bernstein curves)
    Signature algorithms: SHA-1 hash or better (DSA allowed)
    TLS Ciphers: All available >= 112-bit key, >= 128-bit block (including RC4 and 3DES)
    Non-TLS Ciphers: same as TLS ciphers with added Camellia
    key exchange: ECDHE, RSA, DHE
    DH params size: >= 1024
    RSA params size: >= 1024
    TLS protocols: TLS >= 1.0, DTLS >= 1.0
 * DEFAULT
    MACs: All HMAC with SHA-1 or better + all modern MACs (Poly1305, ...)
    Curves: All prime >= 255 bits (including Bernstein curves)
    Signature algorithms: With SHA-256 hash or better (not DSA)
    TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC)
    non-TLS Ciphers: as TLS Ciphers with added Camellia
    key exchange: ECDHE, RSA, DHE (no DHE-DSS)
    DH params size: >= 2048
    RSA params size: >= 2048
    TLS protocols: TLS >= 1.2, DTLS >= 1.2
 * FUTURE
    MACs: All HMAC with SHA-256 or better + all modern MACs (Poly1305, ...)
    Curves: All prime >= 255 bits (including Bernstein curves)
    Signature algorithms: SHA-256 hash or better (not DSA)
    TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers
    non-TLS Ciphers: same as TLS ciphers with added non AE ciphers and Camellia
    key exchange: ECDHE, DHE (no DHE-DSS, no RSA)
    DH params size: >= 3072
    RSA params size: >= 3072
    TLS protocols: TLS >= 1.2, DTLS >= 1.2

These policies can also change over time together with the security of the cryptographic components. Having crypto-policies allows to easily handle the deprecation of algorithms or protocols system-wide and in a transparent manner.

On a fresh install of the crypto-policies package, the DEFAULT policy is set as the default policy. The actual policy in use can be checked with the update-crypto-policies command:

   update-crypto-policies --show

Some policies could break applications that connect to servers which use weak cryptographic algorithms. If this occurs, you could use the LEGACY policy level until resolved by using update-crypto-policies:

   update-crypto-policies --set LEGACY

If we notice significant user experience degradation, e.g., due to many custom servers utilizing legacy protocols, we will consider postponing that change or adapt that policy.

Create a new policy

Defining a new policy from scratch requires to create a file named <POLICY>.pol, where the name must be in uppercase and without spaces. This file must be located in the /etc/crypto-policies/policies folder or in /usr/share/crypto-policies/policies. As shown before, the newly created policy can be applied with:

  update-crypto-policies --set <POLICY>

As examples of policies, see the .pol files in /usr/share/crypto-policies/policies/.

Modify existing cryptographic policies

The cryptographic policies can be set with policy modifiers to adjust certain algorithms or protocols. Modifying an existing policy can be done via policy modifier modules. These policy modifiers are text files, with extension .pmod, that include the modifications. The name of the modifier module must be <MODULE>.pmod, where <MODULE> is the name of the modifier in uppercase and without spaces. These files must be located in the /etc/crypto-policies/policies/modules folder, or in the /usr/share/crypto-policies/policies/modules folder if they come pre-installed).

For example, to disable SHA-1 hash, the modifier module /usr/share/crypto-policies/policies/modules/NO-SHA1.pmod contains:

   hash = -SHA1
   sign = -RSA-PSS-SHA1 -RSA-SHA1 -ECDSA-SHA1

And, the newly customized policy can be applied with:

   update-crypto-policies --set DEFAULT:NO-SHA1

Enforcing system crypto-policies

To follow the crypto-policies, some application's configuration file or compilation option should set a system default option. That is, for example, for applications that use GnuTLS or OpenSSL a priority string or cipher named "SYSTEM". Then, the shipped library will make sure that, once the "SYSTEM" option is encountered, the pre-configured system settings will be applied. When an application doesn't specify any default settings, the system settings should apply.

For example, for OpenSSL and GnuTLS this is:

  • OpenSSL: The cipher string "PROFILE=SYSTEM" will be used to specify the system ciphers. Any applications not explicitly specifying ciphers will use the system ciphers.
  • GnuTLS: The "@SYSTEM" priority string will be used to specify the system ciphers. Any applications using gnutls_set_default_priority() will also use the system ciphers.

We have carefully reviewed the packages that depend on GnuTLS and OpenSSL. Please, report back to us if you find any inconsistency opening a bug in openSUSE bugzilla.

Documentation and upstream project

For more information, please refer to the following man pages:

   man 7 crypto-policies
   man 8 update-crypto-policies

Check out also the upstream project in crypto-policies GitLab and the openSUSE conference presentation.