Custom Crypto Policies by Examples
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 490 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/47225 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2020380 / 490
4
7
9
10
14
15
16
25
26
29
31
33
34
35
37
40
41
42
43
45
46
47
50
51
52
53
54
58
60
64
65
66
67
70
71
72
74
75
76
77
78
82
83
84
86
89
90
93
94
95
96
98
100
101
105
106
109
110
116
118
123
124
130
135
137
141
142
144
146
151
154
157
159
164
166
167
169
172
174
178
182
184
185
186
187
189
190
191
192
193
194
195
200
202
203
204
205
206
207
208
211
212
214
218
222
225
228
230
232
233
235
236
240
242
244
249
250
251
253
254
258
261
262
266
267
268
271
273
274
275
278
280
281
282
283
284
285
286
288
289
290
291
293
295
296
297
298
301
302
303
305
306
307
310
311
315
317
318
319
328
333
350
353
354
356
359
360
361
370
372
373
374
375
379
380
381
383
385
386
387
388
391
393
394
395
397
398
399
401
409
410
411
414
420
421
422
423
424
425
427
429
430
434
438
439
444
449
450
454
457
458
459
460
461
464
465
466
468
469
470
471
472
480
484
486
487
489
490
00:00
CryptographyAlgorithmInformation managementCryptographySoftware engineeringPrincipal idealLecture/Conference
00:41
CryptographyAdditionLecture/Conference
01:10
CryptanalysisEvoluteCryptographyTerm (mathematics)Communications protocolMathematicsAlgorithmLecture/Conference
02:04
Communications protocolMathematicsVirtual machineSet (mathematics)Configuration spaceLevel (video gaming)SoftwareDifferent (Kate Ryan album)AlgorithmLine (geometry)CryptographyWeb 2.0Lecture/Conference
03:52
Computer fileCore dumpLibrary (computing)Physical systemConfiguration spaceAsynchronous Transfer ModeMultiplication signBootingAlgorithmMultiplicationMathematicsLevel (video gaming)Cartesian coordinate systemSymmetric matrixParameter (computer programming)Transport Layer SecurityDefault (computer science)Information securityMatching (graph theory)CryptographyRevision controlOcean currentData managementFlow separationImplementationTelecommunicationLecture/Conference
09:37
DampingLevel (video gaming)CryptographyElectronic signatureParameter (computer programming)Computer fileConfiguration spaceLibrary (computing)Front and back endsLimit (category theory)Normal (geometry)Symmetric matrixLengthSchlüsselverteilungElectronic mailing listHash functionMaxima and minimaKey (cryptography)Revision controlGroup actionFile formatCASE <Informatik>AlgorithmModule (mathematics)MathematicsDifferent (Kate Ryan album)Lecture/Conference
14:22
Limit (category theory)Lecture/Conference
14:48
Key (cryptography)Public key certificateBitWebsiteRegular graphPressureCommunications protocolLibrary (computing)Electronic mailing listRevision controlFront and back endsTransport Layer SecurityGroup actionWeb browserSchlüsselverteilungAddress spaceConfiguration spaceLevel (video gaming)Multiplication signCartesian coordinate systemAlgorithmScripting languagePlanningComputer fileEncryptionElectric generatorComputer configurationError messageDampingCryptographyOrder (biology)Formal languageMultiplicationSelectivity (electronic)Ocean currentLecture/Conference
22:29
MultiplicationDampingSingle-precision floating-point formatFile formatCryptographyAlgorithmLevel (video gaming)Service (economics)Physical systemCASE <Informatik>Connected spaceClient (computing)System administratorServer (computing)Lecture/Conference
24:54
Point cloudOpen sourceFacebook
Transcript: English(auto-generated)
00:06
So, it's 11, so let's start, welcome Tomáš. My name is Tomáš Braš, I work in Red Hat Czech in Brno, in Czech Republic, and I am
00:27
a principal software engineer in the crypto team. Basically we work about all the crypto technologies in Red Hat Enterprise Linux, and also Fedora of course.
00:43
What we will be discussing today, we start with some motivation, we will talk about crypto policies in general, about custom crypto policies, which is a new addition to this tool, and we will also talk about, we will show some examples of custom crypto policies,
01:06
we will talk about future a little, and that will be summary. For the motivation, cryptography and cryptanalysis goes hand in hand, and basically the evolution
01:25
of algorithms and protocols is faster and faster. You can never be fully sure that once you deploy something, like next year, it will be secure enough, so you need to accommodate for the changes.
01:45
Here is some example of changing technology in terms of crypto protocols, TLS, you can see here how the protocols were standardized, and when they were insecure, that's basically
02:04
where the line stopped to be full, where they were found to be insecure, of course they were insecure from the start, but nobody knew that, so we currently have still 1.2, which is fairly secure still, and 1.3 is new thing.
02:25
So you have some pretty nice guides, how to set up your web server, SSH server, whatever, other application, how to set up it so it's very, very secure and uses
02:44
the up-to-date algorithms and protocols and so on. But these guides, here is one of the example, are very, very long, and you have to go through them, set up, change configuration files, so on.
03:03
What if you need to apply these crypto settings and changes for the current configuration regularly to hundreds of machines, various kinds of machines on your network, and some
03:23
of them are virtual machines maybe, and containers or whatever. And the other thing, to complicate things even more, various machines usually have different needs or levels of needs to communicate with legacy devices, various old hardware,
03:47
Cisco boxes, I don't know what you can have on your network. Crypto policies come to rescue, because they are centrally managed on the system,
04:01
they provide you multiple predesigned policy levels, and they also simplify FIPS support if you care about it, if you are enterprise, if you want to sell to US government or related institutions. What does it mean it's centrally managed on the system?
04:22
There is a single command, update crypto policies dash dash set, and you provide a level you want to set on your system. This single command manages configuration for all these core crypto libraries,
04:46
as we call them, and also some applications on the Fedora or RHEL system. RHEL is basically all the core libraries that are used by the base system applications.
05:10
When the update crypto policies command runs, it transforms a simple policy definition file into separate configuration file snippets,
05:24
that are loaded or included by the configuration files of these libraries or applications. Let's talk about the levels that we provide, which we kind of predesigned.
05:44
The most lenient level is legacy, which provides you 64-bit security. It also enables RC4 and 3DS, but only for some applications,
06:01
for the applications or libraries where we decided that it's no longer relevant at all, it's also disabled for these. The default level, here are the levels for Fedora actually, the default level still enables TLS 1.0 and TLS 1.1,
06:22
but disables all the RC4 and 3DS. The next policy level, which is actually the default for RHEL Enterprise Linux 8, enables only TLS 1.2, and it also requires Diffie-Hellman parameters to be larger than 2 kilobits,
06:47
the same for RSA and DSA. At the time when we started, 4F was not acceptable, because it still broke some websites.
07:01
But I suppose that in the next release we will change the default for Fedora as well to this level. The future level is kind of special because it allows you to test whether your application or system or whatever is prepared for some of the future changes.
07:27
Of course, it cannot enable things that are not implemented in the libraries, but it at least drops support for 128-bit symmetric ciphers, which basically, in this particular part, it will prepare you for a post-quantum situation.
07:49
And the fifth policy is special because it removes support for all algorithms that are not approved for FIPS.
08:01
The simplification of the FIPS mode with the crypto policies is provided also by having just a single command that will enable the system FIPS mode for you. Because previously, for example, on RHEL 7 or older releases,
08:22
you had to follow a few steps that you would have to do to enable the system FIPS mode. Now we will just run a single command and reboot. So to summarize, the system crypto policies provide central management on the system
08:45
by a single command that controls all the core crypto libraries and applications using crypto. There are multiple pre-designed policy levels which provide up-to-date security, also communication with legacy systems or preparation for future. And there is a FIPS support provided as well,
09:06
and simplification of the FIPS mode and implement. And where you can get this tool on current Fedora versions or old supported Fedora versions and Red Hat Enterprise Linux 8.
09:24
But what if the predefined policy levels don't match your requirements? Now custom crypto policies come to rescue, which is a new improvement of this tool. With this feature, you can define your own crypto policies from scratch
09:48
or you can modify existing predefined policy levels. How to do that? When you define your full policy from scratch, you place the full policy definition file into one of these two directories,
10:10
and the file needs to be named policy.pol with the upper case in the name, in the file name is important because otherwise the tool won't recognize it.
10:25
The format of the file is kind of simple, although you of course have to know the names of the algorithms. But as you can see here, you have hash. It's a simple key equals value format
10:44
where most of the values are lists of algorithm names, such as here, we can have all the various hash algorithms. This is actually excerpt from user-shared crypto policies,
11:02
policy's future poll, and provide, as you can see, only SHA-2 and SHA-3 hashes are enabled in the future policy. Here is a setting for key exchanges. This is the group key.
11:24
Again, you can see here that these are the safe crypto curves, and here are the normal list curves, and the normal Diffie-Hellman parameters of these lengths.
11:47
And in future policy, you can see the minimum TLS version is 1.2. Minimum size of the RSA keys are three kilobits. Of course, there are other values for symmetric ciphers,
12:01
signature algorithms, and other parameters. But you might probably not want to design your policy from scratch, full policy from scratch.
12:23
One of the reasons why not to do that is because the various crypto backends have, or the way how the policy is transformed into the actual configurations file for the libraries
12:42
has some limitations. Basically, the limitations are due to the way how the libraries are being configured. We did not, like we added some changes, but we did not try to really, really reinvent all the configurations for all the libraries. So there are definitely some limitations
13:02
on what you can set with one library and another. And for that reason, it might be a good idea to just modify existing policy with the so-called policy modifier module. These modules need to be placed
13:21
into the modules subdirectory, and they have a different suffix, pmod. And the uppercase in the name of the module is important. So here will be some examples of the modifiers.
13:41
For example, you can disable SHA-1 hash. You just basically apply these changes to the original policy. That means minus SHA-1 means remove SHA-1 from the list of the hash algorithms.
14:02
Minus RSA PSS SHA-1, RSA SHA-1, ECDSA SHA-1, remove these signature algorithms from the list of signature algorithms in the base policy. How to apply this modifier?
14:22
Basically, with this command, you append with a colon, no SHA-1, you append it to the base policy, and the policy will be modified accordingly. You can, of course, there is no limitation on,
14:43
if you have a module, on which base policy you apply it. It can be applied on any other policy, like future. But for future policy, it has no effect, because there is already, the SHA-1 is already disabled there.
15:01
Another example. By default, Camellia is enabled only for non-TLS applications or protocols. With this plus name of the algorithm, you add it to the list of the enabled algorithms for TLS.
15:29
Here, just for, there is no problem if you just, if they're in the base policy, if the Camellia is already enabled, if you add it again, there is no error or no problem with that.
15:42
So it's a good idea to be for sure that I enable it everywhere. I put it for both TLS and non-TLS ciphers. The other option is to put the plus after the name of the algorithm,
16:01
which just changes the order where the algorithm's output, because if you put the plus before the name of the algorithm, it will be inserted on the beginning of the list. If you put it at the end of the algorithm name, it will be put last or appended to the list.
16:25
You can, for example, disable all TLS protocol versions in legacy policy by the settings. There is a kind of duplication because some of the backends of the libraries don't allow to selectively disable protocol by protocol,
16:42
and for these backends, there is the main TLS version or main DTLS version. For the others, you can selectively use this list to disable all the protocols you don't want.
17:02
SSL3, by the way, is already dropped, removed, disabled. No need to disable it anywhere because it's already dropped from the libraries. Here is another example to just make the future policy
17:21
a little bit more lenient because by default, most of the websites have only two kilobits RSA keys for certificates. This is the most probable reason why if you set future policy, you won't be able to connect to many websites.
17:40
You could adjust the future policy with this modifier, and you would be probably almost possible to use future policy for regular web browsing. Or you can only allow, for example,
18:01
ECDH and ECDH with pressure keys. This is basically the situation for OpenSSL on TLS 1.3 already It does not support the FFDH groups
18:22
on TLS 1.3. It supports only forward secrecy enabling key exchanges. By this way, you just remove all the remaining algorithms
18:41
from the key exchange. There is a kind of deficiency because what would be more logical would be to have the policy modifier to just set the ECDH and ECDH PSK to key exchange, but the current version doesn't support this.
19:07
The policy modifiers can be applied, multiple policy modifiers can be applied at once. So basically, you just put all these
19:20
one after another. The important thing to understand is that the generation of the actual configuration files for the libraries is done at the configured time. Basically, when you run the UpdateCryptoPolicies script.
19:44
This is important because this allows for changing things in new versions of the UpdateCryptoPolicies tool.
20:02
For example, OpenSSL backend could allow more fine-grained selection of the algorithms because currently it's kind of simple. Or even new backend could be added to be supported.
20:21
For example, we are planning to have Go language supported with a separate configuration. So you would not need to like, regenerate your policy files or whatever.
20:41
You would just automatically, on the upgrade of the package, the configuration will be updated and everything will be good, hopefully. So to summarize, with custom crypto policies, you can define your crypto policy from scratch
21:01
in a simple policy definition file and you can modify existing predefined policy levels by adding or removing enabled algorithms or protocols. the generation of backend configurations is done when UpdateCryptoPolicies script is run.
21:22
The future plans. One big thing ahead is handling of SHA-1 deprecation. This is one of the reasons we need to change the backend for OpenSSL.
21:40
We need to be able to basically selectively disable SHA-1. Currently, this is not possible easily. And yeah, that's basically what I've already talked about. The fine-grained backend configurations for GNU TLS is already improved.
22:02
It was, in previous versions, on the more similar level to OpenSSL. And yeah, we would like to, at some point, think about data address support, but that's a much harder topic. Currently, mostly the crypto policies
22:22
affect only the protocol usage of our algorithms in data in transit. So, quick summary. Single command to rule them all. Algorithms and libraries, multiple pre-assigned policy levels,
22:41
custom crypto policies can be created from scratch by policy modification and very simple policy definition format. Thank you. Any questions? Do these policies also apply to containers running on the operating system?
23:01
They would apply to containers only if you, inside the container, you have the system with the policies. Basically, if you have Fedora inside the container, or RL8, you will have crypto policies.
23:20
It depends on your use case. Is there any support to distinguish between client and server connections? So, say you're trying to
23:42
insist that clients connect to your service with this particular level, but then your service then has to connect to another service with a different level. Does that make sense? So, you're talking to a legacy system, say? If you have multiple systems... Well, just between the connecting client and then say your service has to then
24:01
connect to another legacy service, which you can't control the crypto you can use on it, can you define a policy for the incoming connections to be at a high level, say for the clients on the general Internet, but then you can have a low level for your legacy? Maybe I don't understand the question. Do the policies apply to the whole system?
24:22
They don't selectively apply to servers, clients, whatever. They are kind of general things to be simple, like for the admin to select. So, if you have any questions further,
24:43
I will answer it outside.
Recommendations
Series of 8 media