OpenBSD Cryptographic Framework

Last updated

The OpenBSD Cryptographic Framework (OCF) is a service virtualization layer for the uniform management of cryptographic hardware by an operating system. It is part of the OpenBSD Project, having been included in the operating system since OpenBSD 2.8 (December, 2000). Like other OpenBSD projects such as OpenSSH, it has been ported to other systems based on Berkeley Unix such as FreeBSD and NetBSD, and to Solaris and Linux. [1] [2] One of the Linux ports is supported by Intel for use with its proprietary cryptographic software and hardware to provide hardware-accelerated SSL encryption for the open source Apache HTTP Server. [3]

Contents

Background

Cryptography is computationally intensive and is used in many different contexts. Software implementations often serve as a bottleneck to information flow or increase network latency. Specialist hardware such as cryptographic accelerators can mitigate the bottleneck problem by introducing parallelism. Certain kinds of hardware, hardware random number generators, can also produce randomness more reliably than a pseudo-random software algorithm by exploiting the entropy of natural events.[ citation needed ]

Unlike graphics applications such as games and film processing where similar hardware accelerators are in common use and have strong operating system support, the use of hardware in cryptography has had relatively low uptake.[ citation needed ] By the late 1990s, there was a need for a uniform operating system layer to mediate between cryptographic hardware and application software that used it. The lack of this layer led to the production of applications that were hard-coded to work with one or a very small range of cryptographic accelerators.

The OpenBSD Project, which has a history of integrating strong, carefully audited cryptography into its operating system's core, produced a framework for the provision of cryptographic hardware acceleration as an operating system service.

/dev/crypto

Application-level support is provided through the pseudo-device /dev/crypto, which provides access to the hardware drivers through a standard ioctl interface. This simplifies the writing of applications and removes the need for the application programmer to understand the operational details of the actual hardware that will be used. [4] /dev/crypto was removed in OpenBSD 5.7, having been superseded by the crypto_ suite of syscalls.

Implications for other subsystems

The OpenBSD implementation of IPsec, the packet-level encryption protocol, was altered so that packets can be decoded in batches, which improves throughput. One rationale for this is to maximize efficiency of hardware usage—larger batches reduce the bus transmission overhead—but in practice the IPsec developers have found that this strategy improves the efficiency even of software implementations.

Many Intel firmware hubs on i386 motherboards provide a hardware random number generator, and where possible this facility is used to provide entropy in IPsec.

Because OpenSSL uses the OCF, systems with hardware that supports the RSA, DH, or DSA cryptographic protocols will automatically use the hardware without any modification of the software.

Backdoor allegations investigated

On 11 December 2010, a former government contractor named Gregory Perry sent an email to OpenBSD project leader Theo de Raadt alleging that the FBI had paid some OpenBSD ex-developers 10 years previously to compromise the security of the system, inserting "a number of backdoors and side channel key leaking mechanisms into the OCF". Theo de Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase. [5] [6] De Raadt's response was skeptical of the report and he invited all developers to independently review the relevant code. In the weeks that followed, bugs were fixed but no evidence of backdoors was found. [7]

Similarly named Solaris product

Oracle's proprietary operating system Solaris (originally developed by Sun) features an unrelated product called the Solaris Cryptographic Framework, a plug-in system for cryptographic algorithms and hardware.

See also

Related Research Articles

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

<span class="mw-page-title-main">Theo de Raadt</span> Leader of the OpenBSD project

Theo de Raadt is a South African-born software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects and was also a founding member of NetBSD. In 2004, De Raadt won the Free Software Award for his work on OpenBSD and OpenSSH.

IPFilter is an open-source software package that provides firewall services and network address translation (NAT) for many Unix-like operating systems. The author and software maintainer is Darren Reed. IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

<span class="mw-page-title-main">TLS acceleration</span> Method to accelerate Transport Layer Security

TLS acceleration is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator.

Crypto API is a cryptography framework in the Linux kernel, for various parts of the kernel that deal with cryptography, such as IPsec and dm-crypt. It was introduced in kernel version 2.5.45 and has since expanded to include essentially all popular block ciphers and hash functions.

<span class="mw-page-title-main">Random number generation</span> Producing a sequence that cannot be predicted better than by random chance

Random number generation is a process by which, often by means of a random number generator (RNG), a sequence of numbers or symbols that cannot be reasonably predicted better than by random chance is generated. This means that the particular outcome sequence will contain some patterns detectable in hindsight but unpredictable to foresight. True random number generators can be hardware random-number generators (HRNGS) that generate random numbers, wherein each generation is a function of the current value of a physical environment's attribute that is constantly changing in a manner that is practically impossible to model. This would be in contrast to so-called "random number generations" done by pseudorandom number generators (PRNGs) that generate numbers that only look random but are in fact pre-determined—these generations can be reproduced simply by knowing the state of the PRNG.

The OpenBSD operating system focuses on security and the development of security features. According to author Michael W. Lucas, OpenBSD "is widely regarded as the most secure operating system available anywhere, under any licensing terms."

<span class="mw-page-title-main">Comparison of open-source wireless drivers</span> Wikimedia list article

Wireless network cards for computers require control software to make them function. This is a list of the status of some open-source drivers for 802.11 wireless network cards.

In the context of free and open-source software, proprietary software only available as a binary executable is referred to as a blob or binary blob. The term usually refers to a device driver module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs. The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.

<span class="mw-page-title-main">Cryptographic accelerator</span>

In computing, a cryptographic accelerator is a co-processor designed specifically to perform computationally intensive cryptographic operations, doing so far more efficiently than the general-purpose CPU. Because many servers' system load consists mostly of cryptographic operations, this can greatly increase performance.

In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators. A lack of entropy can have a negative impact on performance and security.

<span class="mw-page-title-main">OpenBSD</span> Security-focused Unix-like operating system

OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. According to the website, the OpenBSD project emphasizes "portability, standardization, correctness, proactive security and integrated cryptography."

An Advanced Encryption Standard instruction set is now integrated into many processors. The purpose of the instruction set is to improve the speed and security of applications performing encryption and decryption using Advanced Encryption Standard (AES).

There are various implementations of the Advanced Encryption Standard, also known as Rijndael.

wolfSSL is a small, portable, embedded SSL/TLS library targeted for use by embedded systems developers. It is an open source implementation of TLS written in the C programming language. It includes SSL/TLS client libraries and an SSL/TLS server implementation as well as support for multiple APIs, including those defined by SSL and TLS. wolfSSL also includes an OpenSSL compatibility interface with the most commonly used OpenSSL functions.

<span class="mw-page-title-main">NetBSD</span> Open-source Unix-like operating system

NetBSD is a free and open-source Unix operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was forked. It continues to be actively developed and is available for many platforms, including servers, desktops, handheld devices, and embedded systems.

RDRAND is an instruction for returning random numbers from an Intel on-chip hardware random number generator which has been seeded by an on-chip entropy source. Intel introduced the feature around 2012, and AMD added support for the instruction in June 2015.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">LibreSSL</span> Open-source implementation of TLS protocols; forked from OpenSSL in 2014

LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.

Lazy FPU state leak, also referred to as Lazy FP State Restore or LazyFP, is a security vulnerability affecting Intel Core CPUs. The vulnerability is caused by a combination of flaws in the speculative execution technology present within the affected CPUs and how certain operating systems handle context switching on the floating point unit (FPU). By exploiting this vulnerability, a local process can leak the content of the FPU registers that belong to another process. This vulnerability is related to the Spectre and Meltdown vulnerabilities that were publicly disclosed in January 2018.

References

  1. Linux-cryptodev Archived 2012-03-20 at the Wayback Machine
  2. Keromytis, Wright, de Raadt and Burnside, Cryptography As An Operating System Service: A Case Study, ACM Transactions on Computing Systems, Vol 23, No 1, February 2006, pages 1-38, PDF
  3. Intel Corporation, 2008, OpenSSL and Apache--Software
  4. crypto(4) in OpenBSD manual
  5. de Raadt, Theo (2010-12-14). "Allegations regarding OpenBSD IPSEC". openbsd-tech (Mailing list).
  6. Holwerda, Thom (2010-12-14), "FBI Added Secret Backdoors to OpenBSD IPSEC", OSNews , retrieved 2011-12-13
  7. Ryan, Paul (2010-12-23), "OpenBSD code audit uncovers bugs, but no evidence of backdoor", Ars Technica , Condé Nast Digital , retrieved 2011-01-09
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.