Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enablement of other TPM 2 algorithms: Assess which Distros' OpenSSL supports 'what' #206

Open
stefanberger opened this issue Mar 4, 2021 · 8 comments

Comments

@stefanberger
Copy link
Owner

Assess the support of encryption and hash algorithms that libtpms could still enable and in which distros they are supported.

@stefanberger stefanberger changed the title Enablement of other TPM 2 algorithms: Assess which Dsitros' OpenSSL supports it. Enablement of other TPM 2 algorithms: Assess which Distros' OpenSSL supports 'what' Mar 4, 2021
@stefanberger
Copy link
Owner Author

stefanberger commented Oct 10, 2021

SHA3: grep -r SHA3_ /usr/include/openssl/ or openssl dgst --list | grep sha3
SM2: grep -r SM2 /usr/include/openssl/
SM3: grep -r SM3 /usr/include/openssl/ or openssl dgst --list | grep sm3
SM4: grep -r SM4 /usr/include/openssl/ or openssl enc -ciphers | grep sm4
Camellia: readelf -s /usr/lib64/libcrypto.so| grep Camellia or openssl enc -ciphers | grep camellia

SHA3 hash family SM3 (hash) SM4 (sym. crypto) Camellia (crypto)
RHEL 8 yes yes no yes
CentOS 9 yes yes no yes
Ubuntu 18.04 no no yes yes
Ubuntu 20.04 yes yes yes yes
Fedora 34 yes yes no yes
Alt Linux (Sisyphus) yes yes yes yes
SuSE Leap (15.3) yes yes yes yes
SuSE Tumbleweed (20210806) yes yes yes yes
Alpine (3.14.1) yes yes no yes
Debian (10=buster) yes yes yes yes
Cygwin yes yes no yes
OpenBSD 6.8 no yes yes yes
DflyBSD no yes yes yes
FreeBSD yes yes yes yes
OS X no no no yes
Summary No: SHA3 context structure not accessible No: APIs for SM3 (EVP) do not fit with 'level' of SHA APIs; SM3 context not accessible breaks one TpmProfile.h accross distros yes (enabled in v0.9)

(1): SHA3 family and/or SM3 hash would have to be enabled in firmwares also to appropriately measure, extend into PCR banks of those hashes, and log (EDK2, SLOF, SeaBIOS, etc.) IF the PCR bank were to be enabled; IMA also needs to supported them

@DemiMarie
Copy link

OpenSSL is not a good fit for libtpms. Nettle seems like a much better choice.

@stefanberger
Copy link
Owner Author

OpenSSL is not a good fit for libtpms. Nettle seems like a much better choice.

Why is/was Nettle better than OpenSSL's crypto library? Is it available across all the Linux & BSD distros like OpenSSL or LibreSSL?

The decision whether to use OpenSSL was made several years ago also based on the fact that the TPM 2 reference code was based on OpenSSL (partially at least) and for better or worse it's OpenSSL crypto now -- it's also a bandwidth issue on my side. A reason back then was certainly that OpenSSL's crypto library had the API that the TPM 2 needed and experience with it. How the API evolved over time, what is being deprecated over time, is not something that was foreseeable.

@DemiMarie
Copy link

OpenSSL is not a good fit for libtpms. Nettle seems like a much better choice.

Why is/was Nettle better than OpenSSL's crypto library?

OpenSSL is intended to be a high-level crypto library for use by applications. Nettle is intended to be a low-level crypto library that directly exposes the underlying primitives. From what I have observed, libtpms and the TPM 2 reference code need the latter, not the former.

To the best of my knowledge, Nettle also provides a much more stable API than OpenSSL. Despite suppressing deprecation warnings, I cannot compile Microsoft’s TPM reference implementation because of OpenSSL API changes. I do not believe Nettle has had anywhere near as many API changes, which is likely because it is a lower-level library.

Is it available across all the Linux & BSD distros like OpenSSL or LibreSSL?

I believe so. It also follows a policy of zero memory allocations for its symmetric cryptography. The asymmetric cryptography is not zero-allocations, but I suspect patches to make it so would be accepted. Nettle is also on the list of approved cryptographic libraries in RHEL.

The decision whether to use OpenSSL was made several years ago also based on the fact that the TPM 2 reference code was based on OpenSSL (partially at least) and for better or worse it's OpenSSL crypto now -- it's also a bandwidth issue on my side. A reason back then was certainly that OpenSSL's crypto library had the API that the TPM 2 needed and experience with it. How the API evolved over time, what is being deprecated over time, is not something that was foreseeable.

That is absolutely understandable.

@gaetan-sbt
Copy link

Would you consider implementing other EC curves, like 25519? They've been accepted in the TCG standard.

@stefanberger
Copy link
Owner Author

Would you consider implementing other EC curves, like 25519? They've been accepted in the TCG standard.

Considering, 'yes'. Will have to look how it can be supported across all distros.

@gaetan-sbt
Copy link

Ok. How can I help with that? Easiest way I know to check for support is to check the return value for
openssl genpkey -algorithm x25519.

From what I could check on my machines:

  • Debian 11: yes
  • OS X: yes

@stefanberger
Copy link
Owner Author

stefanberger commented Jul 15, 2024

Ok. How can I help with that?

I am not sure yet how this curve needs to be implemented. But any step towards an implementation may be helpful... including test cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants