[WIP] Add global crypto policies

xml/book_security.xml

@@ -60,6 +60,7 @@
  <xi:include href="security_yast2_security.xml"/>
  <xi:include href="security_polkit.xml"/>
  <xi:include href="security_acls.xml"/>
+ <xi:include href="security_cryptopolicy.xml"/>
 <!-- this is very outdated, removing until I can rewrite
  it with updated information cschroder 12 Dec 2021
  <xi:include href="security_certificatestore.xml"/>-->

xml/security_cryptopolicy.xml

@@ -0,0 +1,328 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE chapter
+[
+ <!ENTITY % entities SYSTEM "generic-entities.ent">
+ %entities;
+]>
+<chapter xmlns="http://docbook.org/ns/docbook"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="5.0"
+ xml:id="cha-security-cryptopolicies">
+ <!--taroth 2023-04-28
+ Main ToDos (based on https://bugzilla.suse.com/show_bug.cgi?id=1209998#c7)
+ * add new chapter to Security Guide, describe also integration
+ * explain how we intend customers to use the crypto-policies
+ * explain what changed exactly and what impact this has,
+ e.g. if someone updates from SP3 (no active crypto-policies)
+ to SP4 (active crypto-policies)-->
+ <title>Using system-wide cryptographic policies</title>
+ <info>
+ <abstract>
+ <para>
+ TODO
+ </para>
+ </abstract>
+ <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+ <dm:bugtracker></dm:bugtracker>
+ <dm:translation>yes</dm:translation>
+ </dm:docmanager>
+ </info>
+ <sect1 xml:id="sec-security-cryptopolicies-concept">
+ <title>The <command>crypto-policies</command> concept</title>
+
+ <para>
+ The <package>crypto-policies</package> RPM package provides predefined
+ configuration files with cryptographic policies for cryptographic
+ back-ends, such as SSL/TLS libraries. This package allows to set the
+ cryptographic security level for all applications that use a
+ cryptographic back-end supported by the policies.
+ </para>
+
+ <para>
+ Crypto-policies apply to the configuration of the core cryptographic
+ subsystems. They cover the supported secure communications protocols on
+ the base operating system, such as TLS, IKE, IPSec, DNSSec and Kerberos
+ protocols. Crypto-policies allow to handle the deprecation of algorithms
+ or protocols system-wide and in a transparent manner.
+ </para>
+ </sect1>
+ <sect1 xml:id="sec-security-cryptopolicies-predefined">
+ <title>Predefined cryptographic policies</title>
+
+ <para>
+ The <package>crypto-policies</package> package comes with the following
+ predefined policies that can be applied system-wide:
+ </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>BSI</term>
+ <listitem>
+ <para>
+ A security policy based on recommendations by the German government
+ agency BSI (Bundesamt fuer Sicherheit in der Informationstechnik,
+ translated as <literal>agency for security in software
+ technology</literal>). The policy is based on the technical
+ recommendation ruleset <literal>TR 02102</literal>. The BSI TR
+ 02102 standard is updated in regular intervals. This policy does
+ not allow the use of SHA-1 in signature algorithms (except DNSSEC
+ and RPM). The policy also provides some (not complete) preparation
+ for post-quantum encryption support in form of 256-bit symmetric
+ encryption requirement. The RSA parameters are accepted if larger
+ than 2047 bits, and Diffie-Hellman parameters are accepted if
+ larger than 3071 bits. This policy provides at least 128-bit
+ security, excepting the transition of RSA.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>DEFAULT</term>
+ <listitem>
+ <para>
+ A reasonable default policy for today's standards. It allows the
+ TLS 1.2, and TLS 1.3 protocols, as well as IKEv2 and SSH2. The
+ Diffie-Hellman parameters are accepted if they are at least 2048
+ bits long. The level provides at least 112-bit security with the
+ exception of allowing SHA-1 signatures in DNSSec where they are
+ still prevalent.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>FIPS</term>
+ <listitem>
+ <para>
+ A level that conforms to the FIPS 140-2 requirements. This policy
+ is used internally by the <command>fips-mode-setup</command> tool
+ which can switch the system into FIPS 140-2 compliance mode. The
+ level provides at least 112-bit security.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>FUTURE</term>
+ <listitem>
+ <para>
+ A conservative security level that is believed to withstand any
+ near-term future attacks. This level does not allow the use of
+ SHA-1 in signature algorithms. The level also provides some (not
+ complete) preparation for post-quantum encryption support in form
+ of 256-bit symmetric encryption requirement. The RSA and
+ Diffie-Hellman parameters are accepted if larger than 3071 bits.
+ The level provides at least 128-bit security.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>LEGACY</term>
+ <listitem>
+ <para>
+ This policy ensures maximum compatibility with legacy systems. It
+ is less secure and it includes support for TLS 1.0, TLS 1.1, and
+ SSH2 protocols or later. The algorithms DSA, 3DES, and RC4 are
+ allowed, while RSA and Diffie-Hellman parameters are accepted if
+ larger than 1023 bits. The level provides at least 64-bit security.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>
+ Policies can change over time together with the security of the
+ cryptographic components. For the latest details on the individual
+ policies, therefore see the man page of
+ <command>crypto-policies</command>. All predefined policies are located
+ in
+ <filename>/usr/share/crypto-policies/policies/<replaceable>NAME</replaceable>.pol</filename>
+ and are read-only.
+ </para>
+ </sect1>
+ <sect1 xml:id="sec-security-cryptopolicies-switch">
+ <title>Switching to a different crypto-policy</title>
+
+ <para>
+ Use the <command>update-crypto-policies</command> command to view and set
+ the policy which is applied system-wide to the cryptographic back-ends.
+ The policy which has been set with this command is used by these
+ back-ends by default unless the application user configures them
+ otherwise.
+ </para>
+
+ <procedure>
+ <step>
+ <para>
+ To check the crypto-policy that is currently in use:
+ </para>
+<screen>&prompt.root;<command>update-crypto-policies --show</command></screen>
+ </step>
+ <step>
+ <para>
+ To switch to a different policy level, use the <option>--set</option>
+ option:
+ </para>
+ <remark>taroth 2023-07-04: do we need a word of caution here for LEGACY and FIPS?
+ and can we tell that switching to 'LEGACY' enables compatibility with a specific
+ older SLE version, like SLE 12 SP5 or so?
+ </remark>
+ <important>
+ <title>LEGACY crypto-policy is less secure</title>
+ <para>
+ Switching to a LEGACY crypto-policy makes your system and
+ applications less secure.
+ </para>
+ </important>
+ </step>
+ <step>
+ <para>
+ After switching to a different policy reboot the machine to apply the
+ changes to the applications:
+ </para>
+<screen>&prompt.root;<command>reboot</command></screen>
+ </step>
+ </procedure>
+ <tip os="sles">
+ <title>Enabling FIPS mode via script</title>
+ <para>
+ For the FIPS crypto-policy, &suse; also provides a script with which you
+ can comfortably enable the FIPS mode. See
+ <xref linkend="sec-how-to-fips-install"/> for details.
+ </para>
+ </tip>
+ </sect1>
+ <sect1 xml:id="sec-security-cryptopolicies-subpolicies">
+ <title>Customizing existing crypto-policies</title>
+
+ <para>
+ You can modify aspects of any predefined policy by removing or adding
+ algorithms or protocols. This way, you create a subpolicy (or policy
+ modifier module), stored in text files that include the modifications.
+ After creation, one or multiple subpolicies can be applied on the command
+ line to one of the predefined policies. For details, see
+ <xref linkend="ex-crypto-policy-subpolicy"></xref>.
+ </para>
+
+ <para>
+ You can find example subpolicies in
+ <filename>/usr/share/crypto-policies/policies/modules</filename>.
+ However, your own subpolicies need to be stored in
+ <filename>/etc/crypto-policies/policies/modules</filename> (unless they
+ are packaged). Name the subpolicy file
+ <filename><replaceable>MODULE</replaceable>.pmod</filename>, where
+ <replaceable>MODULE</replaceable> is the name of the subpolicy. The file
+ name needs to be spelled in uppercase letters and without spaces.
+ </para>
+
+ <example xml:id="ex-crypto-policy-subpolicy">
+ <title>Removing support for RSA and PSK key exchanges</title>
+ <para>
+ The following example shows you how to create a subpolicy which removes
+ support for RSA and PSK key exchanges from the
+ <literal>DEFAULT</literal> policy. Both key exchanges do not provide
+ forward secrecy, which means they cannot make sure that session keys
+ are not compromised in case long-term secrets used in the key exchange
+ session are compromised.
+ </para>
+ <procedure>
+ <step>
+ <para>
+ In <filename>/etc/crypto-policies/policies/modules/</filename>
+ create a new file, named <filename>NO-RSA-PSK.pmod</filename>.
+ </para>
+<screen>&prompt.root;<command>touch</command> /etc/crypto-policies/policies/modules/NO-RSA-PSK.pmod</screen>
+ </step>
+ <step>
+ <para>
+ Add the following line to the file and save it afterwards:
+ </para>
+<screen>key_exchange = -RSA -PSK</screen>
+ <para>
+ Now you can apply the newly created subpolicy to one of the
+ predefined policies.
+ </para>
+ </step>
+ <step>
+ <para>
+ Assuming the current system-wide policy is
+ <literal>DEFAULT</literal> and you want to apply the newly created
+ subpolicy to <literal>DEFAULT</literal>:
+ </para>
+<screen>&prompt.root;<command>update-crypto-policies --set DEFAULT:NO-RSA-PSK</command></screen>
+ </step>
+ <step>
+ <para>
+ Double-check if the subpolicy has been added to
+ <literal>DEFAULT</literal>:
+ </para>
+<screen>&prompt.root;<command>update-crypto-policies --show</command>
+DEFAULT:NO-RSA-PSK</screen>
+ </step>
+ <step>
+ <para>
+ Reboot the machine to apply the system-wide policy adjustment to
+ the applications:
+ </para>
+<screen>&prompt.root;<command>reboot</command></screen>
+ </step>
+ </procedure>
+ </example>
+ </sect1>
+ <sect1>
+ <title>Creating a new policy from scratch</title>
+
+ <para>
+ Instead of customizing an existing crypto-policy with a subpolicy you can
+ also decide to write a new policy from scratch. You can use any of the
+ predefined policies in
+ <filename>/usr/share/crypto-policies/policies/</filename> as a starting
+ point. However, your own policy file needs to be stored in
+ <filename>/etc/crypto-policies/policies/</filename>. Name your file
+ <filename><replaceable>MY_POLICY</replaceable>.pol</filename>, where
+ <replaceable>MY_POLICY</replaceable> is the name of the policy. Make sure
+ the policy file is owned by &rootuser; and is not writable by
+ non-privileged users.
+ </para>
+
+ <example xml:id="ex-crypto-policy-custom">
+ <title>Creating a new policy and applying it</title>
+ <para>
+ The following example shows you how to create a new policy based on the
+ <literal>DEFAULT</literal> policy.
+ </para>
+ <procedure>
+ <step>
+ <para>
+ Copy the <literal>DEFAULT</literal> policy to
+ <filename>/etc/crypto-policies/policies/</filename> and rename it:
+ </para>
+<screen>&prompt.root;<command>cp</command> /usr/share/crypto-policies/policies/DEFAULT.pol /etc/crypto-policies/policies/<replaceable>MY_POLICY</replaceable>.pol</screen>
+ </step>
+ <step>
+ <para>
+ Edit the policy as desired and save it.
+ </para>
+ </step>
+ <step>
+ <para>
+ Switch the system to the new policy:
+ </para>
+<screen>&prompt.root;<command>update-crypto-policies --set</command> MY_POLICY</screen>
+ </step>
+ <step>
+ <para>
+ Reboot the machine to apply the new policy to the applications and
+ running services:
+ </para>
+<screen>&prompt.root;<command>reboot</command></screen>
+ </step>
+ <step>
+ <para>
+ Double-check if the policy is active:
+ </para>
+<screen>&prompt.root;<command>update-crypto-policies --show</command>
+MY_POLICY</screen>
+ </step>
+ </procedure>
+ </example>
+ </sect1>
+</chapter>