[OpenBSD]

Cryptography


Why do we ship cryptography?

In three words: because we can.

The OpenBSD project is based in Canada.

The Export Control List of Canada places no significant restriction on the export of cryptographic software, and is even more explicit about the free export of freely-available cryptographic software. Marc Plumb has done some research to test the cryptographic laws.

Hence the OpenBSD project has embedded cryptography into numerous places in the operating system. We require that the cryptographic software we use be freely available and with good licenses. We do not directly use cryptography with nasty patents. We also require that such software is from countries with useful export licenses because we do not wish to break the laws of any country. The cryptographic software components which we use currently were written in Argentina, Australia, Canada, Germany, Greece, Norway, and Sweden.

When we create OpenBSD releases or snapshots we build our release binaries in free countries to assure that the sources and binaries we provide to users are free of tainting. In the past our release binary builds have been done in Canada, Sweden, and Germany.

OpenBSD ships with Kerberos V included. The codebase we use is the exportable Heimdal release from Sweden. Our X11 source has been extended to make use of Kerberos as well.

OpenBSD was the first operating system to ship with an IPsec stack. We've been including IPsec since the OpenBSD 2.1 release in 1997.

Today cryptography is an important means for enhancing the security of an operating system. The cryptography utilized in OpenBSD can be classified into various aspects, described as follows.

OpenSSH

As of the 2.6 release, OpenBSD contains OpenSSH, an absolutely free and patent unencumbered version of ssh. OpenSSH interoperated with ssh version 1 and had many added features,

Roughly said, we took a free license release of ssh, OpenBSD-ifyed it. About a year later, we extended OpenSSH to also do SSH 2 protocol, the result being support for all 3 major SSH protocols: 1.3, 1.5, 2.0.

Pseudo Random Number Generators

A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:

A PRNG is normally just an algorithm where the same initial starting values will yield the same sequence of outputs. On a multiuser operating system there are many sources which allow seeding the PRNG with random data. The OpenBSD kernel uses the mouse interrupt timing, network data interrupt latency, inter-keypress timing and disk IO information to fill an entropy pool. Random numbers are available for kernel routines and are exported via devices to userland programs. So far random numbers are used in the following places:

Cryptographic Hash Functions

A Hash Function compresses its input data to a string of constant size. For a Cryptographic Hash Function it is infeasible to find:

In OpenBSD MD5, SHA1, and RIPEMD-160 are used as Cryptographic Hash Functions, e.g:

Cryptographic Transforms

Cryptographic Transforms are used to encrypt and decrypt data. These are normally used with an encryption key for data encryption and with a decryption key for data decryption. The security of a Cryptographic Transform should rely only on the keying material.

OpenBSD provides transforms like DES, 3DES, Blowfish and Cast for the kernel and userland programs, which are used in many places like:

Cryptographic Hardware Support

OpenBSD, starting with 2.7, has begun supporting some cryptography hardware such as accelerators and random number generators.

If people wish to help with writing drivers, come and help us.

International Cryptographers Wanted

Of course, our project needs people to work on these systems. If any non-American cryptographer who meets the constraints listed earlier is interested in helping out with embedded cryptography in OpenBSD, please contact us.

Further Reading

A number of papers have been written by OpenBSD team members, about cryptographic changes they have done in OpenBSD. The postscript versions of these documents are available as follows.