This article was originally interpreted after the sharing session titled “Development and Practice of State secret Technology” at alibaba Cloud Developer Conference 2021, open source operating system Community and Ecology sub-forum. AnolisOS is a national secret technology solution developed by the community on AnolisOS. Interested developers in the industry are welcome to participate in the OpenAnolis community and contribute to the basic software ecosystem in China.

Speaker:

Yang Yang: senior technical expert of ant group, leading the development of BabaSSL and the only OpenSSL maintainer in China, involved in drafting and promoting the internationalization of RFC8998 standard.

Zhang Tianjia: Ali Cloud technology expert, mainly responsible for the development and application of state secret technology on AnolisOS, and participated in the implementation of state secret algorithm in libgcrypt and SM2 algorithm in Linux kernel.

Let’s go back to the scene:

origin

When it comes to cryptographic algorithms, you must be familiar with MD5, AES, RSA and other general international standard algorithms, which are also the cryptographic algorithms commonly adopted by us at present. They have a wide range of applications in data security, communication, blockchain and many other fields.

As we all know, these algorithm standards are developed abroad, which in some cases will have adverse effects on domestic information security. Now powerful countries and even some large companies have developed their own algorithm standards.

As the name implies, national secret is the localization of cryptography algorithm, like other fields, the localization of cryptography algorithm has been overwhelming, it is also something we must do. China’s secret algorithm provides a new choice for us, in the case of necessary can choose to replace the international mainstream algorithm, especially the present international trade conflicts, technology blockade of environment, large-scale promotion and USES the algorithm to the domestic important network infrastructure to provide reliable data security.

Introduction of the dense

Who am I? Where am I from

State Secret is a colloquial term. The official name is The State Commercial Password, abbreviated as Shang Secret, and the pinyin abbreviation is SM, which is also the source of the name of the specific algorithm in the state secret standard. State secret is a commercial cryptographic technology that does not involve state secrets.

The national secret standards are completely formulated by the China Cryptography Administration, and the main technical implementation is basically completed by domestic developers, which is very beneficial to get rid of the dependence of foreign cryptography technology and products.

Where to go

Since 2012, SM2/3/4 of the standard reporting, dense ecological basic technology in a current countries are gradually maturing stage, but the domestic password based software in USES the algorithm still is in a state of fragmentation, for example, we often can see all kinds of the name of the individual or organization open source support countries close algorithm library; In addition, these open source projects do not do a good job of security updates and community activity. The promotion of state secrets still requires the joint efforts of developers and users of basic software in China.

On January 1, 2020, the Password Law of the People’s Republic of China was officially implemented, regulating the application and management of national commercial passwords from the legal level, which also provides necessary legal guarantee for the promotion and application of state secrets.

Comparison with international algorithms

Here is a comparison of the national secret algorithm and the international general algorithm, and a basic situation of the national secret can be seen intuitively:

For various commonly used international algorithm types, such as symmetric algorithm, public key algorithm and message digest algorithm, the national secret standard defines the corresponding national secret algorithm with the same function. For example, SM4 provides the same encryption strength as AES and supports various encryption modes. SM2 is a public key algorithm based on elliptic curve, and defines asymmetric encryption and decryption, digital signature, and key exchange standards. Compared with RSA, SM2 has shorter keys, but supports higher encryption intensity. SM3 is a message digest algorithm standard defined by national secret. The digest length is fixed at 256 bits and the strength is the same as SHA256.

In addition to the basic algorithm, the national security standard also defines the TLCP national security double certificate protocol to support the domestic transport layer security protocol. Here is another good news. In March this year, TLS1.3+ Certificate protocol was officially recognized by the international standard and released in RFC8998 standard, which means that we can choose to use the complete national secret suite in TLS1.3 protocol. At present, we are also contacting regular browser manufacturers to support the implementation and application of this standard.

At the same time, the NATIONAL secret also defines the X509 certificate using the national secret algorithm, using the SM3 hash algorithm, SM2 algorithm as the digital signature, the certificate type is SM2-with-SM3.

For developers, GMI offers the option of smooth migration from the international common algorithm. In addition, there are some other algorithm standards, which are not commonly used, such as SM9, ZUC algorithm.

BabaSSL lived and died

BabaSSL is a national secret cryptographic library that is compatible with OpenSSL 1.1.1, and was born as a national secret cryptographic algorithm solution.

BabaSSL is based on the merger of previous versions of OpenSSL from Ant Group and Alibaba Group, and is open source for the first time. BabaSSL stands for: a smart, light and reliable library of cryptography and SSL/TLS tools.

BabaSSL’s green logo, based on ali’s orange and Ant’s blue, means that we want BabaSSL to be a flexible, small and robust base cryptography library.

BabaSSL is now widely used within Alibaba Group and Ant Group. In a specific scenario, storage, network, and local devices are involved. Among them, the network service scenario is the biggest support scenario of BabaSSL, such as Taobao, Tmall, Ali Cloud and other server side involving link encryption. In addition, mobile apps, such as Alipay mobile App, integrate BabaSSL to realize a variety of cryptography capabilities.

Open source

BabaSSL has been open source since October last year. Currently, the code is hosted on OpenAnolis. The current open source version is 8.2.0, which is our latest stable version.

BabaSSL in ali internal use version now and there exist certain differences between open source version, we are currently in the internal version features gradually migrated to open on the open source version, eventually become a unified open source version, then ali internal also depends entirely on the open source version, and will not retain the internal closed source version.

features

The following are the main features of BabaSSL in the latest stable release 8.2.0:

  • Based on OpenSSL 1.1.1, it has all the capabilities of OpenSSL 1.1.1 and remains compatible
  • SM2, SM3, and SM4 are supported, and SM2 capabilities lacking in OpenSSL 1.1.1, such as X509 certificate issuing and authentication, are completed
  • GM/T 0024 and TLCP TLS protocol
  • Support RFC 8998: TLS 1.3+ national secret certificate
  • Provides IETF with Delegated Credentials in the standardization process
  • Support for IETF QUIC API underlying cryptography capabilities
  • More complete SM2 algorithm support, such as X.509 certificate issuance, verification support
  • Applying for the software password module level I qualification

Compared with the OpenSSL

Here are some interesting differences between BabaSSL and older cryptographic libraries like OpenSSL:

Some of the main differences can be seen:

BabaSSL adopts an aggressive strategy to quickly follow up on new cryptography standards, such as delegated Credentials and Compact TLS, which are being standardized in IETF. OpenSSL is relatively conservative because the OpenSSL community’s policy is to implement only published international and national standards in principle. BabaSSL will provide more in-depth and extensive support for state secret algorithms, state secret protocols, state secret regulatory compliance, deep integration of cloud computing vendors, and localized hardware, while OpenSSL provides limited support. BabaSSL has no historical burden on ease of use, so it can provide a much simpler API than OpenSSL’s is more complex. For resource-constrained embedded devices, BabaSSL plans for volume tailoring and memory usage, while OpenSSL explicitly does not.

The future planning

This is a future version planning and feature support for subsequent BabaSSL, basically every six months, covering a variety of new cryptographic technology support, including the implementation of several DRAFTS of IETF RFC, the support of local hardware and future support for cutting-edge technologies such as post-quantum cryptography and homomorphic encryption:

  • Support MPK
  • Encrypted SNI
  • Compressed Certificate
  • Compact TLS
  • SM algorithm optimization
  • Support domestic CPU state secret algorithm instruction set
  • Volume clipping and memory usage optimization
  • Tink API
  • ZUC, SM9
  • PQC
  • Homomorphic encryption algorithm

National secret ecological framework

Everything is ready, and with the support of the basic national secret algorithm, we can build a basic software ecosystem around the national secret algorithm. This is a vertical scene of national secret ecology, which is also our national secret ecological architecture on AnolisOS. Meanwhile, it is also a full-stack national secret solution: from the bottom firmware, kernel, to the basic cryptography library, national secret transformation is made on the main link, and finally a complete security trust chain based on national secret is formed.

On the right side of the figure are some vertical national secret application scenarios, such as SecureBoot, IMA, kernel module signature, file integrity verification, etc.

So far, we have supported the national secret algorithm in the Linux kernel, BabaSSL, libgcrypt, Gnulib and other mainstream basic components. This part of the work has been returned to the upstream open source community, interested developers can directly use or as a reference. These features will also be first exported to AnolisOS, leading to an OS that supports national security out of the box.

It can also be seen that there are a lot of software stacks involved in the national secret ecology and various forms. There is still a long way to go to gradually improve this ecology. The international technology blockade of recent years has also given us the determination and motivation to do this.

And now we have all letters, such as sea ray makers have some cooperation, also very welcome the industry interested developers to participate in the community, to do the things together, then we will work in the Anolis function as open source community, inclusive of BMSC openness, continue to supplement the ecological, eventually reach a goal is: The whole security trust chain is completely based on the algorithm of state secrets.

Application of State secret in IMA and Modsign

As we know, cryptography algorithms have always been for security, so let’s look at two examples of specific national secret transformation in the field of security.

IMA is a file integrity measurement framework provided by the Linux kernel to detect whether files have been maliciously tampered with. The purpose of kernel module signature is similar to that of detecting whether a module’s distribution source is trusted. They all provide their own signature tools, which rely on the SM2 signature file capabilities provided by BabaSSL for signing in user mode.

The verification of the file signature is completed in the kernel. Since the kernel cannot directly use the library of the application layer, in order to support the verification of the file signature in the Linux kernel, we have implemented the SM2/3/4 algorithm and the support of the state secret certificate in the kernel to verify whether the signature is legitimate.

Through the transformation of the corresponding software stack, we built the security mechanism of IMA and kernel module signature completely based on the national secret algorithm, which was previously guaranteed by the international algorithm.

Full stack country secret SIG

The following is our full stack state secret SIG on OpenAnolis. We welcome interested developers to participate in the community and contribute to the basic software security in China.

SIG address: openanolis.cn/sig/crypto

Code library: codeup. Openanolis. Cn/codeup/cryp…

Recommended Reading of the Week

  • Exploration and Practice of ant Cloud native Application runtime – ArchSummit Shanghai

  • Introduction to cloud native technology: Exploration and Practice of cloud native open Operation and Maintenance System

  • Help data security: Ant and Intel work together to create verification PPML solutions

  • Finance-level capability becomes the core competitiveness, and service grid drives enterprise innovation

More articles please scan code to pay attention to “financial level distributed architecture” public number