libmd - Message Digest Library

Add a libmd to the Solaris Cryptographic Framework.

Status

ARC Case#	PSARC/2005/426
ARC Case Submitter	Darren Moffat
ARC Case Owner	Darren Moffat
ARC Status	closed approved fast-track 2005-07-26
Code Status	Integrated into snv_38 on 2006-03-28

Background

Solaris currently has a libmd5 that provides the simple MD5Init(),
MD5Update(), MD5Final() interface. There is no such simple interface
for the other common message digests functions. Instead applications
must call the PKCS#11 library instead or use the OpenSSL libcrypto
library. The PKCS#11 library has too much setup overhead for
applications that are only use digest functions and have no other
cryptographic needs.

Other systems have a libmd that provides MD4, MD5, SHA1, SHA2 with the
simple Init, Update, Final interface. Some freely available software
assumes that a libmd with that interface exists.

Soliar has message digest implementations that are optimized for Sun
platforms (SPARC & AMD64) it is best if we can have third party
software (and other software in the consolidation and the WOS) use the
optimized versions without requiring them to use PKCS#11 if they only
need a message digest algorithm.

Proposal

This case proposes to introduce libmd.so.1 with support for MD4, MD5, SHA1,
and SHA2. Other digest algorithms such as RIPEMD maybe added in a future
case.

MD4 is not cryptographically secure by modern standards and has known
weaknesses however it is required by the CHAP authentication in ppp and is
also used by vold (in a non cryptographic way).

This case also creates parity between the kernel and userland for the
simple digest algorithms since MD5, SHA1, and SHA2 are available via
the simple interfaces as well as the crypto_digest*() interfaces
provided by misc/kcf.

This case does not provide HMAC interfaces for the digests as applications
that have those needs also have key handling and other cryptographic
requirements and should use PKCS#11 or OpenSSL instead.

This case delivers the following:

Exported Interfaces

Interface	Stability	Comments
--
/lib/libmd.so.1	Stable	SUNWcsl *
/lib/64/libmd.so.1	Stable	SUNWcsl *
--
MD4Init, MD4Update, MD4Final	Stable	<md4.h>
MD4_CTX
--
SHA1Init, SHA1Update, SHA1Final	Stable	<sha1.h>
SHA1_CTX
--
SHA2Init, SHA2Update, SHA2Final	Stable	<sha2.h>
SHA2_CTX
--
SHA256Init, SHA256Update,	Stable	<sha2.h>
SHA256Final, SHA256_CTX
--
SHA384Init, SHA384Update,	Stable	<sha2.h>
SHA384Final, SHA384_CTX
--
SHA512Init, SHA512Update,	Stable	<sha2.h>
SHA512Final, SHA512_CTX
--
<sha1.h>	Stable	SUNWhea
<sha2.h>	Stable	SUNWhea
<md4.h>	Stable	SUNWhea
<md5.h>	Stable	SUNWhea
--
/platform/sun4u/lib/libmd_psr.so.1	Project Private	SUNWcar
/platform/sun4v/lib/libmd_psr.so.1	Project Private	SUNWcar

Location and functionality is Stable.
  The APIs are defined by the following standards:
  MD4 RFC1320.
  MD5 RFC 1321.
  SHA1 RFC 3174.
  SHA-256, SHA-384, SHA-512 FIPS 180-2

The new libmd must live in /lib rather than /usr/lib since it replaces
the functionality of libmd5 which is currently in /lib due to its consumers.

The following Solaris binaries will be updated to use this new libmd instead
of libmd5 and/or their own private copies of MD4 and SHA1.

- - /usr/bin/bart
  - /usr/bin/pppd
  - /usr/sbin/vold
  - /usr/lib/$ISA/libsmedia.so.1
  - /lib/$ISA/libnsl.so.1
  - /lib/$ISA/libbsm.so.1
  - /usr/lib/libelfsign.so.1
  - /usr/lib/security/$ISA/pkcs11_softtoken{_extra}.so.1
  - /usr/lib/security/$ISA/crypt_bsdmd5.so.1
  - /usr/lib/security/$ISA/crypt_sunmd5.so.1
  - /usr/lib/inet/xntpd
  - /usr/lib/$ISA/libsasl.so.1
    
    This case removes the delivery of the $PLATFORM libraries for libmd5 and
    libmd5 becomes a filter library on libmd. The new libmd will have
    $PLATFORM libaries for sun4u and sun4v, and may use $HWCAP for x86
    if suitable optimisations using $HWCAP features are found.

Reference

materials/libmd.spec

materials/libmd.3lib

Tags:

Created by admin on 2009/10/26 12:13

Last modified by admin on 2009/10/26 12:13