Opened 6 years ago

Closed 6 years ago

#10043 closed enhancement (implemented)

Logging of HW Engines is incomplete in crypto.c

Reported by: jbdatko Owned by:
Priority: Low Milestone: Tor: 0.2.5.x-final
Component: Core Tor/Tor Version: Tor: 0.2.4.17-rc
Severity: Keywords: logging tor-relay engine
Cc: nickm@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Logging of algorithms, when HardwareAccel is used, is incomplete. Based on a brief discussion on tor-dev [1], I'm submitting the following patch to improve the logging features. The reason behind this patch is that I was trying to debug my OpenSSL engine (cryptodev) and was confused that it was only offering DH and RSA acceleration (because the current version didn't log all the algorithms).

I cross referenced the tor spec and I believe I've capture the list of algorithms that tor uses. I don't believe (and I very well could be wrong) that tor uses 3DES in ECB mode, but may use it CBC mode for TLS.

Lastly, I changed the cipher logging string to be more specific as just saying "AES" is ambiguous as to the mode.

For reference, see attached txt file on how the info logging looks with HardwareAccel turned on.

Josh

[1] https://lists.torproject.org/pipermail/tor-dev/2013-October/005677.html

Child Tickets

Attachments (2)

info.txt (1.4 KB) - added by jbdatko 6 years ago.
Info level output with the patch
engine_log.patch (1.5 KB) - added by jbdatko 6 years ago.
Patch for enhanced engine logging

Download all attachments as: .zip

Change History (6)

Changed 6 years ago by jbdatko

Attachment: info.txt added

Info level output with the patch

comment:1 Changed 6 years ago by nickm

Keywords: tor-relay added; tor removed
Milestone: Tor: 0.2.5.x-final
Status: newneeds_review

Looks good to me. Are there separate engines for ECDHE in different groups? If so we should log P224 and P256 specifically. Also, if there's a possibility of an engine for AES in CTR or GCM mode, we should probably log that too.

comment:2 in reply to:  1 Changed 6 years ago by jbdatko

Replying to nickm:

Looks good to me. Are there separate engines for ECDHE in different groups? If so we should log P224 and P256 specifically. Also, if there's a possibility of an engine for AES in CTR or GCM mode, we should probably log that too.

I had looked for a way get the details on the curves, but I didn't see a way that was available. I'll take a more in depth look tomorrow and update the patch to include the other AES modes you mentioned. I'm assuming that it's AES-128-CTR and AES-256-GCM.

Changed 6 years ago by jbdatko

Attachment: engine_log.patch added

Patch for enhanced engine logging

comment:3 Changed 6 years ago by jbdatko

I added the extra logging for the other ciphers. After reviewing the OpenSSL engine API, I don't believe one can get the same level of information for the "get_default" series. (i.e. RSA, DH, ECDSA, ECDH). I think this because the default series is the same algorithm, but with different parameters (DH, Curves, etc...).

It would be nice to know the specific parameters implemented in an engine, but there does not seem to be a general method to do this (AFAIK).

comment:4 Changed 6 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

Thanks! I've applied this as 84458b79a78ea7e26820bf09a3b916acf59a62f3.

Note: See TracTickets for help on using tickets.