Opened 13 months ago

Last modified 13 months ago

#28326 new enhancement

Tor Browser for PPC64LE

Reported by: power9 Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm here to request a Tor Browser for Debian to get compiled for ppc64le architecture.
Power architecture is the only open hardware, so i think it's important for a project like Tor to support this architecture, avoiding potential backdoor on closed system.

The follow link could probably be usefull for build it correctly
https://www.talospace.com/2018/09/more-power-in-firefox-62.html
https://www.talospace.com/2018/10/patches-needed-for-firefox-63.html

If you need a ppc64le machine it will provided a cloud access for free, ask to https://twitter.com/RaptorCompSys for building and testing Tor Browser

No secure comunications is really secure on closed system, so to support an open architecture should be a priority for a project who looking for a digital freedom

Child Tickets

Change History (17)

comment:1 Changed 13 months ago by gk

Component: - Select a componentApplications/Tor Browser
Keywords: tbb-rbm added
Owner: set to tbb-team
Priority: Very HighMedium

comment:2 Changed 13 months ago by teor

Tor doesn't support PPC, because its MUL instruction is not constant-time.
It's really hard to write secure crypto without a constant-time MUL.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms

comment:3 in reply to:  2 Changed 13 months ago by gk

Replying to teor:

Tor doesn't support PPC, because its MUL instruction is not constant-time.
It's really hard to write secure crypto without a constant-time MUL.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms

Good to know. FWIW: there are Debian packages for that platform, though.

comment:4 Changed 13 months ago by power9

That's mean we never see Tor Browser on PPC?

Last edited 13 months ago by power9 (previous) (diff)

comment:5 in reply to:  4 Changed 13 months ago by teor

Replying to gk:

Replying to teor:

Tor doesn't support PPC, because its MUL instruction is not constant-time.
It's really hard to write secure crypto without a constant-time MUL.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms

Good to know. FWIW: there are Debian packages for that platform, though.

That's fine: Tor is open-source, so Debian can maintain a PPC build of Tor if they want.

We just won't put any effort into Tor on PPC, because:

If (nearly?) all users on a platform are insecure, it's also good candidate for Rejected.

PPC (The MUL instruction isn't constant-time, thus many common cryptographic operations on these systems are subject to even the most trivial side-channel attacks.)

Replying to power9:

That's mean we never see Tor Browser on PPC?

The Tor Browser team can maintain a PPC build of Tor if they want. But PPC has trivial cryptographic side-channel attacks. So a PPC Tor Browser might not meet Tor Browser's security standards.

Edit: spacing

Last edited 13 months ago by teor (previous) (diff)

comment:6 Changed 13 months ago by gk

https://bearssl.org/ctmul.html has some more information.

comment:7 in reply to:  6 Changed 13 months ago by power9

Replying to gk:

https://bearssl.org/ctmul.html has some more information.

The ppc in that list are older cpu, i'm not an expert but i think the latest power9 cpu shouldn't suffer from this security problem

comment:8 in reply to:  6 Changed 13 months ago by tpearson-raptor

Replying to gk:

https://bearssl.org/ctmul.html has some more information.

The listed CPUs are very old. POWER9 has constant time multiplication via the mulhd/mulhdu and mulld instructions (min latency 5, max latency 5); POWER8 has constant time multiplication via the vmul<xxx> instructions (latency 7, no variance).

See the POWER8 processor user guide [1], Performance Profile section and the POWER9 processor user guide [2], Appendix A for details.

[1] https://www.setphaserstostun.org/power8/POWER8_UM_v1.3_16MAR2016_pub.pdf
[2] https://wiki.raptorcs.com/w/images/8/89/POWER9_um_OpenPOWER_v20GA_09APR2018_pub.pdf

Last edited 13 months ago by tpearson-raptor (previous) (diff)

comment:9 Changed 13 months ago by tpearson-raptor

https://bearssl.org/ctmul.html has been updated, we officially have constant time multiplication listed!

Are there any other blockers to getting this support going?

comment:10 in reply to:  4 ; Changed 13 months ago by ppc64le

Replying to gk:

Replying to teor:

Tor doesn't support PPC, because its MUL instruction is not constant-time.
It's really hard to write secure crypto without a constant-time MUL.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms

Good to know. FWIW: there are Debian packages for that platform, though.

 Debian 9 regrettably removes support for the following architecture:

    PowerPC (powerpc) 

The following are the officially supported architectures for Debian 9:

    64-bit little-endian PowerPC (ppc64el) 

Replying to power9:

That's mean we never see Tor Browser on PPC?

Yes.

comment:11 in reply to:  10 Changed 13 months ago by tpearson-raptor

Replying to ppc64le:

Replying to gk:

Replying to teor:

Tor doesn't support PPC, because its MUL instruction is not constant-time.
It's really hard to write secure crypto without a constant-time MUL.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms

Good to know. FWIW: there are Debian packages for that platform, though.

 Debian 9 regrettably removes support for the following architecture:

    PowerPC (powerpc) 

The following are the officially supported architectures for Debian 9:

    64-bit little-endian PowerPC (ppc64el) 

Replying to power9:

That's mean we never see Tor Browser on PPC?

Yes.

As I mentioned above, we do have constant time multiplication on ppc64le, plus ppc64le is a Debian supported architecture. Can we get Tor for ppc64le even if old 32-bit ppc is not supported?

Last edited 13 months ago by tpearson-raptor (previous) (diff)

comment:12 in reply to:  9 Changed 13 months ago by teor

Replying to tpearson-raptor:

https://bearssl.org/ctmul.html has been updated, we officially have constant time multiplication listed!

Thanks, I have updated Tor's supported platforms document:
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms?action=diff&version=18

Note: this is the support document for Tor (the network daemon), not Tor Browser (the app).

Replying to tpearson-raptor:

Replying to ppc64le:

...
The following are the officially supported architectures for Debian 9:

64-bit little-endian PowerPC (ppc64el)

...

As I mentioned above, we do have constant time multiplication on ppc64le, plus ppc64le is a Debian supported architecture. Can we get Tor for ppc64le even if old 32-bit ppc is not supported?

I think you might be asking about Tor Browser (the application).

Tor Browser depends on both tor (the network daemon) and firefox:

Debian already has Tor for ppc64el in stable:
https://packages.debian.org/search?keywords=tor&searchon=names&exact=1&suite=all&section=all

But firefox is only in unstable:
https://packages.debian.org/search?keywords=firefox&searchon=names&exact=1&suite=all&section=all

I'll leave it to gk to answer for Tor Browser.

comment:13 Changed 13 months ago by power9

Debian as Tor Browser do use firefox esr, it is available on stretch, buster and sid for ppc64le

https://packages.debian.org/search?suite=all&section=all&arch=any&searchon=names&keywords=firefox-esr

So firefox esr is on ppc64le debian, tor too, the mul is correctly supported on current power. So for the technical point of view is ok.
You wrote some post ago tor project can mantain a ppc64le build, now it seems is just depend on tor project will

comment:14 Changed 13 months ago by gk

Well, this is no trivial task (as you will see once starting to work on it). In fact, there are wishes for other platforms/architectures having a Tor Browser as well (see: #12631 for ARM devices). We don't have the resources right now to work those, though, on our own. However, as you see in #12631 there are folks that pick this up from time to time and we are amenable including it in our official build infrastructure once patches are ready. So, please step up and help us here.

comment:15 Changed 13 months ago by power9

If i had resources and knowledge my first post request was about looking for other people not a brand new request.

Someone of you wrote some post before "The Tor Browser team can maintain a PPC build of Tor if they want" now you wrote the opposite, i'm confuse, i still do not understand if you really can't support it or if you don't want to

comment:16 in reply to:  15 Changed 13 months ago by teor

Replying to power9:

Someone of you wrote some post before "The Tor Browser team can maintain a PPC build of Tor if they want" now you wrote the opposite, i'm confuse, i still do not understand if you really can't support it or if you don't want to

If someone else writes patches, and those patches are good, we will merge the patches, and Tor Browser will be built for PPC.

Here are the details:

You might be confused because Tor Browser and Tor are different things. They are maintained by different teams, and they have different support policies.

To answer your question, different people needed to talk about supporting both Tor and Tor Browser on PPC. That's why you can see different people talking about different options on this ticket.

We don't have the people we need to support PPC:

  • The Tor Browser team does not have time to make patches for PPC Tor Browser. But they will build PPC Tor Browser if someone else writes patches.
  • The Tor team does not have any time to make patches for PPC Tor, or any way to test those patches. But if someone writes a patch that is obviously correct, we will merge it.

If both these things happen, then the Tor Browser team can build a PPC Tor Browser.

comment:17 Changed 13 months ago by power9

Thank you for the explanation.
I hope someone will make the patches, let's cross the fingers

Note: See TracTickets for help on using tickets.