Jump to: navigation, search

Security/Kilo/Keystone

< Security‎ | Kilo

This page documents security related details for the Keystone project in the OpenStack Kilo release.

Implemented Crypto

Keystone doesn't have an home-brewed encryption implementations, everything is used from Python Standard libraries or third party libraries.

Used Crypto

Libraries

Encryption Algorithms

Algorithm Purpose Configurable Implementation Details Source
AES Memcache backend encryption No PyCrypto
  • Optionally used for encrypting the token backend.
  • keystoneclient.middleware.memcache_crypt.py
RSA PKI token signing Yes OpenSSL
  • 2048, sha1 defaults
  • Configurable via openssl.conf.
  • Keys/Certs can be created outside of Keystone and dropped into place.
  • keystone.common.openssl.py
  • keystoneclient.common.cms.py

Hashing Algorithms

Algorithm Purpose Configurable Implementation Details Source
md5 Token hashing No hashlib
  • Hash is used as an internal identifier in the token backend.
  • The data being hashed is the entire cryptographically signed token (which uses the configured signing key). The chance for collisions should be low.
  • keystoneclient.utils.py
  • keystoneclient.common.cms.py
sha1 S3 credentials No hashlib
  • Used for signature validation of S3 credentials.
  • Required for S3 compatibility, so it can't be configurable.
  • keystone.contrib.s3.core.py
sha1 OAuth1 No oauthlib
  • Used for signature validation of OAuth1 tokens.
  • Keystone only uses the HMAC-SHA1 signature for OAuth1 tokens (as described in RFC 5849).
  • OAuth support can be disabled.
  • Likely uses hashlib for the actual algorithm.
  • keystone.contrib.oauth1.core.py
  • keystone.contrib.oauth1.verifier.py
sha256 EC2 tokens No hashlib
  • Required for EC2 compatibility, so it can't be configurable.
  • keystone.credential.controllers.py
  • keystone.common.utils.py
  • keystoneclient.contrib.ec2.utils.py
sha384 Memcache signing No hashlib
  • Used for signing and verification when memcache encryption is enabled.
  • keystoneclient.middleware.memcache_crypt.py
sha512 Password hashing No PassLib
  • The algorithm is non-configurable, but the number of rounds is configurable via CONF.crypt_strength (default=40000).
  • keystone.common.utils.py

Sensitive Data

Keys/Certificates

  • PKI signing key - Protected via filesystem ownership/permissions.
  • SSL/TLS key - Protected via filesystem ownership/permissions.

Passwords

  • SSL/TLS must be enabled in Keystone to prevent clients from sending passwords over the network in clear-text.
  • Strict password checking is performed prior to hashing. If it is set to true, the operation will fail with an HTTP 403 Forbidden error; if it is set to false, passwords are automatically truncated to the predefined maximum length.
    • Configurable via CONF.strict_password_check (default=False)
    • Configurable via CONF.identity.max_password_length (default=4096)
  • SQL Identity
    • Password hashes are stored in SQL database.
    • SSL/TLS can be used to protect the connection to the database.
  • LDAP Identity
    • SSL/TLS must be used for connections to LDAP to prevent Keystone from sending passwords over the network in clear-text.

Tokens

  • Signed tokens are stored in their entirety in one of the following backends:
    • KVS
    • Memcached
      • Ephemeral storage.
      • Able to use AES encryption and sha384 signing.
    • SQL (default)
      • Persistent storage.
      • SSL/TLS can be used to protect the connection to the database.
  • Expired tokens are not automatically removed from the backend. The "keystone-manage token_flush" command should be used to periodically remove expired tokens (via cron).

Potential Improvements

  • Allow all hashing schemes to be configurable where not restricted by compatibility requirements (such as S3 and EC2)
  • The use of md5 for token hashing is the biggest concern, as it's use is discouraged (or disallowed in the case of FIPS). Changes are in progress to make this configurable in Juno. The default should be sha256 if possible.
  • Allow support for LDAP SASL bind methods(such as DIGEST-MD5 and GSSAPI).
  • Allow other forms of external authentication to avoid using passwords (Kerberos, SAML).

Notable changes since Juno

  •  ?