-
Notifications
You must be signed in to change notification settings - Fork 361
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use Mina SSH client in a FIPS constrained environment #590
Comments
PR #589 |
I'm not a fan of yet another system property. There's too many already. I see three things:
|
The one for using BCFIPS instead of BC will be complicated to not have.
Definitely agree with that. SecureRandom is even compatible with FIPS.
not sure to follow. do you mean some new method in
I don;t have real need for this, I just need something working when using |
No. The The My suggestion was to factor out the encrypted key handling into a separate parser, which would implement Re: ServiceLoader: seems simpler than using ThreadUtils and manual class loading. Java has a mechanism to such things, so why not use it. (It's another area of the code that I don't quite get why we have it at all. What's the problem with ServiceLoader that prompted the creation of these home-grown thread utils?) |
I kinda agree, but maybe this should be done as part of another issue, including some bigger refactoring.
I don't have the history here. But there could be plenty of classloader issues (OSGI?). |
Re: property: If I understand it right, the BC classes are there (with the same package names), but the provider name is not BC but BCFIPS? If so, all we have to do is:
Then we don't need a property for this. Re: ServiceLoader and OSGi: ServiceLoader in an environment where there are partitioned classloaders (like OSGi, or Plexus classworlds) can be made to work. In OSGi, a very simple approach is to place services in fragments for the host bundle (org.apache.sshd.osgi in that case). Classes in fragments get put on the bundle's class path and are accessible via the normal BundleClassloader, so they will be found. We use that in JGit extensively. Otherwise, using an SPI bridge like SPI Fly is an option. Using ThreadUtils and manual classloading doesn't prevent these problems. I'd go with ServiceLoader for a possible override, and otherwise silently fall back to JceRandom if the BC random cannot be used.
|
Decouple the registrar name from the security provider name. Also check whether the BC RandomGenerator exists at all; in BC-FIPS, it doesn't.
Decouple the registrar name from the security provider name. Also check whether the BC RandomGenerator exists at all; in BC-FIPS, it doesn't.
Decouple the registrar name from the security provider name. Also check whether the BC RandomGenerator exists at all; in BC-FIPS, it doesn't.
PR #591 perhaps explains better what I have in mind. |
Decouple the registrar name from the security provider name. In the BouncyCastleSecurityRegistrar, check also for BCFIPS if regular BC cannot be found. Also check whether the BC RandomGenerator exists at all; in BCFIPS, it doesn't.
(Off-topic) Just noticed: using the bc-fips JAR in an OSGi environment might be difficult. I don't see any OSGi headers in the MANIFEST.MF. Plus the version number is unrelated to the normal BC. (BC also has LTS versions of the regular bundles that again use different version numbers, which might also pose some challenges in OSGi.) The general idea in PR #591 is that the BTW; in https://github.com/jenkinsci/mina-sshd-api-plugin/pull/114/files#diff-9f68200faaabb5a0022f5eaa9de98ae4f9136bb2b6a766d698b8bc47203ad698R48 I notice two things:
|
I didn't check but I would not rely on BC and BCFIPS using the same classes (BCRandon is already different :))
Sounds good. And no real need of ServiceLoader.
|
I'm not using OSGI so I can't test but agree this might be a problem.
? not sure to understand.
I would rather stay with BC FIPS which is definitely registered as FIPS compliant. I don't think I will test #591 (thanks for this) |
Override canExtractKeyPairs so that we don't even try the parser if BC is not registered. The decryption is implemented only for Bouncy Castle because many Java versions have various bugs and limitations regarding PBES2.
Decouple the registrar name from the security provider name. In the BouncyCastleSecurityRegistrar, check also for BCFIPS if regular BC cannot be found. Also check whether the BC RandomGenerator exists at all; in BCFIPS, it doesn't.
Add a flag in SecurityUtils to enable FIPS mode. In FIPS mode, algorithms known to be not FIPS-compliant are had disabled and not available. The BouncyCastleSecurityRegistrar only considers bc-fips, and the SunJCESecurityRegistrar and the EdDSASecurityRegistrar are disabled. The ChaCha20-Poly1305 cipher is disabled, ed25519 signatures are disabled, the bcrypt KDF used in OpenSSH-format encrypted private keys[1] is disabled, and the curve25519 and curve448 key exchange methods are disabled. Also disabled is the post-quantum sntrup761x25519-sha512 key exchange method. These disabled algorithms are not approved in FIPS 140. The flag can be set via a system property or by calling SecurityUtils.setFipsMode(). The system property is "org.apache.sshd.security.fipsEnabled" and takes the boolean value "true". Any other value does not enable FIPS mode. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
Add a flag in SecurityUtils to enable FIPS mode. In FIPS mode, algorithms known to be not FIPS-compliant are had disabled and not available. The BouncyCastleSecurityRegistrar only considers bc-fips, and the SunJCESecurityRegistrar and the EdDSASecurityRegistrar are disabled. The ChaCha20-Poly1305 cipher is disabled, ed25519 signatures are disabled, the bcrypt KDF used in OpenSSH-format encrypted private keys[1] is disabled, and the curve25519 and curve448 key exchange methods are disabled. Also disabled is the post-quantum sntrup761x25519-sha512 key exchange method. These disabled algorithms are not approved in FIPS 140. The flag can be set via a system property or by calling SecurityUtils.setFipsMode(). The system property is "org.apache.sshd.security.fipsEnabled" and takes the boolean value "true". Any other value does not enable FIPS mode. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
Decouple the registrar name from the security provider name. In the BouncyCastleSecurityRegistrar, check also for BCFIPS if regular BC cannot be found. Also check whether the BC RandomGenerator exists at all; in BCFIPS, it doesn't.
Add a flag in SecurityUtils to enable FIPS mode. In FIPS mode, algorithms known to be not FIPS-compliant are had disabled and not available. The BouncyCastleSecurityRegistrar only considers bc-fips, and the SunJCESecurityRegistrar and the EdDSASecurityRegistrar are disabled. The ChaCha20-Poly1305 cipher is disabled, ed25519 signatures are disabled, the bcrypt KDF used in OpenSSH-format encrypted private keys[1] is disabled, and the curve25519 and curve448 key exchange methods are disabled. Also disabled is the post-quantum sntrup761x25519-sha512 key exchange method. These disabled algorithms are not approved in FIPS 140. The flag can be set via a system property or by calling SecurityUtils.setFipsMode(). The system property is "org.apache.sshd.security.fipsEnabled" and takes the boolean value "true". Any other value does not enable FIPS mode. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
Add a flag in SecurityUtils to enable FIPS mode. In FIPS mode, algorithms known to be not FIPS-compliant are had disabled and not available. The BouncyCastleSecurityRegistrar only considers bc-fips, and the SunJCESecurityRegistrar and the EdDSASecurityRegistrar are disabled. The ChaCha20-Poly1305 cipher is disabled, ed25519 signatures are disabled, the bcrypt KDF used in OpenSSH-format encrypted private keys[1] is disabled, and the curve25519 and curve448 key exchange methods are disabled. Also disabled is the post-quantum sntrup761x25519-sha512 key exchange method. These disabled algorithms are not approved in FIPS 140. The flag can be set via a system property or by calling SecurityUtils.setFipsMode(). The system property is "org.apache.sshd.security.fipsEnabled" and takes the boolean value "true". Any other value does not enable FIPS mode. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
PR #591 is merged. |
Version
2.13.2
Bug description
When using using registar created for BCFIPS (which means any BC classes are available within the class path).
I got
I tried to "trick" it :) using the name BC here https://github.com/jenkinsci/mina-sshd-api-plugin/pull/114/files#diff-5440105bdcdf53b86acce84166b9884f497eb6908da1d68b82ec974aa0fd83e1R45
But turns into:
But the idea is to make this random factory more configurable.
Actual behavior
see bug description
Expected behavior
Able to use BouncyCastle FIPS
Relevant log output
No response
Other information
No response
The text was updated successfully, but these errors were encountered: