[FFe] NTRU Plugin Missing in Focal

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1863749

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

I'm not spotting an obvious notation in debian/changelog for dropping the ntru package, but I'm guessing there was a reason, since this clearly did exist in the xenial and bionic packages. Subscribing ubuntu-server for now for further investigation as time permits, but if anyone can ascertain the Debian history of this and report on this bug, then we can re-triage and prioritize accordingly.

In an effort to synchronize between Debian and Ubuntu we got many things enabled and packaged in Debian that were only in Ubuntu before. But at the same time we disabled several plugins that are not enabled by default and also unused according to bug/usage reports in the past.

So dropping this one was intentional.

@Lenovator - could I ask you to make a clear case why this should be added and what it provides over all the other algorithms. Once that is clear and reasonable it can be added back for sure.

The best (if that is ok for you) would be if you could report that to Debian so we can sync that discussion between Ubuntu/Debian right away. If you happen to file a bug there instead of explaining here (which is also find, then I'd carry it over) please report the bug number that you filed.

Hmm, there was no feedback yet.
I've read into the topic a bit and will try to start the discussion and make a case for this.
I'll report the bug that I opened once I did so.

But please as you seem to really use it feel free to chime in there.

Old placement in Ubuntu:
root@e:~# dpkg -S /usr/lib/ipsec/plugins/libstrongswan-ntru.so
libstrongswan-extra-plugins: /usr/lib/ipsec/plugins/libstrongswan-ntru.so

Old

d/control content:
  - ntru (key exchanged based on post-quantum computer NTRU)
d/rules:
--enable-ntru
d/libstrongswan-extra-plugins.install:
-usr/lib/ipsec/plugins/libstrongswan-ntru.so
-usr/share/strongswan/templates/config/plugins/ntru.conf
-etc/strongswan.d/charon/ntru.conf

Reported to Debian as https://salsa.debian.org/debian/strongswan/-/merge_requests/8 to discuss it there as well.

@lenovator - No matter if this becomes Ubuntu Delta or if we change it elsewhere, if you could add some words about a great use-case or its importance that would still help.

We are past feature freeze, so this needs to become a Feature Freeze Exception bug if we still want this in focal.

Actually for any upgrader re-enabling NTRU would be the no-feature-change.
That we dropped it was the change.

Never the less, as soon as we have a good example why it would help we can add an FFe to stick to the official Process.

Thanks for filing - seems like something we should definitely do, so please go ahead.

Thanks Iain.

Also added an MP for team review
=> https://code.launchpad.net/~paelzer/ubuntu/+source/strongswan/+git/strongswan/+merge/380194

Found an older discussion while talking to the Debian maintainer.
He is still unsure about enabling, but (instead of the old mass-enabling) this is a single case with an isolated use-case and reason so I want us to have it back.

Along NTRU there is also Bliss to make other bits of strongswan "quantum safe". Lets re-enable that as well.

This is a bit of a lottery, in the life-cycle of 20.04 ntru/bliss might become important then it is great to have it. Maybe it doesn't but then not a lot is lost.

FYI: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803787 Shows that there are more users asking for it implying that there is a real use case for Ubuntu users.

Enabling the bliss Plugin is probably not such a good idea. There is a potential local side-channel attack on strongSwan's BLISS implementation (https://eprint.iacr.org/2017/505).

The ntru plugin should be fine. However, using NTRU with IKEv2 is not standardized (uses an algorithm identifiers from the private use range etc.).

Multiple IKEv2 protocol extensions are currently being developed, for instance, additional exchanges to use fragmentation during the key exchange or using multiple and more generic key exchanges, in particular, post-quantum key encapsulation mechanisms (KEM, of which most have quite large public keys). The latter (plus signature algorithms) are currently being standardized by NIST (https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization) and versions of NTRU are among the contenders in round 2 (https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions). BLISS is not, but CRYSTALS-DILITHIUM is designed by the same people. It might be a while until strongSwan supports the protocol extensions (there is a branch with a partial implementation) and especially the new algorithms (we currently use the liboqs library in said branch, https://github.com/open-quantum-safe/liboqs/).

This bug was fixed in the package strongswan - 5.8.2-1ubuntu2

---------------
strongswan (5.8.2-1ubuntu2) focal; urgency=medium

  * re-add post-quantum computer signature scheme (BLISS) and encryption
    algorithm (NTRU) as well as the dependent nttfft library (LP: #1863749)
    - d/control: mention plugins in package description
    - d/rules: enable ntru and bliss at build time
    - d/libstrongswan-extra-plugins.install: ship config and shared objects

 -- Christian Ehrhardt <email address hidden> Wed, 04 Mar 2020 07:54:26 +0100

thanks for adding NTRU back; my old config is working again!

Thanks Tobias, yes I'll keep NTRU and remove BLISS then.
Thanks for the detailed explanation!

See bug 1866765

FYI - I also pinged the related Debian bug about it, such great info should be known in all places.