enable hmac-sha2-256, hmac-sha2-512 MAC algorithms

Bug #1409798 reported by Richard Hansen on 2015-01-12
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dropbear (Debian)
Fix Released
Unknown
dropbear (Ubuntu)
Medium
Unassigned
Trusty
Medium
Brian Murray
Utopic
Medium
Brian Murray

Bug Description

[Impact]

Since version 2013.56, dropbear has supported the hmac-sha2-256 and hmac-sha2-512 MAC algorithms. However, until version 2015.67 (released 2015-01-28), they have not been enabled by default. According to the dropbear changelog, enabling them is a matter of uncommenting the following two lines in options.h:

    /*#define DROPBEAR_SHA2_256_HMAC*/
    /*#define DROPBEAR_SHA2_512_HMAC*/

Due to recent NSA revelations, some people are recommending users disable certain algorithms. If the recommendations at <https://stribika.github.io/2015/01/04/secure-secure-shell.html> are followed, there are no MAC algorithms left that dropbear supports unless hmac-sha2-256 and hmac-sha2-512 are enabled.

[Test Case]

 Setup steps:
  1. install dropbear and openssh-client:
       sudo apt-get install dropbear openssh-client
  2. if you have openssh-server installed, stop it:
       sudo service ssh stop
  3. make sure that the dropbear service is enabled by editing
     /etc/default/dropbear and setting the NO_START variable to 0 like
     this:
       NO_START=0
  4. start the dropbear service:
       sudo service dropbear start

 Test steps:
  5. try the hmac-sha2-256 MAC:
       ssh -o UserKnownHostsFile=/dev/null \
           -o MACs=hmac-sha2-256 localhost
  6. try the hmac-sha2-512 MAC:
       ssh -o UserKnownHostsFile=/dev/null \
           -o MACs=hmac-sha2-512 localhost

 Cleanup steps:
  7. stop the dropbear service:
       sudo service dropbear stop
  8. if you edited /etc/default/dropbear to enable the dropbear
     service, disable it again by editing /etc/default/dropbear and
     setting the NO_START variable to 1 like this:
       NO_START=1
  9. if you stopped the OpenSSH server, restart it:
       sudo service ssh start

[Regression Potential]

  * Upstream recently enabled these algorithms by default (version
    2015.67 released 2015-01-28), so it is believed they are ready for
    production use. The code implementing these hash algorithms has
    not changed since 2013.56, so enabling these algorithms for
    Trusty (based on 2013.60) should be as safe as enabling them for
    Utopic (based on 2014.65). However, because the code has not been
    enabled by default for long, it has probably not had as much field
    testing and may be more likely to contain compatibility or
    security bugs.
  * SSH clients are likely to prefer the new MAC algorithms over the
    old MAC algorithms. If either the client or server has an
    implementation bug, the ability to connect may be impaired unless
    the user configures the client to disallow the new algorithms or
    prefer the old algorithms (e.g., via the ssh_config "MACs"
    directive in OpenSSH).
  * The new MAC algorithms may negatively impact performance.

Related branches

Richard Hansen (rhansen) wrote :

Attached are debdiffs for trusty and utopic/vivid.

Richard Hansen (rhansen) wrote :

I have uploaded patched packages to my PPA:

https://launchpad.net/~a7x/+archive/ubuntu/bug1409798

Richard Hansen (rhansen) on 2015-01-12
Changed in dropbear (Debian):
importance: Undecided → Unknown
status: New → Unknown

The attachment "debdiff for trusty" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Changed in dropbear (Debian):
status: Unknown → New
Changed in dropbear (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
tags: added: trusty utopic vivid
Chris J Arges (arges) wrote :

Thanks for the patch!
Sponsored for Vivid with a minimal change in the version. Please test after it becomes available in the archive.
After this we can push it into Utopic/Trusty following the SRU process:
https://wiki.ubuntu.com/StableReleaseUpdates
--chris

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dropbear - 2014.65-1ubuntu2

---------------
dropbear (2014.65-1ubuntu2) vivid; urgency=medium

  * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
 -- Richard Hansen <email address hidden> Wed, 04 Feb 2015 16:11:03 -0600

Changed in dropbear (Ubuntu):
status: Triaged → Fix Released
Richard Hansen (rhansen) on 2015-02-07
description: updated

They're enabled by default in 2015.67

Cheers,
Matt

On 7 February 2015 7:03:43 pm AWST, Richard Hansen <email address hidden> wrote:
>** Description changed:
>
>+ [Impact]
>+
> Since version 2013.56, dropbear has supported the hmac-sha2-256 and
> hmac-sha2-512 MAC algorithms, but they are disabled by default.
> According to the dropbear changelog, enabling them is a matter of
> uncommenting the following two lines in options.h:
>
>- /*#define DROPBEAR_SHA2_256_HMAC*/
>- /*#define DROPBEAR_SHA2_512_HMAC*/
>+     /*#define DROPBEAR_SHA2_256_HMAC*/
>+     /*#define DROPBEAR_SHA2_512_HMAC*/
>
> Due to recent NSA revelations, some people are recommending users
> disable certain algorithms. If the recommendations at
> <https://stribika.github.io/2015/01/04/secure-secure-shell.html> are
>followed, there are no MAC algorithms left that dropbear supports
>unless
> hmac-sha2-256 and hmac-sha2-512 are enabled.
>+
>+ [Test Case]
>+
>+ Setup steps:
>+ 1. install dropbear and openssh-client:
>+ sudo apt-get install dropbear openssh-client
>+ 2. if you have openssh-server installed, stop it:
>+ sudo service ssh stop
>+ 3. make sure that the dropbear service is enabled by editing
>+ /etc/default/dropbear and setting the NO_START variable to 0
>like
>+ this:
>+ NO_START=0
>+ 4. start the dropbear service:
>+ sudo service dropbear start
>+
>+ Test steps:
>+ 5. try the hmac-sha2-256 MAC:
>+ ssh -o UserKnownHostsFile=/dev/null \
>+ -o MACs=hmac-sha2-256 localhost
>+ 6. try the hmac-sha2-512 MAC:
>+ ssh -o UserKnownHostsFile=/dev/null \
>+ -o MACs=hmac-sha2-512 localhost
>+
>+ Cleanup steps:
>+ 7. stop the dropbear service:
>+ sudo service dropbear stop
>+ 8. if you edited /etc/default/dropbear to enable the dropbear
>+ service, disable it again by editing /etc/default/dropbear and
>+ setting the NO_START variable to 1 like this:
>+ NO_START=1
>+ 9. if you stopped the OpenSSH server, restart it:
>+ sudo service ssh start
>+
>+ [Regression Potential]
>+
>+ * Due to being disabled by default upstream, the implementations of
>+ the new MAC algorithms are probably not as well tested as the old
>+ MAC algorithms. This may increase the likelihood of
>compatibility
>+ or security bugs.
>+ * SSH clients are likely to prefer the new MAC algorithms over the
>+ old MAC algorithms. If either the client or server has an
>+ implementation bug, the ability to connect may be impaired unless
>+ the user configures the client to disallow the new algorithms or
>+ prefer the old algorithms (e.g., via the ssh_config "MACs"
>+ directive in OpenSSH).
>+ * The new MAC algorithms may negatively impact performance.
>
>--
>You received this bug notification because you are subscribed to
>dropbear in Ubuntu.
>https://bugs.launchpad.net/bugs/1409798
>
>Title:
> enable hmac-sha2-256, hmac-sha2-512 MAC algorithms
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/ubuntu/+source/dropbear/+bug/1409798/+subscriptions

Richard Hansen (rhansen) wrote :

> They're enabled by default in 2015.67

Great! I updated the description.

description: updated
Richard Hansen (rhansen) wrote :

Attached is an updated debdiff for trusty, identical to the tip commit on the lp:~a7x/ubuntu/trusty/dropbear/bug1409798 bzr branch.

Richard Hansen (rhansen) wrote :

Attached is an updated debdiff for utopic, identical to the tip commit on the lp:~a7x/ubuntu/utopic/dropbear/bug1409798 bzr branch.

Changed in dropbear (Ubuntu Trusty):
status: New → Triaged
Changed in dropbear (Ubuntu Utopic):
status: New → Triaged
Changed in dropbear (Ubuntu Trusty):
importance: Undecided → Medium
Changed in dropbear (Ubuntu Utopic):
importance: Undecided → Medium
Brian Murray (brian-murray) wrote :

I've uploaded this to the Trusty and Utopic SRU queues.

Changed in dropbear (Ubuntu Trusty):
status: Triaged → In Progress
Changed in dropbear (Ubuntu Utopic):
status: Triaged → In Progress
Changed in dropbear (Ubuntu Trusty):
assignee: nobody → Brian Murray (brian-murray)
Changed in dropbear (Ubuntu Utopic):
assignee: nobody → Brian Murray (brian-murray)

Hello Richard, or anyone else affected,

Accepted dropbear into utopic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dropbear/2014.65-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in dropbear (Ubuntu Utopic):
status: In Progress → Fix Committed
tags: added: verification-needed
Changed in dropbear (Ubuntu Trusty):
status: In Progress → Fix Committed
Timo Aaltonen (tjaalton) wrote :

Hello Richard, or anyone else affected,

Accepted dropbear into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/dropbear/2013.60-1ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed-trusty verification-needed-utopic
removed: verification-needed
Richard Hansen (rhansen) on 2015-02-14
tags: added: verification-done-trusty verification-done-utopic
removed: verification-needed-trusty verification-needed-utopic
Richard Hansen (rhansen) wrote :

I added a plain verification-done tag in case there are scripts/queries that won't find this bug without it.

tags: added: verification-done
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dropbear - 2014.65-1ubuntu1.1

---------------
dropbear (2014.65-1ubuntu1.1) utopic; urgency=medium

  * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
 -- Richard Hansen <email address hidden> Wed, 04 Feb 2015 16:11:03 -0600

Changed in dropbear (Ubuntu Utopic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for dropbear has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dropbear - 2013.60-1ubuntu2.1

---------------
dropbear (2013.60-1ubuntu2.1) trusty; urgency=medium

  * Enable hmac-sha2-256 and hmac-sha2-512 MAC algorithms (LP: #1409798)
 -- Richard Hansen <email address hidden> Wed, 04 Feb 2015 16:11:03 -0600

Changed in dropbear (Ubuntu Trusty):
status: Fix Committed → Fix Released
Changed in dropbear (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.