Bug 2070604

Summary: [RFE] Add support for sntrup761x25519-sha512@openssh.com Kex in OpenSSH [rhel-9.1.0]
Product: Red Hat Enterprise Linux 9 Reporter: Pablo Mendez Hernandez <pmendezh>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: low Docs Contact: Mirek Jahoda <mjahoda>
Priority: medium    
Version: 9.1CC: hkario, mjahoda, omoris
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20220404-1.git845c0c1.el9 Doc Type: Enhancement
Doc Text:
.`crypto-policies` now support `sntrup761x25519-sha512@openssh.com` This update of the system-wide cryptographic policies adds support for the `sntrup761x25519-sha512@openssh.com` key exchange (KEX) method. The post-quantum `sntrup761` algorithm is already available in the OpenSSH suite, and this method provides better security against attacks from quantum computers. To enable `sntrup761x25519-sha512@openssh.com`, create and apply a subpolicy, for example: ---- # echo 'key_exchange = +SNTRUP' > /etc/crypto-policies/policies/modules/SNTRUP.pmod # update-crypto-policies --set DEFAULT:SNTRUP ---- For more information, see the link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#customizing-system-wide-cryptographic-policies-with-subpolicies_using-the-system-wide-cryptographic-policies[Customizing system-wide cryptographic policies with subpolicies] section in the RHEL 9 Security hardening document.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 11:12:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2070610    

Description Pablo Mendez Hernandez 2022-03-31 14:00:17 UTC 
Description of problem:

It'd be very convenient to be able to have 'sntrup761x25519-sha512'
as a Kex algorithm.

OpenSSH already has support for it the version shipped in RHEL 9.0 and
will be the default in the next OpenSSH version (>8.9) as per:

https://github.com/openbsd/src/commit/0726d1207d0c034cb9acde3ff0b12c3afc772e37


Version-Release number of selected component (if applicable):


How reproducible:

Always.


Steps to Reproduce:
1. Try to connect using that Kex algorithm:
$ ssh -vvv -o KexAlgorithms=sntrup761x25519-sha512 ${DESTINATION}


Actual results:

. . .
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512,ext-info-c
. . .
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
. . .
debug1: kex: algorithm: (no match)
Unable to negotiate with ${DESTINATION} port 22: no matching key exchange method found. Their offer: curve25519-sha256,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512


Expected results:

. . .
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512,ext-info-c
. . .
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,sntrup761x25519-sha512
. . .
debug1: kex: algorithm: sntrup761x25519-sha512
. . .


Additional info:
Comment 13 errata-xmlrpc 2022-11-15 11:12:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8279