1077641 – Cisco 2811 & OpenSWAN SHA256 truncate bug

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1077641 - Cisco 2811 & OpenSWAN SHA256 truncate bug

Summary: Cisco 2811 & OpenSWAN SHA256 truncate bug

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	openswan
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Paul Wouters
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-18 10:49 UTC by Joe Madden
Modified:	2014-03-18 19:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-03-18 19:36:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Joe Madden 2014-03-18 10:49:56 UTC

Description of problem:
When using OpenSWAN and IPSEC tunnel VPN the system establishes a VPN however no traffic is received or sent. There is no complaint from the OpenSWAN but the cisco router complains off 

CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection

Our Cisco and OpenSWAN configurations are like so:

conn tunnelipsec
        authby=         secret
	auto=		start
	type=		tunnel 
        #RRT
        left=           ###########
        leftsubnet=     ###########
	leftid=		gw.harcc.org.uk
        #SAA
        right=          ########
        rightsubnet=    1######
	keyexchange=	ike
	ike=		aes256-sha2_256!
	phase2=		esp
	phase2alg=	aes256-sha2_256!
	sha2_truncbug=	no


Cisco Configuration:

 crypto isakmp policy 10
 encr aes 256
 hash sha256
 authentication pre-share
 group 2
crypto isakmp key ############# address ############
!
!
crypto ipsec transform-set TS esp-aes 256 esp-sha256-hmac
 mode tunnel
!
!
!
crypto map CMAP 10 ipsec-isakmp
 set peer ##########################
 set transform-set TS
 match address VPN-TRAF

ip access-list extended VPN-TRAF
 permit ip ###########################

!
interface GigabitEthernet0/1
 ip address ###############
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address ###########
 duplex auto
 speed auto
 crypto map CMAP

----

If i configure OpenSWAN like so: 

	sha2_truncbug=	yes

It works and traffic can flow - No Cisco errors are reported. 

----

Version-Release number of selected component (if applicable):
openswan.2.6.32_27.2.el6_5

How reproducible:
Configure VPNs as above and try and send some traffic to the other end

Steps to Reproduce:
1.
2.
3.

Actual results:
VPN establishes but then complains about  
CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection

Expected results:
Vpn establishes and routes traffic

Additional info:

Comment 2 Paul Wouters 2014-03-18 15:59:32 UTC

Interesting, that seems to indicate that the remote cisco also implements a draft version of the SHA2-256 truncation instead of the final RFC version.

It would be good to have the cisco firmware version for documentation purposes.

regardless, you already fixed the problem. The sha2_truncbug=yes option tells the kernel to use the broken non-RFC truncation to interop with the broken device.

So I am not sure why you are reporting this as an openswan bug? From the man page:

       sha2_truncbug
           The default hash truncation for sha2_256 is 128 bits. Linux
           implemented the draft version which stated 96 bits. This option
           enables using the bad 96 bits version to interop with older linux
           kernels (unpatched version 2.6.33 and older) and openswan versions
           before 2.6.38. Currently the accepted values are no, (the default)
           signifying default IETF truncation of 128 bits, or yes, signifying
           96 bits broken Linux kernel style truncation.

Comment 3 Joe Madden 2014-03-18 16:10:43 UTC

Hi there,

Sorry i jumped the gun raising this ticket but as of IOS 15.2 (4) M5 proper SHA256_128 is not supported.

They also have no plan for this to be fixed in IKE V1.



From: Madden, Joe 
Sent: 18 March 2014 14:43
To: Patrick, David J; Patton, Eamonn J; Patton Eamonn (HA) (Eamonn.Patton.gov.uk)
Subject: FW: 629604779 : CISCO2911-SEC/K9 // Error message. No traffic flow

Stuck using 96bit!

Looks like my hunch was right. There VPN uses SHA2_256_96bit

Joe.

From: Suleiman Suleiman -X (sulsulei) [sulsulei] 
Sent: 18 March 2014 14:35
To: Madden, Joe
Cc: attach
Subject: RE: 629604779 : CISCO2911-SEC/K9 // Error message. No traffic flow

Hi Joe,

I can see that RFC4868 is supported but only for Ikev2 and next generation routers,
http://www.cisco.com/c/en/us/support/docs/security/flexvpn/115730-flexvpn-suiteb-00.html

I cannot see any plans to add this for Ikev1 and first generation routers.

Waiting for your feedback
Suleiman

From: Madden, Joe [Joe.Madden] 
Sent: Tuesday, March 18, 2014 4:16 PM
To: Suleiman Suleiman -X (sulsulei)
Cc: attach
Subject: RE: 629604779 : CISCO2911-SEC/K9 // Error message. No traffic flow

Hi Suleiman,

That’s fine, that calcifies why it does not work.

However can you confirm if cisco will ever properly implement RFC4868? As the HMAC-SHA-256-96 is not the correct standard. 

Thanks

Joe.

From: Suleiman Suleiman -X (sulsulei) [sulsulei] 
Sent: 18 March 2014 14:14
To: Madden, Joe
Cc: attach
Subject: RE: 629604779 : CISCO2911-SEC/K9 // Error message. No traffic flow

Hi Joe,

Exactly, I believe that this is the case here, our router is configured to use HMAC-SHA-256-96 while the openswan is using HMAC-SHA-256-128.

Please let me know how you would like to proceed.

Thanks in advance
Suleiman




This can be closed now!

Comment 4 Paul Wouters 2014-03-18 19:36:16 UTC

Thanks for the vendor/firmware information

Note You need to log in before you can comment on or make changes to this bug.