Bug 439985 - opeswan IKEv2 responder fails when encr=aes and dh=modp1024
opeswan IKEv2 responder fails when encr=aes and dh=modp1024
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openswan (Show other bugs)
5.2
All All
urgent Severity medium
: rc
: ---
Assigned To: Paul Wouters
Martin Jenner
:
Depends On:
Blocks: 253764
  Show dependency treegraph
 
Reported: 2008-04-01 04:24 EDT by IBM Bug Proxy
Modified: 2008-05-21 11:29 EDT (History)
6 users (show)

See Also:
Fixed In Version: RHBA-2008-0395
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 11:29:07 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
log from eal5 (initiator) (28.73 KB, text/plain)
2008-04-01 04:24 EDT, IBM Bug Proxy
no flags Details
log from elm3a58 (responder) (105.03 KB, text/plain)
2008-04-01 04:24 EDT, IBM Bug Proxy
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
IBM Linux Technology Center 43674 None None None Never

  None (edit)
Description IBM Bug Proxy 2008-04-01 04:24:38 EDT
=Comment: #0=================================================
TYLER C. HICKS <tchicks@us.ibm.com> - 2008-03-31 19:05 EDT
---Problem Description---
openswan IKEv2 fails to negotiate a SA when using aes as the encryption
algorithm and modp1024 as the Diffie-Hellman group.
 
Contact Information = Tyler Hicks <tyhicks@linux.vnet.ibm.com>
 
---uname output---
Linux eal5.ltc.austin.ibm.com 2.6.18-86.el5 #1 SMP Tue Mar 18 18:19:47 EDT 2008
i686 i686 i386 GNU/Linux
Linux elm3a58.beaverton.ibm.com 2.6.18-86.el5 #1 SMP Tue Mar 18 18:19:59 EDT
2008 x86_64 x86_64 x86_64 GNU/Linux
 
Machine Type = eal5: x335
elm3a58: x3455
 
---Debugger---
A debugger is not configured
 
---Steps to Reproduce---
eal5's /etc/ipsec.conf:
-----------------------------------------------------------------
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        plutodebug="all"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

conn aes-modp1024
        left=9.3.190.198
        right=9.47.66.58
        ike=aes-md5-modp1024,aes-sha1-modp1024
        ikev2=insist
        authby=secret
        auto=add
-----------------------------------------------------------------

elm3a58's /etc/ipsec.conf:
-----------------------------------------------------------------

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        # klipsdebug=none
        plutodebug="all"
        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
        protostack=netkey
        nat_traversal=yes

conn aes-modp1024
        left=9.3.190.198
        right=9.47.66.58
        ikev2=insist
        authby=secret
        auto=add
-----------------------------------------------------------------

steps to recreate:
-----------------------------------------------------------------
[root@eal5 ~]# ipsec auto --verbose --up aes-modp1024
002 "aes-modp1024" #1: initiating v2 parent SA
133 "aes-modp1024" #1: STATE_PARENT_I1: initiate
002 "aes-modp1024" #1: transition from state STATE_IKEv2_START to state
STATE_PARENT_I1
133 "aes-modp1024" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
-----------------------------------------------------------------

It seems that by default, as a responder openswan doesn't include
aes-ANY_HASH-modp1024 in its default list of possible algorithm combinations. 
If the "ike=aes-md5-modp1024,aes-sha1-modp1024" line is added to elm3a58's
/etc/ipsec.conf, then the SA is negotiated successfully.

With regards to RFC 4307, since modp1024 is a MUST- and aes_cbc is a SHOULD+, it
seems like openswan should honor the request to use the combination by default
(without having to add ike= line to the config).
 
---Security Component Data---
Userspace tool common name: openswan

The userspace tool has the following bit modes: both

Userspace rpm: openswan-2.6.09-1.el5
Comment 1 IBM Bug Proxy 2008-04-01 04:24:42 EDT
Created attachment 299867 [details]
log from eal5 (initiator)
Comment 2 IBM Bug Proxy 2008-04-01 04:24:44 EDT
Created attachment 299868 [details]
log from elm3a58 (responder)
Comment 3 Paul Wouters 2008-04-01 11:40:54 EDT
Thank you for this bug report. You are right. We will address this issue
Comment 7 Steve Grubb 2008-04-09 17:10:03 EDT
openswan-2.6.11-1.el5 was built to resolve this problem.
Comment 9 Paul Wouters 2008-04-09 17:25:38 EDT
I don't think 2.6.11 will address this issue? Since we do not yet have the
aes-XXX in our proposals (to suggest or accept)
Comment 10 IBM Bug Proxy 2008-04-09 18:08:49 EDT
------- Comment From tchicks@us.ibm.com 2008-04-09 18:06 EDT-------
I just ran the test again with 2.6.11 and it doesn't address this bug.
Comment 13 Paul Wouters 2008-04-17 14:48:21 EDT
aes-*-modp1024 has been added to the default responder policy database in
2.6.12, which we will release shortly. That should resolve this item.
Comment 14 Linda Wang 2008-04-22 09:27:47 EDT
http://www.openswan.org/download/development/openswan-2.6.12.tar.gz
http://www.openswan.org/download/development/openswan-2.6.12.tar.gz.asc

From the CHANGES file:

v2.6.12
* Add aes-*-modp1024 proposals to default responder policy db [antony]
  This is bug https://bugzilla.redhat.com/show_bug.cgi?id=439985
* Fix for ikev1 continuation segfault (only the first helper's continuations
  were cleaned up properly (eg. on dpd, sa expires..) [Anthony Tong]
* Redid fix for leftsourceip/rightsourceip getting deleted [paul]
  This is bug https://bugzilla.redhat.com/show_bug.cgi?id=432821
* As per RFC 4309, use modp2048 as default for PSK with IKEv2 [paul]
  Relates to https://bugzilla.redhat.com/show_bug.cgi?id=441588
* Added workaround for INITIATOR/RESPONDER keys being swapped [herbert]
* Preliminary work to support IKEv2_ENCR_AES_CCM__* algos [paul]
* modprobe the AES ccm kernel module on startup [paul]
Comment 15 Steve Grubb 2008-04-22 14:35:18 EDT
openswan-2.6.12-1.el5 was built to address this problem.
Comment 17 IBM Bug Proxy 2008-04-22 19:08:47 EDT
------- Comment From tchicks@us.ibm.com 2008-04-22 19:04 EDT-------
I have verified that openswan-2.6.12 fixes this bug.
Comment 19 IBM Bug Proxy 2008-04-30 16:16:52 EDT
------- Comment From tchicks@us.ibm.com 2008-04-30 16:10 EDT-------
I verified this bug fix in openswan-2.6.12-2.el5 (snapshot #7) between an i386
and a ppc machine.  Thanks Paul!
Comment 21 errata-xmlrpc 2008-05-21 11:29:07 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0395.html

Note You need to log in before you can comment on or make changes to this bug.