Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement OpenSSH strict key exchange extension #917

Merged
merged 1 commit into from
Dec 21, 2023

Conversation

hpoettker
Copy link
Contributor

Resolves #916

The PR implements the algorithm described in section 1.9 of https://github.com/openssh/openssh-portable/blob/master/PROTOCOL and also follows the changes implemented in the commit openssh/openssh-portable@1edb00c.

All tests are successful. The integration tests work both against the current container and a custom built container with OpenSSH 9.6p1. When run against the latter, the log also show that the resets of sequence numbers are happening, and working correctly as otherwise ChaCha20-Poly1305 should break.

The jsch fork of mwiede also implemented config switches to disable or enforce the strict key exchange extension. But I'm not sure whether it makes sense to maintain such flags long term when OpenSSH itself doesn't have them: mwiede/jsch#461

The Terrapin Scanner referenced in #916 is happy, but I think it only checks whether the additional pseudo-key exchange kex-strict-c-v00@openssh.com is being advertised by the client:

================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-SSHJ_0.18.0

ChaCha20-Poly1305 support:   true
CBC-EtM support:             true

Strict key exchange support: true

==> The scanned peer supports Terrapin mitigations and can establish
    connections that are NOT VULNERABLE to Terrapin. Glad to see this.
    For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
      the vulnerability of a peer by checking the supported algorithms and
      support for strict key exchange. It may falsely claim a peer to be
      vulnerable if the vendor supports countermeasures other than strict key
      exchange.

For more details visit our website available at https://terrapin-attack.com

@hierynomus
Copy link
Owner

Thanks for the PR. It would be great to have some unit and/or integration tests attached!

@hpoettker
Copy link
Contributor Author

hpoettker commented Dec 20, 2023

Yes, I still need to find a good approach for them. 😄

The integration tests cover most of the changes automatically, but the interesting bits only if the openssh version is new enough. I'll have a look whether there is a way to test things specifically, e.g. by assertions on the logs. Unit tests that are not too brittle might be harder.

@codecov-commenter
Copy link

codecov-commenter commented Dec 21, 2023

Codecov Report

Attention: 17 lines in your changes are missing coverage. Please review.

Comparison is base (50c753d) 68.85% compared to head (94fcc96) 68.77%.

Files Patch % Lines
.../java/net/schmizz/sshj/transport/KeyExchanger.java 47.05% 6 Missing and 3 partials ⚠️
...java/net/schmizz/sshj/transport/TransportImpl.java 37.50% 2 Missing and 3 partials ⚠️
...ain/java/net/schmizz/sshj/transport/Converter.java 0.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##             master     #917      +/-   ##
============================================
- Coverage     68.85%   68.77%   -0.09%     
- Complexity     1430     1438       +8     
============================================
  Files           208      208              
  Lines          7574     7602      +28     
  Branches        651      658       +7     
============================================
+ Hits           5215     5228      +13     
- Misses         2012     2019       +7     
- Partials        347      355       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hpoettker
Copy link
Contributor Author

I updated the alpine base image for the integration tests to 3.19.0 so that they now use OpenSSH 9.6. I also added an integration test that makes specific assertions on the logs.

@hierynomus
Copy link
Owner

Great work! I'm going to merge it.

@hierynomus hierynomus merged commit a262f51 into hierynomus:master Dec 21, 2023
4 of 6 checks passed
@hpoettker hpoettker deleted the terrapin branch December 21, 2023 22:20
vladimirlagunov pushed a commit to JetBrains/intellij-deps-sshj that referenced this pull request Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Terrapin Vulnerability CVE-2023-48795
3 participants