SSHJ FIPS support

[ajit-pawar-sp]

Hi,

When Linux system is FIPS enabled, while connecting using sshj client, getting NPE. When FIPS is disabled, we can successfully establish ssh connection. Please suggest.

2021-02-24 14:27:34,672 INFO [net.schmizz.sshj.transport.TransportImpl] (default task-7) Client identity string: SSH-2.0-SSHJ_0.27.0 2021-02-24 14:27:34,773 INFO [net.schmizz.sshj.transport.TransportImpl] (default task-7) Server identity string: SSH-2.0-OpenSSH_7.4 2021-02-24 14:27:34,829 ERROR [net.schmizz.sshj.transport.TransportImpl] (reader) Dying because - null: java.lang.NullPointerException at net.schmizz.sshj.transport.kex.AbstractDHGex.parseGexReply(AbstractDHGex.java:89) at net.schmizz.sshj.transport.kex.AbstractDHGex.next(AbstractDHGex.java:58) at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:364) at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503) at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159) at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79) at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231) at net.schmizz.sshj.transport.Reader.run(Reader.java:59) 2021-02-24 14:27:34,830 INFO [net.schmizz.sshj.transport.TransportImpl] (reader) Disconnected - UNKNOWN 2021-02-24 14:27:34,834 ERROR [net.schmizz.concurrent.Promise] (default task-7) <> woke to: net.schmizz.sshj.transport.TransportException

[hierynomus]

It might be that for FIPS you would require a different version of BouncyCastle to handle the encryption. Not sure actually, I know there is a FIPS certified version of it.

[antaln]

I am currently evaluating sshj for use with BouncyCastle's FIPS providers:

fips.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider
fips.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider fips:BCFIPS
fips.provider.3=sun.security.provider.Sun

See list of provider facilities.

So far I found the following issues:

• BouncyCastle's FIPS provider cannot coexist with BouncyCastle's non-FIPS provider.
• BouncyCastle's FIPS provider does not offer MD5 since it's not FIPS-approved, which fails the registerSecurityProvider (although both DH and MD5 would exist in sun.security.provider.Sun)
• By above, the SSHJ code under bouncyCastleRegistered condition (e.g. DefaultConfig) will be skipped (e.g. setFileKeyProviderFactories, which basically precludes use of any kind of key-based authentication).
• In FIPS mode, list of allowed cryptographic primitives would need to be restricted. For reference, this is the list for openssh FIPS security policy from vanilla CentOS 8.3:

  Ciphers aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
  MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
  GSSAPIKeyExchange no
  KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512

  I'll see about tackling some of these issues.

EDIT: qualified the origin of the openssh FIPS-restricted settings.

[WorkDayHeyHey]

I was able to access a FIPS machine, using the workaround I wrote yesterday. I'm just looking to see if this is being worked on currently. The clean and useful way to address this would be for me to provide a patch.

https://github.com/hierynomus/sshj/issues/526#issuecomment-895576566