[strongSwan-dev] How to enable chacha20poly1305 support in Android app ?
John WW
wrxzzj at gmail.com
Thu Nov 19 08:49:32 CET 2015
Hi Andreas
Thanks for your information, I will try to upgrade linux kernel
On Thu, Nov 19, 2015 at 1:39 PM, Andreas Steffen
<andreas.steffen at strongswan.org> wrote:
> Hi John,
>
> you need at least a Linux 4.2 kernel for chacha20poly1305 ESP
> to be supported.
>
> Best regards
>
> Andreas
>
>
> On 19.11.2015 03:54, John WW wrote:
>>
>> the left peer running on Linux localhost 4.1.5-x86_64
>>
>> On Thu, Nov 19, 2015 at 10:47 AM, John WW <wrxzzj at gmail.com> wrote:
>>>
>>> Hi Tobias
>>>
>>> Thanks for you reply.
>>> I have pull source from android-chapoly branch, and build it
>>> successfully, But it's failed when I try to establish connection.
>>> I have a Question, To enable chacha20 support, have any system
>>> requirement on left peer ?
>>>
>>> below is my strongswan log
>>>
>>> 02[KNL] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> ................
>>> 02[KNL] 240: 00 00 00 00 01 00 00 00 02 00 01 20 20 00 00 00
>>> ........... ...
>>> 02[KNL] 256: 00 00 00 00 70 00 12 00 72 66 63 37 35 33 39 65
>>> ....p...rfc7539e
>>> 02[KNL] 272: 73 70 28 63 68 61 63 68 61 32 30 2C 70 6F 6C 79
>>> sp(chacha20,poly
>>> 02[KNL] 288: 31 33 30 35 29 00 00 00 00 00 00 00 00 00 00 00
>>> 1305)...........
>>> 02[KNL] 304: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> ................
>>> 02[KNL] 320: 00 00 00 00 00 00 00 00 20 01 00 00 80 00 00 00 ........
>>> .......
>>> 02[KNL] 336: 45 92 EA 40 EB 5E 05 46 6E 09 AF 24 AD 3E 46 5B
>>> E.. at .^.Fn..$.>F[
>>> 02[KNL] 352: F0 7C DF 87 EC 9A BC A5 20 BF 1F 9D E2 FC 76 15 .|......
>>> .....v.
>>> 02[KNL] 368: 4F 78 8D 5F 1C 00 04 00 02 00 11 94 B0 CE 00 00
>>> Ox._............
>>> 02[KNL] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>>> ................
>>> 02[KNL] received netlink error: Function not implemented (38)
>>> 02[KNL] unable to add SAD entry with SPI 0a3c776e
>>> 02[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
>>> 02[ENC] added payload of type NOTIFY to message
>>> 02[IKE] failed to establish CHILD_SA, keeping IKE_SA
>>> 02[KNL] deleting SAD entry with SPI c73657b2 (mark 0/0x00000000)
>>>
>>>
>>> conn android
>>> keyexchange=ikev2
>>> left=%defaultroute
>>> leftauth=pubkey
>>> leftsubnet=0.0.0.0/0
>>> leftfirewall=yes
>>> leftcert=server.cert.pem
>>> leftid="C=CN, O=strongxyz, CN=x.x.x.x"
>>> right=%any
>>> rightid="C=CN, O=strongxyz, CN=android"
>>> rightsourceip=10.7.0.0/24
>>> rightcert=android.client.cert.pem
>>>
>>> ike=aes256ccm128-sha256-modp2048,aes256gcm128-sha256-modp2048,aes256gcm96-sha384-modp2048,aes256ccm96-sha384-modp2048,aes256-sha256-modp2048,aes128-sha256-modp2048,aes128-sha1-modp2048!
>>>
>>> esp=chacha20poly1305,aes128gcm128,aes256gcm128,aes256ccm128-sha256-modp2048,aes256ccm128-sha256-modp2048,aes256gcm128-sha256-modp2048,aes256gcm96-sha384-modp2048,aes256ccm96-sha512-modp2048,aes256-sha256,aes128-sha1-modp2048!
>>> mobike=yes
>>> compress=yes
>>> auto=add
>>>
>>> If I remove 'chacha20poly1305' in esp, all is right
>>>
>>> On Wed, Nov 18, 2015 at 7:00 PM, Tobias Brunner <tobias at strongswan.org>
>>> wrote:
>>>>
>>>> Hi John,
>>>>
>>>>> How can I enable chacha20 in Android app ?
>>>>> is't possible update Android.mk to add chacha20 plugin for support it ?
>>>>
>>>>
>>>> Please have a look at the patches in the android-chapoly branch [1].
>>>>
>>>> Regards,
>>>> Tobias
>>>>
>>>> [1]
>>>>
>>>> https://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/android-chapoly
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks
>
>
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Open Source VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
--
Thanks
More information about the Dev
mailing list