[strongSwan] charon unmet dependency on native android build

Nathan Bahr nbahr at atcorp.com
Thu May 25 01:37:19 CEST 2017 

Hello,

I've been trying to cross compile strongswan to run on android natively 
and I am having trouble starting the charon daemon.

The output I get is (I get the same log output if I do ipsec start 
instead of executing charon directly):

root at kltetmo:/ # charon
00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, Linux 3.4.0, armv7l)
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet 
dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' 
has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon' 
has unmet dependency: HASHER:HASH_SHA1
00[LIB] failed to load 3 critical plugin features
00[DMN] initialization failed - aborting charon

I made a standalone toolchain from the latest ndk (14b) targeting armv7a 
on api 23.

This is my configure command:

./configure \
CFLAGS="-march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16 -mthumb 
-Wl,--fix-cortex-a8 -fPIC" LDFLAGS="-fPIE -pie -llog" \
--build=x86_64-linux-gnu \
--host=arm-linux-androideabi \
--target=arm-linux-androideabi \
--with-sysroot=/tmp/myarmtc/sysroot \
--with-piddir=/etc/strongswan/run \
--with-ipsecdir=/system/bin \
--prefix= \
--bindir=/system/bin \
--sbindir=/system/bin \
--libdir=/etc/strongswan \
--with-plugindir=/etc/strongswan/plugins \
--with-strongswan-conf=/etc/strongswan.conf \
--enable-android-log \
--enable-monolithic

(By the way, I had to add the -llog flag to LDFLAGS because 
--enable-android-log didn't do it for me automatically, not sure if that 
is an issue or I have something set up wrong.)

So on the device, I am installing all the executables and the scripts to 
/system/bin and using /etc/strongswan for the libraries. Configuration 
is going to the standard /etc locations.

I am doing a make install with DESTDIR set to a staging area and 
everything looks good there, they are getting installed to the same 
locations on the device.

I am using the same conf files that were generated from the make 
install, so strongswan.conf has load_modular = yes and includes all the 
plugin conf files. Each plugin conf file has load = yes.

All the other executables seem to load ok, just running with --help to 
test loading libraries. For example this is the output of pki:

root at kltetmo:/ # pki --help
strongSwan 5.5.2 PKI tool
loaded plugins: aes des rc2 sha2 sha1 md5 random x509 revocation pkcs1 
pkcs7 pkcs8 pkcs12 dnskey sshkey pem gmp hmac
usage:
....

I have tried removing the --enable-monolithic flag and plugins located 
in /etc/strongswan/plugins, however, this changes nothing for charon and 
adds additional errors.

This is the output of pki without monolithic build:

root at kltetmo:/ # pki --help
plugin 'aes' failed to load: dlopen failed: cannot locate symbol 
"memwipe_noinline" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-aes.so"...
plugin 'des' failed to load: dlopen failed: cannot locate symbol 
"memwipe_noinline" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-des.so"...
plugin 'rc2' failed to load: dlopen failed: cannot locate symbol 
"memwipe_noinline" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-rc2.so"...
plugin 'random' failed to load: dlopen failed: cannot locate symbol 
"dbg" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-random.so"...
plugin 'x509' failed to load: dlopen failed: cannot locate symbol 
"chunk_empty" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-x509.so"...
plugin 'revocation' failed to load: dlopen failed: cannot locate symbol 
"lib" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-revocation.so"...
plugin 'pkcs1' failed to load: dlopen failed: cannot locate symbol "lib" 
referenced by "/system/etc/strongswan/plugins/libstrongswan-pkcs1.so"...
plugin 'pkcs7' failed to load: dlopen failed: cannot locate symbol 
"chunk_empty" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-pkcs7.so"...
plugin 'pkcs8' failed to load: dlopen failed: cannot locate symbol 
"chunk_empty" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-pkcs8.so"...
plugin 'pkcs12' failed to load: dlopen failed: cannot locate symbol 
"chunk_empty" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-pkcs12.so"...
plugin 'dnskey' failed to load: dlopen failed: cannot locate symbol 
"lib" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-dnskey.so"...
plugin 'sshkey' failed to load: dlopen failed: cannot locate symbol 
"lib" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-sshkey.so"...
plugin 'pem' failed to load: dlopen failed: cannot locate symbol "lib" 
referenced by "/system/etc/strongswan/plugins/libstrongswan-pem.so"...
plugin 'gmp' failed to load: dlopen failed: library "libgmp.so" not found
plugin 'hmac' failed to load: dlopen failed: cannot locate symbol 
"chunk_empty" referenced by 
"/system/etc/strongswan/plugins/libstrongswan-hmac.so"...
strongSwan 5.5.2 PKI tool
loaded plugins: sha2 sha1 md5
usage:
....

I have LD_LIBRARY_PATH=/etc/strongswan/ipsec, where the libstrongswan.so 
is located, which as far as I can tell is where those symbols should be 
located.

If I unset LD_LIBRARY_PATH the executable fails to run at all.

This is the same for all the other executables, they seem ok with 
--enable-monolithic but fail with missing symbols without it.

I have verified that my kernel is built with all the required features 
baked into the kernel.

I saw something online about random device problems causing similar 
errors in charon, so I tried to rebuild with --disable-random set, but 
that did nothing.

I am not sure what to try next or really what could be causing this 
problem anymore.

Thanks.

More information about the Users mailing list