[strongSwan] What am I gonna do?Strongswan cannot recognize the custom af_alg algorithm.

huangjingbo at mail.tsinghua.edu.cn huangjingbo at mail.tsinghua.edu.cn
Sun Mar 22 11:15:32 CET 2020 

Hello. I want to use strongswan to call my own implementation of the af_alg algorithm.
Use of test scenario is af-alg/rw-cert: https://strongswan.org/testresults.html
But every time the client connects, the moon gateway always prompts:

```
09[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (588 bytes)
09[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
09[CFG] selected proposal: ESP:TSR_ECB_128/HMAC_SHA2_256_128/MODP_3072/NO_EXT_SEQ
09[CHD]   using TSR_ECB for encryption
09[CHD] in file sa/ikev2/keymat_v2.c, alg_id = 29
09[KNL] switch (data->enc_alg) 1728 
09[KNL] my debug print enter lookup_algorithm
09[KNL] my debug print list[18].name = tsr_skcipher
09[KNL]   using encryption algorithm TSR_ECB with key size 128
09[KNL] algorithm name = tsr_skcipher
09[KNL] my debug print enter lookup_algorithm
09[KNL] my debug print list[5].name = hmac(sha256)
09[KNL] 2008 before send_ack
09[KNL] received netlink error: Function not implemented (38)
09[KNL] unable to add SAD entry with SPI ca782fc3 (FAILED)
09[KNL] my debug print list[18].name = tsr_skcipher
09[KNL]   using encryption algorithm TSR_ECB with key size 128
09[KNL] algorithm name = tsr(ecb(sm4))0000
09[KNL] my debug print enter lookup_algorithm
09[KNL] my debug print list[5].name = hmac(sha256)
09[KNL] line 2008 before send_ack
09[KNL] received netlink error: Function not implemented (38)
09[KNL] status = 1
09[KNL] unable to add SAD entry with SPI c377672a (FAILED)
09[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
09[IKE] failed to establish CHILD_SA, keeping IKE_SA
09[KNL] deleting policy 192.168.0.100/32 === 10.1.0.0/16 in failed, not found
09[KNL] deleting policy 192.168.0.100/32 === 10.1.0.0/16 fwd failed, not found
09[ENC] generating CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
09[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (68 bytes)
```


The log on carol's end is:
```
#swanctl --initiate --child home 2> /dev/null

loaded connection 'home'
successfully loaded 1 connections, 0 unloaded
14[CFG] vici initiate CHILD_SA 'home'
12[IKE] establishing CHILD_SA home{3}
[IKE] establishing CHILD_SA home{3}
12[ENC] generating CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
[ENC] generating CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
12[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (588 bytes)
[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (588 bytes)
08[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (68 bytes)
08[ENC] parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
08[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
08[IKE] failed to establish CHILD_SA, keeping IKE_SA
[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (68 bytes)
[ENC] parsed CREATE_CHILD_SA response 2 [ N(NO_PROP) ]
[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
[IKE] failed to establish CHILD_SA, keeping IKE_SA
```




## My algorithm 
The algorithm structure I defined is:
```c
struct skcipher_alg  skcipher = {
.base = {
.cra_name = "tsr_skcipher",
.cra_driver_name = "tsr_skcipher",
.cra_blocksize = SM4_BLOCK_SIZE,
.cra_priority = 100,
.cra_flags = CRYPTO_ALG_TYPE_SKCIPHER,
.cra_ctxsize = sizeof(struct crypto_tsr_ctx),
.cra_module = THIS_MODULE,
},
.setkey =  skcipher_setkey,
.encrypt = skcipher_encrypt,
.decrypt = skcipher_decrypt,
.min_keysize = SM4_KEY_LEN,
.max_keysize = SM4_KEY_LEN,
.ivsize = SM4_IV_LEN,
};
```

It can also be loaded successfully in strongswan, as shown below:
```
#swanctl --list-algs

encryption:
  AES_CBC[aes]
  AES_ECB[aes]
  3DES_CBC[des]
  DES_CBC[des]
  DES_ECB[des]
  RC2_CBC[rc2]
  AES_CTR[af-alg]
  CAMELLIA_CBC[af-alg]
  CAMELLIA_CTR[af-alg]
  CAST_CBC[af-alg]
  BLOWFISH_CBC[af-alg]
  SERPENT_CBC[af-alg]
  TWOFISH_CBC[af-alg]
  TSR_ECB[af-alg]    //here
```


I also modify code in 
- esp proposal
- libstrongswan/crypter
- af_alg_plugin

to recognize the algorithm I defined.

## configure command
`./configure --prefix=/usr --sysconfdir=/etc --with-systemdsystemunitdir=/lib/systemd/system --enable-af-alg
`

## log and config in moon
When the moon end is initialized, the log is printed as:
```
#sudo /usr/libexec/ipsec/charon &


00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 4.15.0-20-generic, x86_64)
00[KNL] unable to create IPv4 routing table rule
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG]   loaded ca certificate "C=CH, O=strongSwan Project, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/moonKey.pem'
00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem af-alg fips-prf gmp curve25519 xcbc cmac hmac drbg attr kernel-netlink resolve socket-default stroke vici updown xauth-generic counters
```


The configuration code of the moon end is:
```
#/etc/strongswan.conf - strongSwan configuration file

swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
}

charon-systemd {
load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
  integrity_test = yes
  crypto_test {
    on_add = yes
  }

  filelog {
path = /var/log/charon.log
time_format = %b %e %T
ike_name = yes
append = no
default = 5
flush_line = yes
  }
}

#/etc/swanctl/swanctl.conf
connections {

   rw {
      local_addrs  = 192.168.0.1

      local {
         auth = pubkey
         certs = moonCert.pem
         id = moon.strongswan.org
      }
      remote {
         auth = pubkey
      }
      children {
         net {
            local_ts  = 10.1.0.0/16 

            updown = /usr/local/libexec/ipsec/_updown iptables
esp_proposals = tsr128ecb-sha256-modp3072

         }
      }
      version = 2
 proposals = aes128-sha256-modp3072,3des-sha1-modp1536 
   }
}

```

## config in carol
The configuration code of carol end is:

```
connections {

   home {
      local_addrs  = 192.168.0.100
      remote_addrs = 192.168.0.1 

      local {
         auth = pubkey
         certs = carolCert.pem
         id = carol at strongswan.org
      }
      remote {
         auth = pubkey
         id = moon.strongswan.org 
      }
      children {
         home {
            remote_ts = 10.1.0.0/16 

            updown = /usr/local/libexec/ipsec/_updown iptables
            esp_proposals = tsr128ecb-sha256-modp3072
         }
      }
      version = 2
      proposals = 3des-sha1-modp1536 
   }
}

```



黄静波   (软件工程师)
Institute of Microelectronics Tsinghua University 
Mobile:18101359513

huangjingbo at mail.tsinghua.edu.cn


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20200322/7098d233/attachment-0001.html>

More information about the Users mailing list