search

openwrt / packages

Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
GNU General Public License v2.0
4.01k stars 3.48k forks source link

libreswan: pluto selftest fail #15140

Open weiyu10 opened 3 years ago

weiyu10 commented 3 years ago

Maintainer: @lucize Environment: openwrt-19.07.7-x86-64 virtualbox

Description:

plutolog

Pluto initialized
Mar 16 11:26:19.533324: NSS DB directory: sql:/etc/ipsec.d
Mar 16 11:26:19.533494: Initializing NSS
Mar 16 11:26:19.533726: Opening NSS database "sql:/etc/ipsec.d" read-only
Mar 16 11:26:19.537941: NSS initialized
Mar 16 11:26:19.538090: NSS crypto library initialized
Mar 16 11:26:19.538167: FIPS HMAC integrity support [disabled]
Mar 16 11:26:19.538566: libcap-ng support [disabled]
Mar 16 11:26:19.538792: Linux audit support [disabled]
Mar 16 11:26:19.539039: Starting Pluto (Libreswan Version 3.27 XFRM(netkey) KLIPS FORK PTHREAD_SETSCHEDPRIO NSS) pid:21741
Mar 16 11:26:19.539331: core dump dir: /var/run/pluto
Mar 16 11:26:19.539840: secrets file: /etc/ipsec.secrets
Mar 16 11:26:19.539933: leak-detective disabled
Mar 16 11:26:19.540011: NSS crypto [enabled]
Mar 16 11:26:19.540186: XAUTH PAM support [disabled]
Mar 16 11:26:19.540941: NAT-Traversal support  [enabled]
Mar 16 11:26:19.541099: Initializing libevent in pthreads mode: headers: 2.1.11-stable (2010b00); library: 2.1.11-stable (2010b00)
Mar 16 11:26:19.541823: Encryption algorithms:
Mar 16 11:26:19.541953:   AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
Mar 16 11:26:19.542173:   AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
Mar 16 11:26:19.542613:   AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
Mar 16 11:26:19.543119:   3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
Mar 16 11:26:19.543365:   CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
Mar 16 11:26:19.544171:   CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
Mar 16 11:26:19.544408:   AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
Mar 16 11:26:19.544814:   AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
Mar 16 11:26:19.545029:   AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
Mar 16 11:26:19.545913:   AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
Mar 16 11:26:19.546233:   AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
Mar 16 11:26:19.546569:   SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
Mar 16 11:26:19.546889:   TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
Mar 16 11:26:19.547213:   TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
Mar 16 11:26:19.547579:   NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}  aes_gmac
Mar 16 11:26:19.547849:   NULL                    IKEv1:     ESP     IKEv2:     ESP           []
Mar 16 11:26:19.548144:   CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Mar 16 11:26:19.548480: Hash algorithms:
Mar 16 11:26:19.548649:   MD5                     IKEv1: IKE         IKEv2:
Mar 16 11:26:19.549038:   SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
Mar 16 11:26:19.549477:   SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
Mar 16 11:26:19.549894:   SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
Mar 16 11:26:19.550134:   SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
Mar 16 11:26:19.550462: PRF algorithms:
Mar 16 11:26:19.550534:   HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
Mar 16 11:26:19.550765:   HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
Mar 16 11:26:19.551003:   HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
Mar 16 11:26:19.551235:   HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
Mar 16 11:26:19.551470:   HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
Mar 16 11:26:19.551778:   AES_XCBC                IKEv1:             IKEv2: IKE         FIPS  aes128_xcbc
Mar 16 11:26:19.552003: Integrity algorithms:
Mar 16 11:26:19.552067:   HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
Mar 16 11:26:19.552280:   HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
Mar 16 11:26:19.552496:   HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, hmac_sha2_512
Mar 16 11:26:19.552712:   HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, hmac_sha2_384
Mar 16 11:26:19.552925:   HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, hmac_sha2_256
Mar 16 11:26:19.553142:   HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH
Mar 16 11:26:19.553425:   AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH  FIPS  aes_xcbc, aes128_xcbc, aes128_xcbc_96
Mar 16 11:26:19.553619:   AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
Mar 16 11:26:19.553958:   NONE                    IKEv1:     ESP     IKEv2:     ESP     FIPS  null
Mar 16 11:26:19.554460: DH algorithms:
Mar 16 11:26:19.554590:   NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
Mar 16 11:26:19.554803:   MODP1024                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh2
Mar 16 11:26:19.555007:   MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
Mar 16 11:26:19.555203:   MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
Mar 16 11:26:19.555400:   MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
Mar 16 11:26:19.555602:   MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
Mar 16 11:26:19.555798:   MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
Mar 16 11:26:19.555993:   MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
Mar 16 11:26:19.556192:   DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256
Mar 16 11:26:19.556394:   DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384
Mar 16 11:26:19.556621:   DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521
Mar 16 11:26:19.556793:   DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
Mar 16 11:26:19.557346: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.557440: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.557777: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.557929: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.558182: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.558332: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.558586: NSS: AEAD decryption using AES_GCM_16_128 and PK11_Decrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.558732: NSS: AEAD encryption using AES_GCM_16_128 and PK11_Encrypt() failed (SECERR: 2 (0x2): security library: received bad data.)
Mar 16 11:26:19.558938: ABORT: ASSERTION FAILED: test_gcm_vectors(&ike_alg_encrypt_aes_gcm_16, aes_gcm_tests) (in test_ike_alg() at ike_alg_test.c:34)
lucize commented 3 years ago

Maybe you are missing some crypto kernel modules, not all modules are added as a dependency on the default installation

nlindq-maei commented 3 years ago

I'm having the same issue. Noting your reply, I manually installed all available kmod-crypto modules (with the exception of the hardware offloading modules as they're not relevant) but the problem persists.

I did note that the installed version of libreswan is 3.27, and the installed libnss version is 3.55.

There seems to have been a libreswan issue revealed between libnss 3.51 and 3.52 reported here and here which later versions of libreswan were updated to handle; what version of libnss was the current libreswan built against?

My setup is OpenWRT 19.07.7 version running on Linksys WRT3200ACM, btw.

weiyu10 commented 3 years ago

@lucize I manually installed all available kmod-crypto modules,but the problem persists. lsmod:

ablk_helper            12288  7 twofish_avx_x86_64,serpent_avx2,serpent_avx_x86_64,cast6_avx_x86_64,cast5_avx_x86_64,camellia_aesni_avx2,camellia_aesni_avx_x86_64
af_alg                 16384  2 algif_skcipher,algif_hash
af_key                 28672  0
ah4                    16384  0
ah6                    12288  0
akcipher               12288  1 rsa_generic
algif_hash             12288  0
algif_skcipher         12288  0
anubis                 16384  0
asn1_decoder           12288  1 rsa_generic
authenc                12288  0
blowfish_common        16384  1 blowfish_x86_64
blowfish_x86_64        20480  0
bnx2                   69632  0
button_hotplug         12288  0
camellia_aesni_avx_x86_64   28672  1 camellia_aesni_avx2
camellia_aesni_avx2    28672  0
camellia_generic       24576  0
camellia_x86_64        49152  2 camellia_aesni_avx2,camellia_aesni_avx_x86_64
cast_common            12288  4 cast6_avx_x86_64,cast6_generic,cast5_avx_x86_64,cast5_generic
cast5_avx_x86_64       49152  0
cast5_generic          20480  1 cast5_avx_x86_64
cast6_avx_x86_64       69632  0
cast6_generic          20480  1 cast6_avx_x86_64
cbc                    12288  0
ccm                    16384  0
ccp                    53248  0
cmac                   12288  0
crc_ccitt              12288  1 ppp_async
crypto_acompress       12288  1 deflate
cryptodev              36864  0
ctr                    12288  0
cts                    12288  0
deflate                 8192  0
des_generic            20480  0
drbg                   24576  0
e1000                  90112  0
e1000e                147456  0
ecdh_generic           20480  0
echainiv                8192  0
esp4                   16384  0
esp6                   16384  0
fcrypt                 12288  0
gcm                    16384  0
ghash_generic           8192  0
hmac                   12288  0
i2c_dev                12288  0
igb                   131072  0
ip_tables              16384  4 iptable_nat,iptable_mangle,iptable_filter
ip_tunnel              20480  1 ip_vti
ip_vti                 12288  0
ip6_tables             16384 24 ip6table_mangle,ip6table_filter
ip6_tunnel             28672  1 ip6_vti
ip6_vti                16384  0
ip6t_REJECT            12288  2
ip6table_filter        12288  1
ip6table_mangle        12288  1
ipcomp                 12288  0
ipcomp6                12288  0
ipt_MASQUERADE         12288  1
ipt_REJECT             12288  2
ipt_ah                  8192  0
iptable_filter         12288  1
iptable_mangle         12288  1
iptable_nat            12288  1
jitterentropy_rng      12288  0
khazad                 28672  0
kpp                    12288  1 ecdh_generic
md4                     8192  0
md5                    12288  0
michael_mic             8192  0
mii                    12288  1 r8169
mpi                    20480  1 rsa_generic
nf_conntrack           65536 13 nf_conntrack_ipv6,ipt_MASQUERADE,xt_state,xt_nat,xt_conntrack,xt_REDIRECT,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat_ipv4,nf_nat,nf_flow_table,nf_conntrack_rtcache
nf_conntrack_ipv4      12288 11
nf_conntrack_ipv6      12288  5
nf_conntrack_rtcache   12288  0
nf_defrag_ipv4         12288  1 nf_conntrack_ipv4
nf_defrag_ipv6         12288  1 nf_conntrack_ipv6
nf_flow_table          20480  2 xt_FLOWOFFLOAD,nf_flow_table_hw
nf_flow_table_hw       12288  1
nf_log_common          12288  2 nf_log_ipv4,nf_log_ipv6
nf_log_ipv4            12288  0
nf_log_ipv6            12288  0
nf_nat                 20480  4 xt_nat,nf_nat_redirect,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_nat_ipv4            12288  1 iptable_nat
nf_nat_masquerade_ipv4   12288  1 ipt_MASQUERADE
nf_nat_redirect        12288  1 xt_REDIRECT
nf_reject_ipv4         12288  1 ipt_REJECT
nf_reject_ipv6         12288  1 ip6t_REJECT
pcbc                   12288  0
ppp_async              16384  0
ppp_generic            28672  3 pppoe,ppp_async,pppox
pppoe                  16384  0
pppox                  12288  1 pppoe
pps_core               12288  1 ptp
ptp                    16384  2 e1000e,igb
r8169                  65536  0
rmd160                 16384  0
rsa_generic            16384  0
seqiv                   8192  0
serpent_avx_x86_64     49152  1 serpent_avx2
serpent_avx2           49152  0
serpent_generic        24576  2 serpent_avx2,serpent_avx_x86_64
sha1_generic           12288  2 sha1_ssse3,ccp
sha1_ssse3             28672  0
sha256_generic         16384  2 sha256_ssse3,ccp
sha256_ssse3           28672  0
sha512_generic         12288  1 sha512_ssse3
sha512_ssse3           40960  0
slhc                   12288  1 ppp_generic
tea                     8192  0
tgr192                 16384  0
tun                    28672  0
tunnel4                12288  2 ip_vti,xfrm4_tunnel
tunnel6                12288  2 xfrm6_tunnel,ip6_tunnel
twofish_avx_x86_64     53248  0
twofish_common         20480  3 twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64
twofish_x86_64         12288  2 twofish_avx_x86_64,twofish_x86_64_3way
twofish_x86_64_3way    28672  1 twofish_avx_x86_64
wp512                  28672  0
x_tables               20480 27 ipt_REJECT,ipt_MASQUERADE,xt_time,xt_tcpudp,xt_state,xt_policy,xt_nat,xt_multiport,xt_mark,xt_mac,xt_limit,xt_esp,xt_conntrack,xt_comment,xt_TCPMSS,xt_REDIRECT,xt_LOG,xt_FLOWOFFLOAD,xt_CT,iptable_mangle,iptable_filter,ipt_ah,ip_tables,ip6table_mangle,ip6table_filter,ip6_tables,ip6t_REJECT
xcbc                   12288  0
xfrm_algo              12288  7 esp6,ah6,esp4,ah4,xfrm_user,xfrm_ipcomp,af_key
xfrm_ipcomp            12288  2 ipcomp6,ipcomp
xfrm_user              28672  0
xfrm4_mode_beet         8192  0
xfrm4_mode_transport    8192  0
xfrm4_mode_tunnel       8192  0
xfrm4_tunnel           12288  0
xfrm6_mode_beet         8192  0
xfrm6_mode_transport    8192  0
xfrm6_mode_tunnel       8192  0
xfrm6_tunnel           12288  1 ipcomp6
xt_CT                  12288  0
xt_FLOWOFFLOAD         12288  0
xt_LOG                 12288  0
xt_REDIRECT            12288  0
xt_TCPMSS              12288  4
xt_comment              8192127
xt_conntrack           12288 14
xt_esp                  8192  0
xt_limit               12288 20
xt_mac                  8192  0
xt_mark                 8192  0
xt_multiport            8192  0
xt_nat                 12288  0
xt_policy              12288  0
xt_state               12288  0
xt_tcpudp               8192 12
xt_time                12288  0
lucize commented 3 years ago

I don't have at the moment a 19.07 test system, can you build your own packages ? try to copy the nspr,nss and libreswan from master and build against the same kernel it should work in replacing the release packages

nlindq-maei commented 3 years ago

I don't currently have a build environment set up, but I might be able to do that. Is there a particular docker build image I should look for? Alternatively, as you're not running 19.07 yourself, is there an older supported release I could install to get this working? Units aren't deployed yet so that's an option for me.

lucize commented 3 years ago

newer versions of libreswan don't depend on kernel, you may try to use packages from master, but I'll prepare a vm also

lucize commented 3 years ago

using just the newer nss and nspr didn't helped but now I'm a bit curious about this xfrm interface is not supported on 4.14 kernel so we can force ignore that dependency

LE: binary from master (some force overwrite) the other dependencies are libcap-ng libevent27 libsqlite30 libldns libunbound

pluto[2723]: Initializing NSS using read-write database "sql:/etc/ipsec.d"
pluto[2723]: FIPS Mode: NO
pluto[2723]: NSS crypto library initialized
pluto[2723]: FIPS mode disabled for pluto daemon
pluto[2723]: FIPS HMAC integrity support [disabled]
pluto[2723]: libcap-ng support [enabled]
pluto[2723]: Linux audit support [disabled]
pluto[2723]: Starting Pluto (Libreswan Version 4.3 IKEv2 IKEv1 XFRM(netkey) XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC LIBCAP_NG) pid:2723
pluto[2723]: core dump dir: /var/run/pluto
pluto[2723]: secrets file: /etc/ipsec.secrets
pluto[2723]: leak-detective disabled
pluto[2723]: NSS crypto [enabled]
pluto[2723]: XAUTH PAM support [disabled]
pluto[2723]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
pluto[2723]: NAT-Traversal support  [enabled]
pluto[2723]: Encryption algorithms:
pluto[2723]:   AES_CCM_16         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm, aes_ccm_c
pluto[2723]:   AES_CCM_12         {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_b
pluto[2723]:   AES_CCM_8          {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_ccm_a
pluto[2723]:   3DES_CBC           [*192]         IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     3des
pluto[2723]:   CAMELLIA_CTR       {256,192,*128} IKEv1:     ESP     IKEv2:     ESP
pluto[2723]:   CAMELLIA_CBC       {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP          NSS(CBC)     camellia
pluto[2723]:   AES_GCM_16         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm, aes_gcm_c
pluto[2723]:   AES_GCM_12         {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_b
pluto[2723]:   AES_GCM_8          {256,192,*128} IKEv1:     ESP     IKEv2: IKE ESP     FIPS NSS(GCM)     aes_gcm_a
pluto[2723]:   AES_CTR            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CTR)     aesctr
pluto[2723]:   AES_CBC            {256,192,*128} IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS NSS(CBC)     aes
pluto[2723]:   NULL_AUTH_AES_GMAC {256,192,*128} IKEv1:     ESP     IKEv2:     ESP     FIPS              aes_gmac
pluto[2723]:   NULL               []             IKEv1:     ESP     IKEv2:     ESP
pluto[2723]:   CHACHA20_POLY1305  [*256]         IKEv1:             IKEv2: IKE ESP          NSS(AEAD)    chacha20poly1305
pluto[2723]: Hash algorithms:
pluto[2723]:   MD5                               IKEv1: IKE         IKEv2:                  NSS
pluto[2723]:   SHA1                              IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha
pluto[2723]:   SHA2_256                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256
pluto[2723]:   SHA2_384                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384
pluto[2723]:   SHA2_512                          IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512
pluto[2723]: PRF algorithms:
pluto[2723]:   HMAC_MD5                          IKEv1: IKE         IKEv2: IKE              native(HMAC) md5
pluto[2723]:   HMAC_SHA1                         IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha, sha1
pluto[2723]:   HMAC_SHA2_256                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha2, sha256, sha2_256
pluto[2723]:   HMAC_SHA2_384                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha384, sha2_384
pluto[2723]:   HMAC_SHA2_512                     IKEv1: IKE         IKEv2: IKE         FIPS NSS          sha512, sha2_512
pluto[2723]:   AES_XCBC                          IKEv1:             IKEv2: IKE              native(XCBC) aes128_xcbc
pluto[2723]: Integrity algorithms:
pluto[2723]:   HMAC_MD5_96                       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       native(HMAC) md5, hmac_md5
pluto[2723]:   HMAC_SHA1_96                      IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha, sha1, sha1_96, hmac_sha1
pluto[2723]:   HMAC_SHA2_512_256                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha512, sha2_512, sha2_512_256, hmac_sha2_512
pluto[2723]:   HMAC_SHA2_384_192                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha384, sha2_384, sha2_384_192, hmac_sha2_384
pluto[2723]:   HMAC_SHA2_256_128                 IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS          sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
pluto[2723]:   HMAC_SHA2_256_TRUNCBUG            IKEv1:     ESP AH  IKEv2:         AH
pluto[2723]:   AES_XCBC_96                       IKEv1:     ESP AH  IKEv2: IKE ESP AH       native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
pluto[2723]:   AES_CMAC_96                       IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS              aes_cmac
pluto[2723]:   NONE                              IKEv1:     ESP     IKEv2: IKE ESP     FIPS              null
pluto[2723]: DH algorithms:
pluto[2723]:   NONE                              IKEv1:             IKEv2: IKE ESP AH  FIPS NSS(MODP)    null, dh0
pluto[2723]:   MODP1536                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH       NSS(MODP)    dh5
pluto[2723]:   MODP2048                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh14
pluto[2723]:   MODP3072                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh15
pluto[2723]:   MODP4096                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh16
pluto[2723]:   MODP6144                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh17
pluto[2723]:   MODP8192                          IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS NSS(MODP)    dh18
pluto[2723]:   DH19                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_256, ecp256
pluto[2723]:   DH20                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_384, ecp384
pluto[2723]:   DH21                              IKEv1: IKE         IKEv2: IKE ESP AH  FIPS NSS(ECP)     ecp_521, ecp521
pluto[2723]:   DH31                              IKEv1: IKE         IKEv2: IKE ESP AH       NSS(ECP)     curve25519
pluto[2723]: testing CAMELLIA_CBC:
pluto[2723]:   Camellia: 16 bytes with 128-bit key
pluto[2723]:   Camellia: 16 bytes with 128-bit key
pluto[2723]:   Camellia: 16 bytes with 256-bit key
pluto[2723]:   Camellia: 16 bytes with 256-bit key
pluto[2723]: testing AES_GCM_16:
pluto[2723]:   empty string
pluto[2723]:   one block
pluto[2723]:   two blocks
pluto[2723]:   two blocks with associated data
pluto[2723]: testing AES_CTR:
pluto[2723]:   Encrypting 16 octets using AES-CTR with 128-bit key
pluto[2723]:   Encrypting 32 octets using AES-CTR with 128-bit key
pluto[2723]:   Encrypting 36 octets using AES-CTR with 128-bit key
pluto[2723]:   Encrypting 16 octets using AES-CTR with 192-bit key
pluto[2723]:   Encrypting 32 octets using AES-CTR with 192-bit key
pluto[2723]:   Encrypting 36 octets using AES-CTR with 192-bit key
pluto[2723]:   Encrypting 16 octets using AES-CTR with 256-bit key
pluto[2723]:   Encrypting 32 octets using AES-CTR with 256-bit key
pluto[2723]:   Encrypting 36 octets using AES-CTR with 256-bit key
pluto[2723]: testing AES_CBC:
pluto[2723]:   Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
pluto[2723]:   Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
pluto[2723]:   Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
pluto[2723]:   Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
pluto[2723]: testing AES_XCBC:
pluto[2723]:   RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
pluto[2723]:   RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
pluto[2723]:   RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
pluto[2723]:   RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
pluto[2723]:   RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
pluto[2723]:   RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
pluto[2723]:   RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
pluto[2723]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
pluto[2723]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
pluto[2723]:   RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
pluto[2723]: testing HMAC_MD5:
pluto[2723]:   RFC 2104: MD5_HMAC test 1
pluto[2723]:   RFC 2104: MD5_HMAC test 2
pluto[2723]:   RFC 2104: MD5_HMAC test 3
pluto[2723]: 2 CPU cores online
pluto[2723]: starting up 2 helper threads
pluto[2723]: started thread for helper 0
pluto[2723]: started thread for helper 1
pluto[2723]: using Linux xfrm kernel support code on #0 SMP Mon Feb 15 15:22:37 2021
pluto[2723]: seccomp security for helper not supported
pluto[2723]: seccomp security for helper not supported
pluto[2723]: seccomp security not supported
pluto[2723]: "ikev1": added IKEv1 connection
pluto[2723]: "ikev1-nat": added IKEv1 connection
pluto[2723]: listening for IKE messages
pluto[2723]: Kernel supports NIC esp-hw-offload
pluto[2723]: adding UDP interface eth0 10.160.20.206:500
pluto[2723]: adding UDP interface eth0 10.160.20.206:4500
pluto[2723]: adding UDP interface lo 127.0.0.1:500
pluto[2723]: adding UDP interface lo 127.0.0.1:4500
pluto[2723]: adding UDP interface lo [::1]:500
pluto[2723]: loading secrets from "/etc/ipsec.secrets"
nlindq-maei commented 3 years ago

Have you tried applying the patch for libreswan referenced in one of my prior links? I expect the patch is against a newer version than 3.27, but may still work... (haven't finished setting up my own build environment yet, btw)

lucize commented 3 years ago

@nlindq-maei yes https://github.com/openwrt/packages/blob/f98158b75518bc7096a96cc8ac7b461be149821e/net/libreswan/patches/030-fix_nss_3.52.patch fixes the build, so there is no other way than rebuild the package

lucize commented 3 years ago

I still don't know how make a PR against stable branch

nlindq-maei commented 3 years ago

I trust there's someone in the OpenWRT dev team who can help with that... in the meantime, would it be feasible to attach the updated .ipk to this ticket? I could download and apply the package manually to test the fix here; that'd get us by until stable branch is updated.

lucize commented 3 years ago

search all the packages mentioned in the download section https://downloads.openwrt.org/snapshots/targets/

nlindq-maei commented 3 years ago

I'm curious what the release philosophy for OpenWRT as it pertains to version upgrades might be--is it preferable to upgrade to the latest version of libreswan in the stable branch, or use the "release" version with the backported fix? If it works, I'm fine either way--just curious whether there are guidelines as to the desired approach.

lucize commented 3 years ago

depends of your usage, I always use master on my scenario, but if you have some application that are not in tree, then you have to stick with compatibility

nlindq-maei commented 3 years ago

I was able to install the snapshot build of libreswan 4.3-1 along with libcap-ng, libldns and libunbound, though I had to force install a couple of them. There's no revised libevent package in the snapshot downloads, and for some reason it doesn't recognize the current stable libevent2-7 package as satisfying dependencies, but the dynamic library appears to be linked properly even so.

It starts successfully and I was able to configure and establish a tunnel with another endpoint.

Do you know whether the "fixed" version for the stable branch will end up being 3.27 with the patch, or would you move to the latest release including the additional support libraries adapted for stable?

lucize commented 3 years ago

I think it will be only with 3.27, libevent is in the base folder, not in packages

weiyu10 commented 3 years ago

I used snapshot image to test the IPSec function, and the problem has been solved

nlindq-maei commented 3 years ago

Do you know whether the patched 3.27 package has been integrated into stable yet? If not, do you know when?

lucize commented 3 years ago

this should fix it https://github.com/openwrt/packages/pull/15295

nlindq-maei commented 3 years ago

Yep! I uninstalled the snapshot libreswan and library dependencies I'd installed manually; then installed libreswan from the stable repo and everything is now working perfectly. Thanks very much!