search

openwrt / packages

Community maintained packages for OpenWrt. Documentation for submitting pull requests is in CONTRIBUTING.md
GNU General Public License v2.0
4.01k stars 3.48k forks source link

strongswan: Function not implemented with chacha20poly1305 #19270

Open lowjoel opened 2 years ago

lowjoel commented 2 years ago

Maintainer: @pprindeville @Thermi (find it by checking history of the package Makefile) Environment: Linksys E8450 (aarch64)/Linksys WRT1900ACS (armv7), OpenWrt 22.03-rc6 Description:

@xwang1498 in #18192 and openwrt/openwrt#9951, together with @pprindeville in #18654 implemented support for chacha20poly1305 in master. The kmod change and was backported to 22.03-rc5 (openwrt/openwrt@3cfe050c4a683ecef25d6ded05b1d240921a121a), but not #18654. Regardless of #18654 being backported, it should be sufficient to manually install kmod-crypto-chacha20poly1305:

$ opkg list-installed | grep cha
kmod-crypto-chacha20poly1305 - 5.10.134-1
kmod-crypto-echainiv - 5.10.134-1
strongswan-charon - 5.9.5-8
strongswan-mod-chapoly - 5.9.5-8

However, when trying to negotiate chacha20poly1305, the kernel still returns Function not implemented:

Sun Aug 28 09:21:08 2022 daemon.info ipsec: 16[KNL] received netlink error: Function not implemented (38)
Sun Aug 28 09:21:08 2022 daemon.info ipsec: 16[KNL] unable to add SAD entry with SPI XXXXXXXX (FAILED)
Sun Aug 28 09:21:09 2022 daemon.info ipsec: 16[KNL] received netlink error: Function not implemented (38)
Sun Aug 28 09:21:09 2022 daemon.info ipsec: 16[KNL] unable to add SAD entry with SPI YYYYYYYY (FAILED)
Sun Aug 28 09:21:09 2022 daemon.info ipsec: 16[IKE] unable to install inbound and outbound IPsec SA (SAD) in kernel
Sun Aug 28 09:21:09 2022 daemon.info ipsec: 16[IKE] failed to establish CHILD_SA, keeping IKE_SA
Sun Aug 28 09:21:09 2022 daemon.info ipsec: 16[ENC] generating CREATE_CHILD_SA response 0 [ N(NO_PROP) ]

I'm not sure if this is a problem with my config or if it's a problem elsewhere:

/var/swanctl/swanctl.conf:

...
    children {
      .... {
        ....
        esp_proposals = chacha20poly1305-curve448,aes256gcm128-curve448,aes256gcm128-modp4096
        ....
      }
    }
...

Removing esp_chacha20poly1305_curve448 does allow phase2 to be negotiated and the tunnel is set up (using aes). Did I miss anything here?

Thermi commented 2 years ago

currently running kernel and kernel the module is installed for might be different. Check that.

lowjoel commented 2 years ago

I think this means that they are the same?

#  uname -a
Linux ZZZZZZZZ 5.10.134 #0 SMP Sun Jul 31 15:12:47 2022 armv7l GNU/Linux
#  opkg list-installed | grep cha
kmod-crypto-chacha20poly1305 - 5.10.134-1
kmod-crypto-echainiv - 5.10.134-1
strongswan-charon - 5.9.5-8
strongswan-mod-chapoly - 5.9.5-8

The module also seems to be loaded:

#  lsmod | grep chacha
chacha20poly1305       12288  0
Thermi commented 2 years ago

Does it appear in /proc/crypto? You need rfc7539esp(chacha20,poly1305).

lowjoel commented 2 years ago

OK, that's weird:

#  grep rfc7539 /proc/crypto | wc -l
0
# grep chacha /proc/crypto | wc -l
0

So the module is loaded but doesn't appear in /proc/crypto. This is happening on two different pieces of hardware (on two different architectures: armv7 and aarch64). What's weirder is that @xwang1498 tested on a WRT3200ACM, which should also be armv7 (the newer version of my WRT1900ACS).

Maybe there's a dependency somewhere that's not included?

Thermi commented 2 years ago

Maybe. Probably a kernel config issue.

lowjoel commented 2 years ago

@Thermi I guessed that maybe CONFIG_CRYPTO_CHACHA20 and CONFIG_CRYPTO_POLY1305 is needed. I tried adding it in openwrt/openwrt#10551, and I get this:

#  grep -E 'rfc|chacha|poly1305' /proc/crypto
name         : xchacha12
driver       : xchacha12-neon
module       : chacha_neon
name         : xchacha20
driver       : xchacha20-neon
module       : chacha_neon
name         : chacha20
driver       : chacha20-neon
module       : chacha_neon
name         : poly1305
driver       : poly1305-neon
module       : poly1305_neon
name         : poly1305
driver       : poly1305-generic
module       : poly1305_generic
name         : xchacha12
driver       : xchacha12-generic
module       : chacha_generic
name         : xchacha20
driver       : xchacha20-generic
module       : chacha_generic
name         : chacha20
driver       : chacha20-generic
module       : chacha_generic
name         : seqiv(rfc4106(gcm(aes)))
driver       : seqiv(rfc4106(gcm-aes-ce))
name         : rfc4106(gcm(aes))
driver       : rfc4106(gcm-aes-ce)
# lsmod | grep -E 'chacha|poly13'
chacha_generic         12288  0 [permanent]
chacha_neon            20480  0
chacha20poly1305       12288  0 [permanent]
libchacha              12288  2 chacha_neon,chacha_generic
libpoly1305            12288  1 poly1305_generic
poly1305_generic       12288  0 [permanent]
poly1305_neon          16384  0 [permanent]

So it's getting closer, but no rfc7539esp(chacha20,poly1305). 😢

lowjoel commented 2 years ago

@Thermi the crypto module seems to be loaded on demand. I pushed through the config and with openwrt/openwrt#10551 I can get it established (needed to compile for both my hardware):

  child2: #2, reqid 2, INSTALLED, TUNNEL, ESP:CHACHA20_POLY1305/CURVE_448

Let me try to figure out if I'm submitting the kernel change correctly.