Open bomebao opened 4 years ago
bomebao
commented
4 years ago 问题补充: 找到了程序不能识别sm4cbc的原因,是因为在编译时,执行make命令,如下三个文件生成发生错误 /src/starter/keywords.c /src/stroke/stroke_keywords.c /src/libstrongswan/crypto/proposal/proposal_keywords_static.c sed命令报出-m参数错误,我的解决办法是将strognswan5.7的C文件拷贝过来,越过了错误,导致不能识别关键字“sm4cbc”。 现在的问题是,如何解决sed命令报出 -m 参数的错误
bomebao
commented
4 years ago 上一个问题找到了源头,是如下三个问题生成失败导致 /src/starter/keywords.c /src/stroke/stroke_keywords.c /src/libstrongswan/crypto/proposal/proposal_keywords_static.c 三个文件在make过程中,内容为空。 报错是sed 命令不支持-m参数,请问应该在哪里找错误? 或是我能如何手动生成以上三个.c文件?
bomebao
commented
4 years ago 我的编译环境是linux18.04 Linux ubuntu 4.15.0-108-generic #109-Ubuntu SMP Fri Jun 19 11:33:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux 是否应该修改build.sh文件的内容?
bomebao
commented
4 years ago 又有了一些进展: 生成proposal_keywords_static.c文件错误的语句是: $(srcdir)/crypto/proposal/proposal_keywords_static.c: $(srcdir)/crypto/proposal/proposal_keywords_static.txt \ $(srcdir)/crypto/proposal/proposal_keywords_static.h $(AM_V_GEN) \ $(GPERF) -N proposal_get_token_static -m 10 -C -G -c -t -D < \ $(srcdir)/crypto/proposal/proposal_keywords_static.txt > $@
而以上错误的源头是$(GPERF) 变量是空。猜测是configure执行时,配置错误导致$(GPERF) 变量是空。
bomebao
commented
4 years ago 安装gperf解决问题,谢谢作者的帮助
大家好,我遇到一个问题,配置文件中的sm4cbc不能被识别。在strongswan已经安装的条件下,安装readme说明,使用sm2.sh生成了证书,然后运行初始化及run脚本,出现了配置运行失败。
以下是默认配置中,设置“proposals = sm4cbc-sm3-sm2dh”的情况: 1、run.sh的输出 sudo ./run.sh [sudo] password for bome: Sorry, try again. [sudo] password for bome: loaded certificate from '/ipsec/etc/swanctl/x509/client.cert.pem' loaded certificate from '/ipsec/etc/swanctl/x509/server.cert.pem' loaded certificate from '/ipsec/etc/swanctl/x509ca/ca.cert.pem' loaded sm2 key from '/ipsec/etc/swanctl/private/server.key.pem' loaded sm2 key from '/ipsec/etc/swanctl/private/client.key.pem' loaded xauth secret 'xauth-client' no authorities found, 0 unloaded no pools found, 0 unloaded loading connection 'host-host' failed: invalid value for: proposals, config discarded loaded 0 of 1 connections, 1 failed to load, 0 unloaded initiate failed: CHILD_SA config 'host-host' not found 2、init_server.sh的输出 sudo ./init_server.sh charon: no process found bome@ubuntu:~/strongswan-gmalg-master/testing/tests/gmalg$ 00[DMN] Starting IKE charon daemon (strongSwan 5.7.0dr8, Linux 4.15.0-106-generic, x86_64) 00[CFG] loading ca certificates from '/ipsec/etc/ipsec.d/cacerts' 00[CFG] loading aa certificates from '/ipsec/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/ipsec/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/ipsec/etc/ipsec.d/acerts' 00[CFG] loading crls from '/ipsec/etc/ipsec.d/crls' 00[CFG] loading secrets from '/ipsec/etc/ipsec.secrets' 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem gmalg fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic counters 00[JOB] spawning 16 worker threads 08[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN Client' 05[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN Server' 12[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN CA' 12[CFG] loaded SM2 private key 12[CFG] loaded SM2 private key 12[CFG] loaded EAP shared key with id 'xauth-client' for: 'client' 12[CFG] algorithm 'sm4cbc' not recognized 11[CFG] vici initiate 'host-host' 以上可以看到gmalg已经加载,sm2的密钥加载没有问题。
以下是默认配置中,修改proposals为“proposals = aes128-sha256-ecp256”的情况: 1、run.sh的输出 $ sudo ./run.sh loaded certificate from '/ipsec/etc/swanctl/x509/client.cert.pem' loaded certificate from '/ipsec/etc/swanctl/x509/server.cert.pem' loaded certificate from '/ipsec/etc/swanctl/x509ca/ca.cert.pem' loaded sm2 key from '/ipsec/etc/swanctl/private/server.key.pem' loaded sm2 key from '/ipsec/etc/swanctl/private/client.key.pem' loaded xauth secret 'xauth-client' no authorities found, 0 unloaded no pools found, 0 unloaded loading connection 'host-host' failed: invalid value for: esp_proposals, config discarded loaded 0 of 1 connections, 1 failed to load, 0 unloaded initiate failed: CHILD_SA config 'host-host' not found 2、init_server.sh的输出 00[DMN] signal of type SIGTERM received. Shutting down 00[DMN] Starting IKE charon daemon (strongSwan 5.7.0dr8, Linux 4.15.0-106-generic, x86_64) 00[CFG] loading ca certificates from '/ipsec/etc/ipsec.d/cacerts' 00[CFG] loading aa certificates from '/ipsec/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/ipsec/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/ipsec/etc/ipsec.d/acerts' 00[CFG] loading crls from '/ipsec/etc/ipsec.d/crls' 00[CFG] loading secrets from '/ipsec/etc/ipsec.secrets' 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem gmalg fips-prf curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic counters 00[JOB] spawning 16 worker threads 08[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN Client' 05[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN Server' 12[CFG] loaded certificate 'C=cn, O=ilove, CN=VPN CA' 12[CFG] loaded SM2 private key 12[CFG] loaded SM2 private key 12[CFG] loaded EAP shared key with id 'xauth-client' for: 'client' 12[CFG] algorithm 'sm4cbc' not recognized 11[CFG] vici initiate 'host-host' 以上可以看到gmalg已经加载,sm2的密钥加载没有问题。 请问我应该如何处理以上问题。