Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 643978 - net-vpn/strongswan support chapoly and newhope plugins
Summary: net-vpn/strongswan support chapoly and newhope plugins
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal enhancement
Assignee: Patrick Lauer
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-09 03:06 UTC by Terra
Modified: 2018-09-02 19:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Terra 2018-01-09 03:06:41 UTC 
I have a remote strongswan connection that uses:
ike=chacha20poly1305-prfsha256-ntru256!
esp=chacha20poly1305-ntru256!

Plugin list: https://wiki.strongswan.org/projects/strongswan/wiki/Pluginlist

chapoly plugin (was introduced in: strongswan-5.3.3
https://wiki.strongswan.org/versions/58#Version-533

Fortunately, the ntru plugin already exists in current strongswan-5.5.3 ebuild.

I am currently using a modified ebuild that simply adds:
STRONGSWAN_PLUGINS_OPT="blowfish ccm chapoly ctr gcm ha ipseckey ntru padlock rdrand unbound whitelist"

I'm running the modified ebuild with chapoly+ntru enabled, and it is successfully connecting to the remote now.

As an aside, when using 'ntru', remember to update '/etc/strongswan.d/charon.conf' and enable: 'send_vendor_id = yes'
otherwise you'll receive a 'received proposals inacceptable' error.

P.S. adding the 'newhope' plugin would be nice too, it is also available in 5.5.3.  :)
STRONGSWAN_PLUGINS_OPT="blowfish ccm chapoly ctr gcm ha ipseckey newhope ntru padlock rdrand unbound whitelist"
Comment 1 Larry the Git Cow gentoo-dev 2018-09-02 19:24:05 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04bad22fe2e92f90cf9800043c1d68f80679b3a9

commit 04bad22fe2e92f90cf9800043c1d68f80679b3a9
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-09-02 18:56:05 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-09-02 19:23:50 +0000

    net-vpn/strongswan: bump to v5.6.3
    
    - EAPI bumped to EAPI=7.
    
    - Enable "eap-ttls" when USE=eap is set. [Bug 548212]
    
    - USE=strongswan_plugins_forecast added. [Bug 582444]
    
    - USE=systemd added to allow building of charon-systemd. [Bug 631748]
    
    - USE=strongswan_plugins_chapoly and USE=strongswan_plugins_newhope added.
      [Bug 643978]
    
    Closes: https://bugs.gentoo.org/548212
    Closes: https://bugs.gentoo.org/582444
    Closes: https://bugs.gentoo.org/631748
    Closes: https://bugs.gentoo.org/643978
    Package-Manager: Portage-2.3.48, Repoman-2.3.10

 net-vpn/strongswan/Manifest                |   1 +
 net-vpn/strongswan/metadata.xml            |   5 +
 net-vpn/strongswan/strongswan-5.6.3.ebuild | 303 +++++++++++++++++++++++++++++
 3 files changed, 309 insertions(+)