Frodo

[keskinadem]

Version is (strongSwan swanctl 6.0beta2) I enabled frodo in ./configure and I see .so file in /usr/local/lib/ipsec/plugins but while strongswan initiating frodo is not loaded. That is why I am not able to use multiple key exchange.

This is my configure command:
./configure --prefix=/usr/local --enable-frodo --enable-openssl --enable-systemd --enable-swanctl --enable-test-vectors --enable-nonce --enable-sha3 --disable-charon --disable-stroke

LOGS:

charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'

charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'

charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'

charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'

charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'

charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm drbg attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters

charon: 00[LIB] dropped capabilities, running as uid 0, gid 0

charon: 00[JOB] spawning 16 worker threads

charon: 10[CFG] loaded 0 entries for attr plugin configuration

charon: 10[CFG] loaded certificate 'C=Kim, O=Kim, CN=swone1Dev7'

charon: 05[CFG] loaded certificate 'C=Kim, O=Kim, CN=swoneDev7'

charon: 10[CFG] loaded certificate 'C=Kim, O=Kim, CN=CaDev'

charon: 05[CFG] loaded RSA private key

charon: message repeated 2 times: [ 05[CFG] loaded RSA private key]

charon: 05[CFG] loaded IKE shared key with id 'ike-1' for: '192.168.50.7', '192.168.50.8'

charon: 05[CFG] loaded PPK shared key with id 'ppk' for: 'abc'

charon: 05[CFG] algorithm 'ke1_frodos5' not recognized

[tobiasbrunner]

That is why I am not able to use multiple key exchange.

You can use multiple key exchanges with any key exchange method. Doesn't have to be a PQC method.

Make sure you run make clean after you changed the configure options. Also see the docs for notes regarding plugin loading.

charon: 00[CFG]

Note that you are running the charon daemon here. But since you built with --disable-charon and --enable-systemd you're not running what you built (the correct daemon would be charon-systemd). The daemon might be from a previous build or from a distribution package you had installed (make sure to remove any such packages before installing your custom-built binaries).

charon: 05[CFG] algorithm 'ke1_frodos5' not recognized

That's unrelated to the plugin missing but probably because the charon daemon is not from the same build.

[Gor1234567]

I wonder why does strongswan have separate plugin for frodo if there is such in liboqs?

[keskinadem]

Thanks for answer.