testing: Make sure ML-KEM scenarios use our ml plugin

We now support OpenSSL's implementation in the openssl plugin.  This
makes sure our plugin is used on at least one of the hosts if we ever
switch to an OpenSSL version that supports ML-KEM.

In the ikev2/rw-mlkem scenario the logic is reversed.  There the ml plugin
is preferred on moon to test the responder side (and carol for the
initiator) and dave will switch to OpenSSL if it ever provides ML-KEM.

diff --git a/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
index 5bc58a282a6408375cbd7bf7e89480918c64cfa7..ec27c324d26b0cf6ec222df4cafeadbe7b6f272f 100755 (executable)
--- a/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = nonce openssl ml pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce ml openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }

diff --git a/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
index be6c08c149fd09459f8d9bde375a8d96833803f1..2420570340fea6af9e3fffb4b321f0869b733a0d 100755 (executable)
--- a/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = botan pem x509 revocation constraints pubkey
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
 
 charon-systemd {
-  load = nonce pem pkcs1 openssl ml revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce pem pkcs1 ml openssl revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }

diff --git a/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
index 87ed37c8aa8c5c91d5371b1dcdfaeb9012424e8b..2420570340fea6af9e3fffb4b321f0869b733a0d 100755 (executable)
--- a/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem botan x509 revocation constraints pubkey
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
 
 charon-systemd {
-  load = nonce pem pkcs1 openssl ml revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce pem pkcs1 ml openssl revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }

diff --git a/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf b/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
index 5bc58a282a6408375cbd7bf7e89480918c64cfa7..ec27c324d26b0cf6ec222df4cafeadbe7b6f272f 100755 (executable)
--- a/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = nonce openssl ml pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce ml openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }