From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 6 Jun 2025 09:17:38 +0000 (+0200)
Subject: testing: Make sure ML-KEM scenarios use our ml plugin
X-Git-Tag: android-2.5.6~3
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a6aa2530e76e2e8d3d1a6511230c14ea01d1cf0;p=thirdparty%2Fstrongswan.git

testing: Make sure ML-KEM scenarios use our ml plugin

We now support OpenSSL's implementation in the openssl plugin.  This
makes sure our plugin is used on at least one of the hosts if we ever
switch to an OpenSSL version that supports ML-KEM.

In the ikev2/rw-mlkem scenario the logic is reversed.  There the ml plugin
is preferred on moon to test the responder side (and carol for the
initiator) and dave will switch to OpenSSL if it ever provides ML-KEM.
---

diff --git a/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
index 5bc58a282a..ec27c324d2 100755
--- a/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/botan/rw-mlkem/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = nonce openssl ml pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce ml openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }
diff --git a/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
index be6c08c149..2420570340 100755
--- a/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mlkem/hosts/carol/etc/strongswan.conf
@@ -1,11 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = botan pem x509 revocation constraints pubkey
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
 
 charon-systemd {
-  load = nonce pem pkcs1 openssl ml revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce pem pkcs1 ml openssl revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }
diff --git a/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
index 87ed37c8aa..2420570340 100755
--- a/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-mlkem/hosts/moon/etc/strongswan.conf
@@ -1,11 +1,11 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 swanctl {
-  load = pem botan x509 revocation constraints pubkey
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
 
 charon-systemd {
-  load = nonce pem pkcs1 openssl ml revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce pem pkcs1 ml openssl revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }
diff --git a/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf b/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
index 5bc58a282a..ec27c324d2 100755
--- a/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/wolfssl/rw-mlkem/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
 }
 
 charon-systemd {
-  load = nonce openssl ml pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
+  load = nonce ml openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
 
   rsa_pss = yes
 }