testing: BLISS CA uses SHA-3 in its CRL

diff --git a/testing/hosts/winnetou/etc/openssl/generate-crl b/testing/hosts/winnetou/etc/openssl/generate-crl
index f064bdb0be8f8a0a3ac0370f946acd67651c46db..842c3a1b23ae90e7d1f1732f585dd2e86d03db48 100755 (executable)
--- a/testing/hosts/winnetou/etc/openssl/generate-crl
+++ b/testing/hosts/winnetou/etc/openssl/generate-crl
@@ -45,5 +45,5 @@ openssl ca -gencrl -crldays 15 -config /etc/openssl/rfc3779/openssl.cnf -out crl
 openssl crl -in crl.pem -outform der -out strongswan_rfc3779.crl
 cp strongswan_rfc3779.crl ${ROOT}
 cd /etc/openssl/bliss
-pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha512 > strongswan_bliss.crl
+pki --signcrl --cacert strongswan_blissCert.der --cakey strongswan_blissKey.der --lifetime 30 --digest sha3_512 > strongswan_bliss.crl
 cp strongswan_bliss.crl ${ROOT}

diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 404c6c6bf9d7befee638ff05662068a727803557..7acd3651c44d43bd445db4d02193e513f0afb31b 100644 (file)
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -98,7 +98,8 @@ CONFIG_OPTS = \
        --enable-ntru \
        --enable-lookip \
        --enable-swanctl \
-       --enable-bliss
+       --enable-bliss \
+       --enable-sha3
 
 export ADA_PROJECT_PATH=/usr/local/ada/lib/gnat
 

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
index f13e47a7151fbb994de7fc09ac4e4a3f25b3d1c4..647a47f2f03d284c9959f406356b6c9f1c256797 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/ipsec.conf
@@ -1,6 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+       strictcrlpolicy=yes
 
 conn %default
        ikelifetime=60m

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
index ab824c993ac90beb917e5cc8956fe12e9e061aaf..c47ca80277bec6e1a94c909458b407f9d979cdf1 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
   send_vendor_id = yes
   fragment_size = 1500
 }

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
index 5f605a43df9c3c4a86318bc21710c4b45fe8362c..e7786040cc33f370f348458203319527afde3fd5 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/ipsec.conf
@@ -1,6 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+       strictcrlpolicy=yes
 
 conn %default
        ikelifetime=60m

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
index ab824c993ac90beb917e5cc8956fe12e9e061aaf..c47ca80277bec6e1a94c909458b407f9d979cdf1 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
   send_vendor_id = yes
   fragment_size = 1500
 }

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
index 2a9b33aae9f6f2ad6cb7e680d766e62ba7baafa6..e5c2bf8b634e54d36170ec537101b483286d3831 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/ipsec.conf
@@ -1,6 +1,7 @@
 # /etc/ipsec.conf - strongSwan IPsec configuration file
 
 config setup
+       strictcrlpolicy=yes
 
 conn %default
        ikelifetime=60m

diff --git a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
index ab824c993ac90beb917e5cc8956fe12e9e061aaf..c47ca80277bec6e1a94c909458b407f9d979cdf1 100644 (file)
--- a/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = aes sha1 sha2 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
+  load = aes sha1 sha2 sha3 random nonce ntru bliss x509 revocation pem pkcs1 curl hmac stroke kernel-netlink socket-default updown
   send_vendor_id = yes
   fragment_size = 1500
 }