From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 7 May 2019 17:07:51 +0000 (+0200)
Subject: testing: Use custom plugin configuration to build SHA-3 CA
X-Git-Tag: 5.8.0rc1~5^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac66ca25f983c4a3acbc50e57e947f626dbb507d;p=thirdparty%2Fstrongswan.git

testing: Use custom plugin configuration to build SHA-3 CA
---

diff --git a/testing/scripts/build-certs-chroot b/testing/scripts/build-certs-chroot
index 6293503be1..36cb617793 100755
--- a/testing/scripts/build-certs-chroot
+++ b/testing/scripts/build-certs-chroot
@@ -1324,8 +1324,14 @@ cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
 # strongSwan SHA3-RSA Root CA                                                  #
 ################################################################################
 
+# Use specific plugin configuration to issue certificates with SHA-3 signatures
+# as not all crypto plugins support them.  To avoid entropy issues use the
+# default plugins to generate the keys.
+SHA3_PKI_PLUGINS="gmp pem pkcs1 random sha1 sha3 x509"
+
 # Generate strongSwan SHA3-RSA Root CA
 pki --gen  --type rsa --size ${RSA_SIZE} --outform pem > ${SHA3_RSA_KEY}
+PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
 pki --self --type rsa --in ${SHA3_RSA_KEY} --digest sha3_256 \
     --not-before "${START}" --not-after "${CA_END}" --ca \
     --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=strongSwan Root CA" \
@@ -1346,6 +1352,7 @@ SERIAL="01"
 mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/rsa
 mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/x509
 pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${SUN_KEY}
+PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
 pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
     --in ${SUN_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
     --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@@ -1360,6 +1367,7 @@ SERIAL="02"
 mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/rsa
 mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
 pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${MOON_KEY}
+PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
 pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
     --in ${MOON_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
     --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@@ -1394,6 +1402,7 @@ SERIAL="03"
 mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
 mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
 pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
 pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
     --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
     --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@@ -1408,6 +1417,7 @@ SERIAL="04"
 mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
 mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
 pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
+PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
 pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
     --in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
     --serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \