sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

testing: Use custom plugin configuration to build SHA-3 CA

Browse Source
This commit is contained in:
Tobias Brunner 2019-05-07 19:07:51 +02:00
parent 532060c0fa
commit ac66ca25f9
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testing/scripts/build-certs-chroot
View File

@ -1324,8 +1324,14 @@ cp ${TEST_CERT} ${RFC3779_DIR}/certs/${SERIAL}.pem
# strongSwan SHA3-RSA Root CA #
################################################################################
# Use specific plugin configuration to issue certificates with SHA-3 signatures
# as not all crypto plugins support them. To avoid entropy issues use the
# default plugins to generate the keys.
SHA3_PKI_PLUGINS="gmp pem pkcs1 random sha1 sha3 x509"
# Generate strongSwan SHA3-RSA Root CA
pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${SHA3_RSA_KEY}
PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
pki --self --type rsa --in ${SHA3_RSA_KEY} --digest sha3_256 \
--not-before "${START}" --not-after "${CA_END}" --ca \
--dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=strongSwan Root CA" \
@ -1346,6 +1352,7 @@ SERIAL="01"
mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/rsa
mkdir -p ${TEST}/hosts/sun/${SWANCTL_DIR}/x509
pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${SUN_KEY}
PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
--in ${SUN_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
--serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@ -1360,6 +1367,7 @@ SERIAL="02"
mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/rsa
mkdir -p ${TEST}/hosts/moon/${SWANCTL_DIR}/x509
pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${MOON_KEY}
PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
--in ${MOON_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
--serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@ -1394,6 +1402,7 @@ SERIAL="03"
mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/rsa
mkdir -p ${TEST}/hosts/carol/${SWANCTL_DIR}/x509
pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
--in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
--serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \
@ -1408,6 +1417,7 @@ SERIAL="04"
mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/rsa
mkdir -p ${TEST}/hosts/dave/${SWANCTL_DIR}/x509
pki --gen --type rsa --size ${RSA_SIZE} --outform pem > ${TEST_KEY}
PKI_PLUGINS="${SHA3_PKI_PLUGINS}" \
pki --issue --cakey ${SHA3_RSA_KEY} --cacert ${SHA3_RSA_CERT} --type rsa \
--in ${TEST_KEY} --not-before "${START}" --not-after "${EE_END}" --san ${CN} \
--serial ${SERIAL} --dn "C=CH, O=${PROJECT}, OU=SHA-3, CN=${CN}" \