From c4bce2b79b9cba863dff08295c48d0a8aff70b70 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 26 Jun 2024 14:49:34 +0200
Subject: [PATCH] testing: Enable mgf1 plugin for scenarios where FreeRADIUS
 uses PSS signatures

Looks like a cipher suite without DHE was selected previously.

Could be a side-effect of dc1085734f34 ("testing: Remove unnecessary
FreeRADIUS dh_file option as recommended in the log").
---
 .../rw-eap-peap-radius/hosts/carol/etc/strongswan.conf          | 2 +-
 .../rw-eap-peap-radius/hosts/dave/etc/strongswan.conf           | 2 +-
 .../rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf          | 2 +-
 .../rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf           | 2 +-
 .../ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf    | 2 +-
 .../ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf     | 2 +-
 .../ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf    | 2 +-
 .../ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf     | 2 +-
 8 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index 525b4c1d15..c54b57ecfa 100644
--- a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index 525b4c1d15..c54b57ecfa 100644
--- a/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
   multiple_authentication=no
 }
diff --git a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 917c3fcefd..ca40a20c18 100644
--- a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
   syslog {
     daemon {
diff --git a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 917c3fcefd..ca40a20c18 100644
--- a/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
 # /etc/strongswan.conf - strongSwan configuration file
 
 charon {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
   multiple_authentication=no
   syslog {
     daemon {
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
index d45398e956..60cb1bf0f5 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
 }
diff --git a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
index d45398e956..60cb1bf0f5 100644
--- a/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
index 2ec581bf3a..f21e179f4f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
 }
diff --git a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
index 2ec581bf3a..f21e179f4f 100644
--- a/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
 }
 
 charon-systemd {
-  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+  load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf mgf1 vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
 }