SHA256
1
0
forked from pool/strongswan
strongswan/prf-plus-modularization.patch
Jan Engelhardt e1b454dc30 Accepting request 962674 from home:msmeissn:branches:network:vpn
resubmit without hacky namespace change


- prf-plus-modularization.patch: updated from upstream branch
  after certifier feedback, SKEYSEED generated via HKDF-Extract.

OBS-URL: https://build.opensuse.org/request/show/962674
OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=134
2022-03-21 14:06:21 +00:00

15912 lines
821 KiB
Diff

Index: strongswan-5.9.5/Android.mk
===================================================================
--- strongswan-5.9.5.orig/Android.mk
+++ strongswan-5.9.5/Android.mk
@@ -17,7 +17,7 @@ include $(CLEAR_VARS)
# this is the list of plugins that are built into libstrongswan and charon
# also these plugins are loaded by default (if not changed in strongswan.conf)
strongswan_CHARON_PLUGINS := android-log openssl fips-prf random nonce pubkey \
- pkcs1 pkcs8 pem xcbc hmac kernel-netlink socket-default android-dns \
+ pkcs1 pkcs8 pem xcbc hmac kdf kernel-netlink socket-default android-dns \
stroke eap-identity eap-mschapv2 eap-md5 eap-gtc
ifneq ($(strongswan_BUILD_SCEPCLIENT),)
Index: strongswan-5.9.5/configure.ac
===================================================================
--- strongswan-5.9.5.orig/configure.ac
+++ strongswan-5.9.5/configure.ac
@@ -148,6 +148,7 @@ ARG_ENABL_SET([gcrypt], [enables
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
+ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.])
ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.])
ARG_DISBL_SET([md5], [disable MD5 software implementation plugin.])
ARG_ENABL_SET([mgf1], [enable the MGF1 software implementation plugin.])
@@ -1494,6 +1495,7 @@ ADD_PLUGIN([chapoly], [s ch
ADD_PLUGIN([xcbc], [s charon nm cmd])
ADD_PLUGIN([cmac], [s charon nm cmd])
ADD_PLUGIN([hmac], [s charon pki scripts nm cmd])
+ADD_PLUGIN([kdf], [s charon pki scripts nm cmd])
ADD_PLUGIN([ctr], [s charon scripts nm cmd])
ADD_PLUGIN([ccm], [s charon scripts nm cmd])
ADD_PLUGIN([gcm], [s charon scripts nm cmd])
@@ -1647,6 +1649,7 @@ AM_CONDITIONAL(USE_DNSKEY, test x$dnskey
AM_CONDITIONAL(USE_SSHKEY, test x$sshkey = xtrue)
AM_CONDITIONAL(USE_PEM, test x$pem = xtrue)
AM_CONDITIONAL(USE_HMAC, test x$hmac = xtrue)
+AM_CONDITIONAL(USE_KDF, test x$kdf = xtrue)
AM_CONDITIONAL(USE_CMAC, test x$cmac = xtrue)
AM_CONDITIONAL(USE_XCBC, test x$xcbc = xtrue)
AM_CONDITIONAL(USE_MYSQL, test x$mysql = xtrue)
@@ -1911,6 +1914,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/random/Makefile
src/libstrongswan/plugins/nonce/Makefile
src/libstrongswan/plugins/hmac/Makefile
+ src/libstrongswan/plugins/kdf/Makefile
src/libstrongswan/plugins/xcbc/Makefile
src/libstrongswan/plugins/x509/Makefile
src/libstrongswan/plugins/revocation/Makefile
Index: strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/kernel/kernel_interface.h
+++ strongswan-5.9.5/src/libcharon/kernel/kernel_interface.h
@@ -50,7 +50,6 @@ typedef struct kernel_interface_t kernel
typedef enum kernel_feature_t kernel_feature_t;
#include <networking/host.h>
-#include <crypto/prf_plus.h>
#include <kernel/kernel_listener.h>
#include <kernel/kernel_ipsec.h>
Index: strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/plugins/stroke/stroke_list.c
+++ strongswan-5.9.5/src/libcharon/plugins/stroke/stroke_list.c
@@ -849,6 +849,7 @@ static void list_algs(FILE *out)
hash_algorithm_t hash;
pseudo_random_function_t prf;
ext_out_function_t xof;
+ key_derivation_function_t kdf;
drbg_type_t drbg;
diffie_hellman_group_t group;
rng_quality_t quality;
@@ -905,6 +906,14 @@ static void list_algs(FILE *out)
print_alg(out, &len, ext_out_function_names, xof, plugin_name);
}
enumerator->destroy(enumerator);
+ fprintf(out, "\n kdf: ");
+ len = 13;
+ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &kdf, &plugin_name))
+ {
+ print_alg(out, &len, key_derivation_function_names, kdf, plugin_name);
+ }
+ enumerator->destroy(enumerator);
fprintf(out, "\n drbg: ");
len = 13;
enumerator = lib->crypto->create_drbg_enumerator(lib->crypto);
Index: strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/plugins/vici/vici_query.c
+++ strongswan-5.9.5/src/libcharon/plugins/vici/vici_query.c
@@ -1266,6 +1266,7 @@ CALLBACK(get_algorithms, vici_message_t*
hash_algorithm_t hash;
pseudo_random_function_t prf;
ext_out_function_t xof;
+ key_derivation_function_t kdf;
drbg_type_t drbg;
diffie_hellman_group_t group;
rng_quality_t quality;
@@ -1326,6 +1327,15 @@ CALLBACK(get_algorithms, vici_message_t*
}
enumerator->destroy(enumerator);
b->end_section(b);
+
+ b->begin_section(b, "kdf");
+ enumerator = lib->crypto->create_kdf_enumerator(lib->crypto);
+ while (enumerator->enumerate(enumerator, &kdf, &plugin_name))
+ {
+ add_algorithm(b, key_derivation_function_names, kdf, plugin_name);
+ }
+ enumerator->destroy(enumerator);
+ b->end_section(b);
b->begin_section(b, "drbg");
enumerator = lib->crypto->create_drbg_enumerator(lib->crypto);
Index: strongswan-5.9.5/src/libcharon/sa/child_sa.h
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/sa/child_sa.h
+++ strongswan-5.9.5/src/libcharon/sa/child_sa.h
@@ -29,7 +29,6 @@ typedef struct child_sa_t child_sa_t;
typedef struct child_sa_create_t child_sa_create_t;
#include <library.h>
-#include <crypto/prf_plus.h>
#include <encoding/payloads/proposal_substructure.h>
#include <crypto/proposal/proposal.h>
#include <config/child_cfg.h>
Index: strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/sa/ikev1/keymat_v1.c
+++ strongswan-5.9.5/src/libcharon/sa/ikev1/keymat_v1.c
@@ -507,6 +507,36 @@ METHOD(keymat_v1_t, derive_ike_keys, boo
this->aead->get_block_size(this->aead));
}
+/**
+ * Derive key material for CHILD_SAs according to section 5.5. in RFC 2409.
+ */
+static bool derive_child_keymat(private_keymat_v1_t *this, chunk_t seed,
+ uint16_t enc_size, chunk_t *encr,
+ uint16_t int_size, chunk_t *integ)
+{
+ size_t block_size, i;
+ chunk_t keymat, prev = chunk_empty;
+
+ block_size = this->prf->get_block_size(this->prf);
+ keymat = chunk_alloc(round_up(enc_size + int_size, block_size));
+ keymat.len = enc_size + int_size;
+
+ for (i = 0; i < keymat.len; i += block_size)
+ {
+ if (!this->prf->get_bytes(this->prf, prev, NULL) ||
+ !this->prf->get_bytes(this->prf, seed, keymat.ptr + i))
+ {
+ chunk_clear(&keymat);
+ return FALSE;
+ }
+ prev = chunk_create(keymat.ptr + i, block_size);
+ }
+
+ chunk_split(keymat, "aa", enc_size, encr, int_size, integ);
+ chunk_clear(&keymat);
+ return TRUE;
+}
+
METHOD(keymat_v1_t, derive_child_keys, bool,
private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh,
uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r,
@@ -514,8 +544,7 @@ METHOD(keymat_v1_t, derive_child_keys, b
{
uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
uint8_t protocol;
- prf_plus_t *prf_plus;
- chunk_t seed, secret = chunk_empty;
+ chunk_t seed = chunk_empty, secret = chunk_empty;
bool success = FALSE;
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
@@ -599,11 +628,7 @@ METHOD(keymat_v1_t, derive_child_keys, b
seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol),
chunk_from_thing(spi_r), nonce_i, nonce_r);
DBG4(DBG_CHD, "initiator SA seed %B", &seed);
-
- prf_plus = prf_plus_create(this->prf, FALSE, seed);
- if (!prf_plus ||
- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i))
+ if (!derive_child_keymat(this, seed, enc_size, encr_i, int_size, integ_i))
{
goto failure;
}
@@ -611,11 +636,7 @@ METHOD(keymat_v1_t, derive_child_keys, b
seed = chunk_cata("ccccc", secret, chunk_from_thing(protocol),
chunk_from_thing(spi_i), nonce_i, nonce_r);
DBG4(DBG_CHD, "responder SA seed %B", &seed);
- prf_plus->destroy(prf_plus);
- prf_plus = prf_plus_create(this->prf, FALSE, seed);
- if (!prf_plus ||
- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
+ if (!derive_child_keymat(this, seed, enc_size, encr_r, int_size, integ_r))
{
goto failure;
}
@@ -640,7 +661,7 @@ failure:
chunk_clear(encr_r);
chunk_clear(integ_r);
}
- DESTROY_IF(prf_plus);
+ memwipe(seed.ptr, seed.len);
chunk_clear(&secret);
return success;
Index: strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/sa/ikev2/keymat_v2.c
+++ strongswan-5.9.5/src/libcharon/sa/ikev2/keymat_v2.c
@@ -17,7 +17,6 @@
#include "keymat_v2.h"
#include <daemon.h>
-#include <crypto/prf_plus.h>
#include <crypto/hashers/hash_algorithm_set.h>
typedef struct private_keymat_v2_t private_keymat_v2_t;
@@ -97,13 +96,12 @@ METHOD(keymat_t, create_nonce_gen, nonce
}
/**
- * Derive IKE keys for a combined AEAD algorithm
+ * Create aead_t objects for a combined-mode AEAD algorithm, sets the length of
+ * sk_ei and sk_er
*/
-static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg,
- uint16_t key_size, prf_plus_t *prf_plus,
- chunk_t *sk_ei, chunk_t *sk_er)
+static bool create_ike_aead(private_keymat_v2_t *this, uint16_t alg,
+ uint16_t key_size, chunk_t *sk_ei, chunk_t *sk_er)
{
- aead_t *aead_i, *aead_r;
u_int salt_size;
switch (alg)
@@ -131,201 +129,177 @@ static bool derive_ike_aead(private_keym
return FALSE;
}
- /* SK_ei/SK_er used for encryption */
- aead_i = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size);
- aead_r = lib->crypto->create_aead(lib->crypto, alg, key_size / 8, salt_size);
- if (aead_i == NULL || aead_r == NULL)
+ this->aead_in = lib->crypto->create_aead(lib->crypto, alg, key_size / 8,
+ salt_size);
+ this->aead_out = lib->crypto->create_aead(lib->crypto, alg, key_size / 8,
+ salt_size);
+ if (!this->aead_in || !this->aead_out)
{
DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
transform_type_names, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, alg, key_size);
- goto failure;
- }
- key_size = aead_i->get_key_size(aead_i);
- if (key_size != aead_r->get_key_size(aead_r))
- {
- goto failure;
- }
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei))
- {
- goto failure;
- }
- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei);
- if (!aead_i->set_key(aead_i, *sk_ei))
- {
- goto failure;
- }
-
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er))
- {
- goto failure;
- }
- DBG4(DBG_IKE, "Sk_er secret %B", sk_er);
- if (!aead_r->set_key(aead_r, *sk_er))
- {
- goto failure;
- }
-
- if (this->initiator)
- {
- this->aead_in = aead_r;
- this->aead_out = aead_i;
+ return FALSE;
}
- else
+ sk_ei->len = this->aead_in->get_key_size(this->aead_in);
+ sk_er->len = this->aead_out->get_key_size(this->aead_out);
+ if (sk_ei->len != sk_er->len)
{
- this->aead_in = aead_i;
- this->aead_out = aead_r;
+ return FALSE;
}
- aead_i = aead_r = NULL;
-
-failure:
- DESTROY_IF(aead_i);
- DESTROY_IF(aead_r);
- return this->aead_in && this->aead_out;
+ return TRUE;
}
/**
- * Derive IKE keys for traditional encryption and MAC algorithms
+ * Create aead_t objects for traditional encryption and MAC algorithms, sets the
+ * length of key chunks
*/
-static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
- uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus,
- chunk_t *sk_ai, chunk_t *sk_ar, chunk_t *sk_ei,
- chunk_t *sk_er)
-{
- crypter_t *crypter_i = NULL, *crypter_r = NULL;
- signer_t *signer_i, *signer_r;
- iv_gen_t *ivg_i, *ivg_r;
- size_t key_size;
+static bool create_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg,
+ uint16_t enc_size, uint16_t int_alg, chunk_t *sk_ai,
+ chunk_t *sk_ar, chunk_t *sk_ei, chunk_t *sk_er)
+{
+ crypter_t *crypter_i = NULL, *crypter_o = NULL;
+ signer_t *signer_i, *signer_o;
+ iv_gen_t *ivg_i, *ivg_o;
signer_i = lib->crypto->create_signer(lib->crypto, int_alg);
- signer_r = lib->crypto->create_signer(lib->crypto, int_alg);
- crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
- crypter_r = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
- if (signer_i == NULL || signer_r == NULL)
+ signer_o = lib->crypto->create_signer(lib->crypto, int_alg);
+ if (!signer_i || !signer_o)
{
DBG1(DBG_IKE, "%N %N not supported!",
transform_type_names, INTEGRITY_ALGORITHM,
integrity_algorithm_names, int_alg);
goto failure;
}
- if (crypter_i == NULL || crypter_r == NULL)
+ crypter_i = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
+ crypter_o = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_size / 8);
+ if (!crypter_i || !crypter_o)
{
DBG1(DBG_IKE, "%N %N (key size %d) not supported!",
transform_type_names, ENCRYPTION_ALGORITHM,
encryption_algorithm_names, enc_alg, enc_size);
goto failure;
}
-
- /* SK_ai/SK_ar used for integrity protection */
- key_size = signer_i->get_key_size(signer_i);
-
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ai))
- {
- goto failure;
- }
- DBG4(DBG_IKE, "Sk_ai secret %B", sk_ai);
- if (!signer_i->set_key(signer_i, *sk_ai))
- {
- goto failure;
- }
-
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ar))
- {
- goto failure;
- }
- DBG4(DBG_IKE, "Sk_ar secret %B", sk_ar);
- if (!signer_r->set_key(signer_r, *sk_ar))
- {
- goto failure;
- }
-
- /* SK_ei/SK_er used for encryption */
- key_size = crypter_i->get_key_size(crypter_i);
-
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_ei))
- {
- goto failure;
- }
- DBG4(DBG_IKE, "Sk_ei secret %B", sk_ei);
- if (!crypter_i->set_key(crypter_i, *sk_ei))
- {
- goto failure;
- }
-
- if (!prf_plus->allocate_bytes(prf_plus, key_size, sk_er))
+ sk_ai->len = signer_i->get_key_size(signer_i);
+ sk_ar->len = signer_o->get_key_size(signer_o);
+ if (sk_ai->len != sk_ar->len)
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_er secret %B", sk_er);
- if (!crypter_r->set_key(crypter_r, *sk_er))
+ sk_ei->len = crypter_i->get_key_size(crypter_i);
+ sk_er->len = crypter_o->get_key_size(crypter_o);
+ if (sk_ei->len != sk_er->len)
{
goto failure;
}
-
ivg_i = iv_gen_create_for_alg(enc_alg);
- ivg_r = iv_gen_create_for_alg(enc_alg);
- if (!ivg_i || !ivg_r)
+ ivg_o = iv_gen_create_for_alg(enc_alg);
+ if (!ivg_i || !ivg_o)
{
goto failure;
}
- if (this->initiator)
- {
- this->aead_in = aead_create(crypter_r, signer_r, ivg_r);
- this->aead_out = aead_create(crypter_i, signer_i, ivg_i);
- }
- else
- {
- this->aead_in = aead_create(crypter_i, signer_i, ivg_i);
- this->aead_out = aead_create(crypter_r, signer_r, ivg_r);
- }
- signer_i = signer_r = NULL;
- crypter_i = crypter_r = NULL;
+ this->aead_in = aead_create(crypter_i, signer_i, ivg_i);
+ this->aead_out = aead_create(crypter_o, signer_o, ivg_o);
+ signer_i = signer_o = NULL;
+ crypter_i = crypter_o = NULL;
failure:
DESTROY_IF(signer_i);
- DESTROY_IF(signer_r);
+ DESTROY_IF(signer_o);
DESTROY_IF(crypter_i);
- DESTROY_IF(crypter_r);
+ DESTROY_IF(crypter_o);
return this->aead_in && this->aead_out;
}
+/**
+ * Set keys on AEAD objects
+ */
+static bool set_aead_keys(private_keymat_v2_t *this, uint16_t enc_alg,
+ chunk_t sk_ai, chunk_t sk_ar,
+ chunk_t sk_ei, chunk_t sk_er)
+{
+ aead_t *aead_i, *aead_r;
+ chunk_t sk_i, sk_r;
+ bool success;
+
+ aead_i = this->initiator ? this->aead_out : this->aead_in;
+ aead_r = this->initiator ? this->aead_in : this->aead_out;
+
+ sk_i = chunk_cat("cc", sk_ai, sk_ei);
+ sk_r = chunk_cat("cc", sk_ar, sk_er);
+
+ success = aead_i->set_key(aead_i, sk_i) &&
+ aead_r->set_key(aead_r, sk_r);
+
+ chunk_clear(&sk_i);
+ chunk_clear(&sk_r);
+ return success;
+}
+
METHOD(keymat_v2_t, derive_ike_keys, bool,
private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
pseudo_random_function_t rekey_function, chunk_t rekey_skd)
{
chunk_t skeyseed = chunk_empty, secret, full_nonce, fixed_nonce;
- chunk_t prf_plus_seed, spi_i, spi_r;
+ chunk_t prf_plus_seed, spi_i, spi_r, keymat = chunk_empty;
chunk_t sk_ei = chunk_empty, sk_er = chunk_empty;
chunk_t sk_ai = chunk_empty, sk_ar = chunk_empty, sk_pi, sk_pr;
- prf_plus_t *prf_plus = NULL;
- uint16_t alg, key_size, int_alg;
- prf_t *rekey_prf = NULL;
+ kdf_t *prf = NULL, *prf_plus = NULL;
+ uint16_t prf_alg, key_size, enc_alg, enc_size, int_alg;
+ bool success = FALSE;
spi_i = chunk_alloca(sizeof(uint64_t));
spi_r = chunk_alloca(sizeof(uint64_t));
- if (!dh->get_shared_secret(dh, &secret))
+ /* create SA's general purpose PRF first, we may use it here */
+ if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &prf_alg,
+ NULL))
{
+ DBG1(DBG_IKE, "no %N selected",
+ transform_type_names, PSEUDO_RANDOM_FUNCTION);
return FALSE;
}
+ this->prf_alg = prf_alg;
+ this->prf = lib->crypto->create_prf(lib->crypto, this->prf_alg);
+ if (!this->prf)
+ {
+ DBG1(DBG_IKE, "%N %N not supported!", transform_type_names,
+ PSEUDO_RANDOM_FUNCTION, pseudo_random_function_names,
+ this->prf_alg);
+ return FALSE;
+ }
+ key_size = this->prf->get_key_size(this->prf);
- /* Create SAs general purpose PRF first, we may use it here */
- if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL))
+ /* create SA's AEAD instances to determine key sizes */
+ if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg,
+ &enc_size))
{
- DBG1(DBG_IKE, "no %N selected",
- transform_type_names, PSEUDO_RANDOM_FUNCTION);
- chunk_clear(&secret);
+ DBG1(DBG_IKE, "no %N selected", transform_type_names,
+ ENCRYPTION_ALGORITHM);
return FALSE;
}
- this->prf_alg = alg;
- this->prf = lib->crypto->create_prf(lib->crypto, alg);
- if (this->prf == NULL)
+ if (!encryption_algorithm_is_aead(enc_alg))
+ {
+ if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg,
+ NULL))
+ {
+ DBG1(DBG_IKE, "no %N selected", transform_type_names,
+ INTEGRITY_ALGORITHM);
+ return FALSE;
+ }
+ if (!create_ike_traditional(this, enc_alg, enc_size, int_alg,
+ &sk_ai, &sk_ar, &sk_ei, &sk_er))
+ {
+ return FALSE;
+ }
+ }
+ else if (!create_ike_aead(this, enc_alg, enc_size, &sk_ei, &sk_er))
+ {
+ return FALSE;
+ }
+
+ if (!dh->get_shared_secret(dh, &secret))
{
- DBG1(DBG_IKE, "%N %N not supported!",
- transform_type_names, PSEUDO_RANDOM_FUNCTION,
- pseudo_random_function_names, alg);
- chunk_clear(&secret);
return FALSE;
}
DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret);
@@ -333,7 +307,7 @@ METHOD(keymat_v2_t, derive_ike_keys, boo
full_nonce = chunk_cat("cc", nonce_i, nonce_r);
/* but the PRF may need a fixed key which only uses the first bytes of
* the nonces. */
- switch (alg)
+ switch (prf_alg)
{
case PRF_AES128_CMAC:
/* while variable keys may be used according to RFC 4615, RFC 7296
@@ -345,9 +319,8 @@ METHOD(keymat_v2_t, derive_ike_keys, boo
case PRF_CAMELLIA128_XCBC:
/* draft-kanno-ipsecme-camellia-xcbc refers to rfc 4434, we
* assume fixed key length. */
- key_size = this->prf->get_key_size(this->prf)/2;
- nonce_i.len = min(nonce_i.len, key_size);
- nonce_r.len = min(nonce_r.len, key_size);
+ nonce_i.len = min(nonce_i.len, key_size / 2);
+ nonce_r.len = min(nonce_r.len, key_size / 2);
break;
default:
/* all other algorithms use variable key length, full nonce */
@@ -365,19 +338,22 @@ METHOD(keymat_v2_t, derive_ike_keys, boo
if (rekey_function == PRF_UNDEFINED) /* not rekeying */
{
/* SKEYSEED = prf(Ni | Nr, g^ir) */
- if (this->prf->set_key(this->prf, fixed_nonce) &&
- this->prf->allocate_bytes(this->prf, secret, &skeyseed) &&
- this->prf->set_key(this->prf, skeyseed))
+ prf = lib->crypto->create_kdf(lib->crypto, KDF_PRF, this->prf_alg);
+ if (prf &&
+ prf->set_param(prf, KDF_PARAM_KEY, fixed_nonce) &&
+ prf->set_param(prf, KDF_PARAM_SALT, secret) &&
+ prf->allocate_bytes(prf, 0, &skeyseed))
{
- prf_plus = prf_plus_create(this->prf, TRUE, prf_plus_seed);
+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS,
+ this->prf_alg);
}
}
else
{
/* SKEYSEED = prf(SK_d (old), [g^ir (new)] | Ni | Nr)
* use OLD SAs PRF functions for both prf_plus and prf */
- rekey_prf = lib->crypto->create_prf(lib->crypto, rekey_function);
- if (!rekey_prf)
+ prf = lib->crypto->create_kdf(lib->crypto, KDF_PRF, rekey_function);
+ if (!prf)
{
DBG1(DBG_IKE, "PRF of old SA %N not supported!",
pseudo_random_function_names, rekey_function);
@@ -388,118 +364,97 @@ METHOD(keymat_v2_t, derive_ike_keys, boo
return FALSE;
}
secret = chunk_cat("sc", secret, full_nonce);
- if (rekey_prf->set_key(rekey_prf, rekey_skd) &&
- rekey_prf->allocate_bytes(rekey_prf, secret, &skeyseed) &&
- rekey_prf->set_key(rekey_prf, skeyseed))
+ if (prf->set_param(prf, KDF_PARAM_KEY, rekey_skd) &&
+ prf->set_param(prf, KDF_PARAM_SALT, secret) &&
+ prf->allocate_bytes(prf, 0, &skeyseed))
{
- prf_plus = prf_plus_create(rekey_prf, TRUE, prf_plus_seed);
+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS,
+ rekey_function);
}
}
DBG4(DBG_IKE, "SKEYSEED %B", &skeyseed);
-
- chunk_clear(&skeyseed);
chunk_clear(&secret);
chunk_free(&full_nonce);
chunk_free(&fixed_nonce);
- chunk_clear(&prf_plus_seed);
+ DESTROY_IF(prf);
- if (!prf_plus)
+ if (prf_plus &&
+ (!prf_plus->set_param(prf_plus, KDF_PARAM_KEY, skeyseed) ||
+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, prf_plus_seed)))
{
- goto failure;
+ prf_plus->destroy(prf_plus);
+ prf_plus = NULL;
}
+ chunk_clear(&skeyseed);
+ chunk_clear(&prf_plus_seed);
- /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr */
-
- /* SK_d is used for generating CHILD_SA key mat => store for later use */
- key_size = this->prf->get_key_size(this->prf);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &this->skd))
+ if (!prf_plus)
{
goto failure;
}
- DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
- if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &alg, &key_size))
+ /* KEYMAT = SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr
+ *
+ * SK_d, SK_pi and SK_pr have the size of the PRF key
+ */
+ keymat.len = 3 * key_size + sk_ai.len + sk_ar.len + sk_ei.len + sk_er.len;
+ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat))
{
- DBG1(DBG_IKE, "no %N selected",
- transform_type_names, ENCRYPTION_ALGORITHM);
goto failure;
}
+ chunk_split(keymat, "ammmmaa", key_size, &this->skd, sk_ai.len, &sk_ai,
+ sk_ar.len, &sk_ar, sk_ei.len, &sk_ei, sk_er.len, &sk_er,
+ key_size, &sk_pi, key_size, &sk_pr);
- if (encryption_algorithm_is_aead(alg))
- {
- if (!derive_ike_aead(this, alg, key_size, prf_plus, &sk_ei, &sk_er))
- {
- goto failure;
- }
- }
- else
- {
- if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM,
- &int_alg, NULL))
- {
- DBG1(DBG_IKE, "no %N selected",
- transform_type_names, INTEGRITY_ALGORITHM);
- goto failure;
- }
- if (!derive_ike_traditional(this, alg, key_size, int_alg, prf_plus,
- &sk_ai, &sk_ar, &sk_ei, &sk_er))
- {
- goto failure;
- }
+ /* SK_d is used for generating CHILD_SA key mat => store for later use */
+ DBG4(DBG_IKE, "Sk_d secret %B", &this->skd);
+ if (!encryption_algorithm_is_aead(enc_alg))
+ { /* SK_ai/SK_ar used for integrity protection */
+ DBG4(DBG_IKE, "Sk_ai secret %B", &sk_ai);
+ DBG4(DBG_IKE, "Sk_ar secret %B", &sk_ar);
}
-
- /* SK_pi/SK_pr used for authentication => stored for later */
- key_size = this->prf->get_key_size(this->prf);
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pi))
+ /* SK_ei/SK_er used for encryption */
+ DBG4(DBG_IKE, "Sk_ei secret %B", &sk_ei);
+ DBG4(DBG_IKE, "Sk_er secret %B", &sk_er);
+ if (!set_aead_keys(this, enc_alg, sk_ai, sk_ar, sk_ei, sk_er))
{
goto failure;
}
+ /* SK_pi/SK_pr used for authentication => stored for later */
DBG4(DBG_IKE, "Sk_pi secret %B", &sk_pi);
- if (this->initiator)
- {
- this->skp_build = sk_pi;
- }
- else
- {
- this->skp_verify = sk_pi;
- }
- if (!prf_plus->allocate_bytes(prf_plus, key_size, &sk_pr))
- {
- goto failure;
- }
DBG4(DBG_IKE, "Sk_pr secret %B", &sk_pr);
if (this->initiator)
{
+ this->skp_build = sk_pi;
this->skp_verify = sk_pr;
}
else
{
this->skp_build = sk_pr;
+ this->skp_verify = sk_pi;
}
- charon->bus->ike_derived_keys(charon->bus,this->skd, sk_ai, sk_ar, sk_ei,
- sk_er, sk_pi, sk_pr);
+ charon->bus->ike_derived_keys(charon->bus, this->skd, sk_ai, sk_ar,
+ sk_ei, sk_er, sk_pi, sk_pr);
+ success = TRUE;
failure:
- chunk_clear(&sk_ai);
- chunk_clear(&sk_ar);
- chunk_clear(&sk_ei);
- chunk_clear(&sk_er);
+ chunk_clear(&keymat);
DESTROY_IF(prf_plus);
- DESTROY_IF(rekey_prf);
-
- return this->skp_build.len && this->skp_verify.len;
+ return success;
}
/**
- * Derives a key from the given key and a PRF that was initialized with a PPK
+ * Derives a new key from the given PPK and old key
*/
-static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key,
- chunk_t *new_key)
+static bool derive_ppk_key(private_keymat_v2_t *this, char *name, chunk_t ppk,
+ chunk_t key, chunk_t *new_key)
{
- prf_plus_t *prf_plus;
+ kdf_t *prf_plus;
- prf_plus = prf_plus_create(prf, TRUE, key);
+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg);
if (!prf_plus ||
+ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, ppk) ||
+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, key) ||
!prf_plus->allocate_bytes(prf_plus, key.len, new_key))
{
DBG1(DBG_IKE, "unable to derive %s with PPK", name);
@@ -510,20 +465,6 @@ static bool derive_ppk_key(prf_t *prf, c
return TRUE;
}
-/**
- * Use the given PPK to derive a new SK_pi/r
- */
-static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp,
- chunk_t *new_skp)
-{
- if (!this->prf->set_key(this->prf, ppk))
- {
- DBG1(DBG_IKE, "unable to set PPK in PRF");
- return FALSE;
- }
- return derive_ppk_key(this->prf, "SK_p", skp, new_skp);
-}
-
METHOD(keymat_v2_t, derive_ike_keys_ppk, bool,
private_keymat_v2_t *this, chunk_t ppk)
{
@@ -548,14 +489,9 @@ METHOD(keymat_v2_t, derive_ike_keys_ppk,
DBG4(DBG_IKE, "derive keys using PPK %B", &ppk);
- if (!this->prf->set_key(this->prf, ppk))
- {
- DBG1(DBG_IKE, "unable to set PPK in PRF");
- return FALSE;
- }
- if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) ||
- !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) ||
- !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr))
+ if (!derive_ppk_key(this, "Sk_d", ppk, this->skd, &skd) ||
+ !derive_ppk_key(this, "Sk_pi", ppk, *skpi, &new_skpi) ||
+ !derive_ppk_key(this, "Sk_pr", ppk, *skpr, &new_skpr))
{
chunk_clear(&skd);
chunk_clear(&new_skpi);
@@ -583,8 +519,8 @@ METHOD(keymat_v2_t, derive_child_keys, b
chunk_t *encr_r, chunk_t *integ_r)
{
uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0;
- chunk_t seed, secret = chunk_empty;
- prf_plus_t *prf_plus;
+ chunk_t seed, secret = chunk_empty, keymat = chunk_empty;
+ kdf_t *prf_plus;
if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM,
&enc_alg, &enc_size))
@@ -650,11 +586,6 @@ METHOD(keymat_v2_t, derive_child_keys, b
int_size /= 8;
}
- if (!this->prf->set_key(this->prf, this->skd))
- {
- return FALSE;
- }
-
if (dh)
{
if (!dh->get_shared_secret(dh, &secret))
@@ -666,30 +597,30 @@ METHOD(keymat_v2_t, derive_child_keys, b
seed = chunk_cata("scc", secret, nonce_i, nonce_r);
DBG4(DBG_CHD, "seed %B", &seed);
- prf_plus = prf_plus_create(this->prf, TRUE, seed);
- memwipe(seed.ptr, seed.len);
-
- if (!prf_plus)
+ prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, this->prf_alg);
+ if (!prf_plus ||
+ !prf_plus->set_param(prf_plus, KDF_PARAM_KEY, this->skd) ||
+ !prf_plus->set_param(prf_plus, KDF_PARAM_SALT, seed))
{
+ DESTROY_IF(prf_plus);
+ memwipe(seed.ptr, seed.len);
return FALSE;
}
+ memwipe(seed.ptr, seed.len);
*encr_i = *integ_i = *encr_r = *integ_r = chunk_empty;
- if (!prf_plus->allocate_bytes(prf_plus, enc_size, encr_i) ||
- !prf_plus->allocate_bytes(prf_plus, int_size, integ_i) ||
- !prf_plus->allocate_bytes(prf_plus, enc_size, encr_r) ||
- !prf_plus->allocate_bytes(prf_plus, int_size, integ_r))
- {
- chunk_free(encr_i);
- chunk_free(integ_i);
- chunk_free(encr_r);
- chunk_free(integ_r);
+ keymat.len = 2 * enc_size + 2 * int_size;
+ if (!prf_plus->allocate_bytes(prf_plus, keymat.len, &keymat))
+ {
prf_plus->destroy(prf_plus);
return FALSE;
}
-
prf_plus->destroy(prf_plus);
+ chunk_split(keymat, "aaaa", enc_size, encr_i, int_size, integ_i,
+ enc_size, encr_r, int_size, integ_r);
+ chunk_clear(&keymat);
+
if (enc_size)
{
DBG4(DBG_CHD, "encryption initiator key %B", encr_i);
@@ -729,7 +660,7 @@ METHOD(keymat_v2_t, get_auth_octets, boo
if (ppk.ptr)
{
DBG4(DBG_IKE, "PPK %B", &ppk);
- if (!derive_skp_ppk(this, ppk, skp, &skp_ppk))
+ if (!derive_ppk_key(this, "SK_p", ppk, skp, &skp_ppk))
{
return FALSE;
}
@@ -775,7 +706,7 @@ METHOD(keymat_v2_t, get_psk_sig, bool,
secret = verify ? this->skp_verify : this->skp_build;
if (ppk.ptr)
{
- if (!derive_skp_ppk(this, ppk, secret, &skp_ppk))
+ if (!derive_ppk_key(this, "SK_p", ppk, secret, &skp_ppk))
{
return FALSE;
}
Index: strongswan-5.9.5/src/libcharon/tests/utils/mock_dh.c
===================================================================
--- strongswan-5.9.5.orig/src/libcharon/tests/utils/mock_dh.c
+++ strongswan-5.9.5/src/libcharon/tests/utils/mock_dh.c
@@ -18,6 +18,13 @@
typedef struct private_diffie_hellman_t private_diffie_hellman_t;
+/** Mock DH public and shared key */
+static chunk_t mock_key = chunk_from_chars(
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08);
+
/**
* Private data
*/
@@ -37,7 +44,7 @@ struct private_diffie_hellman_t {
METHOD(diffie_hellman_t, get_my_public_value, bool,
private_diffie_hellman_t *this, chunk_t *value)
{
- *value = chunk_empty;
+ *value = chunk_clone(mock_key);
return TRUE;
}
@@ -50,7 +57,7 @@ METHOD(diffie_hellman_t, set_other_publi
METHOD(diffie_hellman_t, get_shared_secret, bool,
private_diffie_hellman_t *this, chunk_t *secret)
{
- *secret = chunk_empty;
+ *secret = chunk_clone(mock_key);
return TRUE;
}
Index: strongswan-5.9.5/src/libstrongswan/Android.mk
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/Android.mk
+++ strongswan-5.9.5/src/libstrongswan/Android.mk
@@ -13,11 +13,11 @@ crypto/hashers/hash_algorithm_set.c cryp
crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \
crypto/rngs/rng.c crypto/rngs/rng_tester.c \
-crypto/prf_plus.c crypto/signers/signer.c \
+crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
-crypto/iv/iv_gen_null.c \
+crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
@@ -91,6 +91,8 @@ endif
LOCAL_SRC_FILES += $(call add_plugin, hmac)
+LOCAL_SRC_FILES += $(call add_plugin, kdf)
+
LOCAL_SRC_FILES += $(call add_plugin, md4)
LOCAL_SRC_FILES += $(call add_plugin, md5)
Index: strongswan-5.9.5/src/libstrongswan/Makefile.am
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/Makefile.am
+++ strongswan-5.9.5/src/libstrongswan/Makefile.am
@@ -11,11 +11,11 @@ crypto/hashers/hash_algorithm_set.c cryp
crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords_static.c \
crypto/prfs/prf.c crypto/prfs/mac_prf.c crypto/pkcs5.c \
crypto/rngs/rng.c crypto/rngs/rng_tester.c \
-crypto/prf_plus.c crypto/signers/signer.c \
+crypto/signers/signer.c \
crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \
crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \
crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \
-crypto/iv/iv_gen_null.c \
+crypto/iv/iv_gen_null.c crypto/kdfs/kdf.c \
crypto/xofs/xof.c crypto/xofs/xof_bitspender.c \
credentials/credential_factory.c credentials/builder.c \
credentials/cred_encoding.c credentials/keys/private_key.c \
@@ -77,11 +77,12 @@ crypto/hashers/hash_algorithm_set.h cryp
crypto/proposal/proposal_keywords.h crypto/proposal/proposal_keywords_static.h \
crypto/rngs/rng.h crypto/rngs/rng_tester.h \
crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/nonce_gen.h \
-crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \
+crypto/signers/signer.h crypto/signers/mac_signer.h \
crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \
crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \
crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \
crypto/xofs/xof.h crypto/xofs/xof_bitspender.h crypto/xofs/mgf1.h \
+crypto/kdfs/kdf.h \
credentials/credential_factory.h credentials/builder.h \
credentials/cred_encoding.h credentials/keys/private_key.h \
credentials/keys/public_key.h credentials/keys/shared_key.h \
@@ -390,6 +391,13 @@ if MONOLITHIC
endif
endif
+if USE_KDF
+ SUBDIRS += plugins/kdf
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/kdf/libstrongswan-kdf.la
+endif
+endif
+
if USE_CMAC
SUBDIRS += plugins/cmac
if MONOLITHIC
Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.c
+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.c
@@ -23,8 +23,6 @@
#include <crypto/crypto_tester.h>
#include <utils/test.h>
-const char *default_plugin_name = "default";
-
typedef struct entry_t entry_t;
struct entry_t {
@@ -53,6 +51,7 @@ struct entry_t {
hasher_constructor_t create_hasher;
prf_constructor_t create_prf;
xof_constructor_t create_xof;
+ kdf_constructor_t create_kdf;
drbg_constructor_t create_drbg;
rng_constructor_t create_rng;
nonce_gen_constructor_t create_nonce_gen;
@@ -104,6 +103,11 @@ struct private_crypto_factory_t {
linked_list_t *xofs;
/**
+ * registered kdfs, as entry_t
+ */
+ linked_list_t *kdfs;
+
+ /**
* registered drbgs, as entry_t
*/
linked_list_t *drbgs;
@@ -171,7 +175,7 @@ METHOD(crypto_factory_t, create_crypter,
if (this->test_on_create &&
!this->tester->test_crypter(this->tester, algo, key_size,
entry->create_crypter, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -204,7 +208,7 @@ METHOD(crypto_factory_t, create_aead, ae
if (this->test_on_create &&
!this->tester->test_aead(this->tester, algo, key_size,
salt_size, entry->create_aead, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -236,7 +240,7 @@ METHOD(crypto_factory_t, create_signer,
if (this->test_on_create &&
!this->tester->test_signer(this->tester, algo,
entry->create_signer, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -268,7 +272,7 @@ METHOD(crypto_factory_t, create_hasher,
if (this->test_on_create &&
!this->tester->test_hasher(this->tester, algo,
entry->create_hasher, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -300,7 +304,7 @@ METHOD(crypto_factory_t, create_prf, prf
if (this->test_on_create &&
!this->tester->test_prf(this->tester, algo,
entry->create_prf, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -332,7 +336,7 @@ METHOD(crypto_factory_t, create_xof, xof
if (this->test_on_create &&
!this->tester->test_xof(this->tester, algo,
entry->create_xof, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -348,6 +352,48 @@ METHOD(crypto_factory_t, create_xof, xof
return xof;
}
+METHOD(crypto_factory_t, create_kdf, kdf_t*,
+ private_crypto_factory_t *this, key_derivation_function_t algo, ...)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ va_list args;
+ kdf_t *kdf = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->kdfs->create_enumerator(this->kdfs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->algo == algo)
+ {
+ if (this->test_on_create)
+ {
+ kdf_test_args_t test_args = {};
+
+ va_start(test_args.args, algo);
+ if (!this->tester->test_kdf(this->tester, algo,
+ entry->create_kdf, &test_args, NULL,
+ entry->plugin_name))
+ {
+ va_end(test_args.args);
+ continue;
+ }
+ va_end(test_args.args);
+ }
+ va_start(args, algo);
+ kdf = entry->create_kdf(algo, args);
+ va_end(args);
+ if (kdf)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return kdf;
+}
+
METHOD(crypto_factory_t, create_drbg, drbg_t*,
private_crypto_factory_t *this, drbg_type_t type, uint32_t strength,
rng_t *entropy, chunk_t personalization_str)
@@ -365,7 +411,7 @@ METHOD(crypto_factory_t, create_drbg, dr
if (this->test_on_create &&
!this->tester->test_drbg(this->tester, type,
entry->create_drbg, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -398,7 +444,7 @@ METHOD(crypto_factory_t, create_rng, rng
if (this->test_on_create &&
!this->tester->test_rng(this->tester, quality,
entry->create_rng, NULL,
- default_plugin_name))
+ entry->plugin_name))
{
continue;
}
@@ -462,7 +508,7 @@ METHOD(crypto_factory_t, create_dh, diff
{
if (this->test_on_create && group != MODP_CUSTOM &&
!this->tester->test_dh(this->tester, group,
- entry->create_dh, NULL, default_plugin_name))
+ entry->create_dh, NULL, entry->plugin_name))
{
continue;
}
@@ -749,6 +795,43 @@ METHOD(crypto_factory_t, remove_xof, voi
this->lock->unlock(this->lock);
}
+METHOD(crypto_factory_t, add_kdf, bool,
+ private_crypto_factory_t *this, key_derivation_function_t algo,
+ const char *plugin_name, kdf_constructor_t create)
+{
+ u_int speed = 0;
+
+ if (!this->test_on_add ||
+ this->tester->test_kdf(this->tester, algo, create, NULL,
+ this->bench ? &speed : NULL, plugin_name))
+ {
+ add_entry(this, this->kdfs, algo, plugin_name, 0, create);
+ return TRUE;
+ }
+ this->test_failures++;
+ return FALSE;
+}
+
+METHOD(crypto_factory_t, remove_kdf, void,
+ private_crypto_factory_t *this, kdf_constructor_t create)
+{
+ entry_t *entry;
+ enumerator_t *enumerator;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->kdfs->create_enumerator(this->kdfs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->create_kdf == create)
+ {
+ this->kdfs->remove_at(this->kdfs, enumerator);
+ free(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+}
+
METHOD(crypto_factory_t, add_drbg, bool,
private_crypto_factory_t *this, drbg_type_t type,
const char *plugin_name, drbg_constructor_t create)
@@ -1058,6 +1141,30 @@ METHOD(crypto_factory_t, create_xof_enum
return create_enumerator(this, this->xofs, xof_filter);
}
+CALLBACK(kdf_filter, bool,
+ void *n, enumerator_t *orig, va_list args)
+{
+ entry_t *entry;
+ key_derivation_function_t *algo;
+ const char **plugin_name;
+
+ VA_ARGS_VGET(args, algo, plugin_name);
+
+ if (orig->enumerate(orig, &entry))
+ {
+ *algo = entry->algo;
+ *plugin_name = entry->plugin_name;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(crypto_factory_t, create_kdf_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
+{
+ return create_enumerator(this, this->kdfs, kdf_filter);
+}
+
CALLBACK(drbg_filter, bool,
void *n, enumerator_t *orig, va_list args)
{
@@ -1169,6 +1276,8 @@ METHOD(crypto_factory_t, add_test_vector
return this->tester->add_prf_vector(this->tester, vector);
case EXTENDED_OUTPUT_FUNCTION:
return this->tester->add_xof_vector(this->tester, vector);
+ case KEY_DERIVATION_FUNCTION:
+ return this->tester->add_kdf_vector(this->tester, vector);
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
return this->tester->add_drbg_vector(this->tester, vector);
case RANDOM_NUMBER_GENERATOR:
@@ -1232,6 +1341,10 @@ METHOD(enumerator_t, verify_enumerate, b
*valid = this->tester->test_xof(this->tester, entry->algo,
entry->create_xof, NULL, entry->plugin_name);
break;
+ case KEY_DERIVATION_FUNCTION:
+ *valid = this->tester->test_kdf(this->tester, entry->algo,
+ entry->create_kdf, NULL, NULL, entry->plugin_name);
+ break;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
*valid = this->tester->test_drbg(this->tester, entry->algo,
entry->create_drbg, NULL, entry->plugin_name);
@@ -1287,6 +1400,9 @@ METHOD(crypto_factory_t, create_verify_e
case EXTENDED_OUTPUT_FUNCTION:
inner = this->xofs->create_enumerator(this->xofs);
break;
+ case KEY_DERIVATION_FUNCTION:
+ inner = this->kdfs->create_enumerator(this->kdfs);
+ break;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
inner = this->drbgs->create_enumerator(this->drbgs);
break;
@@ -1323,6 +1439,7 @@ METHOD(crypto_factory_t, destroy, void,
this->hashers->destroy(this->hashers);
this->prfs->destroy(this->prfs);
this->xofs->destroy(this->xofs);
+ this->kdfs->destroy(this->kdfs);
this->drbgs->destroy(this->drbgs);
this->rngs->destroy(this->rngs);
this->nonce_gens->destroy(this->nonce_gens);
@@ -1347,6 +1464,7 @@ crypto_factory_t *crypto_factory_create(
.create_hasher = _create_hasher,
.create_prf = _create_prf,
.create_xof = _create_xof,
+ .create_kdf = _create_kdf,
.create_drbg = _create_drbg,
.create_rng = _create_rng,
.create_nonce_gen = _create_nonce_gen,
@@ -1363,6 +1481,8 @@ crypto_factory_t *crypto_factory_create(
.remove_prf = _remove_prf,
.add_xof = _add_xof,
.remove_xof = _remove_xof,
+ .add_kdf = _add_kdf,
+ .remove_kdf = _remove_kdf,
.add_drbg = _add_drbg,
.remove_drbg = _remove_drbg,
.add_rng = _add_rng,
@@ -1377,6 +1497,7 @@ crypto_factory_t *crypto_factory_create(
.create_hasher_enumerator = _create_hasher_enumerator,
.create_prf_enumerator = _create_prf_enumerator,
.create_xof_enumerator = _create_xof_enumerator,
+ .create_kdf_enumerator = _create_kdf_enumerator,
.create_drbg_enumerator = _create_drbg_enumerator,
.create_dh_enumerator = _create_dh_enumerator,
.create_rng_enumerator = _create_rng_enumerator,
@@ -1391,6 +1512,7 @@ crypto_factory_t *crypto_factory_create(
.hashers = linked_list_create(),
.prfs = linked_list_create(),
.xofs = linked_list_create(),
+ .kdfs = linked_list_create(),
.drbgs = linked_list_create(),
.rngs = linked_list_create(),
.nonce_gens = linked_list_create(),
Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_factory.h
+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_factory.h
@@ -33,6 +33,7 @@ typedef struct crypto_factory_t crypto_f
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
#include <crypto/xofs/xof.h>
+#include <crypto/kdfs/kdf.h>
#include <crypto/drbgs/drbg.h>
#include <crypto/nonce_gen.h>
#include <crypto/diffie_hellman.h>
@@ -71,6 +72,14 @@ typedef prf_t* (*prf_constructor_t)(pseu
typedef xof_t* (*xof_constructor_t)(ext_out_function_t algo);
/**
+ * Constructor function for key derivation functions
+ *
+ * The additional arguments depend on the algorithm, see comments
+ * for key_derivation_function_t.
+ */
+typedef kdf_t* (*kdf_constructor_t)(key_derivation_function_t algo, va_list args);
+
+/**
* Constructor function for deterministic random bit generators
*/
typedef drbg_t* (*drbg_constructor_t)(drbg_type_t type, uint32_t strength,
@@ -154,6 +163,20 @@ struct crypto_factory_t {
*/
xof_t* (*create_xof)(crypto_factory_t *this, ext_out_function_t algo);
+
+ /**
+ * Create a key derivation function instance.
+ *
+ * Additional arguments depend on the KDF, please refer to the comments in
+ * key_derivation_function_t.
+ *
+ * @param algo KDF to create
+ * @param ... arguments depending on algo
+ * @return kdf_t instance, NULL if not supported
+ */
+ kdf_t* (*create_kdf)(crypto_factory_t *this,
+ key_derivation_function_t algo, ...);
+
/**
* Create a deterministic random bit generator instance.
*
@@ -306,6 +329,24 @@ struct crypto_factory_t {
void (*remove_xof)(crypto_factory_t *this, xof_constructor_t create);
/**
+ * Register a kdf constructor.
+ *
+ * @param algo algorithm to constructor
+ * @param plugin_name plugin that registered this algorithm
+ * @param create constructor function for that algorithm
+ * @return TRUE if registered, FALSE if test vector failed
+ */
+ bool (*add_kdf)(crypto_factory_t *this, key_derivation_function_t algo,
+ const char *plugin_name, kdf_constructor_t create);
+
+ /**
+ * Unregister a kdf constructor.
+ *
+ * @param create constructor function to unregister
+ */
+ void (*remove_kdf)(crypto_factory_t *this, kdf_constructor_t create);
+
+ /**
* Register a drbg constructor.
*
* @param type type to constructor
@@ -420,6 +461,13 @@ struct crypto_factory_t {
enumerator_t* (*create_xof_enumerator)(crypto_factory_t *this);
/**
+ * Create an enumerator over all registered KDFs.
+ *
+ * @return enumerator over key_derivation_function_t, plugin
+ */
+ enumerator_t* (*create_kdf_enumerator)(crypto_factory_t *this);
+
+ /**
* Create an enumerator over all registered DRBGs.
*
* @return enumerator over drbg_type_t, plugin
Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.c
+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.c
@@ -70,6 +70,11 @@ struct private_crypto_tester_t {
linked_list_t *xof;
/**
+ * List of KDF test vectors
+ */
+ linked_list_t *kdf;
+
+ /**
* List of DRBG test vectors
*/
linked_list_t *drbg;
@@ -1186,6 +1191,211 @@ failure:
return !failed;
}
+
+
+/**
+ * Create a KDF using the given arguments
+ */
+static kdf_t *create_kdf_args(kdf_constructor_t create,
+ key_derivation_function_t alg, ...)
+{
+ va_list args;
+ kdf_t *kdf;
+
+ va_start(args, alg);
+ kdf = create(alg, args);
+ va_end(args);
+ return kdf;
+}
+
+/**
+ * Create a KDF using arguments from the given test vector
+ */
+static kdf_t *create_kdf_vector(kdf_constructor_t create,
+ key_derivation_function_t alg,
+ kdf_test_vector_t *vector)
+{
+ switch (alg)
+ {
+ case KDF_PRF:
+ case KDF_PRF_PLUS:
+ return create_kdf_args(create, alg, vector->arg.prf);
+ case KDF_UNDEFINED:
+ break;
+ }
+ return NULL;
+}
+
+/**
+ * Check if the given test vector applies to the passed arguments
+ */
+static bool kdf_vector_applies(key_derivation_function_t alg,
+ kdf_test_args_t *args, kdf_test_vector_t *vector)
+{
+ bool applies = FALSE;
+
+ switch (alg)
+ {
+ case KDF_PRF:
+ case KDF_PRF_PLUS:
+ {
+ pseudo_random_function_t prf;
+ VA_ARGS_VGET(args->args, prf);
+ applies = (prf == vector->arg.prf);
+ break;
+ }
+ case KDF_UNDEFINED:
+ break;
+ }
+ return applies;
+}
+
+METHOD(crypto_tester_t, test_kdf, bool,
+ private_crypto_tester_t *this, key_derivation_function_t alg,
+ kdf_constructor_t create, kdf_test_args_t *args, u_int *speed,
+ const char *plugin_name)
+{
+ enumerator_t *enumerator;
+ kdf_test_vector_t *vector;
+ va_list copy;
+ bool failed = FALSE;
+ u_int tested = 0, construction_failed = 0;
+
+ enumerator = this->kdf->create_enumerator(this->kdf);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ kdf_t *kdf;
+ chunk_t out = chunk_empty;
+
+ if (vector->alg != alg ||
+ (args && !kdf_vector_applies(alg, args, vector)))
+ {
+ continue;
+ }
+
+ tested++;
+ failed = TRUE;
+ if (args)
+ {
+ va_copy(copy, args->args);
+ kdf = create(alg, copy);
+ va_end(copy);
+ }
+ else
+ {
+ kdf = create_kdf_vector(create, alg, vector);
+ }
+ if (!kdf)
+ {
+ if (args)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed",
+ key_derivation_function_names, alg, plugin_name);
+ break;
+ }
+ /* while there could be a problem, the constructor might just not
+ * be able to create an instance for this test vector, we check
+ * for that at the end */
+ construction_failed++;
+ failed = FALSE;
+ continue;
+ }
+
+ if (vector->key.len &&
+ !kdf->set_param(kdf, KDF_PARAM_KEY, vector->key))
+ {
+ goto failure;
+ }
+ if (vector->salt.len &&
+ !kdf->set_param(kdf, KDF_PARAM_SALT, vector->salt))
+ {
+ goto failure;
+ }
+ if (kdf_has_fixed_output_length(alg))
+ {
+ if (kdf->get_length(kdf) != vector->out.len)
+ {
+ goto failure;
+ }
+ }
+ else if (kdf->get_length(kdf) != SIZE_MAX)
+ {
+ goto failure;
+ }
+ /* allocated bytes */
+ if (!kdf->allocate_bytes(kdf, vector->out.len, &out))
+ {
+ goto failure;
+ }
+ if (!chunk_equals(out, vector->out))
+ {
+ goto failure;
+ }
+ /* allocate without knowing the length */
+ if (kdf_has_fixed_output_length(alg))
+ {
+ chunk_free(&out);
+ if (!kdf->allocate_bytes(kdf, 0, &out))
+ {
+ goto failure;
+ }
+ if (!chunk_equals(out, vector->out))
+ {
+ goto failure;
+ }
+ }
+ /* bytes to existing buffer */
+ memset(out.ptr, 0, out.len);
+ if (!kdf->get_bytes(kdf, out.len, out.ptr))
+ {
+ goto failure;
+ }
+ if (!chunk_equals(out, vector->out))
+ {
+ goto failure;
+ }
+
+ failed = FALSE;
+failure:
+ kdf->destroy(kdf);
+ chunk_free(&out);
+ if (failed)
+ {
+ DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed",
+ key_derivation_function_names, alg, plugin_name,
+ get_name(vector));
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1(DBG_LIB, "%s %N[%s]: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ key_derivation_function_names, alg, plugin_name);
+ return !this->required;
+ }
+ tested -= construction_failed;
+ if (!tested)
+ {
+ DBG1(DBG_LIB, "%s %N[%s]: unable to apply any available test vectors",
+ this->required ? "disabled" : "enabled ",
+ key_derivation_function_names, alg, plugin_name);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ if (speed)
+ {
+ DBG2(DBG_LIB, "benchmarking for %N is currently not supported",
+ key_derivation_function_names, alg);
+ }
+ DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors",
+ key_derivation_function_names, alg, plugin_name, tested);
+ }
+ return !failed;
+}
+
/**
* Benchmark a DRBG
*/
@@ -1622,6 +1832,12 @@ METHOD(crypto_tester_t, add_xof_vector,
this->xof->insert_last(this->xof, vector);
}
+METHOD(crypto_tester_t, add_kdf_vector, void,
+ private_crypto_tester_t *this, kdf_test_vector_t *vector)
+{
+ this->kdf->insert_last(this->kdf, vector);
+}
+
METHOD(crypto_tester_t, add_drbg_vector, void,
private_crypto_tester_t *this, drbg_test_vector_t *vector)
{
@@ -1649,6 +1865,7 @@ METHOD(crypto_tester_t, destroy, void,
this->hasher->destroy(this->hasher);
this->prf->destroy(this->prf);
this->xof->destroy(this->xof);
+ this->kdf->destroy(this->kdf);
this->drbg->destroy(this->drbg);
this->rng->destroy(this->rng);
this->dh->destroy(this->dh);
@@ -1670,6 +1887,7 @@ crypto_tester_t *crypto_tester_create()
.test_hasher = _test_hasher,
.test_prf = _test_prf,
.test_xof = _test_xof,
+ .test_kdf = _test_kdf,
.test_drbg = _test_drbg,
.test_rng = _test_rng,
.test_dh = _test_dh,
@@ -1679,6 +1897,7 @@ crypto_tester_t *crypto_tester_create()
.add_hasher_vector = _add_hasher_vector,
.add_prf_vector = _add_prf_vector,
.add_xof_vector = _add_xof_vector,
+ .add_kdf_vector = _add_kdf_vector,
.add_drbg_vector = _add_drbg_vector,
.add_rng_vector = _add_rng_vector,
.add_dh_vector = _add_dh_vector,
@@ -1690,6 +1909,7 @@ crypto_tester_t *crypto_tester_create()
.hasher = linked_list_create(),
.prf = linked_list_create(),
.xof = linked_list_create(),
+ .kdf = linked_list_create(),
.drbg = linked_list_create(),
.rng = linked_list_create(),
.dh = linked_list_create(),
Index: strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/crypto_tester.h
+++ strongswan-5.9.5/src/libstrongswan/crypto/crypto_tester.h
@@ -32,6 +32,8 @@ typedef struct signer_test_vector_t sign
typedef struct hasher_test_vector_t hasher_test_vector_t;
typedef struct prf_test_vector_t prf_test_vector_t;
typedef struct xof_test_vector_t xof_test_vector_t;
+typedef struct kdf_test_vector_t kdf_test_vector_t;
+typedef struct kdf_test_args_t kdf_test_args_t;
typedef struct drbg_test_vector_t drbg_test_vector_t;
typedef struct rng_test_vector_t rng_test_vector_t;
typedef struct dh_test_vector_t dh_test_vector_t;
@@ -130,6 +132,26 @@ struct xof_test_vector_t {
u_char *out;
};
+struct kdf_test_vector_t {
+ /** kdf algorithm this test vector tests */
+ key_derivation_function_t alg;
+ /** argument passed to constructor, type depends on alg */
+ union {
+ pseudo_random_function_t prf;
+ } arg;
+ /** optional key */
+ chunk_t key;
+ /** optional salt */
+ chunk_t salt;
+ /** expected output */
+ chunk_t out;
+};
+
+struct kdf_test_args_t {
+ /** the arguments used to construct the KDF */
+ va_list args;
+};
+
struct drbg_test_vector_t {
/** drbg type this test vector tests */
drbg_type_t type;
@@ -257,6 +279,22 @@ struct crypto_tester_t {
xof_constructor_t create,
u_int *speed, const char *plugin_name);
/**
+ * Test a KDF algorithm.
+ *
+ * If constructor arguments are passed, only matching test vectors are
+ * tried. Otherwise, all are tried and implementations are allowed to fail
+ * construction with unsupported arguments.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the XOF
+ * @param args optional arguments to pass to constructor
+ * @param speed speed test result, NULL to omit
+ * @return TRUE if test passed
+ */
+ bool (*test_kdf)(crypto_tester_t *this, key_derivation_function_t alg,
+ kdf_constructor_t create, kdf_test_args_t *args,
+ u_int *speed, const char *plugin_name);
+ /**
* Test a DRBG type.
*
* @param type DRBG type to test
@@ -333,6 +371,13 @@ struct crypto_tester_t {
void (*add_xof_vector)(crypto_tester_t *this, xof_test_vector_t *vector);
/**
+ * Add a test vector to test a KDF.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_kdf_vector)(crypto_tester_t *this, kdf_test_vector_t *vector);
+
+ /**
* Add a test vector to test a DRBG.
*
* @param vector pointer to test vector
Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "kdf.h"
+
+ENUM(key_derivation_function_names, KDF_UNDEFINED, KDF_PRF_PLUS,
+ "KDF_UNDEFINED",
+ "KDF_PRF",
+ "KDF_PRF_PLUS",
+);
+
+/*
+ * Described in header
+ */
+bool kdf_has_fixed_output_length(key_derivation_function_t type)
+{
+ switch (type)
+ {
+ case KDF_PRF:
+ return TRUE;
+ case KDF_PRF_PLUS:
+ case KDF_UNDEFINED:
+ break;
+ }
+ return FALSE;
+}
Index: strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/crypto/kdfs/kdf.h
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup kdf kdf
+ * @{ @ingroup crypto
+ */
+
+#ifndef KDF_H_
+#define KDF_H_
+
+typedef enum key_derivation_function_t key_derivation_function_t;
+typedef enum kdf_param_t kdf_param_t;
+typedef struct kdf_t kdf_t;
+
+#include <library.h>
+
+/**
+ * Key Derivation Functions (KDF).
+ */
+enum key_derivation_function_t {
+
+ KDF_UNDEFINED,
+
+ /**
+ * RFC 7296 prf, expects a pseudo_random_function_t in the constructor,
+ * parameters are KEY and SALT. Has a fixed output length.
+ */
+ KDF_PRF,
+
+ /**
+ * RFC 7296 prf+, expects a pseudo_random_function_t in the constructor,
+ * parameters are KEY and SALT.
+ */
+ KDF_PRF_PLUS,
+};
+
+/**
+ * enum name for key_derivation_function_t.
+ */
+extern enum_name_t *key_derivation_function_names;
+
+/**
+ * Parameters for KDFs.
+ */
+enum kdf_param_t {
+
+ /**
+ * Key used for the key derivation (chunk_t).
+ */
+ KDF_PARAM_KEY,
+
+ /**
+ * Salt used for the key derivation (chunk_t).
+ */
+ KDF_PARAM_SALT,
+};
+
+/**
+ * Generic interface for Key Derivation Functions (KDF).
+ *
+ * Note that in comparison to xof_t, this interface does not support streaming.
+ * That is, calling get_bytes() or allocate_bytes() multiple times without
+ * changing the input parameters will result in the same output.
+ */
+struct kdf_t {
+
+ /**
+ * Return the type of KDF.
+ *
+ * @return KDF type
+ */
+ key_derivation_function_t (*get_type)(kdf_t *this);
+
+ /**
+ * Output length for KDFs that produce a fixed amount of output.
+ *
+ * @return fixed output length, SIZE_MAX for variable length
+ */
+ size_t (*get_length)(kdf_t *this);
+
+ /**
+ * Derives a key of the given length and writes it to the buffer.
+ *
+ * @note Fails if out_len doesn't match for KDFs with fixed output length.
+ *
+ * @param out_len number of key bytes requested
+ * @param buffer pointer where the derived key will be written
+ * @return TRUE if key derived successfully
+ */
+ bool (*get_bytes)(kdf_t *this, size_t out_len,
+ uint8_t *buffer) __attribute__((warn_unused_result));
+
+ /**
+ * Derives a key of the given length and allocates space for it.
+ *
+ * @note Fails if out_len doesn't match for KDFs with fixed output length.
+ * However, for simplified usage, 0 can be passed for out_len to
+ * automatically allocate a chunk of the correct size.
+ *
+ * @param out_len number of key bytes requested, or 0 for KDFs with fixed
+ * output length
+ * @param chunk chunk which will hold the derived key
+ * @return TRUE if key derived successfully
+ */
+ bool (*allocate_bytes)(kdf_t *this, size_t out_len,
+ chunk_t *chunk) __attribute__((warn_unused_result));
+
+ /**
+ * Set a parameter for this KDF.
+ *
+ * @param param parameter to set
+ * @param ... parameter values
+ * @return TRUE if parameter set successfully
+ */
+ bool (*set_param)(kdf_t *this, kdf_param_t param,
+ ...) __attribute__((warn_unused_result));
+
+ /**
+ * Destroys this KDF object.
+ */
+ void (*destroy)(kdf_t *this);
+};
+
+/**
+ * Check if the given KDF type has a fixed output length.
+ *
+ * @param type KDF type
+ * @return TRUE if the KDF type has a fixed output length
+ */
+bool kdf_has_fixed_output_length(key_derivation_function_t type);
+
+#endif /** KDF_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/pkcs5.c
+++ strongswan-5.9.5/src/libstrongswan/crypto/pkcs5.c
@@ -131,7 +131,7 @@ static bool verify_padding(crypter_t *cr
/**
* Prototype for key derivation functions.
*/
-typedef bool (*kdf_t)(private_pkcs5_t *this, chunk_t password, chunk_t key);
+typedef bool (*derive_t)(private_pkcs5_t *this, chunk_t password, chunk_t key);
/**
* Try to decrypt the given data with the given password using the given
@@ -139,7 +139,7 @@ typedef bool (*kdf_t)(private_pkcs5_t *t
* to, key and iv point to the actual keys and initialization vectors resp.
*/
static bool decrypt_generic(private_pkcs5_t *this, chunk_t password,
- chunk_t data, chunk_t *decrypted, kdf_t kdf,
+ chunk_t data, chunk_t *decrypted, derive_t kdf,
chunk_t keymat, chunk_t key, chunk_t iv)
{
if (!kdf(this, password, keymat))
@@ -341,7 +341,7 @@ METHOD(pkcs5_t, decrypt, bool,
private_pkcs5_t *this, chunk_t password, chunk_t data, chunk_t *decrypted)
{
chunk_t keymat, key, iv;
- kdf_t kdf;
+ derive_t kdf;
if (!ensure_crypto_primitives(this, data) || !decrypted)
{
Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "prf_plus.h"
-
-typedef struct private_prf_plus_t private_prf_plus_t;
-
-typedef bool (*apply_prf_t)(private_prf_plus_t *this);
-
-/**
- * Private data of an prf_plus_t object.
- *
- */
-struct private_prf_plus_t {
-
- /**
- * Public interface of prf_plus_t.
- */
- prf_plus_t public;
-
- /**
- * PRF to use.
- */
- prf_t *prf;
-
- /**
- * Initial seed.
- */
- chunk_t seed;
-
- /**
- * Octet which will be appended to the seed if a counter is used.
- */
- uint8_t counter;
-
- /**
- * Already given out bytes in current buffer.
- */
- size_t used;
-
- /**
- * Buffer to store current PRF result.
- */
- chunk_t buffer;
-
- /**
- * The prf application method depending on whether a counter is used.
- */
- apply_prf_t apply_prf;
-};
-
-/**
- * Apply the PRF using the running counter
- */
-static bool apply_prf_counter(private_prf_plus_t *this)
-{
- if (!this->prf->get_bytes(this->prf, this->seed, NULL) ||
- !this->prf->get_bytes(this->prf, chunk_from_thing(this->counter),
- this->buffer.ptr))
- {
- return FALSE;
- }
- this->counter++;
- if (!this->counter)
- { /* according to RFC 7296, section 2.13, prf+ is undefined once the
- * counter wrapped, so let's fail for future calls */
- this->apply_prf = (void*)return_false;
- }
- return TRUE;
-}
-
-/**
- * Apply the PRF using the running counter
- */
-static bool apply_prf(private_prf_plus_t *this)
-{
- return this->prf->get_bytes(this->prf, this->seed, this->buffer.ptr);
-}
-
-METHOD(prf_plus_t, get_bytes, bool,
- private_prf_plus_t *this, size_t length, uint8_t *buffer)
-{
- size_t round, written = 0;
-
- while (length > 0)
- {
- if (this->buffer.len == this->used)
- { /* buffer used, get next round */
- if (!this->prf->get_bytes(this->prf, this->buffer, NULL))
- {
- return FALSE;
- }
- if (!this->apply_prf(this))
- {
- return FALSE;
- }
- this->used = 0;
- }
- round = min(length, this->buffer.len - this->used);
- memcpy(buffer + written, this->buffer.ptr + this->used, round);
-
- length -= round;
- this->used += round;
- written += round;
- }
- return TRUE;
-}
-
-METHOD(prf_plus_t, allocate_bytes, bool,
- private_prf_plus_t *this, size_t length, chunk_t *chunk)
-{
- *chunk = chunk_alloc(length);
- if (!get_bytes(this, length, chunk->ptr))
- {
- chunk_free(chunk);
- return FALSE;
- }
- return TRUE;
-}
-
-METHOD(prf_plus_t, destroy, void,
- private_prf_plus_t *this)
-{
- chunk_clear(&this->buffer);
- chunk_clear(&this->seed);
- free(this);
-}
-
-/*
- * Description in header.
- */
-prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed)
-{
- private_prf_plus_t *this;
-
- INIT(this,
- .public = {
- .get_bytes = _get_bytes,
- .allocate_bytes = _allocate_bytes,
- .destroy = _destroy,
- },
- .prf = prf,
- .seed = chunk_clone(seed),
- .buffer = chunk_alloc(prf->get_block_size(prf)),
- .apply_prf = counter ? apply_prf_counter : apply_prf,
- .counter = 0x01,
- );
-
- if (!this->apply_prf(this))
- {
- destroy(this);
- return NULL;
- }
- return &this->public;
-}
Index: strongswan-5.9.5/src/libstrongswan/crypto/prf_plus.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/prf_plus.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup prf_plus prf_plus
- * @{ @ingroup crypto
- */
-
-#ifndef PRF_PLUS_H_
-#define PRF_PLUS_H_
-
-typedef struct prf_plus_t prf_plus_t;
-
-#include <crypto/prfs/prf.h>
-
-/**
- * Implementation of the prf+ function used in IKEv1/IKEv2 keymat extension.
- */
-struct prf_plus_t {
-
- /**
- * Get pseudo random bytes.
- *
- * @param length number of bytes to get
- * @param buffer pointer where the generated bytes will be written
- * @return TRUE if bytes generated successfully
- */
- bool (*get_bytes)(prf_plus_t *this, size_t length,
- uint8_t *buffer) __attribute__((warn_unused_result));
-
- /**
- * Allocate pseudo random bytes.
- *
- * @param length number of bytes to get
- * @param chunk chunk which will hold generated bytes
- * @return TRUE if bytes allocated successfully
- */
- bool (*allocate_bytes)(prf_plus_t *this, size_t length,
- chunk_t *chunk) __attribute__((warn_unused_result));
-
- /**
- * Destroys a prf_plus_t object.
- */
- void (*destroy)(prf_plus_t *this);
-};
-
-/**
- * Creates a new prf_plus_t object.
- *
- * @param prf prf object to use, must be destroyed after prf+.
- * @param counter use an appending counter byte (for IKEv2 variant)
- * @param seed input seed for prf
- * @return prf_plus_t object, NULL on failure
- */
-prf_plus_t *prf_plus_create(prf_t *prf, bool counter, chunk_t seed);
-
-#endif /** PRF_PLUS_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.c
+++ strongswan-5.9.5/src/libstrongswan/crypto/transform.c
@@ -16,6 +16,7 @@
#include <crypto/transform.h>
#include <crypto/hashers/hasher.h>
#include <crypto/rngs/rng.h>
+#include <crypto/kdfs/kdf.h>
ENUM_BEGIN(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS,
"ENCRYPTION_ALGORITHM",
@@ -23,16 +24,16 @@ ENUM_BEGIN(transform_type_names, ENCRYPT
"INTEGRITY_ALGORITHM",
"DIFFIE_HELLMAN_GROUP",
"EXTENDED_SEQUENCE_NUMBERS");
-ENUM_NEXT(transform_type_names, HASH_ALGORITHM, DETERMINISTIC_RANDOM_BIT_GENERATOR,
+ENUM_NEXT(transform_type_names, HASH_ALGORITHM, KEY_DERIVATION_FUNCTION,
EXTENDED_SEQUENCE_NUMBERS,
"HASH_ALGORITHM",
"RANDOM_NUMBER_GENERATOR",
"AEAD_ALGORITHM",
"COMPRESSION_ALGORITHM",
"EXTENDED OUTPUT FUNCTION",
- "DETERMINISTIC RANDOM BIT GENERATOR");
-ENUM_END(transform_type_names, DETERMINISTIC_RANDOM_BIT_GENERATOR);
-
+ "DETERMINISTIC RANDOM BIT GENERATOR",
+ "KEY_DERIVATION_FUNCTION");
+ENUM_END(transform_type_names, KEY_DERIVATION_FUNCTION);
ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS,
"NO_EXT_SEQ",
@@ -65,6 +66,8 @@ enum_name_t* transform_get_enum_names(tr
return ext_out_function_names;
case DETERMINISTIC_RANDOM_BIT_GENERATOR:
return drbg_type_names;
+ case KEY_DERIVATION_FUNCTION:
+ return key_derivation_function_names;
case COMPRESSION_ALGORITHM:
break;
}
Index: strongswan-5.9.5/src/libstrongswan/crypto/transform.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/crypto/transform.h
+++ strongswan-5.9.5/src/libstrongswan/crypto/transform.h
@@ -40,6 +40,7 @@ enum transform_type_t {
COMPRESSION_ALGORITHM = 259,
EXTENDED_OUTPUT_FUNCTION = 260,
DETERMINISTIC_RANDOM_BIT_GENERATOR = 261,
+ KEY_DERIVATION_FUNCTION = 262,
};
/**
Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/Makefile.am
+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/Makefile.am
@@ -16,6 +16,7 @@ libstrongswan_botan_la_SOURCES = \
botan_rng.h botan_rng.c \
botan_hasher.h botan_hasher.c \
botan_hmac.h botan_hmac.c \
+ botan_kdf.h botan_kdf.c \
botan_crypter.h botan_crypter.c \
botan_rsa_public_key.h botan_rsa_public_key.c \
botan_rsa_private_key.h botan_rsa_private_key.c \
Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#define _GNU_SOURCE
+#include "botan_kdf.h"
+#include "botan_util.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_HKDF
+
+#include <botan/ffi.h>
+
+typedef struct private_kdf_t private_kdf_t;
+
+/**
+ * Private data.
+ */
+struct private_kdf_t {
+
+ /**
+ * Public interface.
+ */
+ kdf_t public;
+
+ /**
+ * KDF type.
+ */
+ key_derivation_function_t type;
+
+ /**
+ * Name of the KDF algorithm in Botan.
+ */
+ char *name;
+
+ /**
+ * Key for KDF.
+ */
+ chunk_t key;
+
+ /**
+ * Salt for KDF.
+ */
+ chunk_t salt;
+
+ /**
+ * Length of the hash output.
+ */
+ size_t hash_size;
+};
+
+METHOD(kdf_t, get_type, key_derivation_function_t,
+ private_kdf_t *this)
+{
+ return this->type;
+}
+
+METHOD(kdf_t, get_length, size_t,
+ private_kdf_t *this)
+{
+ if (this->type == KDF_PRF_PLUS)
+ {
+ return SIZE_MAX;
+ }
+ return this->hash_size;
+}
+
+METHOD(kdf_t, get_bytes, bool,
+ private_kdf_t *this, size_t out_len, uint8_t *buffer)
+{
+ if (this->type == KDF_PRF)
+ {
+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however,
+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key),
+ * so we have to switch key and salt here */
+ if (out_len != get_length(this) ||
+ botan_kdf(this->name, buffer, out_len, this->salt.ptr, this->salt.len,
+ this->key.ptr, this->key.len, NULL, 0))
+ {
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+#if BOTAN_VERSION_MAJOR == 2
+ /* Botan 2 doesn't check the length, just silently prevents wrapping the
+ * counter and returns truncated output, so do this manually */
+ if (out_len > this->hash_size * 255)
+ {
+ return FALSE;
+ }
+#endif
+ if (botan_kdf(this->name, buffer, out_len, this->key.ptr, this->key.len,
+ NULL, 0, this->salt.ptr, this->salt.len))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, allocate_bytes, bool,
+ private_kdf_t *this, size_t out_len, chunk_t *chunk)
+{
+ if (this->type == KDF_PRF)
+ {
+ out_len = out_len ?: get_length(this);
+ }
+
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, set_param, bool,
+ private_kdf_t *this, kdf_param_t param, ...)
+{
+ chunk_t chunk;
+
+ switch (param)
+ {
+ case KDF_PARAM_KEY:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->key);
+ this->key = chunk_clone(chunk);
+ break;
+ case KDF_PARAM_SALT:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->salt);
+ this->salt = chunk_clone(chunk);
+ break;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, destroy, void,
+ private_kdf_t *this)
+{
+ chunk_clear(&this->salt);
+ chunk_clear(&this->key);
+ free(this->name);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args)
+{
+ private_kdf_t *this;
+ pseudo_random_function_t prf_alg;
+ const char *hash_name;
+ char *name, buf[HASH_SIZE_SHA512];
+
+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS)
+ {
+ return NULL;
+ }
+
+ VA_ARGS_VGET(args, prf_alg);
+ hash_name = botan_get_hash(hasher_algorithm_from_prf(prf_alg));
+ if (!hash_name)
+ {
+ return NULL;
+ }
+ if (algo == KDF_PRF)
+ {
+ if (asprintf(&name, "HKDF-Extract(%s)", hash_name) <= 0)
+ {
+ return NULL;
+ }
+ }
+ else if (asprintf(&name, "HKDF-Expand(%s)", hash_name) <= 0)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_type = _get_type,
+ .get_length = _get_length,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .set_param = _set_param,
+ .destroy = _destroy,
+ },
+ .type = algo,
+ .name = name,
+ .hash_size = hasher_hash_size(hasher_algorithm_from_prf(prf_alg)),
+ );
+
+ /* test if we can actually use the algorithm */
+ if (!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#endif
Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_kdf.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements key derivation functions (KDF) using Botan, in particular prf+,
+ * which is implemented via Botan's HKDF implementation.
+ *
+ * @defgroup botan_kdf botan_kdf
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_KDF_H_
+#define BOTAN_KDF_H_
+
+#include <crypto/kdfs/kdf.h>
+
+/**
+ * Creates a new kdf_t object.
+ *
+ * @param algo algorithm to instantiate
+ * @param args algorithm-specific arguments
+ * @return kdf_t object, NULL if not supported
+ */
+kdf_t *botan_kdf_create(key_derivation_function_t algo, va_list args);
+
+#endif /** BOTAN_KDF_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/botan/botan_plugin.c
+++ strongswan-5.9.5/src/libstrongswan/plugins/botan/botan_plugin.c
@@ -32,6 +32,7 @@
#include "botan_crypter.h"
#include "botan_diffie_hellman.h"
#include "botan_hmac.h"
+#include "botan_kdf.h"
#include "botan_rsa_public_key.h"
#include "botan_rsa_private_key.h"
#include "botan_ec_diffie_hellman.h"
@@ -209,6 +210,13 @@ METHOD(plugin_t, get_features, int,
#endif
#endif /* BOTAN_HAS_HMAC */
+ /* kdfs */
+#ifdef BOTAN_HAS_HKDF
+ PLUGIN_REGISTER(SIGNER, botan_kdf_create),
+ PLUGIN_PROVIDE(KDF, KDF_PRF),
+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS),
+#endif /* BOTAN_HAS_HKDF */
+
/* generic key loaders */
#if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) || \
defined(BOTAN_HAS_ED25519)
Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/Makefile.am
@@ -0,0 +1,17 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-kdf.la
+else
+plugin_LTLIBRARIES = libstrongswan-kdf.la
+endif
+
+libstrongswan_kdf_la_SOURCES = \
+ kdf_plugin.h kdf_plugin.c \
+ kdf_kdf.h kdf_kdf.c
+
+libstrongswan_kdf_la_LDFLAGS = -module -avoid-version
Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "kdf_kdf.h"
+
+typedef struct private_kdf_t private_kdf_t;
+
+/**
+ * Private data.
+ */
+struct private_kdf_t {
+
+ /**
+ * Public interface.
+ */
+ kdf_t public;
+
+ /**
+ * KDF type.
+ */
+ key_derivation_function_t type;
+
+ /**
+ * Underlying PRF.
+ */
+ prf_t *prf;
+
+ /**
+ * Salt value.
+ */
+ chunk_t salt;
+};
+
+METHOD(kdf_t, get_type, key_derivation_function_t,
+ private_kdf_t *this)
+{
+ return this->type;
+}
+
+METHOD(kdf_t, get_length, size_t,
+ private_kdf_t *this)
+{
+ if (this->type == KDF_PRF_PLUS)
+ {
+ return SIZE_MAX;
+ }
+ return this->prf->get_block_size(this->prf);
+}
+
+METHOD(kdf_t, get_bytes_prf_plus, bool,
+ private_kdf_t *this, size_t out_len, uint8_t *buffer)
+{
+ chunk_t block, previous = chunk_empty;
+ uint8_t counter = 1, *out = buffer;
+ size_t len;
+ bool success = TRUE;
+
+ block = chunk_alloca(this->prf->get_block_size(this->prf));
+ if (out_len > block.len * 255)
+ {
+ return FALSE;
+ }
+
+ while (out_len)
+ {
+ if (!this->prf->get_bytes(this->prf, previous, NULL) ||
+ !this->prf->get_bytes(this->prf, this->salt, NULL) ||
+ !this->prf->get_bytes(this->prf, chunk_from_thing(counter),
+ block.ptr))
+ {
+ success = FALSE;
+ break;
+ }
+ len = min(out_len, block.len);
+ memcpy(out, block.ptr, len);
+ previous = chunk_create(out, block.len);
+
+ out_len -= len;
+ out += len;
+ counter++;
+ }
+ memwipe(block.ptr, block.len);
+ return success;
+}
+
+METHOD(kdf_t, get_bytes, bool,
+ private_kdf_t *this, size_t out_len, uint8_t *buffer)
+{
+ if (out_len != get_length(this))
+ {
+ return FALSE;
+ }
+ return this->prf->get_bytes(this->prf, this->salt, buffer);
+}
+
+METHOD(kdf_t, allocate_bytes, bool,
+ private_kdf_t *this, size_t out_len, chunk_t *chunk)
+{
+ if (this->type == KDF_PRF)
+ {
+ out_len = out_len ?: get_length(this);
+ }
+
+ *chunk = chunk_alloc(out_len);
+
+ if (!this->public.get_bytes(&this->public, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, set_param, bool,
+ private_kdf_t *this, kdf_param_t param, ...)
+{
+ chunk_t chunk;
+ bool success = FALSE;
+
+ switch (param)
+ {
+ case KDF_PARAM_KEY:
+ VA_ARGS_GET(param, chunk);
+ success = this->prf->set_key(this->prf, chunk);
+ break;
+ case KDF_PARAM_SALT:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->salt);
+ this->salt = chunk_clone(chunk);
+ success = TRUE;
+ break;
+ }
+ return success;
+}
+
+METHOD(kdf_t, destroy, void,
+ private_kdf_t *this)
+{
+ this->prf->destroy(this->prf);
+ chunk_clear(&this->salt);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kdf_t *kdf_kdf_create(key_derivation_function_t algo, va_list args)
+{
+ private_kdf_t *this;
+ pseudo_random_function_t prf_alg;
+ prf_t *prf;
+
+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS)
+ {
+ return NULL;
+ }
+
+ VA_ARGS_VGET(args, prf_alg);
+ prf = lib->crypto->create_prf(lib->crypto, prf_alg);
+ if (!prf)
+ {
+ DBG1(DBG_LIB, "failed to create %N for %N",
+ pseudo_random_function_names, prf_alg,
+ key_derivation_function_names, algo);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_type = _get_type,
+ .get_length = _get_length,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .set_param = _set_param,
+ .destroy = _destroy,
+ },
+ .type = algo,
+ .prf = prf,
+ );
+
+ if (algo == KDF_PRF_PLUS)
+ {
+ this->public.get_bytes = _get_bytes_prf_plus;
+ }
+ return &this->public;
+}
Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_kdf.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements a KDF wrapper around PRFs, and prf+ as defined in RFC 7296,
+ * section 2.13:
+ *
+ * @verbatim
+ prf+ (K,S) = T1 | T2 | T3 | T4 | ...
+
+ where:
+ T1 = prf (K, S | 0x01)
+ T2 = prf (K, T1 | S | 0x02)
+ T3 = prf (K, T2 | S | 0x03)
+ T4 = prf (K, T3 | S | 0x04)
+ ...
+ * @endverbatim
+ *
+ * @defgroup kdf_kdf kdf_kdf
+ * @{ @ingroup kdf_p
+ */
+
+#ifndef KDF_KDF_H_
+#define KDF_KDF_H_
+
+#include <crypto/kdfs/kdf.h>
+
+/**
+ * Create a kdf_t object
+ *
+ * @param algo KDF_PRF_PLUS
+ * @param args pseudo_random_function_t of the underlying PRF
+ * @return kdf_t object, NULL if not supported
+ */
+kdf_t *kdf_kdf_create(key_derivation_function_t algo, va_list args);
+
+#endif /** KDF_KDF_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "kdf_plugin.h"
+#include "kdf_kdf.h"
+
+#include <library.h>
+
+typedef struct private_kdf_plugin_t private_kdf_plugin_t;
+
+/**
+ * Private data
+ */
+struct private_kdf_plugin_t {
+
+ /**
+ * Public interface
+ */
+ kdf_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_kdf_plugin_t *this)
+{
+ return "kdf";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_kdf_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(KDF, kdf_kdf_create),
+ PLUGIN_PROVIDE(KDF, KDF_PRF),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA1),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_256),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_384),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_512),
+ PLUGIN_SDEPEND(PRF, PRF_AES128_XCBC),
+ PLUGIN_SDEPEND(PRF, PRF_AES128_CMAC),
+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA1),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_256),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_384),
+ PLUGIN_SDEPEND(PRF, PRF_HMAC_SHA2_512),
+ PLUGIN_SDEPEND(PRF, PRF_AES128_XCBC),
+ PLUGIN_SDEPEND(PRF, PRF_AES128_CMAC),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_kdf_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+plugin_t *kdf_plugin_create()
+{
+ private_kdf_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
Index: strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/kdf/kdf_plugin.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup kdf_p kdf
+ * @ingroup plugins
+ *
+ * @defgroup kdf_plugin kdf_plugin
+ * @{ @ingroup kdf_p
+ */
+
+#ifndef KDF_PLUGIN_H_
+#define KDF_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct kdf_plugin_t kdf_plugin_t;
+
+/**
+ * Plugin implementing the key derivation functions (KDF) in software.
+ */
+struct kdf_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** KDF_PLUGIN_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/Makefile.am
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/Makefile.am
@@ -33,6 +33,7 @@ libstrongswan_openssl_la_SOURCES = \
openssl_pkcs12.c openssl_pkcs12.h \
openssl_rng.c openssl_rng.h \
openssl_hmac.c openssl_hmac.h \
+ openssl_kdf.c openssl_kdf.h \
openssl_aead.c openssl_aead.h \
openssl_x_diffie_hellman.c openssl_x_diffie_hellman.h \
openssl_ed_private_key.c openssl_ed_private_key.h \
Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/opensslconf.h>
+
+#if !defined(OPENSSL_NO_HMAC) && OPENSSL_VERSION_NUMBER >= 0x10101000L
+
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#include "openssl_kdf.h"
+
+typedef struct private_kdf_t private_kdf_t;
+
+/**
+ * Private data.
+ */
+struct private_kdf_t {
+
+ /**
+ * Public interface.
+ */
+ kdf_t public;
+
+ /**
+ * KDF type.
+ */
+ key_derivation_function_t type;
+
+ /**
+ * Hasher to use for underlying PRF.
+ */
+ const EVP_MD *hasher;
+
+ /**
+ * Key for KDF. Stored here because OpenSSL's HKDF API does not provide a
+ * way to clear the "info" field in the context, new data is always
+ * appended (up to 1024 bytes).
+ */
+ chunk_t key;
+
+ /**
+ * Salt for prf+ (see above).
+ */
+ chunk_t salt;
+};
+
+METHOD(kdf_t, get_type, key_derivation_function_t,
+ private_kdf_t *this)
+{
+ return this->type;
+}
+
+METHOD(kdf_t, get_length, size_t,
+ private_kdf_t *this)
+{
+ if (this->type == KDF_PRF_PLUS)
+ {
+ return SIZE_MAX;
+ }
+ return EVP_MD_size(this->hasher);
+}
+
+/**
+ * Set the parameters as a appropriate for the given KDF type.
+ */
+static bool set_params(private_kdf_t *this, EVP_PKEY_CTX *ctx)
+{
+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however,
+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key),
+ * so we have to switch key and salt here */
+ if (this->type == KDF_PRF)
+ {
+ return EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) > 0 &&
+ EVP_PKEY_CTX_set1_hkdf_key(ctx, this->salt.ptr, this->salt.len) > 0 &&
+ EVP_PKEY_CTX_set1_hkdf_salt(ctx, this->key.ptr, this->key.len) > 0;
+ }
+ /* for HKDF-Expand() we map the salt to the "info" field */
+ return EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) > 0 &&
+ EVP_PKEY_CTX_set1_hkdf_key(ctx, this->key.ptr, this->key.len) > 0 &&
+ EVP_PKEY_CTX_add1_hkdf_info(ctx, this->salt.ptr, this->salt.len) > 0;
+}
+
+METHOD(kdf_t, get_bytes, bool,
+ private_kdf_t *this, size_t out_len, uint8_t *buffer)
+{
+ EVP_PKEY_CTX *ctx;
+
+ if (this->type == KDF_PRF && out_len != get_length(this))
+ {
+ return FALSE;
+ }
+
+ ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+ if (!ctx ||
+ EVP_PKEY_derive_init(ctx) <= 0 ||
+ EVP_PKEY_CTX_set_hkdf_md(ctx, this->hasher) <= 0 ||
+ !set_params(this, ctx) ||
+ EVP_PKEY_derive(ctx, buffer, &out_len) <= 0)
+ {
+ EVP_PKEY_CTX_free(ctx);
+ return FALSE;
+ }
+ EVP_PKEY_CTX_free(ctx);
+ return TRUE;
+}
+
+METHOD(kdf_t, allocate_bytes, bool,
+ private_kdf_t *this, size_t out_len, chunk_t *chunk)
+{
+ if (this->type == KDF_PRF)
+ {
+ out_len = out_len ?: get_length(this);
+ }
+
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, set_param, bool,
+ private_kdf_t *this, kdf_param_t param, ...)
+{
+ chunk_t chunk;
+
+ switch (param)
+ {
+ case KDF_PARAM_KEY:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->key);
+ this->key = chunk_clone(chunk);
+ break;
+ case KDF_PARAM_SALT:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->salt);
+ this->salt = chunk_clone(chunk);
+ break;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, destroy, void,
+ private_kdf_t *this)
+{
+ chunk_clear(&this->salt);
+ chunk_clear(&this->key);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args)
+{
+ private_kdf_t *this;
+ pseudo_random_function_t prf_alg;
+ char *name, buf[EVP_MAX_MD_SIZE];
+
+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS)
+ {
+ return NULL;
+ }
+
+ VA_ARGS_VGET(args, prf_alg);
+ name = enum_to_name(hash_algorithm_short_names,
+ hasher_algorithm_from_prf(prf_alg));
+ if (!name)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_type = _get_type,
+ .get_length = _get_length,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .set_param = _set_param,
+ .destroy = _destroy,
+ },
+ .type = algo,
+ .hasher = EVP_get_digestbyname(name),
+ /* use a lengthy key/salt to test the implementation below to make sure
+ * the algorithms are usable, see openssl_hmac.c for details */
+ .key = chunk_clone(chunk_from_str("00000000000000000000000000000000")),
+ .salt = chunk_clone(chunk_from_str("00000000000000000000000000000000")),
+ );
+
+ if (!this->hasher ||
+ !get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#endif /* OPENSSL_NO_HMAC && OPENSSL_VERSION_NUMBER */
Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_kdf.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements key derivation functions (KDF) via OpenSSL, in particular prf+,
+ * which is implemented via OpenSSL's HKDF implementation.
+ *
+ * @defgroup openssl_kdf openssl_kdf
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_KDF_H_
+#define OPENSSL_KDF_H_
+
+#include <crypto/kdfs/kdf.h>
+
+/**
+ * Creates a new kdf_t object.
+ *
+ * @param algo algorithm to instantiate
+ * @param args algorithm-specific arguments
+ * @return kdf_t object, NULL if not supported
+ */
+kdf_t *openssl_kdf_create(key_derivation_function_t algo, va_list args);
+
+#endif /** OPENSSL_KDF_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -16,7 +16,6 @@
#include <library.h>
#include <utils/debug.h>
-#include <collections/array.h>
#include <threading/thread.h>
#include <threading/mutex.h>
#include <threading/thread_value.h>
@@ -53,6 +52,7 @@
#include "openssl_pkcs12.h"
#include "openssl_rng.h"
#include "openssl_hmac.h"
+#include "openssl_kdf.h"
#include "openssl_aead.h"
#include "openssl_x_diffie_hellman.h"
#include "openssl_ed_public_key.h"
@@ -74,13 +74,6 @@ struct private_openssl_plugin_t {
* public functions
*/
openssl_plugin_t public;
-
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- /**
- * Loaded providers
- */
- array_t *providers;
-#endif
};
/**
@@ -662,6 +655,12 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+ /* HKDF is available since 1.1.0, expand-only mode only since 1.1.1 */
+ PLUGIN_REGISTER(KDF, openssl_kdf_create),
+ PLUGIN_PROVIDE(KDF, KDF_PRF),
+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS),
+#endif
#endif /* OPENSSL_NO_HMAC */
#if (OPENSSL_VERSION_NUMBER >= 0x1000100fL && !defined(OPENSSL_NO_AES)) || \
(OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(OPENSSL_NO_CHACHA))
@@ -887,15 +886,6 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_openssl_plugin_t *this)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- OSSL_PROVIDER *provider;
- while (array_remove(this->providers, ARRAY_TAIL, &provider))
- {
- OSSL_PROVIDER_unload(provider);
- }
- array_destroy(this->providers);
-#endif /* OPENSSL_VERSION_NUMBER */
-
/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we
* can't call it as we couldn't re-initialize the library (as required by the
* unit tests and the Android app) */
@@ -1009,20 +999,16 @@ plugin_t *openssl_plugin_create()
DBG1(DBG_LIB, "unable to load OpenSSL FIPS provider");
return NULL;
}
- array_insert_create(&this->providers, ARRAY_TAIL, fips);
/* explicitly load the base provider containing encoding functions */
- array_insert_create(&this->providers, ARRAY_TAIL,
- OSSL_PROVIDER_load(NULL, "base"));
+ OSSL_PROVIDER_load(NULL, "base");
}
else if (lib->settings->get_bool(lib->settings, "%s.plugins.openssl.load_legacy",
TRUE, lib->ns))
{
/* load the legacy provider for algorithms like MD4, DES, BF etc. */
- array_insert_create(&this->providers, ARRAY_TAIL,
- OSSL_PROVIDER_load(NULL, "legacy"));
+ OSSL_PROVIDER_load(NULL, "legacy");
/* explicitly load the default provider, as mentioned by crypto(7) */
- array_insert_create(&this->providers, ARRAY_TAIL,
- OSSL_PROVIDER_load(NULL, "default"));
+ OSSL_PROVIDER_load(NULL, "default");
}
ossl_provider_names_t data = {};
OSSL_PROVIDER_do_all(NULL, concat_ossl_providers, &data);
Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.c
+++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.c
@@ -32,6 +32,7 @@ ENUM(plugin_feature_names, FEATURE_NONE,
"HASHER",
"PRF",
"XOF",
+ "KDF",
"DRBG",
"DH",
"RNG",
@@ -93,6 +94,9 @@ uint32_t plugin_feature_hash(plugin_feat
case FEATURE_XOF:
data = chunk_from_thing(feature->arg.xof);
break;
+ case FEATURE_KDF:
+ data = chunk_from_thing(feature->arg.kdf);
+ break;
case FEATURE_DRBG:
data = chunk_from_thing(feature->arg.drbg);
break;
@@ -171,6 +175,8 @@ bool plugin_feature_matches(plugin_featu
return a->arg.prf == b->arg.prf;
case FEATURE_XOF:
return a->arg.xof == b->arg.xof;
+ case FEATURE_KDF:
+ return a->arg.kdf == b->arg.kdf;
case FEATURE_DRBG:
return a->arg.drbg == b->arg.drbg;
case FEATURE_DH:
@@ -232,6 +238,7 @@ bool plugin_feature_equals(plugin_featur
case FEATURE_HASHER:
case FEATURE_PRF:
case FEATURE_XOF:
+ case FEATURE_KDF:
case FEATURE_DRBG:
case FEATURE_DH:
case FEATURE_NONCE_GEN:
@@ -327,6 +334,13 @@ char* plugin_feature_get_string(plugin_f
return str;
}
break;
+ case FEATURE_KDF:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ key_derivation_function_names, feature->arg.kdf) > 0)
+ {
+ return str;
+ }
+ break;
case FEATURE_DRBG:
if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
drbg_type_names, feature->arg.drbg) > 0)
@@ -472,6 +486,17 @@ bool plugin_feature_load(plugin_t *plugi
name = plugin->get_name(plugin);
switch (feature->type)
{
+ case FEATURE_NONE:
+ case FEATURE_PRIVKEY_SIGN:
+ case FEATURE_PRIVKEY_DECRYPT:
+ case FEATURE_PUBKEY_VERIFY:
+ case FEATURE_PUBKEY_ENCRYPT:
+ case FEATURE_EAP_SERVER:
+ case FEATURE_EAP_PEER:
+ case FEATURE_XAUTH_SERVER:
+ case FEATURE_XAUTH_PEER:
+ case FEATURE_CUSTOM:
+ break;
case FEATURE_CRYPTER:
lib->crypto->add_crypter(lib->crypto, feature->arg.crypter.alg,
feature->arg.crypter.key_size,
@@ -498,6 +523,10 @@ bool plugin_feature_load(plugin_t *plugi
lib->crypto->add_xof(lib->crypto, feature->arg.xof,
name, reg->arg.reg.f);
break;
+ case FEATURE_KDF:
+ lib->crypto->add_kdf(lib->crypto, feature->arg.kdf,
+ name, reg->arg.reg.f);
+ break;
case FEATURE_DRBG:
lib->crypto->add_drbg(lib->crypto, feature->arg.drbg,
name, reg->arg.reg.f);
@@ -547,8 +576,6 @@ bool plugin_feature_load(plugin_t *plugi
case FEATURE_RESOLVER:
lib->resolver->add_resolver(lib->resolver, reg->arg.reg.f);
break;
- default:
- break;
}
return TRUE;
}
@@ -574,6 +601,17 @@ bool plugin_feature_unload(plugin_t *plu
}
switch (feature->type)
{
+ case FEATURE_NONE:
+ case FEATURE_PRIVKEY_SIGN:
+ case FEATURE_PRIVKEY_DECRYPT:
+ case FEATURE_PUBKEY_VERIFY:
+ case FEATURE_PUBKEY_ENCRYPT:
+ case FEATURE_EAP_SERVER:
+ case FEATURE_EAP_PEER:
+ case FEATURE_XAUTH_SERVER:
+ case FEATURE_XAUTH_PEER:
+ case FEATURE_CUSTOM:
+ break;
case FEATURE_CRYPTER:
lib->crypto->remove_crypter(lib->crypto, reg->arg.reg.f);
break;
@@ -592,6 +630,9 @@ bool plugin_feature_unload(plugin_t *plu
case FEATURE_XOF:
lib->crypto->remove_xof(lib->crypto, reg->arg.reg.f);
break;
+ case FEATURE_KDF:
+ lib->crypto->remove_kdf(lib->crypto, reg->arg.reg.f);
+ break;
case FEATURE_DRBG:
lib->crypto->remove_drbg(lib->crypto, reg->arg.reg.f);
break;
@@ -628,8 +669,6 @@ bool plugin_feature_unload(plugin_t *plu
case FEATURE_RESOLVER:
lib->resolver->remove_resolver(lib->resolver, reg->arg.reg.f);
break;
- default:
- break;
}
return TRUE;
}
Index: strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/plugin_feature.h
+++ strongswan-5.9.5/src/libstrongswan/plugins/plugin_feature.h
@@ -113,6 +113,8 @@ struct plugin_feature_t {
FEATURE_PRF,
/** xof_t */
FEATURE_XOF,
+ /** kdf_t */
+ FEATURE_KDF,
/** drbg_t */
FEATURE_DRBG,
/** diffie_hellman_t */
@@ -176,8 +178,10 @@ struct plugin_feature_t {
integrity_algorithm_t signer;
/** FEATURE_PRF */
pseudo_random_function_t prf;
- /** FEATURE_XOFF */
+ /** FEATURE_XOF */
ext_out_function_t xof;
+ /** FEATURE_KDF */
+ key_derivation_function_t kdf;
/** FEATURE_DRBG */
drbg_type_t drbg;
/** FEATURE_HASHER */
@@ -288,6 +292,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg)
#define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg)
#define _PLUGIN_FEATURE_XOF(kind, alg) __PLUGIN_FEATURE(kind, XOF, .xof = alg)
+#define _PLUGIN_FEATURE_KDF(kind, alg) __PLUGIN_FEATURE(kind, KDF, .kdf = alg)
#define _PLUGIN_FEATURE_DRBG(kind, type) __PLUGIN_FEATURE(kind, DRBG, .drbg = type)
#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group)
#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
@@ -322,6 +327,7 @@ struct plugin_feature_t {
#define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_XOF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_KDF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DRBG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -30,6 +30,8 @@ libstrongswan_test_vectors_la_SOURCES =
test_vectors/cast.c \
test_vectors/des.c \
test_vectors/idea.c \
+ test_vectors/kdf_prf.c \
+ test_vectors/kdf_prf_plus.c \
test_vectors/null.c \
test_vectors/rc2.c \
test_vectors/rc5.c \
Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -220,6 +220,20 @@ TEST_VECTOR_HASHER(sha3_256_255)
TEST_VECTOR_HASHER(sha3_384_255)
TEST_VECTOR_HASHER(sha3_512_255)
+TEST_VECTOR_KDF(prf_sha256_1)
+TEST_VECTOR_KDF(prf_sha256_2)
+TEST_VECTOR_KDF(prf_sha384_1)
+TEST_VECTOR_KDF(prf_sha384_2)
+TEST_VECTOR_KDF(prf_sha512_1)
+TEST_VECTOR_KDF(prf_sha512_2)
+TEST_VECTOR_KDF(prf_plus_sha256_old)
+TEST_VECTOR_KDF(prf_plus_sha256_1)
+TEST_VECTOR_KDF(prf_plus_sha256_2)
+TEST_VECTOR_KDF(prf_plus_sha384_1)
+TEST_VECTOR_KDF(prf_plus_sha384_2)
+TEST_VECTOR_KDF(prf_plus_sha512_1)
+TEST_VECTOR_KDF(prf_plus_sha512_2)
+
TEST_VECTOR_PRF(aes_xcbc_p1)
TEST_VECTOR_PRF(aes_xcbc_p2)
TEST_VECTOR_PRF(aes_xcbc_p3)
Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf.c
@@ -0,0 +1,236 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * The following test vectors are from CAVP/SP 800-135 for IKEv2.
+ *
+ * key = Ni | Nr, salt = g^ir (one vector with min. and one with max. size for
+ * nonces)
+ */
+kdf_test_vector_t prf_sha256_1 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_256,
+ .key = chunk_from_chars(
+ 0xed,0x80,0xdc,0x79,0x91,0x2c,0x32,0xa9,0x35,0xfb,0x6d,0x1a,0x3f,0xea,0xc0,0x78),
+ .salt = chunk_from_chars(
+ 0x42,0x96,0x8e,0x5d,0x0c,0xcc,0x3c,0xfc,0x5a,0x3e,0x4b,0xc1,0xbb,0xa3,0x70,0xce,
+ 0xa1,0xfa,0xe0,0xd5,0x4c,0x49,0xcc,0xba,0x34,0xb2,0xbe,0xe8,0x04,0xbe,0xeb,0x2e,
+ 0x9e,0x8c,0x57,0xa4,0xe0,0x1b,0xd4,0x51,0x02,0xcf,0x24,0x33,0xaa,0xcc,0x6c,0xfe,
+ 0xc0,0x67,0x92,0xf3,0x63,0xe5,0x17,0x0e,0x6a,0xa6,0x65,0x02,0x74,0xe9,0x06,0x64,
+ 0x8e,0x44,0x9d,0x27,0xa8,0xf0,0x0b,0x5b,0x44,0x26,0x19,0x82,0xc9,0x83,0x5c,0x74,
+ 0x8a,0x75,0x1e,0xc5,0x13,0x8e,0xaa,0xcc,0x5e,0x02,0x56,0x61,0x33,0x95,0x38,0xa6,
+ 0x1b,0xf4,0x18,0xe4,0x54,0x69,0x9e,0x19,0xc3,0x2d,0xb8,0xd9,0xce,0x5d,0xd8,0x6b,
+ 0x22,0x0f,0x1e,0x89,0xaf,0xc5,0x87,0x2e,0x68,0xbe,0x36,0xcb,0x1a,0x0c,0x88,0x66),
+ .out = chunk_from_chars(
+ 0x37,0xfd,0xe9,0x0b,0x81,0xd6,0x36,0x92,0x62,0x0f,0x67,0x36,0x7b,0x62,0x09,0x2e,
+ 0x3e,0xfd,0xc6,0xa0,0x35,0x09,0x13,0x7d,0x73,0x10,0x04,0x76,0x7f,0xf3,0x50,0x10),
+};
+
+kdf_test_vector_t prf_sha256_2 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_256,
+ .key = chunk_from_chars(
+ 0xef,0xa7,0x29,0x13,0x18,0x22,0x78,0xff,0xbd,0x14,0xe7,0x89,0x20,0xc0,0x62,0x51,
+ 0x9a,0xba,0xb8,0xc1,0x6e,0x5e,0xd7,0x0c,0x08,0x41,0xa4,0x8c,0xdb,0x98,0x23,0x7e,
+ 0xe9,0x3f,0x73,0x5f,0xb2,0xdf,0x18,0x43,0x58,0xaa,0xdc,0x13,0xd8,0x3f,0x43,0xfe,
+ 0x8d,0x87,0x05,0x17,0x6c,0x8c,0xa3,0x13,0x82,0x5a,0x1b,0xcd,0xf7,0x79,0x11,0xc5,
+ 0x98,0x00,0x16,0x71,0xff,0xbf,0x01,0x4e,0x37,0xa8,0xc0,0x4d,0x49,0xa7,0x83,0x9d,
+ 0xfe,0xa6,0xcd,0xc5,0x87,0x68,0x8d,0x45,0x88,0xfe,0x43,0x23,0x5b,0x71,0x69,0x3f,
+ 0xfd,0x07,0x29,0x33,0x86,0xb6,0xbf,0x4c,0x19,0x9e,0x33,0x61,0x65,0xb2,0x60,0x78,
+ 0x77,0x36,0xf5,0x4b,0xe9,0x5d,0xb6,0x91,0x16,0x38,0x8b,0xc2,0xec,0xa2,0xb3,0xb2,
+ 0x94,0x84,0x71,0x74,0x17,0xbb,0x3c,0x71,0x81,0x4c,0xe1,0x3b,0x84,0x44,0x6d,0xc3,
+ 0x96,0x4c,0x30,0x29,0x84,0xf9,0x77,0x81,0xf6,0x31,0x66,0x24,0x08,0x90,0x10,0x7c,
+ 0x2e,0x75,0x1a,0x00,0x43,0x6f,0x7c,0x3c,0x9f,0xf1,0x27,0x60,0xe4,0x9d,0x91,0x56,
+ 0x3b,0xe6,0x03,0xfd,0x96,0x41,0xa0,0xa6,0x49,0x18,0xa9,0x32,0x91,0xed,0x11,0x3d,
+ 0xb1,0x2f,0x97,0x07,0x60,0x9d,0x17,0x20,0x96,0xeb,0x58,0xf9,0x15,0x44,0x74,0xda,
+ 0x40,0xc1,0xf5,0xc0,0x90,0x3e,0x9c,0xa2,0xf9,0x1b,0xa6,0x60,0x07,0x75,0xdf,0x71,
+ 0x66,0xca,0xf8,0xe3,0x27,0x85,0x9e,0x67,0x62,0x32,0xd3,0x40,0x46,0x04,0x4c,0xee,
+ 0x43,0xf9,0x01,0x9f,0x04,0x68,0x56,0x12,0x63,0x5b,0x99,0xcb,0xeb,0xcb,0x36,0x3d,
+ 0x56,0x5e,0xaf,0x0e,0x54,0x7e,0xec,0xb9,0x41,0xc9,0x94,0xdf,0xd4,0x71,0xed,0x56,
+ 0x43,0xc0,0x87,0x74,0x4f,0x77,0x09,0xcc,0x3e,0x25,0x10,0xf2,0x74,0x26,0xc6,0x2c,
+ 0x0f,0xf3,0xac,0xb3,0xc2,0x76,0x61,0xd2,0x6a,0x6d,0x83,0xc2,0xa2,0x5e,0x13,0xa6,
+ 0xd4,0x65,0xbd,0x04,0x7f,0x90,0x55,0x00,0xe5,0xeb,0xbe,0x42,0x66,0x43,0x0d,0x56,
+ 0x67,0x14,0x0f,0x77,0xe7,0x97,0x71,0x2a,0x8c,0x8f,0x63,0xc5,0x83,0xf4,0xb4,0x64,
+ 0x9b,0x72,0x89,0x9e,0xa3,0x4a,0xbf,0xdb,0x17,0x61,0x7c,0x46,0x0c,0x35,0xf2,0x50,
+ 0x64,0x94,0x49,0x4f,0x22,0x3e,0x25,0x1a,0xc7,0x1a,0x5b,0x9b,0x7e,0xea,0x87,0xf4,
+ 0xf5,0xe3,0x33,0xa3,0xc1,0xbb,0xb4,0xbb,0x09,0x25,0x8b,0x6a,0x4b,0x5f,0x8c,0x9f,
+ 0xb8,0x2b,0xf4,0x2d,0xa9,0xd4,0xa4,0x65,0x43,0xc6,0xa9,0xeb,0x9a,0xa3,0x0e,0xa9,
+ 0xda,0x80,0x19,0x15,0xab,0xcc,0x17,0x12,0xd0,0x82,0xf2,0x92,0xa6,0x3f,0xd9,0xaf,
+ 0x71,0x54,0xa9,0x7c,0xc7,0x38,0x59,0xa4,0xbe,0x3c,0xba,0x35,0x9d,0x32,0x18,0x00,
+ 0x4e,0x14,0xdf,0x02,0xd0,0x9e,0xdf,0x0a,0xd5,0x79,0x6b,0xb0,0x10,0x99,0x52,0x93,
+ 0xab,0x5d,0x04,0x2c,0x31,0x05,0x53,0x80,0xcc,0x9c,0xb2,0xe3,0x61,0x79,0x82,0xc4,
+ 0x5f,0x6b,0xce,0x1f,0xb8,0xa4,0x0e,0xf9,0xea,0xc4,0x8a,0xe1,0x77,0x20,0xdf,0xec,
+ 0xc7,0x1e,0xc8,0x57,0xea,0x33,0xf3,0x2e,0xb3,0x46,0xba,0x60,0x36,0xe8,0xf9,0xcc,
+ 0xd7,0xbc,0xad,0xc6,0xc1,0xab,0x92,0xa8,0x0c,0x57,0xe7,0x89,0x59,0xd8,0xb8,0x28),
+ .salt = chunk_from_chars(
+ 0xb0,0x70,0x20,0x8f,0x89,0x47,0xdf,0x4f,0x7d,0x12,0x76,0x16,0x1f,0x40,0x7f,0x7b,
+ 0x7f,0x5c,0x4a,0x49,0xac,0x79,0xf0,0xcc,0x0c,0x7d,0x4e,0x28,0x48,0x4c,0x6f,0x85,
+ 0x84,0xf0,0x00,0x7b,0x9b,0xf0,0xe0,0x5f,0xdb,0x59,0x61,0xa1,0x7d,0x3a,0xa8,0x5c,
+ 0x6e,0x3f,0x55,0x71,0x29,0x6a,0x43,0xba,0x89,0x6c,0xdc,0x88,0xc1,0xa4,0x45,0x7f,
+ 0xb1,0x2c,0xbe,0x56,0xca,0x4a,0x20,0xc9,0xa7,0xe1,0x9a,0xdc,0x67,0x45,0x3c,0x4a,
+ 0xde,0x53,0x9e,0x25,0x9f,0x82,0x5f,0xf9,0x4c,0x9a,0x83,0xf8,0x39,0x60,0x2f,0x86,
+ 0x51,0xc9,0x27,0x6d,0x8e,0x44,0x4e,0xcb,0x95,0xa0,0x54,0x0e,0xe7,0xea,0x32,0x20,
+ 0xa9,0x22,0x34,0x5e,0xd9,0x9e,0xf7,0xe7,0xad,0x32,0xb1,0x9d,0x46,0x10,0xe9,0xef),
+ .out = chunk_from_chars(
+ 0x29,0xbd,0x11,0x55,0x68,0xae,0x09,0x88,0x27,0x0f,0xc3,0x86,0xd3,0x95,0xfe,0x37,
+ 0x07,0xa4,0xd0,0x62,0x89,0xf3,0x52,0xbb,0xa4,0xc0,0x0a,0x9a,0xd8,0x55,0xa0,0x8d),
+};
+
+kdf_test_vector_t prf_sha384_1 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_384,
+ .key = chunk_from_chars(
+ 0xd6,0x72,0xb0,0xbc,0x85,0x28,0x29,0xb9,0x35,0x09,0xf3,0xb7,0x24,0x70,0x63,0x64),
+ .salt = chunk_from_chars(
+ 0x4d,0xf0,0x40,0xb7,0x09,0x78,0x62,0x9c,0x49,0x43,0x7c,0xff,0x41,0xa0,0xd4,0x6c,
+ 0xbe,0xa6,0x8c,0x8d,0x75,0xb3,0x70,0xff,0xc1,0x1d,0x7b,0x38,0x71,0x44,0xea,0x83,
+ 0xbb,0x59,0x03,0xfb,0xb9,0x2e,0x47,0x3d,0xf5,0x0a,0x9b,0x19,0xea,0x43,0xe9,0xc2,
+ 0xf3,0xda,0x9a,0x84,0x9c,0x03,0x86,0x42,0x76,0xc6,0xf2,0x64,0xec,0xf0,0x2a,0x60,
+ 0xd4,0x0b,0xa6,0x5c,0x06,0x65,0x6b,0x63,0x3f,0x02,0xa8,0x74,0x27,0xe9,0x28,0xeb,
+ 0x66,0xa2,0xda,0xbd,0x9d,0xc0,0x57,0x44,0x71,0x7b,0xca,0xf7,0xae,0x78,0xc2,0x96,
+ 0x87,0x2f,0x5c,0x48,0xd1,0xa8,0x12,0x0c,0x21,0x55,0xb7,0x0c,0x56,0x5c,0xe2,0x71,
+ 0x99,0x8e,0x3e,0x44,0xaf,0x26,0x3d,0x48,0x7e,0xa3,0xba,0x7f,0x56,0x13,0x2d,0x7d),
+ .out = chunk_from_chars(
+ 0x54,0x43,0x6a,0x9e,0xa9,0x5d,0x6f,0xf7,0x9b,0x96,0x7f,0x4b,0x07,0xf6,0xde,0x97,
+ 0x6a,0x37,0x6e,0x8e,0xa2,0x6a,0xa9,0x57,0x47,0x09,0xaf,0xc6,0x02,0x43,0xc9,0xc1,
+ 0x41,0xda,0x4c,0xa0,0xe1,0x58,0xe6,0x27,0xa7,0x5e,0xa8,0x7f,0x6f,0xeb,0x07,0xef),
+};
+
+kdf_test_vector_t prf_sha384_2 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_384,
+ .key = chunk_from_chars(
+ 0x9e,0x2a,0x62,0xf9,0x36,0x28,0x93,0xdd,0xf8,0x47,0x16,0xfe,0xc2,0xf2,0x3f,0x9d,
+ 0xcb,0xd9,0x01,0x0d,0xf6,0xfe,0x9e,0x0e,0xb4,0x6d,0x03,0xd9,0x14,0xf3,0x04,0xd8,
+ 0xfe,0x4d,0x3e,0xe2,0xd6,0xa0,0x3b,0x40,0xe5,0x6a,0x32,0x5e,0x82,0x2a,0x17,0x36,
+ 0x19,0x29,0x18,0x4a,0xde,0x09,0xea,0xa4,0x45,0x27,0x8d,0x38,0x70,0x41,0x7a,0x7c,
+ 0xf5,0x65,0x58,0x4f,0x57,0x2a,0xd3,0x4f,0xf7,0x2b,0xc7,0x78,0x1a,0x39,0xa4,0x8b,
+ 0x54,0xb5,0x5d,0x6e,0xb0,0xed,0x68,0x55,0x1b,0x22,0x2c,0x7a,0xfa,0xda,0x0b,0xc8,
+ 0x22,0x36,0xec,0x31,0xce,0x6c,0x04,0x6b,0x3b,0x2e,0xdb,0x2d,0xef,0x61,0xf4,0xd2,
+ 0xd8,0x57,0xb2,0xd1,0xcb,0x36,0x96,0xc0,0x23,0xe0,0x8c,0x08,0xd6,0xab,0xd0,0x4d,
+ 0x4f,0x69,0x09,0x2b,0x14,0x58,0x37,0x35,0xb9,0xe9,0x18,0xae,0xe5,0xa3,0x99,0x9d,
+ 0xcb,0xf5,0x8f,0xda,0xd6,0xfc,0xd4,0x7c,0x95,0x92,0x98,0x77,0x03,0x0e,0x54,0xb7,
+ 0x08,0x23,0x5f,0x2a,0x2e,0x11,0xe7,0xc5,0x85,0x84,0x61,0x9a,0xa2,0xfa,0x69,0x31,
+ 0x53,0x44,0xd3,0x65,0x7b,0x55,0x72,0x0a,0x25,0xeb,0xe8,0x8e,0xa0,0x77,0x69,0x72,
+ 0xc9,0xe2,0x24,0x69,0xb7,0xed,0x5d,0xa9,0x6b,0x3c,0x76,0x85,0xf7,0xb0,0x56,0x99,
+ 0x60,0xbd,0x64,0x4f,0x13,0x0b,0x44,0xa0,0xd5,0x51,0xbb,0x0e,0x90,0x2e,0xd6,0x8a,
+ 0xb3,0x84,0xfd,0xc2,0xfa,0xca,0xf7,0x9b,0xbf,0x8d,0x6d,0x37,0x36,0xdf,0xa9,0x52,
+ 0xcd,0x70,0xf4,0x74,0x6f,0x1a,0x4a,0xea,0xc2,0xbd,0xbe,0xca,0x97,0xb7,0x8f,0xc1,
+ 0x77,0x78,0x78,0xc1,0x28,0x59,0x43,0x35,0x52,0xa7,0x7d,0x7f,0x94,0x2e,0x5b,0x60,
+ 0x47,0x69,0x91,0xa1,0xe3,0xd0,0x42,0x7c,0xd6,0x77,0x34,0x5a,0x1c,0xe2,0x06,0x3a,
+ 0x2e,0x0e,0xc5,0x47,0xa9,0xd8,0x21,0xda,0x75,0x9f,0x1a,0x91,0xb5,0x88,0x17,0xbd,
+ 0x0d,0xc4,0xef,0xfc,0x12,0x6f,0x6f,0x4e,0xb0,0xb9,0x11,0xe9,0x04,0xed,0x21,0xdc,
+ 0x43,0x9d,0x65,0x8a,0x77,0x3f,0x97,0xe1,0x79,0xad,0x20,0xbc,0x3c,0x63,0x60,0x9f,
+ 0x28,0x74,0x06,0x2e,0x83,0x5f,0x6a,0xe0,0x8d,0x59,0x65,0x4f,0x9c,0x88,0x61,0xe5,
+ 0x27,0x03,0x9e,0xea,0xc3,0x2b,0x9e,0xed,0x29,0x3b,0xd8,0xb1,0xe0,0xe7,0xc6,0x7b,
+ 0xf1,0xd7,0x55,0x24,0x6a,0x1b,0x06,0x3f,0xf0,0x06,0x32,0xa4,0x6d,0xd5,0xcf,0x69,
+ 0x48,0xf0,0xee,0xd9,0xb6,0x5c,0x59,0x39,0xdf,0xd2,0x14,0x80,0xa6,0x3d,0xf0,0xca,
+ 0xb0,0xa7,0x50,0x9c,0x42,0x45,0xa1,0xbe,0x75,0x47,0xcc,0xc6,0xf7,0x3c,0x72,0x4b,
+ 0x48,0xb7,0x86,0x70,0x12,0xe0,0xca,0x3e,0x47,0x2e,0x0d,0x55,0x06,0x49,0xa7,0x34,
+ 0x44,0x0f,0xef,0xfc,0x8e,0x73,0x68,0x2c,0xb6,0x04,0x53,0xe7,0xa4,0x7e,0x72,0xfe,
+ 0x08,0x74,0xeb,0x40,0xac,0xd0,0xd4,0x8e,0x4e,0x57,0x19,0x74,0x16,0x11,0x2b,0xcd,
+ 0xc8,0xbb,0x7a,0x58,0xbe,0xa7,0x45,0xfd,0xd6,0x4c,0x16,0xf6,0x66,0xc8,0x8d,0x9e,
+ 0x3b,0xd2,0x35,0xb1,0x37,0x20,0x6f,0x6c,0xdb,0xa1,0x90,0xbe,0x65,0xec,0x03,0x3c,
+ 0x19,0x1f,0x67,0x6b,0x42,0x8e,0xc1,0x20,0x5d,0xc5,0xe9,0x45,0x82,0x85,0x08,0xd8),
+ .salt = chunk_from_chars(
+ 0xae,0x50,0x50,0x82,0xac,0x47,0xff,0x9a,0xa3,0x54,0xb7,0xaf,0x2b,0x07,0x2c,0xb4,
+ 0x9c,0xec,0x83,0x8d,0x00,0xee,0x36,0x13,0x88,0x1a,0x99,0x77,0xb2,0x15,0x95,0x99,
+ 0xa0,0x24,0x95,0xf0,0xe5,0x2d,0x96,0x1a,0x51,0x6c,0x6b,0xb6,0x1e,0xd0,0x3a,0x86,
+ 0x37,0xbb,0x50,0x7c,0x5c,0x27,0xba,0xb5,0x8d,0xf1,0x54,0xe8,0xe5,0x01,0x48,0x21,
+ 0x84,0x0c,0xfc,0x50,0xb3,0xa4,0x78,0xb4,0x5d,0xd1,0x68,0xeb,0x18,0x0d,0x69,0xcb,
+ 0xa6,0x1a,0x1b,0x42,0x59,0x19,0x3a,0x51,0xa7,0xa4,0x95,0xc9,0x58,0x05,0x38,0x2e,
+ 0x3a,0xbf,0x55,0x87,0x68,0x8f,0x34,0xb6,0x3f,0x71,0x16,0x39,0x82,0xde,0x3d,0xdf,
+ 0x7f,0x26,0x3b,0xb6,0x9f,0x65,0xc3,0xec,0xae,0x61,0x65,0xbf,0x7f,0xdd,0x53,0x17),
+ .out = chunk_from_chars(
+ 0xff,0x66,0xe9,0xd0,0x92,0xdc,0x01,0xe0,0xb8,0x1f,0x93,0x9f,0x52,0xf5,0xc0,0x7d,
+ 0x38,0xd8,0x05,0xb9,0x86,0x28,0xce,0x1a,0xc5,0xfe,0x94,0xc0,0x98,0x57,0x76,0x47,
+ 0x33,0x9f,0xad,0x68,0x94,0x1f,0xfe,0x21,0xe0,0x1e,0xfb,0x4e,0x70,0x50,0x21,0x3b),
+};
+
+kdf_test_vector_t prf_sha512_1 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_512,
+ .key = chunk_from_chars(
+ 0xdf,0x79,0x31,0xdb,0x9b,0x42,0x9e,0x10,0xb8,0xaa,0x8e,0x4d,0x46,0x04,0x23,0x93),
+ .salt = chunk_from_chars(
+ 0x1e,0x3b,0x00,0x7d,0x2d,0xa9,0x13,0xca,0x60,0xec,0xc9,0x8c,0x25,0xa2,0x2d,0xb0,
+ 0x80,0x73,0xd5,0xc3,0x5c,0x11,0xb2,0x52,0x4b,0x29,0x8a,0x92,0x2b,0x6a,0xbf,0xe6,
+ 0xac,0xf7,0x35,0x9d,0xb6,0x6a,0xe5,0xf8,0x5d,0x67,0xaa,0xcf,0xf6,0x86,0x41,0x9c,
+ 0xd8,0x66,0x6d,0x05,0xae,0x79,0x77,0xce,0xfa,0xd7,0xf5,0x4d,0xd8,0xe3,0x12,0xa8,
+ 0xe8,0xe5,0xe0,0x37,0x0f,0x88,0x14,0x2f,0xbd,0xd6,0x59,0xdd,0x6f,0xde,0x22,0xbd,
+ 0xd5,0x31,0xf5,0x40,0x28,0x81,0xa8,0xde,0x85,0xc1,0x02,0x4e,0x59,0x5e,0xc9,0x3c,
+ 0x57,0x56,0x18,0xaf,0x7f,0xd3,0xdb,0xac,0x79,0x82,0x91,0x90,0x78,0xd7,0x1c,0xc1,
+ 0x3e,0xff,0x19,0x10,0xa0,0x32,0x75,0x0e,0x1f,0xf4,0x28,0x67,0x5d,0xe1,0x89,0xee),
+ .out = chunk_from_chars(
+ 0xda,0xf9,0xbd,0x6f,0x2f,0x91,0x2d,0xa5,0x53,0x86,0x79,0x66,0xaf,0x38,0x6e,0x67,
+ 0x90,0x9a,0x8d,0xf0,0xca,0x7e,0x84,0xb8,0x3b,0x35,0x5c,0xb7,0xd7,0xf1,0x02,0x6f,
+ 0x17,0xd8,0xea,0x34,0xb5,0xd5,0x7f,0xd0,0xd1,0xba,0x38,0x95,0x28,0xfc,0xa1,0xe8,
+ 0x1d,0x1c,0x8c,0xe5,0x11,0xb2,0x8a,0x24,0x58,0x24,0x11,0x43,0xfe,0xe3,0x0c,0xcc),
+};
+
+kdf_test_vector_t prf_sha512_2 = {
+ .alg = KDF_PRF, .arg.prf = PRF_HMAC_SHA2_512,
+ .key = chunk_from_chars(
+ 0xd8,0x96,0x84,0xe3,0xcb,0x17,0xf3,0xaa,0xbd,0x85,0x3a,0x78,0xdb,0x3e,0xcd,0x5a,
+ 0xac,0xc1,0xed,0x71,0xc7,0x0b,0x88,0xa2,0x97,0x56,0xf4,0x6f,0xc7,0x19,0x7c,0x80,
+ 0x4e,0xc0,0x01,0x54,0x40,0x02,0xa8,0xae,0xa3,0x60,0x68,0x4b,0x18,0x00,0x6d,0xef,
+ 0x0d,0xbd,0x86,0x33,0xb1,0x01,0x9f,0xbc,0xfa,0x85,0xb9,0x4c,0xac,0x2b,0xb8,0x21,
+ 0x25,0x84,0xbe,0x62,0xad,0xab,0x0e,0xe4,0xbb,0x8a,0x36,0xae,0xe2,0x52,0x75,0xef,
+ 0x07,0x13,0x90,0x48,0x0e,0xef,0xa2,0x09,0x2e,0xb3,0x08,0xaa,0x73,0x37,0xc5,0xce,
+ 0xb6,0x06,0x9a,0xb6,0x90,0xe8,0x96,0x2f,0xbf,0xe0,0x98,0x6e,0x4f,0x5c,0x18,0xf4,
+ 0x86,0x86,0x1e,0xd3,0xf1,0xdc,0xbe,0xe4,0xc9,0xe4,0xa7,0x66,0x9d,0x74,0x0c,0xa2,
+ 0xb0,0xe8,0xed,0x40,0x31,0xb0,0xa4,0x99,0xdc,0x31,0x5c,0xed,0xe7,0xef,0x03,0x39,
+ 0x9c,0xbc,0x33,0xdc,0xd6,0x29,0x70,0x34,0x9f,0x12,0x20,0x88,0x1b,0x55,0x45,0x2e,
+ 0x0c,0x6c,0x9b,0x52,0xa8,0x8b,0x67,0xf5,0x97,0x58,0x67,0x95,0xb2,0x25,0x70,0x73,
+ 0x3f,0xd4,0xff,0x2c,0xc2,0xad,0x93,0x1d,0x83,0x30,0x16,0x5a,0x9e,0x45,0x0e,0x38,
+ 0x88,0x59,0xce,0x62,0x4f,0x01,0xdb,0x17,0xc2,0x50,0x2b,0x4e,0x66,0xad,0xf9,0x65,
+ 0x27,0x36,0x3d,0x6f,0x90,0x6b,0x20,0x23,0xe8,0xed,0x74,0xd5,0xaf,0x0a,0xa6,0x02,
+ 0x46,0xb0,0xb9,0x2f,0x49,0xc4,0x93,0x3e,0xf3,0x12,0xf8,0xa2,0x54,0x34,0xee,0x96,
+ 0x98,0xd6,0xd9,0x20,0x43,0x45,0xbd,0x10,0xbb,0x11,0xaa,0x39,0x86,0x56,0x16,0xd5,
+ 0xad,0x1b,0x57,0x44,0x70,0x6c,0xfd,0x4e,0xa1,0x40,0x8e,0x20,0xc8,0xfd,0xcf,0x85,
+ 0x51,0xee,0xe8,0x81,0x4b,0x7b,0x37,0x33,0x0b,0x05,0x26,0xf0,0xbc,0x5e,0xe1,0x5d,
+ 0x4e,0xcd,0xa7,0xa1,0xbd,0x25,0xaa,0x97,0xf2,0x45,0x84,0xd8,0x5d,0x3f,0x52,0x49,
+ 0x69,0x4b,0x9f,0x43,0x53,0x9e,0x69,0xea,0x35,0xbf,0xe7,0xfd,0x44,0x07,0xbc,0x8e,
+ 0x9d,0xca,0x8a,0x9f,0xae,0x4b,0xdc,0x6b,0x7b,0xb3,0x8c,0x6d,0x68,0xf8,0x99,0xe1,
+ 0xd3,0x2c,0x85,0xbc,0xd6,0x17,0xa5,0x67,0x67,0x8c,0xf8,0x5d,0x22,0x17,0xa4,0xe8,
+ 0x6a,0x75,0x56,0x24,0xb6,0x40,0x02,0x35,0x4c,0x02,0x68,0x42,0xbc,0x95,0x42,0x49,
+ 0x1a,0xf1,0xc3,0xd6,0x29,0x09,0x70,0x55,0x9a,0xf1,0x1b,0xdc,0x2c,0x83,0xb5,0x4c,
+ 0x74,0x14,0x49,0x05,0xc0,0xa3,0x58,0xf3,0x15,0x3d,0xb7,0x67,0xa5,0xda,0x2a,0x86,
+ 0x27,0xf6,0x96,0x27,0xe1,0xd4,0x1e,0xde,0x9c,0x90,0x7c,0x79,0xb5,0x1f,0xf8,0x15,
+ 0xe4,0x64,0x5c,0x33,0x75,0xe0,0xf6,0x3f,0x84,0xfc,0xf5,0xd7,0xc3,0x40,0x7a,0x1d,
+ 0xd6,0x83,0x9e,0x19,0x06,0xa1,0xe3,0x80,0x2c,0xcf,0x5e,0x82,0x30,0xd9,0x5c,0xf4,
+ 0xb8,0x27,0xb4,0x1c,0x48,0x34,0x25,0xa8,0xa6,0x0b,0xfa,0x51,0x89,0xda,0xc4,0x38,
+ 0x06,0x0f,0x2f,0x5c,0xd5,0x26,0x66,0x2f,0x29,0x06,0xc1,0xdd,0x64,0xf4,0x84,0x4e,
+ 0x94,0x2c,0xa8,0x4d,0xae,0xce,0x6d,0xd7,0xbb,0xf7,0x19,0x4d,0x8c,0xe5,0x6b,0xc2,
+ 0x83,0x10,0x85,0xa7,0xd3,0x10,0xe4,0x94,0x4c,0xfa,0xe7,0x62,0x60,0xaa,0xbf,0x6b),
+ .salt = chunk_from_chars(
+ 0x9c,0xb4,0xbf,0x24,0x46,0x17,0x0a,0xc3,0x81,0x02,0x52,0x66,0xa1,0xa4,0xb8,0x65,
+ 0x13,0xdf,0x60,0xea,0x7d,0x07,0xb1,0xb2,0x13,0x9d,0x78,0xf3,0x31,0xef,0x7e,0xb7,
+ 0xbe,0x8b,0x15,0xd8,0x6c,0xd8,0x5e,0x2a,0x6a,0x34,0xa5,0x58,0x69,0xf8,0xdc,0xc9,
+ 0x75,0x4f,0x49,0x69,0x73,0x31,0xb9,0xb6,0x50,0xce,0x25,0x6e,0xdb,0x33,0x71,0xa9,
+ 0x4b,0x7c,0x2a,0x13,0x2f,0x2f,0xc9,0x9d,0x22,0x30,0x37,0x17,0xc3,0x67,0x39,0xd1,
+ 0x7c,0x0e,0x97,0x18,0xd7,0xc0,0x52,0xe7,0xab,0x4d,0x48,0x58,0xad,0xeb,0x9b,0x8b,
+ 0x4d,0x33,0x03,0xa9,0xe1,0xb6,0xbe,0xf2,0x9f,0x03,0x03,0x5b,0xee,0xd0,0x71,0xd3,
+ 0xbb,0x81,0x0d,0x85,0x39,0x71,0xa7,0x48,0xc5,0x6c,0x59,0xe0,0xba,0xfb,0x9b,0x5a),
+ .out = chunk_from_chars(
+ 0xe5,0x70,0xe7,0x48,0x46,0x34,0x30,0x0d,0x7a,0xdd,0xf5,0xa8,0x52,0x7c,0x13,0x8b,
+ 0x76,0x96,0xdb,0xc3,0xd8,0xbe,0x09,0x69,0xb7,0x52,0x15,0x31,0x8a,0x11,0xad,0xa2,
+ 0x13,0x53,0x8f,0x62,0x93,0xb0,0xee,0xe5,0xb3,0x09,0xad,0x8f,0x5d,0x8d,0x94,0xdb,
+ 0xe5,0x73,0x61,0x27,0xe0,0xd2,0x56,0x0f,0x28,0x1c,0x9c,0x58,0x6b,0xf7,0xc8,0x6f),
+};
Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors/kdf_prf_plus.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * This is an old test vector derived from one in RFC 4868.
+ */
+kdf_test_vector_t prf_plus_sha256_old = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256,
+ .key = chunk_from_chars(
+ 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+ 0x0b,0x0b,0x0b,0x0b),
+ .salt = chunk_from_chars(
+ 0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65),
+ .out = chunk_from_chars(
+ 0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7,0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05,
+ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72,0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32,
+ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a,0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6,
+ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6,0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90,
+ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa,
+ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb,
+ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f,
+ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f),
+};
+
+/**
+ * The following test vectors are from CAVP/SP 800-135 for IKEv2.
+ *
+ * key = SKEYSEED, salt = Ni | Nr | SPIi | SPIr (one vector with min. and one
+ * with max. size for nonces)
+ */
+kdf_test_vector_t prf_plus_sha256_1 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256,
+ .key = chunk_from_chars(
+ 0x37,0xfd,0xe9,0x0b,0x81,0xd6,0x36,0x92,0x62,0x0f,0x67,0x36,0x7b,0x62,0x09,0x2e,
+ 0x3e,0xfd,0xc6,0xa0,0x35,0x09,0x13,0x7d,0x73,0x10,0x04,0x76,0x7f,0xf3,0x50,0x10),
+ .salt = chunk_from_chars(
+ 0xed,0x80,0xdc,0x79,0x91,0x2c,0x32,0xa9,0x35,0xfb,0x6d,0x1a,0x3f,0xea,0xc0,0x78,
+ 0x47,0xc1,0x85,0x8e,0xfc,0x93,0x2e,0xa4,0x60,0x6f,0xd0,0x56,0x09,0x62,0x40,0x02),
+ .out = chunk_from_chars(
+ 0x63,0xd0,0x18,0xa0,0x8f,0x7a,0x29,0xda,0xa7,0xd1,0xf9,0x2c,0xb6,0x3f,0x45,0xfa,
+ 0x39,0xbb,0xaf,0x5e,0x5f,0x1a,0x78,0x13,0x96,0x13,0xbb,0x89,0x1e,0x3e,0x6b,0xf9,
+ 0xd0,0x44,0x8f,0x7c,0x74,0xe0,0x5b,0x4c,0x1a,0x25,0xc0,0xb6,0x1e,0x62,0xc8,0x75,
+ 0xe8,0x52,0xf2,0x87,0xe1,0x92,0xd4,0xae,0x53,0x61,0x12,0xdb,0x51,0x97,0x21,0x64,
+ 0x00,0xbd,0x5e,0x12,0x34,0x70,0xef,0xc1,0x5f,0x53,0x16,0x18,0x65,0xfe,0x8b,0x19,
+ 0xa1,0x41,0x65,0x18,0xa1,0x57,0xd6,0x51,0xec,0xd2,0xca,0xdd,0xab,0x6a,0x9e,0xae,
+ 0x6a,0x27,0xa5,0x5a,0xf0,0x88,0x21,0x8d,0x51,0x56,0xed,0xaa,0x97,0x89,0xf9,0x34,
+ 0xd9,0x83,0x6e,0xd4,0x3e,0xdf,0xfd,0xa5,0x53,0x82,0x22,0x02,0xff,0x9f,0x7d,0x48,
+ 0x60,0xca,0x72,0xe0),
+};
+
+kdf_test_vector_t prf_plus_sha256_2 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_256,
+ .key = chunk_from_chars(
+ 0x29,0xbd,0x11,0x55,0x68,0xae,0x09,0x88,0x27,0x0f,0xc3,0x86,0xd3,0x95,0xfe,0x37,
+ 0x07,0xa4,0xd0,0x62,0x89,0xf3,0x52,0xbb,0xa4,0xc0,0x0a,0x9a,0xd8,0x55,0xa0,0x8d),
+ .salt = chunk_from_chars(
+ 0xef,0xa7,0x29,0x13,0x18,0x22,0x78,0xff,0xbd,0x14,0xe7,0x89,0x20,0xc0,0x62,0x51,
+ 0x9a,0xba,0xb8,0xc1,0x6e,0x5e,0xd7,0x0c,0x08,0x41,0xa4,0x8c,0xdb,0x98,0x23,0x7e,
+ 0xe9,0x3f,0x73,0x5f,0xb2,0xdf,0x18,0x43,0x58,0xaa,0xdc,0x13,0xd8,0x3f,0x43,0xfe,
+ 0x8d,0x87,0x05,0x17,0x6c,0x8c,0xa3,0x13,0x82,0x5a,0x1b,0xcd,0xf7,0x79,0x11,0xc5,
+ 0x98,0x00,0x16,0x71,0xff,0xbf,0x01,0x4e,0x37,0xa8,0xc0,0x4d,0x49,0xa7,0x83,0x9d,
+ 0xfe,0xa6,0xcd,0xc5,0x87,0x68,0x8d,0x45,0x88,0xfe,0x43,0x23,0x5b,0x71,0x69,0x3f,
+ 0xfd,0x07,0x29,0x33,0x86,0xb6,0xbf,0x4c,0x19,0x9e,0x33,0x61,0x65,0xb2,0x60,0x78,
+ 0x77,0x36,0xf5,0x4b,0xe9,0x5d,0xb6,0x91,0x16,0x38,0x8b,0xc2,0xec,0xa2,0xb3,0xb2,
+ 0x94,0x84,0x71,0x74,0x17,0xbb,0x3c,0x71,0x81,0x4c,0xe1,0x3b,0x84,0x44,0x6d,0xc3,
+ 0x96,0x4c,0x30,0x29,0x84,0xf9,0x77,0x81,0xf6,0x31,0x66,0x24,0x08,0x90,0x10,0x7c,
+ 0x2e,0x75,0x1a,0x00,0x43,0x6f,0x7c,0x3c,0x9f,0xf1,0x27,0x60,0xe4,0x9d,0x91,0x56,
+ 0x3b,0xe6,0x03,0xfd,0x96,0x41,0xa0,0xa6,0x49,0x18,0xa9,0x32,0x91,0xed,0x11,0x3d,
+ 0xb1,0x2f,0x97,0x07,0x60,0x9d,0x17,0x20,0x96,0xeb,0x58,0xf9,0x15,0x44,0x74,0xda,
+ 0x40,0xc1,0xf5,0xc0,0x90,0x3e,0x9c,0xa2,0xf9,0x1b,0xa6,0x60,0x07,0x75,0xdf,0x71,
+ 0x66,0xca,0xf8,0xe3,0x27,0x85,0x9e,0x67,0x62,0x32,0xd3,0x40,0x46,0x04,0x4c,0xee,
+ 0x43,0xf9,0x01,0x9f,0x04,0x68,0x56,0x12,0x63,0x5b,0x99,0xcb,0xeb,0xcb,0x36,0x3d,
+ 0x56,0x5e,0xaf,0x0e,0x54,0x7e,0xec,0xb9,0x41,0xc9,0x94,0xdf,0xd4,0x71,0xed,0x56,
+ 0x43,0xc0,0x87,0x74,0x4f,0x77,0x09,0xcc,0x3e,0x25,0x10,0xf2,0x74,0x26,0xc6,0x2c,
+ 0x0f,0xf3,0xac,0xb3,0xc2,0x76,0x61,0xd2,0x6a,0x6d,0x83,0xc2,0xa2,0x5e,0x13,0xa6,
+ 0xd4,0x65,0xbd,0x04,0x7f,0x90,0x55,0x00,0xe5,0xeb,0xbe,0x42,0x66,0x43,0x0d,0x56,
+ 0x67,0x14,0x0f,0x77,0xe7,0x97,0x71,0x2a,0x8c,0x8f,0x63,0xc5,0x83,0xf4,0xb4,0x64,
+ 0x9b,0x72,0x89,0x9e,0xa3,0x4a,0xbf,0xdb,0x17,0x61,0x7c,0x46,0x0c,0x35,0xf2,0x50,
+ 0x64,0x94,0x49,0x4f,0x22,0x3e,0x25,0x1a,0xc7,0x1a,0x5b,0x9b,0x7e,0xea,0x87,0xf4,
+ 0xf5,0xe3,0x33,0xa3,0xc1,0xbb,0xb4,0xbb,0x09,0x25,0x8b,0x6a,0x4b,0x5f,0x8c,0x9f,
+ 0xb8,0x2b,0xf4,0x2d,0xa9,0xd4,0xa4,0x65,0x43,0xc6,0xa9,0xeb,0x9a,0xa3,0x0e,0xa9,
+ 0xda,0x80,0x19,0x15,0xab,0xcc,0x17,0x12,0xd0,0x82,0xf2,0x92,0xa6,0x3f,0xd9,0xaf,
+ 0x71,0x54,0xa9,0x7c,0xc7,0x38,0x59,0xa4,0xbe,0x3c,0xba,0x35,0x9d,0x32,0x18,0x00,
+ 0x4e,0x14,0xdf,0x02,0xd0,0x9e,0xdf,0x0a,0xd5,0x79,0x6b,0xb0,0x10,0x99,0x52,0x93,
+ 0xab,0x5d,0x04,0x2c,0x31,0x05,0x53,0x80,0xcc,0x9c,0xb2,0xe3,0x61,0x79,0x82,0xc4,
+ 0x5f,0x6b,0xce,0x1f,0xb8,0xa4,0x0e,0xf9,0xea,0xc4,0x8a,0xe1,0x77,0x20,0xdf,0xec,
+ 0xc7,0x1e,0xc8,0x57,0xea,0x33,0xf3,0x2e,0xb3,0x46,0xba,0x60,0x36,0xe8,0xf9,0xcc,
+ 0xd7,0xbc,0xad,0xc6,0xc1,0xab,0x92,0xa8,0x0c,0x57,0xe7,0x89,0x59,0xd8,0xb8,0x28,
+ 0x57,0xe9,0x1d,0xf9,0xc5,0xff,0xb8,0x42,0x4d,0x5e,0xad,0xac,0x0e,0x57,0x0f,0x7c),
+ .out = chunk_from_chars(
+ 0xd5,0x03,0x3d,0x08,0x79,0x34,0xc6,0x15,0x38,0xb2,0x3d,0xff,0x87,0x5b,0x3b,0xa9,
+ 0x20,0xe0,0x5c,0x1b,0x42,0xac,0x7f,0x97,0x93,0x99,0x5e,0x76,0xba,0x3e,0x46,0x1d,
+ 0x6e,0x83,0xb2,0xfb,0xe0,0xfa,0x68,0x1b,0xa2,0x85,0x69,0x6d,0x53,0xb1,0x75,0xe0,
+ 0x70,0xc4,0xc1,0xcb,0xc7,0x40,0x43,0xf7,0xca,0xc5,0x58,0xc4,0x94,0xac,0xd2,0x3a,
+ 0xab,0xfc,0x7a,0x68,0x5b,0x62,0x74,0x13,0x44,0x08,0xca,0xfc,0x16,0x92,0x85,0x2a,
+ 0xca,0x66,0x3c,0xef,0xd7,0xdd,0x0c,0x8a,0x87,0x2a,0x36,0xa1,0x41,0x4d,0xb4,0xb7,
+ 0xf3,0x14,0xad,0x0e,0x49,0xf2,0xc1,0x87,0x16,0x2e,0x28,0x76,0xc6,0x05,0x3d,0xbe,
+ 0xf5,0xa2,0xea,0x8c,0x33,0xdc,0xd3,0xdd,0x91,0x68,0x76,0x44,0x37,0x7c,0x45,0xf4,
+ 0xb5,0xc4,0x18,0xe1,0xe1,0x0b,0xec,0x22,0xba,0xac,0x31,0x3b,0x90,0x2b,0xdf,0xfc,
+ 0xfb,0x69,0xc6,0x8e,0xf4,0xe7,0x1c,0x5a,0xcc,0x39,0xa9,0xf0,0x7a,0xcb,0x1f,0xc3,
+ 0xba,0x8e,0x92,0xc6,0xdc,0xa8,0x61,0xa6,0x41,0x63,0xb0,0x68,0x9d,0xa4,0xa9,0x7f,
+ 0x12,0x40,0x26,0x36,0x09,0x90,0xc9,0xf1,0xae,0x4e,0x8d,0x02,0x98,0xf0,0x77,0xfc,
+ 0xbb,0x0c,0x20,0x3f,0xd2,0xca,0x82,0x1d,0xea,0xb0,0x59,0x1a,0x22,0x1d,0x9d,0x0a,
+ 0x79,0x8d,0x02,0xf0,0x78,0xd8,0xfb,0x6e,0x93,0x1c,0xa4,0x46,0xa1,0x3f,0x11,0x63,
+ 0x8c,0x6b,0x6a,0xfb,0x82,0x25,0xa0,0x08,0xf9,0x38,0xa6,0x87,0x8c,0x5b,0x57,0x7e,
+ 0x03,0xae,0xcf,0xa7,0x31,0x41,0x01,0xed,0xd0,0xfd,0xa3,0xbd,0xbe,0xa4,0x98,0x5c),
+};
+
+kdf_test_vector_t prf_plus_sha384_1 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384,
+ .key = chunk_from_chars(
+ 0x54,0x43,0x6a,0x9e,0xa9,0x5d,0x6f,0xf7,0x9b,0x96,0x7f,0x4b,0x07,0xf6,0xde,0x97,
+ 0x6a,0x37,0x6e,0x8e,0xa2,0x6a,0xa9,0x57,0x47,0x09,0xaf,0xc6,0x02,0x43,0xc9,0xc1,
+ 0x41,0xda,0x4c,0xa0,0xe1,0x58,0xe6,0x27,0xa7,0x5e,0xa8,0x7f,0x6f,0xeb,0x07,0xef),
+ .salt = chunk_from_chars(
+ 0xd6,0x72,0xb0,0xbc,0x85,0x28,0x29,0xb9,0x35,0x09,0xf3,0xb7,0x24,0x70,0x63,0x64,
+ 0x0f,0x9a,0x01,0x6d,0x7b,0x22,0x22,0x3c,0x85,0xf7,0x10,0xda,0xf8,0xb9,0x82,0xd8),
+ .out = chunk_from_chars(
+ 0x10,0xb0,0x0a,0x65,0x46,0x43,0xb3,0xb9,0x85,0x76,0x4f,0x86,0xe2,0x3e,0xf6,0x24,
+ 0x31,0x12,0x2f,0xcc,0x96,0xde,0x16,0xe3,0x38,0xa3,0x72,0xbe,0xe4,0x93,0x91,0xdb,
+ 0x1f,0x83,0xa7,0x35,0x8c,0x08,0x03,0x80,0xab,0xbf,0x4a,0xf4,0x7c,0xdb,0x83,0xb9,
+ 0x53,0x03,0x43,0x16,0x8f,0x7d,0xbc,0x92,0x21,0x26,0x0e,0x15,0x46,0xc6,0xb3,0x83,
+ 0xe2,0x23,0x5d,0x27,0x05,0xa7,0x27,0xf0,0xb4,0x1a,0xeb,0xf6,0xa1,0xb4,0xc6,0x1c,
+ 0xb4,0x60,0x66,0x01,0x52,0xa1,0x7b,0xa7,0x4c,0x20,0xd5,0x19,0x1b,0xa6,0x84,0x17,
+ 0x94,0x94,0x52,0x70,0xd8,0x29,0x58,0x7b,0x7f,0x32,0x94,0x63,0x9e,0xa7,0xb7,0x71,
+ 0x49,0xe1,0xd0,0x72,0x30,0xac,0x16,0xe0,0xcd,0x5a,0xb2,0x36,0xfa,0x32,0x12,0xbd,
+ 0x56,0x9e,0xe7,0x0f),
+};
+
+kdf_test_vector_t prf_plus_sha384_2 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_384,
+ .key = chunk_from_chars(
+ 0xff,0x66,0xe9,0xd0,0x92,0xdc,0x01,0xe0,0xb8,0x1f,0x93,0x9f,0x52,0xf5,0xc0,0x7d,
+ 0x38,0xd8,0x05,0xb9,0x86,0x28,0xce,0x1a,0xc5,0xfe,0x94,0xc0,0x98,0x57,0x76,0x47,
+ 0x33,0x9f,0xad,0x68,0x94,0x1f,0xfe,0x21,0xe0,0x1e,0xfb,0x4e,0x70,0x50,0x21,0x3b),
+ .salt = chunk_from_chars(
+ 0x9e,0x2a,0x62,0xf9,0x36,0x28,0x93,0xdd,0xf8,0x47,0x16,0xfe,0xc2,0xf2,0x3f,0x9d,
+ 0xcb,0xd9,0x01,0x0d,0xf6,0xfe,0x9e,0x0e,0xb4,0x6d,0x03,0xd9,0x14,0xf3,0x04,0xd8,
+ 0xfe,0x4d,0x3e,0xe2,0xd6,0xa0,0x3b,0x40,0xe5,0x6a,0x32,0x5e,0x82,0x2a,0x17,0x36,
+ 0x19,0x29,0x18,0x4a,0xde,0x09,0xea,0xa4,0x45,0x27,0x8d,0x38,0x70,0x41,0x7a,0x7c,
+ 0xf5,0x65,0x58,0x4f,0x57,0x2a,0xd3,0x4f,0xf7,0x2b,0xc7,0x78,0x1a,0x39,0xa4,0x8b,
+ 0x54,0xb5,0x5d,0x6e,0xb0,0xed,0x68,0x55,0x1b,0x22,0x2c,0x7a,0xfa,0xda,0x0b,0xc8,
+ 0x22,0x36,0xec,0x31,0xce,0x6c,0x04,0x6b,0x3b,0x2e,0xdb,0x2d,0xef,0x61,0xf4,0xd2,
+ 0xd8,0x57,0xb2,0xd1,0xcb,0x36,0x96,0xc0,0x23,0xe0,0x8c,0x08,0xd6,0xab,0xd0,0x4d,
+ 0x4f,0x69,0x09,0x2b,0x14,0x58,0x37,0x35,0xb9,0xe9,0x18,0xae,0xe5,0xa3,0x99,0x9d,
+ 0xcb,0xf5,0x8f,0xda,0xd6,0xfc,0xd4,0x7c,0x95,0x92,0x98,0x77,0x03,0x0e,0x54,0xb7,
+ 0x08,0x23,0x5f,0x2a,0x2e,0x11,0xe7,0xc5,0x85,0x84,0x61,0x9a,0xa2,0xfa,0x69,0x31,
+ 0x53,0x44,0xd3,0x65,0x7b,0x55,0x72,0x0a,0x25,0xeb,0xe8,0x8e,0xa0,0x77,0x69,0x72,
+ 0xc9,0xe2,0x24,0x69,0xb7,0xed,0x5d,0xa9,0x6b,0x3c,0x76,0x85,0xf7,0xb0,0x56,0x99,
+ 0x60,0xbd,0x64,0x4f,0x13,0x0b,0x44,0xa0,0xd5,0x51,0xbb,0x0e,0x90,0x2e,0xd6,0x8a,
+ 0xb3,0x84,0xfd,0xc2,0xfa,0xca,0xf7,0x9b,0xbf,0x8d,0x6d,0x37,0x36,0xdf,0xa9,0x52,
+ 0xcd,0x70,0xf4,0x74,0x6f,0x1a,0x4a,0xea,0xc2,0xbd,0xbe,0xca,0x97,0xb7,0x8f,0xc1,
+ 0x77,0x78,0x78,0xc1,0x28,0x59,0x43,0x35,0x52,0xa7,0x7d,0x7f,0x94,0x2e,0x5b,0x60,
+ 0x47,0x69,0x91,0xa1,0xe3,0xd0,0x42,0x7c,0xd6,0x77,0x34,0x5a,0x1c,0xe2,0x06,0x3a,
+ 0x2e,0x0e,0xc5,0x47,0xa9,0xd8,0x21,0xda,0x75,0x9f,0x1a,0x91,0xb5,0x88,0x17,0xbd,
+ 0x0d,0xc4,0xef,0xfc,0x12,0x6f,0x6f,0x4e,0xb0,0xb9,0x11,0xe9,0x04,0xed,0x21,0xdc,
+ 0x43,0x9d,0x65,0x8a,0x77,0x3f,0x97,0xe1,0x79,0xad,0x20,0xbc,0x3c,0x63,0x60,0x9f,
+ 0x28,0x74,0x06,0x2e,0x83,0x5f,0x6a,0xe0,0x8d,0x59,0x65,0x4f,0x9c,0x88,0x61,0xe5,
+ 0x27,0x03,0x9e,0xea,0xc3,0x2b,0x9e,0xed,0x29,0x3b,0xd8,0xb1,0xe0,0xe7,0xc6,0x7b,
+ 0xf1,0xd7,0x55,0x24,0x6a,0x1b,0x06,0x3f,0xf0,0x06,0x32,0xa4,0x6d,0xd5,0xcf,0x69,
+ 0x48,0xf0,0xee,0xd9,0xb6,0x5c,0x59,0x39,0xdf,0xd2,0x14,0x80,0xa6,0x3d,0xf0,0xca,
+ 0xb0,0xa7,0x50,0x9c,0x42,0x45,0xa1,0xbe,0x75,0x47,0xcc,0xc6,0xf7,0x3c,0x72,0x4b,
+ 0x48,0xb7,0x86,0x70,0x12,0xe0,0xca,0x3e,0x47,0x2e,0x0d,0x55,0x06,0x49,0xa7,0x34,
+ 0x44,0x0f,0xef,0xfc,0x8e,0x73,0x68,0x2c,0xb6,0x04,0x53,0xe7,0xa4,0x7e,0x72,0xfe,
+ 0x08,0x74,0xeb,0x40,0xac,0xd0,0xd4,0x8e,0x4e,0x57,0x19,0x74,0x16,0x11,0x2b,0xcd,
+ 0xc8,0xbb,0x7a,0x58,0xbe,0xa7,0x45,0xfd,0xd6,0x4c,0x16,0xf6,0x66,0xc8,0x8d,0x9e,
+ 0x3b,0xd2,0x35,0xb1,0x37,0x20,0x6f,0x6c,0xdb,0xa1,0x90,0xbe,0x65,0xec,0x03,0x3c,
+ 0x19,0x1f,0x67,0x6b,0x42,0x8e,0xc1,0x20,0x5d,0xc5,0xe9,0x45,0x82,0x85,0x08,0xd8,
+ 0x6f,0xd4,0xbc,0x62,0x54,0x02,0xaa,0x68,0x5f,0x60,0x72,0x5e,0xfd,0xb4,0x25,0x96),
+ .out = chunk_from_chars(
+ 0x28,0x10,0x28,0x8a,0x45,0xa5,0x02,0x21,0x1f,0xea,0xde,0x99,0x43,0xb4,0x22,0x4a,
+ 0x3f,0x54,0xcf,0x97,0xf1,0x91,0xb6,0x21,0xd8,0x0a,0x19,0xf3,0xf1,0xb0,0x36,0x6d,
+ 0x5e,0xd7,0x3d,0x19,0x5b,0x73,0x2a,0x15,0xb5,0x99,0x05,0x1a,0x13,0xb7,0xc5,0x84,
+ 0x17,0x55,0x21,0xe3,0xa9,0x7c,0xdb,0x22,0x0c,0x89,0x24,0xb0,0xec,0x23,0x4a,0x94,
+ 0x2e,0x05,0x79,0x67,0x5f,0x19,0x39,0x26,0xab,0x33,0x29,0x70,0x58,0x55,0x53,0xe2,
+ 0x30,0xe3,0x42,0x9c,0x6e,0x8b,0xa7,0x1b,0x93,0x74,0xbd,0x4a,0x8d,0xf9,0x69,0x45,
+ 0x68,0x40,0x52,0x7f,0x2c,0xf6,0x35,0x39,0x2b,0xe9,0xc1,0x7c,0xa8,0x47,0x4c,0xf0,
+ 0x1b,0x33,0x2b,0x81,0x08,0xb5,0x4c,0x48,0xaa,0xfc,0x86,0xac,0x4c,0xfc,0xe7,0x05,
+ 0x8e,0xe1,0x14,0x54,0x0e,0x5a,0x1b,0x95,0x22,0x01,0xee,0x3d,0x0a,0xc9,0xd3,0xe3,
+ 0x3f,0x01,0x80,0x75,0x84,0x33,0x9a,0xc3,0xf4,0x3c,0xcd,0xd3,0x95,0xc5,0x8b,0xb3,
+ 0xf4,0xa4,0xcc,0x5c,0x57,0x87,0x1e,0xa1,0xd3,0xea,0xa8,0xd0,0x30,0x2b,0xb3,0x08,
+ 0xd1,0xd2,0x03,0xaf,0x13,0x14,0x7e,0x87,0xab,0x2b,0x91,0x59,0xae,0x36,0x1e,0xc0,
+ 0x11,0xd6,0x73,0xfe,0x3f,0x16,0x2b,0x39,0x89,0xda,0x34,0x88,0xd8,0xff,0xea,0x2b,
+ 0x51,0xe7,0x46,0x5f,0xad,0xdc,0xa6,0x7d,0x1d,0x54,0xc8,0x94,0x0a,0x8a,0xb6,0x2e,
+ 0x8a,0xbe,0x41,0x45,0xcb,0x25,0x15,0x91,0x25,0x95,0x01,0x19,0xe3,0xc0,0x1a,0x81,
+ 0x35,0x75,0xf0,0xa9,0x59,0xb1,0x43,0xbc,0x31,0xf6,0x2b,0x47,0x34,0xaa,0x45,0xe2),
+};
+
+kdf_test_vector_t prf_plus_sha512_1 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512,
+ .key = chunk_from_chars(
+ 0xda,0xf9,0xbd,0x6f,0x2f,0x91,0x2d,0xa5,0x53,0x86,0x79,0x66,0xaf,0x38,0x6e,0x67,
+ 0x90,0x9a,0x8d,0xf0,0xca,0x7e,0x84,0xb8,0x3b,0x35,0x5c,0xb7,0xd7,0xf1,0x02,0x6f,
+ 0x17,0xd8,0xea,0x34,0xb5,0xd5,0x7f,0xd0,0xd1,0xba,0x38,0x95,0x28,0xfc,0xa1,0xe8,
+ 0x1d,0x1c,0x8c,0xe5,0x11,0xb2,0x8a,0x24,0x58,0x24,0x11,0x43,0xfe,0xe3,0x0c,0xcc),
+ .salt = chunk_from_chars(
+ 0xdf,0x79,0x31,0xdb,0x9b,0x42,0x9e,0x10,0xb8,0xaa,0x8e,0x4d,0x46,0x04,0x23,0x93,
+ 0x9b,0xa4,0x0a,0xf9,0x15,0x7f,0x47,0x92,0x53,0x83,0xc7,0xcd,0x3d,0x10,0x46,0xe6),
+ .out = chunk_from_chars(
+ 0x91,0x9a,0x75,0xde,0xae,0xcc,0xbd,0x39,0x3b,0xeb,0xc8,0x96,0x15,0xf8,0xa2,0x15,
+ 0xed,0xb7,0x07,0x3b,0x23,0x19,0xd8,0x67,0x40,0x22,0x1e,0xee,0x7a,0x2d,0xeb,0x92,
+ 0x50,0x90,0x44,0xd7,0xe6,0x1f,0xcb,0x1b,0xf9,0x67,0x6b,0x38,0x81,0xc7,0xce,0xd4,
+ 0x9e,0x6b,0xba,0x15,0x49,0xda,0x31,0x13,0x60,0x16,0x77,0xa2,0x44,0x5d,0x91,0xac,
+ 0x13,0xa5,0x97,0x33,0x57,0x82,0xdd,0x3a,0x9c,0xf4,0x96,0xd9,0xe1,0x9b,0x93,0x2f,
+ 0x27,0xdd,0x35,0xe3,0x6f,0x80,0x70,0xd2,0x32,0xd0,0xa3,0xb3,0xf4,0xc4,0xa0,0xb4,
+ 0xba,0x44,0x70,0x77,0x8d,0xc0,0x90,0xf3,0x1f,0x52,0xab,0x1b,0x6d,0x81,0xe4,0xc7,
+ 0xdf,0xb3,0x50,0x63,0xad,0x96,0xc3,0x27,0xad,0xcd,0xbd,0xe7,0x14,0xcc,0x9a,0x6b,
+ 0x5e,0xf0,0x49,0xb8),
+};
+
+kdf_test_vector_t prf_plus_sha512_2 = {
+ .alg = KDF_PRF_PLUS, .arg.prf = PRF_HMAC_SHA2_512,
+ .key = chunk_from_chars(
+ 0xe5,0x70,0xe7,0x48,0x46,0x34,0x30,0x0d,0x7a,0xdd,0xf5,0xa8,0x52,0x7c,0x13,0x8b,
+ 0x76,0x96,0xdb,0xc3,0xd8,0xbe,0x09,0x69,0xb7,0x52,0x15,0x31,0x8a,0x11,0xad,0xa2,
+ 0x13,0x53,0x8f,0x62,0x93,0xb0,0xee,0xe5,0xb3,0x09,0xad,0x8f,0x5d,0x8d,0x94,0xdb,
+ 0xe5,0x73,0x61,0x27,0xe0,0xd2,0x56,0x0f,0x28,0x1c,0x9c,0x58,0x6b,0xf7,0xc8,0x6f),
+ .salt = chunk_from_chars(
+ 0xd8,0x96,0x84,0xe3,0xcb,0x17,0xf3,0xaa,0xbd,0x85,0x3a,0x78,0xdb,0x3e,0xcd,0x5a,
+ 0xac,0xc1,0xed,0x71,0xc7,0x0b,0x88,0xa2,0x97,0x56,0xf4,0x6f,0xc7,0x19,0x7c,0x80,
+ 0x4e,0xc0,0x01,0x54,0x40,0x02,0xa8,0xae,0xa3,0x60,0x68,0x4b,0x18,0x00,0x6d,0xef,
+ 0x0d,0xbd,0x86,0x33,0xb1,0x01,0x9f,0xbc,0xfa,0x85,0xb9,0x4c,0xac,0x2b,0xb8,0x21,
+ 0x25,0x84,0xbe,0x62,0xad,0xab,0x0e,0xe4,0xbb,0x8a,0x36,0xae,0xe2,0x52,0x75,0xef,
+ 0x07,0x13,0x90,0x48,0x0e,0xef,0xa2,0x09,0x2e,0xb3,0x08,0xaa,0x73,0x37,0xc5,0xce,
+ 0xb6,0x06,0x9a,0xb6,0x90,0xe8,0x96,0x2f,0xbf,0xe0,0x98,0x6e,0x4f,0x5c,0x18,0xf4,
+ 0x86,0x86,0x1e,0xd3,0xf1,0xdc,0xbe,0xe4,0xc9,0xe4,0xa7,0x66,0x9d,0x74,0x0c,0xa2,
+ 0xb0,0xe8,0xed,0x40,0x31,0xb0,0xa4,0x99,0xdc,0x31,0x5c,0xed,0xe7,0xef,0x03,0x39,
+ 0x9c,0xbc,0x33,0xdc,0xd6,0x29,0x70,0x34,0x9f,0x12,0x20,0x88,0x1b,0x55,0x45,0x2e,
+ 0x0c,0x6c,0x9b,0x52,0xa8,0x8b,0x67,0xf5,0x97,0x58,0x67,0x95,0xb2,0x25,0x70,0x73,
+ 0x3f,0xd4,0xff,0x2c,0xc2,0xad,0x93,0x1d,0x83,0x30,0x16,0x5a,0x9e,0x45,0x0e,0x38,
+ 0x88,0x59,0xce,0x62,0x4f,0x01,0xdb,0x17,0xc2,0x50,0x2b,0x4e,0x66,0xad,0xf9,0x65,
+ 0x27,0x36,0x3d,0x6f,0x90,0x6b,0x20,0x23,0xe8,0xed,0x74,0xd5,0xaf,0x0a,0xa6,0x02,
+ 0x46,0xb0,0xb9,0x2f,0x49,0xc4,0x93,0x3e,0xf3,0x12,0xf8,0xa2,0x54,0x34,0xee,0x96,
+ 0x98,0xd6,0xd9,0x20,0x43,0x45,0xbd,0x10,0xbb,0x11,0xaa,0x39,0x86,0x56,0x16,0xd5,
+ 0xad,0x1b,0x57,0x44,0x70,0x6c,0xfd,0x4e,0xa1,0x40,0x8e,0x20,0xc8,0xfd,0xcf,0x85,
+ 0x51,0xee,0xe8,0x81,0x4b,0x7b,0x37,0x33,0x0b,0x05,0x26,0xf0,0xbc,0x5e,0xe1,0x5d,
+ 0x4e,0xcd,0xa7,0xa1,0xbd,0x25,0xaa,0x97,0xf2,0x45,0x84,0xd8,0x5d,0x3f,0x52,0x49,
+ 0x69,0x4b,0x9f,0x43,0x53,0x9e,0x69,0xea,0x35,0xbf,0xe7,0xfd,0x44,0x07,0xbc,0x8e,
+ 0x9d,0xca,0x8a,0x9f,0xae,0x4b,0xdc,0x6b,0x7b,0xb3,0x8c,0x6d,0x68,0xf8,0x99,0xe1,
+ 0xd3,0x2c,0x85,0xbc,0xd6,0x17,0xa5,0x67,0x67,0x8c,0xf8,0x5d,0x22,0x17,0xa4,0xe8,
+ 0x6a,0x75,0x56,0x24,0xb6,0x40,0x02,0x35,0x4c,0x02,0x68,0x42,0xbc,0x95,0x42,0x49,
+ 0x1a,0xf1,0xc3,0xd6,0x29,0x09,0x70,0x55,0x9a,0xf1,0x1b,0xdc,0x2c,0x83,0xb5,0x4c,
+ 0x74,0x14,0x49,0x05,0xc0,0xa3,0x58,0xf3,0x15,0x3d,0xb7,0x67,0xa5,0xda,0x2a,0x86,
+ 0x27,0xf6,0x96,0x27,0xe1,0xd4,0x1e,0xde,0x9c,0x90,0x7c,0x79,0xb5,0x1f,0xf8,0x15,
+ 0xe4,0x64,0x5c,0x33,0x75,0xe0,0xf6,0x3f,0x84,0xfc,0xf5,0xd7,0xc3,0x40,0x7a,0x1d,
+ 0xd6,0x83,0x9e,0x19,0x06,0xa1,0xe3,0x80,0x2c,0xcf,0x5e,0x82,0x30,0xd9,0x5c,0xf4,
+ 0xb8,0x27,0xb4,0x1c,0x48,0x34,0x25,0xa8,0xa6,0x0b,0xfa,0x51,0x89,0xda,0xc4,0x38,
+ 0x06,0x0f,0x2f,0x5c,0xd5,0x26,0x66,0x2f,0x29,0x06,0xc1,0xdd,0x64,0xf4,0x84,0x4e,
+ 0x94,0x2c,0xa8,0x4d,0xae,0xce,0x6d,0xd7,0xbb,0xf7,0x19,0x4d,0x8c,0xe5,0x6b,0xc2,
+ 0x83,0x10,0x85,0xa7,0xd3,0x10,0xe4,0x94,0x4c,0xfa,0xe7,0x62,0x60,0xaa,0xbf,0x6b,
+ 0x60,0x9d,0x88,0x78,0x9b,0x8a,0x1a,0xbf,0x50,0x01,0x86,0xc3,0xd9,0x7e,0xd2,0xab),
+ .out = chunk_from_chars(
+ 0x98,0x7f,0xad,0xd8,0x04,0x99,0x45,0x67,0xd5,0x7f,0x98,0x9b,0x6c,0xda,0x66,0xef,
+ 0xbf,0xfc,0xab,0x28,0xac,0x3e,0x3b,0xc6,0x10,0x78,0x05,0x95,0x4e,0xb1,0xea,0xd0,
+ 0xce,0xa6,0xfb,0x49,0xaa,0x96,0x1c,0xbe,0x98,0xfd,0xad,0x57,0xdd,0x9c,0x45,0x56,
+ 0x7c,0xe4,0x96,0x74,0x78,0x62,0xf8,0x8b,0xcd,0x9f,0xc5,0x75,0x59,0xa0,0x7e,0xa9,
+ 0x27,0xa4,0x20,0x82,0xba,0x87,0xe0,0xf5,0x1b,0x3d,0x5b,0x8c,0xbd,0xea,0xdd,0xed,
+ 0xa3,0xae,0x4c,0x73,0xb1,0xa5,0x1d,0xd0,0xdc,0xe3,0xcc,0x8e,0xb3,0xb1,0x41,0x9b,
+ 0x93,0xf2,0x9d,0xc6,0x52,0x2b,0x2f,0x5e,0x93,0x75,0x23,0x82,0x03,0xec,0xa9,0x8e,
+ 0xd8,0x6b,0xf1,0xe6,0x86,0x8a,0xb4,0x28,0xd8,0x63,0xa5,0xf3,0xb9,0x87,0xd6,0xc0,
+ 0xf9,0x57,0xaf,0x08,0xa1,0x63,0x1f,0x7c,0xdc,0x00,0x8c,0xbb,0xff,0xc2,0x4b,0x02,
+ 0x93,0x1a,0x02,0x01,0x94,0xe3,0x68,0xd6,0xb5,0x70,0x2e,0x7f,0x8b,0x96,0x0d,0xbc,
+ 0x93,0xca,0x56,0xed,0x5a,0x68,0xda,0xe0,0x20,0x69,0x94,0xed,0xf1,0x47,0x6f,0x5f,
+ 0xa3,0x4e,0xfb,0xda,0xa9,0x73,0xd2,0x7b,0xa3,0x68,0xce,0xdc,0xc6,0x66,0xd7,0x63,
+ 0xbd,0x6a,0xd5,0x60,0x57,0x38,0x51,0xbf,0xfb,0x70,0x99,0xaf,0x58,0x8f,0x34,0xff,
+ 0x2e,0x59,0x9b,0x0e,0x87,0xf7,0x0a,0x7f,0x4a,0xa4,0x8e,0x95,0x1d,0x0c,0x5c,0x30,
+ 0xdd,0xfc,0x1f,0x98,0xc1,0x28,0x63,0x15,0x90,0xcd,0xe0,0x0a,0x7c,0x93,0x15,0x8d,
+ 0xbf,0x4c,0xaa,0x53,0x7b,0x31,0x59,0x31,0xb7,0x14,0xd7,0x2f,0x4d,0x2a,0x01,0xc9),
+};
Index: strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ strongswan-5.9.5/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -25,6 +25,7 @@
#define TEST_VECTOR_HASHER(x) extern hasher_test_vector_t x;
#define TEST_VECTOR_PRF(x) extern prf_test_vector_t x;
#define TEST_VECTOR_XOF(x) extern xof_test_vector_t x;
+#define TEST_VECTOR_KDF(x) extern kdf_test_vector_t x;
#define TEST_VECTOR_DRBG(x) extern drbg_test_vector_t x;
#define TEST_VECTOR_RNG(x) extern rng_test_vector_t x;
#define TEST_VECTOR_DH(x) extern dh_test_vector_t x;
@@ -37,6 +38,7 @@
#undef TEST_VECTOR_HASHER
#undef TEST_VECTOR_PRF
#undef TEST_VECTOR_XOF
+#undef TEST_VECTOR_KDF
#undef TEST_VECTOR_DRBG
#undef TEST_VECTOR_RNG
#undef TEST_VECTOR_DH
@@ -47,6 +49,7 @@
#define TEST_VECTOR_HASHER(x)
#define TEST_VECTOR_PRF(x)
#define TEST_VECTOR_XOF(x)
+#define TEST_VECTOR_KDF(x)
#define TEST_VECTOR_DRBG(x)
#define TEST_VECTOR_RNG(x)
#define TEST_VECTOR_DH(x)
@@ -100,6 +103,14 @@ static xof_test_vector_t *xof[] = {
#undef TEST_VECTOR_XOF
#define TEST_VECTOR_XOF(x)
+#undef TEST_VECTOR_KDF
+#define TEST_VECTOR_KDF(x) &x,
+static kdf_test_vector_t *kdf[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_KDF
+#define TEST_VECTOR_KDF(x)
+
#undef TEST_VECTOR_DRBG
#define TEST_VECTOR_DRBG(x) &x,
static drbg_test_vector_t *drbg[] = {
@@ -208,6 +219,11 @@ plugin_t *test_vectors_plugin_create()
lib->crypto->add_test_vector(lib->crypto,
EXTENDED_OUTPUT_FUNCTION, xof[i]);
}
+ for (i = 0; i < countof(kdf); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ KEY_DERIVATION_FUNCTION, kdf[i]);
+ }
for (i = 0; i < countof(drbg); i++)
{
lib->crypto->add_test_vector(lib->crypto,
Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/Makefile.am
+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/Makefile.am
@@ -24,6 +24,7 @@ libstrongswan_wolfssl_la_SOURCES = \
wolfssl_ed_public_key.h wolfssl_ed_public_key.c \
wolfssl_hasher.h wolfssl_hasher.c \
wolfssl_hmac.h wolfssl_hmac.c \
+ wolfssl_kdf.h wolfssl_kdf.c \
wolfssl_rsa_public_key.h wolfssl_rsa_public_key.c \
wolfssl_rsa_private_key.h wolfssl_rsa_private_key.c \
wolfssl_rng.h wolfssl_rng.c \
Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "wolfssl_common.h"
+
+#if !defined(NO_HMAC) && defined(HAVE_HKDF)
+
+#include <wolfssl/wolfcrypt/hmac.h>
+
+#define _GNU_SOURCE
+#include "wolfssl_kdf.h"
+#include "wolfssl_util.h"
+
+typedef struct private_kdf_t private_kdf_t;
+
+/**
+ * Private data.
+ */
+struct private_kdf_t {
+
+ /**
+ * Public interface.
+ */
+ kdf_t public;
+
+ /**
+ * KDF type.
+ */
+ key_derivation_function_t type;
+
+ /**
+ * Hash algorithm type.
+ */
+ enum wc_HashType hash;
+
+ /**
+ * Key for KDF.
+ */
+ chunk_t key;
+
+ /**
+ * Salt for KDF.
+ */
+ chunk_t salt;
+};
+
+METHOD(kdf_t, get_type, key_derivation_function_t,
+ private_kdf_t *this)
+{
+ return this->type;
+}
+
+METHOD(kdf_t, get_length, size_t,
+ private_kdf_t *this)
+{
+ if (this->type == KDF_PRF_PLUS)
+ {
+ return SIZE_MAX;
+ }
+ return wc_HashGetDigestSize(this->hash);
+}
+
+METHOD(kdf_t, get_bytes, bool,
+ private_kdf_t *this, size_t out_len, uint8_t *buffer)
+{
+ if (this->type == KDF_PRF)
+ {
+ /* IKEv2 uses the nonces as PRF key and the DH secret as salt, however,
+ * HKDF-Extract() does the same again (mapping the salt to the HMAC key),
+ * so we have to switch key and salt here */
+ if (out_len != get_length(this) ||
+ wc_HKDF_Extract(this->hash, this->key.ptr, this->key.len,
+ this->salt.ptr, this->salt.len, buffer))
+ {
+ return FALSE;
+ }
+ return TRUE;
+ }
+ if (wc_HKDF_Expand(this->hash, this->key.ptr, this->key.len,
+ this->salt.ptr, this->salt.len, buffer, out_len))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, allocate_bytes, bool,
+ private_kdf_t *this, size_t out_len, chunk_t *chunk)
+{
+ if (this->type == KDF_PRF)
+ {
+ out_len = out_len ?: get_length(this);
+ }
+
+ *chunk = chunk_alloc(out_len);
+
+ if (!get_bytes(this, out_len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, set_param, bool,
+ private_kdf_t *this, kdf_param_t param, ...)
+{
+ chunk_t chunk;
+
+ switch (param)
+ {
+ case KDF_PARAM_KEY:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->key);
+ this->key = chunk_clone(chunk);
+ break;
+ case KDF_PARAM_SALT:
+ VA_ARGS_GET(param, chunk);
+ chunk_clear(&this->salt);
+ this->salt = chunk_clone(chunk);
+ break;
+ }
+ return TRUE;
+}
+
+METHOD(kdf_t, destroy, void,
+ private_kdf_t *this)
+{
+ chunk_clear(&this->salt);
+ chunk_clear(&this->key);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args)
+{
+ private_kdf_t *this;
+ pseudo_random_function_t prf_alg;
+ enum wc_HashType hash;
+ char buf[HASH_SIZE_SHA512];
+
+ if (algo != KDF_PRF && algo != KDF_PRF_PLUS)
+ {
+ return NULL;
+ }
+
+ VA_ARGS_VGET(args, prf_alg);
+ if (!wolfssl_hash2type(hasher_algorithm_from_prf(prf_alg), &hash))
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_type = _get_type,
+ .get_length = _get_length,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .set_param = _set_param,
+ .destroy = _destroy,
+ },
+ .type = algo,
+ .hash = hash,
+ );
+
+ /* test if we can actually use the algorithm */
+ if (!get_bytes(this, algo == KDF_PRF ? get_length(this) : sizeof(buf), buf))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#endif /* !NO_HMAC && HAVE_HKDF */
Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h
===================================================================
--- /dev/null
+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_kdf.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2022 Tobias Brunner, codelabs GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements key derivation functions (KDF) using wolfSSL, in particular prf+,
+ * which is implemented via wolfSSL's HKDF implementation.
+ *
+ * @defgroup wolfssl_kdf wolfssl_kdf
+ * @{ @ingroup wolfssl_p
+ */
+
+#ifndef WOLFSSL_KDF_H_
+#define WOLFSSL_KDF_H_
+
+#include <crypto/kdfs/kdf.h>
+
+/**
+ * Creates a new kdf_t object.
+ *
+ * @param algo algorithm to instantiate
+ * @param args algorithm-specific arguments
+ * @return kdf_t object, NULL if not supported
+ */
+kdf_t *wolfssl_kdf_create(key_derivation_function_t algo, va_list args);
+
+#endif /** WOLFSSL_KDF_H_ @}*/
Index: strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ strongswan-5.9.5/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -36,6 +36,7 @@
#include "wolfssl_ed_public_key.h"
#include "wolfssl_hasher.h"
#include "wolfssl_hmac.h"
+#include "wolfssl_kdf.h"
#include "wolfssl_rsa_private_key.h"
#include "wolfssl_rsa_public_key.h"
#include "wolfssl_rng.h"
@@ -185,6 +186,11 @@ METHOD(plugin_t, get_features, int,
PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
#endif
+#ifdef HAVE_HKDF
+ PLUGIN_REGISTER(KDF, wolfssl_kdf_create),
+ PLUGIN_PROVIDE(KDF, KDF_PRF),
+ PLUGIN_PROVIDE(KDF, KDF_PRF_PLUS),
+#endif
#endif /* NO_HMAC */
#if (!defined(NO_AES) && (defined(HAVE_AESGCM) || defined(HAVE_AESCCM))) || \
(defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_prf_plus.c
+++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_prf_plus.c
@@ -15,129 +15,138 @@
#include "test_suite.h"
-#include <crypto/prf_plus.h>
+#include <library.h>
static struct {
chunk_t key;
chunk_t seed;
- chunk_t iterations[10];
-} counter_data[] = {
+ chunk_t expected;
+} test_data[] = {
{ .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
0x0b,0x0b,0x0b,0x0b),
.seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65),
- .iterations = {
- chunk_from_chars(0xb9,0xbd,0xc0),
- chunk_from_chars(0x89,0x88,0xb4,0xc2,0xb7,0x5a),
- chunk_from_chars(0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05),
- chunk_from_chars(0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72,
- 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32),
- chunk_from_chars(0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a),
- chunk_from_chars(0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6),
- chunk_from_chars(0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6,
- 0xed,0xc0,0x23,0x47,0x7d,0x80),
- chunk_from_chars(0x95,0x90,0xe6,0x82,0xf6,0x1d,0x9c,0x04,
- 0xb0,0x6b,0x4a,0xd9,0x71,0xa3,0x4c,0x81,
- 0x47,0xfa,0x66,0x79),
- chunk_from_chars(0x2f,0xf1,0x43,0x4b,0x93,0xc7,0x22,0xb3,
- 0x2e,0x12,0xf4,0x88,0x32,0xeb,0xc1,0x5c,
- 0xe2,0x36,0x9c,0xe7,0x1f,0xe9,0xb7,0xb8,
- 0x1e,0x57,0x04,0xc1,0x4d,0x0f,0x52,0x80,
- 0xa6,0xec,0x62,0x6e,0x99,0x2d,0x7a,0x9f),
- },
+ .expected = chunk_from_chars(0xb9,0xbd,0xc0,0x89,0x88,0xb4,0xc2,0xb7,
+ 0x5a,0xa9,0x3e,0x59,0x6a,0xc8,0x42,0x05,
+ 0xfa,0x2d,0xdd,0xe1,0xbf,0x7a,0x25,0x72,
+ 0x06,0x7b,0x00,0xe1,0x4b,0x23,0x77,0x32,
+ 0x83,0x05,0x09,0x98,0x1a,0xd2,0xf9,0x4a,
+ 0x8c,0x32,0xa4,0x7d,0xaa,0x22,0x55,0xb6,
+ 0x60,0xc4,0x36,0x34,0x7a,0xe7,0x56,0xa6,
+ 0xed,0xc0,0x23,0x47,0x7d,0x80,0x95,0x90,
+ 0xe6,0x82,0xf6,0x1d,0x9c,0x04,0xb0,0x6b,
+ 0x4a,0xd9,0x71,0xa3,0x4c,0x81,0x47,0xfa,
+ 0x66,0x79,0x2f,0xf1,0x43,0x4b,0x93,0xc7,
+ 0x22,0xb3,0x2e,0x12,0xf4,0x88,0x32,0xeb,
+ 0xc1,0x5c,0xe2,0x36,0x9c,0xe7,0x1f,0xe9,
+ 0xb7,0xb8,0x1e,0x57,0x04,0xc1,0x4d,0x0f,
+ 0x52,0x80,0xa6,0xec,0x62,0x6e,0x99,0x2d,
+ 0x7a,0x9f),
+ },
+ /* change the key, keep the seed */
+ { .key = chunk_from_chars(0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,
+ 0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,0x0a,
+ 0x0a,0x0a,0x0a,0x0a),
+ .expected = chunk_from_chars(0x1a,0x2f,0xc7,0x4a,0x06,0x8c,0xae,0x76,
+ 0xfa,0xb3,0xd6,0x34,0xae,0xe9,0x81,0x55,
+ 0x11,0x6a,0x4b,0x21,0xe1,0x0d,0x1b,0x16,
+ 0x45,0x7a,0x06,0xd9,0x42,0x27,0x93,0x98,
+ 0xf7,0x4d,0xf1,0x59,0xc1,0x25,0x21,0xae,
+ 0xe6,0xf4,0x80,0x01,0xe5,0x86,0x8e,0xa7,
+ 0x4b,0x1e,0x13,0xd1,0xcf,0xdc,0xb7,0x7b,
+ 0xf8,0xcf,0x75,0x2c,0x67,0x13,0x18,0x7a,
+ 0x38,0x55,0xba,0x4b,0xf2,0x57,0x55,0xcd,
+ 0x96,0x20,0xcb,0xe3,0xc4,0x8a,0x7f,0xa3,
+ 0x86,0xa5,0xc6,0x26,0x8e,0x57,0xd8,0xe0,
+ 0xb6,0xf9,0x8a,0x41,0x16,0x82,0x64,0x8a),
+ },
+ /* change the seed, keep the key */
+ { .seed = chunk_from_chars(0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+ 0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10),
+ .expected = chunk_from_chars(0x8b,0x90,0x9c,0xbc,0xbb,0xf1,0x72,0x63,
+ 0x6b,0x4e,0x63,0xcd,0x7e,0xc5,0xe3,0x45,
+ 0x57,0x3e,0xbf,0x72,0x8f,0x62,0xa4,0x9b,
+ 0x83,0x7b,0xd9,0x53,0xc0,0x0c,0xad,0x3d,
+ 0x19,0x16,0x28,0x81,0x85,0xf9,0x27,0xb6,
+ 0xc4,0x0c,0x48,0x31,0x45,0x12,0x3b,0x5a,
+ 0xb8,0x47,0xd0,0x19,0x6e,0x6b,0x1c,0x5a,
+ 0x2a,0xc1,0xe5,0x1e,0xc5,0x43,0xcc,0xd4,
+ 0x28,0xba,0x30,0x4b,0x5e,0xad,0x97,0xa7,
+ 0xc0,0x9d,0x13,0xdd,0xfb,0x4a,0x42,0x43,
+ 0x87,0xd6,0x22,0xf6,0x03,0x19,0x21,0x31,
+ 0x6a,0xa6,0x38,0x44,0xa5,0x61,0xf6,0x23,
+ 0x0c,0x50,0x14,0xcc,0xce,0x09,0x5f,0xb3,
+ 0xcc,0xe4,0xcb,0x8f,0x43,0xdc,0x2b,0x65,
+ 0xfd,0x42,0xcc,0xeb,0x49,0x0e,0xcb,0xeb,
+ 0x47,0x30,0xb5,0x18,0x6d,0x34,0x7a,0xea,
+ 0xad,0xfd,0x66,0xa7,0x7e,0xd3,0x3f,0x42,
+ 0xdf,0x75,0x54,0xef,0x5f,0x4f,0x7e,0x26,
+ 0xf9,0x38,0x73,0x26,0x92,0x7a,0xc7,0x80),
},
};
-START_TEST(test_vectors_counter)
+START_TEST(test_params)
{
- prf_plus_t *prf_plus;
- prf_t *prf;
- chunk_t *iter = counter_data[_i].iterations, out;
-
- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256);
- ck_assert(prf->set_key(prf, counter_data[_i].key));
- prf_plus = prf_plus_create(prf, TRUE, counter_data[_i].seed);
- while (iter->ptr)
+ kdf_t *kdf;
+ chunk_t out;
+ int i;
+
+ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256);
+ if (!kdf)
{
- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out));
- ck_assert_chunk_eq(*iter, out);
+ warn("%N (%N) not supported", key_derivation_function_names,
+ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256);
+ return;
+ }
+ for (i = 0; i < countof(test_data); i++)
+ {
+ if (test_data[i].key.len)
+ {
+ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[i].key));
+ }
+ if (test_data[i].seed.len)
+ {
+ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[i].seed));
+ }
+ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out));
+ ck_assert_chunk_eq(test_data[i].expected, out);
+ chunk_free(&out);
+ /* same output the second time */
+ ck_assert(kdf->allocate_bytes(kdf, test_data[i].expected.len, &out));
+ ck_assert_chunk_eq(test_data[i].expected, out);
chunk_free(&out);
- iter++;
}
- prf_plus->destroy(prf_plus);
- prf->destroy(prf);
+ kdf->destroy(kdf);
}
END_TEST
START_TEST(test_wrap)
{
- prf_plus_t *prf_plus;
- prf_t *prf;
- u_char buf[32];
- int i;
+ kdf_t *kdf;
+ chunk_t out;
- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256);
- ck_assert(prf->set_key(prf, counter_data[0].key));
- prf_plus = prf_plus_create(prf, TRUE, counter_data[0].seed);
- for (i = 1; i < 256; i++)
+ kdf = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS, PRF_HMAC_SHA2_256);
+ if (!kdf)
{
- ck_assert(prf_plus->get_bytes(prf_plus, sizeof(buf), buf));
+ warn("%N (%N) not supported", key_derivation_function_names,
+ KDF_PRF_PLUS, pseudo_random_function_names, PRF_HMAC_SHA2_256);
+ return;
}
- ck_assert(!prf_plus->get_bytes(prf_plus, sizeof(buf), buf));
- prf_plus->destroy(prf_plus);
- prf->destroy(prf);
-}
-END_TEST
+ ck_assert(kdf->set_param(kdf, KDF_PARAM_KEY, test_data[0].key));
+ ck_assert(kdf->set_param(kdf, KDF_PARAM_SALT, test_data[0].seed));
-static struct {
- chunk_t key;
- chunk_t seed;
- chunk_t iterations[10];
-} classic_data[] = {
- { .key = chunk_from_chars(0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
- 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
- 0x0b,0x0b,0x0b,0x0b),
- .seed = chunk_from_chars(0x48,0x69,0x20,0x54,0x68,0x65,0x72,0x65),
- .iterations = {
- chunk_from_chars(0xb0,0x34,0x4c),
- chunk_from_chars(0x61,0xd8,0xdb,0x38,0x53,0x5c),
- chunk_from_chars(0xa8,0xaf,0xce,0xaf,0x0b,0xf1,0x2b),
- chunk_from_chars(0x88,0x1d,0xc2,0x00,0xc9,0x83,0x3d,0xa7,
- 0x26,0xe9,0x37,0x6c,0x2e,0x32,0xcf,0xf7),
- chunk_from_chars(0xd0,0x9a,0xe2,0x4b,0x3a,0x83,0xff,0xd4),
- chunk_from_chars(0xb1,0xef,0xa5,0x94,0x5c,0xc5,0xed,0x85),
- chunk_from_chars(0xb0,0xb2,0xcc,0x56,0xfc,0xf7,0x5d,0x23,
- 0xa0,0xa3,0x4c,0xa4,0xdb,0xff,),
- chunk_from_chars(0xea,0xfd,0xaa,0x6a,0x3b,0xf4,0x11,0x34,
- 0x24,0xe4,0x50,0x2d,0xf9,0x7a,0x76,0x93,
- 0x24,0xf6,0x11,0x24),
- chunk_from_chars(0x24,0x3b,0x99,0x6e,0x7d,0x0f,0x35,0x99,
- 0x88,0x79,0x73,0x6b,0xdb,0x70,0x65,0x9a,
- 0x6e,0xfa,0xd2,0x39,0x94,0x10,0xe6,0xce,
- 0x80,0x45,0x6e,0xb6,0x07,0x07,0x8f,0xe1,
- 0xc4,0x7c,0x6b,0x5e,0x81,0x65,0x47,0x8a),
- },
- },
-};
-
-START_TEST(test_vectors_classic)
-{
- prf_plus_t *prf_plus;
- prf_t *prf;
- chunk_t *iter = classic_data[_i].iterations, out;
-
- prf = lib->crypto->create_prf(lib->crypto, PRF_HMAC_SHA2_256);
- ck_assert(prf->set_key(prf, classic_data[_i].key));
- prf_plus = prf_plus_create(prf, FALSE, classic_data[_i].seed);
- while (iter->ptr)
- {
- ck_assert(prf_plus->allocate_bytes(prf_plus, iter->len, &out));
- ck_assert_chunk_eq(*iter, out);
- chunk_free(&out);
- iter++;
+ /* the 1-byte counter overflows after 255 blocks of the underlying PRF */
+ out = chunk_alloc(32 * 255 + 1);
+ ck_assert(kdf->get_bytes(kdf, out.len - 2, out.ptr));
+ if (!kdf->get_bytes(kdf, out.len - 1, out.ptr))
+ { /* Botan 3.x has a check for (len/bs) >= 255 blocks, so we allow this */
+ warn("unable to generate maximum-sized key for %N (%N) but maximum-1 "
+ "is fine", key_derivation_function_names, KDF_PRF_PLUS,
+ pseudo_random_function_names, PRF_HMAC_SHA2_256);
}
- prf_plus->destroy(prf_plus);
- prf->destroy(prf);
+ ck_assert(!kdf->get_bytes(kdf, out.len, out.ptr));
+ chunk_free(&out);
+ kdf->destroy(kdf);
}
END_TEST
@@ -148,13 +157,12 @@ Suite *prf_plus_suite_create()
s = suite_create("prf_plus");
- tc = tcase_create("counter");
- tcase_add_loop_test(tc, test_vectors_counter, 0, countof(counter_data));
- tcase_add_test(tc, test_wrap);
+ tc = tcase_create("params");
+ tcase_add_test(tc, test_params);
suite_add_tcase(s, tc);
- tc = tcase_create("no counter");
- tcase_add_loop_test(tc, test_vectors_classic, 0, countof(classic_data));
+ tc = tcase_create("wrap");
+ tcase_add_test(tc, test_wrap);
suite_add_tcase(s, tc);
return s;
Index: strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/tests/suites/test_vectors.c
+++ strongswan-5.9.5/src/libstrongswan/tests/suites/test_vectors.c
@@ -29,6 +29,7 @@ static transform_type_t tfs[] = {
HASH_ALGORITHM,
PSEUDO_RANDOM_FUNCTION,
EXTENDED_OUTPUT_FUNCTION,
+ KEY_DERIVATION_FUNCTION,
DETERMINISTIC_RANDOM_BIT_GENERATOR,
RANDOM_NUMBER_GENERATOR,
DIFFIE_HELLMAN_GROUP,
Index: strongswan-5.9.5/src/libstrongswan/tests/tests.h
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/tests/tests.h
+++ strongswan-5.9.5/src/libstrongswan/tests/tests.h
@@ -55,7 +55,7 @@ TEST_SUITE(asn1_parser_suite_create)
TEST_SUITE(rng_tester_suite_create)
TEST_SUITE_DEPEND(mgf1_sha1_suite_create, XOF, XOF_MGF1_SHA1)
TEST_SUITE_DEPEND(mgf1_sha256_suite_create, XOF, XOF_MGF1_SHA256)
-TEST_SUITE_DEPEND(prf_plus_suite_create, PRF, PRF_HMAC_SHA2_256)
+TEST_SUITE_DEPEND(prf_plus_suite_create, KDF, KDF_PRF_PLUS)
TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT)
TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://")
TEST_SUITE_DEPEND(ed25519_suite_create, PRIVKEY_GEN, KEY_ED25519)
Index: strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c
===================================================================
--- strongswan-5.9.5.orig/src/libstrongswan/utils/leak_detective.c
+++ strongswan-5.9.5/src/libstrongswan/utils/leak_detective.c
@@ -636,6 +636,7 @@ static char *whitelist[] = {
"botan_privkey_create",
"botan_privkey_load_ecdh",
"botan_privkey_load",
+ "botan_kdf",
};
/**
Index: strongswan-5.9.5/src/libtls/tls_hkdf.c
===================================================================
--- strongswan-5.9.5.orig/src/libtls/tls_hkdf.c
+++ strongswan-5.9.5/src/libtls/tls_hkdf.c
@@ -18,7 +18,6 @@
#include "tls_hkdf.h"
#include <bio/bio_writer.h>
-#include <crypto/prf_plus.h>
typedef struct private_tls_hkdf_t private_tls_hkdf_t;
@@ -52,6 +51,11 @@ struct private_tls_hkdf_t {
prf_t *prf;
/**
+ * prf+ implementation.
+ */
+ kdf_t *prf_plus;
+
+ /**
* Hasher used.
*/
hasher_t *hasher;
@@ -115,7 +119,6 @@ static bool extract(private_tls_hkdf_t *
}
DBG4(DBG_TLS, "PRK: %B", prk);
-
return TRUE;
}
@@ -126,24 +129,15 @@ static bool extract(private_tls_hkdf_t *
static bool expand(private_tls_hkdf_t *this, chunk_t prk, chunk_t info,
size_t length, chunk_t *okm)
{
- prf_plus_t *prf_plus;
-
- if (!this->prf->set_key(this->prf, prk))
- {
- DBG1(DBG_TLS, "unable to set PRF secret to PRK");
- return FALSE;
- }
- prf_plus = prf_plus_create(this->prf, TRUE, info);
- if (!prf_plus || !prf_plus->allocate_bytes(prf_plus, length, okm))
+ if (!this->prf_plus->set_param(this->prf_plus, KDF_PARAM_KEY, prk) ||
+ !this->prf_plus->set_param(this->prf_plus, KDF_PARAM_SALT, info) ||
+ !this->prf_plus->allocate_bytes(this->prf_plus, length, okm))
{
DBG1(DBG_TLS, "unable to allocate PRF+ result");
- DESTROY_IF(prf_plus);
return FALSE;
}
- prf_plus->destroy(prf_plus);
DBG4(DBG_TLS, "OKM: %B", okm);
-
return TRUE;
}
@@ -681,6 +675,7 @@ METHOD(tls_hkdf_t, destroy, void,
destroy_secrets(&this->handshake_traffic_secrets);
destroy_secrets(&this->traffic_secrets);
DESTROY_IF(this->prf);
+ DESTROY_IF(this->prf_plus);
DESTROY_IF(this->hasher);
free(this);
}
@@ -720,16 +715,23 @@ tls_hkdf_t *tls_hkdf_create(hash_algorit
.phase = HKDF_PHASE_0,
.psk = psk.ptr ? chunk_clone(psk) : chunk_empty,
.prf = lib->crypto->create_prf(lib->crypto, prf_algorithm),
+ .prf_plus = lib->crypto->create_kdf(lib->crypto, KDF_PRF_PLUS,
+ prf_algorithm),
.hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm),
);
- if (!this->prf || !this->hasher)
+ if (!this->prf || !this->prf_plus || !this->hasher)
{
if (!this->prf)
{
DBG1(DBG_TLS, "%N not supported", pseudo_random_function_names,
prf_algorithm);
}
+ if (!this->prf_plus)
+ {
+ DBG1(DBG_TLS, "%N (%N) not supported", key_derivation_function_names,
+ KDF_PRF_PLUS, pseudo_random_function_names, prf_algorithm);
+ }
if (!this->hasher)
{
DBG1(DBG_TLS, "%N not supported", hash_algorithm_names,
Index: strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = sha1 sha2 md5 aes des hmac pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
+ load = sha1 sha2 md5 aes des hmac kdf pem pkcs1 x509 revocation constraints curve25519 pubkey gmp random nonce curl kernel-netlink socket-default updown stroke vici
}
Index: strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk
===================================================================
--- strongswan-5.9.5.orig/testing/scripts/recipes/012_wolfssl.mk
+++ strongswan-5.9.5/testing/scripts/recipes/012_wolfssl.mk
@@ -2,7 +2,7 @@
PKG = wolfssl
SRC = https://github.com/wolfSSL/$(PKG).git
-REV = v5.1.1-stable
+REV = v5.2.0-stable
NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/af-alg/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
+ load = random nonce kdf pem pkcs1 af-alg gmp x509 revocation kernel-netlink curl socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
+ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac xcbc ctr ccm gcm kernel-netlink socket-default updown vici
+ load = random nonce kdf test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp x509 revocation curl hmac kdf xcbc ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
Index: strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/af-alg/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
+ load = random nonce kdf test-vectors pem pkcs1 af-alg gmp x509 revocation curl ctr ccm gcm kernel-netlink socket-default updown vici
integrity_test = yes
crypto_test {
on_add = yes
Index: strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/botan/net2net-ed25519/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation constraints curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
rsa_pss = yes
}
Index: strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
rsa_pss = yes
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/carol/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-serpent/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/carol/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation curl vici kernel-netlink socket-default
+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation curl vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev1/alg-twofish/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = nonce pem pkcs1 gcrypt hmac x509 revocation vici kernel-netlink socket-default
+ load = nonce pem pkcs1 gcrypt hmac kdf x509 revocation vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
+ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/alg-camellia/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce pem pkcs1 gcrypt hmac x509 revocation kernel-netlink curl socket-default updown vici
+ load = random nonce pem pkcs1 gcrypt hmac kdf x509 revocation kernel-netlink curl socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc ctr ccm vici stroke kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc ctr ccm vici stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
required = yes
Index: strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/gcrypt-ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = curl test-vectors pem pkcs1 gcrypt nonce x509 revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
on_add = yes
Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha
plugins {
ha {
Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/active-passive/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha
plugins {
ha {
Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha
plugins {
ha {
Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ha/both-active/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default ha
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default ha
plugins {
ha {
Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ike/rw_v1-net_v2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac x509 curl revocation stroke kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp hmac kdf x509 curl revocation stroke kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload-push/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic resolve kernel-netlink socket-default stroke updown
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic attr kernel-netlink socket-default stroke updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic attr kernel-netlink socket-default stroke updown
dns1 = 192.168.0.150
dns2 = 10.1.0.20
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 md5 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1-stroke/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown stroke
}
Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload-push/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/config-payload/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/dynamic-responder/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/ip-pool/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-aggressive/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default unity
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default unity
cisco_unity = yes
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert-unity/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default attr unity
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default attr unity
cisco_unity = yes
plugins {
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
initiator_only = yes
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce des sha1 sha2 hmac pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce des sha1 sha2 hmac kdf pkcs1 pem x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-multi-ciphers/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des sha1 sha2 hmac pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes des sha1 sha2 hmac kdf pkcs1 pem x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-aggressive/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
i_dont_care_about_security_and_use_aggressive_mode_psk = yes
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac gmp kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf gmp kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ip-ranges/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-psk-config/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-aggressive/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-config/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-id-rsa-hybrid/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-psk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici
+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-md5 eap-radius xauth-eap kernel-netlink socket-default updown vici
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici
+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl eap-radius kernel-netlink socket-default updown vici
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev1/xauth-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl xauth-generic kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-3des-md5/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ccm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ccm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-ctr/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc ctr gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-gcm/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 xcbc gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-blowfish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce blowfish sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-chacha20poly1305/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce sha1 sha2 pem pkcs1 curve25519 chapoly gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-modp-subgroup/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha256/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-aes-gmac/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gcm gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-md5-128/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des md5 sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha1-160/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-algs/esp-alg-sha256-96/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/config-payload/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown attr
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-swapped/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default sqlite attr-sql updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default sqlite attr-sql updown
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool-wish/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-pool/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke sqlite attr-sql kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke sqlite attr-sql kernel-netlink socket-default updown
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
signature_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
signature_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v3/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
+ load = random nonce aes md5 sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-pgp-v4/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pgp curve25519 gmp stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-rsa/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey curl kernel-netlink socket-default stroke updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/net2net-start/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
+ load = random drbg nonce test-vectors aes des sha1 sha2 sha3 md5 chapoly mgf1 curve25519 ntru newhope pem pkcs1 pkcs8 gmp x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm stroke kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
integrity_test = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-aka eap-aka-3gpp2 updown
integrity_test = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-prompt/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
+ load = random nonce aes des sha1 sha2 md4 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-mschapv2 eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
plugins {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des sha1 sha2 md4 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
plugins {
eap-peap {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius eap-identity updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 curve25519 hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 curve25519 hmac kdf stroke kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
integrity_test = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default fips-prf eap-sim eap-sim-file updown
integrity_test = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf gcm stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default eap-radius updown
multiple_authentication=no
plugins {
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip-override/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2-stroke/virtual-ip/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-cached/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-fallback/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 acert curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/acert-inline/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 acert revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/after-2038-certs/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/compress-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/config-payload/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/critical-extension/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
multiple_authentication = no
}
\ No newline at end of file
Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-from-cache/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
cache_crls = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici
cache_crls = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-ldap/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 ldap revocation hmac kdf kernel-netlink socket-default vici
cache_crls = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-revoked/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
cache_crls = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/crl-to-cache/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
cache_crls = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr farp dhcp
plugins {
dhcp {
Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/double-nat-net/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/double-nat/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-clear/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-restart/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dpd-trap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/dynamic-initiator/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/farp/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici attr farp
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
}
Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/force-udp-encap/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/forecast/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr forecast
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown attr forecast
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-ah/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation xcbc gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default connmark
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default connmark
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-connmark/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport-nat/hosts/venus/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/inactivity-timeout/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-pool/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default sqlite attr-sql vici
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-db/hosts/venus/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici resolve
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-mixed/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl sqlite attr-sql kernel-netlink socket-default updown vici
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6-db/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici sqlite attr-sql
plugins {
attr-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools-v4v6/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ip-two-pools/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/lookip/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl vici kernel-netlink socket-default updown lookip
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-nat-mappings/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/alice/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
prefer_best_path = yes
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip-nat/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/alice/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mobike/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-mark/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw-psk/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/nat-virtual-ip/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ah/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert-sha2/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-childless/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown
plugins {
dnscert {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnscert/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound dnscert x509 curl kernel-netlink socket-default vici updown
plugins {
dnscert {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown
plugins {
ipseckey {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-dnssec/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 gmp dnskey pem pkcs1 pubkey unbound ipseckey curl kernel-netlink socket-default vici updown
plugins {
ipseckey {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ed25519/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-esn/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-gw/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-multicast/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf kernel-netlink socket-default forecast vici
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-ntru-bandwidth/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl mgf1 ntru revocation hmac kdf vici kernel-netlink socket-default updown
multiple_authentication = no
send_vendor_id = yes
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/moon/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints
+ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-pkcs12/hosts/sun/etc/strongswan.conf
@@ -1,9 +1,9 @@
# /etc/strongswan.conf - strongSwan configuration file
swanctl {
- load = random aes sha1 sha2 hmac pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints
+ load = random aes sha1 sha2 hmac kdf pem pkcs1 pkcs7 pkcs8 pkcs12 gmp x509 revocation constraints
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-dscp/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac curl vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf curl vici kernel-netlink socket-default updown
multiple_authentication = no
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk-fail/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rekey/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
cfg = 2
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-rfc3779/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation addrblock curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
cfg = 2
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-route/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-same-nets/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/net2net-start/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
plugins {
revocation {
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-disabled/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
plugins {
revocation {
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-local-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-no-signer-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-revoked/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-root-cert/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp curve25519 x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-good/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-timeouts-unknown/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/ocsp-untrusted-cert/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-range/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/protoport-trap/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-early/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown md5 eap-tls
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown md5 eap-tls
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-late/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
make_before_break = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-revoked/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
make_before_break = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb-virtual-ip/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
make_before_break = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/reauth-mbb/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/alice/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/dave/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/redirect-active/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-ppk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert-pss/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
rsa_pss = yes
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce test-vectors aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve
plugins {
ipseckey {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac vici kernel-netlink socket-default updown resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp dnskey pubkey unbound ipseckey hmac kdf vici kernel-netlink socket-default updown resolve
plugins {
ipseckey {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-dnssec/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac vici kernel-netlink socket-default updown attr
+ load = random nonce aes sha1 sha2 pem pkcs1 dnskey pubkey unbound ipseckey curve25519 gmp hmac kdf vici kernel-netlink socket-default updown attr
dns1 = PH_IP_WINNETOU
dns2 = PH_IP_VENUS
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-id-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-aka eap-aka-3gpp2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-aka eap-aka-3gpp2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
plugins {
eap-simaka-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-aka-sql-rsa/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default sqlite fips-prf eap-aka eap-simaka-sql updown
plugins {
eap-simaka-sql {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 mgf1 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-dynamic/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown
+ load = random nonce aes sha1 sha2 md5 mgf1 pem pkcs1 curve25519 mfg1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 eap-tls eap-dynamic updown
plugins {
eap-dynamic {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-framed-ip-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-class-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-id-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-md5-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown
+ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-mschapv2 updown
+ load = random nonce aes des md4 sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-mschapv2 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-md5/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-mschapv2/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
+ load = random nonce aes des md4 md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-mschapv2 eap-peap updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-peap updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-peap-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-id-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-only-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-sim-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-sim eap-sim-file updown
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-sim eap-sim-file updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-fragments/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-only/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-tls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-tls updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-tls updown
multiple_authentication = no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
}
libtls {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-tls-sha3-rsa/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce md5 sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
+ load = random nonce md5 sha1 sha2 sha3 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 mgf1 gmp curl eap-tls kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-only/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 mgf1 gmp x509 curl revocation hmac kdf gcm vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
multiple_authentication=no
syslog {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-eap-ttls-radius/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
default = 1 }
Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
hash_and_url = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
hash_and_url = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-hash-and-url/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
hash_and_url = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
initiator_only = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-initiator-only/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-mark-in-out/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-newhope-bliss/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes chapoly newhope mgf1 bliss hmac kdf pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-bliss/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random drbg nonce aes sha1 sha2 sha3 hmac mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 sha3 hmac kdf mgf1 ntru bliss x509 revocation pem pkcs1 curl vici kernel-netlink socket-default updown
send_vendor_id = yes
fragment_size = 1500
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/carol/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/dave/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-ntru-psk/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac vici kernel-netlink socket-default updown
+ load = random drbg nonce aes sha1 sha2 mgf1 ntru hmac kdf vici kernel-netlink socket-default updown
send_vendor_id = yes
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-pkcs8/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 gmp x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-fqdn/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 md5 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-no-idr/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
syslog {
daemon {
ike = 4
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-ppk/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-mixed/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-md5 updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-radius-accounting/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default eap-identity eap-radius updown
plugins {
eap-radius {
Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-sig-auth/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/rw-whitelist/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 mgf1 aes hmac pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 mgf1 aes hmac kdf pem pkcs1 x509 revocation constraints whitelist pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
plugins {
whitelist {
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-manual-prio/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac xcbc ctr ccm gcm vici kernel-netlink socket-default updown
+ load = random drbg nonce aes des md5 sha1 sha2 sha3 chapoly pem pkcs1 pkcs8 curve25519 gmp newhope mgf1 ntru x509 curl revocation hmac kdf xcbc ctr ccm gcm vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/strong-keys-certs/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/carol/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/trap-any/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
syslog {
daemon {
knl = 2
Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/two-certs/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default vici
}
Index: strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ikev2/wildcards/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
install_routes = no
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
install_routes=no
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
install_routes = no
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,6 +1,6 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
install_routes=no
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -2,5 +2,5 @@
charon {
hash_and_url = yes
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 curve25519 hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6-stroke/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev1/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/host2host-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev1/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev1/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip4-in-ip6-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
install_routes = no
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev1/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
install_routes = no
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
install_routes = no
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-ip6-in-ip4-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
fragment_size = 1400
install_routes = no
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/net2net-rfc3779-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-compress-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-ip6-in-ip4-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-psk-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 curve25519 hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 curve25519 hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/rw-rfc3779-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation addrblock hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev1/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/ipv6/transport-ikev2/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/host2host-cert/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/net2net-3des/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce des sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/libipsec/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -5,6 +5,6 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-libipsec kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 gcm pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-libipsec kernel-netlink socket-default updown
multiple_authentication = no
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev1/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-brainpool-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-high/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev2/alg-ecp-low/hosts/dave/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac x509 openssl curl revocation vici kernel-netlink socket-default updown
+ load = random nonce aes des sha1 sha2 gmp pem pkcs1 hmac kdf x509 openssl curl revocation vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/openssl-ikev2/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown
+ load = test-vectors aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc cmac ctr ccm gcm vici kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/behind-same-nat/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/bob/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/p2pnat/medsrv-psk/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-aes-xcbc/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 kdf pem pkcs1 gmp x509 curl revocation xcbc stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha384/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/alg-sha512/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/compress/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/esp-alg-null/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/host2host-transport/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
# remove rekeyed inbound SA a bit quicker for the test scenario
delete_rekeyed_delay = 2
syslog {
Index: strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/net2net-rekey/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/net2net-route/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/protoport-dual/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/carol/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/protoport-route/hosts/moon/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/rw-cert/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce test-vectors aes des sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf xcbc stroke kernel-pfkey kernel-netlink socket-default updown
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -1,5 +1,5 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/pfkey/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac stroke kernel-pfkey kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf stroke kernel-pfkey kernel-netlink socket-default updown
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-gre/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-vti/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-ike/hosts/sun/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default
start-scripts {
updown = /usr/bin/python3 /etc/updown.py
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi-netns/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/net2net-xfrmi/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti-ip6-in-ip4/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-vti/hosts/moon/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
charon {
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/route-based/rw-shared-xfrmi/hosts/moon/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
+ load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-expired/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
plugins {
sql {
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db-restart/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
plugins {
sql {
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql resolve
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql resolve
}
Index: strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-pool-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
plugins {
sql {
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db-restart/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
plugins {
sql {
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/ip-split-pools-db/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon {
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
plugins {
sql {
Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/multi-level-ca/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-cert/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-psk/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-route-pem/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/net2net-start-pem/hosts/sun/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/carol/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/dave/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
integrity_test = yes
crypto_test {
Index: strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-cert/hosts/moon/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = test-vectors random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
integrity_test = yes
}
Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
Index: strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-eap-aka-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
+ load = random nonce aes sha1 sha2 fips-prf pem pkcs1 gmp x509 revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql eap-aka eap-aka-3gpp2
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv4/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-ipv6/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-psk-rsa-split/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa-keyid/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/carol/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/dave/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/rw-rsa/hosts/moon/etc/strongswan.conf
@@ -6,5 +6,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 pubkey gmp hmac kdf vici kernel-netlink socket-default updown sqlite sql
}
Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/alice/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/sun/etc/strongswan.conf
@@ -9,5 +9,5 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql attr-sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql attr-sql
}
Index: strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/sql/shunt-policies-nat-rw/hosts/venus/etc/strongswan.conf
@@ -6,7 +6,7 @@ charon {
database = sqlite:///etc/db.d/ipsec.db
}
}
- load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown sqlite sql
+ load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kdf vici kernel-netlink socket-default updown sqlite sql
keep_alive = 5
}
Index: strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/host2host-initiator/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/host2host-responder/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/host2host-xfrmproxy/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/carol/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/multiple-clients/hosts/dave/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/net2net-initiator/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/net2net-xfrmproxy/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-expire/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tkm/xfrmproxy-rekey/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac xcbc vici kernel-netlink socket-default updown
+ load = aes sha1 sha2 pem pkcs1 gmp random nonce x509 curl revocation hmac kdf xcbc vici kernel-netlink socket-default updown
}
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-11/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-block/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-client-retry/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-init/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-fail-resp/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-hcd-eap/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
plugins {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-os/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici socket-default kernel-netlink eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
syslog {
daemon {
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pdp-eap/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-radius updown
multiple_authentication=no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-pts-no-ecc/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
+ load = random nonce aes sha1 sha2 md5 mgf1 gmp hmac kdf pem pkcs1 x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20-tls/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-20/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
multiple_authentication = no
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/carol/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
multiple_authentication=no
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/dave/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
multiple_authentication=no
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/tnc/tnccs-dynamic/hosts/moon/etc/strongswan.conf
@@ -1,7 +1,7 @@
# /etc/strongswan.conf - strongSwan configuration file
charon-systemd {
- load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
+ load = random nonce aes sha1 sha2 md5 pem pkcs1 mgf1 gmp hmac kdf x509 revocation curl vici kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-dynamic tnccs-11 tnccs-20 tnc-imv updown
multiple_authentication=no
integrity_test = yes
Index: strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/wolfssl/net2net-ed25519/hosts/sun/etc/strongswan.conf
@@ -5,5 +5,5 @@ swanctl {
}
charon-systemd {
- load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
+ load = random nonce aes sha1 sha2 hmac kdf pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
}
Index: strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/wolfssl/rw-cert/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 sha3 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 sha3 aes curve25519 hmac kdf mgf1 pem pkcs1 x509 revocation constraints gmp curl kernel-netlink socket-default updown vici
rsa_pss = yes
}
Index: strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf
===================================================================
--- strongswan-5.9.5.orig/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf
+++ strongswan-5.9.5/testing/tests/wolfssl/rw-modp3072/hosts/dave/etc/strongswan.conf
@@ -5,7 +5,7 @@ swanctl {
}
charon-systemd {
- load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+ load = random nonce sha1 sha2 aes hmac kdf mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
rsa_pss = yes
}