[CAMELLIA128-CCM64]="128 bit CAMELLIA-CCM with 64 bit ICV"
)
-VPN_SUPPORTED_INTEGRITY="SHA512 SHA256 SHA128"
-VPN_SUPPORTED_GROUP_TYPES="MODP8192 MODP4096"
+declare -A VPN_SUPPORTED_INTEGRITY=(
+ [MD5]="MD5-HMAC"
+
+ # SHA
+ [SHA1]="SHA1-HMAC"
+ [SHA512]="512 bit SHA2-HMAC"
+ [SHA384]="384 bit SHA2-HMAC"
+ [SHA256]="256 bit SHA2-HMAC"
+
+ # AES
+ [AES-XCBC]="AES-XCBC"
+ [AES-CMAC]="AES-CMAC"
+ [AES256-GMAC]="256 bit AES-GMAC"
+ [AES192-GMAC]="192 bit AES-GMAC"
+ [AES128-GMAC]="128 bit AES-GMAC"
+)
+
+declare -A VPN_SUPPORTED_GROUP_TYPES=(
+ # Regular Groups
+ [MODP768]="768 bit Modulo Prime Group"
+ [MODP1024]="1024 bit Modulo Prime Group"
+ [MODP1536]="1536 bit Modulo Prime Group"
+ [MODP2048]="2048 bit Modulo Prime Group"
+ [MODP3072]="3072 bit Modulo Prime Group"
+ [MODP4096]="4096 bit Modulo Prime Group"
+ [MODP6144]="6144 bit Modulo Prime Group"
+ [MODP8192]="8192 bit Modulo Prime Group"
+
+ # NIST Elliptic Curve Groups
+ [ECP192]="192 bit NIST Elliptic Curve Group"
+ [ECP224]="224 bit NIST Elliptic Curve Group"
+ [ECP256]="256 bit NIST Elliptic Curve Group"
+ [ECP384]="384 bit NIST Elliptic Curve Group"
+ [ECP521]="521 bit NIST Elliptic Curve Group"
+
+ # Brainpool Elliptic Curve Groups
+ [ECP224BP]="224 bit Brainpool Elliptic Curve Group"
+ [ECP256BP]="256 bit Brainpool Elliptic Curve Group"
+ [ECP384BP]="384 bit Brainpool Elliptic Curve Group"
+ [ECP512BP]="512 bit Brainpool Elliptic Curve Group"
+
+ # Curve25519
+ [CURVE25519]="256 bit Elliptic Curve 25519"
+)
# This functions checks if a policy is readonly
# returns true when yes and false when no
# This could be done in a loop but a loop is much more complicated
# because we print 'Group Types' but the variable is named 'GROUP_TYPES'
cli_print_fmt1 1 "Ciphers:"
-
local cipher
for cipher in ${CIPHER}; do
cli_print_fmt1 2 "${VPN_SUPPORTED_CIPHERS[${cipher}]-${cipher}}"
cli_space
cli_print_fmt1 1 "Integrity:"
- cli_print_fmt1 2 "${INTEGRITY}"
+ local integrity
+ for integrity in ${INTEGRITY}; do
+ cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITY[${integrity}]-${integrity}}"
+ done
cli_space
cli_print_fmt1 1 "Group Types:"
- cli_print_fmt1 2 "${GROUP_TYPE}"
+ local group_type
+ for group_type in ${GROUP_TYPE}; do
+ cli_print_fmt1 2 "${VPN_SUPPORTED_GROUP_TYPES[${group_type}]-${group_type}}"
+ done
cli_space
cli_print_fmt1 1 "Key Exchange:" "${KEY_EXCHANGE}"
+*)
value=${1#+}
# Check if the group type is in the list of supported group types.
- if ! isoneof value ${VPN_SUPPORTED_GROUP_TYPES}; then
+ if ! isoneof value ${!VPN_SUPPORTED_GROUP_TYPES[@]}; then
# We do not break here because the processing of other maybe valid values are indepent from this error.
log ERROR "${value} is not a supported group type and can thats why not added to the list of group types."
else
+*)
value=${1#+}
# Check if the Ciphers is in the list of supported integrity hashes.
- if ! isoneof value ${VPN_SUPPORTED_INTEGRITY}; then
+ if ! isoneof value ${!VPN_SUPPORTED_INTEGRITY[@]}; then
# We do not break here because the processing of other maybe valid values are indepent from this error.
log ERROR "${value} is not a supported integrity hash and can thats why not added to the list of integrity hashes."
else