###############################################################################
VPN_SECURITY_POLICIES_CONFIG_SETTINGS="CIPHERS COMPRESSION GROUP_TYPES \
- INTEGRITY PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
+ INTEGRITIES PSEUDO_RANDOM_FUNCTIONS KEY_EXCHANGE LIFETIME PFS"
VPN_SECURITY_POLICIES_READONLY="system performance"
VPN_DEFAULT_SECURITY_POLICY="system"
[AES-CMAC]="prfaescmac"
)
-declare -A VPN_SUPPORTED_INTEGRITY=(
+declare -A VPN_SUPPORTED_INTEGRITIES=(
[MD5]="MD5-HMAC"
# SHA
shift 2
case "${key}" in
- ciphers|compression|integrity|lifetime|pfs|show)
+ ciphers|compression|integrities|lifetime|pfs|show)
vpn_security_policies_${key} ${security_policy} "$@"
;;
pseudo-random-functions)
cli_print_fmt1 1 "Integrity:"
local integrity
- for integrity in ${INTEGRITY}; do
- cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITY[${integrity}]-${integrity}}"
+ for integrity in ${INTEGRITIES}; do
+ cli_print_fmt1 2 "${VPN_SUPPORTED_INTEGRITIES[${integrity}]-${integrity}}"
done
cli_space
}
# This function parses the parameters for the 'integrity' command
-vpn_security_policies_integrity(){
+vpn_security_policies_integrities() {
local name=${1}
shift
if [ $# -eq 0 ]; then
- log ERROR "You must pass at least one value after integrity"
+ log ERROR "You must pass at least one value"
return ${EXIT_ERROR}
fi
- local INTEGRITY
- if ! vpn_security_policies_read_config ${name} "INTEGRITY"; then
+ local INTEGRITIES
+ if ! vpn_security_policies_read_config ${name} "INTEGRITIES"; then
return ${EXIT_ERROR}
fi
# Remove duplicated entries to proceed the list safely
- INTEGRITY="$(list_unique ${INTEGRITY})"
+ INTEGRITIES="$(list_unique ${INTEGRITIES})"
local integritys_added
local integritys_removed
fi
done
- INTEGRITY="${integritys_set}"
+ INTEGRITIES="${integritys_set}"
# Perform incremental updates
else
# Perform all removals
for integrity in ${integritys_removed}; do
- if ! list_remove INTEGRITY ${integrity}; then
+ if ! list_remove INTEGRITIES ${integrity}; then
warning "${integrity} was not on the list and could not be removed"
fi
done
for integrity in ${integritys_added}; do
if vpn_security_policies_integrity_supported ${integrity}; then
- if ! list_append_unique INTEGRITY ${integrity}; then
+ if ! list_append_unique INTEGRITIES ${integrity}; then
warning "${integrity} is already on the integrity list"
fi
else
fi
# Check if the list contain at least one valid integrity
- if list_is_empty INTEGRITY; then
+ if list_is_empty INTEGRITIES; then
error "Cannot save an empty integrity hashes list"
return ${EXIT_ERROR}
fi
# Save everything
- if ! vpn_security_policies_write_config_key ${name} "INTEGRITY" ${INTEGRITY}; then
+ if ! vpn_security_policies_write_config_key ${name} "INTEGRITIES" ${INTEGRITIES}; then
log ERROR "The changes for the vpn security policy ${name} could not be written."
fi
cli_headline 1 "Current integrity hashes list for ${name}:"
- for integrity in ${INTEGRITY}; do
- cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITY[${integrity}]}"
+ for integrity in ${INTEGRITIES}; do
+ cli_print_fmt1 1 "${integrity}" "${VPN_SUPPORTED_INTEGRITIES[${integrity}]}"
done
}
vpn_security_policies_integrity_supported() {
local integrity=${1}
- list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITY[@]}
+ list_match ${integrity} ${!VPN_SUPPORTED_INTEGRITIES[@]}
}
vpn_security_policies_pseudo_random_function_supported() {
local proposals
local cipher
- for cipher in ${CIPHER}; do
+ for cipher in ${CIPHERS}; do
# Translate cipher
local _cipher=${CIPHER_TO_STRONGSWAN[${cipher}]}
fi
local group_type
- for group_type in ${GROUP_TYPE}; do
+ for group_type in ${GROUP_TYPES}; do
local _group_type=${GROUP_TYPE_TO_STRONGSWAN[${group_type}]}
if ! isset _group_type; then
done
else
local integrity
- for integrity in ${INTEGRITY}; do
+ for integrity in ${INTEGRITIES}; do
local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
if ! isset _integrity; then
fi
local group_type
- for group_type in ${GROUP_TYPE}; do
+ for group_type in ${GROUP_TYPES}; do
local _group_type=${GROUP_TYPE_TO_STRONGSWAN[${group_type}]}
if ! isset _group_type; then
local proposals
local cipher
- for cipher in ${CIPHER}; do
+ for cipher in ${CIPHERS}; do
# Translate cipher
local _cipher=${CIPHER_TO_STRONGSWAN[${cipher}]}
if vpn_security_policies_cipher_is_aead ${cipher}; then
local group_type
- for group_type in ${GROUP_TYPE}; do
+ for group_type in ${GROUP_TYPES}; do
local _group_type=${GROUP_TYPE_TO_STRONGSWAN[${group_type}]}
if ! isset _group_type; then
done
else
local integrity
- for integrity in ${INTEGRITY}; do
+ for integrity in ${INTEGRITIES}; do
local _integrity=${INTEGRITY_TO_STRONGSWAN[${integrity}]}
if ! isset _integrity; then
fi
local group_type
- for group_type in ${GROUP_TYPE}; do
+ for group_type in ${GROUP_TYPES}; do
local _group_type=${GROUP_TYPE_TO_STRONGSWAN[${group_type}]}
if ! isset _group_type; then