security-policies: Turn VPN_SUPPORTED_CIPHERS into an associative array

This allows us to store meaningful descriptions with the handles

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index 47bc34bc23211e486e55e106249c2d4089a02bcf..e7c2494b0f7248839daa4b1ae37f17e4598d2ec9 100644 (file)
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -24,7 +24,12 @@ VPN_SECURITY_POLICIES_READONLY="system"
 
 VPN_DEFAULT_SECURITY_POLICY="system"
 
-VPN_SUPPORTED_CIPHERS="AES192 AES256 AES512"
+declare -A VPN_SUPPORTED_CIPHERS=(
+       [AES256-CBC]="256 bit AES-CBC"
+       [AES192-CBC]="192 bit AES-CBC"
+       [AES128-CBC]="128 bit AES-CBC"
+)
+
 VPN_SUPPORTED_INTEGRITY="SHA512 SHA256 SHA128"
 VPN_SUPPORTED_GROUP_TYPES="MODP8192 MODP4096"
 
@@ -244,7 +249,7 @@ vpn_security_policies_cipher(){
                        +*)
                                value=${1#+}
                                # Check if the Ciphers is in the list of supported ciphers.
-                               if ! isoneof value ${VPN_SUPPORTED_CIPHERS}; then
+                               if ! isoneof value ${!VPN_SUPPORTED_CIPHERS[@]}; then
                                        # We do not break here because this error does not break the processing of the next maybe valid values.
                                        log ERROR "${value} is not a supported cipher and can thats why not added to the list of ciphers."
                                else