From 0348623dca8b4da570d6efb16c72482387101717 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 31 Mar 2020 09:27:16 +0000
Subject: [PATCH] IPsec: Add support for SHA3 for IKE and ESP

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 3541aaa29..524988355 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -2383,11 +2383,11 @@ END
 
 	#use default advanced value
 	$cgiparams{'IKE_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
-	$cgiparams{'IKE_INTEGRITY'}		= 'sha2_512|sha2_256'; #[19];
+	$cgiparams{'IKE_INTEGRITY'}		= 'sha3_512|sha3_256|sha2_512|sha2_256'; #[19];
 	$cgiparams{'IKE_GROUPTYPE'}             = 'curve448|curve25519|e521|e384|4096|3072'; #[20];
 	$cgiparams{'IKE_LIFETIME'}		= '3'; #[16];
 	$cgiparams{'ESP_ENCRYPTION'}	= 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
-	$cgiparams{'ESP_INTEGRITY'}		= 'sha2_512|sha2_256'; #[22];
+	$cgiparams{'ESP_INTEGRITY'}		= 'sha3_512|sha3_256|sha2_512|sha2_256'; #[22];
 	$cgiparams{'ESP_GROUPTYPE'}             = 'curve448|curve25519|e521|e384|4096|3072'; #[23];
 	$cgiparams{'ESP_KEYLIFE'}		= '1'; #[17];
 	$cgiparams{'COMPRESSION'}		= 'off'; #[13];
@@ -2758,7 +2758,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(sha2_(512|384|256)|sha|md5|aesxcbc)$/) {
+			if ($val !~ /^(sha3_(512|384|256|224)|sha2_(512|384|256)|sha|md5|aesxcbc)$/) {
 				$errormessage = $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2799,7 +2799,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			goto ADVANCED_ERROR;
 		}
 		foreach my $val (@temp) {
-			if ($val !~ /^(sha2_(512|384|256)|sha1|md5|aesxcbc)$/) {
+			if ($val !~ /^(sha3_(512|384|256|224)|sha2_(512|384|256)|sha|md5|aesxcbc)$/) {
 				$errormessage = $Lang::tr{'invalid input'};
 				goto ADVANCED_ERROR;
 			}
@@ -2942,6 +2942,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$checked{'IKE_ENCRYPTION'}{'camellia128'} = '';
 	my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
 	foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
+	$checked{'IKE_INTEGRITY'}{'sha3_512'} = '';
+	$checked{'IKE_INTEGRITY'}{'sha3_384'} = '';
+	$checked{'IKE_INTEGRITY'}{'sha3_256'} = '';
+	$checked{'IKE_INTEGRITY'}{'sha3_224'} = '';
 	$checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
 	$checked{'IKE_INTEGRITY'}{'sha2_384'} = '';
 	$checked{'IKE_INTEGRITY'}{'sha2_256'} = '';
@@ -2982,6 +2986,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	$checked{'ESP_ENCRYPTION'}{'camellia128'} = '';
 	@temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
 	foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
+	$checked{'ESP_INTEGRITY'}{'sha3_512'} = '';
+	$checked{'ESP_INTEGRITY'}{'sha3_384'} = '';
+	$checked{'ESP_INTEGRITY'}{'sha3_256'} = '';
+	$checked{'ESP_INTEGRITY'}{'sha3_224'} = '';
 	$checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
 	$checked{'ESP_INTEGRITY'}{'sha2_384'} = '';
 	$checked{'ESP_INTEGRITY'}{'sha2_256'} = '';
@@ -3123,6 +3131,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			<td class='boldbase' width="15%">$Lang::tr{'integrity'}</td>
 			<td class='boldbase'>
 				<select name='IKE_INTEGRITY' multiple='multiple' size='6' style='width: 100%'>
+					<option value='sha3_512' $checked{'IKE_INTEGRITY'}{'sha3_512'}>SHA3 512 bit</option>
+					<option value='sha3_384' $checked{'IKE_INTEGRITY'}{'sha3_384'}>SHA3 384 bit</option>
+					<option value='sha3_256' $checked{'IKE_INTEGRITY'}{'sha3_256'}>SHA3 256 bit</option>
+					<option value='sha3_224' $checked{'IKE_INTEGRITY'}{'sha3_224'}>SHA3 224 bit</option>
 					<option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
 					<option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
 					<option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
@@ -3133,6 +3145,10 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 			</td>
 			<td class='boldbase'>
 				<select name='ESP_INTEGRITY' multiple='multiple' size='6' style='width: 100%'>
+					<option value='sha3_512' $checked{'ESP_INTEGRITY'}{'sha3_512'}>SHA3 512 bit</option>
+					<option value='sha3_384' $checked{'ESP_INTEGRITY'}{'sha3_384'}>SHA3 384 bit</option>
+					<option value='sha3_256' $checked{'ESP_INTEGRITY'}{'sha3_256'}>SHA3 256 bit</option>
+					<option value='sha3_224' $checked{'ESP_INTEGRITY'}{'sha3_224'}>SHA3 224 bit</option>
 					<option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
 					<option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
 					<option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
-- 
2.39.5