IPsec: Add support for Curve448

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance

index b226d8db6cdf4c4d787156ac9a797afd70351814..209f43da6882e3b93c71a14a9d4dd5f1642289e7 100644 (file)
--- a/config/vpn/security-policies/performance
+++ b/config/vpn/security-policies/performance
@@ -1,6 +1,6 @@
  CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
  COMPRESSION="off"
-GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192"
  INTEGRITIES="SHA256"
  PSEUDO_RANDOM_FUNCTIONS="SHA256"
  KEY_EXCHANGE="ikev2"
diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system

index db30e69c9d5827d0436ced86e53db66f0db642ee..6ceb0c4859a44f5ccb8c42d96536a46ffe6d6b50 100644 (file)
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -1,7 +1,7 @@
  KEY_EXCHANGE="ikev2"
  CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
  INTEGRITIES="SHA512 SHA384 SHA256"
-GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
  PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
  LIFETIME="28800"
  PFS="on"
diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies

index d1d720b63b0342346b83599a29e29df1042a6f82..138e8210e12096dc696ba3c47287dac2acf330fe 100644 (file)
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -263,6 +263,9 @@ declare -A VPN_SUPPORTED_GROUP_TYPES=(
  
         # Curve25519
         [CURVE25519]="256 bit Elliptic Curve 25519"
+
+       # Curve448
+       [CURVE448]="224 bit Elliptic Curve 448"
  )
  
  declare -A GROUP_TYPE_TO_STRONGSWAN=(
@@ -289,8 +292,9 @@ declare -A GROUP_TYPE_TO_STRONGSWAN=(
         [ECP384BP]="ecp384bp"
         [ECP512BP]="ecp512bp"
  
-       # Curve25519
+       # More Curves
         [CURVE25519]="curve25519"
+       [CURVE448]="curve448"
  )
  
  cli_vpn_security_policies() {
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
config/vpn/security-policies/performance		patch \| blob \| blame \| history
config/vpn/security-policies/system		patch \| blob \| blame \| history
src/functions/functions.vpn-security-policies		patch \| blob \| blame \| history