]> git.ipfire.org Git - people/jschlag/network.git/commitdiff
projects / people / jschlag / network.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b907d1e)
IPsec: Add support for ChaCha20-Poly1305
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 15 Sep 2018 12:49:59 +0000 (13:49 +0100)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 15 Sep 2018 12:49:59 +0000 (13:49 +0100)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/vpn/security-policies/performance patch | blob | blame | history
config/vpn/security-policies/system patch | blob | blame | history
src/functions/functions.vpn-security-policies patch | blob | blame | history

diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
index a40b454c3e3294c5f67929cfb7cb3b3106ce4144..0d4f0ee6363962f72c8719bc637089eaa7bb644e 100644 (file)
--- a/config/vpn/security-policies/performance
+++ b/config/vpn/security-policies/performance
@@ -1,4 +1,4 @@
-CIPHER="AES128-GCM128 AES128-CBC"
+CIPHER="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC"
 COMPRESSION="off"
 GROUP_TYPE="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
 INTEGRITY="SHA256"
diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
index 311dd9eaba432788b8cc8e6cf0ce9745e8985869..5073447021a46434f1623176de3f3c959a88d9bd 100644 (file)
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -1,5 +1,5 @@
 KEY_EXCHANGE="ikev2"
-CIPHER="AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
+CIPHER="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC"
 INTEGRITY="SHA512 SHA384 SHA256"
 GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
 LIFETIME="28800"
diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index d3717a9e09c05073a9edf5284b9e024da2200559..db6e859a25b069b03cb58b1c3228f53a93bf18ca 100644 (file)
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -92,6 +92,9 @@ declare -A VPN_SUPPORTED_CIPHERS=(
        [CAMELLIA192-CCM64]="192 bit CAMELLIA-CCM with 64 bit ICV"
        [CAMELLIA128-CCM64]="128 bit CAMELLIA-CCM with 64 bit ICV"
 
+       # DJB
+       [CHACHA20-POLY1305]="256 bit ChaCha20/Poly1305 with 128 bit ICV"
+
        # No Encryption
        [NULL]="No Encryption"
 )
@@ -164,6 +167,9 @@ declare -A CIPHER_TO_STRONGSWAN=(
        [CAMELLIA192-CCM64]="camellia192ccm64"
        [CAMELLIA128-CCM64]="camellia128ccm64"
 
+       # DJB
+       [CHACHA20-POLY1305]="chacha20poly1305"
+
        # No Encryption
        [NULL]="null"
 )
Jonatan's tree of the IPFire 3 network stuff