+declare -A VPN_SUPPORTED_CIPHERS=(
+ # 3DES-CBC
+ [3DES-CBC]="168 bit 3DES-EDE-CBC"
+
+ # AES-CBC
+ [AES256-CBC]="256 bit AES-CBC"
+ [AES192-CBC]="192 bit AES-CBC"
+ [AES128-CBC]="128 bit AES-CBC"
+
+ # AES-CTR
+ [AES256-CTR]="256 bit AES-COUNTER"
+ [AES192-CTR]="192 bit AES-COUNTER"
+ [AES128-CTR]="128 bit AES-COUNTER"
+
+ # AES-GCM
+ [AES256-GCM128]="256 bit AES-GCM with 128 bit ICV"
+ [AES192-GCM128]="192 bit AES-GCM with 128 bit ICV"
+ [AES128-GCM128]="128 bit AES-GCM with 128 bit ICV"
+ [AES256-GCM96]="256 bit AES-GCM with 96 bit ICV"
+ [AES192-GCM96]="192 bit AES-GCM with 96 bit ICV"
+ [AES128-GCM96]="128 bit AES-GCM with 96 bit ICV"
+ [AES256-GCM64]="256 bit AES-GCM with 64 bit ICV"
+ [AES192-GCM64]="192 bit AES-GCM with 64 bit ICV"
+ [AES128-GCM64]="128 bit AES-GCM with 64 bit ICV"
+
+ # AES-CCM
+ [AES256-CCM128]="256 bit AES-CCM with 128 bit ICV"
+ [AES192-CCM128]="192 bit AES-CCM with 128 bit ICV"
+ [AES128-CCM128]="128 bit AES-CCM with 128 bit ICV"
+ [AES256-CCM96]="256 bit AES-CCM with 96 bit ICV"
+ [AES192-CCM96]="192 bit AES-CCM with 96 bit ICV"
+ [AES128-CCM96]="128 bit AES-CCM with 96 bit ICV"
+ [AES256-CCM64]="256 bit AES-CCM with 64 bit ICV"
+ [AES192-CCM64]="192 bit AES-CCM with 64 bit ICV"
+ [AES128-CCM64]="128 bit AES-CCM with 64 bit ICV"
+
+ # CAMELLIA-CBC
+ [CAMELLIA256-CBC]="256 bit CAMELLIA-CBC"
+ [CAMELLIA192-CBC]="192 bit CAMELLIA-CBC"
+ [CAMELLIA128-CBC]="128 bit CAMELLIA-CBC"
+
+ # CAMELLIA-CTR
+ [CAMELLIA256-CTR]="256 bit CAMELLIA-COUNTER"
+ [CAMELLIA192-CTR]="192 bit CAMELLIA-COUNTER"
+ [CAMELLIA128-CTR]="128 bit CAMELLIA-COUNTER"
+
+ # CAMELLIA-GCM
+ [CAMELLIA256-GCM128]="256 bit CAMELLIA-GCM with 128 bit ICV"
+ [CAMELLIA192-GCM128]="192 bit CAMELLIA-GCM with 128 bit ICV"
+ [CAMELLIA128-GCM128]="128 bit CAMELLIA-GCM with 128 bit ICV"
+ [CAMELLIA256-GCM96]="256 bit CAMELLIA-GCM with 96 bit ICV"
+ [CAMELLIA192-GCM96]="192 bit CAMELLIA-GCM with 96 bit ICV"
+ [CAMELLIA128-GCM96]="128 bit CAMELLIA-GCM with 96 bit ICV"
+ [CAMELLIA256-GCM64]="256 bit CAMELLIA-GCM with 64 bit ICV"
+ [CAMELLIA192-GCM64]="192 bit CAMELLIA-GCM with 64 bit ICV"
+ [CAMELLIA128-GCM64]="128 bit CAMELLIA-GCM with 64 bit ICV"
+
+ # CAMELLIA-CCM
+ [CAMELLIA256-CCM128]="256 bit CAMELLIA-CCM with 128 bit ICV"
+ [CAMELLIA192-CCM128]="192 bit CAMELLIA-CCM with 128 bit ICV"
+ [CAMELLIA128-CCM128]="128 bit CAMELLIA-CCM with 128 bit ICV"
+ [CAMELLIA256-CCM96]="256 bit CAMELLIA-CCM with 96 bit ICV"
+ [CAMELLIA192-CCM96]="192 bit CAMELLIA-CCM with 96 bit ICV"
+ [CAMELLIA128-CCM96]="128 bit CAMELLIA-CCM with 96 bit ICV"
+ [CAMELLIA256-CCM64]="256 bit CAMELLIA-CCM with 64 bit ICV"
+ [CAMELLIA192-CCM64]="192 bit CAMELLIA-CCM with 64 bit ICV"
+ [CAMELLIA128-CCM64]="128 bit CAMELLIA-CCM with 64 bit ICV"
+
+ # DJB
+ [CHACHA20-POLY1305]="256 bit ChaCha20/Poly1305 with 128 bit ICV"
+
+ # No Encryption
+ [NULL]="No Encryption"
+)
+
+declare -A CIPHER_TO_STRONGSWAN=(
+ # 3DES-CBC
+ [3DES-CBC]="3des"
+
+ # AES-CBC
+ [AES256-CBC]="aes256"
+ [AES192-CBC]="aes192"
+ [AES128-CBC]="aes128"
+
+ # AES-CTR
+ [AES256-CTR]="aes256ctr"
+ [AES192-CTR]="aes192ctr"
+ [AES128-CTR]="aes128ctr"
+
+ # AES-GCM
+ [AES256-GCM128]="aes256gcm128"
+ [AES192-GCM128]="aes192gcm128"
+ [AES128-GCM128]="aes128gcm128"
+ [AES256-GCM96]="aes256gcm96"
+ [AES192-GCM96]="aes192gcm96"
+ [AES128-GCM96]="aes128gcm96"
+ [AES256-GCM64]="aes256gcm64"
+ [AES192-GCM64]="aes192gcm64"
+ [AES128-GCM64]="aes128gcm64"
+
+ # AES-CCM
+ [AES256-CCM128]="aes256ccm128"
+ [AES192-CCM128]="aes192ccm128"
+ [AES128-CCM128]="aes128ccm128"
+ [AES256-CCM96]="aes256ccm96"
+ [AES192-CCM96]="aes192ccm96"
+ [AES128-CCM96]="aes128ccm96"
+ [AES256-CCM64]="aes256ccm64"
+ [AES192-CCM64]="aes192ccm64"
+ [AES128-CCM64]="aes128ccm64"
+
+ # CAMELLIA-CBC
+ [CAMELLIA256-CBC]="camellia256"
+ [CAMELLIA192-CBC]="camellia192"
+ [CAMELLIA128-CBC]="camellia128"
+
+ # CAMELLIA-CTR
+ [CAMELLIA256-CTR]="camellia256ctr"
+ [CAMELLIA192-CTR]="camellia192ctr"
+ [CAMELLIA128-CTR]="camellia128ctr"
+
+ # CAMELLIA-GCM
+ [CAMELLIA256-GCM128]="camellia256gcm128"
+ [CAMELLIA192-GCM128]="camellia192gcm128"
+ [CAMELLIA128-GCM128]="camellia128gcm128"
+ [CAMELLIA256-GCM96]="camellia256gcm96"
+ [CAMELLIA192-GCM96]="camellia192gcm96"
+ [CAMELLIA128-GCM96]="camellia128gcm96"
+ [CAMELLIA256-GCM64]="camellia256gcm64"
+ [CAMELLIA192-GCM64]="camellia192gcm64"
+ [CAMELLIA128-GCM64]="camellia128gcm64"
+
+ # CAMELLIA-CCM
+ [CAMELLIA256-CCM128]="camellia256ccm128"
+ [CAMELLIA192-CCM128]="camellia192ccm128"
+ [CAMELLIA128-CCM128]="camellia128ccm128"
+ [CAMELLIA256-CCM96]="camellia256ccm96"
+ [CAMELLIA192-CCM96]="camellia192ccm96"
+ [CAMELLIA128-CCM96]="camellia128ccm96"
+ [CAMELLIA256-CCM64]="camellia256ccm64"
+ [CAMELLIA192-CCM64]="camellia192ccm64"
+ [CAMELLIA128-CCM64]="camellia128ccm64"
+
+ # DJB
+ [CHACHA20-POLY1305]="chacha20poly1305"
+
+ # No Encryption
+ [NULL]="null"
+)
+
+declare -A VPN_SUPPORTED_PSEUDO_RANDOM_FUNCTIONS=(
+ [MD5]="MD5"
+
+ # SHA
+ [SHA1]="SHA1"
+ [SHA256]="SHA256"
+ [SHA384]="SHA384"
+ [SHA512]="SHA512"
+
+ # AES
+ [AES-XCBC]="AES-XCBC"
+ [AES-CMAC]="AES-CMAC"
+)
+
+declare -A PSEUDO_RANDOM_FUNCTION_TO_STRONGSWAN=(
+ [MD5]="prfmd5"
+
+ # SHA
+ [SHA1]="prfsha1"
+ [SHA256]="prfsha256"
+ [SHA384]="prfsha384"
+ [SHA512]="prfsha512"
+
+ # AES
+ [AES-XCBC]="prfaesxcbc"
+ [AES-CMAC]="prfaescmac"
+)
+
+declare -A VPN_SUPPORTED_INTEGRITIES=(
+ [MD5]="MD5-HMAC"
+
+ # SHA
+ [SHA1]="SHA1-HMAC"
+ [SHA512]="512 bit SHA2-HMAC"
+ [SHA384]="384 bit SHA2-HMAC"
+ [SHA256]="256 bit SHA2-HMAC"
+
+ # AES
+ [AES-XCBC]="AES-XCBC"
+ [AES-CMAC]="AES-CMAC"
+ [AES256-GMAC]="256 bit AES-GMAC"
+ [AES192-GMAC]="192 bit AES-GMAC"
+ [AES128-GMAC]="128 bit AES-GMAC"
+)
+
+declare -A INTEGRITY_TO_STRONGSWAN=(
+ [MD5]="md5"
+
+ # SHA
+ [SHA1]="sha1"
+ [SHA512]="sha512"
+ [SHA384]="sha384"
+ [SHA256]="sha256"
+
+ # AES
+ [AES-XCBC]="aesxcbc"
+ [AES-CMAC]="aescmac"
+ [AES256-GMAC]="aes256gmac"
+ [AES192-GMAC]="aes192gmac"
+ [AES128-GMAC]="aes128gmac"
+)
+
+declare -A VPN_SUPPORTED_GROUP_TYPES=(
+ # Regular Groups
+ [MODP768]="768 bit Modulo Prime Group"
+ [MODP1024]="1024 bit Modulo Prime Group"
+ [MODP1536]="1536 bit Modulo Prime Group"
+ [MODP2048]="2048 bit Modulo Prime Group"
+ [MODP3072]="3072 bit Modulo Prime Group"
+ [MODP4096]="4096 bit Modulo Prime Group"
+ [MODP6144]="6144 bit Modulo Prime Group"
+ [MODP8192]="8192 bit Modulo Prime Group"
+
+ # NIST Elliptic Curve Groups
+ [ECP192]="192 bit NIST Elliptic Curve Group"
+ [ECP224]="224 bit NIST Elliptic Curve Group"
+ [ECP256]="256 bit NIST Elliptic Curve Group"
+ [ECP384]="384 bit NIST Elliptic Curve Group"
+ [ECP521]="521 bit NIST Elliptic Curve Group"
+
+ # Brainpool Elliptic Curve Groups
+ [ECP224BP]="224 bit Brainpool Elliptic Curve Group"
+ [ECP256BP]="256 bit Brainpool Elliptic Curve Group"
+ [ECP384BP]="384 bit Brainpool Elliptic Curve Group"
+ [ECP512BP]="512 bit Brainpool Elliptic Curve Group"
+
+ # Curve25519
+ [CURVE25519]="256 bit Elliptic Curve 25519"
+
+ # Curve448
+ [CURVE448]="224 bit Elliptic Curve 448"
+)
+
+declare -A GROUP_TYPE_TO_STRONGSWAN=(
+ # Regular Groups
+ [MODP768]="modp768"
+ [MODP1024]="modp1024"
+ [MODP1536]="modp1536"
+ [MODP2048]="modp2048"
+ [MODP3072]="modp3072"
+ [MODP4096]="modp4096"
+ [MODP6144]="modp6144"
+ [MODP8192]="modp8192"
+
+ # NIST Elliptic Curve Groups
+ [ECP192]="ecp192"
+ [ECP224]="ecp224"
+ [ECP256]="ecp256"
+ [ECP384]="ecp384"
+ [ECP521]="ecp521"
+
+ # Brainpool Elliptic Curve Groups
+ [ECP224BP]="ecp224bp"
+ [ECP256BP]="ecp256bp"
+ [ECP384BP]="ecp384bp"
+ [ECP512BP]="ecp512bp"
+
+ # More Curves
+ [CURVE25519]="curve25519"
+ [CURVE448]="curve448"
+)
+
+cli_vpn_security_policies() {
+ local action
+ local security_policy
+
+ if vpn_security_policy_exists ${1}; then
+ security_policy=${1}
+ key=${2}
+ shift 2
+
+ case "${key}" in
+ ciphers|compression|integrities|lifetime|pfs|show)
+ vpn_security_policies_${key} ${security_policy} "$@"
+ ;;
+ pseudo-random-functions)
+ vpn_security_policies_pseudo_random_functions "${security_policy}" "$@"
+ ;;
+ group-types)
+ vpn_security_policies_group_types ${security_policy} "$@"
+ ;;
+ key-exchange)
+ vpn_security_policies_key_exchange ${security_policy} "$@"
+ ;;
+ *)
+ error "Unrecognized argument: ${key}"
+ exit ${EXIT_ERROR}
+ ;;
+ esac
+ else
+ action=${1}
+ shift
+
+ case "${action}" in
+ new)
+ vpn_security_policies_new "$@"
+ ;;
+ destroy)
+ vpn_security_policies_destroy "$@"
+ ;;
+ ""|*)
+ if [ -n "${action}" ]; then
+ error "Unrecognized argument: '${action}'"
+ fi
+ exit ${EXIT_ERROR}
+ ;;
+ esac
+ fi
+}