IPsec: Add support for Curve448
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 2 Oct 2019 10:36:13 +0000 (10:36 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/vpn/security-policies/performance
config/vpn/security-policies/system
src/functions/functions.vpn-security-policies

index b226d8d..209f43d 100644 (file)
@@ -1,6 +1,6 @@
 CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
 COMPRESSION="off"
-GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192"
 INTEGRITIES="SHA256"
 PSEUDO_RANDOM_FUNCTIONS="SHA256"
 KEY_EXCHANGE="ikev2"
index db30e69..6ceb0c4 100644 (file)
@@ -1,7 +1,7 @@
 KEY_EXCHANGE="ikev2"
 CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
 INTEGRITIES="SHA512 SHA384 SHA256"
-GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
 PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
 LIFETIME="28800"
 PFS="on"
index d1d720b..138e821 100644 (file)
@@ -263,6 +263,9 @@ declare -A VPN_SUPPORTED_GROUP_TYPES=(
 
        # Curve25519
        [CURVE25519]="256 bit Elliptic Curve 25519"
+
+       # Curve448
+       [CURVE448]="224 bit Elliptic Curve 448"
 )
 
 declare -A GROUP_TYPE_TO_STRONGSWAN=(
@@ -289,8 +292,9 @@ declare -A GROUP_TYPE_TO_STRONGSWAN=(
        [ECP384BP]="ecp384bp"
        [ECP512BP]="ecp512bp"
 
-       # Curve25519
+       # More Curves
        [CURVE25519]="curve25519"
+       [CURVE448]="curve448"
 )
 
 cli_vpn_security_policies() {