From 27208caa363cad7c2250bdff5b99a9bc16a5ca91 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 2 Oct 2019 10:36:13 +0000
Subject: [PATCH] IPsec: Add support for Curve448

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/vpn/security-policies/performance      | 2 +-
 config/vpn/security-policies/system           | 2 +-
 src/functions/functions.vpn-security-policies | 6 +++++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
index b226d8db..209f43da 100644
--- a/config/vpn/security-policies/performance
+++ b/config/vpn/security-policies/performance
@@ -1,6 +1,6 @@
 CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
 COMPRESSION="off"
-GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192"
 INTEGRITIES="SHA256"
 PSEUDO_RANDOM_FUNCTIONS="SHA256"
 KEY_EXCHANGE="ikev2"
diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
index db30e69c..6ceb0c48 100644
--- a/config/vpn/security-policies/system
+++ b/config/vpn/security-policies/system
@@ -1,7 +1,7 @@
 KEY_EXCHANGE="ikev2"
 CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
 INTEGRITIES="SHA512 SHA384 SHA256"
-GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
+GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
 PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
 LIFETIME="28800"
 PFS="on"
diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index d1d720b6..138e8210 100644
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -263,6 +263,9 @@ declare -A VPN_SUPPORTED_GROUP_TYPES=(
 
 	# Curve25519
 	[CURVE25519]="256 bit Elliptic Curve 25519"
+
+	# Curve448
+	[CURVE448]="224 bit Elliptic Curve 448"
 )
 
 declare -A GROUP_TYPE_TO_STRONGSWAN=(
@@ -289,8 +292,9 @@ declare -A GROUP_TYPE_TO_STRONGSWAN=(
 	[ECP384BP]="ecp384bp"
 	[ECP512BP]="ecp512bp"
 
-	# Curve25519
+	# More Curves
 	[CURVE25519]="curve25519"
+	[CURVE448]="curve448"
 )
 
 cli_vpn_security_policies() {
-- 
2.39.2