From 51fa7039776ded40db1b67d00932bb81db8a865a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 15 Sep 2018 13:49:59 +0100 Subject: [PATCH] IPsec: Add support for ChaCha20-Poly1305 Signed-off-by: Michael Tremer --- config/vpn/security-policies/performance | 2 +- config/vpn/security-policies/system | 2 +- src/functions/functions.vpn-security-policies | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance index a40b454c..0d4f0ee6 100644 --- a/config/vpn/security-policies/performance +++ b/config/vpn/security-policies/performance @@ -1,4 +1,4 @@ -CIPHER="AES128-GCM128 AES128-CBC" +CIPHER="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC" COMPRESSION="off" GROUP_TYPE="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" INTEGRITY="SHA256" diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system index 311dd9ea..50734470 100644 --- a/config/vpn/security-policies/system +++ b/config/vpn/security-policies/system @@ -1,5 +1,5 @@ KEY_EXCHANGE="ikev2" -CIPHER="AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC" +CIPHER="CHACHA20-POLY1305 AES256-GCM128 AES192-GCM128 AES128-GCM128 AES256-CBC AES192-CBC AES128-CBC" INTEGRITY="SHA512 SHA384 SHA256" GROUP_TYPE="MODP8192 MODP6144 MODP4096 MODP2048 ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519" LIFETIME="28800" diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies index d3717a9e..db6e859a 100644 --- a/src/functions/functions.vpn-security-policies +++ b/src/functions/functions.vpn-security-policies @@ -92,6 +92,9 @@ declare -A VPN_SUPPORTED_CIPHERS=( [CAMELLIA192-CCM64]="192 bit CAMELLIA-CCM with 64 bit ICV" [CAMELLIA128-CCM64]="128 bit CAMELLIA-CCM with 64 bit ICV" + # DJB + [CHACHA20-POLY1305]="256 bit ChaCha20/Poly1305 with 128 bit ICV" + # No Encryption [NULL]="No Encryption" ) @@ -164,6 +167,9 @@ declare -A CIPHER_TO_STRONGSWAN=( [CAMELLIA192-CCM64]="camellia192ccm64" [CAMELLIA128-CCM64]="camellia128ccm64" + # DJB + [CHACHA20-POLY1305]="chacha20poly1305" + # No Encryption [NULL]="null" ) -- 2.39.2