From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 19 Jul 2017 19:51:34 +0000 (+0200)
Subject: security-policies: Add all supported group types
X-Git-Tag: 009~136
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=54fc6c3f6d25df31a3ca83197942f8114e154df7;p=network.git

security-policies: Add all supported group types

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index d424bd89..91671622 100644
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -110,7 +110,33 @@ declare -A VPN_SUPPORTED_INTEGRITY=(
 	[AES128-GMAC]="128 bit AES-GMAC"
 )
 
-VPN_SUPPORTED_GROUP_TYPES="MODP8192 MODP4096"
+declare -A VPN_SUPPORTED_GROUP_TYPES=(
+	# Regular Groups
+	[MODP768]="768 bit Modulo Prime Group"
+	[MODP1024]="1024 bit Modulo Prime Group"
+	[MODP1536]="1536 bit Modulo Prime Group"
+	[MODP2048]="2048 bit Modulo Prime Group"
+	[MODP3072]="3072 bit Modulo Prime Group"
+	[MODP4096]="4096 bit Modulo Prime Group"
+	[MODP6144]="6144 bit Modulo Prime Group"
+	[MODP8192]="8192 bit Modulo Prime Group"
+
+	# NIST Elliptic Curve Groups
+	[ECP192]="192 bit NIST Elliptic Curve Group"
+	[ECP224]="224 bit NIST Elliptic Curve Group"
+	[ECP256]="256 bit NIST Elliptic Curve Group"
+	[ECP384]="384 bit NIST Elliptic Curve Group"
+	[ECP521]="521 bit NIST Elliptic Curve Group"
+
+	# Brainpool Elliptic Curve Groups
+	[ECP224BP]="224 bit Brainpool Elliptic Curve Group"
+	[ECP256BP]="256 bit Brainpool Elliptic Curve Group"
+	[ECP384BP]="384 bit Brainpool Elliptic Curve Group"
+	[ECP512BP]="512 bit Brainpool Elliptic Curve Group"
+
+	# Curve25519
+	[CURVE25519]="256 bit Elliptic Curve 25519"
+)
 
 # This functions checks if a policy is readonly
 # returns true when yes and false when no
@@ -414,7 +440,7 @@ vpn_security_policies_group_type(){
 			+*)
 				value=${1#+}
 				# Check if the group type is in the list of supported group types.
-				if ! isoneof value ${VPN_SUPPORTED_GROUP_TYPES}; then
+				if ! isoneof value ${!VPN_SUPPORTED_GROUP_TYPES[@]}; then
 					# We do not break here because the processing of other maybe valid values are indepent from this error.
 					log ERROR "${value} is not a supported group type and can thats why not added to the list of group types."
 				else