From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 19 Jul 2017 19:22:01 +0000 (+0200)
Subject: security-policies: Import all ciphers that we support for now
X-Git-Tag: 009~141
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b68fed1fa43f105e3b6a42737ba76b736912c158;p=network.git

security-policies: Import all ciphers that we support for now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
index e7c2494b..d3453648 100644
--- a/src/functions/functions.vpn-security-policies
+++ b/src/functions/functions.vpn-security-policies
@@ -25,9 +25,72 @@ VPN_SECURITY_POLICIES_READONLY="system"
 VPN_DEFAULT_SECURITY_POLICY="system"
 
 declare -A VPN_SUPPORTED_CIPHERS=(
+	# 3DES-CBC
+	[3DES-CBC]="168 bit 3DES-EDE-CBC"
+
+	# AES-CBC
 	[AES256-CBC]="256 bit AES-CBC"
 	[AES192-CBC]="192 bit AES-CBC"
 	[AES128-CBC]="128 bit AES-CBC"
+
+	# AES-CTR
+	[AES256-CTR]="256 bit AES-COUNTER"
+	[AES192-CTR]="192 bit AES-COUNTER"
+	[AES128-CTR]="128 bit AES-COUNTER"
+
+	# AES-GCM
+	[AES256-GCM128]="256 bit AES-GCM with 128 bit ICV"
+	[AES192-GCM128]="192 bit AES-GCM with 128 bit ICV"
+	[AES128-GCM128]="128 bit AES-GCM with 128 bit ICV"
+	[AES256-GCM96]="256 bit AES-GCM with 96 bit ICV"
+	[AES192-GCM96]="192 bit AES-GCM with 96 bit ICV"
+	[AES128-GCM96]="128 bit AES-GCM with 96 bit ICV"
+	[AES256-GCM64]="256 bit AES-GCM with 64 bit ICV"
+	[AES192-GCM64]="192 bit AES-GCM with 64 bit ICV"
+	[AES128-GCM64]="128 bit AES-GCM with 64 bit ICV"
+
+	# AES-CCM
+	[AES256-CCM128]="256 bit AES-CCM with 128 bit ICV"
+	[AES192-CCM128]="192 bit AES-CCM with 128 bit ICV"
+	[AES128-CCM128]="128 bit AES-CCM with 128 bit ICV"
+	[AES256-CCM96]="256 bit AES-CCM with 96 bit ICV"
+	[AES192-CCM96]="192 bit AES-CCM with 96 bit ICV"
+	[AES128-CCM96]="128 bit AES-CCM with 96 bit ICV"
+	[AES256-CCM64]="256 bit AES-CCM with 64 bit ICV"
+	[AES192-CCM64]="192 bit AES-CCM with 64 bit ICV"
+	[AES128-CCM64]="128 bit AES-CCM with 64 bit ICV"
+
+	# CAMELLIA-CBC
+	[CAMELLIA256-CBC]="256 bit CAMELLIA-CBC"
+	[CAMELLIA192-CBC]="192 bit CAMELLIA-CBC"
+	[CAMELLIA128-CBC]="128 bit CAMELLIA-CBC"
+
+	# CAMELLIA-CTR
+	[CAMELLIA256-CTR]="256 bit CAMELLIA-COUNTER"
+	[CAMELLIA192-CTR]="192 bit CAMELLIA-COUNTER"
+	[CAMELLIA128-CTR]="128 bit CAMELLIA-COUNTER"
+
+	# CAMELLIA-GCM
+	[CAMELLIA256-GCM128]="256 bit CAMELLIA-GCM with 128 bit ICV"
+	[CAMELLIA192-GCM128]="192 bit CAMELLIA-GCM with 128 bit ICV"
+	[CAMELLIA128-GCM128]="128 bit CAMELLIA-GCM with 128 bit ICV"
+	[CAMELLIA256-GCM96]="256 bit CAMELLIA-GCM with 96 bit ICV"
+	[CAMELLIA192-GCM96]="192 bit CAMELLIA-GCM with 96 bit ICV"
+	[CAMELLIA128-GCM96]="128 bit CAMELLIA-GCM with 96 bit ICV"
+	[CAMELLIA256-GCM64]="256 bit CAMELLIA-GCM with 64 bit ICV"
+	[CAMELLIA192-GCM64]="192 bit CAMELLIA-GCM with 64 bit ICV"
+	[CAMELLIA128-GCM64]="128 bit CAMELLIA-GCM with 64 bit ICV"
+
+	# CAMELLIA-CCM
+	[CAMELLIA256-CCM128]="256 bit CAMELLIA-CCM with 128 bit ICV"
+	[CAMELLIA192-CCM128]="192 bit CAMELLIA-CCM with 128 bit ICV"
+	[CAMELLIA128-CCM128]="128 bit CAMELLIA-CCM with 128 bit ICV"
+	[CAMELLIA256-CCM96]="256 bit CAMELLIA-CCM with 96 bit ICV"
+	[CAMELLIA192-CCM96]="192 bit CAMELLIA-CCM with 96 bit ICV"
+	[CAMELLIA128-CCM96]="128 bit CAMELLIA-CCM with 96 bit ICV"
+	[CAMELLIA256-CCM64]="256 bit CAMELLIA-CCM with 64 bit ICV"
+	[CAMELLIA192-CCM64]="192 bit CAMELLIA-CCM with 64 bit ICV"
+	[CAMELLIA128-CCM64]="128 bit CAMELLIA-CCM with 64 bit ICV"
 )
 
 VPN_SUPPORTED_INTEGRITY="SHA512 SHA256 SHA128"