ipsec: add brainpool ec groups

PR: https://forum.opnsense.org/index.php?topic=9308.0
opnsense · Aug 2, 2018 · 062a016 · 062a016
1 parent 50a49ee
commit 062a016
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 65 deletions.
diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc
@@ -653,6 +653,15 @@ function ipsec_convert_to_modp($index)
         case '24':
             $convertion = "modp2048s256";
             break;
+        case '28':
+            $convertion = "ecp256bp";
+            break;
+        case '29':
+            $convertion = "ecp384bp";
+            break;
+        case '30':
+            $convertion = "ecp512bp";
+            break;
     }
 
     return $convertion;

diff --git a/src/www/vpn_ipsec.php b/src/www/vpn_ipsec.php
@@ -186,25 +186,29 @@ function ipsec_idinfo_to_text(& $idinfo) {
 $service_hook = 'ipsec';
 
 include("head.inc");
+
 $dhgroups = array(
-  0  => gettext('off'),
-  1  => '1 (768&nbsp;bits)',
-  2  => '2 (1024&nbsp;bits)',
-  5  => '5 (1536&nbsp;bits)',
-  14 => '14 (2048&nbsp;bits)',
-  15 => '15 (3072&nbsp;bits)',
-  16 => '16 (4096&nbsp;bits)',
-  17 => '17 (6144&nbsp;bits)',
-  18 => '18 (8192&nbsp;bits)',
-  19 => '19 (256&nbsp;bit&nbsp;elliptic&nbsp;curve)',
-  20 => '20 (384&nbsp;bit&nbsp;elliptic&nbsp;curve)',
-  21 => '21 (521&nbsp;bit&nbsp;elliptic&nbsp;curve)',
-  22 => '22 (1024(sub 160)&nbsp;bits)',
-  23 => '23 (2048(sub 224)&nbsp;bits)',
-  24 => '24 (2048(sub 256)&nbsp;bits)'
+    0 => gettext('off'),
+    1 => '1 (768 bits)',
+    2 => '2 (1024 bits)',
+    5 => '5 (1536 bits)',
+    14 => '14 (2048 bits)',
+    15 => '15 (3072 bits)',
+    16 => '16 (4096 bits)',
+    17 => '17 (6144 bits)',
+    18 => '18 (8192 bits)',
+    19 => '19 (NIST EC 256 bits)',
+    20 => '20 (NIST EC 384 bits)',
+    21 => '21 (NIST EC 521 bits)',
+    22 => '22 (1024(sub 160) bits)',
+    23 => '23 (2048(sub 224) bits)',
+    24 => '24 (2048(sub 256) bits)',
+    28 => '28 (Brainpool EC 256 bits)',
+    29 => '29 (Brainpool EC 384 bits)',
+    30 => '30 (Brainpool EC 512 bits)',
 );
-?>
 
+?>
 <body>
 <script>
 $( document ).ready(function() {

diff --git a/src/www/vpn_ipsec_mobile.php b/src/www/vpn_ipsec_mobile.php
@@ -506,23 +506,26 @@ function print_legacy_box($msg, $name, $value)
                         <select name="pfs_group" class="selectpicker" id="pfs_group">
 <?php
                         $p2_dhgroups = array(
-                          0  => gettext('off'),
-                          1  => '1 (768 bit)',
-                          2  => '2 (1024 bit)',
-                          5  => '5 (1536 bit)',
-                          14 => '14 (2048 bit)',
-                          15 => '15 (3072 bit)',
-                          16 => '16 (4096 bit)',
-                          17 => '17 (6144 bit)',
-                          18 => '18 (8192 bit)',
-                          19 => '19 (256 bit elliptic curve)',
-                          20 => '20 (384 bit elliptic curve)',
-                          21 => '21 (521 bit elliptic curve)',
-                          22 => '22 (1024(sub 160) bit)',
-                          23 => '23 (2048(sub 224) bit)',
-                          24 => '24 (2048(sub 256) bit)'
+                            0 => gettext('off'),
+                            1 => '1 (768 bits)',
+                            2 => '2 (1024 bits)',
+                            5 => '5 (1536 bits)',
+                            14 => '14 (2048 bits)',
+                            15 => '15 (3072 bits)',
+                            16 => '16 (4096 bits)',
+                            17 => '17 (6144 bits)',
+                            18 => '18 (8192 bits)',
+                            19 => '19 (NIST EC 256 bits)',
+                            20 => '20 (NIST EC 384 bits)',
+                            21 => '21 (NIST EC 521 bits)',
+                            22 => '22 (1024(sub 160) bits)',
+                            23 => '23 (2048(sub 224) bits)',
+                            24 => '24 (2048(sub 256) bits)',
+                            28 => '28 (Brainpool EC 256 bits)',
+                            29 => '29 (Brainpool EC 384 bits)',
+                            30 => '30 (Brainpool EC 512 bits)',
                         );
-                        foreach ($p2_dhgroups as $keygroup => $keygroupname) :?>
+                        foreach ($p2_dhgroups as $keygroup => $keygroupname): ?>
                           <option value="<?=$keygroup;
 ?>" <?= $pconfig['pfs_group'] == $keygroup ? "selected=\"selected\"" : "" ; ?>>
                             <?=$keygroupname;?>

diff --git a/src/www/vpn_ipsec_phase1.php b/src/www/vpn_ipsec_phase1.php
@@ -932,23 +932,26 @@ function ipsec_ikeid_next() {
                       <select name="dhgroup">
 <?php
                       $p1_dhgroups = array(
-                        0  => gettext('off'),
-                        1  => '1 (768 bit)',
-                        2  => '2 (1024 bit)',
-                        5  => '5 (1536 bit)',
-                        14 => '14 (2048 bit)',
-                        15 => '15 (3072 bit)',
-                        16 => '16 (4096 bit)',
-                        17 => '17 (6144 bit)',
-                        18 => '18 (8192 bit)',
-                        19 => '19 (256 bit elliptic curve)',
-                        20 => '20 (384 bit elliptic curve)',
-                        21 => '21 (521 bit elliptic curve)',
-                        22 => '22 (1024(sub 160) bit)',
-                        23 => '23 (2048(sub 224) bit)',
-                        24 => '24 (2048(sub 256) bit)'
+                           0 => gettext('off'),
+                           1 => '1 (768 bits)',
+                           2 => '2 (1024 bits)',
+                           5 => '5 (1536 bits)',
+                           14 => '14 (2048 bits)',
+                           15 => '15 (3072 bits)',
+                           16 => '16 (4096 bits)',
+                           17 => '17 (6144 bits)',
+                           18 => '18 (8192 bits)',
+                           19 => '19 (NIST EC 256 bits)',
+                           20 => '20 (NIST EC 384 bits)',
+                           21 => '21 (NIST EC 521 bits)',
+                           22 => '22 (1024(sub 160) bits)',
+                           23 => '23 (2048(sub 224) bits)',
+                           24 => '24 (2048(sub 256) bits)',
+                           28 => '28 (Brainpool EC 256 bits)',
+                           29 => '29 (Brainpool EC 384 bits)',
+                           30 => '30 (Brainpool EC 512 bits)',
                       );
-                      foreach ($p1_dhgroups as $keygroup => $keygroupname) :
+                      foreach ($p1_dhgroups as $keygroup => $keygroupname):
 ?>
                         <option value="<?=$keygroup;?>" <?= $keygroup == $pconfig['dhgroup'] ? "selected=\"selected\"" : "";?>>
                           <?=$keygroupname;?>

diff --git a/src/www/vpn_ipsec_phase2.php b/src/www/vpn_ipsec_phase2.php
@@ -674,24 +674,26 @@ function getIndexByUniqueId($uniqid)
                     <select name="pfsgroup">
 <?php
                     $p2_dhgroups = array(
-                      0  => gettext('off'),
-                      1  => '1 (768 bit)',
-                      2  => '2 (1024 bit)',
-                      5  => '5 (1536 bit)',
-                      14 => '14 (2048 bit)',
-                      15 => '15 (3072 bit)',
-                      16 => '16 (4096 bit)',
-                      17 => '17 (6144 bit)',
-                      18 => '18 (8192 bit)',
-                      19 => '19 (256 bit elliptic curve)',
-                      20 => '20 (384 bit elliptic curve)',
-                      21 => '21 (521 bit elliptic curve)',
-                      22 => '22 (1024(sub 160) bit)',
-                      23 => '23 (2048(sub 224) bit)',
-                      24 => '24 (2048(sub 256) bit)'
+                        0 => gettext('off'),
+                        1 => '1 (768 bits)',
+                        2 => '2 (1024 bits)',
+                        5 => '5 (1536 bits)',
+                        14 => '14 (2048 bits)',
+                        15 => '15 (3072 bits)',
+                        16 => '16 (4096 bits)',
+                        17 => '17 (6144 bits)',
+                        18 => '18 (8192 bits)',
+                        19 => '19 (NIST EC 256 bits)',
+                        20 => '20 (NIST EC 384 bits)',
+                        21 => '21 (NIST EC 521 bits)',
+                        22 => '22 (1024(sub 160) bits)',
+                        23 => '23 (2048(sub 224) bits)',
+                        24 => '24 (2048(sub 256) bits)',
+                        28 => '28 (Brainpool EC 256 bits)',
+                        29 => '29 (Brainpool EC 384 bits)',
+                        30 => '30 (Brainpool EC 512 bits)',
                     );
-
-                    foreach ($p2_dhgroups as $keygroup => $keygroupname) :?>
+                    foreach ($p2_dhgroups as $keygroup => $keygroupname): ?>
                       <option value="<?=$keygroup;?>" <?= $keygroup == $pconfig['pfsgroup'] ? "selected=\"selected\"" : "";?>>
                         <?=$keygroupname;?>
                       </option>