Skip to content

Commit dc026cd

Browse files
bpetermannS11bpetermannS11
committed
vpnaas: add support for more ciphers (auth, encryption, pfs modes)
Extend the lists of choices for encryption algorithms, auth algorithms, and PFS groups to include the additions made in neutron-vpnaas. Encryption algorithms: add AES CCM mode and AES GCM mode variants for 128/192/256 bit keys and 8/12/16 octet ICVs, add AES CTR modes for 128/192/256 bit keys Auth algorithms: add aes-xcbc and aes-cmac. PFS: add Diffie Hellman groups 15 to 31. Related-Bug: #1938284 Change-Id: I3fd17b93820da9d86b2fc4bc89058475d7629d5d
1 parent 1d7a13a commit dc026cd

File tree

2 files changed

+126
-6
lines changed

2 files changed

+126
-6
lines changed

neutronclient/osc/v2/vpnaas/ikepolicy.py

Lines changed: 63 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,66 @@
5656
'project_id': 'Project',
5757
}
5858

59+
_auth_algorithms = [
60+
'sha1',
61+
'sha256',
62+
'sha384',
63+
'sha512',
64+
'aes-xcbc',
65+
'aes-cmac',
66+
]
67+
68+
_encryption_algorithms = [
69+
'3des',
70+
'aes-128',
71+
'aes-192',
72+
'aes-256',
73+
'aes-128-ccm-8',
74+
'aes-192-ccm-8',
75+
'aes-256-ccm-8',
76+
'aes-128-ccm-12',
77+
'aes-192-ccm-12',
78+
'aes-256-ccm-12',
79+
'aes-128-ccm-16',
80+
'aes-192-ccm-16',
81+
'aes-256-ccm-16',
82+
'aes-128-gcm-8',
83+
'aes-192-gcm-8',
84+
'aes-256-gcm-8',
85+
'aes-128-gcm-12',
86+
'aes-192-gcm-12',
87+
'aes-256-gcm-12',
88+
'aes-128-gcm-16',
89+
'aes-192-gcm-16',
90+
'aes-256-gcm-16',
91+
'aes-128-ctr',
92+
'aes-192-ctr',
93+
'aes-256-ctr',
94+
]
95+
96+
_pfs_groups = [
97+
'group2',
98+
'group5',
99+
'group14',
100+
'group15',
101+
'group16',
102+
'group17',
103+
'group18',
104+
'group19',
105+
'group20',
106+
'group21',
107+
'group22',
108+
'group23',
109+
'group24',
110+
'group25',
111+
'group26',
112+
'group27',
113+
'group28',
114+
'group29',
115+
'group30',
116+
'group31',
117+
]
118+
59119

60120
def _convert_to_lowercase(string):
61121
return string.lower()
@@ -68,12 +128,12 @@ def _get_common_parser(parser):
68128
help=_('Description of the IKE policy'))
69129
parser.add_argument(
70130
'--auth-algorithm',
71-
choices=['sha1', 'sha256', 'sha384', 'sha512'],
131+
choices=_auth_algorithms,
72132
type=_convert_to_lowercase,
73133
help=_('Authentication algorithm'))
74134
parser.add_argument(
75135
'--encryption-algorithm',
76-
choices=['aes-128', '3des', 'aes-192', 'aes-256'],
136+
choices=_encryption_algorithms,
77137
type=_convert_to_lowercase,
78138
help=_('Encryption algorithm'))
79139
parser.add_argument(
@@ -88,7 +148,7 @@ def _get_common_parser(parser):
88148
help=_('IKE version for the policy'))
89149
parser.add_argument(
90150
'--pfs',
91-
choices=['group5', 'group2', 'group14'],
151+
choices=_pfs_groups,
92152
type=_convert_to_lowercase,
93153
help=_('Perfect Forward Secrecy'))
94154
parser.add_argument(

neutronclient/osc/v2/vpnaas/ipsecpolicy.py

Lines changed: 63 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,66 @@
5454
'project_id': 'Project',
5555
}
5656

57+
_auth_algorithms = [
58+
'sha1',
59+
'sha256',
60+
'sha384',
61+
'sha512',
62+
'aes-xcbc',
63+
'aes-cmac',
64+
]
65+
66+
_encryption_algorithms = [
67+
'3des',
68+
'aes-128',
69+
'aes-192',
70+
'aes-256',
71+
'aes-128-ccm-8',
72+
'aes-192-ccm-8',
73+
'aes-256-ccm-8',
74+
'aes-128-ccm-12',
75+
'aes-192-ccm-12',
76+
'aes-256-ccm-12',
77+
'aes-128-ccm-16',
78+
'aes-192-ccm-16',
79+
'aes-256-ccm-16',
80+
'aes-128-gcm-8',
81+
'aes-192-gcm-8',
82+
'aes-256-gcm-8',
83+
'aes-128-gcm-12',
84+
'aes-192-gcm-12',
85+
'aes-256-gcm-12',
86+
'aes-128-gcm-16',
87+
'aes-192-gcm-16',
88+
'aes-256-gcm-16',
89+
'aes-128-ctr',
90+
'aes-192-ctr',
91+
'aes-256-ctr',
92+
]
93+
94+
_pfs_groups = [
95+
'group2',
96+
'group5',
97+
'group14',
98+
'group15',
99+
'group16',
100+
'group17',
101+
'group18',
102+
'group19',
103+
'group20',
104+
'group21',
105+
'group22',
106+
'group23',
107+
'group24',
108+
'group25',
109+
'group26',
110+
'group27',
111+
'group28',
112+
'group29',
113+
'group30',
114+
'group31',
115+
]
116+
57117

58118
def _convert_to_lowercase(string):
59119
return string.lower()
@@ -66,7 +126,7 @@ def _get_common_parser(parser):
66126
help=_('Description of the IPsec policy'))
67127
parser.add_argument(
68128
'--auth-algorithm',
69-
choices=['sha1', 'sha256', 'sha384', 'sha512'],
129+
choices=_auth_algorithms,
70130
type=_convert_to_lowercase,
71131
help=_('Authentication algorithm for IPsec policy'))
72132
parser.add_argument(
@@ -76,7 +136,7 @@ def _get_common_parser(parser):
76136
help=_('Encapsulation mode for IPsec policy'))
77137
parser.add_argument(
78138
'--encryption-algorithm',
79-
choices=['3des', 'aes-128', 'aes-192', 'aes-256'],
139+
choices=_encryption_algorithms,
80140
type=_convert_to_lowercase,
81141
help=_('Encryption algorithm for IPsec policy'))
82142
parser.add_argument(
@@ -86,7 +146,7 @@ def _get_common_parser(parser):
86146
help=vpn_utils.lifetime_help("IPsec"))
87147
parser.add_argument(
88148
'--pfs',
89-
choices=['group2', 'group5', 'group14'],
149+
choices=_pfs_groups,
90150
type=_convert_to_lowercase,
91151
help=_('Perfect Forward Secrecy for IPsec policy'))
92152
parser.add_argument(

0 commit comments

Comments
 (0)