Skip to content

Commit

Permalink
[feature] Added data-ciphers #322
Browse files Browse the repository at this point in the history 
Closes #322
  • Loading branch information
@nemesifier
nemesifier committed Nov 21, 2024
1 parent c1d7f6a commit de20a1c
Show file tree
Hide file tree
Showing 5 changed files with 605 additions and 37 deletions.
28 changes: 28 additions & 0 deletions netjsonconfig/backends/openvpn/converters.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,23 @@ def __intermediate_vpn(self, config, remove=None):
# do not display status-version if status directive not present
if 'status' not in config and 'status_version' in config:
del config['status_version']
config = self.__output_data_ciphers(config)
config = self.__add_tls_auth_key(config)
return self.sorted_dict(config)

def __output_data_ciphers(self, config):
data_ciphers = config.get('data_ciphers', None)
if not data_ciphers:
return config
output = ''
for cipher in data_ciphers:
cipher_text = cipher['cipher']
if cipher['optional']:
cipher_text = f'?{cipher_text}'
output = f'{output}:{cipher_text}'
config['data_ciphers'] = output[1:]
return config

def __add_tls_auth_key(self, config):
tls_auth = config.get('tls_auth', None)
if not tls_auth:
Expand Down Expand Up @@ -109,4 +123,18 @@ def __netjson_vpn(self, vpn):
else:
remote.append(dict(host=items[0], port=int(items[1])))
vpn['remote'] = remote
vpn = self.__netjson_data_ciphers(vpn)
return vpn

def __netjson_data_ciphers(self, vpn):
data_ciphers_text = vpn.get('data_ciphers')
if not data_ciphers_text:
return vpn
data_ciphers = []
ciphers = data_ciphers_text.split(':')
for cipher in ciphers:
optional = cipher.startswith('?')
cipher_text = cipher if not optional else cipher[1:]
data_ciphers.append({'cipher': cipher_text, 'optional': optional})
vpn['data_ciphers'] = data_ciphers
return vpn
174 changes: 137 additions & 37 deletions netjsonconfig/backends/openvpn/schema.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,91 @@

from ...schema import schema as default_schema

data_ciphers = [
"AES-128-CBC",
"AES-128-CFB",
"AES-128-CFB1",
"AES-128-CFB8",
"AES-128-GCM",
"AES-128-OFB",
"AES-192-CBC",
"AES-192-CFB",
"AES-192-CFB1",
"AES-192-CFB8",
"AES-192-GCM",
"AES-192-OFB",
"AES-256-CBC",
"AES-256-CFB",
"AES-256-CFB1",
"AES-256-CFB8",
"AES-256-GCM",
"AES-256-OFB",
"ARIA-128-CBC",
"ARIA-128-CFB",
"ARIA-128-CFB1",
"ARIA-128-CFB8",
"ARIA-128-OFB",
"ARIA-192-CBC",
"ARIA-192-CFB",
"ARIA-192-CFB1",
"ARIA-192-CFB8",
"ARIA-192-OFB",
"ARIA-256-CBC",
"ARIA-256-CFB",
"ARIA-256-CFB1",
"ARIA-256-CFB8",
"ARIA-256-OFB",
"CAMELLIA-128-CBC",
"CAMELLIA-128-CFB",
"CAMELLIA-128-CFB1",
"CAMELLIA-128-CFB8",
"CAMELLIA-128-OFB",
"CAMELLIA-192-CBC",
"CAMELLIA-192-CFB",
"CAMELLIA-192-CFB1",
"CAMELLIA-192-CFB8",
"CAMELLIA-192-OFB",
"CAMELLIA-256-CBC",
"CAMELLIA-256-CFB",
"CAMELLIA-256-CFB1",
"CAMELLIA-256-CFB8",
"CAMELLIA-256-OFB",
"CHACHA20-POLY1305",
"SEED-CBC",
"SEED-CFB",
"SEED-OFB",
"SM4-CBC",
"SM4-CFB",
"SM4-OFB",
"BF-CBC",
"BF-CFB",
"BF-OFB",
"CAST5-CBC",
"CAST5-CFB",
"CAST5-OFB",
"DES-CBC",
"DES-CFB",
"DES-CFB1",
"DES-CFB8",
"DES-EDE-CBC",
"DES-EDE-CFB",
"DES-EDE-OFB",
"DES-EDE3-CBC",
"DES-EDE3-CFB",
"DES-EDE3-CFB1",
"DES-EDE3-CFB8",
"DES-EDE3-OFB",
"DES-OFB",
"DESX-CBC",
"RC2-40-CBC",
"RC2-64-CBC",
"RC2-CBC",
"RC2-CFB",
"RC2-OFB",
"none",
]
default_cipher = "AES-256-GCM"

base_openvpn_schema = {
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
Expand Down Expand Up @@ -102,46 +187,61 @@
"default": "SHA1",
"propertyOrder": 11,
},
"data_ciphers": {
"title": "data ciphers",
"description": (
"Restrict the allowed ciphers to be negotiated "
"to the ciphers in this list."
),
"type": "array",
"additionalItems": True,
"propertyOrder": 12.0,
"minItems": 1,
"default": [
{"cipher": "AES-256-GCM", "optional": False},
{"cipher": "AES-128-GCM", "optional": False},
],
"items": {
"type": "object",
"required": ["cipher", "optional"],
"properties": {
"cipher": {
"type": "string",
"enum": [""] + data_ciphers,
"default": "",
"propertyOrder": 1,
},
"optional": {
"type": "boolean",
"default": False,
"format": "checkbox",
"propertyOrder": 2,
},
},
},
},
"data_ciphers_fallback": {
"title": "data ciphers fallback",
"type": "string",
"description": (
"Configure a cipher that is used to fall back to if we "
"could not determine which cipher the peer is willing to use."
),
"enum": data_ciphers,
"default": default_cipher,
"propertyOrder": 12.1,
},
"cipher": {
"title": "cipher",
"type": "string",
"description": "Encrypt data channel packets with cipher algorithm",
"enum": [
"AES-128-CBC",
"AES-128-CFB",
"AES-128-CFB1",
"AES-128-CFB8",
"AES-128-GCM",
"AES-128-OFB",
"AES-192-CBC",
"AES-192-CFB",
"AES-192-CFB1",
"AES-192-CFB8",
"AES-192-GCM",
"AES-192-OFB",
"AES-256-CBC",
"AES-256-CFB",
"AES-256-CFB1",
"AES-256-CFB8",
"AES-256-GCM",
"AES-256-OFB",
"BF-CBC",
"BF-CFB",
"BF-OFB",
"CAMELLIA-128-CBC",
"CAMELLIA-128-CFB1",
"CAMELLIA-128-CFB8",
"CAMELLIA-128-OFB",
"CAMELLIA-192-CBC",
"CAMELLIA-192-CFB",
"CAMELLIA-192-CFB1",
"CAMELLIA-192-CFB8",
"CAMELLIA-192-OFB",
"CAMELLIA-256-CBC",
"none",
],
"default": "BF-CBC",
"propertyOrder": 12,
"description": (
"Encrypt data channel packets with cipher algorithm. "
"This option is deprecated in favour of data-ciphers "
"and data-ciphers-fallback."
),
"enum": data_ciphers,
"default": default_cipher,
"propertyOrder": 12.2,
},
"engine": {
"title": "engine",
Expand Down
Loading

0 comments on commit de20a1c

Please sign in to comment.