Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Added data-ciphers #322 #325

Merged
merged 1 commit into from
Nov 21, 2024
Merged

[feature] Added data-ciphers #322 #325

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions netjsonconfig/backends/openvpn/converters.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,23 @@ def __intermediate_vpn(self, config, remove=None):
# do not display status-version if status directive not present
if 'status' not in config and 'status_version' in config:
del config['status_version']
config = self.__output_data_ciphers(config)
config = self.__add_tls_auth_key(config)
return self.sorted_dict(config)

def __output_data_ciphers(self, config):
data_ciphers = config.get('data_ciphers', None)
if not data_ciphers:
return config
output = ''
for cipher in data_ciphers:
cipher_text = cipher['cipher']
if cipher['optional']:
cipher_text = f'?{cipher_text}'
output = f'{output}:{cipher_text}'
config['data_ciphers'] = output[1:]
return config

def __add_tls_auth_key(self, config):
tls_auth = config.get('tls_auth', None)
if not tls_auth:
Expand Down Expand Up @@ -109,4 +123,18 @@ def __netjson_vpn(self, vpn):
else:
remote.append(dict(host=items[0], port=int(items[1])))
vpn['remote'] = remote
vpn = self.__netjson_data_ciphers(vpn)
return vpn

def __netjson_data_ciphers(self, vpn):
data_ciphers_text = vpn.get('data_ciphers')
if not data_ciphers_text:
return vpn
data_ciphers = []
ciphers = data_ciphers_text.split(':')
for cipher in ciphers:
optional = cipher.startswith('?')
cipher_text = cipher if not optional else cipher[1:]
data_ciphers.append({'cipher': cipher_text, 'optional': optional})
vpn['data_ciphers'] = data_ciphers
return vpn
174 changes: 137 additions & 37 deletions netjsonconfig/backends/openvpn/schema.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,91 @@

from ...schema import schema as default_schema

data_ciphers = [
"AES-128-CBC",
"AES-128-CFB",
"AES-128-CFB1",
"AES-128-CFB8",
"AES-128-GCM",
"AES-128-OFB",
"AES-192-CBC",
"AES-192-CFB",
"AES-192-CFB1",
"AES-192-CFB8",
"AES-192-GCM",
"AES-192-OFB",
"AES-256-CBC",
"AES-256-CFB",
"AES-256-CFB1",
"AES-256-CFB8",
"AES-256-GCM",
"AES-256-OFB",
"ARIA-128-CBC",
"ARIA-128-CFB",
"ARIA-128-CFB1",
"ARIA-128-CFB8",
"ARIA-128-OFB",
"ARIA-192-CBC",
"ARIA-192-CFB",
"ARIA-192-CFB1",
"ARIA-192-CFB8",
"ARIA-192-OFB",
"ARIA-256-CBC",
"ARIA-256-CFB",
"ARIA-256-CFB1",
"ARIA-256-CFB8",
"ARIA-256-OFB",
"CAMELLIA-128-CBC",
"CAMELLIA-128-CFB",
"CAMELLIA-128-CFB1",
"CAMELLIA-128-CFB8",
"CAMELLIA-128-OFB",
"CAMELLIA-192-CBC",
"CAMELLIA-192-CFB",
"CAMELLIA-192-CFB1",
"CAMELLIA-192-CFB8",
"CAMELLIA-192-OFB",
"CAMELLIA-256-CBC",
"CAMELLIA-256-CFB",
"CAMELLIA-256-CFB1",
"CAMELLIA-256-CFB8",
"CAMELLIA-256-OFB",
"CHACHA20-POLY1305",
"SEED-CBC",
"SEED-CFB",
"SEED-OFB",
"SM4-CBC",
"SM4-CFB",
"SM4-OFB",
"BF-CBC",
"BF-CFB",
"BF-OFB",
"CAST5-CBC",
"CAST5-CFB",
"CAST5-OFB",
"DES-CBC",
"DES-CFB",
"DES-CFB1",
"DES-CFB8",
"DES-EDE-CBC",
"DES-EDE-CFB",
"DES-EDE-OFB",
"DES-EDE3-CBC",
"DES-EDE3-CFB",
"DES-EDE3-CFB1",
"DES-EDE3-CFB8",
"DES-EDE3-OFB",
"DES-OFB",
"DESX-CBC",
"RC2-40-CBC",
"RC2-64-CBC",
"RC2-CBC",
"RC2-CFB",
"RC2-OFB",
"none",
]
default_cipher = "AES-256-GCM"

base_openvpn_schema = {
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
Expand Down Expand Up @@ -102,46 +187,61 @@
"default": "SHA1",
"propertyOrder": 11,
},
"data_ciphers": {
"title": "data ciphers",
"description": (
"Restrict the allowed ciphers to be negotiated "
"to the ciphers in this list."
),
"type": "array",
"additionalItems": True,
"propertyOrder": 12.0,
"minItems": 1,
"default": [
{"cipher": "AES-256-GCM", "optional": False},
{"cipher": "AES-128-GCM", "optional": False},
],
"items": {
"type": "object",
"required": ["cipher", "optional"],
"properties": {
"cipher": {
"type": "string",
"enum": [""] + data_ciphers,
"default": "",
"propertyOrder": 1,
},
"optional": {
"type": "boolean",
"default": False,
"format": "checkbox",
"propertyOrder": 2,
},
},
},
},
"data_ciphers_fallback": {
"title": "data ciphers fallback",
"type": "string",
"description": (
"Configure a cipher that is used to fall back to if we "
"could not determine which cipher the peer is willing to use."
),
"enum": data_ciphers,
"default": default_cipher,
"propertyOrder": 12.1,
},
"cipher": {
"title": "cipher",
"type": "string",
"description": "Encrypt data channel packets with cipher algorithm",
"enum": [
"AES-128-CBC",
"AES-128-CFB",
"AES-128-CFB1",
"AES-128-CFB8",
"AES-128-GCM",
"AES-128-OFB",
"AES-192-CBC",
"AES-192-CFB",
"AES-192-CFB1",
"AES-192-CFB8",
"AES-192-GCM",
"AES-192-OFB",
"AES-256-CBC",
"AES-256-CFB",
"AES-256-CFB1",
"AES-256-CFB8",
"AES-256-GCM",
"AES-256-OFB",
"BF-CBC",
"BF-CFB",
"BF-OFB",
"CAMELLIA-128-CBC",
"CAMELLIA-128-CFB1",
"CAMELLIA-128-CFB8",
"CAMELLIA-128-OFB",
"CAMELLIA-192-CBC",
"CAMELLIA-192-CFB",
"CAMELLIA-192-CFB1",
"CAMELLIA-192-CFB8",
"CAMELLIA-192-OFB",
"CAMELLIA-256-CBC",
"none",
],
"default": "BF-CBC",
"propertyOrder": 12,
"description": (
"Encrypt data channel packets with cipher algorithm. "
"This option is deprecated in favour of data-ciphers "
"and data-ciphers-fallback."
),
"enum": data_ciphers,
"default": default_cipher,
"propertyOrder": 12.2,
},
"engine": {
"title": "engine",
Expand Down
Loading