Fleshed out IKE parameter choices

2025-08-22 23:46:44 -06:00 · 2023-11-15 08:55:37 -05:00 · 2023-11-15 08:55:37 -05:00 · 255764c4c5
commit 255764c4c5
parent 130288d08a
1 changed files with 73 additions and 17 deletions
--- a/netbox/vpn/choices.py
+++ b/netbox/vpn/choices.py
@ -72,39 +72,95 @@ class IKEVersionChoices(ChoiceSet):


 class EncryptionChoices(ChoiceSet):
-    ENCRYPTION_AES128 = 'aes-128'
-    ENCRYPTION_AES192 = 'aes-192'
-    ENCRYPTION_AES256 = 'aes-256'
-    ENCRYPTION_3DES = '3des'
+    ENCRYPTION_AES128_CBC = 'aes-128-cbc'
+    ENCRYPTION_AES128_GCM = 'aes-128-gcm'
+    ENCRYPTION_AES192_CBC = 'aes-192-cbc'
+    ENCRYPTION_AES192_GCM = 'aes-192-gcm'
+    ENCRYPTION_AES256_CBC = 'aes-256-cbc'
+    ENCRYPTION_AES256_GCM = 'aes-256-gcm'
+    ENCRYPTION_3DES = '3des-cbc'
+    ENCRYPTION_DES = 'des-cbc'

    CHOICES = (
-        (ENCRYPTION_AES128, 'AES (128-bit)'),
-        (ENCRYPTION_AES192, 'AES (192-bit)'),
-        (ENCRYPTION_AES256, 'AES (256-bit)'),
+        (ENCRYPTION_AES128_CBC, '128-bit AES (CBC)'),
+        (ENCRYPTION_AES128_GCM, '128-bit AES (GCM)'),
+        (ENCRYPTION_AES192_CBC, '192-bit AES (CBC)'),
+        (ENCRYPTION_AES192_GCM, '192-bit AES (GCM)'),
+        (ENCRYPTION_AES256_CBC, '256-bit AES (CBC)'),
+        (ENCRYPTION_AES256_GCM, '256-bit AES (GCM)'),
        (ENCRYPTION_3DES, '3DES'),
+        (ENCRYPTION_3DES, 'DES'),
    )


 class AuthenticationChoices(ChoiceSet):
-    AUTH_SHA1 = 'SHA-1'
-    AUTH_MD5 = 'MD5'
+    AUTH_HMAC_SHA1 = 'hmac-sha1'
+    AUTH_HMAC_SHA256 = 'hmac-sha256'
+    AUTH_HMAC_SHA384 = 'hmac-sha384'
+    AUTH_HMAC_SHA512 = 'hmac-sha512'
+    AUTH_HMAC_MD5 = 'hmac-md5'

    CHOICES = (
-        (AUTH_SHA1, 'SHA-1'),
-        (AUTH_MD5, 'MD5'),
+        (AUTH_HMAC_SHA1, 'SHA-1 HMAC'),
+        (AUTH_HMAC_SHA256, 'SHA-256 HMAC'),
+        (AUTH_HMAC_SHA384, 'SHA-384 HMAC'),
+        (AUTH_HMAC_SHA512, 'SHA-512 HMAC'),
+        (AUTH_HMAC_MD5, 'MD5 HMAC'),
    )


 class DHGroupChoices(ChoiceSet):
-    # TODO: Add all the groups & annotate their attributes
-    GROUP_1 = 1
-    GROUP_2 = 2
-    GROUP_5 = 5
-    GROUP_7 = 7
+    # https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8
+    GROUP_1 = 1    # 768-bit MODP
+    GROUP_2 = 2    # 1024-but MODP
+    # Groups 3-4 reserved
+    GROUP_5 = 5    # 1536-bit MODP
+    # Groups 6-13 unassigned
+    GROUP_14 = 14  # 2048-bit MODP
+    GROUP_15 = 15  # 3072-bit MODP
+    GROUP_16 = 16  # 4096-bit MODP
+    GROUP_17 = 17  # 6144-bit MODP
+    GROUP_18 = 18  # 8192-bit MODP
+    GROUP_19 = 19  # 256-bit random ECP
+    GROUP_20 = 20  # 384-bit random ECP
+    GROUP_21 = 21  # 521-bit random ECP (521 is not a typo)
+    GROUP_22 = 22  # 1024-bit MODP w/160-bit prime
+    GROUP_23 = 23  # 2048-bit MODP w/224-bit prime
+    GROUP_24 = 24  # 2048-bit MODP w/256-bit prime
+    GROUP_25 = 25  # 192-bit ECP
+    GROUP_26 = 26  # 224-bit ECP
+    GROUP_27 = 27  # brainpoolP224r1
+    GROUP_28 = 28  # brainpoolP256r1
+    GROUP_29 = 29  # brainpoolP384r1
+    GROUP_30 = 30  # brainpoolP512r1
+    GROUP_31 = 31  # Curve25519
+    GROUP_32 = 32  # Curve448
+    GROUP_33 = 33  # GOST3410_2012_256
+    GROUP_34 = 34  # GOST3410_2012_512

    CHOICES = (
+        # Strings are formatted in this manner to optimize translations
        (GROUP_1, _('Group {n}').format(n=1)),
        (GROUP_2, _('Group {n}').format(n=2)),
        (GROUP_5, _('Group {n}').format(n=5)),
-        (GROUP_7, _('Group {n}').format(n=7)),
+        (GROUP_14, _('Group {n}').format(n=14)),
+        (GROUP_16, _('Group {n}').format(n=16)),
+        (GROUP_17, _('Group {n}').format(n=17)),
+        (GROUP_18, _('Group {n}').format(n=18)),
+        (GROUP_19, _('Group {n}').format(n=19)),
+        (GROUP_20, _('Group {n}').format(n=20)),
+        (GROUP_21, _('Group {n}').format(n=21)),
+        (GROUP_22, _('Group {n}').format(n=22)),
+        (GROUP_23, _('Group {n}').format(n=23)),
+        (GROUP_24, _('Group {n}').format(n=24)),
+        (GROUP_25, _('Group {n}').format(n=25)),
+        (GROUP_26, _('Group {n}').format(n=26)),
+        (GROUP_27, _('Group {n}').format(n=27)),
+        (GROUP_28, _('Group {n}').format(n=28)),
+        (GROUP_29, _('Group {n}').format(n=29)),
+        (GROUP_30, _('Group {n}').format(n=30)),
+        (GROUP_31, _('Group {n}').format(n=31)),
+        (GROUP_32, _('Group {n}').format(n=32)),
+        (GROUP_33, _('Group {n}').format(n=33)),
+        (GROUP_34, _('Group {n}').format(n=34)),
    )