vpnaas: add support for more ciphers (auth, encryption, pfs modes)

bpetermannS11 · web-flow · commit b76a690afa47 · 2025-03-23T12:50:14.000Z
For VPNaaS IKE policies and IPSEC policies several choices for encryption algorithms, auth algorithms and PFS modes have been added. Encryption algorithms: add AES CCM mode and AES GCM mode variants for 128/192/256 bit keys and 8/12/16 octet ICVs. Add AES CTR modes for 128/192/256 bit keys. Auth algorithms: add aes-xcbc and aes-cmac. PFS: add Diffie Hellman groups 15 to 31. Closes: #3314
diff --git a/openstack/networking/v2/extensions/vpnaas/ikepolicies/requests.go b/openstack/networking/v2/extensions/vpnaas/ikepolicies/requests.go
@@ -15,22 +15,62 @@ type IKEVersion string
 type Phase1NegotiationMode string
 
 const (
-	AuthAlgorithmSHA1         AuthAlgorithm         = "sha1"
-	AuthAlgorithmSHA256       AuthAlgorithm         = "sha256"
-	AuthAlgorithmSHA384       AuthAlgorithm         = "sha384"
-	AuthAlgorithmSHA512       AuthAlgorithm         = "sha512"
-	EncryptionAlgorithm3DES   EncryptionAlgorithm   = "3des"
-	EncryptionAlgorithmAES128 EncryptionAlgorithm   = "aes-128"
-	EncryptionAlgorithmAES256 EncryptionAlgorithm   = "aes-256"
-	EncryptionAlgorithmAES192 EncryptionAlgorithm   = "aes-192"
-	UnitSeconds               Unit                  = "seconds"
-	UnitKilobytes             Unit                  = "kilobytes"
-	PFSGroup2                 PFS                   = "group2"
-	PFSGroup5                 PFS                   = "group5"
-	PFSGroup14                PFS                   = "group14"
-	IKEVersionv1              IKEVersion            = "v1"
-	IKEVersionv2              IKEVersion            = "v2"
-	Phase1NegotiationModeMain Phase1NegotiationMode = "main"
+	AuthAlgorithmSHA1              AuthAlgorithm         = "sha1"
+	AuthAlgorithmSHA256            AuthAlgorithm         = "sha256"
+	AuthAlgorithmSHA384            AuthAlgorithm         = "sha384"
+	AuthAlgorithmSHA512            AuthAlgorithm         = "sha512"
+	AuthAlgorithmAESXCBC           AuthAlgorithm         = "aes-xcbc"
+	AuthAlgorithmAESCMAC           AuthAlgorithm         = "aes-cmac"
+	EncryptionAlgorithm3DES        EncryptionAlgorithm   = "3des"
+	EncryptionAlgorithmAES128      EncryptionAlgorithm   = "aes-128"
+	EncryptionAlgorithmAES192      EncryptionAlgorithm   = "aes-192"
+	EncryptionAlgorithmAES256      EncryptionAlgorithm   = "aes-256"
+	EncryptionAlgorithmAES128CTR   EncryptionAlgorithm   = "aes-128-ctr"
+	EncryptionAlgorithmAES192CTR   EncryptionAlgorithm   = "aes-192-ctr"
+	EncryptionAlgorithmAES256CTR   EncryptionAlgorithm   = "aes-256-ctr"
+	EncryptionAlgorithmAES128CCM8  EncryptionAlgorithm   = "aes-128-ccm-8"
+	EncryptionAlgorithmAES128CCM12 EncryptionAlgorithm   = "aes-128-ccm-12"
+	EncryptionAlgorithmAES128CCM16 EncryptionAlgorithm   = "aes-128-ccm-16"
+	EncryptionAlgorithmAES192CCM8  EncryptionAlgorithm   = "aes-192-ccm-8"
+	EncryptionAlgorithmAES192CCM12 EncryptionAlgorithm   = "aes-192-ccm-12"
+	EncryptionAlgorithmAES192CCM16 EncryptionAlgorithm   = "aes-192-ccm-16"
+	EncryptionAlgorithmAES256CCM8  EncryptionAlgorithm   = "aes-256-ccm-8"
+	EncryptionAlgorithmAES256CCM12 EncryptionAlgorithm   = "aes-256-ccm-12"
+	EncryptionAlgorithmAES256CCM16 EncryptionAlgorithm   = "aes-256-ccm-16"
+	EncryptionAlgorithmAES128GCM8  EncryptionAlgorithm   = "aes-128-gcm-8"
+	EncryptionAlgorithmAES128GCM12 EncryptionAlgorithm   = "aes-128-gcm-12"
+	EncryptionAlgorithmAES128GCM16 EncryptionAlgorithm   = "aes-128-gcm-16"
+	EncryptionAlgorithmAES192GCM8  EncryptionAlgorithm   = "aes-192-gcm-8"
+	EncryptionAlgorithmAES192GCM12 EncryptionAlgorithm   = "aes-192-gcm-12"
+	EncryptionAlgorithmAES192GCM16 EncryptionAlgorithm   = "aes-192-gcm-16"
+	EncryptionAlgorithmAES256GCM8  EncryptionAlgorithm   = "aes-256-gcm-8"
+	EncryptionAlgorithmAES256GCM12 EncryptionAlgorithm   = "aes-256-gcm-12"
+	EncryptionAlgorithmAES256GCM16 EncryptionAlgorithm   = "aes-256-gcm-16"
+	UnitSeconds                    Unit                  = "seconds"
+	UnitKilobytes                  Unit                  = "kilobytes"
+	PFSGroup2                      PFS                   = "group2"
+	PFSGroup5                      PFS                   = "group5"
+	PFSGroup14                     PFS                   = "group14"
+	PFSGroup15                     PFS                   = "group15"
+	PFSGroup16                     PFS                   = "group16"
+	PFSGroup17                     PFS                   = "group17"
+	PFSGroup18                     PFS                   = "group18"
+	PFSGroup19                     PFS                   = "group19"
+	PFSGroup20                     PFS                   = "group20"
+	PFSGroup21                     PFS                   = "group21"
+	PFSGroup22                     PFS                   = "group22"
+	PFSGroup23                     PFS                   = "group23"
+	PFSGroup24                     PFS                   = "group24"
+	PFSGroup25                     PFS                   = "group25"
+	PFSGroup26                     PFS                   = "group26"
+	PFSGroup27                     PFS                   = "group27"
+	PFSGroup28                     PFS                   = "group28"
+	PFSGroup29                     PFS                   = "group29"
+	PFSGroup30                     PFS                   = "group30"
+	PFSGroup31                     PFS                   = "group31"
+	IKEVersionv1                   IKEVersion            = "v1"
+	IKEVersionv2                   IKEVersion            = "v2"
+	Phase1NegotiationModeMain      Phase1NegotiationMode = "main"
 )
 
 // CreateOptsBuilder allows extensions to add additional parameters to the
diff --git a/openstack/networking/v2/extensions/vpnaas/ipsecpolicies/requests.go b/openstack/networking/v2/extensions/vpnaas/ipsecpolicies/requests.go
@@ -15,24 +15,64 @@ type PFS string
 type Unit string
 
 const (
-	TransformProtocolESP       TransformProtocol   = "esp"
-	TransformProtocolAH        TransformProtocol   = "ah"
-	TransformProtocolAHESP     TransformProtocol   = "ah-esp"
-	AuthAlgorithmSHA1          AuthAlgorithm       = "sha1"
-	AuthAlgorithmSHA256        AuthAlgorithm       = "sha256"
-	AuthAlgorithmSHA384        AuthAlgorithm       = "sha384"
-	AuthAlgorithmSHA512        AuthAlgorithm       = "sha512"
-	EncryptionAlgorithm3DES    EncryptionAlgorithm = "3des"
-	EncryptionAlgorithmAES128  EncryptionAlgorithm = "aes-128"
-	EncryptionAlgorithmAES256  EncryptionAlgorithm = "aes-256"
-	EncryptionAlgorithmAES192  EncryptionAlgorithm = "aes-192"
-	EncapsulationModeTunnel    EncapsulationMode   = "tunnel"
-	EncapsulationModeTransport EncapsulationMode   = "transport"
-	UnitSeconds                Unit                = "seconds"
-	UnitKilobytes              Unit                = "kilobytes"
-	PFSGroup2                  PFS                 = "group2"
-	PFSGroup5                  PFS                 = "group5"
-	PFSGroup14                 PFS                 = "group14"
+	TransformProtocolESP           TransformProtocol   = "esp"
+	TransformProtocolAH            TransformProtocol   = "ah"
+	TransformProtocolAHESP         TransformProtocol   = "ah-esp"
+	AuthAlgorithmSHA1              AuthAlgorithm       = "sha1"
+	AuthAlgorithmSHA256            AuthAlgorithm       = "sha256"
+	AuthAlgorithmSHA384            AuthAlgorithm       = "sha384"
+	AuthAlgorithmSHA512            AuthAlgorithm       = "sha512"
+	AuthAlgorithmAESXCBC           AuthAlgorithm       = "aes-xcbc"
+	AuthAlgorithmAESCMAC           AuthAlgorithm       = "aes-cmac"
+	EncryptionAlgorithm3DES        EncryptionAlgorithm = "3des"
+	EncryptionAlgorithmAES128      EncryptionAlgorithm = "aes-128"
+	EncryptionAlgorithmAES192      EncryptionAlgorithm = "aes-192"
+	EncryptionAlgorithmAES256      EncryptionAlgorithm = "aes-256"
+	EncryptionAlgorithmAES128CTR   EncryptionAlgorithm = "aes-128-ctr"
+	EncryptionAlgorithmAES192CTR   EncryptionAlgorithm = "aes-192-ctr"
+	EncryptionAlgorithmAES256CTR   EncryptionAlgorithm = "aes-256-ctr"
+	EncryptionAlgorithmAES128CCM8  EncryptionAlgorithm = "aes-128-ccm-8"
+	EncryptionAlgorithmAES128CCM12 EncryptionAlgorithm = "aes-128-ccm-12"
+	EncryptionAlgorithmAES128CCM16 EncryptionAlgorithm = "aes-128-ccm-16"
+	EncryptionAlgorithmAES192CCM8  EncryptionAlgorithm = "aes-192-ccm-8"
+	EncryptionAlgorithmAES192CCM12 EncryptionAlgorithm = "aes-192-ccm-12"
+	EncryptionAlgorithmAES192CCM16 EncryptionAlgorithm = "aes-192-ccm-16"
+	EncryptionAlgorithmAES256CCM8  EncryptionAlgorithm = "aes-256-ccm-8"
+	EncryptionAlgorithmAES256CCM12 EncryptionAlgorithm = "aes-256-ccm-12"
+	EncryptionAlgorithmAES256CCM16 EncryptionAlgorithm = "aes-256-ccm-16"
+	EncryptionAlgorithmAES128GCM8  EncryptionAlgorithm = "aes-128-gcm-8"
+	EncryptionAlgorithmAES128GCM12 EncryptionAlgorithm = "aes-128-gcm-12"
+	EncryptionAlgorithmAES128GCM16 EncryptionAlgorithm = "aes-128-gcm-16"
+	EncryptionAlgorithmAES192GCM8  EncryptionAlgorithm = "aes-192-gcm-8"
+	EncryptionAlgorithmAES192GCM12 EncryptionAlgorithm = "aes-192-gcm-12"
+	EncryptionAlgorithmAES192GCM16 EncryptionAlgorithm = "aes-192-gcm-16"
+	EncryptionAlgorithmAES256GCM8  EncryptionAlgorithm = "aes-256-gcm-8"
+	EncryptionAlgorithmAES256GCM12 EncryptionAlgorithm = "aes-256-gcm-12"
+	EncryptionAlgorithmAES256GCM16 EncryptionAlgorithm = "aes-256-gcm-16"
+	EncapsulationModeTunnel        EncapsulationMode   = "tunnel"
+	EncapsulationModeTransport     EncapsulationMode   = "transport"
+	UnitSeconds                    Unit                = "seconds"
+	UnitKilobytes                  Unit                = "kilobytes"
+	PFSGroup2                      PFS                 = "group2"
+	PFSGroup5                      PFS                 = "group5"
+	PFSGroup14                     PFS                 = "group14"
+	PFSGroup15                     PFS                 = "group15"
+	PFSGroup16                     PFS                 = "group16"
+	PFSGroup17                     PFS                 = "group17"
+	PFSGroup18                     PFS                 = "group18"
+	PFSGroup19                     PFS                 = "group19"
+	PFSGroup20                     PFS                 = "group20"
+	PFSGroup21                     PFS                 = "group21"
+	PFSGroup22                     PFS                 = "group22"
+	PFSGroup23                     PFS                 = "group23"
+	PFSGroup24                     PFS                 = "group24"
+	PFSGroup25                     PFS                 = "group25"
+	PFSGroup26                     PFS                 = "group26"
+	PFSGroup27                     PFS                 = "group27"
+	PFSGroup28                     PFS                 = "group28"
+	PFSGroup29                     PFS                 = "group29"
+	PFSGroup30                     PFS                 = "group30"
+	PFSGroup31                     PFS                 = "group31"
 )
 
 // CreateOptsBuilder allows extensions to add additional parameters to the
