Add dialect map to support AEAD algorithms with Libreswan

This adds the missing dialect map for Libreswan to support the new AEAD ciphers. Closes-Bug: #2127159 Co-authored-by: Maximilian Stinsky <maximilian.stinsky-damke@wiit.cloud> Signed-off-by: Maximilian Sesterhenn <maximilian.sesterhenn@wiit.cloud> Change-Id: I1f6e9e6a46c8c148708e080bf4cbfb8ab37a9b90
2025-10-09 10:13:45 +02:00
parent e0b5e2001b
commit 310ecf6cda
2 changed files with 38 additions and 0 deletions
--- a/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
+++ b/neutron_vpnaas/services/vpn/device_drivers/libreswan_ipsec.py
@@ -25,8 +25,41 @@ class LibreSwanProcess(ipsec.OpenSwanProcess):
    """
    IPSEC_CONF_NAT_TRAVERSAL = None
    DIALECT_MAP = dict(ipsec.BaseSwanProcess.DIALECT_MAP)
    # pylint: disable=useless-super-delegation
    def __init__(self, conf, process_id, vpnservice, namespace):
        dialect_map_update = {
            # ENCR_AES_CTR
            'aes-128-ctr': 'aes_ctr128',
            'aes-192-ctr': 'aes_ctr192',
            'aes-256-ctr': 'aes_ctr256',
            # ENCR_AES_CCM_8
            'aes-128-ccm-8': 'aes_ccm_a128',
            'aes-192-ccm-8': 'aes_ccm_a192',
            'aes-256-ccm-8': 'aes_ccm_a256',
            # ENCR_AES_CCM_12
            'aes-128-ccm-12': 'aes_ccm_b128',
            'aes-192-ccm-12': 'aes_ccm_b192',
            'aes-256-ccm-12': 'aes_ccm_b256',
            # ENCR_AES_CCM_16
            'aes-128-ccm-16': 'aes_ccm_c128',
            'aes-192-ccm-16': 'aes_ccm_c192',
            'aes-256-ccm-16': 'aes_ccm_c256',
            # ENCR_AES_GCM_8
            'aes-128-gcm-8': 'aes_gcm_a128',
            'aes-192-gcm-8': 'aes_gcm_a192',
            'aes-256-gcm-8': 'aes_gcm_a256',
            # ENCR_AES_GCM_12
            'aes-128-gcm-12': 'aes_gcm_b128',
            'aes-192-gcm-12': 'aes_gcm_b192',
            'aes-256-gcm-12': 'aes_gcm_b256',
            # ENCR_AES_GCM_16
            'aes-128-gcm-16': 'aes_gcm_c128',
            'aes-192-gcm-16': 'aes_gcm_c192',
            'aes-256-gcm-16': 'aes_gcm_c256'
        }
        self.DIALECT_MAP.update(dialect_map_update)
        self._rootwrap_cfg = self._get_rootwrap_config()
        super().__init__(conf, process_id, vpnservice, namespace)
--- a/releasenotes/notes/add-missing-dialect-map-libreswan-aead-ciphers-23fca20ad7da7214.yaml
+++ b/releasenotes/notes/add-missing-dialect-map-libreswan-aead-ciphers-23fca20ad7da7214.yaml
@@ -0,0 +1,5 @@
 ---
 fixes:
  - |
    The required dialect map has been added to allow for usage of the
    new AEAD ciphers with Libreswan.