Current File : //kunden/usr/share/crypto-policies/python/policygenerators/__pycache__/libreswan.cpython-39.pyc
a

�
�g��@sDddlZddlmZmZddlmZddlmZGdd�de�ZdS)�N)�CalledProcessError�call)�mkstemp�)�ConfigGeneratorc@seZdZdZhd�ZdZddddddd	d
ddd
d�Zdddddddd�Zdddddddddddddd�
Zddddddddddddd�Z	ddddd d!d"d d!d"d#�
Z
d$d%d&d'd(�Zd$d%d&d'd)�Zd$d%d*�Z
ed+d,��Zed-d.��Zed/d0��Zed1d2��Zed3d4��Zd5S)6�LibreswanGenerator�	libreswan>ZipsecZikerz5systemctl try-restart ipsec.service 2>/dev/null || :
�Zdh31Zdh19Zdh20Zdh21Zdh5Zdh14Zdh15Zdh16Zdh18)ZX448ZX25519�	SECP256R1Z	SECP384R1Z	SECP521R1z
FFDHE-6144z
FFDHE-1536�
FFDHE-2048z
FFDHE-3072z
FFDHE-4096z
FFDHE-8192Zaes256Zaes192Zaes128Z
aes_gcm256Z
aes_gcm192Z
aes_gcm128Zchacha20_poly1305)zAES-256-CBCzAES-192-CBCzAES-128-CBCzAES-256-GCMzAES-192-GCMzAES-128-GCMzCHACHA20-POLY1305Zsha2_512Zsha2_256)
�AES-256-CBC-HMAC-SHA2-512�AES-256-CBC-HMAC-SHA2-256�AES-192-CBC-HMAC-SHA2-512�AES-192-CBC-HMAC-SHA2-256�AES-128-CBC-HMAC-SHA2-256zAES-256-GCM-HMAC-SHA2-512zAES-256-GCM-HMAC-SHA2-256zAES-192-GCM-HMAC-SHA2-512zAES-192-GCM-HMAC-SHA2-256zAES-128-GCM-HMAC-SHA2-512zAES-128-GCM-HMAC-SHA2-256zCHACHA20-POLY1305-HMAC-SHA2-512zCHACHA20-POLY1305-HMAC-SHA2-256Zsha1)rrr
rrzAES-256-CBC-HMAC-SHA1zAES-192-CBC-HMAC-SHA1zAES-128-CBC-HMAC-SHA1zAES-256-GCM-AEADzAES-192-GCM-AEADzAES-128-GCM-AEADzCHACHA20-POLY1305-AEADzrsa-sha1zecdsa-sha2_256zecdsa-sha2_384zecdsa-sha2_512zrsa-sha2_256zrsa-sha2_384zrsa-sha2_512)
zRSA-SHA1zECDSA-SHA2-256zECDSA-SHA2-384zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512zRSA-PSS-RSAE-SHA2-256zRSA-PSS-RSAE-SHA2-384zRSA-PSS-RSAE-SHA2-512rr��)�AEAD�
HMAC-SHA2-512�
HMAC-SHA2-256�	HMAC-SHA1)rrrr)r
rcCs||jvrdS|j|S�N�c)�mac_ike_prio_map��cls�key�r�?/usr/share/crypto-policies/python/policygenerators/libreswan.pyZ__get_ike_prioss
z!LibreswanGenerator.__get_ike_priocCs||jvrdS|j|Sr)�mac_esp_prio_maprrrrZ__get_esp_priozs
z!LibreswanGenerator.__get_esp_priocCs||jvrdS|j|Sr)�group_prio_maprrrrZ__get_group_prio�s
z#LibreswanGenerator.__get_group_prioc
Csd}d}|j}d}dd�|dD�}d|vr2d}nd	|vr>d
}|rR|d|d7}|d
7}t|d|jd�}t|d|jd�}d}	|dD]�}
z|j|
}Wnty�Yq�Yn0|d}d}|D]@}
z|j|
d|
}Wnty�Yq�Yn0|�||d�}q�|�sq�||7}d}|D]>}z|j|}Wnt�yJY�qYn0|�||d�}�q|�||d�}|�|	||�}	q�|	�r�|d|	d7}t|d|j	d�}d}	|dD]�}
z|j|
}Wnt�y�Y�q�Yn0|d}d}|D]V}
z|j
|
d|
}Wnt�y"Y�q�Yn0|�s4|}�qF|�||d�}�q�||7}|dd�dk�rd�q�|�|	||�}	�q�|	�r�|d|	d7}d}	t�}|dD]R}z|j|}Wnt�y�Y�q�Yn0||v�r�|�
|�|�|	||�}	�q�|	�r|d|	d7}|S)Nzconn %default
�,r	cSsg|]}|�d�r|�qS)ZIKE)�
startswith)�.0�xrrr�
<listcomp>��z6LibreswanGenerator.generate_config.<locals>.<listcomp>ZprotocolZIKEv2zikev2=insistZIKEv1zikev2=never�	�
z		pfs=yes
�mac)r�group�cipher�-�+z	ike=���z	esp=�signz	authby=)Zenabled�sorted�!_LibreswanGenerator__get_ike_prio�#_LibreswanGenerator__get_group_prio�
cipher_map�KeyError�cipher_prf_map�append�	group_map�!_LibreswanGenerator__get_esp_prio�cipher_mac_map�set�sign_map�add)rZpolicyZcfg�sep�p�s�protoZsorted_macsZ
sorted_groups�tmpr+�cmZcombor)Zmm�ir*Zsigalgsr/Zsmrrr�generate_config�s���

�

z"LibreswanGenerator.generate_configc	Cs�t�dtj�sdSt�\}}d}zzt�|d��}|�|�Wd�n1sN0Yztd|�d�dd�}Wnty�|�d�Yn0Wt�	|�nt�	|�0|r�|�d	�|�d
|���dSdS)Nz/usr/sbin/ipsecT��wz'/usr/sbin/ipsec readwriteconf --config z >/dev/null)�shellz!/usr/sbin/ipsec: Execution failedz/There is an error in libreswan generated policyzPolicy:
F)
�os�access�X_OKr�fdopen�writerrZeprint�unlink)rZconfig�fd�path�ret�frrr�test_config�s&
(�

zLibreswanGenerator.test_configN)�__name__�
__module__�__qualname__ZCONFIG_NAMEZSCOPESZ
RELOAD_CMDr7r3r5r9r;rrr �classmethodr1r8r2rDrRrrrrr
s���
�����
�



_r)	rH�
subprocessrrZtempfilerZconfiggeneratorrrrrrr�<module>s