From 0d33245b56127b333fd4cc63f9abbc09cab42116 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 18 Jul 2013 21:22:10 +0200
Subject: [PATCH 1/3] strongswan: Update rootfile.

---
 config/rootfiles/common/strongswan | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index c94ce6f3b..627b8d2d0 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -73,6 +73,7 @@ usr/lib/ipsec/plugins/libstrongswan-socket-default.so
 usr/lib/ipsec/plugins/libstrongswan-stroke.so
 usr/lib/ipsec/plugins/libstrongswan-updown.so
 usr/lib/ipsec/plugins/libstrongswan-x509.so
+usr/lib/ipsec/plugins/libstrongswan-xauth-eap.so
 usr/lib/ipsec/plugins/libstrongswan-xauth-generic.so
 usr/lib/ipsec/plugins/libstrongswan-xcbc.so
 #usr/libexec/ipsec

From 26dfc86a7be473138c60e1a869e51b30db346a0f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 20 Jul 2013 12:49:46 +0200
Subject: [PATCH 2/3] ipsec: Add ECP cryptography.

Allow selecting ECDH for IPsec VPN connections.
---
 html/cgi-bin/vpnmain.cgi | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 26f179341..2e3ef9a57 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -316,9 +316,16 @@ sub writeipsecfiles {
 	        foreach my $j (@ints) {
 	    	    foreach my $k (@groups) {
 		        if ($comma != 0) { print CONF ","; } else { $comma = 1; }
-		    print CONF "$i-$j-modp$k";
-		}
+
+		        my @l = split("", $k);
+		        if ($l[0] eq "e") {
+		            shift @l;
+		            print CONF "$i-$j-ecp".join("", @l);
+		        } else {
+		            print CONF "$i-$j-modp$k";
+		        }
 		    }
+	        }
 	    }
 	    if ($lconfighash{$key}[24] eq 'on') {	#only proposed algorythms?
 		print CONF "!\n";
@@ -339,7 +346,12 @@ sub writeipsecfiles {
 				foreach my $k (@groups) {
 				    if ($comma != 0) { print CONF ","; } else { $comma = 1; }
 				    if ($pfs eq "on") {
-					$modp = "-modp$k";
+					my @l = split("", $k);
+					if ($l[0] eq "e") {
+						$modp = "";
+					} else {
+						$modp = "-modp$k";
+					}
 				    } else {
 				        $modp = "";
 				    }
@@ -411,7 +423,7 @@ sub writeipsecfiles {
 
 # Hook to regenerate the configuration files.
 if ($ENV{"REMOTE_ADDR"} eq "") {
-	writeipsecfiles;
+	writeipsecfiles();
 	exit(0);
 }
 
@@ -2111,7 +2123,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(1024|1536|2048|3072|4096|6144|8192)$/) {
+	    if ($val !~ /^(e521|e384|e256|e224|e192|1024|1536|2048|3072|4096|6144|8192)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
@@ -2147,6 +2159,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    }
 	}
 	if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
+	    $cgiparams{'ESP_GROUPTYPE'} !~  /^ecp(192|224|256|384|512)$/ &&
 	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
 	    goto ADVANCED_ERROR;
@@ -2305,6 +2318,11 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
 		<select name='IKE_GROUPTYPE' multiple='multiple' size='4'>
+		<option value='e521' $checked{'IKE_GROUPTYPE'}{'e521'}>ECP-521</option>
+		<option value='e384' $checked{'IKE_GROUPTYPE'}{'e384'}>ECP-384</option>
+		<option value='e256' $checked{'IKE_GROUPTYPE'}{'e256'}>ECP-256</option>
+		<option value='e224' $checked{'IKE_GROUPTYPE'}{'e224'}>ECP-224</option>
+		<option value='e192' $checked{'IKE_GROUPTYPE'}{'e192'}>ECP-192</option>
 		<option value='8192' $checked{'IKE_GROUPTYPE'}{'8192'}>MODP-8192</option>
 		<option value='6144' $checked{'IKE_GROUPTYPE'}{'6144'}>MODP-6144</option>
 		<option value='4096' $checked{'IKE_GROUPTYPE'}{'4096'}>MODP-4096</option>

From 6ab7955c31ab01cf8fcac874fd5553bc9da89049 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 20 Jul 2013 18:47:51 +0200
Subject: [PATCH 3/3] Add IPsec ECP changes to core update 72.

---
 config/rootfiles/core/72/filelists/files | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/rootfiles/core/72/filelists/files b/config/rootfiles/core/72/filelists/files
index efa475945..7ab00d485 100644
--- a/config/rootfiles/core/72/filelists/files
+++ b/config/rootfiles/core/72/filelists/files
@@ -1,3 +1,4 @@
 etc/system-release
 etc/issue
+srv/web/ipfire/cgi-bin/vpnmain.cgi
 usr/local/bin/openvpnctrl