ikev2: Mark IKE_SAs that used PPK during authentication
authorTobias Brunner <tobias@strongswan.org>
Fri, 27 Jul 2018 10:14:18 +0000 (12:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 10 Sep 2018 16:03:18 +0000 (18:03 +0200)
src/libcharon/sa/ike_sa.h
src/libcharon/sa/ikev2/tasks/ike_auth.c

index ff1b716..c1d3e1d 100644 (file)
@@ -232,6 +232,11 @@ enum ike_condition_t {
         * Online certificate revocation checking is suspended for this IKE_SA
         */
        COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+       /**
+        * A Postquantum Preshared Key was used when this IKE_SA was created
+        */
+       COND_PPK = (1<<13),
 };
 
 /**
index 8d9fa91..1e462f0 100644 (file)
@@ -937,6 +937,7 @@ static bool apply_ppk(private_ike_auth_t *this)
                        return FALSE;
                }
                DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+               this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
        }
        clear_ppk(this);
        return TRUE;