ikev2: Mark IKE_SAs that used PPK during authentication

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index ff1b7168cf6fa41af447f1f684fe0727549262be..c1d3e1d7a900794aa9fb285aab8c80e00bc34410 100644 (file)
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -232,6 +232,11 @@ enum ike_condition_t {
         * Online certificate revocation checking is suspended for this IKE_SA
         */
        COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+       /**
+        * A Postquantum Preshared Key was used when this IKE_SA was created
+        */
+       COND_PPK = (1<<13),
 };
 
 /**

diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 8d9fa916b692c77dca22300ac3dad31c39d633a5..1e462f0ff8dcd12deebe4c0f516ce0a1620b2f56 100644 (file)
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -937,6 +937,7 @@ static bool apply_ppk(private_ike_auth_t *this)
                        return FALSE;
                }
                DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+               this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
        }
        clear_ppk(this);
        return TRUE;