EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
/**
- * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2
+ * Postquantum Preshared Keys, RFC 8784
*/
EXT_PPK = (1<<15),
* Responder accepts childless IKE_SAs, RFC 6023
*/
EXT_IKE_CHILDLESS = (1<<16),
+
+ /**
+ * IKEv2 Intermediate Exchange, RFC 9242
+ */
+ EXT_IKE_INTERMEDIATE = (1<<17),
};
/**
proposal_t *proposal;
enumerator_t *enumerator;
ike_cfg_t *ike_cfg;
+ bool additional_ke = FALSE;
id = this->ike_sa->get_id(this->ike_sa);
proposal_list->remove_at(proposal_list, enumerator);
other_dh_groups->insert_last(other_dh_groups, proposal);
}
+ additional_ke = additional_ke ||
+ proposal_has_additional_ke(proposal);
}
enumerator->destroy(enumerator);
/* add proposals that don't contain the selected group */
this->proposal->set_spi(this->proposal, id->get_responder_spi(id));
}
sa_payload = sa_payload_create_from_proposal_v2(this->proposal);
+ additional_ke = proposal_has_additional_ke(this->proposal);
}
message->add_payload(message, (payload_t*)sa_payload);
message->add_notify(message, FALSE, CHILDLESS_IKEV2_SUPPORTED,
chunk_empty);
}
+ if (!this->old_sa && additional_ke)
+ {
+ if (this->initiator ||
+ this->ike_sa->supports_extension(this->ike_sa,
+ EXT_IKE_INTERMEDIATE))
+ {
+ message->add_notify(message, FALSE, INTERMEDIATE_EXCHANGE_SUPPORTED,
+ chunk_empty);
+ }
+ }
return TRUE;
}
EXT_IKE_CHILDLESS);
}
break;
+ case INTERMEDIATE_EXCHANGE_SUPPORTED:
+ if (!this->old_sa)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_IKE_INTERMEDIATE);
+ }
+ break;
default:
/* other notifies are handled elsewhere */
break;
projects / thirdparty / strongswan.git / commitdiff
