From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 27 Jul 2018 10:14:18 +0000 (+0200)
Subject: ikev2: Mark IKE_SAs that used PPK during authentication
X-Git-Tag: 5.7.0rc1~19^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e4d85011e48858f6dd0b9e06db1a6b0dbc5df2ed;p=thirdparty%2Fstrongswan.git

ikev2: Mark IKE_SAs that used PPK during authentication
---

diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index ff1b7168cf..c1d3e1d7a9 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -232,6 +232,11 @@ enum ike_condition_t {
 	 * Online certificate revocation checking is suspended for this IKE_SA
 	 */
 	COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+	/**
+	 * A Postquantum Preshared Key was used when this IKE_SA was created
+	 */
+	COND_PPK = (1<<13),
 };
 
 /**
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 8d9fa916b6..1e462f0ff8 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -937,6 +937,7 @@ static bool apply_ppk(private_ike_auth_t *this)
 			return FALSE;
 		}
 		DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+		this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
 	}
 	clear_ppk(this);
 	return TRUE;