ikev2: Mark IKE_SAs that used PPK during authentication

2025-10-05 00:00:45 -04:00 · 2018-07-27 12:14:18 +02:00 · 2018-07-27 12:14:18 +02:00 · e4d85011e4
commit e4d85011e4
parent 6627706786
2 changed files with 6 additions and 0 deletions
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@ -232,6 +232,11 @@ enum ike_condition_t {
 	 * Online certificate revocation checking is suspended for this IKE_SA
 	 */
 	COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+	/**
+	 * A Postquantum Preshared Key was used when this IKE_SA was created
+	 */
+	COND_PPK = (1<<13),
 };

 /**
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@ -937,6 +937,7 @@ static bool apply_ppk(private_ike_auth_t *this)
 			return FALSE;
 		}
 		DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+		this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
 	}
 	clear_ppk(this);
 	return TRUE;