summaryrefslogtreecommitdiff
path: root/src/libcharon/sa/ikev2/keymat_v2.h
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:25 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:25 +0200
commit7152c3439f3decbb6366d94464d3c089674c8c30 (patch)
tree48bfe66e31226d55914868bc0558f479e2a22a36 /src/libcharon/sa/ikev2/keymat_v2.h
parentc2ac4e0da62d859085148d8518d558402e1f9a8c (diff)
parente0e280b7669435b991b7e457abd8aa450930b3e8 (diff)
downloadvyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.tar.gz
vyos-strongswan-7152c3439f3decbb6366d94464d3c089674c8c30.zip
Update upstream source from tag 'upstream/5.7.0'
Update to upstream version '5.7.0' with Debian dir b608300a1e1f88db62d14d08a55ca09f3603f054
Diffstat (limited to 'src/libcharon/sa/ikev2/keymat_v2.h')
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.h20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 5dc9cda38..3cc071aeb 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -58,6 +58,16 @@ struct keymat_v2_t {
chunk_t rekey_skd);
/**
+ * Derive SK_d, SK_pi and SK_pr after authentication using the given
+ * Postquantum Preshared Key and the previous values of these keys that
+ * were derived by derive_ike_keys().
+ *
+ * @param ppk the postquantum preshared key
+ * @return TRUE on success
+ */
+ bool (*derive_ike_keys_ppk)(keymat_v2_t *this, chunk_t ppk);
+
+ /**
* Derive keys for a CHILD_SA.
*
* The keys for the CHILD_SA are allocated in the integ and encr chunks.
@@ -95,9 +105,10 @@ struct keymat_v2_t {
* key. PSK and EAP authentication include a secret into the data, use
* the get_psk_sig() method instead.
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param octests chunk receiving allocated auth octets
@@ -107,7 +118,7 @@ struct keymat_v2_t {
* @return TRUE if octets created successfully
*/
bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id,
+ chunk_t nonce, chunk_t ppk, identification_t *id,
char reserved[3], chunk_t *octets,
array_t *schemes);
/**
@@ -117,17 +128,18 @@ struct keymat_v2_t {
* includes the secret into the signature. If no secret is given, SK_p is
* used as secret (used for EAP methods without MSK).
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
* @param secret optional secret to include into signature
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param sign chunk receiving allocated signature octets
* @return TRUE if signature created successfully
*/
bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, chunk_t secret,
+ chunk_t nonce, chunk_t secret, chunk_t ppk,
identification_t *id, char reserved[3], chunk_t *sig);
/**