diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
| commit | e0e280b7669435b991b7e457abd8aa450930b3e8 (patch) | |
| tree | 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libcharon/sa/ikev2/keymat_v2.h | |
| parent | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff) | |
| download | vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip | |
New upstream version 5.7.0
Diffstat (limited to 'src/libcharon/sa/ikev2/keymat_v2.h')
| -rw-r--r-- | src/libcharon/sa/ikev2/keymat_v2.h | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h index 5dc9cda38..3cc071aeb 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.h +++ b/src/libcharon/sa/ikev2/keymat_v2.h @@ -58,6 +58,16 @@ struct keymat_v2_t { chunk_t rekey_skd); /** + * Derive SK_d, SK_pi and SK_pr after authentication using the given + * Postquantum Preshared Key and the previous values of these keys that + * were derived by derive_ike_keys(). + * + * @param ppk the postquantum preshared key + * @return TRUE on success + */ + bool (*derive_ike_keys_ppk)(keymat_v2_t *this, chunk_t ppk); + + /** * Derive keys for a CHILD_SA. * * The keys for the CHILD_SA are allocated in the integ and encr chunks. @@ -95,9 +105,10 @@ struct keymat_v2_t { * key. PSK and EAP authentication include a secret into the data, use * the get_psk_sig() method instead. * - * @param verify TRUE to create for verfification, FALSE to sign + * @param verify TRUE to create for verification, FALSE to sign * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value + * @param ppk optional postquantum preshared key * @param id identity * @param reserved reserved bytes of id_payload * @param octests chunk receiving allocated auth octets @@ -107,7 +118,7 @@ struct keymat_v2_t { * @return TRUE if octets created successfully */ bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, identification_t *id, + chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3], chunk_t *octets, array_t *schemes); /** @@ -117,17 +128,18 @@ struct keymat_v2_t { * includes the secret into the signature. If no secret is given, SK_p is * used as secret (used for EAP methods without MSK). * - * @param verify TRUE to create for verfification, FALSE to sign + * @param verify TRUE to create for verification, FALSE to sign * @param ike_sa_init encoded ike_sa_init message * @param nonce nonce value * @param secret optional secret to include into signature + * @param ppk optional postquantum preshared key * @param id identity * @param reserved reserved bytes of id_payload * @param sign chunk receiving allocated signature octets * @return TRUE if signature created successfully */ bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init, - chunk_t nonce, chunk_t secret, + chunk_t nonce, chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3], chunk_t *sig); /** |