ike-init: Send USE_PPK notify as appropriate
This commit is contained in:
parent
1fb46f7119
commit
600b106852
|
@ -269,6 +269,38 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether to send a USE_PPK notify
|
||||
*/
|
||||
static bool send_use_ppk(private_ike_init_t *this)
|
||||
{
|
||||
peer_cfg_t *peer;
|
||||
enumerator_t *keys;
|
||||
shared_key_t *key;
|
||||
bool use_ppk = FALSE;
|
||||
|
||||
if (this->initiator)
|
||||
{
|
||||
peer = this->ike_sa->get_peer_cfg(this->ike_sa);
|
||||
if (peer->get_ppk_id(peer))
|
||||
{
|
||||
use_ppk = TRUE;
|
||||
}
|
||||
}
|
||||
else if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
|
||||
{
|
||||
/* check if we have at least one PPK available */
|
||||
keys = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PPK,
|
||||
NULL, NULL);
|
||||
if (keys->enumerate(keys, &key, NULL, NULL))
|
||||
{
|
||||
use_ppk = TRUE;
|
||||
}
|
||||
keys->destroy(keys);
|
||||
}
|
||||
return use_ppk;
|
||||
}
|
||||
|
||||
/**
|
||||
* build the payloads for the message
|
||||
*/
|
||||
|
@ -396,6 +428,11 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
|
|||
chunk_empty);
|
||||
}
|
||||
}
|
||||
/* notify the peer if we want to use/support PPK */
|
||||
if (!this->old_sa && send_use_ppk(this))
|
||||
{
|
||||
message->add_notify(message, FALSE, USE_PPK, chunk_empty);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -510,6 +547,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
|
|||
handle_supported_hash_algorithms(this, notify);
|
||||
}
|
||||
break;
|
||||
case USE_PPK:
|
||||
if (!this->old_sa)
|
||||
{
|
||||
this->ike_sa->enable_extension(this->ike_sa,
|
||||
EXT_PPK);
|
||||
}
|
||||
break;
|
||||
case REDIRECTED_FROM:
|
||||
{
|
||||
identification_t *gateway;
|
||||
|
|
Loading…
Reference in New Issue