Merge with EOM 1.56

author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.

Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.

author: angelos
Begin support for KeyNote credentials exchanged.

1 files changed, 7 insertions, 3 deletions

diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h
index 6e6ddf93572..40b5261b37e 100644
--- a/sbin/isakmpd/sa.h
+++ b/sbin/isakmpd/sa.h
@@ -1,5 +1,5 @@
-/*	$OpenBSD: sa.h,v 1.15 2000/02/01 02:46:18 niklas Exp $	*/
-/*	$EOM: sa.h,v 1.54 2000/01/31 22:33:49 niklas Exp $	*/
+/*	$OpenBSD: sa.h,v 1.16 2000/06/08 20:50:07 niklas Exp $	*/
+/*	$EOM: sa.h,v 1.56 2000/05/19 05:47:53 angelos Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niklas Hallqvist.  All rights reserved.
@@ -143,9 +143,13 @@ struct sa {
   /* Set if we were the initiator of the SA/exchange in Phase 1 */
   int initiator;
 
+  /* Policy session ID, where applicable, copied over from the exchange */
+  int policy_id;
+
   /* Certs or other information from Phase 1 */  
-  int recv_certtype, recv_certlen;
+  int recv_certtype, recv_certlen, recv_certid;
   void *recv_cert;
+  void *recv_key; /* Key used to authenticate, in KeyNote */
     
   /* DOI-specific opaque data.  */
   void *data;