Dev news

Commit 757dce2ed3 for strongswan.org

commit 757dce2ed3b90e8b49a4e458190e4a9c152bd600
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Thu May 22 11:30:42 2025 +0200

    charon-cmd: Add support for PSK authentication with IKEv2

    Can be useful for testing purposes (e.g. some public test servers use
    PSKs).

diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c
index aa61642e95..aaf02c6c78 100644
--- a/src/charon-cmd/cmd/cmd_connection.c
+++ b/src/charon-cmd/cmd/cmd_connection.c
@@ -36,6 +36,7 @@ enum profile_t {
 	PROF_V2_PUB,
 	PROF_V2_EAP,
 	PROF_V2_PUB_EAP,
+	PROF_V2_PSK,
 	PROF_V1_PUB,
 	PROF_V1_PUB_AM,
 	PROF_V1_XAUTH,
@@ -50,6 +51,7 @@ ENUM(profile_names, PROF_V2_PUB, PROF_V1_HYBRID_AM,
 	"ikev2-pub",
 	"ikev2-eap",
 	"ikev2-pub-eap",
+	"ikev2-psk",
 	"ikev1-pub",
 	"ikev1-pub-am",
 	"ikev1-xauth",
@@ -164,6 +166,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this)
 		case PROF_V2_PUB:
 		case PROF_V2_EAP:
 		case PROF_V2_PUB_EAP:
+		case PROF_V2_PSK:
 			ike.version = IKEV2;
 			break;
 		case PROF_V1_PUB_AM:
@@ -301,6 +304,10 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg)
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_EAP);
 			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_ANY);
 			break;
+		case PROF_V2_PSK:
+			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PSK);
+			add_auth_cfg(this, peer_cfg, FALSE, AUTH_CLASS_PSK);
+			break;
 		case PROF_V1_PUB:
 		case PROF_V1_PUB_AM:
 			add_auth_cfg(this, peer_cfg, TRUE, AUTH_CLASS_PUBKEY);
diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c
index c53b79a4f1..8aa09050fb 100644
--- a/src/charon-cmd/cmd/cmd_options.c
+++ b/src/charon-cmd/cmd/cmd_options.c
@@ -65,7 +65,7 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = {
 	  "a single AH proposal to offer instead of the default", {}},
 	{ CMD_OPT_PROFILE, "profile", required_argument, "name",
 	  "authentication profile to use, where name is one of:", {
-		"  ikev2-pub, ikev2-eap, ikev2-pub-eap",
+		"  ikev2-pub, ikev2-eap, ikev2-pub-eap, ikev2-psk",
 		"  ikev1-pub[-am], ikev1-xauth[-am],",
 		"  ikev1-xauth-psk[-am], ikev1-hybrid[-am]",
 	}},