ikev2: Diversify signature scheme rule

This allows for different signature schemes for IKE authentication and
trustchain verification.

Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>

2 files changed, 4 insertions, 3 deletions

diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 2929033aa..64cd775ad 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -130,7 +130,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
 	enumerator = auth->create_enumerator(auth);
 	while (enumerator->enumerate(enumerator, &rule, &config))
 	{
-		if (rule != AUTH_RULE_SIGNATURE_SCHEME)
+		if (rule != AUTH_RULE_IKE_SIGNATURE_SCHEME)
 		{
 			continue;
 		}
@@ -427,7 +427,8 @@ METHOD(authenticator_t, process, status_t,
 			auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
 			if (this->store_signature_scheme)
 			{
-				auth->add(auth, AUTH_RULE_SIGNATURE_SCHEME, (uintptr_t)scheme);
+				auth->add(auth, AUTH_RULE_IKE_SIGNATURE_SCHEME,
+						 (uintptr_t)scheme);
 			}
 			break;
 		}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 5cfb51807..78579be95 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -171,7 +171,7 @@ static void send_supported_hash_algorithms(private_ike_init_t *this,
 			enumerator = auth->create_enumerator(auth);
 			while (enumerator->enumerate(enumerator, &rule, &config))
 			{
-				if (rule == AUTH_RULE_SIGNATURE_SCHEME)
+				if (rule == AUTH_RULE_IKE_SIGNATURE_SCHEME)
 				{
 					hash = hasher_from_signature_scheme(config);
 					if (hasher_algorithm_for_ikev2(hash))