2 files changed, 35 insertions, 0 deletions

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index bb085b86f..b36353b5c 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -66,6 +66,11 @@ struct private_tkm_keymat_t {
 	 */
 	ae_id_type ae_ctx_id;
 
+	/**
+	 * AUTH payload chunk.
+	 */
+	chunk_t auth_payload;
+
 };
 
 /**
@@ -352,6 +357,7 @@ METHOD(keymat_t, destroy, void,
 
 	DESTROY_IF(this->aead_in);
 	DESTROY_IF(this->aead_out);
+	chunk_free(&this->auth_payload);
 	this->proxy->keymat.destroy(&this->proxy->keymat);
 	free(this);
 }
@@ -362,6 +368,18 @@ METHOD(tkm_keymat_t, get_isa_id, isa_id_type,
 	return this->isa_ctx_id;
 }
 
+METHOD(tkm_keymat_t, set_auth_payload, void,
+	private_tkm_keymat_t *this, const chunk_t * const payload)
+{
+	this->auth_payload = chunk_clone(*payload);
+}
+
+METHOD(tkm_keymat_t, get_auth_payload, chunk_t*,
+	private_tkm_keymat_t *this)
+{
+	return &this->auth_payload;
+}
+
 /**
  * See header.
  */
@@ -384,10 +402,13 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
 			.get_auth_octets = _get_auth_octets,
 			.get_psk_sig = _get_psk_sig,
 			.get_isa_id = _get_isa_id,
+			.set_auth_payload = _set_auth_payload,
+			.get_auth_payload = _get_auth_payload,
 		},
 		.initiator = initiator,
 		.isa_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ISA),
 		.ae_ctx_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_AE),
+		.auth_payload = chunk_empty,
 		.proxy = keymat_v2_create(initiator),
 	);
 
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.h b/src/charon-tkm/src/tkm/tkm_keymat.h
index 1fb15596a..22da32f4e 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.h
+++ b/src/charon-tkm/src/tkm/tkm_keymat.h
@@ -114,6 +114,20 @@ struct tkm_keymat_t {
 	 */
 	isa_id_type (*get_isa_id)(tkm_keymat_t * const this);
 
+	/**
+	 * Set IKE AUTH payload.
+	 *
+	 * @param payload		AUTH payload
+	 */
+	void (*set_auth_payload)(tkm_keymat_t *this, const chunk_t * const payload);
+
+	/**
+	 * Get IKE AUTH payload.
+	 *
+	 * @return				AUTH payload if set, chunk_empty otherwise
+	 */
+	chunk_t* (*get_auth_payload)(tkm_keymat_t * const this);
+
 };
 
 /**