keymat: Call ike_isa_sign_psk in get_psk_sig
authorAdrian-Ken Rueegsegger <ken@codelabs.ch>
Wed, 29 Aug 2012 16:32:28 +0000 (18:32 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Mar 2013 14:23:46 +0000 (15:23 +0100)
Get PSK signed AUTH octets from TKM in initiator case.

src/charon-tkm/src/tkm/tkm_keymat.c

index 36067ea..0c71967 100644 (file)
@@ -298,8 +298,33 @@ METHOD(tkm_keymat_t, get_psk_sig, bool,
        chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
        DBG1(DBG_IKE, "returning PSK signature");
-       return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
+       if (!verify)
+       {
+               signature_type signature;
+               init_message_type msg;
+               chunk_to_sequence(&ike_sa_init, &msg);
+
+               chunk_t idx_chunk, chunk = chunk_alloca(4);
+               chunk.ptr[0] = id->get_type(id);
+               memcpy(chunk.ptr + 1, reserved, 3);
+               idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
+               idx_type idx;
+               chunk_to_sequence(&idx_chunk, &idx);
+
+               if (ike_isa_sign_psk(1, msg, idx, &signature) != TKM_OK)
+               {
+                       DBG1(DBG_IKE, "get local PSK signature failed");
+                       return FALSE;
+               }
+
+               sequence_to_chunk(&signature.data[0], signature.size, sig);
+               return TRUE;
+       }
+       else
+       {
+               return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
                        secret, id, reserved, sig);
+       }
 }
 
 METHOD(keymat_t, destroy, void,