keymat: Call ike_isa_sign_psk in get_psk_sig

Get PSK signed AUTH octets from TKM in initiator case.

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 36067eae8ff0ddcff73794c50a6204f797b103c2..0c71967e31229c505929c58ef49a56633c7f95ef 100644 (file)
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -298,8 +298,33 @@ METHOD(tkm_keymat_t, get_psk_sig, bool,
        chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
        DBG1(DBG_IKE, "returning PSK signature");
-       return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
+       if (!verify)
+       {
+               signature_type signature;
+               init_message_type msg;
+               chunk_to_sequence(&ike_sa_init, &msg);
+
+               chunk_t idx_chunk, chunk = chunk_alloca(4);
+               chunk.ptr[0] = id->get_type(id);
+               memcpy(chunk.ptr + 1, reserved, 3);
+               idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
+               idx_type idx;
+               chunk_to_sequence(&idx_chunk, &idx);
+
+               if (ike_isa_sign_psk(1, msg, idx, &signature) != TKM_OK)
+               {
+                       DBG1(DBG_IKE, "get local PSK signature failed");
+                       return FALSE;
+               }
+
+               sequence_to_chunk(&signature.data[0], signature.size, sig);
+               return TRUE;
+       }
+       else
+       {
+               return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
                        secret, id, reserved, sig);
+       }
 }
 
 METHOD(keymat_t, destroy, void,