From 736ac6555410ae3c4b54f0325e8202c2fd9c2e22 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 5 Jun 2020 14:07:43 +0200
Subject: [PATCH] ikev1: Fix PSK lookup for Main Mode initiators

We need the PSK/identity already when deriving the keys in process_i().

Fixes: 1665a4e0504f ("ikev1: Use actual local identity as initiator or aggressive mode responder")
---
 src/libcharon/sa/ikev1/tasks/main_mode.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 24b2f24d17..9416177abc 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -250,6 +250,7 @@ METHOD(task_t, build_i, status_t,
 		{
 			sa_payload_t *sa_payload;
 			linked_list_t *proposals;
+			identification_t *id;
 			packet_t *packet;
 
 			DBG0(DBG_IKE, "initiating Main Mode IKE_SA %s[%d] to %H",
@@ -261,6 +262,8 @@ METHOD(task_t, build_i, status_t,
 			this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
 			this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
 			this->peer_cfg->get_ref(this->peer_cfg);
+			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
+			this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
 
 			this->method = this->ph1->get_auth_method(this->ph1, this->peer_cfg);
 			if (this->method == AUTH_NONE)
@@ -331,8 +334,7 @@ METHOD(task_t, build_i, status_t,
 			id_payload_t *id_payload;
 			identification_t *id;
 
-			id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
-			this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
+			id = this->ike_sa->get_my_id(this->ike_sa);
 			id_payload = id_payload_create_from_identification(PLV1_ID, id);
 			message->add_payload(message, &id_payload->payload_interface);
 
-- 
2.47.2