added hooks for IKE and CHILD keymat

2 files changed, 21 insertions, 11 deletions

diff --git a/src/charon/sa/tasks/child_create.c b/src/charon/sa/tasks/child_create.c
index 541cf97c8..c4536d9cc 100644
--- a/src/charon/sa/tasks/child_create.c
+++ b/src/charon/sa/tasks/child_create.c
@@ -197,7 +197,7 @@ static bool ts_list_is_host(linked_list_t *list, host_t *host)
 static status_t select_and_install(private_child_create_t *this, bool no_dh)
 {
 	status_t status;
-	chunk_t encr_i, integ_i, encr_r, integ_r;
+	chunk_t nonce_i, nonce_r, encr_i, integ_i, encr_r, integ_r;
 	linked_list_t *my_ts, *other_ts;
 	host_t *me, *other, *other_vip, *my_vip;
 	
@@ -256,11 +256,15 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
 	
 	if (this->initiator)
 	{
+		nonce_i = this->my_nonce;
+		nonce_r = this->other_nonce;
 		my_ts = this->tsi;
 		other_ts = this->tsr;
 	}
 	else
 	{
+		nonce_r = this->my_nonce;
+		nonce_i = this->other_nonce;
 		my_ts = this->tsr;
 		other_ts = this->tsi;
 	}
@@ -336,21 +340,15 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
 	}
 	
 	status = FAILED;
-	if (this->initiator)
+	if (this->keymat->derive_child_keys(this->keymat, this->proposal,
+			this->dh, nonce_i, nonce_r,	&encr_i, &integ_i, &encr_r, &integ_r))
 	{
-		if (this->keymat->derive_child_keys(this->keymat, this->proposal,
-					this->dh, this->my_nonce, this->other_nonce,
-					&encr_i, &integ_i, &encr_r, &integ_r))
+		if (this->initiator)
 		{
 			status = this->child_sa->update(this->child_sa, this->proposal,
 							this->mode, integ_r, integ_i, encr_r, encr_i);
 		}
-	}
-	else
-	{
-		if (this->keymat->derive_child_keys(this->keymat, this->proposal,
-					this->dh, this->other_nonce, this->my_nonce,
-					&encr_i, &integ_i, &encr_r, &integ_r))
+		else
 		{
 			status = this->child_sa->add(this->child_sa, this->proposal,
 							this->mode, integ_i, integ_r, encr_i, encr_r);
@@ -366,6 +364,10 @@ static status_t select_and_install(private_child_create_t *this, bool no_dh)
 		DBG1(DBG_IKE, "unable to install IPsec SA (SAD) in kernel");
 		return FAILED;
 	}
+	
+	charon->bus->child_keys(charon->bus, this->child_sa, this->dh,
+							nonce_i, nonce_r);
+	
 	/* add to IKE_SA, and remove from task */
 	this->child_sa->set_state(this->child_sa, CHILD_INSTALLED);
 	this->ike_sa->add_child_sa(this->ike_sa, this->child_sa);
diff --git a/src/charon/sa/tasks/ike_init.c b/src/charon/sa/tasks/ike_init.c
index 522d1d70a..ce440d820 100644
--- a/src/charon/sa/tasks/ike_init.c
+++ b/src/charon/sa/tasks/ike_init.c
@@ -385,6 +385,7 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
 		message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
 		return FAILED;
 	}
+	this->ike_sa->set_proposal(this->ike_sa, this->proposal);
 	
 	if (this->dh == NULL ||
 		!this->proposal->has_dh_group(this->proposal, this->dh_group))
@@ -423,6 +424,9 @@ static status_t build_r(private_ike_init_t *this, message_t *message)
 		return FAILED;
 	}
 	
+	charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
+						  this->other_nonce, this->my_nonce, this->old_sa);
+	
 	build_payloads(this, message);
 	return SUCCESS;
 }
@@ -508,6 +512,7 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
 		DBG1(DBG_IKE, "peers proposal selection invalid");
 		return FAILED;
 	}
+	this->ike_sa->set_proposal(this->ike_sa, this->proposal);
 	
 	if (this->dh == NULL ||
 		!this->proposal->has_dh_group(this->proposal, this->dh_group))
@@ -529,6 +534,9 @@ static status_t process_i(private_ike_init_t *this, message_t *message)
 		return FAILED;
 	}
 	
+	charon->bus->ike_keys(charon->bus, this->ike_sa, this->dh,
+						  this->my_nonce, this->other_nonce, this->old_sa);
+	
 	return SUCCESS;
 }