Use remote PSK signature computed by TKM

1 files changed, 19 insertions, 25 deletions

diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 43e0c1f02..3b1fd1cd2 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -305,34 +305,28 @@ METHOD(tkm_keymat_t, get_psk_sig, bool,
 	private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
 	chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
 {
-	DBG1(DBG_IKE, "returning PSK signature");
-	if (!verify)
-	{
-		signature_type signature;
-		init_message_type msg;
-		chunk_to_sequence(&ike_sa_init, &msg);
-
-		chunk_t idx_chunk, chunk = chunk_alloca(4);
-		chunk.ptr[0] = id->get_type(id);
-		memcpy(chunk.ptr + 1, reserved, 3);
-		idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
-		idx_type idx;
-		chunk_to_sequence(&idx_chunk, &idx);
-
-		if (ike_isa_sign_psk(1, msg, idx, &signature) != TKM_OK)
-		{
-			DBG1(DBG_IKE, "get local PSK signature failed");
-			return FALSE;
-		}
+	DBG1(DBG_IKE, "returning %s PSK signature", verify ? "remote" : "local");
 
-		sequence_to_chunk(&signature.data[0], signature.size, sig);
-		return TRUE;
-	}
-	else
+	signature_type signature;
+	init_message_type msg;
+	chunk_to_sequence(&ike_sa_init, &msg);
+
+	chunk_t idx_chunk, chunk = chunk_alloca(4);
+	chunk.ptr[0] = id->get_type(id);
+	memcpy(chunk.ptr + 1, reserved, 3);
+	idx_chunk = chunk_cata("cc", chunk, id->get_encoding(id));
+	idx_type idx;
+	chunk_to_sequence(&idx_chunk, &idx);
+
+	if (ike_isa_sign_psk(1, msg, idx, verify == TRUE, &signature) != TKM_OK)
 	{
-		return this->proxy->get_psk_sig(this->proxy, verify, ike_sa_init, nonce,
-			secret, id, reserved, sig);
+		DBG1(DBG_IKE, "get %s PSK signature failed", verify ?
+				"remote" : "local");
+		return FALSE;
 	}
+
+	sequence_to_chunk(&signature.data[0], signature.size, sig);
+	return TRUE;
 }
 
 METHOD(keymat_t, destroy, void,