2 files changed, 45 insertions, 3 deletions

diff --git a/src/libcharon/sa/keymat.c b/src/libcharon/sa/keymat.c
index 7ef0b9f5d..26c305f77 100644
--- a/src/libcharon/sa/keymat.c
+++ b/src/libcharon/sa/keymat.c
@@ -18,27 +18,33 @@
 #include <sa/ikev1/keymat_v1.h>
 #include <sa/ikev2/keymat_v2.h>
 
+static keymat_constructor_t keymat_v1_ctor = NULL, keymat_v2_ctor = NULL;
+
 /**
  * See header
  */
 keymat_t *keymat_create(ike_version_t version, bool initiator)
 {
+	keymat_t *keymat = NULL;
+
 	switch (version)
 	{
 		case IKEV1:
 #ifdef USE_IKEV1
-			return &keymat_v1_create(initiator)->keymat;
+			keymat = keymat_v1_ctor ? keymat_v1_ctor(initiator)
+									: &keymat_v1_create(initiator)->keymat;
 #endif
 			break;
 		case IKEV2:
 #ifdef USE_IKEV2
-			return &keymat_v2_create(initiator)->keymat;
+			keymat = keymat_v2_ctor ? keymat_v2_ctor(initiator)
+									: &keymat_v2_create(initiator)->keymat;
 #endif
 			break;
 		default:
 			break;
 	}
-	return NULL;
+	return keymat;
 }
 
 /**
@@ -99,3 +105,22 @@ int keymat_get_keylen_integ(integrity_algorithm_t alg)
 	}
 	return 0;
 }
+
+/**
+ * See header.
+ */
+void keymat_register_constructor(ike_version_t version,
+								 keymat_constructor_t create)
+{
+	switch (version)
+	{
+		case IKEV1:
+			keymat_v1_ctor = create;
+			break;
+		case IKEV2:
+			keymat_v2_ctor = create;
+			break;
+		default:
+			break;
+	}
+}
diff --git a/src/libcharon/sa/keymat.h b/src/libcharon/sa/keymat.h
index a64be2378..02db5ca58 100644
--- a/src/libcharon/sa/keymat.h
+++ b/src/libcharon/sa/keymat.h
@@ -32,6 +32,14 @@ typedef struct keymat_t keymat_t;
 #include <sa/ike_sa_id.h>
 
 /**
+ * Constructor function for custom keymat implementations
+ *
+ * @param initiator		TRUE if the keymat is used as initiator
+ * @return				keymat_t implementation
+ */
+typedef keymat_t* (*keymat_constructor_t)(bool initiator);
+
+/**
  * Derivation an management of sensitive keying material.
  */
 struct keymat_t {
@@ -110,4 +118,13 @@ int keymat_get_keylen_encr(encryption_algorithm_t alg);
  */
 int keymat_get_keylen_integ(integrity_algorithm_t alg);
 
+/**
+ * Register keymat_t constructor for given IKE version.
+ *
+ * @param version			IKE version of given keymat constructor
+ * @param create			keymat constructor function, NULL to unregister
+ */
+void keymat_register_constructor(ike_version_t version,
+								 keymat_constructor_t create);
+
 #endif /** KEYMAT_H_ @}*/