charon-tkm: Remove useless checks when deriving IKE keys

src/charon-tkm/src/tkm/tkm_keymat.c

@@ -98,7 +98,6 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id,
 	pseudo_random_function_t rekey_function, chunk_t rekey_skd)
 {
-	uint16_t enc_alg, int_alg, key_size;
 	uint64_t nc_id, spi_loc, spi_rem;
 	chunk_t *nonce;
 	tkm_diffie_hellman_t *tkm_dh;
@@ -109,38 +108,6 @@ METHOD(keymat_v2_t, derive_ike_keys, bool,
 	icv_len_type icv_len;
 	iv_len_type iv_len;
 
-	/* Check encryption and integrity algorithms */
-	if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg,
-								 &key_size))
-	{
-		DBG1(DBG_IKE, "no %N selected", transform_type_names,
-			 ENCRYPTION_ALGORITHM);
-		return FALSE;
-	}
-	if (encryption_algorithm_is_aead(enc_alg))
-	{
-		DBG1(DBG_IKE, "AEAD algorithm %N not supported",
-			 encryption_algorithm_names, enc_alg);
-		return FALSE;
-	}
-	if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &int_alg, NULL))
-	{
-		DBG1(DBG_IKE, "no %N selected", transform_type_names,
-			 INTEGRITY_ALGORITHM);
-		return FALSE;
-	}
-	if (!(enc_alg == ENCR_AES_CBC && key_size == 256 &&
-		  int_alg == AUTH_HMAC_SHA2_512_256))
-	{
-		DBG1(DBG_IKE, "the TKM only supports aes256-sha512 at the moment, "
-			 "please update your configuration");
-		return FALSE;
-	}
-
-	DBG2(DBG_IKE, "using %N for encryption, %N for integrity",
-		 encryption_algorithm_names, enc_alg, integrity_algorithm_names,
-		 int_alg);
-
 	/* Acquire nonce context id */
 	nonce = this->initiator ? &nonce_i : &nonce_r;
 	nc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce);