+ child_sa = ikev2_sa_get_child (sa, n->spi, n->protocol_id, 1);
+ if (!child_sa)
+ {
+ ikev2_elog_uint (IKEV2_LOG_ERROR, "child SA spi %lx not found",
+ n->spi);
+ goto cleanup_and_exit;
+ }
+ vec_add2 (sa->rekey, rekey, 1);
+ rekey->protocol_id = n->protocol_id;
+ rekey->spi = n->spi;
+ rekey->i_proposal = proposal;
+ rekey->r_proposal =
+ ikev2_select_proposal (proposal, IKEV2_PROTOCOL_ESP);
+ /* update Ni */
+ vec_reset_length (sa->i_nonce);
+ vec_add (sa->i_nonce, nonce, IKEV2_NONCE_SIZE);
+ /* generate new Nr */
+ vec_validate (sa->r_nonce, IKEV2_NONCE_SIZE - 1);
+ RAND_bytes ((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);
+ }
+ else
+ {
+ /* create new child SA */
+ vec_add2 (sa->new_child, rekey, 1);
+ rekey->i_proposal = proposal;
+ rekey->r_proposal =
+ ikev2_select_proposal (proposal, IKEV2_PROTOCOL_ESP);
+ /* update Ni */
+ vec_reset_length (sa->i_nonce);
+ vec_add (sa->i_nonce, nonce, IKEV2_NONCE_SIZE);
+ /* generate new Nr */
+ vec_validate (sa->r_nonce, IKEV2_NONCE_SIZE - 1);
+ RAND_bytes ((u8 *) sa->r_nonce, IKEV2_NONCE_SIZE);