diff options
author | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
---|---|---|
committer | Yves-Alexis Perez <corsac@debian.org> | 2016-10-20 16:18:38 +0200 |
commit | 25663e04c3ab01ef8dc9f906608282319cfea2db (patch) | |
tree | a0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/libimcv/pts | |
parent | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff) | |
download | vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip |
New upstream version 5.5.1
Diffstat (limited to 'src/libimcv/pts')
-rw-r--r-- | src/libimcv/pts/pts.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 2ba949e40..d771d07ed 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this) DBG1(DBG_PTS, "AIK Blob is not available"); } - /* get AIK public key */ - if (key_path) + /* get AIK public key if no AIK certificate is available */ + if (!this->aik_cert) { - map = chunk_map(key_path, FALSE); - if (map) + if (key_path) { - DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); - aik_pubkey = chunk_clone(*map); - chunk_unmap(map); + map = chunk_map(key_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); + aik_pubkey = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", + key_path, strerror(errno)); + } } else { - DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", - key_path, strerror(errno)); + DBG1(DBG_PTS, "AIK public key is not available"); } } - else - { - DBG1(DBG_PTS, "AIK public key is not available"); - } /* Load AIK item into TPM 1.2 object */ tpm_12 = (tpm_tss_trousers_t *)this->tpm; @@ -716,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool, scheme = SIGN_RSA_EMSA_PKCS1_SHA1; break; case HASH_SHA256: - scheme = SIGN_RSA_EMSA_PKCS1_SHA256; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256; break; case HASH_SHA384: - scheme = SIGN_RSA_EMSA_PKCS1_SHA384; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384; break; case HASH_SHA512: - scheme = SIGN_RSA_EMSA_PKCS1_SHA512; + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512; + break; + case HASH_SHA3_256: + scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256; + break; + case HASH_SHA3_384: + scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384; + break; + case HASH_SHA3_512: + scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512; break; default: scheme = SIGN_UNKNOWN; |