summaryrefslogtreecommitdiff
path: root/src/libimcv/pts
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
committerYves-Alexis Perez <corsac@debian.org>2016-10-20 16:18:38 +0200
commit25663e04c3ab01ef8dc9f906608282319cfea2db (patch)
treea0ca5e70f66d74dbe552c996a4f3a285cdfc35e4 /src/libimcv/pts
parentbf372706c469764d59e9f29c39e3ecbebd72b8d2 (diff)
downloadvyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.tar.gz
vyos-strongswan-25663e04c3ab01ef8dc9f906608282319cfea2db.zip
New upstream version 5.5.1
Diffstat (limited to 'src/libimcv/pts')
-rw-r--r--src/libimcv/pts/pts.c44
1 files changed, 28 insertions, 16 deletions
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 2ba949e40..d771d07ed 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this)
DBG1(DBG_PTS, "AIK Blob is not available");
}
- /* get AIK public key */
- if (key_path)
+ /* get AIK public key if no AIK certificate is available */
+ if (!this->aik_cert)
{
- map = chunk_map(key_path, FALSE);
- if (map)
+ if (key_path)
{
- DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
- aik_pubkey = chunk_clone(*map);
- chunk_unmap(map);
+ map = chunk_map(key_path, FALSE);
+ if (map)
+ {
+ DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
+ aik_pubkey = chunk_clone(*map);
+ chunk_unmap(map);
+ }
+ else
+ {
+ DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
+ key_path, strerror(errno));
+ }
}
else
{
- DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
- key_path, strerror(errno));
+ DBG1(DBG_PTS, "AIK public key is not available");
}
}
- else
- {
- DBG1(DBG_PTS, "AIK public key is not available");
- }
/* Load AIK item into TPM 1.2 object */
tpm_12 = (tpm_tss_trousers_t *)this->tpm;
@@ -716,13 +719,22 @@ METHOD(pts_t, verify_quote_signature, bool,
scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
break;
case HASH_SHA256:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_256;
break;
case HASH_SHA384:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_384;
break;
case HASH_SHA512:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
+ break;
+ case HASH_SHA3_256:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_256;
+ break;
+ case HASH_SHA3_384:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA3_384;
+ break;
+ case HASH_SHA3_512:
+ scheme = SIGN_RSA_EMSA_PKCS1_SHA2_512;
break;
default:
scheme = SIGN_UNKNOWN;