diff options
| author | Yves-Alexis Perez <corsac@corsac.net> | 2018-02-19 18:17:21 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@corsac.net> | 2018-02-19 18:17:21 +0100 |
| commit | 7793611ee71b576dd9c66dee327349fa64e38740 (patch) | |
| tree | f1379ec1aed52a3c772874d4ed690b90975b9623 /src/libimcv/plugins | |
| parent | e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (diff) | |
| download | vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.tar.gz vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.zip | |
New upstream version 5.6.2
Diffstat (limited to 'src/libimcv/plugins')
| -rw-r--r-- | src/libimcv/plugins/imc_os/imc_os.c | 31 | ||||
| -rw-r--r-- | src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag (renamed from src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag) | 4 | ||||
| -rw-r--r-- | src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag (renamed from src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag) | 4 |
3 files changed, 33 insertions, 6 deletions
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index cabcd0a9e..d7b508ab9 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -239,9 +239,10 @@ static void add_default_pwd_enabled(imc_msg_t *msg) static void add_device_id(imc_msg_t *msg) { pa_tnc_attr_t *attr; - chunk_t value = chunk_empty, keyid; - char *name, *device_id, *cert_path; + chunk_t chunk, value = chunk_empty, keyid; + char *name, *device_id, *device_handle, *cert_path; certificate_t *cert = NULL; + private_key_t *privkey = NULL; public_key_t *pubkey; /* Get the device ID as a character string */ @@ -254,6 +255,32 @@ static void add_device_id(imc_msg_t *msg) if (value.len == 0) { + /* Derive the device ID from a private key bound to a smartcard or TPM */ + device_handle = lib->settings->get_str(lib->settings, + "%s.plugins.imc-os.device_handle", NULL, lib->ns); + if (device_handle) + { + chunk = chunk_from_hex( + chunk_create(device_handle, strlen(device_handle)), NULL); + privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, + BUILD_PKCS11_KEYID, chunk, BUILD_END); + free(chunk.ptr); + + if (privkey) + { + if (privkey->get_fingerprint(privkey, KEYID_PUBKEY_INFO_SHA1, + &keyid)) + { + value = chunk_to_hex(keyid, NULL, FALSE); + } + privkey->destroy(privkey); + + } + } + } + + if (value.len == 0) + { /* Derive the device ID from a raw public key */ cert_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-os.device_pubkey", NULL, lib->ns); diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag index f10740d60..bb4d300a9 100644 --- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag +++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> <SoftwareIdentity name="strongSwan" - tagId="strongSwan-5-6-1" - version="5.6.1" versionScheme="alphanumeric" + tagId="strongSwan-5-6-2" + version="5.6.2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> <Entity name="strongSwan Project" diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag index f10740d60..bb4d300a9 100644 --- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag +++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> <SoftwareIdentity name="strongSwan" - tagId="strongSwan-5-6-1" - version="5.6.1" versionScheme="alphanumeric" + tagId="strongSwan-5-6-2" + version="5.6.2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd"> <Entity name="strongSwan Project" |