New upstream version 5.6.2

author: Yves-Alexis Perez <corsac@corsac.net> 2018-02-19 18:17:21 +0100
committer: Yves-Alexis Perez <corsac@corsac.net> 2018-02-19 18:17:21 +0100
commit: 7793611ee71b576dd9c66dee327349fa64e38740 (patch)
tree: f1379ec1aed52a3c772874d4ed690b90975b9623 /src/libimcv
parent: e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (diff)
download: vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.tar.gz
vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.zip
5 files changed, 35 insertions, 8 deletions
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index cabcd0a9e..d7b508ab9 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -239,9 +239,10 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
 static void add_device_id(imc_msg_t *msg)
 {
 	pa_tnc_attr_t *attr;
-	chunk_t value = chunk_empty, keyid;
-	char *name, *device_id, *cert_path;
+	chunk_t chunk, value = chunk_empty, keyid;
+	char *name, *device_id, *device_handle, *cert_path;
 	certificate_t *cert = NULL;
+	private_key_t *privkey = NULL;
 	public_key_t *pubkey;
 
 	/* Get the device ID as a character string */
@@ -254,6 +255,32 @@ static void add_device_id(imc_msg_t *msg)
 
 	if (value.len == 0)
 	{
+		/* Derive the device ID from a private key bound to a smartcard or TPM */
+		device_handle = lib->settings->get_str(lib->settings,
+						"%s.plugins.imc-os.device_handle", NULL, lib->ns);
+		if (device_handle)
+		{
+			chunk = chunk_from_hex(
+					chunk_create(device_handle, strlen(device_handle)), NULL);
+			privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+										 BUILD_PKCS11_KEYID, chunk, BUILD_END);
+			free(chunk.ptr);
+
+			if (privkey)
+			{
+				if (privkey->get_fingerprint(privkey, KEYID_PUBKEY_INFO_SHA1,
+											 &keyid))
+				{
+					value = chunk_to_hex(keyid, NULL, FALSE);
+				}
+				privkey->destroy(privkey);
+
+			}
+		}
+	}
+
+	if (value.len == 0)
+	{
 		/* Derive the device ID from a raw public key */
 		cert_path = lib->settings->get_str(lib->settings,
 							"%s.plugins.imc-os.device_pubkey", NULL, lib->ns);
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
index f10740d60..bb4d300a9 100644
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
+++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <SoftwareIdentity
   name="strongSwan"
-  tagId="strongSwan-5-6-1"
-  version="5.6.1" versionScheme="alphanumeric"
+  tagId="strongSwan-5-6-2"
+  version="5.6.2" versionScheme="alphanumeric"
   xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
   <Entity
     name="strongSwan Project"
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
index f10740d60..bb4d300a9 100644
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <SoftwareIdentity
   name="strongSwan"
-  tagId="strongSwan-5-6-1"
-  version="5.6.1" versionScheme="alphanumeric"
+  tagId="strongSwan-5-6-2"
+  version="5.6.2" versionScheme="alphanumeric"
   xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
   <Entity
     name="strongSwan Project"
diff --git a/src/libimcv/pts/pts_database.h b/src/libimcv/pts/pts_database.h
index 3a5ff5992..a19f14485 100644
--- a/src/libimcv/pts/pts_database.h
+++ b/src/libimcv/pts/pts_database.h
@@ -74,7 +74,7 @@ struct pts_database_t {
 	* @param measurement	File measurement hash
 	* @param filename		Optional name of the file to be checked
 	* @param is_dir			TRUE if part of directory measurement
-	* @param id				Primary key into direcories/files table
+	* @param id				Primary key into directories/files table
 	* @return				TRUE if successful
 	*/
 	bool (*add_file_measurement)(pts_database_t *this, int vid,
diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h
index df84c679f..0658f1f98 100644
--- a/src/libimcv/pts/pts_pcr.h
+++ b/src/libimcv/pts/pts_pcr.h
@@ -92,7 +92,7 @@ struct pts_pcr_t {
 	 * Extend the content of a PCR
 	 *
 	 * @param pcr			index of PCR
-	 * @param measurement	measurment value to be extended into PCR
+	 * @param measurement	measurement value to be extended into PCR
 	 * @return				new content of PCR
 	 */
 	chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement);
author	Yves-Alexis Perez <corsac@corsac.net>	2018-02-19 18:17:21 +0100
committer	Yves-Alexis Perez <corsac@corsac.net>	2018-02-19 18:17:21 +0100
commit	7793611ee71b576dd9c66dee327349fa64e38740 (patch)
tree	f1379ec1aed52a3c772874d4ed690b90975b9623 /src/libimcv
parent	e1d78dc2faaa06e7c3f71ef674a71e4de2f0758e (diff)
download	vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.tar.gz vyos-strongswan-7793611ee71b576dd9c66dee327349fa64e38740.zip