summaryrefslogtreecommitdiff
path: root/src/libimcv/plugins/imc_os/imc_os.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libimcv/plugins/imc_os/imc_os.c')
-rw-r--r--src/libimcv/plugins/imc_os/imc_os.c31
1 files changed, 29 insertions, 2 deletions
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index cabcd0a9e..d7b508ab9 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -239,9 +239,10 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
static void add_device_id(imc_msg_t *msg)
{
pa_tnc_attr_t *attr;
- chunk_t value = chunk_empty, keyid;
- char *name, *device_id, *cert_path;
+ chunk_t chunk, value = chunk_empty, keyid;
+ char *name, *device_id, *device_handle, *cert_path;
certificate_t *cert = NULL;
+ private_key_t *privkey = NULL;
public_key_t *pubkey;
/* Get the device ID as a character string */
@@ -254,6 +255,32 @@ static void add_device_id(imc_msg_t *msg)
if (value.len == 0)
{
+ /* Derive the device ID from a private key bound to a smartcard or TPM */
+ device_handle = lib->settings->get_str(lib->settings,
+ "%s.plugins.imc-os.device_handle", NULL, lib->ns);
+ if (device_handle)
+ {
+ chunk = chunk_from_hex(
+ chunk_create(device_handle, strlen(device_handle)), NULL);
+ privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ BUILD_PKCS11_KEYID, chunk, BUILD_END);
+ free(chunk.ptr);
+
+ if (privkey)
+ {
+ if (privkey->get_fingerprint(privkey, KEYID_PUBKEY_INFO_SHA1,
+ &keyid))
+ {
+ value = chunk_to_hex(keyid, NULL, FALSE);
+ }
+ privkey->destroy(privkey);
+
+ }
+ }
+ }
+
+ if (value.len == 0)
+ {
/* Derive the device ID from a raw public key */
cert_path = lib->settings->get_str(lib->settings,
"%s.plugins.imc-os.device_pubkey", NULL, lib->ns);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 01:00:44 +0000