From 7793611ee71b576dd9c66dee327349fa64e38740 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@corsac.net>
Date: Mon, 19 Feb 2018 18:17:21 +0100
Subject: New upstream version 5.6.2

---
 src/libimcv/plugins/imc_os/imc_os.c                | 31 ++++++++++++++++++++--
 .../strongswan.org__strongSwan-5-6-1.swidtag       | 11 --------
 .../strongswan.org__strongSwan-5-6-2.swidtag       | 11 ++++++++
 .../strongswan.org__strongSwan-5-6-1.swidtag       | 11 --------
 .../strongswan.org__strongSwan-5-6-2.swidtag       | 11 ++++++++
 5 files changed, 51 insertions(+), 24 deletions(-)
 delete mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
 create mode 100644 src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
 delete mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
 create mode 100644 src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag

(limited to 'src/libimcv/plugins')

diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index cabcd0a9e..d7b508ab9 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -239,9 +239,10 @@ static void add_default_pwd_enabled(imc_msg_t *msg)
 static void add_device_id(imc_msg_t *msg)
 {
 	pa_tnc_attr_t *attr;
-	chunk_t value = chunk_empty, keyid;
-	char *name, *device_id, *cert_path;
+	chunk_t chunk, value = chunk_empty, keyid;
+	char *name, *device_id, *device_handle, *cert_path;
 	certificate_t *cert = NULL;
+	private_key_t *privkey = NULL;
 	public_key_t *pubkey;
 
 	/* Get the device ID as a character string */
@@ -252,6 +253,32 @@ static void add_device_id(imc_msg_t *msg)
 		value = chunk_clone(chunk_from_str(device_id));
 	}
 
+	if (value.len == 0)
+	{
+		/* Derive the device ID from a private key bound to a smartcard or TPM */
+		device_handle = lib->settings->get_str(lib->settings,
+						"%s.plugins.imc-os.device_handle", NULL, lib->ns);
+		if (device_handle)
+		{
+			chunk = chunk_from_hex(
+					chunk_create(device_handle, strlen(device_handle)), NULL);
+			privkey = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+										 BUILD_PKCS11_KEYID, chunk, BUILD_END);
+			free(chunk.ptr);
+
+			if (privkey)
+			{
+				if (privkey->get_fingerprint(privkey, KEYID_PUBKEY_INFO_SHA1,
+											 &keyid))
+				{
+					value = chunk_to_hex(keyid, NULL, FALSE);
+				}
+				privkey->destroy(privkey);
+
+			}
+		}
+	}
+
 	if (value.len == 0)
 	{
 		/* Derive the device ID from a raw public key */
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
deleted file mode 100644
index f10740d60..000000000
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-1.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
-  name="strongSwan"
-  tagId="strongSwan-5-6-1"
-  version="5.6.1" versionScheme="alphanumeric"
-  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-  <Entity
-    name="strongSwan Project"
-    regid="strongswan.org"
-    role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
new file mode 100644
index 000000000..bb4d300a9
--- /dev/null
+++ b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-2.swidtag
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<SoftwareIdentity
+  name="strongSwan"
+  tagId="strongSwan-5-6-2"
+  version="5.6.2" versionScheme="alphanumeric"
+  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
+  <Entity
+    name="strongSwan Project"
+    regid="strongswan.org"
+    role="softwareCreator licensor tagCreator"/>
+</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
deleted file mode 100644
index f10740d60..000000000
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-1.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
-  name="strongSwan"
-  tagId="strongSwan-5-6-1"
-  version="5.6.1" versionScheme="alphanumeric"
-  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
-  <Entity
-    name="strongSwan Project"
-    regid="strongswan.org"
-    role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
new file mode 100644
index 000000000..bb4d300a9
--- /dev/null
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-2.swidtag
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<SoftwareIdentity
+  name="strongSwan"
+  tagId="strongSwan-5-6-2"
+  version="5.6.2" versionScheme="alphanumeric"
+  xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
+  <Entity
+    name="strongSwan Project"
+    regid="strongswan.org"
+    role="softwareCreator licensor tagCreator"/>
+</SoftwareIdentity>
-- 
cgit v1.2.3