From 6eecea264e683d7cbe99cc3df90f1156e386dbb6 Mon Sep 17 00:00:00 2001 From: Mudit Vats Date: Wed, 24 Feb 2021 14:42:48 -0700 Subject: [PATCH] feat: add secure host based config (sbhc) helpers to create response messages, use 16993 instead of 16992 if secure host configuration set. --- CMakeLists.txt | 2 ++ lms.cpp | 13 +++++++-- lms.h | 2 +- main.cpp | 57 +++++++++++++++++++++++++++++++++++++-- shbc.cpp | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++ shbc.h | 19 +++++++++++++ 6 files changed, 160 insertions(+), 5 deletions(-) create mode 100644 shbc.cpp create mode 100644 shbc.h diff --git a/CMakeLists.txt b/CMakeLists.txt index d00ec40..f44c111 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -98,6 +98,8 @@ add_executable (rpc commands.cpp activation.h activation.cpp + shbc.h + shbc.cpp lms.h lms.cpp main.cpp diff --git a/lms.cpp b/lms.cpp index 5599dd3..13044f0 100644 --- a/lms.cpp +++ b/lms.cpp @@ -15,13 +15,22 @@ #include #endif -SOCKET lms_connect() +SOCKET lms_connect(bool securePort) { std::string lmsAddress = "localhost"; - std::string lmsPort = "16992"; + std::string lmsPort; SOCKET s = INVALID_SOCKET; struct addrinfo *addr, hints; + if (securePort) + { + lmsPort = "16993"; + } + else + { + lmsPort = "16992"; + } + #ifdef _WIN32 WSADATA wsa; if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0) diff --git a/lms.h b/lms.h index 9f51f55..ac43f0c 100644 --- a/lms.h +++ b/lms.h @@ -28,6 +28,6 @@ static inline int closesocket(int fd) #define SD_BOTH SHUT_RDWR #endif -SOCKET lms_connect(); +SOCKET lms_connect(bool securePort = false); #endif \ No newline at end of file diff --git a/main.cpp b/main.cpp index d2e227d..484c124 100644 --- a/main.cpp +++ b/main.cpp @@ -11,6 +11,7 @@ #include "lms.h" #include "commands.h" #include "activation.h" +#include "shbc.h" #include "utils.h" #include "usage.h" #include "args.h" @@ -61,6 +62,7 @@ int main(int argc, char* argv[]) std::string arg_info; bool arg_verbose = false; bool arg_nocertcheck = false; + bool secureHostBasedConfig = false; if (argc == 1) { @@ -184,7 +186,7 @@ int main(int argc, char* argv[]) memset(&lms_socket, 0, sizeof(SOCKET)); // set receive handler - client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose](web::websockets::client::websocket_incoming_message ret_msg) + client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose, &secureHostBasedConfig](web::websockets::client::websocket_incoming_message ret_msg) { // kick the timer std::chrono::time_point now = std::chrono::system_clock::now(); @@ -246,6 +248,57 @@ int main(int argc, char* argv[]) return; } + if (msgMethod.compare("request_secure_config") == 0) + { + std::string certAlgo; + std::string certHash; + + // get server configuration + try + { + tmp = parsed[U("payload")].as_string(); + web::json::value parsed_cert_info = web::json::value::parse(tmp); + + out = parsed_cert_info[U("algorithm")].as_string(); + std::string certAlgo = utility::conversions::to_utf8string(out); + + out = parsed_cert_info[U("hash")].as_string(); + std::string certHash = utility::conversions::to_utf8string(out); + } + catch (...) + { + std::cerr << std::endl << "JSON format error. Unable to parse message." << std::endl; + return; + } + + // send secure config request + config_host_based_settings server_cert; + config_host_based_settings amt_cert; + server_cert.algorithm = certAlgo; + server_cert.hash = certHash; + if (cmd_start_config_host_based(server_cert, amt_cert)) + { + // create the response + std::string response; + if (!shbc_create_response(amt_cert.algorithm, amt_cert.hash, response)) return; + + // send it + web::websockets::client::websocket_outgoing_message send_websocket_msg; + std::string send_websocket_buffer(response); + send_websocket_msg.set_utf8_message(send_websocket_buffer); + client.send(send_websocket_msg).wait(); + + // use secure host post for LMS going forward + secureHostBasedConfig = true; + + return; + + } + + return; + } + + // process any messages we can // - if success, done // - if error, get out @@ -296,7 +349,7 @@ int main(int argc, char* argv[]) try { // conntect to lms - lms_socket = lms_connect(); + lms_socket = lms_connect(secureHostBasedConfig); } catch (...) { diff --git a/shbc.cpp b/shbc.cpp new file mode 100644 index 0000000..cffed60 --- /dev/null +++ b/shbc.cpp @@ -0,0 +1,72 @@ +/********************************************************************* +* Copyright (c) Intel Corporation 2019 - 2020 +* SPDX-License-Identifier: Apache-2.0 +**********************************************************************/ + +#include "activation.h" +#include +#include +#include +#include +#include +#include "version.h" +#include "commands.h" +#include "network.h" +#include "utils.h" + +bool get_response_payload(std::string cert_algo, std::string cert_hash, web::json::value& payload) +{ + web::json::value value; + utility::string_t tmp; + web::json::value configParams; + + // get client string + tmp = utility::conversions::convertstring(cert_algo); + configParams[U("algorithm")] = web::json::value::string(tmp); + + // get certificate hashes + tmp = utility::conversions::convertstring(cert_hash); + configParams[U("hash")] = web::json::value::string(tmp); + + payload = configParams; + + return true; +} + +bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response) +{ + web::json::value msg; + + utility::string_t tmp = utility::conversions::convertstring("response_secure_config"); + msg[U("method")] = web::json::value::string(tmp); + + tmp = utility::conversions::convertstring(""); + msg[U("apiKey")] = web::json::value::string(tmp); + + tmp = utility::conversions::convertstring(PROJECT_VER); + msg[U("appVersion")] = web::json::value::string(tmp); + + tmp = utility::conversions::convertstring(PROTOCOL_VERSION); + msg[U("protocolVersion")] = web::json::value::string(tmp); + + tmp = utility::conversions::convertstring(""); + msg[U("status")] = web::json::value::string(tmp); + + tmp = utility::conversions::convertstring(""); + msg[U("message")] = web::json::value::string(tmp); + + // get the activation payload + web::json::value responsePayload; + if (!get_response_payload(cert_algo, cert_hash, responsePayload)) return false; + + // serialize payload + std::string serializedPayload = utility::conversions::to_utf8string(responsePayload.serialize()); + std::string encodedPayload = util_encode_base64(serializedPayload); + utility::string_t payload = utility::conversions::to_string_t(encodedPayload); + msg[U("payload")] = web::json::value::string(payload); + + // serialize the entire message + response = utility::conversions::to_utf8string(msg.serialize()); + + return true; +} \ No newline at end of file diff --git a/shbc.h b/shbc.h new file mode 100644 index 0000000..73d5b99 --- /dev/null +++ b/shbc.h @@ -0,0 +1,19 @@ +/********************************************************************* +* Copyright (c) Intel Corporation 2019 - 2020 +* SPDX-License-Identifier: Apache-2.0 +**********************************************************************/ + +#ifndef __SHBC_H__ +#define __SHBC_H__ + +#include + +#ifdef _WIN32 +#define convertstring to_utf16string +#else +#define convertstring to_utf8string +#endif + +bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response); + +#endif \ No newline at end of file