feat: add secure host based config (sbhc) helpers to create response messages, use 16993 instead of 16992 if secure host configuration set.

CMakeLists.txt

@@ -98,6 +98,8 @@ add_executable (rpc
   commands.cpp
   activation.h
   activation.cpp
+  shbc.h
+  shbc.cpp
   lms.h
   lms.cpp
   main.cpp

lms.cpp

@@ -15,13 +15,22 @@
 #include <netdb.h>
 #endif
 
-SOCKET lms_connect()
+SOCKET lms_connect(bool securePort)
 {
     std::string lmsAddress = "localhost";
-    std::string lmsPort = "16992";
+    std::string lmsPort;
     SOCKET s = INVALID_SOCKET;
     struct addrinfo *addr, hints;
 
+    if (securePort)
+    {
+        lmsPort = "16993";
+    }
+    else
+    {
+        lmsPort = "16992";
+    }
+
 #ifdef _WIN32
     WSADATA wsa;
     if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0)

lms.h

@@ -28,6 +28,6 @@ static inline int closesocket(int fd)
 #define SD_BOTH SHUT_RDWR
 #endif
 
-SOCKET lms_connect();
+SOCKET lms_connect(bool securePort = false);
 
 #endif

main.cpp

@@ -11,6 +11,7 @@
 #include "lms.h"
 #include "commands.h"
 #include "activation.h"
+#include "shbc.h"
 #include "utils.h"
 #include "usage.h"
 #include "args.h"
@@ -61,6 +62,7 @@ int main(int argc, char* argv[])
     std::string arg_info;
     bool arg_verbose = false;
     bool arg_nocertcheck = false;
+    bool secureHostBasedConfig = false;
 
     if (argc == 1)
     {
@@ -184,7 +186,7 @@ int main(int argc, char* argv[])
     memset(&lms_socket, 0, sizeof(SOCKET));
 
     // set receive handler
-    client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose](web::websockets::client::websocket_incoming_message ret_msg)
+    client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose, &secureHostBasedConfig](web::websockets::client::websocket_incoming_message ret_msg)
     {
         // kick the timer
         std::chrono::time_point<std::chrono::system_clock> now = std::chrono::system_clock::now();
@@ -246,6 +248,57 @@ int main(int argc, char* argv[])
                 return;
             }
 
+            if (msgMethod.compare("request_secure_config") == 0)
+            {
+                std::string certAlgo;
+                std::string certHash;
+
+                // get server configuration
+                try
+                {
+                    tmp = parsed[U("payload")].as_string();
+                    web::json::value parsed_cert_info = web::json::value::parse(tmp);
+
+                    out = parsed_cert_info[U("algorithm")].as_string();
+                    std::string certAlgo = utility::conversions::to_utf8string(out);
+
+                    out = parsed_cert_info[U("hash")].as_string();
+                    std::string certHash = utility::conversions::to_utf8string(out);
+                }
+                catch (...)
+                {
+                    std::cerr << std::endl << "JSON format error. Unable to parse message." << std::endl;
+                    return;
+                }
+                
+                // send secure config request
+                config_host_based_settings server_cert;
+                config_host_based_settings amt_cert;
+                server_cert.algorithm = certAlgo;
+                server_cert.hash = certHash;
+                if (cmd_start_config_host_based(server_cert, amt_cert))
+                {
+                    // create the response
+                    std::string response;
+                    if (!shbc_create_response(amt_cert.algorithm, amt_cert.hash, response)) return;
+
+                    // send it
+                    web::websockets::client::websocket_outgoing_message send_websocket_msg;
+                    std::string send_websocket_buffer(response);
+                    send_websocket_msg.set_utf8_message(send_websocket_buffer);
+                    client.send(send_websocket_msg).wait();
+
+                    // use secure host post for LMS going forward
+                    secureHostBasedConfig = true;
+
+                    return;
+
+                }
+
+                return;
+            }
+            
+
             // process any messages we can
             //   - if success, done
             //   - if error, get out
@@ -296,7 +349,7 @@ int main(int argc, char* argv[])
             try
             {
                 // conntect to lms
-                lms_socket = lms_connect();
+                lms_socket = lms_connect(secureHostBasedConfig);
             }
             catch (...)
             {

shbc.cpp

@@ -0,0 +1,72 @@
+/*********************************************************************
+* Copyright (c) Intel Corporation 2019 - 2020
+* SPDX-License-Identifier: Apache-2.0
+**********************************************************************/
+
+#include "activation.h"
+#include <cpprest/ws_client.h>
+#include <cpprest/json.h>
+#include <cpprest/streams.h>
+#include <iostream>
+#include <string>
+#include "version.h"
+#include "commands.h"
+#include "network.h"
+#include "utils.h"
+
+bool get_response_payload(std::string cert_algo, std::string cert_hash, web::json::value& payload)
+{
+    web::json::value value;
+    utility::string_t tmp;
+    web::json::value configParams;
+
+    // get client string
+    tmp = utility::conversions::convertstring(cert_algo);
+    configParams[U("algorithm")] = web::json::value::string(tmp);
+
+    // get certificate hashes
+    tmp = utility::conversions::convertstring(cert_hash);
+    configParams[U("hash")] = web::json::value::string(tmp);
+
+    payload = configParams;
+
+    return true;
+}
+
+bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response)
+{
+    web::json::value msg;
+
+    utility::string_t tmp = utility::conversions::convertstring("response_secure_config");
+    msg[U("method")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("");
+    msg[U("apiKey")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring(PROJECT_VER);
+    msg[U("appVersion")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring(PROTOCOL_VERSION);
+    msg[U("protocolVersion")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("");
+    msg[U("status")] = web::json::value::string(tmp);
+
+    tmp = utility::conversions::convertstring("");
+    msg[U("message")] = web::json::value::string(tmp);
+
+    // get the activation payload
+    web::json::value responsePayload;
+    if (!get_response_payload(cert_algo, cert_hash, responsePayload)) return false;
+
+    // serialize payload
+    std::string serializedPayload = utility::conversions::to_utf8string(responsePayload.serialize());
+    std::string encodedPayload = util_encode_base64(serializedPayload);
+    utility::string_t payload = utility::conversions::to_string_t(encodedPayload);
+    msg[U("payload")] = web::json::value::string(payload);
+
+    // serialize the entire message
+    response = utility::conversions::to_utf8string(msg.serialize());
+
+    return true;
+}

shbc.h

@@ -0,0 +1,19 @@
+/*********************************************************************
+* Copyright (c) Intel Corporation 2019 - 2020
+* SPDX-License-Identifier: Apache-2.0
+**********************************************************************/
+
+#ifndef __SHBC_H__
+#define __SHBC_H__
+
+#include <string>
+
+#ifdef _WIN32
+#define convertstring   to_utf16string
+#else
+#define convertstring   to_utf8string
+#endif
+
+bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response);
+
+#endif