From d9e94bdcb6a47810a131d1b4f25383267fb14b05 Mon Sep 17 00:00:00 2001
From: Mudit Vats <mudit.vats@intel.com>
Date: Thu, 18 Feb 2021 14:20:26 -0700
Subject: [PATCH] feat: add command to start secure host based config

---
 commands.cpp | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 commands.h   |  7 ++++++
 utils.cpp    | 27 ++++++++++++++++++++
 utils.h      |  2 ++
 4 files changed, 105 insertions(+)

diff --git a/commands.cpp b/commands.cpp
index 1b1f7dc..da7fa9e 100644
--- a/commands.cpp
+++ b/commands.cpp
@@ -410,3 +410,72 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin
 
     return false;
 }
+
+bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert)
+{
+    // initialize HECI interface
+    if (heci_Init(NULL, PTHI_CLIENT) == 0) return false;
+
+    CFG_START_CONFIG_HBASED_REQUEST_INFO request;
+    CFG_START_CONFIG_HBASED_RESPONSE_INFO response;
+
+    memset(&request, 0, sizeof(CFG_START_CONFIG_HBASED_REQUEST_INFO));
+    memset(&response, 0, sizeof(CFG_START_CONFIG_HBASED_RESPONSE_INFO));
+
+    if (server_cert.algorithm == "MD5") 
+    {
+        request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_MD5;
+    }
+    else if (server_cert.algorithm == "SHA1")
+    {
+        request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA1;
+    }
+    else if (server_cert.algorithm == "SHA256")
+    {
+        request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA256;
+    }
+    else if (server_cert.algorithm == "SHA512")
+    {
+        request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA512;
+    }
+    else
+    {
+        return false;
+    }
+
+    std::vector<char> cert_bytes;
+    util_hex_string_to_bytes(server_cert.hash, cert_bytes);
+    std::copy(std::begin(cert_bytes), std::end(cert_bytes), request.ServerCertHash);
+
+    // start secure host based configuration
+    AMT_STATUS amt_status = pthi_StartConfigHBased(&request, &response);
+
+    if (amt_status == 0)
+    {
+        switch (response.HashAlgorithm)
+        {
+        case CERT_HASH_ALGORITHM_MD5:
+            amt_cert.algorithm = "MD5";
+            break;
+        case CERT_HASH_ALGORITHM_SHA1:
+            amt_cert.algorithm = "SHA1";
+            break;
+        case CERT_HASH_ALGORITHM_SHA256:
+            amt_cert.algorithm = "SHA256";
+            break;
+        case CERT_HASH_ALGORITHM_SHA512:
+            amt_cert.algorithm = "SHA512";
+            break;
+        default:
+            break;
+        }
+
+        std::vector<char> hash;
+        std::copy(std::begin(response.AMTCertHash), std::end(response.AMTCertHash), std::begin(hash));
+        util_bytes_to_hex_string(hash, amt_cert.hash);
+
+        return true;
+    }
+
+    return false;
+}
diff --git a/commands.h b/commands.h
index 851ea6b..fc676a9 100644
--- a/commands.h
+++ b/commands.h
@@ -37,6 +37,12 @@ struct fqdn_settings
     std::string fqdn;
 };
 
+struct config_host_based_settings
+{
+    std::string hash;
+    std::string algorithm;
+};
+
 bool cmd_is_admin();
 bool cmd_get_version(std::string& version);
 bool cmd_get_build_number(std::string& version);
@@ -50,5 +56,6 @@ bool cmd_get_wired_mac_address(std::vector<unsigned char>& address);
 bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries);
 bool cmd_get_remote_access_connection_status(int& network_status, int& remote_status, int& remote_trigger, std::string& mps_hostname);
 bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings);
+bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert);
 
 #endif
\ No newline at end of file
diff --git a/utils.cpp b/utils.cpp
index 345b2b5..1e1b0ac 100644
--- a/utils.cpp
+++ b/utils.cpp
@@ -57,3 +57,30 @@ bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_s
     return true;
 }
 
+bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes)
+{
+    hex_bytes.clear();
+
+    for (int i = 0; i < hex_string.length(); i += 2) 
+    {
+        std::string byte_string = hex_string.substr(i, 2);
+        char value = (char)strtol(byte_string.c_str(), NULL, 16);
+        hex_bytes.push_back(value);
+    }
+    
+    return true;
+}
+
+bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string)
+{
+    hex_string.clear();
+
+    for (char hex_char : hex_bytes)
+    {
+        char hex[10];
+        snprintf(hex, 10, "%02x", hex_char);
+        hex_string += hex;
+    }
+    
+    return true;
+}
\ No newline at end of file
diff --git a/utils.h b/utils.h
index 471a947..7923aa6 100644
--- a/utils.h
+++ b/utils.h
@@ -13,5 +13,7 @@ std::string util_encode_base64(std::string str);
 std::string util_decode_base64(std::string str);
 bool util_is_printable(std::string str);
 bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_string);
+bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes);
+bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string);
 
 #endif
\ No newline at end of file