Compare commits
	
		
			5 Commits
		
	
	
		
			snyk-fix-6
			...
			feature_se
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | b6e761fffc | ||
|  | 6eecea264e | ||
|  | 13975eaf2d | ||
|  | d9e94bdcb6 | ||
|  | cef96ee36a | 
							
								
								
									
										3
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.github/workflows/ci.yml
									
									
									
									
										vendored
									
									
								
							| @@ -41,7 +41,8 @@ jobs: | ||||
|       run: cd build && cmake --build . --config Release | ||||
|     - name: Build RPC (Debug) | ||||
|       run: cd build && cmake --build . --config Debug | ||||
|          | ||||
|  | ||||
|  | ||||
|   build-linux: | ||||
|     runs-on: ${{ matrix.os }} | ||||
|     strategy: | ||||
|   | ||||
							
								
								
									
										29
									
								
								.github/workflows/docker-ci.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										29
									
								
								.github/workflows/docker-ci.yml
									
									
									
									
										vendored
									
									
								
							| @@ -1,29 +0,0 @@ | ||||
| #********************************************************************* | ||||
| # Copyright (c) Intel Corporation 2020 | ||||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| #*********************************************************************/ | ||||
|  | ||||
| name: Docker Image CI | ||||
|  | ||||
| on: | ||||
|   push: | ||||
|       branches: [ master ] | ||||
| jobs: | ||||
|   build: | ||||
|     runs-on: ubuntu-latest | ||||
|  | ||||
|     steps: | ||||
|       - uses: actions/checkout@v2 | ||||
|       - name: Build the Docker image | ||||
|         run: docker build -f "Dockerfile" --tag vprodemo.azurecr.io/rpc:${{ github.sha }} --tag vprodemo.azurecr.io/rpc:latest . | ||||
|       - name: Docker Login | ||||
|         uses: docker/login-action@v1.6.0 | ||||
|         with: | ||||
|           registry: vprodemo.azurecr.io | ||||
|           username: ${{ secrets.DOCKER_USERNAME }} | ||||
|           password: ${{ secrets.DOCKER_PASSWORD }} | ||||
|           logout: true | ||||
|       - name: Push the Docker image to the registry | ||||
|         run: docker push vprodemo.azurecr.io/rpc:${{ github.sha }} | ||||
|       - name: Push the Docker image to the registry | ||||
|         run: docker push vprodemo.azurecr.io/rpc:latest | ||||
							
								
								
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										17
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -1,20 +1,3 @@ | ||||
| <a name="v1.2.0"></a> | ||||
| ## v1.2.0 | ||||
|  | ||||
| ### Ci | ||||
| - breakout docker build for merge only | ||||
|  | ||||
| ### Feat | ||||
| - update RPC version to 1.2.0. | ||||
| - BREAKING CHANGE: add heartbeat capability, bump RPC Protocol version to 4.0.0 | ||||
| - add unit test framework | ||||
| - add hostname to activation info | ||||
| - **docker:** add dockerfile support for RPC | ||||
|  | ||||
| ### Fix | ||||
| - use message status instead, cleanup message fields. | ||||
|  | ||||
|  | ||||
| <a name="v1.1.0"></a> | ||||
| ## [v1.1.0] - 2021-02-09 | ||||
|  | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| cmake_minimum_required (VERSION 3.1) | ||||
|  | ||||
| project (rpc VERSION 1.2.0) | ||||
| project (rpc VERSION 1.1.0) | ||||
|  | ||||
| set (CMAKE_CXX_STANDARD 11) | ||||
|  | ||||
| @@ -98,8 +98,8 @@ add_executable (rpc | ||||
|   commands.cpp | ||||
|   activation.h | ||||
|   activation.cpp | ||||
|   heartbeat.h | ||||
|   heartbeat.cpp | ||||
|   shbc.h | ||||
|   shbc.cpp | ||||
|   lms.h | ||||
|   lms.cpp | ||||
|   main.cpp | ||||
|   | ||||
							
								
								
									
										37
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										37
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -1,37 +0,0 @@ | ||||
| #********************************************************************* | ||||
| # Copyright (c) Intel Corporation 2021 | ||||
| # SPDX-License-Identifier: Apache-2.0 | ||||
| #*********************************************************************/ | ||||
|  | ||||
| FROM ubuntu:20.10 AS rpc-builder | ||||
|  | ||||
| WORKDIR / | ||||
| ARG DEBIAN_FRONTEND=noninteractive | ||||
| RUN \ | ||||
|   apt-get update -y -qq && \ | ||||
|   apt install -y -qq \ | ||||
|     git cmake build-essential libssl-dev zlib1g-dev \ | ||||
|     curl unzip zip pkg-config | ||||
| RUN git clone https://github.com/open-amt-cloud-toolkit/rpc.git | ||||
| WORKDIR /rpc | ||||
| RUN mkdir -p build | ||||
| RUN git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git | ||||
| RUN cd vcpkg && ./bootstrap-vcpkg.sh | ||||
| RUN ./vcpkg/vcpkg install cpprestsdk[websockets] | ||||
|  | ||||
| WORKDIR /rpc/build | ||||
| RUN cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_TOOLCHAIN_FILE=/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake .. | ||||
| RUN cmake --build . | ||||
|  | ||||
| FROM ubuntu:20.10  | ||||
|  | ||||
| LABEL license='SPDX-License-Identifier: Apache-2.0' \ | ||||
|       copyright='Copyright (c) 2021: Intel' | ||||
|  | ||||
| WORKDIR /root | ||||
| RUN \ | ||||
|   apt-get update -y -qq && \ | ||||
|   apt install -y -qq \ | ||||
|     libssl-dev | ||||
| COPY --from=rpc-builder /rpc/build/rpc . | ||||
| ENTRYPOINT ["/root/rpc"] | ||||
							
								
								
									
										172
									
								
								Jenkinsfile
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										172
									
								
								Jenkinsfile
									
									
									
									
										vendored
									
									
								
							| @@ -1,172 +0,0 @@ | ||||
| pipeline { | ||||
|     agent none | ||||
|     triggers {cron '@daily'} | ||||
|     options { | ||||
|         buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30')) | ||||
|         timestamps() | ||||
|         timeout(unit: 'HOURS', time: 2) | ||||
|     } | ||||
|      | ||||
|     stages { | ||||
|         stage ('Parallel') { | ||||
|             parallel { | ||||
|                 stage ('Linux') { | ||||
|                     agent { label 'docker-amt' } | ||||
|                     stages { | ||||
|                         stage ('Cloning Repository') { | ||||
|                             steps { | ||||
|                                 script { | ||||
|                                     scmCheckout { | ||||
|                                         clean = true | ||||
|                                     } | ||||
|                                 } | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|                 stage ('Windows') { | ||||
|                     agent { label 'openamt-win' } | ||||
|                     stages { | ||||
|                         stage ('Cloning Repository') { | ||||
|                             steps { | ||||
|                                 script { | ||||
|                                     scmCheckout { | ||||
|                                         clean = true | ||||
|                                     } | ||||
|                                 } | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|         stage ('Static Code Scan - Protex') { | ||||
|             agent { label 'docker-amt' } | ||||
|             steps { | ||||
|                 script { | ||||
|                     staticCodeScan { | ||||
|                         // generic | ||||
|                         scanners             = ['protex'] | ||||
|                         scannerType          = ['c','c++'] | ||||
|  | ||||
|                         protexProjectName    = 'OpenAMT - RPC' | ||||
|                         // internal, do not change | ||||
|                         protexBuildName      = 'rrs-generic-protex-build' | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|  | ||||
|         stage ('Parallel Builds') { | ||||
|             parallel { | ||||
|                 stage ('Linux') { | ||||
|                     agent { label 'docker-amt' } | ||||
|                     stages { | ||||
|                         stage('Build') { | ||||
|                             agent { | ||||
|                                 docker { | ||||
|                                     image 'ubuntu:18.04' | ||||
|                                     reuseNode true | ||||
|                                 } | ||||
|                             } | ||||
|                             steps { | ||||
|                                 sh './scripts/jenkins-pre-build.sh' | ||||
|                                 sh './scripts/jenkins-build.sh' | ||||
|                             } | ||||
|                         } | ||||
|                         stage ('Archive') { | ||||
|                             steps { | ||||
|                                 archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true | ||||
|                             } | ||||
|                         } | ||||
|                          | ||||
|                     } | ||||
|                 } | ||||
|                 stage ('Windows') { | ||||
|                     agent { label 'openamt-win' } | ||||
|                     stages{ | ||||
|                         stage ('Build') { | ||||
|                             steps { | ||||
|                                 bat 'scripts\\jenkins-pre-build.cmd' | ||||
|                                 bat 'scripts\\jenkins-build.cmd' | ||||
|                                 // prepare stash for the binary scan | ||||
|                                 stash includes: "**/*.exe", name: 'rpc-app' | ||||
|                             } | ||||
|                         } | ||||
|                         stage ('Archive') { | ||||
|                             steps { | ||||
|                                 archiveArtifacts allowEmptyArchive: true, artifacts: 'build\\Release\\rpc.exe', caseSensitive: false, onlyIfSuccessful: true | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|         stage ('Parallel Scans') { | ||||
|             parallel { | ||||
|                 stage ('Static Code Scan Linux') { | ||||
|                     agent { label 'docker-amt' } | ||||
|                     steps { | ||||
|                         script { | ||||
|                             staticCodeScan { | ||||
|                                 // generic | ||||
|                                 scanners             = ['bdba','klocwork'] | ||||
|                                 scannerType          = 'c++' | ||||
|  | ||||
|                                 protecodeGroup          = '25' | ||||
|                                 protecodeScanName       = 'rpc-zip' | ||||
|                                 protecodeDirectory      = './build/rpc' | ||||
|                                  | ||||
|                                 klockworkPreBuildScript = './scripts/jenkins-pre-build.sh' | ||||
|                                 klockworkBuildCommand = './scripts/jenkins-build.sh' | ||||
|                                 klockworkProjectName  = 'Panther Point Creek' | ||||
|                                 klockworkIgnoreCompileErrors = true | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|                 stage ('Static Code Scan Windows') { | ||||
|                     stages { | ||||
|                         stage ('Static Code Scan Windows - Klockwork') { | ||||
|                             agent { label 'openamt-win' } | ||||
|                             steps { | ||||
|                                 script { | ||||
|                                     staticCodeScan { | ||||
|                                         // generic | ||||
|                                         scanners             = ['klocwork'] | ||||
|                                         scannerType          = 'c++' | ||||
|                                          | ||||
|                                         klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd' | ||||
|                                         klockworkBuildCommand = 'scripts\\jenkins-build.cmd' | ||||
|                                         klockworkProjectName  = 'Panther Point Creek' | ||||
|                                         klockworkIgnoreCompileErrors = true | ||||
|                                     } | ||||
|                                 } | ||||
|                             } | ||||
|                         } | ||||
|                         stage ('Static Code Scan Windows - BDBA') { | ||||
|                             agent { label 'docker-amt' } | ||||
|                             steps { | ||||
|                                 script { | ||||
|                                     sh "mkdir -p bdbaScanDir" | ||||
|                                     dir("bdbaScanDir") { | ||||
|                                         unstash 'rpc-app' | ||||
|                                     } | ||||
|                                     staticCodeScan { | ||||
|                                         // generic | ||||
|                                         scanners             = ['bdba'] | ||||
|                                         scannerType          = 'c++' | ||||
|                                          | ||||
|                                         protecodeGroup          = '25' | ||||
|                                         protecodeScanName       = 'rpc-zip' | ||||
|                                         protecodeDirectory      = 'bdbaScanDir' | ||||
|                                     } | ||||
|                                 } | ||||
|                             } | ||||
|                         } | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } | ||||
| } | ||||
| @@ -171,6 +171,10 @@ const PTHI_MESSAGE_HEADER GET_UUID_REQUEST_HEADER = { | ||||
| 	{AMT_MAJOR_VERSION, AMT_MINOR_VERSION}, 0, {{GET_UUID_REQUEST}}, 0 | ||||
| }; | ||||
|  | ||||
| const PTHI_MESSAGE_HEADER GET_START_CONFIG_HBASED_REQUEST_HEADER = { | ||||
| 	{AMT_MAJOR_VERSION, AMT_MINOR_VERSION}, 0, {{GET_START_CONFIG_HBASED_REQUEST}}, 396 | ||||
| }; | ||||
|  | ||||
| AMT_STATUS _call(const unsigned char *command, UINT32 command_size, UINT8 **readBuffer, UINT32 rcmd, unsigned int expSize) | ||||
| { | ||||
| 	UINT32 inBuffSize; | ||||
| @@ -1502,4 +1506,43 @@ AMT_STATUS pthi_GetUUID(AMT_UUID *uuid) | ||||
| 	return status; | ||||
| } | ||||
|  | ||||
| /* | ||||
|  * Start Configuration Host Based  | ||||
|  * Arguments: | ||||
|  *	request - host based configuration input parameters provided by the caller | ||||
|  *	response - host based configuration output parameters returned to the caller | ||||
|  * Return values: (A status code returned in a response message that indicates whether the operation specified in the corresponding request message succeeded or failed. If the operation failed, this code indicates the specific reason for failure. Possible values described below.) | ||||
|  *	AMT_STATUS_SUCCESS - Request succeeded. | ||||
|  *  AMT_STATUS_INTERNAL_ERROR - An internal error to the AMT device has occurred. This may indicate an interface error, or a AMT application error. | ||||
|  *  AMT_STATUS_INVALID_MESSAGE_LENGTH - Length field of header is invalid. | ||||
|  *  | ||||
|  */ | ||||
| AMT_STATUS pthi_StartConfigHBased(CFG_START_CONFIG_HBASED_REQUEST_INFO *request, CFG_START_CONFIG_HBASED_RESPONSE_INFO *response) | ||||
| { | ||||
| 	UINT8* readBuffer = NULL; | ||||
| 	UINT32 command_size = sizeof(CFG_START_CONFIG_HBASED_REQUEST); | ||||
| 	unsigned char command[sizeof(CFG_START_CONFIG_HBASED_REQUEST)]; | ||||
| 	AMT_STATUS status; | ||||
| 	CFG_START_CONFIG_HBASED_RESPONSE* tmp_response; | ||||
|  | ||||
| 	memset(command, 0, sizeof(CFG_START_CONFIG_HBASED_REQUEST)); | ||||
| 	memcpy_s(command, sizeof(command), (char*)&(GET_START_CONFIG_HBASED_REQUEST_HEADER), sizeof(GET_START_CONFIG_HBASED_REQUEST_HEADER)); | ||||
|  | ||||
| 	((CFG_START_CONFIG_HBASED_REQUEST*)command)->Info.ServerHashAlgorithm = request->ServerHashAlgorithm; | ||||
| 	((CFG_START_CONFIG_HBASED_REQUEST*)command)->Info.HostVPNEnable = request->HostVPNEnable; | ||||
| 	((CFG_START_CONFIG_HBASED_REQUEST*)command)->Info.SuffixListLen = request->SuffixListLen; | ||||
| 	memcpy_s(((CFG_START_CONFIG_HBASED_REQUEST*)command)->Info.ServerCertHash, 64, request->ServerCertHash, 64); | ||||
| 	memcpy_s(((CFG_START_CONFIG_HBASED_REQUEST*)command)->Info.NetworkDnsSuffixList, 320, request->NetworkDnsSuffixList, 320); | ||||
|  | ||||
| 	status = _call(command, command_size, &readBuffer, GET_START_CONFIG_HBASED_RESPONSE, sizeof(CFG_START_CONFIG_HBASED_RESPONSE)); | ||||
|  | ||||
| 	if (status == AMT_STATUS_SUCCESS) | ||||
| 	{ | ||||
| 		tmp_response = (CFG_START_CONFIG_HBASED_RESPONSE*)readBuffer; | ||||
| 		memcpy_s(response, sizeof(CFG_START_CONFIG_HBASED_RESPONSE_INFO), &(tmp_response->Info), sizeof(CFG_START_CONFIG_HBASED_RESPONSE_INFO)); | ||||
| 	} | ||||
| 	if (readBuffer != NULL) free(readBuffer); | ||||
| 	return status; | ||||
| } | ||||
|  | ||||
| #endif | ||||
|   | ||||
| @@ -664,6 +664,38 @@ typedef struct _CFG_GET_UUID_RESPONSE | ||||
| 	AMT_UUID 					 UUID; | ||||
| } CFG_GET_UUID_RESPONSE; | ||||
|  | ||||
| typedef struct _CFG_START_CONFIG_HBASED_REQUEST_INFO | ||||
| { | ||||
| 	CERT_HASH_ALGORITHM ServerHashAlgorithm; | ||||
| 	UINT8               ServerCertHash[CERT_HASH_MAX_LENGTH]; | ||||
| 	AMT_BOOLEAN         HostVPNEnable; | ||||
| 	UINT32              SuffixListLen; | ||||
| 	CHAR                NetworkDnsSuffixList[320]; | ||||
| 	 | ||||
| } CFG_START_CONFIG_HBASED_REQUEST_INFO; | ||||
|  | ||||
| typedef struct _CFG_START_CONFIG_HBASED_REQUEST | ||||
| { | ||||
| 	PTHI_MESSAGE_HEADER Header; | ||||
| 	CFG_START_CONFIG_HBASED_REQUEST_INFO Info; | ||||
|  | ||||
| } CFG_START_CONFIG_HBASED_REQUEST; | ||||
|  | ||||
| typedef struct _CFG_START_CONFIG_HBASED_RESPONSE_INFO | ||||
| { | ||||
| 	PTHI_RESPONSE_MESSAGE_HEADER Header; | ||||
| 	AMT_STATUS			Status; | ||||
| 	CERT_HASH_ALGORITHM HashAlgorithm; | ||||
| 	UINT8 AMTCertHash[CERT_HASH_MAX_LENGTH]; | ||||
| } CFG_START_CONFIG_HBASED_RESPONSE_INFO; | ||||
|  | ||||
|  | ||||
| typedef struct _CFG_START_CONFIG_HBASED_RESPONSE | ||||
| { | ||||
| 	PTHI_RESPONSE_MESSAGE_HEADER Header; | ||||
| 	CFG_START_CONFIG_HBASED_RESPONSE_INFO Info; | ||||
| } CFG_START_CONFIG_HBASED_RESPONSE; | ||||
|  | ||||
| #pragma pack() | ||||
|  | ||||
|  | ||||
| @@ -701,6 +733,7 @@ AMT_STATUS pthi_Unprovision(CFG_PROVISIONING_MODE provisionMode); | ||||
| AMT_STATUS pthi_GetStateEHBC(AMT_EHBC_STATE *state); | ||||
| AMT_STATUS pthi_GetControlMode(int *state); | ||||
| AMT_STATUS pthi_GetUUID(AMT_UUID *uuid); | ||||
| AMT_STATUS pthi_StartConfigHBased(CFG_START_CONFIG_HBASED_REQUEST_INFO* request, CFG_START_CONFIG_HBASED_RESPONSE_INFO* response); | ||||
|  | ||||
| #define PROVISIONING_MODE_REQUEST 0x04000008 | ||||
| #define PROVISIONING_MODE_RESPONSE 0x04800008 | ||||
| @@ -831,6 +864,9 @@ const PTHI_MESSAGE_HEADER GET_CONTROL_MODE_HEADER; | ||||
| #define GET_UUID_REQUEST 0x400005c | ||||
| #define GET_UUID_RESPONSE 0x480005c | ||||
|  | ||||
| #define GET_START_CONFIG_HBASED_REQUEST 0x400008b | ||||
| #define GET_START_CONFIG_HBASED_RESPONSE 0x480008b | ||||
|  | ||||
| #endif | ||||
|  | ||||
| #endif | ||||
|   | ||||
| @@ -8,7 +8,7 @@ | ||||
|  | ||||
| #include <string> | ||||
|  | ||||
| #define PROTOCOL_VERSION "4.0.0" | ||||
| #define PROTOCOL_VERSION "3.0.0" | ||||
|  | ||||
| #ifdef _WIN32 | ||||
| #define convertstring   to_utf16string | ||||
|   | ||||
							
								
								
									
										76
									
								
								commands.cpp
									
									
									
									
									
								
							
							
						
						
									
										76
									
								
								commands.cpp
									
									
									
									
									
								
							| @@ -32,6 +32,9 @@ bool cmd_is_admin() | ||||
|  | ||||
| bool cmd_get_version(std::string& version) | ||||
| { | ||||
|     version = "14.0.0";                                     // FIXME: REMOVE WHEN HW AVAILABLE | ||||
|     return true;                                            // FIXME: REMOVE WHEN HW AVAILABLE | ||||
|  | ||||
|     version.clear(); | ||||
|  | ||||
|     // initialize HECI interface | ||||
| @@ -410,3 +413,76 @@ bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settin | ||||
|  | ||||
|     return false; | ||||
| } | ||||
|  | ||||
| bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert) | ||||
| { | ||||
|     amt_cert.algorithm = "MD5";                              // FIXME: REMOVE WHEN HW AVAILABLE | ||||
|     amt_cert.hash = "000102030405060708090a0b0c0d0e0f";      // FIXME: REMOVE WHEN HW AVAILABLE | ||||
|     return true;                                             // FIXME: REMOVE WHEN HW AVAILABLE | ||||
|  | ||||
|     // initialize HECI interface | ||||
|     if (heci_Init(NULL, PTHI_CLIENT) == 0) return false; | ||||
|  | ||||
|     CFG_START_CONFIG_HBASED_REQUEST_INFO request; | ||||
|     CFG_START_CONFIG_HBASED_RESPONSE_INFO response; | ||||
|  | ||||
|     memset(&request, 0, sizeof(CFG_START_CONFIG_HBASED_REQUEST_INFO)); | ||||
|     memset(&response, 0, sizeof(CFG_START_CONFIG_HBASED_RESPONSE_INFO)); | ||||
|  | ||||
|     if (server_cert.algorithm == "MD5")  | ||||
|     { | ||||
|         request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_MD5; | ||||
|     } | ||||
|     else if (server_cert.algorithm == "SHA1") | ||||
|     { | ||||
|         request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA1; | ||||
|     } | ||||
|     else if (server_cert.algorithm == "SHA256") | ||||
|     { | ||||
|         request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA256; | ||||
|     } | ||||
|     else if (server_cert.algorithm == "SHA512") | ||||
|     { | ||||
|         request.ServerHashAlgorithm = CERT_HASH_ALGORITHM_SHA512; | ||||
|     } | ||||
|     else | ||||
|     { | ||||
|         return false; | ||||
|     } | ||||
|  | ||||
|     std::vector<char> cert_bytes; | ||||
|     util_hex_string_to_bytes(server_cert.hash, cert_bytes); | ||||
|     std::copy(std::begin(cert_bytes), std::end(cert_bytes), request.ServerCertHash); | ||||
|  | ||||
|     // start secure host based configuration | ||||
|     AMT_STATUS amt_status = pthi_StartConfigHBased(&request, &response); | ||||
|  | ||||
|     if (amt_status == 0) | ||||
|     { | ||||
|         switch (response.HashAlgorithm) | ||||
|         { | ||||
|         case CERT_HASH_ALGORITHM_MD5: | ||||
|             amt_cert.algorithm = "MD5"; | ||||
|             break; | ||||
|         case CERT_HASH_ALGORITHM_SHA1: | ||||
|             amt_cert.algorithm = "SHA1"; | ||||
|             break; | ||||
|         case CERT_HASH_ALGORITHM_SHA256: | ||||
|             amt_cert.algorithm = "SHA256"; | ||||
|             break; | ||||
|         case CERT_HASH_ALGORITHM_SHA512: | ||||
|             amt_cert.algorithm = "SHA512"; | ||||
|             break; | ||||
|         default: | ||||
|             break; | ||||
|         } | ||||
|  | ||||
|         std::vector<char> hash; | ||||
|         std::copy(std::begin(response.AMTCertHash), std::end(response.AMTCertHash), std::begin(hash)); | ||||
|         util_bytes_to_hex_string(hash, amt_cert.hash); | ||||
|  | ||||
|         return true; | ||||
|     } | ||||
|  | ||||
|     return false; | ||||
| } | ||||
|   | ||||
| @@ -37,6 +37,12 @@ struct fqdn_settings | ||||
|     std::string fqdn; | ||||
| }; | ||||
|  | ||||
| struct config_host_based_settings | ||||
| { | ||||
|     std::string hash; | ||||
|     std::string algorithm; | ||||
| }; | ||||
|  | ||||
| bool cmd_is_admin(); | ||||
| bool cmd_get_version(std::string& version); | ||||
| bool cmd_get_build_number(std::string& version); | ||||
| @@ -50,5 +56,6 @@ bool cmd_get_wired_mac_address(std::vector<unsigned char>& address); | ||||
| bool cmd_get_certificate_hashes(std::vector<cert_hash_entry>& hash_entries); | ||||
| bool cmd_get_remote_access_connection_status(int& network_status, int& remote_status, int& remote_trigger, std::string& mps_hostname); | ||||
| bool cmd_get_lan_interface_settings(lan_interface_settings& lan_interface_settings); | ||||
| bool cmd_start_config_host_based(config_host_based_settings& server_cert, config_host_based_settings& amt_cert); | ||||
|  | ||||
| #endif | ||||
							
								
								
									
										13
									
								
								lms.cpp
									
									
									
									
									
								
							
							
						
						
									
										13
									
								
								lms.cpp
									
									
									
									
									
								
							| @@ -15,13 +15,22 @@ | ||||
| #include <netdb.h> | ||||
| #endif | ||||
|  | ||||
| SOCKET lms_connect() | ||||
| SOCKET lms_connect(bool securePort) | ||||
| { | ||||
|     std::string lmsAddress = "localhost"; | ||||
|     std::string lmsPort = "16992"; | ||||
|     std::string lmsPort; | ||||
|     SOCKET s = INVALID_SOCKET; | ||||
|     struct addrinfo *addr, hints; | ||||
|  | ||||
|     if (securePort) | ||||
|     { | ||||
|         lmsPort = "16993"; | ||||
|     } | ||||
|     else | ||||
|     { | ||||
|         lmsPort = "16992"; | ||||
|     } | ||||
|  | ||||
| #ifdef _WIN32 | ||||
|     WSADATA wsa; | ||||
|     if (WSAStartup(MAKEWORD(2, 2), &wsa) != 0) | ||||
|   | ||||
							
								
								
									
										2
									
								
								lms.h
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								lms.h
									
									
									
									
									
								
							| @@ -28,6 +28,6 @@ static inline int closesocket(int fd) | ||||
| #define SD_BOTH SHUT_RDWR | ||||
| #endif | ||||
|  | ||||
| SOCKET lms_connect(); | ||||
| SOCKET lms_connect(bool securePort = false); | ||||
|  | ||||
| #endif | ||||
							
								
								
									
										61
									
								
								main.cpp
									
									
									
									
									
								
							
							
						
						
									
										61
									
								
								main.cpp
									
									
									
									
									
								
							| @@ -11,7 +11,7 @@ | ||||
| #include "lms.h" | ||||
| #include "commands.h" | ||||
| #include "activation.h" | ||||
| #include "heartbeat.h" | ||||
| #include "shbc.h" | ||||
| #include "utils.h" | ||||
| #include "usage.h" | ||||
| #include "args.h" | ||||
| @@ -62,6 +62,7 @@ int main(int argc, char* argv[]) | ||||
|     std::string arg_info; | ||||
|     bool arg_verbose = false; | ||||
|     bool arg_nocertcheck = false; | ||||
|     bool secureHostBasedConfig = false; | ||||
|  | ||||
|     if (argc == 1) | ||||
|     { | ||||
| @@ -185,7 +186,7 @@ int main(int argc, char* argv[]) | ||||
|     memset(&lms_socket, 0, sizeof(SOCKET)); | ||||
|  | ||||
|     // set receive handler | ||||
|     client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose](web::websockets::client::websocket_incoming_message ret_msg) | ||||
|     client.set_message_handler([&client, &mx, &cv, &lms_socket, arg_verbose, &secureHostBasedConfig](web::websockets::client::websocket_incoming_message ret_msg) | ||||
|     { | ||||
|         // kick the timer | ||||
|         std::chrono::time_point<std::chrono::system_clock> now = std::chrono::system_clock::now(); | ||||
| @@ -247,20 +248,56 @@ int main(int argc, char* argv[]) | ||||
|                 return; | ||||
|             } | ||||
|  | ||||
|             if (msgMethod.compare("heartbeat_request") == 0) | ||||
|             if (msgMethod.compare("secure_config_request") == 0) | ||||
|             { | ||||
|                 // create the response | ||||
|                 std::string response; | ||||
|                 if (!heartbeat_create_response(response)) return; | ||||
|                 std::string certAlgo; | ||||
|                 std::string certHash; | ||||
|  | ||||
|                 // send it | ||||
|                 web::websockets::client::websocket_outgoing_message send_websocket_msg; | ||||
|                 std::string send_websocket_buffer(response); | ||||
|                 send_websocket_msg.set_utf8_message(send_websocket_buffer); | ||||
|                 client.send(send_websocket_msg).wait(); | ||||
|                 // get server configuration | ||||
|                 try | ||||
|                 { | ||||
|                     tmp = parsed[U("payload")].as_string(); | ||||
|                     web::json::value parsed_cert_info = web::json::value::parse(tmp); | ||||
|  | ||||
|                     out = parsed_cert_info[U("algorithm")].as_string(); | ||||
|                     certAlgo = utility::conversions::to_utf8string(out); | ||||
|  | ||||
|                     out = parsed_cert_info[U("hash")].as_string(); | ||||
|                     certHash = utility::conversions::to_utf8string(out); | ||||
|                 } | ||||
|                 catch (...) | ||||
|                 { | ||||
|                     std::cerr << std::endl << "JSON format error. Unable to parse message." << std::endl; | ||||
|                     return; | ||||
|                 } | ||||
|                  | ||||
|                 // send secure config request | ||||
|                 config_host_based_settings server_cert; | ||||
|                 config_host_based_settings amt_cert; | ||||
|                 server_cert.algorithm = certAlgo; | ||||
|                 server_cert.hash = certHash; | ||||
|                 if (cmd_start_config_host_based(server_cert, amt_cert)) | ||||
|                 { | ||||
|                     // create the response | ||||
|                     std::string response; | ||||
|                     if (!shbc_create_response(amt_cert.algorithm, amt_cert.hash, response)) return; | ||||
|  | ||||
|                     // send it | ||||
|                     web::websockets::client::websocket_outgoing_message send_websocket_msg; | ||||
|                     std::string send_websocket_buffer(response); | ||||
|                     send_websocket_msg.set_utf8_message(send_websocket_buffer); | ||||
|                     client.send(send_websocket_msg).wait(); | ||||
|  | ||||
|                     // use secure host post for LMS going forward | ||||
|                     secureHostBasedConfig = true; | ||||
|  | ||||
|                     return; | ||||
|  | ||||
|                 } | ||||
|  | ||||
|                 return; | ||||
|             } | ||||
|              | ||||
|  | ||||
|             // process any messages we can | ||||
|             //   - if success, done | ||||
| @@ -312,7 +349,7 @@ int main(int argc, char* argv[]) | ||||
|             try | ||||
|             { | ||||
|                 // conntect to lms | ||||
|                 lms_socket = lms_connect(); | ||||
|                 lms_socket = lms_connect(secureHostBasedConfig); | ||||
|             } | ||||
|             catch (...) | ||||
|             { | ||||
|   | ||||
| @@ -14,7 +14,7 @@ set BASE_DIR=%cd% | ||||
| set VCPKG_DIR=C:\opt\vcpkg-source | ||||
|  | ||||
| REM build RPC | ||||
|  | ||||
| cd %BASE_DIR%/rpc | ||||
|  | ||||
| if exist "build" rd /q /s "build" | ||||
|  | ||||
| @@ -23,4 +23,4 @@ cd build | ||||
| echo %VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake | ||||
| cmake -DVCPKG_TARGET_TRIPLET=x64-windows-static -DCMAKE_TOOLCHAIN_FILE=%VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake .. | ||||
| cmake --build . --config Release | ||||
| dir %BASE_DIR%\build | ||||
| dir %BASE_DIR%\rpc\build | ||||
|   | ||||
| @@ -5,9 +5,9 @@ set -x | ||||
| # Jenkins Build script | ||||
| #   - Ubuntu 18.04 | ||||
| # | ||||
| export BASE_DIR="$PWD" | ||||
| export CMAKE_CXX_FLAGS="-isystem /usr/lib/gcc/x86_64-linux-gnu/7/include" | ||||
|  | ||||
| export CMAKE_CXX_FLAGS="-isystem /usr/lib/gcc/x86_64-linux-gnu/7/include" | ||||
| cd "$BASE_DIR"/rpc | ||||
|  | ||||
| if [ -d "build" ]; then | ||||
|   rm -rf build | ||||
| @@ -15,5 +15,5 @@ fi | ||||
|  | ||||
| mkdir build | ||||
| cd build | ||||
| cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release .. | ||||
| cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release .. | ||||
| cmake --build . | ||||
|   | ||||
| @@ -4,15 +4,14 @@ | ||||
| #   - Ubuntu 18.04 | ||||
| # | ||||
|  | ||||
| apt update | ||||
| apt install git cmake build-essential curl zip unzip tar pkg-config -y | ||||
| sudo apt install git cmake build-essential curl zip unzip tar pkg-config | ||||
|  | ||||
| ## current dir - RPC source directory | ||||
| #export BASE_DIR="$PWD" | ||||
| export BASE_DIR="$PWD" | ||||
|  | ||||
| #cd "$BASE_DIR"/rpc | ||||
| cd "$BASE_DIR"/rpc | ||||
| ## build vcpkg | ||||
| git -C vcpkg pull || git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git vcpkg | ||||
| git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git | ||||
| cd vcpkg | ||||
| ./bootstrap-vcpkg.sh | ||||
|  | ||||
|   | ||||
| @@ -3,23 +3,41 @@ | ||||
| * SPDX-License-Identifier: Apache-2.0 | ||||
| **********************************************************************/ | ||||
| 
 | ||||
| #include "heartbeat.h" | ||||
| #include "activation.h" | ||||
| #include <cpprest/ws_client.h> | ||||
| #include <cpprest/json.h> | ||||
| #include <cpprest/streams.h> | ||||
| #include <iostream> | ||||
| #include <string> | ||||
| #include "activation.h" | ||||
| #include "version.h" | ||||
| #include "commands.h" | ||||
| #include "network.h" | ||||
| #include "utils.h" | ||||
| 
 | ||||
| bool heartbeat_create_response(std::string& response) | ||||
| bool get_response_payload(std::string cert_algo, std::string cert_hash, web::json::value& payload) | ||||
| { | ||||
|     web::json::value value; | ||||
|     utility::string_t tmp; | ||||
|     web::json::value configParams; | ||||
| 
 | ||||
|     // get client string
 | ||||
|     tmp = utility::conversions::convertstring(cert_algo); | ||||
|     configParams[U("algorithm")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     // get certificate hashes
 | ||||
|     tmp = utility::conversions::convertstring(cert_hash); | ||||
|     configParams[U("hash")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     payload = configParams; | ||||
| 
 | ||||
|     return true; | ||||
| } | ||||
| 
 | ||||
| bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response) | ||||
| { | ||||
|     web::json::value msg; | ||||
| 
 | ||||
|     utility::string_t tmp = utility::conversions::convertstring("heartbeat_response"); | ||||
|     utility::string_t tmp = utility::conversions::convertstring("secure_config_response"); | ||||
|     msg[U("method")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     tmp = utility::conversions::convertstring(""); | ||||
| @@ -31,15 +49,21 @@ bool heartbeat_create_response(std::string& response) | ||||
|     tmp = utility::conversions::convertstring(PROTOCOL_VERSION); | ||||
|     msg[U("protocolVersion")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     tmp = utility::conversions::convertstring("success"); | ||||
|     tmp = utility::conversions::convertstring(""); | ||||
|     msg[U("status")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     tmp = utility::conversions::convertstring(""); | ||||
|     msg[U("message")] = web::json::value::string(tmp); | ||||
| 
 | ||||
|     // set empty payload
 | ||||
|     tmp = utility::conversions::convertstring(""); | ||||
|     msg[U("payload")] = web::json::value::string(tmp); | ||||
|     // get the activation payload
 | ||||
|     web::json::value responsePayload; | ||||
|     if (!get_response_payload(cert_algo, cert_hash, responsePayload)) return false; | ||||
| 
 | ||||
|     // serialize payload
 | ||||
|     std::string serializedPayload = utility::conversions::to_utf8string(responsePayload.serialize()); | ||||
|     std::string encodedPayload = util_encode_base64(serializedPayload); | ||||
|     utility::string_t payload = utility::conversions::to_string_t(encodedPayload); | ||||
|     msg[U("payload")] = web::json::value::string(payload); | ||||
| 
 | ||||
|     // serialize the entire message
 | ||||
|     response = utility::conversions::to_utf8string(msg.serialize()); | ||||
| @@ -3,11 +3,17 @@ | ||||
| * SPDX-License-Identifier: Apache-2.0 | ||||
| **********************************************************************/ | ||||
| 
 | ||||
| #ifndef __HEARTBEAT_H__ | ||||
| #define __HEARTBEAT_H__ | ||||
| #ifndef __SHBC_H__ | ||||
| #define __SHBC_H__ | ||||
| 
 | ||||
| #include <string> | ||||
| 
 | ||||
| bool heartbeat_create_response(std::string& response); | ||||
| #ifdef _WIN32 | ||||
| #define convertstring   to_utf16string | ||||
| #else | ||||
| #define convertstring   to_utf8string | ||||
| #endif | ||||
| 
 | ||||
| bool shbc_create_response(std::string cert_algo, std::string cert_hash, std::string& response); | ||||
| 
 | ||||
| #endif  | ||||
							
								
								
									
										27
									
								
								utils.cpp
									
									
									
									
									
								
							
							
						
						
									
										27
									
								
								utils.cpp
									
									
									
									
									
								
							| @@ -57,3 +57,30 @@ bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_s | ||||
|     return true; | ||||
| } | ||||
|  | ||||
| bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes) | ||||
| { | ||||
|     hex_bytes.clear(); | ||||
|  | ||||
|     for (int i = 0; i < hex_string.length(); i += 2)  | ||||
|     { | ||||
|         std::string byte_string = hex_string.substr(i, 2); | ||||
|         char value = (char)strtol(byte_string.c_str(), NULL, 16); | ||||
|         hex_bytes.push_back(value); | ||||
|     } | ||||
|      | ||||
|     return true; | ||||
| } | ||||
|  | ||||
| bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string) | ||||
| { | ||||
|     hex_string.clear(); | ||||
|  | ||||
|     for (char hex_char : hex_bytes) | ||||
|     { | ||||
|         char hex[10]; | ||||
|         snprintf(hex, 10, "%02x", hex_char); | ||||
|         hex_string += hex; | ||||
|     } | ||||
|      | ||||
|     return true; | ||||
| } | ||||
							
								
								
									
										2
									
								
								utils.h
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								utils.h
									
									
									
									
									
								
							| @@ -13,5 +13,7 @@ std::string util_encode_base64(std::string str); | ||||
| std::string util_decode_base64(std::string str); | ||||
| bool util_is_printable(std::string str); | ||||
| bool util_format_uuid(std::vector<unsigned char> uuid_bytes, std::string& uuid_string); | ||||
| bool util_hex_string_to_bytes(std::string hex_string, std::vector<char>& hex_bytes); | ||||
| bool util_bytes_to_hex_string(std::vector<char> hex_bytes, std::string& hex_string); | ||||
|  | ||||
| #endif | ||||
		Reference in New Issue
	
	Block a user