external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-12 11:01:52 +00:00
Code Issues Releases Wiki Activity

First working Intel AMT ACM activation.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2019-06-19 18:11:00 -07:00
parent 2bc14decd2
commit 1d96f89f9d
3 changed files with 3 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
agents/modules_meshcore/amt-manage.js
View file

@ -531,7 +531,7 @@ function AmtManager(agent, db, isdebug) {
else { acmdata.index++; performAcmActivation(acmdata); } else { acmdata.index++; performAcmActivation(acmdata); }
}); });
} else { } else {
//debug('Calling AdminSetup()'); debug('Calling AdminSetup() ' + JSON.stringify(acmdata));
osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature, osamtstack.IPS_HostBasedSetupService_AdminSetup(2, acmdata.password, acmdata.nonce, 2, acmdata.signature,
function (stack, name, responses, status) { function (stack, name, responses, status) {
debug('AdminSetup Status: ' + status); debug('AdminSetup Status: ' + status);

2
agents/modules_meshcore_min/amt-manage.min.js vendored
View file

File diff suppressed because one or more lines are too long

7
certoperations.js
View file

@ -30,14 +30,12 @@ module.exports.CertificateOperations = function (parent) {
// Sign a Intel AMT ACM activation request // Sign a Intel AMT ACM activation request
obj.signAcmRequest = function (domain, request, user, pass) { obj.signAcmRequest = function (domain, request, user, pass) {
console.log('signAcmRequest', request);
if ((domain == null) || (domain.amtacmactivation == null) || (domain.amtacmactivation.certs == null) || (request == null) || (request.nonce == null) || (request.realm == null) || (request.fqdn == null) || (request.hash == null)) return null; if ((domain == null) || (domain.amtacmactivation == null) || (domain.amtacmactivation.certs == null) || (request == null) || (request.nonce == null) || (request.realm == null) || (request.fqdn == null) || (request.hash == null)) return null;
if (parent.common.validateString(request.nonce, 16, 256) == false) return null; if (parent.common.validateString(request.nonce, 16, 256) == false) return null;
if (parent.common.validateString(request.realm, 16, 256) == false) return null; if (parent.common.validateString(request.realm, 16, 256) == false) return null;
if (parent.common.validateString(request.fqdn, 4, 256) == false) return null; if (parent.common.validateString(request.fqdn, 4, 256) == false) return null;
if (parent.common.validateString(request.hash, 16, 256) == false) return null; if (parent.common.validateString(request.hash, 16, 256) == false) return null;
console.log('a1');
// Look for the signing certificate // Look for the signing certificate
var signkey = null, certChain = null, hashAlgo = null, certIndex = null; var signkey = null, certChain = null, hashAlgo = null, certIndex = null;
for (var i in domain.amtacmactivation.certs) { for (var i in domain.amtacmactivation.certs) {
@ -45,16 +43,13 @@ module.exports.CertificateOperations = function (parent) {
if ((certEntry.sha256 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; } if ((certEntry.sha256 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha256'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
if ((certEntry.sha1 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; } if ((certEntry.sha1 == request.hash) && ((certEntry.cn == '*') || (certEntry.cn == request.fqdn))) { hashAlgo = 'sha1'; signkey = certEntry.key; certChain = certEntry.certs; certIndex = i; break; }
} }
console.log('as', signkey);
if (signkey == null) return null; // Did not find a match. if (signkey == null) return null; // Did not find a match.
console.log('aa');
// If the matching certificate is a root cert, issue a leaf cert that matches the fqdn // If the matching certificate is a root cert, issue a leaf cert that matches the fqdn
if (domain.amtacmactivation.certs[certIndex].cn == '*') return; // TODO: Add support for this mode if (domain.amtacmactivation.certs[certIndex].cn == '*') return; // TODO: Add support for this mode
console.log('ab');
// Setup both nonces, ready to be signed // Setup both nonces, ready to be signed
const mcNonce = Buffer.from(obj.crypto.randomBytes(32), 'binary'); const mcNonce = Buffer.from(obj.crypto.randomBytes(20), 'binary');
const fwNonce = Buffer.from(request.nonce, 'base64'); const fwNonce = Buffer.from(request.nonce, 'base64');
// Sign the request // Sign the request