From 81e18fac59c5c2f55ec77b5fcc563c957ab490d1 Mon Sep 17 00:00:00 2001 From: Ylian Saint-Hilaire Date: Thu, 30 Jun 2022 12:46:04 -0700 Subject: [PATCH] Improved AmtHashes command in MeshCMD. --- agents/MeshCmd-signed.exe | Bin 4491784 -> 4498464 bytes agents/MeshCmd64-signed.exe | Bin 4104712 -> 4111392 bytes agents/meshcmd.js | 145 +++++++++++++++++++++++++++++++----- package.json | 16 +++- 4 files changed, 141 insertions(+), 20 deletions(-) diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe index 2a60ffb159a6755f0a683552596379f494088451..b14bd8118d76bc2528426550b753f400700ed18d 100644 GIT binary patch delta 4782 zcmbtX30PCt5;iOmkN_bN7AqWqlAr+sLv*Cy0;WHz=Z@Mfh4$NqEA0MwOYjY6}3J}>xQ-}R$Fl?ZdkY4O08OJt8ebTL0NpC@3r~9Ke_kJnVECuKQm`i zx@v{ZriK+Z)dd3EpDUAA8U^t-ZcFFa2uf-MENlR_06Ty^KnUm#Z~!<0oB%xl&Hxd> z1>g#B1Be0c013bY;0cfdya3(+AAm2QC*UEMl9S)T&=C%M-&S1$a+GIEjtK1d~YMsw^mX`?9$>XLQ;g& zN0W}&tS6oD{h9^hDlmB(lT`VT$SQ)Rf!+S21gYl*>2nSp)0;!EV z`8qEs4~5sh?&KRCUmfurcXBd6*6dD(wv)O_$oKhIi#z3mzm||{eEA4vk0(u{-FWAT zuB01IxCA>r=|Oqo`qh*$f(>Dgo{OFy0>z;5qlXhCkV%gU7(=$+kdHJFYov!awMnbj z8S!Ni?d>wgP-HYQS;-s^a!hDpTj33q5TAHTc-IzskgGJf;5dY{zKnEgn~nJCxVnMr zspx1S1kDmTA^3!cBTB<$PT@jsWK1Slni0Eg2m6*>@(@nk2H_ncpqz1CAvqFXdJBB$ zV@ZE3-423Hv7`mBGZW4@p^kKvww=d#Br}=}U`ZANj_{Qsq&I$dGU9dh_l~GCs zQURh>3KScSTQzXH>K9R-BHoSy$u!J#8UCP@@{?HiXVQ-?0IDgqk&)v!Cy@am&waK_ z!IwJ5>IXz`yxf6ybl`PRJf1s^k_L6~77}LCkLI|LbKXPZINouDnegCAYby^gA6E-ZAJ(UApS{P$Vl?Q~$l>bWZm&wc(MEbuy37UUhg{TCKcvB(L# z2&mn7+hRzEg58vpYll2dnvN@WQ$cQ>2IXsl=sUqsA#u2IH{~npFpfujLnh#oVYCz{{z3I{&tXi+#Md1z0T?4jm1HcwB&D5gjcGE@ z5gy(`^~430q+{F7v~eKq8OdEzNR4#NG`^rQI+I}rUvk*8!+xf!;kM8jO=?{xlahtM zSVBqh#5+_Ee7Tae3u4nyn~mgTQFb@GbtVXVijzq(G}(8aYX>CuRf0n%hTt`Wn(mOv9*r| zd(o-$*xPUhDljlc*dUvcKDa89@^a*gxM@ZKgViaN#2Hr1zQ7VfBk-<235k%Kz$a{{ z@(>YAdze{qTiU_KBBI#^v4d7K$~aWa*6!hSzm7p=L)J+-66#_H{9TX*_7u%ZgdPR$~wxf59X#AX(n4;lxKqBY;~TI8+(54U{EGQ#kdet z9)TmR_deeU1W==rh%re4FFJrQs1d|@($j(Bl1k3!of8DXx=-9HqeHR9n|5JaAP0Q% zJn0vnG-_1pr~&8=wHEfkwinhrqWuvL0~?TjrXr&PH$I?(up|K@DMqvh_P+>*pqG;3 zL2Un09Rcl;_8L4jyhpfVltMZV<_jFK(=p6&C~2GKDB&riMf*)8JO zlUb@&WqsG=EWW2ZI_{r`Lj%tYLnpufp=Hj}a`UC;Q)9E5j?|R?D@hzU!Rg@YwBtTL zGuOquy`op~2aEkniXIlwYpF&$YPMywOg4E+=x>58peD5^skK--T|t z>pNrm?L&S8*ANGP-Fo-X*ggMHS(Xr=_nDL0ZLh`md-P9+$)I6Aw{|Yy zbRc~Coj*0VZE`o`Jqzjk<|t)EtSU;Sd|R0ybnLS*dEq0Gz|k%u(oVT*Q0P0;Y-rIl zt>oC_Zu_p@+@IT{^~gy@v|-3fdH=Z9N#~XCt6Cb|dolY03hxg!D@D%@2n6=s?B>~Y zlPq-~mbN?dFs@}{xE?Z@yC1<~NbX#pcp147FD701+{q&t^SC`=MWr3s5rAEYD%dHX4UiM|xzBE!c zH~Ywll~GS!F0FBG@d~&Ry#Mm8+t1!JhkiV9m%gqlBzZ@-U;kK}+ca@&-i+qJpXbjz zC0?x=v9t8AAHoPw0OjV5c4yt){>9kwo?_Zgl8e?ZS z?eMyCy?e_eD*4gpr7MHWS9xspnm_pQ)SyplE^iZdD|>i;Udk*p^{dxj&m8;u-wy{| z@E9Af$y=U~xX9*o)hUVJjmjU>JhdJ%HwL$Q{_ya|`t?o0R~LqyFyFXuGM65&ksZ$} z+Vkm!Arkw~=uqid+l<6#KQ(WOxbOJq+v@QlpO|)>v6xRb{jp@{_x@SiTFOeC8%|$u zytzm6(X@MKt}aNH;1jbJ)_fQf}|llBm>Dpa*#Zv01+TXNC{Ggh>!}T3aLTr zkOrg)X+hf1c1Q=(h4dhO$N(~gc0fjuF+_rPLMD(YWCoETbBF>_Aq&V7vVyE38^~7B zg0?%fBNu0E2hkvV$N_SM=+G|6333+Tj2Wh(f@cK`raGXtG86#q8si+uY+z&nQ5_>( zFi_7Jj|K~y3~9i&L8QQf0zw2A*BE+$PCzukz70kzP*Oy!fWHiE$9FQxAWso7;T9p% zpc%uG1iUmB5k#6W384CSrWn{zMD_sZas&&umm|7>Lbt+#3rCq!;ItCr{9o!-Lc)NB zGGYce-{3A%8M*!=sRI%b2?oVPL;)NKV&XxJ0%9ZxQ$fn2K;1j0LM|B~0y1DeU%|Ld zaf?}JC@WVUTLerpI$IZS*xILbA22xL;PzS8&Osv3)sK~WONW#Ey{ViSbn}G={)ow`m|?!2 z3n^}H0C-+yonc!PUSGx>&W+vrW!R~;YKqT1U$CBm*?c(>e6s6(jZ}aBjJd0_OkuJ_ zBK`K2f)S0#_x)u~nQ1P1@r~Y&u}kgl8^7LODL9N6MZAgbY;f-B?Q6QAeP)LTKC&(y zrSf^1)Y~AcbUSPT_b6n(<^?KR_e6V_bI8ZC zDvMoFX5tU{^^4R(HOIro@-4Y8L)y}59HytU-$0*~MC#;xbGS$Ur|>*Cm&Hm0?xDfi z(uR}m?Vi3Kw1zlT)1TSW;*DP4%E6@P#TA<2)yI5gxuA`;U=$r^KbsOT_l}&RKUPsm z%cI%X65}#N(nGp7e3aYi}$Ax7VF~MUcAHHDRo|Yu@ z+|ARv@>C?)_k84|)ZNvSK9uYCv7-BE~1e6)&eqNBv9Fkp5cJwoiRiY^g`f;qZwsYb_AfomMZmD`chSxUC(LbI-;El#}0!e%GH=8eM4C!l@ t58n0Bmdy>%z7}w5)VHQ!z4B{7%WK|9!F_>shM7hERqL5$`M5LC7)@QAc zR!3^V7go_)aZ!U0x>#x-ii%WSt*fHd+HKudv{ux1-E(t;@^C+QTfXlncjnAFXXgBK z&YWeRJ>hNXc*3hK;Zg$1Hcg=05}1h0YZQXAO^SqTmfzXcfer45WrA?2VfWg0XzX-0B^u>zzD!dfCS(J z@CEn*`~gxx06+!^1jqpjQ!6hhShcioWDp=25CRwl2nCD=gaN_WJvo)rMr;(Miip;*#?s~=S(2;EpmR~2Iu>Q> zHS-ufYoNeDY#Nj|O|`Acxjd41Nhu(uCzRIYo=NF%a{ffQUqj}2V0)4_2iua8rPz)f z`KQjyaxUy`eF%5p9o*Weh1x^zSxJfxw~1D`VKsSq+jqKK-P=^sg)ld!3ox=Vd(FN z$9Esvk~jTuI$0yf{mBhK?AJx=;E$`hVW}VGMw`^lAW#gNk{lNmkBmB$&*-ys`aF~au|_%=(MF92+Jyc;!$e6k!TlIwH9hb{>ZBjP3yY)QhU z#j5)Pp67FE}DMW?@&dcs_O`iHV?Iy#R}dJOgNdwj4`I;0o+& zqowm0luBAA1FfY6m|wz~lI1emY-0}cq)>2>FB&-#`E>5la^1VE2$8>PMQF&YR)mML zJ4PAgt_L1MahsU#W#&YR@_++0i$NMKicwEREL*e@>9UYzm%(x=3IT+MNKtqwX)lG_ z)wq=s*>iTJNRq?Mmyn%XC=X}L`HZ^P@`37cw1M#g4ml*eAq1TFDEc9B@ zi-le*y0gHE|2zwvoo*~xJojedxzGQD1y0Apf=@SZ|Ahs#(B6*l-KaXUdpo2<{wd1N zpTwS)0Bqax4wyxn|UphLMeGZFIzMe6_ z3E7l%BOgwrTx`u%+*p*)5Spf(2f>!v0qh|_LH3KVvyFKHm$5zSgCa>KEMdi+c?Ty` zgt8lACoN{=O0m?*`|wM)AAW^=xqde95?pi!YO zH_$~tB&>&i@C*Imu#lJP^DXCO;|1E}njIFqm_x>%Um`V!!s3I_1=z(L^*r6I*-QpB zF&2iqo9=qwfQVw`70nnj^qPG3o%I^?;`XqQkra8Uwe+l9CKDt;J3A3$xp*+cZiOVh zNr|v|HU&0inPv9}Yhw-3Ocq^`YlP`6I@e&Hdw%g?QX)YM$=rRE&^yuc@N=Dj*SN{* zs1&u=ixxlzMI!1x77Z9@&MF@+@$4W7mUEK!2vqW+By^lQt)srVDOdf;A z(;7Gf+h157iLO^z1~wr7j0FZMX|Y!gC(ctKl7cXmkPQ0;3_&v`CMvdpsf~sHNb?lF zzC56GAc)4c6SxWo>~s$^T*_#3_X+85X6zNI|A!Ml;3bLwd{3RRVN;GxdoIycoi~H6 z7XM?Kv+Z!t{1)^iEm}QE{c_T{So~4axbt+YJAaBaQdEaUo23l?tw#gsnN2Unm}yFDL_K?j`7v**;ugDbt-91a)5Nhl9*A2To>5O^_`1!>^NC zLJe}}BwbP(q#^!T7WI4^soatn%eEwGX~-W*AQj=~mCsB+u6b*zr@ToihHTIcgbXR& zf^CTJaY|rryqAjCW0QD2)$-6P^C9_ug{n-R({Xy!$#HAGv3~ZsooVl`MW58feR|$S z*{|~i+a8I&9>3W!;0KAipI}Y=#RJ#fnlD?84!A6Qr<@->HA3e-eq(Xmt$fCk$s>E7t+gV^T0SJHkL$gDEh&eqW>iI;|7pmA#($nETYfpO zqP1R7GsU#$#?1VfjR(&O$1Iz1M@WZ@<@V1F@Ob_DSeIM%ksOVnCtM38>DL~M!+hU; znE82Q-S4BQkI2WKISvEdc6(||6nB6AYHNpU*bUKUrYWepzcl}NT-eix#g}$QJbqUB zLD4<8pUSH~JmWrdf#TYE!7XotZpXA;p9&4Nq5saC=K4mcCcfOi>DX*n{@imi-m3UK z-45!YO=7srZTO}o%eFggy)fzBLe=IAqNbsy8@albTNJB)kUswOVzzqrH>(f zdB)G&T{QmOQS0>3tD|SG^6&UacDuBHv)$ltgqsB|R*th3#}=j6|LqM^NNkm$)#-Ad z?F$b&R|+H>F7@RsQZ zubg}H%8G-6*X$b9_Wr@O4|m?xI0Y>H`F73N10{La)-dKC&rp7ELX#JacGu`!PvnNUF<7 zwPI=Uzxf?Y9?*vh?mZ~p@AqT*TJK5s*EO7d#6KM1zI9shj?%Te2G-i$EScj{`}J7= zdFtdlHSrG2Ebo^3wR`CaD;3f^Qx{h}h+9w+Q?xk7zGLXLhebz+jP*auS4Z`I;8&+QIs}KhFzv+^9UVkRgRqd?VtVQ^E~hKywCfVuCAdn2G&r`i751i$oyoK z2YNN@su-0nMtz5dfm9(iNFCCEG$Ac$2c!+@Km>>gk)WNB zE~E$PLk7?fkRfCQ8AD`f7i0qMhD;$dXb)r#SwNPM6-0rkkTpbu=pr%7W-lil>tqA% zg=`@PWCz(pOvnM+C&D_hto%jK%2_VDz+r@?2^_jusUV?`bs5a`u+E77>}5&MfdvAB z2Lca787!D11dykJkOA8Q(F5+47- zd}U}?9p%^fXQ^%Cf$cqNlh(z)4sH<{pG^;4$8`!NUH4Z?Qnz;U?Ok<;hq6U2Rh%$Q z+9+jO{-8T1{PZ}+ubebS?if4aG`lc*@_w%oSQe*lcKmS{-iPl~#?KYy5!BG(> zN#I2|L<~Y#_vTwUJ`f*_){(@g(Z7XaO)?6jZT5Nf_ZrsTHmpN8%@10Oi@v^GX`4As zH&H>+gs&(@KeT1FxUuA9aZ$FBYC?{VjVM*fJQYS9xfhml^O3>Hx;9rc>Of0uw0F18 zMBfD??)oL$<4){N!Y!K!hxL}?wSYSd0`8%mlj8EjuUl2sv-D*folS{qxdHW|O3glT zqtn2%C2>Qo)w!GJwWV0xyOn%y-y#El0%hP=WI)-Db&cqJnO2DRr~vY%CrA&)L!2ES zg*}~N-*Egs;!Vt*7n^0iF`~RD;d&J<>#9)uhLCW{(JLwa%sE7H*{nWT$Mn_rhc|^2KQ~mz{g~G@wB%|fLX^$X`jg-iLuHpK?R~CxR6)T4;K+# z`RinCMUZ)+kfHIoF{PWI=jW(>Z9h5I!H@A#Tx9F+I`bfqmn7-w7dU;I&iAPIOn9Tz zvLs+ClWGV*C+bfnJm0NTe~<5hE6xZh)h-G+5NdBOn^T`Ch}m2U9Z(-_?i3eRY**lg z^;5}B`u?O-bn|hU^Q>zfw@2scVapnya>?aF3?@wH>jY!$P5as-QaaHnfG_Hg>u_`Y z_wL9gbH;=g^T67+;6wBC7q^4Y*78d747X>)f0r%pt#0EiZLRRC8nrbYu6?*w6hU?_ zM~S4v9vY#Hr{Xi zQle&R8H*J7%{fFqvvR$_fQw!p418~_vHb8|a8&yzYI+~F(a(MOK?3W^#I?8fn~#X^ zV#Wge(=xpqeCE>px4B_`&Gi!R5yM)O9NBphFDiLqQKk^*^K_R==PJnT!gKe(IF6^~ j%&EKnGi;XK!=z&42kUvw%cPouu+4UY+S}Eo#Nz(|xtx(d diff --git a/agents/meshcmd.js b/agents/meshcmd.js index e63d0c86..5628303b 100644 --- a/agents/meshcmd.js +++ b/agents/meshcmd.js @@ -157,6 +157,8 @@ function run(argv) { if ((typeof args.uuidoutput) == 'string' || args.uuidoutput) { settings.uuidoutput = args.uuidoutput; } if ((typeof args.desc) == 'string') { settings.desc = args.desc; } if ((typeof args.dnssuffix) == 'string') { settings.dnssuffix = args.dnssuffix; } + if ((typeof args.create) == 'string') { settings.create = args.create; } + if ((typeof args.delete) == 'string') { settings.delete = args.delete; } if (args.bindany) { settings.bindany = true; } if (args.emailtoken) { settings.emailtoken = true; } if (args.smstoken) { settings.smstoken = true; } @@ -238,8 +240,12 @@ function run(argv) { console.log('\r\nPossible arguments:\r\n'); console.log(' --json Display all Intel AMT state in JSON format.'); } else if (action == 'amthashes') { - console.log('Amthashes will display all trusted activations hashes for Intel AMT on this computer. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd amthashes'); + console.log('Amthashes will display all trusted activations hashes for Intel AMT. If the host is not specified, the hashes are read using the local MEI driver is used. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd amthashes'); console.log('\r\nPossible arguments:\r\n'); + console.log(' --host [hostname] The IP address or DNS name of Intel AMT, 127.0.0.1 is default.'); + console.log(' --user [username] The Intel AMT login username, admin is default.'); + console.log(' --pass [password] The Intel AMT login password.'); + console.log(' --tls Specifies that TLS must be used.'); console.log(' --json Display all Intel AMT hashes in JSON format.'); } else if ((action == 'microlms') || (action == 'lms') || (action == 'amtlms')) { console.log('Starts MicroLMS on this computer, allowing local access to Intel AMT on TCP ports 16992 and 16993 when applicable. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd microlms'); @@ -528,23 +534,28 @@ function run(argv) { return; }); } else if (settings.action == 'amthashes') { - // Display Intel AMT list of trusted hashes - var amtMeiModule, amtMei, amtHashes = []; - try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; } - amtMei.on('error', function (e) { console.log('amthashes error: ' + e); exit(1); return; }); - amtMei.getHashHandles(function (handles) { - exitOnCount = handles.length; - for (var i = 0; i < handles.length; ++i) { - this.getCertHashEntry(handles[i], function (result) { - var certState = []; - if (result.isDefault) { certState.push('Default'); } - if (result.isActive) { certState.push('Active'); } else { certState.push('Disabled'); } - amtHashes.push(result); - if (!args.json) { console.log(result.name + ', (' + certState.join(', ') + ')\r\n ' + result.hashAlgorithmStr + ': ' + result.certificateHash); } - if (--exitOnCount == 0) { if (args.json) { console.log(JSON.stringify(amtHashes, null, 2)); } exit(0); } - }); - } - }); + if (settings.hostname == null) { + // Display Intel AMT list of trusted hashes from the MEI driver + var amtMeiModule, amtMei, amtHashes = []; + try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; } + amtMei.on('error', function (e) { console.log('amthashes error: ' + e); exit(1); return; }); + amtMei.getHashHandles(function (handles) { + exitOnCount = handles.length; + for (var i = 0; i < handles.length; ++i) { + this.getCertHashEntry(handles[i], function (result) { + var certState = []; + if (result.isDefault) { certState.push('Default'); } + if (result.isActive) { certState.push('Active'); } else { certState.push('Disabled'); } + amtHashes.push(result); + if (!args.json) { console.log(result.name + ', (' + certState.join(', ') + ')\r\n ' + result.hashAlgorithmStr + ': ' + result.certificateHash); } + if (--exitOnCount == 0) { if (args.json) { console.log(JSON.stringify(amtHashes, null, 2)); } exit(0); } + }); + } + }); + } else { + // We are going to use WSMAN to perform hash operations + performAmtTrustedHashes(); + } } else if (settings.action == 'netinfo') { // Display network information var interfaces = require('os').networkInterfaces(); @@ -872,6 +883,104 @@ function run(argv) { } } + +// +// Intel AMT Trusted Hashes +// + +function performAmtTrustedHashes() { + // Check the settings + if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; } + if ((settings.hostname == null) || (typeof settings.hostname != 'string') || (settings.hostname == '')) { settings.hostname = '127.0.0.1'; } + if ((settings.username == null) || (typeof settings.username != 'string') || (settings.username == '')) { settings.username = 'admin'; } + if ((typeof settings.create == 'string')) { + if ((settings.name == null) || (typeof settings.name != 'string') || (settings.name == '')) { console.log('No or invalid \"name\" specified, use --name [name].'); exit(1); return; } + if ((settings.create.length != 32) && (settings.create.length != 40) && (settings.create.length != 64) && (settings.create.length != 96)) { console.log('No or invalid \"create\" hash, must be in HEX format of length 30, 40, 64, 96.'); exit(1); return; } + if (Buffer.from(settings.create, 'hex').toString('hex') != settings.create.toUpperCase()) { console.log('No or invalid \"create\" specified, must be in HEX format.'); exit(1); return; } + settings.create = Buffer.from(settings.create, 'hex').toString('hex'); + } + if ((typeof settings.delete == 'string')) { + if ((settings.delete.length != 32) && (settings.delete.length != 40) && (settings.delete.length != 64) && (settings.delete.length != 96)) { console.log('No or invalid \"delete\" hash, must be in HEX format of length 30, 40, 64, 96.'); exit(1); return; } + if (Buffer.from(settings.delete, 'hex').toString('hex') != settings.delete.toUpperCase()) { console.log('No or invalid \"delete\" specified, must be in HEX format.'); exit(1); return; } + settings.delete = Buffer.from(settings.delete, 'hex').toString('hex'); + } + + // See if MicroLMS needs to be started + if ((settings.hostname == '127.0.0.1') || (settings.hostname.toLowerCase() == 'localhost')) { + settings.noconsole = true; startLms(performAmtTrustedHashesEx); + } else { + performAmtTrustedHashesEx(); + } +} + +function performAmtTrustedHashesEx(x) { + var transport = require('amt-wsman-duk'); + var wsman = require('amt-wsman'); + var amt = require('amt'); + wsstack = new wsman(transport, settings.hostname, settings.tls ? 16993 : 16992, settings.username, settings.password, settings.tls); + amtstack = new amt(wsstack); + amtstack.BatchEnum(null, ['AMT_ProvisioningCertificateHash'], performAmtTrustedHashesEx2); +} + +function performAmtTrustedHashesEx2(stack, name, responses, status) { + if (status != 200) { + console.log('Unable to get trusted hashes, status = ' + status + '.'); + } else { + var r = responses['AMT_ProvisioningCertificateHash'].responses; + if (settings.create) { + // Create a new hash entry + var instanceId = null; + for (var i in r) { if (Buffer.from(r[i]['HashData'], 'base64').toString('hex') == settings.create) { instanceId = r[i]['InstanceID']; } } + if (instanceId != null) { console.log('This trusted hash is already present.'); exit(1); return; } + + // Setup hash type + var hashtype = -1; + var hash = Buffer.from(settings.create, 'hex'); + if (hash.length == 16) { hashtype = 0; } // MD5 + if (hash.length == 20) { hashtype = 1; } // SHA1 + if (hash.length == 32) { hashtype = 2; } // SHA256 + if (hash.length == 48) { hashtype = 3; } // SHA384 + if (hashtype == -1) { console.log('Invalid hash type', hash.length); exit(1); return; } + + // Setup object instance + var instance = { "Description": settings.name, "Enabled": true, "HashData": hash.toString('base64'), "HashType": hashtype, "IsDefault": false, "InstanceID": '' }; + + // Perform WSMAN "CREATE" operation. + amtstack.Create('AMT_ProvisioningCertificateHash', instance, function (stack, name, response, status) { + if (status != 200) { console.log('ERROR: Failed to create trusted hash.', status, JSON.stringify(response, null, 2)); } else { console.log('Done.'); } + exit(0); + }); + return; + } else if (settings.delete) { + // Delete a hash entry + var instance = null; + for (var i in r) { if (Buffer.from(r[i]['HashData'], 'base64').toString('hex') == settings.delete) { instance = r[i]; } } + if (instance == null) { console.log('This trusted hash not present.'); exit(1); return; } + + // Perform WSMAN "DELETE" operation. + amtstack.Delete('AMT_ProvisioningCertificateHash', instance, function (stack, name, response, status) { + if (status != 200) { console.log('ERROR: Failed to delete trusted hash.', status, JSON.stringify(response, null, 2)); } else { console.log('Done.'); } + exit(0); + }); + return; + } else if (settings.json) { + // List the hashes in JSON format + console.log(JSON.stringify(r, null, 2)); + } else { + // List the hashes + for (var i in r) { + var certState = []; + var hashTypes = ['MD5', 'SHA1', 'SHA256', 'SHA384']; + if (r[i]['IsDefault']) { certState.push('Default'); } + if (r[i]['Enabled']) { certState.push('Active'); } else { certState.push('Disabled'); } + console.log(r[i]['Description'] + ', (' + certState.join(', ') + ')\r\n ' + hashTypes[r[i]['HashType']] + ': ' + Buffer.from(r[i]['HashData'], 'base64').toString('hex')); + } + } + exit(0); + } +} + + // // Intel AMT Agent Presence // diff --git a/package.json b/package.json index c222235f..6d0edca3 100644 --- a/package.json +++ b/package.json @@ -37,21 +37,33 @@ "sample-config-advanced.json" ], "dependencies": { + "@yetzt/nedb": "^1.8.0", "archiver": "^5.3.1", "body-parser": "^1.19.0", "cbor": "~5.2.0", "compression": "^1.7.4", "cookie-session": "^1.4.0", + "esprima": "^4.0.1", "express": "^4.17.0", "express-handlebars": "^5.3.5", "express-ws": "^4.0.0", + "html-minifier": "^4.0.0", + "image-size": "^1.0.1", "ipcheck": "^0.1.0", + "jsdom": "^20.0.0", + "loadavg-windows": "^1.1.1", + "minify-js": "0.0.4", "minimist": "^1.2.5", "multiparty": "^4.2.1", - "@yetzt/nedb": "^1.8.0", "node-forge": "^1.0.0", + "node-windows": "^0.1.4", + "otplib": "^10.2.3", + "pg": "^8.7.1", + "pgtools": "^0.3.2", + "web-push": "^3.5.0", "ws": "^5.2.3", - "yauzl": "^2.10.0" + "yauzl": "^2.10.0", + "yubikeyotp": "^0.2.0" }, "engines": { "node": ">=10.0.0"