More work on AMT TLS ACM activation.

This commit is contained in:
Ylian Saint-Hilaire 2021-03-04 01:54:04 -08:00
parent 423daaf19d
commit dc11a44a19
5 changed files with 116 additions and 110 deletions

View File

@ -24,22 +24,18 @@ function amt_heci() {
this._ObjectID = "pthi"; this._ObjectID = "pthi";
this._rq = new Q(); this._rq = new Q();
this._setupPTHI = function _setupPTHI() this._setupPTHI = function _setupPTHI() {
{
this._amt = heci.create(); this._amt = heci.create();
this._amt.descriptorMetadata = "amt-pthi"; this._amt.descriptorMetadata = "amt-pthi";
this._amt.BiosVersionLen = 65; this._amt.BiosVersionLen = 65;
this._amt.UnicodeStringLen = 20; this._amt.UnicodeStringLen = 20;
this._amt.Parent = this; this._amt.Parent = this;
this._amt.on('error', function _amtOnError(e) this._amt.on('error', function _amtOnError(e) {
{ if (this.Parent._rq.isEmpty()) {
if(this.Parent._rq.isEmpty())
{
this.Parent.emit('error', e); // No pending requests, so propagate the error up this.Parent.emit('error', e); // No pending requests, so propagate the error up
} }
else else {
{
// There is a pending request, so fail the pending request // There is a pending request, so fail the pending request
var user = this.Parent._rq.deQueue(); var user = this.Parent._rq.deQueue();
var params = user.optional; var params = user.optional;
@ -47,17 +43,14 @@ function amt_heci() {
params.unshift({ Status: -1 }); // Relay an error params.unshift({ Status: -1 }); // Relay an error
callback.apply(this.Parent, params); callback.apply(this.Parent, params);
if(!this.Parent._rq.isEmpty()) if (!this.Parent._rq.isEmpty()) {
{
// There are still more pending requests, so try to re-helpconnect MEI // There are still more pending requests, so try to re-helpconnect MEI
this.connect(heci.GUIDS.AMT, { noPipeline: 1 }); this.connect(heci.GUIDS.AMT, { noPipeline: 1 });
} }
} }
}); });
this._amt.on('connect', function _amtOnConnect() this._amt.on('connect', function _amtOnConnect() {
{ this.on('data', function _amtOnData(chunk) {
this.on('data', function _amtOnData(chunk)
{
//console.log("Received: " + chunk.length + " bytes"); //console.log("Received: " + chunk.length + " bytes");
var header = this.Parent.getCommand(chunk); var header = this.Parent.getCommand(chunk);
//console.log("CMD = " + header.Command + " (Status: " + header.Status + ") Response = " + header.IsResponse); //console.log("CMD = " + header.Command + " (Status: " + header.Status + ") Response = " + header.IsResponse);
@ -69,14 +62,12 @@ function amt_heci() {
params.unshift(header); params.unshift(header);
callback.apply(this.Parent, params); callback.apply(this.Parent, params);
if(this.Parent._rq.isEmpty()) if (this.Parent._rq.isEmpty()) {
{
// No More Requests, we can close PTHI // No More Requests, we can close PTHI
this.Parent._amt.disconnect(); this.Parent._amt.disconnect();
this.Parent._amt = null; this.Parent._amt = null;
} }
else else {
{
// Send the next request // Send the next request
this.write(this.Parent._rq.peekQueue().send); this.write(this.Parent._rq.peekQueue().send);
} }
@ -93,8 +84,7 @@ function amt_heci() {
return (ret); return (ret);
}; };
this.sendCommand = function sendCommand() this.sendCommand = function sendCommand() {
{
if (arguments.length < 3 || typeof (arguments[0]) != 'number' || typeof (arguments[1]) != 'object' || typeof (arguments[2]) != 'function') { throw ('invalid parameters'); } if (arguments.length < 3 || typeof (arguments[0]) != 'number' || typeof (arguments[1]) != 'object' || typeof (arguments[2]) != 'function') { throw ('invalid parameters'); }
var args = []; var args = [];
for (var i = 3; i < arguments.length; ++i) { args.push(arguments[i]); } for (var i = 3; i < arguments.length; ++i) { args.push(arguments[i]); }
@ -102,10 +92,9 @@ function amt_heci() {
var header = Buffer.from('010100000000000000000000', 'hex'); var header = Buffer.from('010100000000000000000000', 'hex');
header.writeUInt32LE(arguments[0] | 0x04000000, 4); header.writeUInt32LE(arguments[0] | 0x04000000, 4);
header.writeUInt32LE(arguments[1] == null ? 0 : arguments[1].length, 8); header.writeUInt32LE(arguments[1] == null ? 0 : arguments[1].length, 8);
this._rq.enQueue({ cmd: arguments[0], func: arguments[2], optional: args , send: (arguments[1] == null ? header : Buffer.concat([header, arguments[1]]))}); this._rq.enQueue({ cmd: arguments[0], func: arguments[2], optional: args, send: (arguments[1] == null ? header : Buffer.concat([header, arguments[1]])) });
if(!this._amt) if (!this._amt) {
{
this._setupPTHI(); this._setupPTHI();
this._amt.connect(heci.GUIDS.AMT, { noPipeline: 1 }); this._amt.connect(heci.GUIDS.AMT, { noPipeline: 1 });
} }
@ -117,7 +106,7 @@ function amt_heci() {
this.sendCommand(26, null, function (header, fn, opt) { this.sendCommand(26, null, function (header, fn, opt) {
if (header.Status == 0) { if (header.Status == 0) {
var i, CodeVersion = header.Data, val = { BiosVersion: CodeVersion.slice(0, this._amt.BiosVersionLen).toString(), Versions: [] }, v = CodeVersion.slice(this._amt.BiosVersionLen + 4); var i, CodeVersion = header.Data, val = { BiosVersion: CodeVersion.slice(0, this._amt.BiosVersionLen).toString(), Versions: [] }, v = CodeVersion.slice(this._amt.BiosVersionLen + 4);
for (i = 0; i < CodeVersion.readUInt32LE(this._amt.BiosVersionLen) ; ++i) { for (i = 0; i < CodeVersion.readUInt32LE(this._amt.BiosVersionLen); ++i) {
val.Versions[i] = { Description: v.slice(2, v.readUInt16LE(0) + 2).toString(), Version: v.slice(4 + this._amt.UnicodeStringLen, 4 + this._amt.UnicodeStringLen + v.readUInt16LE(2 + this._amt.UnicodeStringLen)).toString() }; val.Versions[i] = { Description: v.slice(2, v.readUInt16LE(0) + 2).toString(), Version: v.slice(4 + this._amt.UnicodeStringLen, 4 + this._amt.UnicodeStringLen + v.readUInt16LE(2 + this._amt.UnicodeStringLen)).toString() };
v = v.slice(4 + (2 * this._amt.UnicodeStringLen)); v = v.slice(4 + (2 * this._amt.UnicodeStringLen));
} }
@ -302,34 +291,27 @@ function amt_heci() {
this.getLocalSystemAccount = function getLocalSystemAccount(callback) { this.getLocalSystemAccount = function getLocalSystemAccount(callback) {
var optional = []; var optional = [];
for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); }
this.sendCommand(103, Buffer.alloc(40), function (header, fn, opt) this.sendCommand(103, Buffer.alloc(40), function (header, fn, opt) {
{ if (header.Status == 0 && header.Data.length == 68) {
if (header.Status == 0 && header.Data.length == 68)
{
opt.unshift({ user: trim(header.Data.slice(0, 33).toString()), pass: trim(header.Data.slice(33, 67).toString()), raw: header.Data }); opt.unshift({ user: trim(header.Data.slice(0, 33).toString()), pass: trim(header.Data.slice(33, 67).toString()), raw: header.Data });
} }
else else {
{
opt.unshift(null); opt.unshift(null);
} }
fn.apply(this, opt); fn.apply(this, opt);
}, callback, optional); }, callback, optional);
} }
this.getLanInterfaceSettings = function getLanInterfaceSettings(index, callback) this.getLanInterfaceSettings = function getLanInterfaceSettings(index, callback) {
{
var optional = []; var optional = [];
for (var i = 2; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 2; i < arguments.length; ++i) { optional.push(arguments[i]); }
var ifx = Buffer.alloc(4); var ifx = Buffer.alloc(4);
ifx.writeUInt32LE(index); ifx.writeUInt32LE(index);
this.sendCommand(0x48, ifx, function onGetLanInterfaceSettings(header, fn, opt) this.sendCommand(0x48, ifx, function onGetLanInterfaceSettings(header, fn, opt) {
{ if (header.Status == 0) {
if(header.Status == 0)
{
var info = {}; var info = {};
info.enabled = header.Data.readUInt32LE(0); info.enabled = header.Data.readUInt32LE(0);
info.dhcpEnabled = header.Data.readUInt32LE(8); info.dhcpEnabled = header.Data.readUInt32LE(8);
switch(header.Data[12]) switch (header.Data[12]) {
{
case 1: case 1:
info.dhcpMode = 'ACTIVE' info.dhcpMode = 'ACTIVE'
break; break;
@ -347,8 +329,7 @@ function amt_heci() {
opt.unshift(info); opt.unshift(info);
fn.apply(this, opt); fn.apply(this, opt);
} }
else else {
{
opt.unshift(null); opt.unshift(null);
fn.apply(this, opt); fn.apply(this, opt);
} }
@ -398,21 +379,18 @@ function amt_heci() {
fn.apply(this, opt); fn.apply(this, opt);
}, callback, optional); }, callback, optional);
} }
this.getProtocolVersion = function getProtocolVersion(callback) this.getProtocolVersion = function getProtocolVersion(callback) {
{
var optional = []; var optional = [];
for (var i = 1; i < arguments.length; ++i) { opt.push(arguments[i]); } for (var i = 1; i < arguments.length; ++i) { opt.push(arguments[i]); }
if (!this._tmpSession) { this._tmpSession = heci.create(); this._tmpSession.parent = this;} if (!this._tmpSession) { this._tmpSession = heci.create(); this._tmpSession.parent = this; }
this._tmpSession.doIoctl(heci.IOCTL.HECI_VERSION, Buffer.alloc(5), Buffer.alloc(5), function (status, buffer, self, fn, opt) this._tmpSession.doIoctl(heci.IOCTL.HECI_VERSION, Buffer.alloc(5), Buffer.alloc(5), function (status, buffer, self, fn, opt) {
{
if (status == 0) { if (status == 0) {
var result = buffer.readUInt8(0).toString() + '.' + buffer.readUInt8(1).toString() + '.' + buffer.readUInt8(2).toString() + '.' + buffer.readUInt16BE(3).toString(); var result = buffer.readUInt8(0).toString() + '.' + buffer.readUInt8(1).toString() + '.' + buffer.readUInt8(2).toString() + '.' + buffer.readUInt16BE(3).toString();
opt.unshift(result); opt.unshift(result);
fn.apply(self, opt); fn.apply(self, opt);
} }
else else {
{
opt.unshift(null); opt.unshift(null);
fn.apply(self, opt); fn.apply(self, opt);
} }
@ -421,7 +399,19 @@ function amt_heci() {
} }
this.startConfigurationHBased = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) { this.startConfigurationHBased = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) {
if ((certHash == null) || ((certHash.length != 32) && (certHash.length != 48))) { func({ status: -101 }); } if ((certHash == null) || ((certHash.length != 32) && (certHash.length != 48))) { func({ status: -101 }); }
this.stopConfiguration(function (status) {
if (status == 0) {
// We stopped the configuration, wait 20 seconds before starting up again.
var f = function tf() { delete tf.parent.xtimeout; tf.parent.startConfigurationHBasedEx(certHash, hostVpn, dnsSuffixList, func); }
f.parent = this;
this.xtimeout = setTimeout(f, 20000);
} else {
// We are not in the connect mode, this is good, start configuration right away.
this.startConfigurationHBasedEx(certHash, hostVpn, dnsSuffixList, func);
}
})
}
this.startConfigurationHBasedEx = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) {
var optional = []; var optional = [];
for (var i = 4; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 4; i < arguments.length; ++i) { optional.push(arguments[i]); }
@ -442,7 +432,7 @@ function amt_heci() {
var amtHash = null; var amtHash = null;
if (header.Data[0] == 2) { amtHash = header.Data.slice(1, 33); } // SHA256 if (header.Data[0] == 2) { amtHash = header.Data.slice(1, 33); } // SHA256
if (header.Data[0] == 3) { amtHash = header.Data.slice(1, 49); } // SHA384 if (header.Data[0] == 3) { amtHash = header.Data.slice(1, 49); } // SHA384
opt.unshift({ status: header.Status, hash: amtHash }); opt.unshift({ status: header.Status, hash: amtHash.toString('hex') });
} else { } else {
opt.unshift({ status: header.Status }); opt.unshift({ status: header.Status });
} }

View File

@ -24,22 +24,18 @@ function amt_heci() {
this._ObjectID = "pthi"; this._ObjectID = "pthi";
this._rq = new Q(); this._rq = new Q();
this._setupPTHI = function _setupPTHI() this._setupPTHI = function _setupPTHI() {
{
this._amt = heci.create(); this._amt = heci.create();
this._amt.descriptorMetadata = "amt-pthi"; this._amt.descriptorMetadata = "amt-pthi";
this._amt.BiosVersionLen = 65; this._amt.BiosVersionLen = 65;
this._amt.UnicodeStringLen = 20; this._amt.UnicodeStringLen = 20;
this._amt.Parent = this; this._amt.Parent = this;
this._amt.on('error', function _amtOnError(e) this._amt.on('error', function _amtOnError(e) {
{ if (this.Parent._rq.isEmpty()) {
if(this.Parent._rq.isEmpty())
{
this.Parent.emit('error', e); // No pending requests, so propagate the error up this.Parent.emit('error', e); // No pending requests, so propagate the error up
} }
else else {
{
// There is a pending request, so fail the pending request // There is a pending request, so fail the pending request
var user = this.Parent._rq.deQueue(); var user = this.Parent._rq.deQueue();
var params = user.optional; var params = user.optional;
@ -47,17 +43,14 @@ function amt_heci() {
params.unshift({ Status: -1 }); // Relay an error params.unshift({ Status: -1 }); // Relay an error
callback.apply(this.Parent, params); callback.apply(this.Parent, params);
if(!this.Parent._rq.isEmpty()) if (!this.Parent._rq.isEmpty()) {
{
// There are still more pending requests, so try to re-helpconnect MEI // There are still more pending requests, so try to re-helpconnect MEI
this.connect(heci.GUIDS.AMT, { noPipeline: 1 }); this.connect(heci.GUIDS.AMT, { noPipeline: 1 });
} }
} }
}); });
this._amt.on('connect', function _amtOnConnect() this._amt.on('connect', function _amtOnConnect() {
{ this.on('data', function _amtOnData(chunk) {
this.on('data', function _amtOnData(chunk)
{
//console.log("Received: " + chunk.length + " bytes"); //console.log("Received: " + chunk.length + " bytes");
var header = this.Parent.getCommand(chunk); var header = this.Parent.getCommand(chunk);
//console.log("CMD = " + header.Command + " (Status: " + header.Status + ") Response = " + header.IsResponse); //console.log("CMD = " + header.Command + " (Status: " + header.Status + ") Response = " + header.IsResponse);
@ -69,14 +62,12 @@ function amt_heci() {
params.unshift(header); params.unshift(header);
callback.apply(this.Parent, params); callback.apply(this.Parent, params);
if(this.Parent._rq.isEmpty()) if (this.Parent._rq.isEmpty()) {
{
// No More Requests, we can close PTHI // No More Requests, we can close PTHI
this.Parent._amt.disconnect(); this.Parent._amt.disconnect();
this.Parent._amt = null; this.Parent._amt = null;
} }
else else {
{
// Send the next request // Send the next request
this.write(this.Parent._rq.peekQueue().send); this.write(this.Parent._rq.peekQueue().send);
} }
@ -93,8 +84,7 @@ function amt_heci() {
return (ret); return (ret);
}; };
this.sendCommand = function sendCommand() this.sendCommand = function sendCommand() {
{
if (arguments.length < 3 || typeof (arguments[0]) != 'number' || typeof (arguments[1]) != 'object' || typeof (arguments[2]) != 'function') { throw ('invalid parameters'); } if (arguments.length < 3 || typeof (arguments[0]) != 'number' || typeof (arguments[1]) != 'object' || typeof (arguments[2]) != 'function') { throw ('invalid parameters'); }
var args = []; var args = [];
for (var i = 3; i < arguments.length; ++i) { args.push(arguments[i]); } for (var i = 3; i < arguments.length; ++i) { args.push(arguments[i]); }
@ -102,10 +92,9 @@ function amt_heci() {
var header = Buffer.from('010100000000000000000000', 'hex'); var header = Buffer.from('010100000000000000000000', 'hex');
header.writeUInt32LE(arguments[0] | 0x04000000, 4); header.writeUInt32LE(arguments[0] | 0x04000000, 4);
header.writeUInt32LE(arguments[1] == null ? 0 : arguments[1].length, 8); header.writeUInt32LE(arguments[1] == null ? 0 : arguments[1].length, 8);
this._rq.enQueue({ cmd: arguments[0], func: arguments[2], optional: args , send: (arguments[1] == null ? header : Buffer.concat([header, arguments[1]]))}); this._rq.enQueue({ cmd: arguments[0], func: arguments[2], optional: args, send: (arguments[1] == null ? header : Buffer.concat([header, arguments[1]])) });
if(!this._amt) if (!this._amt) {
{
this._setupPTHI(); this._setupPTHI();
this._amt.connect(heci.GUIDS.AMT, { noPipeline: 1 }); this._amt.connect(heci.GUIDS.AMT, { noPipeline: 1 });
} }
@ -117,7 +106,7 @@ function amt_heci() {
this.sendCommand(26, null, function (header, fn, opt) { this.sendCommand(26, null, function (header, fn, opt) {
if (header.Status == 0) { if (header.Status == 0) {
var i, CodeVersion = header.Data, val = { BiosVersion: CodeVersion.slice(0, this._amt.BiosVersionLen).toString(), Versions: [] }, v = CodeVersion.slice(this._amt.BiosVersionLen + 4); var i, CodeVersion = header.Data, val = { BiosVersion: CodeVersion.slice(0, this._amt.BiosVersionLen).toString(), Versions: [] }, v = CodeVersion.slice(this._amt.BiosVersionLen + 4);
for (i = 0; i < CodeVersion.readUInt32LE(this._amt.BiosVersionLen) ; ++i) { for (i = 0; i < CodeVersion.readUInt32LE(this._amt.BiosVersionLen); ++i) {
val.Versions[i] = { Description: v.slice(2, v.readUInt16LE(0) + 2).toString(), Version: v.slice(4 + this._amt.UnicodeStringLen, 4 + this._amt.UnicodeStringLen + v.readUInt16LE(2 + this._amt.UnicodeStringLen)).toString() }; val.Versions[i] = { Description: v.slice(2, v.readUInt16LE(0) + 2).toString(), Version: v.slice(4 + this._amt.UnicodeStringLen, 4 + this._amt.UnicodeStringLen + v.readUInt16LE(2 + this._amt.UnicodeStringLen)).toString() };
v = v.slice(4 + (2 * this._amt.UnicodeStringLen)); v = v.slice(4 + (2 * this._amt.UnicodeStringLen));
} }
@ -302,34 +291,27 @@ function amt_heci() {
this.getLocalSystemAccount = function getLocalSystemAccount(callback) { this.getLocalSystemAccount = function getLocalSystemAccount(callback) {
var optional = []; var optional = [];
for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 1; i < arguments.length; ++i) { optional.push(arguments[i]); }
this.sendCommand(103, Buffer.alloc(40), function (header, fn, opt) this.sendCommand(103, Buffer.alloc(40), function (header, fn, opt) {
{ if (header.Status == 0 && header.Data.length == 68) {
if (header.Status == 0 && header.Data.length == 68)
{
opt.unshift({ user: trim(header.Data.slice(0, 33).toString()), pass: trim(header.Data.slice(33, 67).toString()), raw: header.Data }); opt.unshift({ user: trim(header.Data.slice(0, 33).toString()), pass: trim(header.Data.slice(33, 67).toString()), raw: header.Data });
} }
else else {
{
opt.unshift(null); opt.unshift(null);
} }
fn.apply(this, opt); fn.apply(this, opt);
}, callback, optional); }, callback, optional);
} }
this.getLanInterfaceSettings = function getLanInterfaceSettings(index, callback) this.getLanInterfaceSettings = function getLanInterfaceSettings(index, callback) {
{
var optional = []; var optional = [];
for (var i = 2; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 2; i < arguments.length; ++i) { optional.push(arguments[i]); }
var ifx = Buffer.alloc(4); var ifx = Buffer.alloc(4);
ifx.writeUInt32LE(index); ifx.writeUInt32LE(index);
this.sendCommand(0x48, ifx, function onGetLanInterfaceSettings(header, fn, opt) this.sendCommand(0x48, ifx, function onGetLanInterfaceSettings(header, fn, opt) {
{ if (header.Status == 0) {
if(header.Status == 0)
{
var info = {}; var info = {};
info.enabled = header.Data.readUInt32LE(0); info.enabled = header.Data.readUInt32LE(0);
info.dhcpEnabled = header.Data.readUInt32LE(8); info.dhcpEnabled = header.Data.readUInt32LE(8);
switch(header.Data[12]) switch (header.Data[12]) {
{
case 1: case 1:
info.dhcpMode = 'ACTIVE' info.dhcpMode = 'ACTIVE'
break; break;
@ -347,8 +329,7 @@ function amt_heci() {
opt.unshift(info); opt.unshift(info);
fn.apply(this, opt); fn.apply(this, opt);
} }
else else {
{
opt.unshift(null); opt.unshift(null);
fn.apply(this, opt); fn.apply(this, opt);
} }
@ -398,21 +379,18 @@ function amt_heci() {
fn.apply(this, opt); fn.apply(this, opt);
}, callback, optional); }, callback, optional);
} }
this.getProtocolVersion = function getProtocolVersion(callback) this.getProtocolVersion = function getProtocolVersion(callback) {
{
var optional = []; var optional = [];
for (var i = 1; i < arguments.length; ++i) { opt.push(arguments[i]); } for (var i = 1; i < arguments.length; ++i) { opt.push(arguments[i]); }
if (!this._tmpSession) { this._tmpSession = heci.create(); this._tmpSession.parent = this;} if (!this._tmpSession) { this._tmpSession = heci.create(); this._tmpSession.parent = this; }
this._tmpSession.doIoctl(heci.IOCTL.HECI_VERSION, Buffer.alloc(5), Buffer.alloc(5), function (status, buffer, self, fn, opt) this._tmpSession.doIoctl(heci.IOCTL.HECI_VERSION, Buffer.alloc(5), Buffer.alloc(5), function (status, buffer, self, fn, opt) {
{
if (status == 0) { if (status == 0) {
var result = buffer.readUInt8(0).toString() + '.' + buffer.readUInt8(1).toString() + '.' + buffer.readUInt8(2).toString() + '.' + buffer.readUInt16BE(3).toString(); var result = buffer.readUInt8(0).toString() + '.' + buffer.readUInt8(1).toString() + '.' + buffer.readUInt8(2).toString() + '.' + buffer.readUInt16BE(3).toString();
opt.unshift(result); opt.unshift(result);
fn.apply(self, opt); fn.apply(self, opt);
} }
else else {
{
opt.unshift(null); opt.unshift(null);
fn.apply(self, opt); fn.apply(self, opt);
} }
@ -421,7 +399,19 @@ function amt_heci() {
} }
this.startConfigurationHBased = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) { this.startConfigurationHBased = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) {
if ((certHash == null) || ((certHash.length != 32) && (certHash.length != 48))) { func({ status: -101 }); } if ((certHash == null) || ((certHash.length != 32) && (certHash.length != 48))) { func({ status: -101 }); }
this.stopConfiguration(function (status) {
if (status == 0) {
// We stopped the configuration, wait 20 seconds before starting up again.
var f = function tf() { delete tf.parent.xtimeout; tf.parent.startConfigurationHBasedEx(certHash, hostVpn, dnsSuffixList, func); }
f.parent = this;
this.xtimeout = setTimeout(f, 20000);
} else {
// We are not in the connect mode, this is good, start configuration right away.
this.startConfigurationHBasedEx(certHash, hostVpn, dnsSuffixList, func);
}
})
}
this.startConfigurationHBasedEx = function startConfigurationHBased(certHash, hostVpn, dnsSuffixList, func) {
var optional = []; var optional = [];
for (var i = 4; i < arguments.length; ++i) { optional.push(arguments[i]); } for (var i = 4; i < arguments.length; ++i) { optional.push(arguments[i]); }
@ -442,7 +432,7 @@ function amt_heci() {
var amtHash = null; var amtHash = null;
if (header.Data[0] == 2) { amtHash = header.Data.slice(1, 33); } // SHA256 if (header.Data[0] == 2) { amtHash = header.Data.slice(1, 33); } // SHA256
if (header.Data[0] == 3) { amtHash = header.Data.slice(1, 49); } // SHA384 if (header.Data[0] == 3) { amtHash = header.Data.slice(1, 49); } // SHA384
opt.unshift({ status: header.Status, hash: amtHash }); opt.unshift({ status: header.Status, hash: amtHash.toString('hex') });
} else { } else {
opt.unshift({ status: header.Status }); opt.unshift({ status: header.Status });
} }

View File

@ -242,9 +242,9 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
var options = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false }; var options = { socket: ser, ciphers: 'RSA+AES:!aNULL:!MD5:!DSS', secureOptions: obj.constants.SSL_OP_NO_SSLv2 | obj.constants.SSL_OP_NO_SSLv3 | obj.constants.SSL_OP_NO_COMPRESSION | obj.constants.SSL_OP_CIPHER_SERVER_PREFERENCE, rejectUnauthorized: false };
if (obj.xtlsMethod == 1) { options.secureProtocol = 'TLSv1_method'; } if (obj.xtlsMethod == 1) { options.secureProtocol = 'TLSv1_method'; }
if (obj.xtlsoptions) { if (obj.xtlsoptions) {
if (obj.xtlsoptions.ca) options.ca = obj.xtlsoptions.ca; if (obj.xtlsoptions.ca) { options.ca = obj.xtlsoptions.ca; }
if (obj.xtlsoptions.cert) options.cert = obj.xtlsoptions.cert; if (obj.xtlsoptions.cert) { options.cert = obj.xtlsoptions.cert; }
if (obj.xtlsoptions.key) options.key = obj.xtlsoptions.key; if (obj.xtlsoptions.key) { options.key = obj.xtlsoptions.key; }
} }
obj.socket = obj.tls.connect(obj.port, obj.host, options, obj.xxOnSocketConnected); obj.socket = obj.tls.connect(obj.port, obj.host, options, obj.xxOnSocketConnected);

View File

@ -248,7 +248,11 @@ module.exports.CreateAmtManager = function (parent) {
break; break;
case 'startTlsHostConfig': case 'startTlsHostConfig':
if (dev.acmTlsInfo == null) break; if (dev.acmTlsInfo == null) break;
console.log(jsondata); // TODO: Start TLS activation. if ((typeof jsondata.value != 'object') || (typeof jsondata.value.status != 'number') || (jsondata.value.status != 0)) {
removeAmtDevice(dev); // Failed to start TLS configuration
} else {
activateIntelAmtTlsAcmEx(dev, jsondata.value); // Start TLS activation.
}
break; break;
} }
} }
@ -1678,13 +1682,13 @@ module.exports.CreateAmtManager = function (parent) {
// We are not activated now, go to ACM directly. // We are not activated now, go to ACM directly.
// If this is Intel AMT 14 or better, we are going to attempt a host-based end-to-end TLS activation. // If this is Intel AMT 14 or better, we are going to attempt a host-based end-to-end TLS activation.
if (typeof dev.intelamt.ver == 'string') { var verSplit = dev.intelamt.ver.split('.'); if (verSplit.length >= 3) { dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } } if (typeof dev.intelamt.ver == 'string') { var verSplit = dev.intelamt.ver.split('.'); if (verSplit.length >= 3) { dev.aquired.majorver = parseInt(verSplit[0]); dev.aquired.minorver = parseInt(verSplit[1]); } }
if (dev.aquired.majorver >= 14) { //if (dev.aquired.majorver >= 14) {
// Perform host-based TLS ACM activation // Perform host-based TLS ACM activation
activateIntelAmtTlsAcm(dev, mesh.amt.password, acminfo); //activateIntelAmtTlsAcm(dev, mesh.amt.password, acminfo);
} else { //} else {
// Perform host-based ACM activation // Perform host-based ACM activation
activateIntelAmtAcm(dev, mesh.amt.password, acminfo); activateIntelAmtAcm(dev, mesh.amt.password, acminfo);
} //}
} }
} }
} }
@ -1803,6 +1807,27 @@ module.exports.CreateAmtManager = function (parent) {
dev.controlMsg({ action: 'startTlsHostConfig', hash: acmTlsInfo.hash, hostVpn: false, dnsSuffixList: null }); dev.controlMsg({ action: 'startTlsHostConfig', hash: acmTlsInfo.hash, hostVpn: false, dnsSuffixList: null });
} }
// Attempt Intel AMT TLS ACM activation after startConfiguration() is called on remote device
function activateIntelAmtTlsAcmEx(dev, startConfigData) {
console.log('activateIntelAmtTlsAcmEx');
// Setup the WSMAN stack, no TLS
var comm = CreateWsmanComm(dev.nodeid, 16993, 'admin', '', 1, { cert: dev.acmTlsInfo.certs, key: dev.acmTlsInfo.signkey }, dev.mpsConnection); // TLS with client certificate chain and key.
// TODO: Intel AMT leaf TLS cert need to SHA256 hash to "startConfigData.hash"
var wsstack = WsmanStackCreateService(comm);
dev.amtstack = AmtStackCreateService(wsstack);
dev.amtstack.dev = dev;
dev.amtstack.BatchEnum(null, ['*AMT_GeneralSettings', '*IPS_HostBasedSetupService'], activateIntelAmtTlsAcmEx1);
}
function activateIntelAmtTlsAcmEx1(stack, name, responses, status) {
console.log('activateIntelAmtTlsAcmEx1', status, responses);
const dev = stack.dev;
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
if (status != 200) { dev.consoleMsg("Failed to get Intel AMT state."); removeAmtDevice(dev); return; }
// TODO!!!
}
// Attempt Intel AMT ACM activation // Attempt Intel AMT ACM activation
function activateIntelAmtAcm(dev, password, acminfo) { function activateIntelAmtAcm(dev, password, acminfo) {
// Generate a random Intel AMT password if needed // Generate a random Intel AMT password if needed

View File

@ -51,7 +51,8 @@ module.exports.CertificateOperations = function (parent) {
var leafcert = obj.IssueWebServerCertificate(rootcert, false, fqdn, 'mc', 'Intel(R) Client Setup Certificate', { serverAuth: true, '2.16.840.1.113741.1.2.3': true }, false); var leafcert = obj.IssueWebServerCertificate(rootcert, false, fqdn, 'mc', 'Intel(R) Client Setup Certificate', { serverAuth: true, '2.16.840.1.113741.1.2.3': true }, false);
// Setup the certificate chain and key // Setup the certificate chain and key
certChain = [obj.pki.certificateToPem(leafcert.cert), obj.pki.certificateToPem(domain.amtacmactivation.certs[certIndex].rootcert)]; //certChain = [ obj.pki.certificateToPem(leafcert.cert), obj.pki.certificateToPem(domain.amtacmactivation.certs[certIndex].rootcert) ];
certChain = [ obj.pki.certificateToPem(domain.amtacmactivation.certs[certIndex].rootcert), obj.pki.certificateToPem(leafcert.cert) ];
signkey = obj.pki.privateKeyToPem(leafcert.key); signkey = obj.pki.privateKeyToPem(leafcert.key);
} else { } else {
// Make sure the cert chain is in PEM format // Make sure the cert chain is in PEM format
@ -61,7 +62,7 @@ module.exports.CertificateOperations = function (parent) {
} }
// Hash the leaf certificate and return the certificate chain and signing key // Hash the leaf certificate and return the certificate chain and signing key
return { action: 'acmactivate', certs: certChain, signkey: signkey, hash: obj.getCertHash(certChain[0]) }; return { action: 'acmactivate', certs: certChain, signkey: signkey, hash: obj.getCertHash(certChain[certChain.length - 1]) };
} }
// Sign a Intel AMT ACM activation request // Sign a Intel AMT ACM activation request