MeshCentral/MeshAgent
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshAgent synced 2025-12-06 00:13:33 +00:00
Code Issues Releases Wiki Activity

1. Added NULL check on util_to_cer

Browse Source 
2. Added digest() to tls.GenerateCertificate()
3. Added first rev of Simulated Server, for Agent Self Update Test
This commit is contained in:
Bryan Roe
2022-06-06 23:50:09 -07:00
parent d8e6e7f3ab
commit dec0fcb5c0
3 changed files with 155 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
microscript/ILibDuktape_net.c
View File

@@ -2681,6 +2681,8 @@ duk_ret_t ILibDuktape_TLS_generateCertificate(duk_context *ctx)
char *data;
int noUsages = 0;
int certType = CERTIFICATE_TLS_CLIENT;
char certHash[UTIL_SHA384_HASHSIZE];
char fingerprint[150];
if (!duk_is_null_or_undefined(ctx, 1) && duk_is_object(ctx, 1))
{
@@ -2695,9 +2697,16 @@ duk_ret_t ILibDuktape_TLS_generateCertificate(duk_context *ctx)
memcpy_s((void*)Duktape_GetBuffer(ctx, -1, NULL), len, data, len);
duk_push_buffer_object(ctx, -1, 0, len, DUK_BUFOBJ_NODEJS_BUFFER);
ILibDuktape_WriteID(ctx, "tls.pfxCertificate");
util_certhash2(cert.x509, certHash);
util_tohex2(certHash, UTIL_SHA384_HASHSIZE, fingerprint);
duk_push_string(ctx, fingerprint); // [cert][digest]
duk_put_prop_string(ctx, -2, "digest"); // [cert]
util_free(data);
util_freecert(&cert);
passphrase = NULL;
return 1;
}
duk_ret_t ILibDuktape_TLS_loadpkcs7b(duk_context *ctx)

2
microstack/ILibCrypto.c
View File

@@ -549,7 +549,7 @@ void __fastcall util_freecert(struct util_cert* cert)
int __fastcall util_to_cer(struct util_cert cert, char** data)
{
*data = NULL;
if (data != NULL) { *data = NULL; }
return i2d_X509(cert.x509, (unsigned char**)data);
}

145
test/update-test.js Normal file
View File

@@ -0,0 +1,145 @@
/*
Copyright 2022 Intel Corporation
@author Bryan Roe
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
process.stdout.write('Generating Certificate...');
var cert = require('tls').generateCertificate('test', { certType: 2, noUsages: 1 });
var server = require('https').createServer({ pfx: cert, passphrase: 'test' });
server.listen({ port: 9250 });
process.stdout.write('\rGenerating Certificate... [DONE]\n');
var loadedCert = require('tls').loadCertificate({ pfx: cert, passphrase: 'test' });
var der = loadedCert.toDER();
var tmp = require('tls').loadCertificate({ der: der });
console.log('DER: ' + tmp.getKeyHash().toString('hex'));
console.log('DER/LEN: ' + der.length);
console.log('Certificate Digest = ' + cert.digest.split(':').join(''));
console.log('Certificate Fingerprint = ' + loadedCert.getKeyHash().toString('hex'));
global._test = [];
server.on('connection', function (c)
{
global._test.push(c);
console.log('inbound connection');
});
server.on('request', function (imsg, response)
{
console.log(imsg);
});
server.on('upgrade', function (msg, sck, head)
{
console.log('upgrade');
global._client = sck.upgradeWebSocket();
global._client.on('data', function (buffer)
{
this.processCommand(buffer);
});
global._client.processCommand = function processCommand(buffer)
{
var cmd = buffer.readUInt16BE(0);
switch(cmd)
{
case 30: // Agent Commit Date
console.log("Connected Agent's Commit Date: " + buffer.slice(2).toString());
break;
case 31:
console.log("Connected Agent Info: " + buffer.slice(2).toString());
break;
case 5:
console.log("Connected Agent's ServerID: " + buffer.slice(2).toString('hex'));
break;
case 1:
//typedef struct MeshCommand_BinaryPacket_AuthRequest
//{
// unsigned short command;
// char serverHash[UTIL_SHA384_HASHSIZE];
// char serverNonce[UTIL_SHA384_HASHSIZE];
//}MeshCommand_BinaryPacket_AuthRequest;
var serverHash = buffer.slice(2, 50).toString('hex');
this.agentNonce = Buffer.alloc(48);
buffer.slice(50, 98).copy(this.agentNonce);
console.log('Agent Sent Nonce: ' + this.agentNonce);
console.log('Agent Sent ServerID: ' + serverHash);
this.serverNonce = Buffer.alloc(48);
this.serverNonce.randomFill();
var authBuffer = Buffer.alloc(98);
authBuffer.writeUInt16BE(1); // AuthRequest
loadedCert.getKeyHash().copy(authBuffer, 2); // ServerHash
this.serverNonce.copy(authBuffer, 50); // ServerNonce
this.write(authBuffer);
break;
case 2:
console.log('AUTH-VERIFY');
var hash = require('SHA384Stream').create();
hash.on('hash', function (h)
{
this._hashedValue = Buffer.alloc(h.length);
h.copy(this._hashedValue);
});
var y = Buffer.from(cert.digest.split(':').join(''), 'hex');
hash.write(y); // ServerHash
hash.write(this.agentNonce);
hash.write(this.serverNonce);
hash.end();
console.log('SERVER/SIGN => ' + y.toString('hex'), y.length);
console.log('SERVER/SIGN/AgentNonce => ' + this.agentNonce.toString('hex'), this.agentNonce.length);
console.log('SERVER/SIGN/ServerNonce => ' + this.serverNonce.toString('hex'), this.serverNonce.length);
console.log('SERVER/SIGN/RESULT => ' + hash._hashedValue.toString('hex'));
var RSA = require('RSA');
var signature = RSA.sign(RSA.TYPES.SHA384, loadedCert, hash._hashedValue);
var verifyBuffer = Buffer.alloc(4 + der.length + signature.length);
verifyBuffer.writeUInt16BE(2); // AUTH-VERIFY
verifyBuffer.writeUInt16BE(der.length, 2); // CERT-LEN
der.copy(verifyBuffer, 4); // CERT
signature.copy(verifyBuffer, 4 + der.length);
var v = RSA.verify(RSA.TYPES.SHA384, loadedCert, hash._hashedValue, signature);
console.log('VERIFIED: ' + v);
var zmp = require('tls').loadCertificate({ der: verifyBuffer.slice(4, verifyBuffer.readUInt16BE(2) + 4) });
console.log('SENDING: ' + verifyBuffer.slice(4, verifyBuffer.readUInt16BE(2) + 4).toString('hex'));
this.write(verifyBuffer);
break;
default:
console.log('Command: ' + cmd);
break;
}
};
});