Added ECDSA support in server and Windows and Linux agents.

MeshCentralServer.njsproj

@@ -171,6 +171,7 @@
     <Content Include="public\images\mapmarker.png" />
     <Content Include="public\images\meshicon50.png" />
     <Content Include="public\images\trash.png" />
+    <Content Include="public\messenger.htm" />
     <Content Include="public\scriptblocks.txt" />
     <Content Include="public\sounds\chimes.mp3" />
     <Content Include="public\styles\font-awesome\css\font-awesome.min.css" />

meshagent.js

@@ -198,7 +198,7 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                 obj.receivedCommands += 1; // Agent can't send the same command twice on the same connection ever. Block DOS attack path.
 
                 // Check that the server hash matches our own web certificate hash (SHA384)
-                if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent connected with bad web certificate hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; }
+                if ((getWebCertHash(obj.domain) != msg.substring(2, 50)) && (getWebCertFullHash(obj.domain) != msg.substring(2, 50))) { console.log('Agent bad web cert hash (Agent:' + (new Buffer(msg.substring(2, 50), 'binary').toString('hex').substring(0, 10)) + ' != Server:' + (new Buffer(getWebCertHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + ' or ' + (new Buffer(getWebCertFullHash(obj.domain), 'binary').toString('hex').substring(0, 10)) + '), holding connection (' + obj.remoteaddrport + ').'); return; }
 
                 // Use our server private key to sign the ServerHash + AgentNonce + ServerNonce
                 obj.agentnonce = msg.substring(50, 98);

meshcentral.js

@@ -419,7 +419,7 @@ function CreateMeshCentralServer(config, args) {
                 obj.certificateOperations.loadCertificate(obj.config.domains[i].certurl, obj.config.domains[i], function (url, cert, xdomain) {
                     if (cert != null) {
                         // Hash the entire cert
-                        var hash = obj.crypto.createHash('sha384').update(cert).digest('hex');
+                        var hash = obj.crypto.createHash('sha384').update(Buffer.from(cert, 'binary')).digest('hex');
                         if (xdomain.certhash != hash) {
                             xdomain.certkeyhash = hash;
                             xdomain.certhash = hash;
@@ -429,7 +429,7 @@ function CreateMeshCentralServer(config, args) {
                             // Decode a RSA certificate and hash the public key, if this is not RSA, skip this.
                             var forgeCert = obj.certificateOperations.forge.pki.certificateFromAsn1(obj.certificateOperations.forge.asn1.fromDer(cert));
                             xdomain.certkeyhash = obj.certificateOperations.forge.pki.getPublicKeyFingerprint(forgeCert.publicKey, { md: obj.certificateOperations.forge.md.sha384.create(), encoding: 'hex' });
-                            console.log('V1: ' + xdomain.certkeyhash);
+                            //console.log('V1: ' + xdomain.certkeyhash);
                         } catch (ex) { }
 
                         console.log('Loaded web certificate from ' + url);

package.json

@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.2.3-y",
+  "version": "0.2.4-a",
   "keywords": [
     "Remote Management",
     "Intel AMT",