void KMessageClient::unlock ()
{
d->isLocked = false;
for (int i = 0; i < d->delayedMessages.count(); i++)
{
QTimer::singleShot(0, this, SLOT(processFirstMessage()));
}
}
TNC_Result ProcwatcherIMV::receiveMessage(TNC_BufferReference message,
TNC_UInt32 length,
TNC_MessageType messageType)
{
//把FileEntry存好
//
//
//this->entry = policyManager->getFileEntries();
//(this->entry).push_back(FileEntry("/bin/","12345678901234567890"));
//
//
LOG4CXX_DEBUG(logger, "receiveMessage round " << this->getRound());
if (firstMessage) {
LOG4CXX_DEBUG(logger, "Received first message, should be the x509 cert");
firstMessage = 0;
if (processFirstMessage(message, length) < 0) {
return TNC_RESULT_FATAL;
}
if (!checkClientKnown()) {
LOG4CXX_INFO(logger, "Client Certificate unknown. :-(");
tncs.provideRecommendation(TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS,
TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
}
else
{
nonceBuf = new unsigned char[50];
//验证完AIK证书后,发一个nonce过去,以防止重放攻击
LOG4CXX_TRACE(logger, "Generating nonce...");
if (RAND_bytes(nonceBuf,10) == 0) {
LOG4CXX_FATAL(logger, "RAND_bytes() failed!!!");
nothingWrong = false;
delete[] nonceBuf;
return -1;
}
else
{
for(int i=0;i<10;i++)
{
printf("%02hhx",nonceBuf[i]);
}
translate2chars((char *)nonceBuf,20);
//计算hash(n*(hash(file),用于等下收到客户端发过来的该内容时做匹配,类似attestation里的calculate函数
calculateHash(entry);
this->tncs.sendMessage(nonceBuf, 20, VENDOR_ID,MESSAGE_SUBTYPE);
delete[] nonceBuf;
}
}
}
else
{
char *temp_buf = (char *)malloc(MAX);
//memcpy(temp_buf,message,20);
strcpy(temp_buf,(char *)message);
// print received message dirty out. WARNING: don't ape this,
// message should end with non-null! Heed: Message can be evil!
LOG4CXX_INFO(logger, "Received 2nd Message: " << message);
/* only send one message to ProcwatcherIMC */
// /* validation finish, set recommendation & co */
// validationFinished = true;
//
// // for no access:
//// actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS;
// // for isolate:
//// actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE;
// // for access allow:
// actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
//
// // set evaluation (see TNC_IMV_EVALUATION_RESULT_...)
// evaluationResult = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
//验证签名!标准值来自于:已知进程hash+nonce
translate2chars(temp_buf,20);
std::stringstream ss;
ss.write((const char *)message, length);
std::vector<prop_type> properties = readAllProperties(ss);
LOG4CXX_INFO(logger, "good file-hash signature :-)" );
validationFinished = true;
actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ALLOW;
evaluationResult = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
free(temp_buf);
}
// return all ok
return TNC_RESULT_SUCCESS;
}
