void KMessageClient::unlock () { d->isLocked = false; for (int i = 0; i < d->delayedMessages.count(); i++) { QTimer::singleShot(0, this, SLOT(processFirstMessage())); } }
TNC_Result ProcwatcherIMV::receiveMessage(TNC_BufferReference message, TNC_UInt32 length, TNC_MessageType messageType) { //把FileEntry存好 // // //this->entry = policyManager->getFileEntries(); //(this->entry).push_back(FileEntry("/bin/","12345678901234567890")); // // LOG4CXX_DEBUG(logger, "receiveMessage round " << this->getRound()); if (firstMessage) { LOG4CXX_DEBUG(logger, "Received first message, should be the x509 cert"); firstMessage = 0; if (processFirstMessage(message, length) < 0) { return TNC_RESULT_FATAL; } if (!checkClientKnown()) { LOG4CXX_INFO(logger, "Client Certificate unknown. :-("); tncs.provideRecommendation(TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS, TNC_IMV_EVALUATION_RESULT_DONT_KNOW); } else { nonceBuf = new unsigned char[50]; //验证完AIK证书后,发一个nonce过去,以防止重放攻击 LOG4CXX_TRACE(logger, "Generating nonce..."); if (RAND_bytes(nonceBuf,10) == 0) { LOG4CXX_FATAL(logger, "RAND_bytes() failed!!!"); nothingWrong = false; delete[] nonceBuf; return -1; } else { for(int i=0;i<10;i++) { printf("%02hhx",nonceBuf[i]); } translate2chars((char *)nonceBuf,20); //计算hash(n*(hash(file),用于等下收到客户端发过来的该内容时做匹配,类似attestation里的calculate函数 calculateHash(entry); this->tncs.sendMessage(nonceBuf, 20, VENDOR_ID,MESSAGE_SUBTYPE); delete[] nonceBuf; } } } else { char *temp_buf = (char *)malloc(MAX); //memcpy(temp_buf,message,20); strcpy(temp_buf,(char *)message); // print received message dirty out. WARNING: don't ape this, // message should end with non-null! Heed: Message can be evil! LOG4CXX_INFO(logger, "Received 2nd Message: " << message); /* only send one message to ProcwatcherIMC */ // /* validation finish, set recommendation & co */ // validationFinished = true; // // // for no access: //// actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_NO_ACCESS; // // for isolate: //// actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ISOLATE; // // for access allow: // actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ALLOW; // // // set evaluation (see TNC_IMV_EVALUATION_RESULT_...) // evaluationResult = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; //验证签名!标准值来自于:已知进程hash+nonce translate2chars(temp_buf,20); std::stringstream ss; ss.write((const char *)message, length); std::vector<prop_type> properties = readAllProperties(ss); LOG4CXX_INFO(logger, "good file-hash signature :-)" ); validationFinished = true; actionRecommendation = TNC_IMV_ACTION_RECOMMENDATION_ALLOW; evaluationResult = TNC_IMV_EVALUATION_RESULT_DONT_KNOW; free(temp_buf); } // return all ok return TNC_RESULT_SUCCESS; }