| blob | 7304cb76c8b083129badab910b8dca91b12e7a2f |
1 /*
2 * Copyright (C) 2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <libtasn1.h>
26 #include <gnutls_global.h>
28 #include <gnutls_sig.h>
29 #include <gnutls_str.h>
30 #include <gnutls_datum.h>
31 #include <hash.h>
33 #include <common.h>
34 #include <base64.h>
35 #include <gnutls/abstract.h>
36 #include <system.h>
37 #include <locks.h>
40 gnutls_tdb_store_func store;
41 gnutls_tdb_store_commitment_func cstore;
42 gnutls_tdb_verify_func verify;
43 };
52 static
55 gnutls_digest_algorithm_t hash_algo,
57 static
62 #define MAX_FILENAME 512
67 store_pubkey,
68 store_commitment,
69 verify_pubkey
70 };
73 /**
74 * gnutls_verify_stored_pubkey:
75 * @db_name: A file specifying the stored keys (use NULL for the default)
76 * @tdb: A storage structure or NULL to use the default
77 * @host: The peer's name
78 * @service: non-NULL if this key is specific to a service (e.g. http)
79 * @cert_type: The type of the certificate
80 * @cert: The raw (der) data of the certificate
81 * @flags: should be 0.
82 *
83 * This function will try to verify the provided certificate using
84 * a list of stored public keys. The @service field if non-NULL should
85 * be a port number.
86 *
87 * The @retrieve variable if non-null specifies a custom backend for
88 * the retrieval of entries. If it is NULL then the
89 * default file backend will be used. In POSIX-like systems the
90 * file backend uses the $HOME/.gnutls/known_hosts file.
91 *
92 * Note that if the custom storage backend is provided the
93 * retrieval function should return %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
94 * if the host/service pair is found but key doesn't match,
95 * %GNUTLS_E_NO_CERTIFICATE_FOUND if no such host/service with
96 * the given key is found, and 0 if it was found. The storage
97 * function should return 0 on success.
98 *
99 * Returns: If no associated public key is found
100 * then %GNUTLS_E_NO_CERTIFICATE_FOUND will be returned. If a key
101 * is found but does not match %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
102 * is returned. On success, %GNUTLS_E_SUCCESS (0) is returned,
103 * or a negative error value on other errors.
104 *
105 * Since: 3.0
106 **/
107 int
109 gnutls_tdb_t tdb,
112 gnutls_certificate_type_t cert_type,
114 {
123 {
128 }
135 else
139 {
142 }
148 cleanup:
151 }
158 {
164 gnutls_digest_algorithm_t hash_algo;
168 /* read host */
176 /* read service */
184 /* read expiration */
193 /* read hash algorithm */
202 /* read hash */
210 /* hash and hex encode */
229 /* key found and matches */
231 }
240 {
246 /* read version */
257 /* read host */
265 /* read service */
273 /* read expiration */
282 /* read key */
297 /* key found and matches */
299 }
301 /* Returns the base64 key if found
302 */
306 {
324 {
327 }
329 do
330 {
333 {
336 {
338 }
341 }
342 }
347 else
350 cleanup:
357 }
360 {
372 }
375 {
387 {
390 }
394 {
397 }
401 {
404 }
409 {
412 }
417 {
421 }
425 {
429 }
434 cleanup:
439 }
442 {
454 {
457 }
461 {
464 }
468 {
471 }
476 {
479 }
484 {
488 }
492 {
496 }
501 cleanup:
506 }
508 static
512 {
523 {
526 }
530 {
533 }
543 cleanup:
551 }
553 static
556 gnutls_digest_algorithm_t hash_algo,
558 {
575 }
577 /**
578 * gnutls_store_pubkey:
579 * @db_name: A file specifying the stored keys (use NULL for the default)
580 * @tdb: A storage structure or NULL to use the default
581 * @host: The peer's name
582 * @service: non-NULL if this key is specific to a service (e.g. http)
583 * @cert_type: The type of the certificate
584 * @cert: The data of the certificate
585 * @expiration: The expiration time (use 0 to disable expiration)
586 * @flags: should be 0.
587 *
588 * This function will store the provided certificate to
589 * the list of stored public keys. The key will be considered valid until
590 * the provided expiration time.
591 *
592 * The @store variable if non-null specifies a custom backend for
593 * the storage of entries. If it is NULL then the
594 * default file backend will be used.
595 *
596 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
597 * negative error value.
598 *
599 * Since: 3.0
600 **/
601 int
603 gnutls_tdb_t tdb,
606 gnutls_certificate_type_t cert_type,
610 {
620 {
632 }
639 else
642 {
645 }
653 cleanup:
658 }
660 /**
661 * gnutls_store_commitment:
662 * @db_name: A file specifying the stored keys (use NULL for the default)
663 * @tdb: A storage structure or NULL to use the default
664 * @host: The peer's name
665 * @service: non-NULL if this key is specific to a service (e.g. http)
666 * @hash_algo: The hash algorithm type
667 * @hash: The raw hash
668 * @expiration: The expiration time (use 0 to disable expiration)
669 * @flags: should be 0.
670 *
671 * This function will store the provided hash commitment to
672 * the list of stored public keys. The key with the given
673 * hash will be considered valid until the provided expiration time.
674 *
675 * The @store variable if non-null specifies a custom backend for
676 * the storage of entries. If it is NULL then the
677 * default file backend will be used.
678 *
679 * Note that this function is not thread safe with the default backend.
680 *
681 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
682 * negative error value.
683 *
684 * Since: 3.0
685 **/
686 int
688 gnutls_tdb_t tdb,
691 gnutls_digest_algorithm_t hash_algo,
695 {
707 {
719 }
733 }
738 {
748 else
752 }
754 /**
755 * gnutls_tdb_init:
756 * @tdb: The structure to be initialized
757 *
758 * This function will initialize a public key trust storage structure.
759 *
760 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
761 * negative error value.
762 **/
764 {
771 }
773 /**
774 * gnutls_set_store_func:
775 * @tdb: The trust storage
776 * @store: The storage function
777 *
778 * This function will associate a storage function with the
779 * trust storage structure. The function is of the following form.
780 *
781 * gnutls_tdb_store_func(const char* db_name, const char* host,
782 * const char* service, time_t expiration,
783 * const gnutls_datum_t* pubkey);
784 *
785 **/
787 {
789 }
791 /**
792 * gnutls_set_store_commitment_func:
793 * @tdb: The trust storage
794 * @cstore: The commitment storage function
795 *
796 * This function will associate a commitment (hash) storage function with the
797 * trust storage structure. The function is of the following form.
798 *
799 * gnutls_tdb_store_commitment_func(const char* db_name, const char* host,
800 * const char* service, time_t expiration,
801 * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
802 *
803 **/
805 gnutls_tdb_store_commitment_func cstore)
806 {
808 }
810 /**
811 * gnutls_set_verify_func:
812 * @tdb: The trust storage
813 * @verify: The verification function
814 *
815 * This function will associate a retrieval function with the
816 * trust storage structure. The function is of the following form.
817 *
818 * gnutls_tdb_verify_func(const char* db_name, const char* host,
819 * const char* service, const gnutls_datum_t* pubkey);
820 *
821 **/
823 {
825 }
827 /**
828 * gnutls_tdb_deinit:
829 * @tdb: The structure to be deinitialized
830 *
831 * This function will deinitialize a public key trust storage structure.
832 **/
834 {
836 }