| blob | 5b2ce172059882dde69958de00f65dd579e70430 |
1 /*
2 * Copyright (C) 2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <libtasn1.h>
26 #include <gnutls_global.h>
28 #include <gnutls_sig.h>
29 #include <gnutls_str.h>
30 #include <gnutls_datum.h>
31 #include <hash.h>
33 #include <common.h>
34 #include <base64.h>
35 #include <gnutls/abstract.h>
36 #include <system.h>
37 #include <locks.h>
40 gnutls_tdb_store_func store;
41 gnutls_tdb_store_commitment_func cstore;
42 gnutls_tdb_verify_func verify;
43 };
52 static
55 gnutls_digest_algorithm_t hash_algo,
57 static
62 #define MAX_FILENAME 512
67 store_pubkey,
68 store_commitment,
69 verify_pubkey
70 };
73 /**
74 * gnutls_verify_stored_pubkey:
75 * @db_name: A file specifying the stored keys (use NULL for the default)
76 * @tdb: A storage structure or NULL to use the default
77 * @host: The peer's name
78 * @service: non-NULL if this key is specific to a service (e.g. http)
79 * @cert_type: The type of the certificate
80 * @cert: The raw (der) data of the certificate
81 * @flags: should be 0.
82 *
83 * This function will try to verify the provided certificate using
84 * a list of stored public keys. The @service field if non-NULL should
85 * be a port number.
86 *
87 * The @retrieve variable if non-null specifies a custom backend for
88 * the retrieval of entries. If it is NULL then the
89 * default file backend will be used. In POSIX-like systems the
90 * file backend uses the $HOME/.gnutls/known_hosts file.
91 *
92 * Note that if the custom storage backend is provided the
93 * retrieval function should return %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
94 * if the host/service pair is found but key doesn't match,
95 * %GNUTLS_E_NO_CERTIFICATE_FOUND if no such host/service with
96 * the given key is found, and 0 if it was found. The storage
97 * function should return 0 on success.
98 *
99 * Returns: If no associated public key is found
100 * then %GNUTLS_E_NO_CERTIFICATE_FOUND will be returned. If a key
101 * is found but does not match %GNUTLS_E_CERTIFICATE_KEY_MISMATCH
102 * is returned. On success, %GNUTLS_E_SUCCESS (0) is returned,
103 * or a negative error value on other errors.
104 *
105 * Since: 3.0
106 **/
107 int
109 gnutls_tdb_t tdb,
112 gnutls_certificate_type_t cert_type,
114 {
123 {
128 }
135 else
139 {
142 }
148 cleanup:
151 }
158 {
164 gnutls_digest_algorithm_t hash_algo;
168 /* read host */
176 /* read service */
184 /* read expiration */
193 /* read hash algorithm */
202 /* read hash */
210 /* hash and hex encode */
229 /* key found and matches */
231 }
240 {
246 /* read version */
257 /* read host */
265 /* read service */
273 /* read expiration */
282 /* read key */
297 /* key found and matches */
299 }
301 /* Returns the base64 key if found
302 */
306 {
324 {
327 }
329 do
330 {
333 {
336 {
338 }
341 }
342 }
347 else
350 cleanup:
357 }
360 {
372 }
375 {
387 {
390 }
394 {
397 }
401 {
404 }
409 {
412 }
417 {
421 }
425 {
429 }
434 cleanup:
439 }
442 {
443 #ifdef ENABLE_OPENPGP
455 {
458 }
462 {
465 }
469 {
472 }
477 {
480 }
485 {
489 }
493 {
497 }
502 cleanup:
507 #else
509 #endif
510 }
512 static
516 {
527 {
530 }
534 {
537 }
547 cleanup:
555 }
557 static
560 gnutls_digest_algorithm_t hash_algo,
562 {
579 }
581 /**
582 * gnutls_store_pubkey:
583 * @db_name: A file specifying the stored keys (use NULL for the default)
584 * @tdb: A storage structure or NULL to use the default
585 * @host: The peer's name
586 * @service: non-NULL if this key is specific to a service (e.g. http)
587 * @cert_type: The type of the certificate
588 * @cert: The data of the certificate
589 * @expiration: The expiration time (use 0 to disable expiration)
590 * @flags: should be 0.
591 *
592 * This function will store the provided certificate to
593 * the list of stored public keys. The key will be considered valid until
594 * the provided expiration time.
595 *
596 * The @store variable if non-null specifies a custom backend for
597 * the storage of entries. If it is NULL then the
598 * default file backend will be used.
599 *
600 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
601 * negative error value.
602 *
603 * Since: 3.0
604 **/
605 int
607 gnutls_tdb_t tdb,
610 gnutls_certificate_type_t cert_type,
614 {
624 {
636 }
643 else
646 {
649 }
657 cleanup:
662 }
664 /**
665 * gnutls_store_commitment:
666 * @db_name: A file specifying the stored keys (use NULL for the default)
667 * @tdb: A storage structure or NULL to use the default
668 * @host: The peer's name
669 * @service: non-NULL if this key is specific to a service (e.g. http)
670 * @hash_algo: The hash algorithm type
671 * @hash: The raw hash
672 * @expiration: The expiration time (use 0 to disable expiration)
673 * @flags: should be 0.
674 *
675 * This function will store the provided hash commitment to
676 * the list of stored public keys. The key with the given
677 * hash will be considered valid until the provided expiration time.
678 *
679 * The @store variable if non-null specifies a custom backend for
680 * the storage of entries. If it is NULL then the
681 * default file backend will be used.
682 *
683 * Note that this function is not thread safe with the default backend.
684 *
685 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
686 * negative error value.
687 *
688 * Since: 3.0
689 **/
690 int
692 gnutls_tdb_t tdb,
695 gnutls_digest_algorithm_t hash_algo,
699 {
711 {
723 }
737 }
742 {
752 else
756 }
758 /**
759 * gnutls_tdb_init:
760 * @tdb: The structure to be initialized
761 *
762 * This function will initialize a public key trust storage structure.
763 *
764 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
765 * negative error value.
766 **/
768 {
775 }
777 /**
778 * gnutls_set_store_func:
779 * @tdb: The trust storage
780 * @store: The storage function
781 *
782 * This function will associate a storage function with the
783 * trust storage structure. The function is of the following form.
784 *
785 * gnutls_tdb_store_func(const char* db_name, const char* host,
786 * const char* service, time_t expiration,
787 * const gnutls_datum_t* pubkey);
788 *
789 **/
791 {
793 }
795 /**
796 * gnutls_set_store_commitment_func:
797 * @tdb: The trust storage
798 * @cstore: The commitment storage function
799 *
800 * This function will associate a commitment (hash) storage function with the
801 * trust storage structure. The function is of the following form.
802 *
803 * gnutls_tdb_store_commitment_func(const char* db_name, const char* host,
804 * const char* service, time_t expiration,
805 * gnutls_digest_algorithm_t, const gnutls_datum_t* hash);
806 *
807 **/
809 gnutls_tdb_store_commitment_func cstore)
810 {
812 }
814 /**
815 * gnutls_set_verify_func:
816 * @tdb: The trust storage
817 * @verify: The verification function
818 *
819 * This function will associate a retrieval function with the
820 * trust storage structure. The function is of the following form.
821 *
822 * gnutls_tdb_verify_func(const char* db_name, const char* host,
823 * const char* service, const gnutls_datum_t* pubkey);
824 *
825 **/
827 {
829 }
831 /**
832 * gnutls_tdb_deinit:
833 * @tdb: The structure to be deinitialized
834 *
835 * This function will deinitialize a public key trust storage structure.
836 **/
838 {
840 }