forked from openconnect/openconnect-gui
-
Notifications
You must be signed in to change notification settings - Fork 0
/
gtdb.cpp
90 lines (76 loc) · 2.33 KB
/
gtdb.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*
* Copyright (C) 2014 Red Hat
*
* This file is part of openconnect-gui.
*
* openconnect-gui is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "gtdb.h"
#include <gnutls/crypto.h>
#define HASH GNUTLS_DIG_SHA1
#define HASH_LEN 20
#define MAX_HASH_LEN 64
static int
store_cb(const char *db_name, const char *host, const char *service,
time_t expiration, const gnutls_datum_t * pubkey)
{
const gtdb *tdb = reinterpret_cast < const gtdb * >(db_name);
char output[MAX_HASH_LEN];
QByteArray ahash;
int ret;
ret = gnutls_hash_fast(HASH, pubkey->data, pubkey->size, output);
if (ret < 0) {
return -1;
}
ahash.append(output, HASH_LEN);
tdb->ss->set_server_hash(HASH, ahash);
return 0;
}
static int
verify_cb(const char *db_name, const char *host, const char *service,
const gnutls_datum_t * pubkey)
{
const gtdb *tdb = reinterpret_cast < const gtdb * >(db_name);
QByteArray ahash;
unsigned algo;
int len;
int ret;
char output[MAX_HASH_LEN];
algo = tdb->ss->get_server_hash(ahash);
len = gnutls_hash_get_len((gnutls_digest_algorithm_t) algo);
if (algo == 0 || len > (int)sizeof(output))
return -1;
if (ahash.size() != len)
return -1;
ret =
gnutls_hash_fast((gnutls_digest_algorithm_t) algo, pubkey->data,
pubkey->size, output);
if (ret < 0) {
return -1;
}
if (memcmp(ahash.constData(), output, len) == 0)
return 0;
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
}
gtdb::gtdb(StoredServer * ss)
{
this->ss = ss;
gnutls_tdb_init(&this->tdb);
gnutls_tdb_set_verify_func(tdb, verify_cb);
gnutls_tdb_set_store_func(tdb, store_cb);
}
gtdb::~gtdb()
{
gnutls_tdb_deinit(this->tdb);
}