Qt Cryptographic Architecture
qca_securelayer.h
Go to the documentation of this file.
1 /*
2  * qca_securelayer.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
32 #ifndef QCA_SECURELAYER_H
33 #define QCA_SECURELAYER_H
34 
35 #include "qca_cert.h"
36 #include "qca_core.h"
37 #include "qca_publickey.h"
38 #include <QObject>
39 
40 namespace QCA {
41 
60 {
67 };
68 
104 class QCA_EXPORT SecureLayer : public QObject
105 {
106  Q_OBJECT
107 public:
114  SecureLayer(QObject *parent = nullptr);
115 
119  virtual bool isClosable() const;
120 
125  virtual int bytesAvailable() const = 0;
126 
131  virtual int bytesOutgoingAvailable() const = 0;
132 
140  virtual void close();
141 
149  virtual void write(const QByteArray &a) = 0;
150 
157  virtual QByteArray read() = 0;
158 
168  virtual void writeIncoming(const QByteArray &a) = 0;
169 
179  virtual QByteArray readOutgoing(int *plainBytes = nullptr) = 0;
180 
188  virtual QByteArray readUnprocessed();
189 
195  virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
196 
197 Q_SIGNALS:
204  void readyRead();
205 
212  void readyReadOutgoing();
213 
218  void closed();
219 
224  void error();
225 
226 private:
227  Q_DISABLE_COPY(SecureLayer)
228 };
229 
238 class QCA_EXPORT TLSSession : public Algorithm
239 {
240 public:
241  TLSSession();
242 
248  TLSSession(const TLSSession &from);
249 
250  ~TLSSession() override;
251 
257  TLSSession &operator=(const TLSSession &from);
258 
262  bool isNull() const;
263 };
264 
289 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
290 {
291  Q_OBJECT
292 public:
296  enum Mode
297  {
299  Datagram
300  };
301 
305  enum Version
306  {
310  DTLS_v1
311  };
312 
316  enum Error
317  {
323  ErrorCrypt
324  };
325 
330  {
334  NoCertificate
335  };
336 
348  explicit TLS(QObject *parent = nullptr, const QString &provider = QString());
349 
361  explicit TLS(Mode mode, QObject *parent = nullptr, const QString &provider = QString());
362 
366  ~TLS() override;
367 
371  void reset();
372 
387  QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
388 
402  void setCertificate(const CertificateChain &cert, const PrivateKey &key);
403 
412  void setCertificate(const KeyBundle &kb);
413 
417  CertificateCollection trustedCertificates() const;
418 
430  void setTrustedCertificates(const CertificateCollection &trusted);
431 
437  void setConstraints(SecurityLevel s);
438 
447  void setConstraints(int minSSF, int maxSSF);
448 
459  void setConstraints(const QStringList &cipherSuiteList);
460 
483  QList<CertificateInfoOrdered> issuerList() const;
484 
491  void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
492 
498  void setSession(const TLSSession &session);
499 
505  bool canCompress() const;
506 
513  bool canSetHostName() const;
514 
522  bool compressionEnabled() const;
523 
530  void setCompressionEnabled(bool b);
531 
536  QString hostName() const;
537 
557  void startClient(const QString &host = QString());
558 
562  void startServer();
563 
573  void continueAfterStep();
574 
582  bool isHandshaken() const;
583 
589  bool isCompressed() const;
590 
594  Version version() const;
595 
602  QString cipherSuite() const;
603 
613  int cipherBits() const;
614 
621  int cipherMaxBits() const;
622 
627  TLSSession session() const;
628 
634  Error errorCode() const;
635 
653  IdentityResult peerIdentityResult() const;
654 
663  Validity peerCertificateValidity() const;
664 
669  CertificateChain localCertificateChain() const;
670 
675  PrivateKey localPrivateKey() const;
676 
681  CertificateChain peerCertificateChain() const;
682 
683  // reimplemented
684  bool isClosable() const override;
685  int bytesAvailable() const override;
686  int bytesOutgoingAvailable() const override;
687  void close() override;
688  void write(const QByteArray &a) override;
689  QByteArray read() override;
690  void writeIncoming(const QByteArray &a) override;
691  QByteArray readOutgoing(int *plainBytes = nullptr) override;
692  QByteArray readUnprocessed() override;
693  int convertBytesWritten(qint64 encryptedBytes) override;
694 
701  int packetsAvailable() const;
702 
709  int packetsOutgoingAvailable() const;
710 
716  int packetMTU() const;
717 
725  void setPacketMTU(int size) const;
726 
727 Q_SIGNALS:
739  void hostNameReceived();
740 
752  void certificateRequested();
753 
764  void peerCertificateAvailable();
765 
777  void handshaken();
778 
779 protected:
786  void connectNotify(const QMetaMethod &signal) override;
787 
794  void disconnectNotify(const QMetaMethod &signal) override;
795 
796 private:
797  Q_DISABLE_COPY(TLS)
798 
799  class Private;
800  friend class Private;
801  Private *d;
802 };
803 
831 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
832 {
833  Q_OBJECT
834 public:
838  enum Error
839  {
842  ErrorCrypt
843  };
844 
849  {
861  RemoteUnavailable
862  };
863 
868  {
869  AuthFlagsNone = 0x00,
870  AllowPlain = 0x01,
871  AllowAnonymous = 0x02,
872  RequireForwardSecrecy = 0x04,
873  RequirePassCredentials = 0x08,
874  RequireMutualAuth = 0x10,
875  RequireAuthzidSupport = 0x20 // server-only
876  };
877 
882  {
883  AllowClientSendFirst,
884  DisableClientSendFirst
885  };
886 
891  {
892  AllowServerSendLast,
893  DisableServerSendLast
894  };
895 
906  class QCA_EXPORT Params
907  {
908  public:
909  Params();
910 
922  Params(bool user, bool authzid, bool pass, bool realm);
923 
929  Params(const Params &from);
930  ~Params();
931 
937  Params &operator=(const Params &from);
938 
942  bool needUsername() const;
943 
947  bool canSendAuthzid() const;
948 
952  bool needPassword() const;
953 
957  bool canSendRealm() const;
958 
959  private:
960  class Private;
961  Private *d;
962  };
963 
972  explicit SASL(QObject *parent = nullptr, const QString &provider = QString());
973 
974  ~SASL() override;
975 
979  void reset();
980 
993  void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
994 
1010  void setConstraints(AuthFlags f, int minSSF, int maxSSF);
1011 
1018  void setLocalAddress(const QString &addr, quint16 port);
1019 
1026  void setRemoteAddress(const QString &addr, quint16 port);
1027 
1033  void setExternalAuthId(const QString &authid);
1034 
1041  void setExternalSSF(int strength);
1042 
1054  void startClient(const QString & service,
1055  const QString & host,
1056  const QStringList &mechlist,
1057  ClientSendMode mode = AllowClientSendFirst);
1058 
1070  void startServer(const QString &service,
1071  const QString &host,
1072  const QString &realm,
1073  ServerSendMode mode = DisableServerSendLast);
1074 
1084  void putServerFirstStep(const QString &mech);
1085 
1096  void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
1097 
1107  void putStep(const QByteArray &stepData);
1108 
1112  QString mechanism() const;
1113 
1117  QStringList mechanismList() const;
1118 
1122  QStringList realmList() const;
1123 
1127  int ssf() const;
1128 
1132  Error errorCode() const;
1133 
1137  AuthCondition authCondition() const;
1138 
1144  void setUsername(const QString &user);
1145 
1151  void setAuthzid(const QString &auth);
1152 
1158  void setPassword(const SecureArray &pass);
1159 
1165  void setRealm(const QString &realm);
1166 
1170  void continueAfterParams();
1171 
1175  void continueAfterAuthCheck();
1176 
1177  // reimplemented
1178  int bytesAvailable() const override;
1179  int bytesOutgoingAvailable() const override;
1180  void write(const QByteArray &a) override;
1181  QByteArray read() override;
1182  void writeIncoming(const QByteArray &a) override;
1183  QByteArray readOutgoing(int *plainBytes = nullptr) override;
1184  int convertBytesWritten(qint64 encryptedBytes) override;
1185 
1186 Q_SIGNALS:
1199  void clientStarted(bool clientInit, const QByteArray &clientInitData);
1200 
1205  void serverStarted();
1206 
1214  void nextStep(const QByteArray &stepData);
1215 
1226  void needParams(const QCA::SASL::Params &params);
1227 
1237  void authCheck(const QString &user, const QString &authzid);
1238 
1242  void authenticated();
1243 
1244 private:
1245  Q_DISABLE_COPY(SASL)
1246 
1247  class Private;
1248  friend class Private;
1249  Private *d;
1250 };
1251 
1252 }
1253 
1254 #endif
ServerSendMode
Mode options for server side sending.
Definition: qca_securelayer.h:890
Error
Type of error.
Definition: qca_securelayer.h:316
General superclass for an algorithm.
Definition: qca_core.h:1163
Version
Version of TLS or SSL.
Definition: qca_securelayer.h:305
problem starting up TLS
Definition: qca_securelayer.h:321
Parameter flags for the SASL authentication.
Definition: qca_securelayer.h:906
Generic private key.
Definition: qca_publickey.h:832
SL_High or max possible, whichever is greater.
Definition: qca_securelayer.h:66
must at least get integrity protection
Definition: qca_securelayer.h:62
Certificate chain and private key pair.
Definition: qca_cert.h:2175
local certificate is expired
Definition: qca_securelayer.h:318
Header file for PGP key and X.509 certificate related classes.
Mode
Operating mode.
Definition: qca_securelayer.h:296
identity is verified
Definition: qca_securelayer.h:331
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:496
Simple Authentication and Security Layer protocol implementation.
Definition: qca_securelayer.h:831
must be 128 bit or more
Definition: qca_securelayer.h:64
Abstract interface to a security layer.
Definition: qca_securelayer.h:104
Header file for PublicKey and PrivateKey related classes.
Server failed mutual authentication (client side only)
Definition: qca_securelayer.h:853
invalid cert
Definition: qca_securelayer.h:333
Passphrase expired, has to be reset (server side only)
Definition: qca_securelayer.h:858
must be export level bits or more
Definition: qca_securelayer.h:63
User not found (server side only)
Definition: qca_securelayer.h:860
Transport Layer Security / Secure Socket Layer.
Definition: qca_securelayer.h:289
Header file for core QCA infrastructure.
No compatible/appropriate authentication mechanism.
Definition: qca_securelayer.h:851
Bad protocol or cancelled.
Definition: qca_securelayer.h:852
Authentication failure (server side only)
Definition: qca_securelayer.h:854
valid cert provided, but wrong owner
Definition: qca_securelayer.h:332
Session token, used for TLS resuming.
Definition: qca_securelayer.h:238
indicates that no security is ok
Definition: qca_securelayer.h:61
Secure Socket Layer, version 3.
Definition: qca_securelayer.h:308
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:41
problem starting up SASL
Definition: qca_securelayer.h:840
Account is disabled (server side only)
Definition: qca_securelayer.h:859
certificate and private key don&#39;t match
Definition: qca_securelayer.h:320
must be more than 128 bit
Definition: qca_securelayer.h:65
AuthFlags
Authentication requirement flag values.
Definition: qca_securelayer.h:867
SecurityLevel
Specify the lower-bound for acceptable TLS/SASL security layers.
Definition: qca_securelayer.h:59
IdentityResult
Type of identity.
Definition: qca_securelayer.h:329
Secure array of bytes.
Definition: qca_tools.h:316
AuthCondition
Possible authentication error states.
Definition: qca_securelayer.h:848
ClientSendMode
Mode options for client side sending.
Definition: qca_securelayer.h:881
problem during the authentication process
Definition: qca_securelayer.h:841
Generic authentication failure.
Definition: qca_securelayer.h:850
A chain of related Certificates.
Definition: qca_cert.h:1225
Mechanism too weak for this user (server side only)
Definition: qca_securelayer.h:856
Error
Possible errors that may occur when using SASL.
Definition: qca_securelayer.h:838
local certificate is invalid in some way
Definition: qca_securelayer.h:319
problem during the negotiation
Definition: qca_securelayer.h:322
Authorization failure (server side only)
Definition: qca_securelayer.h:855
Encryption is needed in order to use mechanism (server side only)
Definition: qca_securelayer.h:857
Transport Layer Security, version 1.
Definition: qca_securelayer.h:307
Secure Socket Layer, version 2.
Definition: qca_securelayer.h:309
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1928
stream mode
Definition: qca_securelayer.h:298