TLS plugin for the TQt Cryptographic Architecture
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

qca.h 10KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468
  1. /*
  2. * qca.h - TQt Cryptographic Architecture
  3. * Copyright (C) 2003 Justin Karneges
  4. *
  5. * This library is free software; you can redistribute it and/or
  6. * modify it under the terms of the GNU Lesser General Public
  7. * License as published by the Free Software Foundation; either
  8. * version 2.1 of the License, or (at your option) any later version.
  9. *
  10. * This library is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. * Lesser General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Lesser General Public
  16. * License along with this library; if not, write to the Free Software
  17. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  18. *
  19. */
  20. #ifndef TQCA_H
  21. #define TQCA_H
  22. #include<tqstring.h>
  23. #include<tqcstring.h>
  24. #include<tqdatetime.h>
  25. #include<tqmap.h>
  26. #include<tqptrlist.h>
  27. #include<tqobject.h>
  28. #ifdef Q_OS_WIN32
  29. # ifndef TQCA_STATIC
  30. # ifdef TQCA_MAKEDLL
  31. # define TQCA_EXPORT __declspec(dllexport)
  32. # else
  33. # define TQCA_EXPORT __declspec(dllimport)
  34. # endif
  35. # endif
  36. #endif
  37. #ifndef TQCA_EXPORT
  38. #define TQCA_EXPORT
  39. #endif
  40. #ifdef Q_OS_WIN32
  41. # ifdef TQCA_PLUGIN_DLL
  42. # define TQCA_PLUGIN_EXPORT extern "C" __declspec(dllexport)
  43. # else
  44. # define TQCA_PLUGIN_EXPORT extern "C" __declspec(dllimport)
  45. # endif
  46. #endif
  47. #ifndef TQCA_PLUGIN_EXPORT
  48. #define TQCA_PLUGIN_EXPORT extern "C" __attribute__ ((visibility ("default")))
  49. #endif
  50. class TQHostAddress;
  51. class TQStringList;
  52. class TQCAProvider;
  53. class TQCA_HashContext;
  54. class TQCA_CipherContext;
  55. class TQCA_CertContext;
  56. namespace TQCA
  57. {
  58. enum {
  59. CAP_SHA1 = 0x0001,
  60. CAP_SHA256 = 0x0002,
  61. CAP_MD5 = 0x0004,
  62. CAP_BlowFish = 0x0008,
  63. CAP_TripleDES = 0x0010,
  64. CAP_AES128 = 0x0020,
  65. CAP_AES256 = 0x0040,
  66. CAP_RSA = 0x0080,
  67. CAP_X509 = 0x0100,
  68. CAP_TLS = 0x0200,
  69. CAP_SASL = 0x0400
  70. };
  71. enum {
  72. CBC = 0x0001,
  73. CFB = 0x0002
  74. };
  75. enum {
  76. Encrypt = 0x0001,
  77. Decrypt = 0x0002
  78. };
  79. TQCA_EXPORT void init();
  80. TQCA_EXPORT bool isSupported(int capabilities);
  81. TQCA_EXPORT void insertProvider(TQCAProvider *);
  82. TQCA_EXPORT void unloadAllPlugins();
  83. TQCA_EXPORT TQString arrayToHex(const TQByteArray &);
  84. TQCA_EXPORT TQByteArray hexToArray(const TQString &);
  85. class TQCA_EXPORT Hash
  86. {
  87. public:
  88. Hash(const Hash &);
  89. Hash & operator=(const Hash &);
  90. ~Hash();
  91. void clear();
  92. void update(const TQByteArray &a);
  93. TQByteArray final();
  94. protected:
  95. Hash(TQCA_HashContext *);
  96. private:
  97. class Private;
  98. Private *d;
  99. };
  100. template <class T>
  101. class TQCA_EXPORT HashStatic
  102. {
  103. public:
  104. HashStatic<T>() {}
  105. static TQByteArray hash(const TQByteArray &a)
  106. {
  107. T obj;
  108. obj.update(a);
  109. return obj.final();
  110. }
  111. static TQByteArray hash(const TQCString &cs)
  112. {
  113. TQByteArray a(cs.length());
  114. memcpy(a.data(), cs.data(), a.size());
  115. return hash(a);
  116. }
  117. static TQString hashToString(const TQByteArray &a)
  118. {
  119. return arrayToHex(hash(a));
  120. }
  121. static TQString hashToString(const TQCString &cs)
  122. {
  123. return arrayToHex(hash(cs));
  124. }
  125. };
  126. class TQCA_EXPORT Cipher
  127. {
  128. public:
  129. Cipher(const Cipher &);
  130. Cipher & operator=(const Cipher &);
  131. ~Cipher();
  132. TQByteArray dyn_generateKey(int size=-1) const;
  133. TQByteArray dyn_generateIV() const;
  134. void reset(int dir, int mode, const TQByteArray &key, const TQByteArray &iv, bool pad=true);
  135. bool update(const TQByteArray &a);
  136. TQByteArray final(bool *ok=0);
  137. protected:
  138. Cipher(TQCA_CipherContext *, int dir, int mode, const TQByteArray &key, const TQByteArray &iv, bool pad);
  139. private:
  140. class Private;
  141. Private *d;
  142. };
  143. template <class T>
  144. class TQCA_EXPORT CipherStatic
  145. {
  146. public:
  147. CipherStatic<T>() {}
  148. static TQByteArray generateKey(int size=-1)
  149. {
  150. T obj;
  151. return obj.dyn_generateKey(size);
  152. }
  153. static TQByteArray generateIV()
  154. {
  155. T obj;
  156. return obj.dyn_generateIV();
  157. }
  158. };
  159. class TQCA_EXPORT SHA1 : public Hash, public HashStatic<SHA1>
  160. {
  161. public:
  162. SHA1();
  163. };
  164. class TQCA_EXPORT SHA256 : public Hash, public HashStatic<SHA256>
  165. {
  166. public:
  167. SHA256();
  168. };
  169. class TQCA_EXPORT MD5 : public Hash, public HashStatic<MD5>
  170. {
  171. public:
  172. MD5();
  173. };
  174. class TQCA_EXPORT BlowFish : public Cipher, public CipherStatic<BlowFish>
  175. {
  176. public:
  177. BlowFish(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  178. };
  179. class TQCA_EXPORT TripleDES : public Cipher, public CipherStatic<TripleDES>
  180. {
  181. public:
  182. TripleDES(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  183. };
  184. class TQCA_EXPORT AES128 : public Cipher, public CipherStatic<AES128>
  185. {
  186. public:
  187. AES128(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  188. };
  189. class TQCA_EXPORT AES256 : public Cipher, public CipherStatic<AES256>
  190. {
  191. public:
  192. AES256(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  193. };
  194. class RSA;
  195. class TQCA_EXPORT RSAKey
  196. {
  197. public:
  198. RSAKey();
  199. RSAKey(const RSAKey &from);
  200. RSAKey & operator=(const RSAKey &from);
  201. ~RSAKey();
  202. bool isNull() const;
  203. bool havePublic() const;
  204. bool havePrivate() const;
  205. TQByteArray toDER(bool publicOnly=false) const;
  206. bool fromDER(const TQByteArray &a);
  207. TQString toPEM(bool publicOnly=false) const;
  208. bool fromPEM(const TQString &);
  209. // only call if you know what you are doing
  210. bool fromNative(void *);
  211. private:
  212. class Private;
  213. Private *d;
  214. friend class RSA;
  215. friend class TLS;
  216. bool encrypt(const TQByteArray &a, TQByteArray *out, bool oaep) const;
  217. bool decrypt(const TQByteArray &a, TQByteArray *out, bool oaep) const;
  218. bool generate(unsigned int bits);
  219. };
  220. class TQCA_EXPORT RSA
  221. {
  222. public:
  223. RSA();
  224. ~RSA();
  225. RSAKey key() const;
  226. void setKey(const RSAKey &);
  227. bool encrypt(const TQByteArray &a, TQByteArray *out, bool oaep=false) const;
  228. bool decrypt(const TQByteArray &a, TQByteArray *out, bool oaep=false) const;
  229. static RSAKey generateKey(unsigned int bits);
  230. private:
  231. RSAKey v_key;
  232. };
  233. typedef TQMap<TQString, TQString> CertProperties;
  234. class TQCA_EXPORT Cert
  235. {
  236. public:
  237. Cert();
  238. Cert(const Cert &);
  239. Cert & operator=(const Cert &);
  240. ~Cert();
  241. bool isNull() const;
  242. TQString commonName() const;
  243. TQString serialNumber() const;
  244. TQString subjectString() const;
  245. TQString issuerString() const;
  246. CertProperties subject() const;
  247. CertProperties issuer() const;
  248. TQDateTime notBefore() const;
  249. TQDateTime notAfter() const;
  250. TQByteArray toDER() const;
  251. bool fromDER(const TQByteArray &a);
  252. TQString toPEM() const;
  253. bool fromPEM(const TQString &);
  254. private:
  255. class Private;
  256. Private *d;
  257. friend class TLS;
  258. void fromContext(TQCA_CertContext *);
  259. };
  260. class TQCA_EXPORT TLS : public TQObject
  261. {
  262. Q_OBJECT
  263. public:
  264. enum Validity {
  265. NoCert,
  266. Valid,
  267. HostMismatch,
  268. Rejected,
  269. Untrusted,
  270. SignatureFailed,
  271. InvalidCA,
  272. InvalidPurpose,
  273. SelfSigned,
  274. Revoked,
  275. PathLengthExceeded,
  276. Expired,
  277. Unknown
  278. };
  279. enum Error { ErrHandshake, ErrCrypt };
  280. TLS(TQObject *parent=0);
  281. ~TLS();
  282. void setCertificate(const Cert &cert, const RSAKey &key);
  283. void setCertificateStore(const TQPtrList<Cert> &store); // note: store must persist
  284. void reset();
  285. bool startClient(const TQString &host="");
  286. bool startServer();
  287. void close();
  288. bool isHandshaken() const;
  289. // plain (application side)
  290. void write(const TQByteArray &a);
  291. TQByteArray read();
  292. // encoded (socket side)
  293. void writeIncoming(const TQByteArray &a);
  294. TQByteArray readOutgoing();
  295. TQByteArray readUnprocessed();
  296. // cert related
  297. const Cert & peerCertificate() const;
  298. int certificateValidityResult() const;
  299. signals:
  300. void handshaken();
  301. void readyRead();
  302. void readyReadOutgoing(int plainBytes);
  303. void closed();
  304. void error(int);
  305. private slots:
  306. void update();
  307. private:
  308. class Private;
  309. Private *d;
  310. };
  311. class TQCA_EXPORT SASL : public TQObject
  312. {
  313. Q_OBJECT
  314. public:
  315. enum Error { ErrAuth, ErrCrypt };
  316. enum ErrorCond {
  317. NoMech,
  318. BadProto,
  319. BadServ,
  320. BadAuth,
  321. NoAuthzid,
  322. TooWeak,
  323. NeedEncrypt,
  324. Expired,
  325. Disabled,
  326. NoUser,
  327. RemoteUnavail
  328. };
  329. SASL(TQObject *parent=0);
  330. ~SASL();
  331. static void setAppName(const TQString &name);
  332. void reset();
  333. int errorCondition() const;
  334. // options
  335. void setAllowPlain(bool);
  336. void setAllowAnonymous(bool);
  337. void setAllowActiveVulnerable(bool);
  338. void setAllowDictionaryVulnerable(bool);
  339. void setRequireForwardSecrecy(bool);
  340. void setRequirePassCredentials(bool);
  341. void setRequireMutualAuth(bool);
  342. void setMinimumSSF(int);
  343. void setMaximumSSF(int);
  344. void setExternalAuthID(const TQString &authid);
  345. void setExternalSSF(int);
  346. void setLocalAddr(const TQHostAddress &addr, TQ_UINT16 port);
  347. void setRemoteAddr(const TQHostAddress &addr, TQ_UINT16 port);
  348. // initialize
  349. bool startClient(const TQString &service, const TQString &host, const TQStringList &mechlist, bool allowClientSendFirst=true);
  350. bool startServer(const TQString &service, const TQString &host, const TQString &realm, TQStringList *mechlist);
  351. // authentication
  352. void putStep(const TQByteArray &stepData);
  353. void putServerFirstStep(const TQString &mech);
  354. void putServerFirstStep(const TQString &mech, const TQByteArray &clientInit);
  355. void setUsername(const TQString &user);
  356. void setAuthzid(const TQString &auth);
  357. void setPassword(const TQString &pass);
  358. void setRealm(const TQString &realm);
  359. void continueAfterParams();
  360. void continueAfterAuthCheck();
  361. // security layer
  362. int ssf() const;
  363. void write(const TQByteArray &a);
  364. TQByteArray read();
  365. void writeIncoming(const TQByteArray &a);
  366. TQByteArray readOutgoing();
  367. signals:
  368. // for authentication
  369. void clientFirstStep(const TQString &mech, const TQByteArray *clientInit);
  370. void nextStep(const TQByteArray &stepData);
  371. void needParams(bool user, bool authzid, bool pass, bool realm);
  372. void authCheck(const TQString &user, const TQString &authzid);
  373. void authenticated();
  374. // for security layer
  375. void readyRead();
  376. void readyReadOutgoing(int plainBytes);
  377. // error
  378. void error(int);
  379. private slots:
  380. void tryAgain();
  381. private:
  382. class Private;
  383. Private *d;
  384. void handleServerFirstStep(int r);
  385. };
  386. };
  387. #endif