TLS plugin for the TQt Cryptographic Architecture
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

469 lignes
10KB

  1. /*
  2. * qca.h - TQt Cryptographic Architecture
  3. * Copyright (C) 2003 Justin Karneges
  4. *
  5. * This library is free software; you can redistribute it and/or
  6. * modify it under the terms of the GNU Lesser General Public
  7. * License as published by the Free Software Foundation; either
  8. * version 2.1 of the License, or (at your option) any later version.
  9. *
  10. * This library is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  13. * Lesser General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU Lesser General Public
  16. * License along with this library; if not, write to the Free Software
  17. * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  18. *
  19. */
  20. #ifndef TQCA_H
  21. #define TQCA_H
  22. #include<tqstring.h>
  23. #include<tqcstring.h>
  24. #include<tqdatetime.h>
  25. #include<tqmap.h>
  26. #include<tqptrlist.h>
  27. #include<tqobject.h>
  28. #ifdef Q_OS_WIN32
  29. # ifndef TQCA_STATIC
  30. # ifdef TQCA_MAKEDLL
  31. # define TQCA_EXPORT __declspec(dllexport)
  32. # else
  33. # define TQCA_EXPORT __declspec(dllimport)
  34. # endif
  35. # endif
  36. #endif
  37. #ifndef TQCA_EXPORT
  38. #define TQCA_EXPORT
  39. #endif
  40. #ifdef Q_OS_WIN32
  41. # ifdef TQCA_PLUGIN_DLL
  42. # define TQCA_PLUGIN_EXPORT extern "C" __declspec(dllexport)
  43. # else
  44. # define TQCA_PLUGIN_EXPORT extern "C" __declspec(dllimport)
  45. # endif
  46. #endif
  47. #ifndef TQCA_PLUGIN_EXPORT
  48. #define TQCA_PLUGIN_EXPORT extern "C" __attribute__ ((visibility ("default")))
  49. #endif
  50. class TQHostAddress;
  51. class TQStringList;
  52. class TQCAProvider;
  53. class TQCA_HashContext;
  54. class TQCA_CipherContext;
  55. class TQCA_CertContext;
  56. namespace TQCA
  57. {
  58. enum {
  59. CAP_SHA1 = 0x0001,
  60. CAP_SHA256 = 0x0002,
  61. CAP_MD5 = 0x0004,
  62. CAP_BlowFish = 0x0008,
  63. CAP_TripleDES = 0x0010,
  64. CAP_AES128 = 0x0020,
  65. CAP_AES256 = 0x0040,
  66. CAP_RSA = 0x0080,
  67. CAP_X509 = 0x0100,
  68. CAP_TLS = 0x0200,
  69. CAP_SASL = 0x0400
  70. };
  71. enum {
  72. CBC = 0x0001,
  73. CFB = 0x0002
  74. };
  75. enum {
  76. Encrypt = 0x0001,
  77. Decrypt = 0x0002
  78. };
  79. TQCA_EXPORT void init();
  80. TQCA_EXPORT bool isSupported(int capabilities);
  81. TQCA_EXPORT void insertProvider(TQCAProvider *);
  82. TQCA_EXPORT void unloadAllPlugins();
  83. TQCA_EXPORT TQString arrayToHex(const TQByteArray &);
  84. TQCA_EXPORT TQByteArray hexToArray(const TQString &);
  85. class TQCA_EXPORT Hash
  86. {
  87. public:
  88. Hash(const Hash &);
  89. Hash & operator=(const Hash &);
  90. ~Hash();
  91. void clear();
  92. void update(const TQByteArray &a);
  93. TQByteArray final();
  94. protected:
  95. Hash(TQCA_HashContext *);
  96. private:
  97. class Private;
  98. Private *d;
  99. };
  100. template <class T>
  101. class TQCA_EXPORT HashStatic
  102. {
  103. public:
  104. HashStatic<T>() {}
  105. static TQByteArray hash(const TQByteArray &a)
  106. {
  107. T obj;
  108. obj.update(a);
  109. return obj.final();
  110. }
  111. static TQByteArray hash(const TQCString &cs)
  112. {
  113. TQByteArray a(cs.length());
  114. memcpy(a.data(), cs.data(), a.size());
  115. return hash(a);
  116. }
  117. static TQString hashToString(const TQByteArray &a)
  118. {
  119. return arrayToHex(hash(a));
  120. }
  121. static TQString hashToString(const TQCString &cs)
  122. {
  123. return arrayToHex(hash(cs));
  124. }
  125. };
  126. class TQCA_EXPORT Cipher
  127. {
  128. public:
  129. Cipher(const Cipher &);
  130. Cipher & operator=(const Cipher &);
  131. ~Cipher();
  132. TQByteArray dyn_generateKey(int size=-1) const;
  133. TQByteArray dyn_generateIV() const;
  134. void reset(int dir, int mode, const TQByteArray &key, const TQByteArray &iv, bool pad=true);
  135. bool update(const TQByteArray &a);
  136. TQByteArray final(bool *ok=0);
  137. protected:
  138. Cipher(TQCA_CipherContext *, int dir, int mode, const TQByteArray &key, const TQByteArray &iv, bool pad);
  139. private:
  140. class Private;
  141. Private *d;
  142. };
  143. template <class T>
  144. class TQCA_EXPORT CipherStatic
  145. {
  146. public:
  147. CipherStatic<T>() {}
  148. static TQByteArray generateKey(int size=-1)
  149. {
  150. T obj;
  151. return obj.dyn_generateKey(size);
  152. }
  153. static TQByteArray generateIV()
  154. {
  155. T obj;
  156. return obj.dyn_generateIV();
  157. }
  158. };
  159. class TQCA_EXPORT SHA1 : public Hash, public HashStatic<SHA1>
  160. {
  161. public:
  162. SHA1();
  163. };
  164. class TQCA_EXPORT SHA256 : public Hash, public HashStatic<SHA256>
  165. {
  166. public:
  167. SHA256();
  168. };
  169. class TQCA_EXPORT MD5 : public Hash, public HashStatic<MD5>
  170. {
  171. public:
  172. MD5();
  173. };
  174. class TQCA_EXPORT BlowFish : public Cipher, public CipherStatic<BlowFish>
  175. {
  176. public:
  177. BlowFish(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  178. };
  179. class TQCA_EXPORT TripleDES : public Cipher, public CipherStatic<TripleDES>
  180. {
  181. public:
  182. TripleDES(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  183. };
  184. class TQCA_EXPORT AES128 : public Cipher, public CipherStatic<AES128>
  185. {
  186. public:
  187. AES128(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  188. };
  189. class TQCA_EXPORT AES256 : public Cipher, public CipherStatic<AES256>
  190. {
  191. public:
  192. AES256(int dir=Encrypt, int mode=CBC, const TQByteArray &key=TQByteArray(), const TQByteArray &iv=TQByteArray(), bool pad=true);
  193. };
  194. class RSA;
  195. class TQCA_EXPORT RSAKey
  196. {
  197. public:
  198. RSAKey();
  199. RSAKey(const RSAKey &from);
  200. RSAKey & operator=(const RSAKey &from);
  201. ~RSAKey();
  202. bool isNull() const;
  203. bool havePublic() const;
  204. bool havePrivate() const;
  205. TQByteArray toDER(bool publicOnly=false) const;
  206. bool fromDER(const TQByteArray &a);
  207. TQString toPEM(bool publicOnly=false) const;
  208. bool fromPEM(const TQString &);
  209. // only call if you know what you are doing
  210. bool fromNative(void *);
  211. private:
  212. class Private;
  213. Private *d;
  214. friend class RSA;
  215. friend class TLS;
  216. bool encrypt(const TQByteArray &a, TQByteArray *out, bool oaep) const;
  217. bool decrypt(const TQByteArray &a, TQByteArray *out, bool oaep) const;
  218. bool generate(unsigned int bits);
  219. };
  220. class TQCA_EXPORT RSA
  221. {
  222. public:
  223. RSA();
  224. ~RSA();
  225. RSAKey key() const;
  226. void setKey(const RSAKey &);
  227. bool encrypt(const TQByteArray &a, TQByteArray *out, bool oaep=false) const;
  228. bool decrypt(const TQByteArray &a, TQByteArray *out, bool oaep=false) const;
  229. static RSAKey generateKey(unsigned int bits);
  230. private:
  231. RSAKey v_key;
  232. };
  233. typedef TQMap<TQString, TQString> CertProperties;
  234. class TQCA_EXPORT Cert
  235. {
  236. public:
  237. Cert();
  238. Cert(const Cert &);
  239. Cert & operator=(const Cert &);
  240. ~Cert();
  241. bool isNull() const;
  242. TQString commonName() const;
  243. TQString serialNumber() const;
  244. TQString subjectString() const;
  245. TQString issuerString() const;
  246. CertProperties subject() const;
  247. CertProperties issuer() const;
  248. TQDateTime notBefore() const;
  249. TQDateTime notAfter() const;
  250. TQByteArray toDER() const;
  251. bool fromDER(const TQByteArray &a);
  252. TQString toPEM() const;
  253. bool fromPEM(const TQString &);
  254. private:
  255. class Private;
  256. Private *d;
  257. friend class TLS;
  258. void fromContext(TQCA_CertContext *);
  259. };
  260. class TQCA_EXPORT TLS : public TQObject
  261. {
  262. Q_OBJECT
  263. public:
  264. enum Validity {
  265. NoCert,
  266. Valid,
  267. HostMismatch,
  268. Rejected,
  269. Untrusted,
  270. SignatureFailed,
  271. InvalidCA,
  272. InvalidPurpose,
  273. SelfSigned,
  274. Revoked,
  275. PathLengthExceeded,
  276. Expired,
  277. Unknown
  278. };
  279. enum Error { ErrHandshake, ErrCrypt };
  280. TLS(TQObject *parent=0);
  281. ~TLS();
  282. void setCertificate(const Cert &cert, const RSAKey &key);
  283. void setCertificateStore(const TQPtrList<Cert> &store); // note: store must persist
  284. void reset();
  285. bool startClient(const TQString &host="");
  286. bool startServer();
  287. void close();
  288. bool isHandshaken() const;
  289. // plain (application side)
  290. void write(const TQByteArray &a);
  291. TQByteArray read();
  292. // encoded (socket side)
  293. void writeIncoming(const TQByteArray &a);
  294. TQByteArray readOutgoing();
  295. TQByteArray readUnprocessed();
  296. // cert related
  297. const Cert & peerCertificate() const;
  298. int certificateValidityResult() const;
  299. signals:
  300. void handshaken();
  301. void readyRead();
  302. void readyReadOutgoing(int plainBytes);
  303. void closed();
  304. void error(int);
  305. private slots:
  306. void update();
  307. private:
  308. class Private;
  309. Private *d;
  310. };
  311. class TQCA_EXPORT SASL : public TQObject
  312. {
  313. Q_OBJECT
  314. public:
  315. enum Error { ErrAuth, ErrCrypt };
  316. enum ErrorCond {
  317. NoMech,
  318. BadProto,
  319. BadServ,
  320. BadAuth,
  321. NoAuthzid,
  322. TooWeak,
  323. NeedEncrypt,
  324. Expired,
  325. Disabled,
  326. NoUser,
  327. RemoteUnavail
  328. };
  329. SASL(TQObject *parent=0);
  330. ~SASL();
  331. static void setAppName(const TQString &name);
  332. void reset();
  333. int errorCondition() const;
  334. // options
  335. void setAllowPlain(bool);
  336. void setAllowAnonymous(bool);
  337. void setAllowActiveVulnerable(bool);
  338. void setAllowDictionaryVulnerable(bool);
  339. void setRequireForwardSecrecy(bool);
  340. void setRequirePassCredentials(bool);
  341. void setRequireMutualAuth(bool);
  342. void setMinimumSSF(int);
  343. void setMaximumSSF(int);
  344. void setExternalAuthID(const TQString &authid);
  345. void setExternalSSF(int);
  346. void setLocalAddr(const TQHostAddress &addr, TQ_UINT16 port);
  347. void setRemoteAddr(const TQHostAddress &addr, TQ_UINT16 port);
  348. // initialize
  349. bool startClient(const TQString &service, const TQString &host, const TQStringList &mechlist, bool allowClientSendFirst=true);
  350. bool startServer(const TQString &service, const TQString &host, const TQString &realm, TQStringList *mechlist);
  351. // authentication
  352. void putStep(const TQByteArray &stepData);
  353. void putServerFirstStep(const TQString &mech);
  354. void putServerFirstStep(const TQString &mech, const TQByteArray &clientInit);
  355. void setUsername(const TQString &user);
  356. void setAuthzid(const TQString &auth);
  357. void setPassword(const TQString &pass);
  358. void setRealm(const TQString &realm);
  359. void continueAfterParams();
  360. void continueAfterAuthCheck();
  361. // security layer
  362. int ssf() const;
  363. void write(const TQByteArray &a);
  364. TQByteArray read();
  365. void writeIncoming(const TQByteArray &a);
  366. TQByteArray readOutgoing();
  367. signals:
  368. // for authentication
  369. void clientFirstStep(const TQString &mech, const TQByteArray *clientInit);
  370. void nextStep(const TQByteArray &stepData);
  371. void needParams(bool user, bool authzid, bool pass, bool realm);
  372. void authCheck(const TQString &user, const TQString &authzid);
  373. void authenticated();
  374. // for security layer
  375. void readyRead();
  376. void readyReadOutgoing(int plainBytes);
  377. // error
  378. void error(int);
  379. private slots:
  380. void tryAgain();
  381. private:
  382. class Private;
  383. Private *d;
  384. void handleServerFirstStep(int r);
  385. };
  386. };
  387. #endif