Qt Cryptographic Architecture
qca_securelayer.h
Go to the documentation of this file.
1 /*
2  * qca_securelayer.h - Qt Cryptographic Architecture
3  * Copyright (C) 2003-2007 Justin Karneges <justin@affinix.com>
4  * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  *
21  */
22 
32 #ifndef QCA_SECURELAYER_H
33 #define QCA_SECURELAYER_H
34 
35 #include <QObject>
36 #include "qca_core.h"
37 #include "qca_publickey.h"
38 #include "qca_cert.h"
39 
40 namespace QCA {
41 
60 {
67 };
68 
104 class QCA_EXPORT SecureLayer : public QObject
105 {
106  Q_OBJECT
107 public:
114  SecureLayer(QObject *parent = 0);
115 
119  virtual bool isClosable() const;
120 
125  virtual int bytesAvailable() const = 0;
126 
131  virtual int bytesOutgoingAvailable() const = 0;
132 
140  virtual void close();
141 
149  virtual void write(const QByteArray &a) = 0;
150 
157  virtual QByteArray read() = 0;
158 
168  virtual void writeIncoming(const QByteArray &a) = 0;
169 
179  virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
180 
188  virtual QByteArray readUnprocessed();
189 
195  virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
196 
197 Q_SIGNALS:
204  void readyRead();
205 
212  void readyReadOutgoing();
213 
218  void closed();
219 
224  void error();
225 
226 private:
227  Q_DISABLE_COPY(SecureLayer)
228 };
229 
238 class QCA_EXPORT TLSSession : public Algorithm
239 {
240 public:
241  TLSSession();
242 
248  TLSSession(const TLSSession &from);
249 
250  ~TLSSession();
251 
257  TLSSession & operator=(const TLSSession &from);
258 
262  bool isNull() const;
263 };
264 
289 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
290 {
291  Q_OBJECT
292 public:
296  enum Mode
297  {
299  Datagram
300  };
301 
305  enum Version
306  {
310  DTLS_v1
311  };
312 
316  enum Error
317  {
323  ErrorCrypt
324  };
325 
330  {
334  NoCertificate
335  };
336 
348  explicit TLS(QObject *parent = 0, const QString &provider = QString());
349 
361  explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
362 
366  ~TLS();
367 
371  void reset();
372 
387  QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
388 
402  void setCertificate(const CertificateChain &cert, const PrivateKey &key);
403 
412  void setCertificate(const KeyBundle &kb);
413 
417  CertificateCollection trustedCertificates() const;
418 
430  void setTrustedCertificates(const CertificateCollection &trusted);
431 
437  void setConstraints(SecurityLevel s);
438 
447  void setConstraints(int minSSF, int maxSSF);
448 
459  void setConstraints(const QStringList &cipherSuiteList);
460 
483  QList<CertificateInfoOrdered> issuerList() const;
484 
491  void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
492 
498  void setSession(const TLSSession &session);
499 
505  bool canCompress() const;
506 
513  bool canSetHostName() const;
514 
522  bool compressionEnabled() const;
523 
530  void setCompressionEnabled(bool b);
531 
536  QString hostName() const;
537 
557  void startClient(const QString &host = QString());
558 
562  void startServer();
563 
573  void continueAfterStep();
574 
582  bool isHandshaken() const;
583 
589  bool isCompressed() const;
590 
594  Version version() const;
595 
602  QString cipherSuite() const;
603 
613  int cipherBits() const;
614 
621  int cipherMaxBits() const;
622 
627  TLSSession session() const;
628 
634  Error errorCode() const;
635 
653  IdentityResult peerIdentityResult() const;
654 
663  Validity peerCertificateValidity() const;
664 
669  CertificateChain localCertificateChain() const;
670 
675  PrivateKey localPrivateKey() const;
676 
681  CertificateChain peerCertificateChain() const;
682 
683  // reimplemented
684  virtual bool isClosable() const;
685  virtual int bytesAvailable() const;
686  virtual int bytesOutgoingAvailable() const;
687  virtual void close();
688  virtual void write(const QByteArray &a);
689  virtual QByteArray read();
690  virtual void writeIncoming(const QByteArray &a);
691  virtual QByteArray readOutgoing(int *plainBytes = 0);
692  virtual QByteArray readUnprocessed();
693  virtual int convertBytesWritten(qint64 encryptedBytes);
694 
701  int packetsAvailable() const;
702 
709  int packetsOutgoingAvailable() const;
710 
716  int packetMTU() const;
717 
725  void setPacketMTU(int size) const;
726 
727 Q_SIGNALS:
739  void hostNameReceived();
740 
752  void certificateRequested();
753 
764  void peerCertificateAvailable();
765 
777  void handshaken();
778 
779 protected:
786 #if QT_VERSION >= 0x050000
787  void connectNotify(const QMetaMethod &signal);
788 #else
789  void connectNotify(const char *signal);
790 #endif
791 
798 #if QT_VERSION >= 0x050000
799  void disconnectNotify(const QMetaMethod &signal);
800 #else
801  void disconnectNotify(const char *signal);
802 #endif
803 
804 private:
805  Q_DISABLE_COPY(TLS)
806 
807  class Private;
808  friend class Private;
809  Private *d;
810 };
811 
839 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
840 {
841  Q_OBJECT
842 public:
846  enum Error
847  {
850  ErrorCrypt
851  };
852 
857  {
869  RemoteUnavailable
870  };
871 
876  {
877  AuthFlagsNone = 0x00,
878  AllowPlain = 0x01,
879  AllowAnonymous = 0x02,
880  RequireForwardSecrecy = 0x04,
881  RequirePassCredentials = 0x08,
882  RequireMutualAuth = 0x10,
883  RequireAuthzidSupport = 0x20 // server-only
884  };
885 
890  {
891  AllowClientSendFirst,
892  DisableClientSendFirst
893  };
894 
899  {
900  AllowServerSendLast,
901  DisableServerSendLast
902  };
903 
914  class QCA_EXPORT Params
915  {
916  public:
917  Params();
918 
930  Params(bool user, bool authzid, bool pass, bool realm);
931 
937  Params(const Params &from);
938  ~Params();
939 
945  Params & operator=(const Params &from);
946 
950  bool needUsername() const;
951 
955  bool canSendAuthzid() const;
956 
960  bool needPassword() const;
961 
965  bool canSendRealm() const;
966 
967  private:
968  class Private;
969  Private *d;
970  };
971 
980  explicit SASL(QObject *parent = 0, const QString &provider = QString());
981 
982  ~SASL();
983 
987  void reset();
988 
1001  void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
1002 
1018  void setConstraints(AuthFlags f, int minSSF, int maxSSF);
1019 
1026  void setLocalAddress(const QString &addr, quint16 port);
1027 
1034  void setRemoteAddress(const QString &addr, quint16 port);
1035 
1041  void setExternalAuthId(const QString &authid);
1042 
1049  void setExternalSSF(int strength);
1050 
1062  void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
1063 
1075  void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
1076 
1086  void putServerFirstStep(const QString &mech);
1087 
1098  void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
1099 
1109  void putStep(const QByteArray &stepData);
1110 
1114  QString mechanism() const;
1115 
1119  QStringList mechanismList() const;
1120 
1124  QStringList realmList() const;
1125 
1129  int ssf() const;
1130 
1134  Error errorCode() const;
1135 
1139  AuthCondition authCondition() const;
1140 
1146  void setUsername(const QString &user);
1147 
1153  void setAuthzid(const QString &auth);
1154 
1160  void setPassword(const SecureArray &pass);
1161 
1167  void setRealm(const QString &realm);
1168 
1172  void continueAfterParams();
1173 
1177  void continueAfterAuthCheck();
1178 
1179  // reimplemented
1180  virtual int bytesAvailable() const;
1181  virtual int bytesOutgoingAvailable() const;
1182  virtual void write(const QByteArray &a);
1183  virtual QByteArray read();
1184  virtual void writeIncoming(const QByteArray &a);
1185  virtual QByteArray readOutgoing(int *plainBytes = 0);
1186  virtual int convertBytesWritten(qint64 encryptedBytes);
1187 
1188 Q_SIGNALS:
1201  void clientStarted(bool clientInit, const QByteArray &clientInitData);
1202 
1207  void serverStarted();
1208 
1216  void nextStep(const QByteArray &stepData);
1217 
1228  void needParams(const QCA::SASL::Params &params);
1229 
1239  void authCheck(const QString &user, const QString &authzid);
1240 
1244  void authenticated();
1245 
1246 private:
1247  Q_DISABLE_COPY(SASL)
1248 
1249  class Private;
1250  friend class Private;
1251  Private *d;
1252 };
1253 
1254 }
1255 
1256 #endif
ServerSendMode
Mode options for server side sending.
Definition: qca_securelayer.h:898
Error
Type of error.
Definition: qca_securelayer.h:316
General superclass for an algorithm.
Definition: qca_core.h:1121
Version
Version of TLS or SSL.
Definition: qca_securelayer.h:305
problem starting up TLS
Definition: qca_securelayer.h:321
Parameter flags for the SASL authentication.
Definition: qca_securelayer.h:914
Generic private key.
Definition: qca_publickey.h:826
SL_High or max possible, whichever is greater.
Definition: qca_securelayer.h:66
must at least get integrity protection
Definition: qca_securelayer.h:62
Certificate chain and private key pair.
Definition: qca_cert.h:2135
local certificate is expired
Definition: qca_securelayer.h:318
Header file for PGP key and X.509 certificate related classes.
Mode
Operating mode.
Definition: qca_securelayer.h:296
identity is verified
Definition: qca_securelayer.h:331
Validity
The validity (or otherwise) of a certificate.
Definition: qca_cert.h:489
Simple Authentication and Security Layer protocol implementation.
Definition: qca_securelayer.h:839
must be 128 bit or more
Definition: qca_securelayer.h:64
Abstract interface to a security layer.
Definition: qca_securelayer.h:104
Header file for PublicKey and PrivateKey related classes.
Server failed mutual authentication (client side only)
Definition: qca_securelayer.h:861
invalid cert
Definition: qca_securelayer.h:333
Passphrase expired, has to be reset (server side only)
Definition: qca_securelayer.h:866
must be export level bits or more
Definition: qca_securelayer.h:63
User not found (server side only)
Definition: qca_securelayer.h:868
Transport Layer Security / Secure Socket Layer.
Definition: qca_securelayer.h:289
Header file for core QCA infrastructure.
No compatible/appropriate authentication mechanism.
Definition: qca_securelayer.h:859
Bad protocol or cancelled.
Definition: qca_securelayer.h:860
Authentication failure (server side only)
Definition: qca_securelayer.h:862
valid cert provided, but wrong owner
Definition: qca_securelayer.h:332
Session token, used for TLS resuming.
Definition: qca_securelayer.h:238
indicates that no security is ok
Definition: qca_securelayer.h:61
Secure Socket Layer, version 3.
Definition: qca_securelayer.h:308
QCA - the Qt Cryptographic Architecture.
Definition: qca_basic.h:47
problem starting up SASL
Definition: qca_securelayer.h:848
Account is disabled (server side only)
Definition: qca_securelayer.h:867
certificate and private key don't match
Definition: qca_securelayer.h:320
must be more than 128 bit
Definition: qca_securelayer.h:65
AuthFlags
Authentication requirement flag values.
Definition: qca_securelayer.h:875
SecurityLevel
Specify the lower-bound for acceptable TLS/SASL security layers.
Definition: qca_securelayer.h:59
IdentityResult
Type of identity.
Definition: qca_securelayer.h:329
Secure array of bytes.
Definition: qca_tools.h:316
AuthCondition
Possible authentication error states.
Definition: qca_securelayer.h:856
ClientSendMode
Mode options for client side sending.
Definition: qca_securelayer.h:889
problem during the authentication process
Definition: qca_securelayer.h:849
Generic authentication failure.
Definition: qca_securelayer.h:858
A chain of related Certificates.
Definition: qca_cert.h:1207
Mechanism too weak for this user (server side only)
Definition: qca_securelayer.h:864
Error
Possible errors that may occur when using SASL.
Definition: qca_securelayer.h:846
local certificate is invalid in some way
Definition: qca_securelayer.h:319
problem during the negotiation
Definition: qca_securelayer.h:322
Authorization failure (server side only)
Definition: qca_securelayer.h:863
Encryption is needed in order to use mechanism (server side only)
Definition: qca_securelayer.h:865
Transport Layer Security, version 1.
Definition: qca_securelayer.h:307
Secure Socket Layer, version 2.
Definition: qca_securelayer.h:309
Bundle of Certificates and CRLs.
Definition: qca_cert.h:1890
stream mode
Definition: qca_securelayer.h:298