qca_securelayer.h

Go to the documentation of this file.
00001 /*
00002  * qca_securelayer.h - Qt Cryptographic Architecture
00003  * Copyright (C) 2003-2007  Justin Karneges <justin@affinix.com>
00004  * Copyright (C) 2004-2006  Brad Hards <bradh@frogmouth.net>
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2.1 of the License, or (at your option) any later version.
00010  *
00011  * This library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with this library; if not, write to the Free Software
00018  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
00019  *
00020  */
00021 
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033 
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038 
00039 namespace QCA {
00040 
00058 enum SecurityLevel
00059 {
00060         SL_None,      
00061         SL_Integrity, 
00062         SL_Export,    
00063         SL_Baseline,  
00064         SL_High,      
00065         SL_Highest    
00066 };
00067 
00101 class QCA_EXPORT SecureLayer : public QObject
00102 {
00103         Q_OBJECT
00104 public:
00111         SecureLayer(QObject *parent = 0);
00112 
00116         virtual bool isClosable() const;
00117 
00122         virtual int bytesAvailable() const = 0;
00123 
00128         virtual int bytesOutgoingAvailable() const = 0;
00129 
00137         virtual void close();
00138 
00144         virtual void write(const QByteArray &a) = 0;
00145 
00152         virtual QByteArray read() = 0;
00153 
00161         virtual void writeIncoming(const QByteArray &a) = 0;
00162 
00170         virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00171 
00179         virtual QByteArray readUnprocessed();
00180 
00184         virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00185 
00186 Q_SIGNALS:
00193         void readyRead();
00194 
00201         void readyReadOutgoing();
00202 
00207         void closed();
00208 
00213         void error();
00214 
00215 private:
00216         Q_DISABLE_COPY(SecureLayer)
00217 };
00218 
00222 class QCA_EXPORT TLSSession : public Algorithm
00223 {
00224 public:
00225         TLSSession();
00226         TLSSession(const TLSSession &from);
00227         ~TLSSession();
00228         TLSSession & operator=(const TLSSession &from);
00229 
00230         bool isNull() const;
00231 };
00232 
00253 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00254 {
00255         Q_OBJECT
00256 public:
00260         enum Mode
00261         {
00262                 Stream,  
00263                 Datagram 
00264         };
00265 
00269         enum Version
00270         {
00271                 TLS_v1, 
00272                 SSL_v3, 
00273                 SSL_v2, 
00274                 DTLS_v1 
00275         };
00276 
00280         enum Error
00281         {
00282                 ErrorSignerExpired,   
00283                 ErrorSignerInvalid,   
00284                 ErrorCertKeyMismatch, 
00285                 ErrorInit,            
00286                 ErrorHandshake,       
00287                 ErrorCrypt            
00288         };
00289 
00293         enum IdentityResult
00294         {
00295                 Valid,              
00296                 HostMismatch,       
00297                 InvalidCertificate, 
00298                 NoCertificate       
00299         };
00300 
00312         explicit TLS(QObject *parent = 0, const QString &provider = QString());
00313 
00322         explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00323 
00327         ~TLS();
00328 
00332         void reset();
00333 
00348         QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00349 
00363         void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00364 
00370         void setCertificate(const KeyBundle &kb);
00371 
00375         CertificateCollection trustedCertificates() const;
00376 
00388         void setTrustedCertificates(const CertificateCollection &trusted);
00389 
00395         void setConstraints(SecurityLevel s);
00396 
00405         void setConstraints(int minSSF, int maxSSF);
00406 
00417         void setConstraints(const QStringList &cipherSuiteList);
00418 
00441         QList<CertificateInfoOrdered> issuerList() const;
00442 
00447         void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00448 
00452         void setSession(const TLSSession &session);
00453 
00459         bool canCompress() const;
00460 
00467         bool canSetHostName() const;
00468 
00476         bool compressionEnabled() const;
00477 
00484         void setCompressionEnabled(bool b);
00485 
00490         QString hostName() const;
00491 
00511         void startClient(const QString &host = QString());
00512 
00516         void startServer();
00517 
00527         void continueAfterStep();
00528 
00536         bool isHandshaken() const;
00537 
00543         bool isCompressed() const;
00544 
00548         Version version() const;
00549 
00556         QString cipherSuite() const;
00557 
00567         int cipherBits() const;
00568 
00575         int cipherMaxBits() const;
00576 
00581         TLSSession session() const;
00582 
00588         Error errorCode() const;
00589 
00607         IdentityResult peerIdentityResult() const;
00608 
00617         Validity peerCertificateValidity() const;
00618 
00623         CertificateChain localCertificateChain() const;
00624 
00629         PrivateKey localPrivateKey() const;
00630 
00635         CertificateChain peerCertificateChain() const;
00636 
00637         // reimplemented
00638         virtual bool isClosable() const;
00639         virtual int bytesAvailable() const;
00640         virtual int bytesOutgoingAvailable() const;
00641         virtual void close();
00642         virtual void write(const QByteArray &a);
00643         virtual QByteArray read();
00644         virtual void writeIncoming(const QByteArray &a);
00645         virtual QByteArray readOutgoing(int *plainBytes = 0);
00646         virtual QByteArray readUnprocessed();
00647         virtual int convertBytesWritten(qint64 encryptedBytes);
00648 
00655         int packetsAvailable() const;
00656 
00663         int packetsOutgoingAvailable() const;
00664 
00670         int packetMTU() const;
00671 
00679         void setPacketMTU(int size) const;
00680 
00681 Q_SIGNALS:
00693         void hostNameReceived();
00694 
00706         void certificateRequested();
00707 
00718         void peerCertificateAvailable();
00719 
00731         void handshaken();
00732 
00733 protected:
00734         void connectNotify(const char *signal);
00735         void disconnectNotify(const char *signal);
00736 
00737 private:
00738         Q_DISABLE_COPY(TLS)
00739 
00740         class Private;
00741         friend class Private;
00742         Private *d;
00743 };
00744 
00769 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00770 {
00771         Q_OBJECT
00772 public:
00776         enum Error
00777         {
00778                 ErrorInit,      
00779                 ErrorHandshake, 
00780                 ErrorCrypt      
00781         };
00782 
00786         enum AuthCondition
00787         {
00788                 AuthFail,          
00789                 NoMechanism,       
00790                 BadProtocol,       
00791                 BadServer,         
00792                 BadAuth,           
00793                 NoAuthzid,         
00794                 TooWeak,           
00795                 NeedEncrypt,       
00796                 Expired,           
00797                 Disabled,          
00798                 NoUser,            
00799                 RemoteUnavailable  
00800         };
00801 
00805         enum AuthFlags
00806         {
00807                 AuthFlagsNone          = 0x00,
00808                 AllowPlain             = 0x01,
00809                 AllowAnonymous         = 0x02,
00810                 RequireForwardSecrecy  = 0x04,
00811                 RequirePassCredentials = 0x08,
00812                 RequireMutualAuth      = 0x10,
00813                 RequireAuthzidSupport  = 0x20  // server-only
00814         };
00815 
00819         enum ClientSendMode
00820         {
00821                 AllowClientSendFirst,
00822                 DisableClientSendFirst
00823         };
00824 
00828         enum ServerSendMode
00829         {
00830                 AllowServerSendLast,
00831                 DisableServerSendLast
00832         };
00833 
00842         class QCA_EXPORT Params
00843         {
00844         public:
00845                 Params();
00846 
00858                 Params(bool user, bool authzid, bool pass, bool realm);
00859 
00865                 Params(const Params &from);
00866                 ~Params();
00867 
00873                 Params & operator=(const Params &from);
00874 
00878                 bool needUsername() const;
00879 
00883                 bool canSendAuthzid() const;
00884 
00888                 bool needPassword() const;
00889 
00893                 bool canSendRealm() const;
00894 
00895         private:
00896                 class Private;
00897                 Private *d;
00898         };
00899 
00908         SASL(QObject *parent = 0, const QString &provider = QString());
00909         ~SASL();
00910 
00914         void reset();
00915 
00928         void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00929 
00945         void setConstraints(AuthFlags f, int minSSF, int maxSSF);
00946 
00953         void setLocalAddress(const QString &addr, quint16 port);
00954 
00961         void setRemoteAddress(const QString &addr, quint16 port);
00962 
00968         void setExternalAuthId(const QString &authid);
00969 
00976         void setExternalSSF(int strength);
00977 
00989         void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
00990 
01002         void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01003 
01011         void putServerFirstStep(const QString &mech);
01012 
01020         void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01021 
01029         void putStep(const QByteArray &stepData);
01030 
01034         QString mechanism() const;
01035 
01039         QStringList mechanismList() const;
01040 
01044         QStringList realmList() const;
01045 
01049         int ssf() const;
01050 
01054         Error errorCode() const;
01055 
01059         AuthCondition authCondition() const;
01060 
01066         void setUsername(const QString &user);
01067 
01073         void setAuthzid(const QString &auth);
01074 
01080         void setPassword(const SecureArray &pass);
01081 
01087         void setRealm(const QString &realm);
01088 
01092         void continueAfterParams();
01093 
01097         void continueAfterAuthCheck();
01098 
01099         // reimplemented
01100         virtual int bytesAvailable() const;
01101         virtual int bytesOutgoingAvailable() const;
01102         virtual void write(const QByteArray &a);
01103         virtual QByteArray read();
01104         virtual void writeIncoming(const QByteArray &a);
01105         virtual QByteArray readOutgoing(int *plainBytes = 0);
01106         virtual int convertBytesWritten(qint64 encryptedBytes);
01107 
01108 Q_SIGNALS:
01113         void clientStarted(bool clientInit, const QByteArray &clientInitData);
01114 
01119         void serverStarted();
01120 
01128         void nextStep(const QByteArray &stepData);
01129 
01137         void needParams(const QCA::SASL::Params &params);
01138 
01145         void authCheck(const QString &user, const QString &authzid);
01146 
01150         void authenticated();
01151 
01152 private:
01153         Q_DISABLE_COPY(SASL)
01154 
01155         class Private;
01156         friend class Private;
01157         Private *d;
01158 };
01159 
01160 }
01161 
01162 #endif

Generated on Fri Jul 6 13:22:42 2007 for Qt Cryptographic Architecture by  doxygen 1.4.6