qca_securelayer.h

Go to the documentation of this file.
00001 /*
00002  * qca_securelayer.h - Qt Cryptographic Architecture
00003  * Copyright (C) 2003-2007  Justin Karneges <justin@affinix.com>
00004  * Copyright (C) 2004-2006  Brad Hards <bradh@frogmouth.net>
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2.1 of the License, or (at your option) any later version.
00010  *
00011  * This library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with this library; if not, write to the Free Software
00018  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
00019  *
00020  */
00021 
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033 
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038 
00039 namespace QCA {
00040 
00058 enum SecurityLevel
00059 {
00060         SL_None,      
00061         SL_Integrity, 
00062         SL_Export,    
00063         SL_Baseline,  
00064         SL_High,      
00065         SL_Highest    
00066 };
00067 
00101 class QCA_EXPORT SecureLayer : public QObject
00102 {
00103         Q_OBJECT
00104 public:
00111         SecureLayer(QObject *parent = 0);
00112 
00116         virtual bool isClosable() const;
00117 
00122         virtual int bytesAvailable() const = 0;
00123 
00128         virtual int bytesOutgoingAvailable() const = 0;
00129 
00137         virtual void close();
00138 
00144         virtual void write(const QByteArray &a) = 0;
00145 
00152         virtual QByteArray read() = 0;
00153 
00161         virtual void writeIncoming(const QByteArray &a) = 0;
00162 
00170         virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00171 
00179         virtual QByteArray readUnprocessed();
00180 
00184         virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00185 
00186 Q_SIGNALS:
00193         void readyRead();
00194 
00201         void readyReadOutgoing();
00202 
00207         void closed();
00208 
00213         void error();
00214 
00215 private:
00216         Q_DISABLE_COPY(SecureLayer)
00217 };
00218 
00222 class QCA_EXPORT TLSSession : public Algorithm
00223 {
00224 public:
00225         TLSSession();
00226         TLSSession(const TLSSession &from);
00227         ~TLSSession();
00228         TLSSession & operator=(const TLSSession &from);
00229 
00230         bool isNull() const;
00231 };
00232 
00253 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00254 {
00255         Q_OBJECT
00256 public:
00260         enum Mode
00261         {
00262                 Stream,  
00263                 Datagram 
00264         };
00265 
00269         enum Version
00270         {
00271                 TLS_v1, 
00272                 SSL_v3, 
00273                 SSL_v2, 
00274                 DTLS_v1 
00275         };
00276 
00280         enum Error
00281         {
00282                 ErrorSignerExpired,   
00283                 ErrorSignerInvalid,   
00284                 ErrorCertKeyMismatch, 
00285                 ErrorInit,            
00286                 ErrorHandshake,       
00287                 ErrorCrypt            
00288         };
00289 
00293         enum IdentityResult
00294         {
00295                 Valid,              
00296                 HostMismatch,       
00297                 InvalidCertificate, 
00298                 NoCertificate       
00299         };
00300 
00312         explicit TLS(QObject *parent = 0, const QString &provider = QString());
00313 
00322         explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00323 
00327         ~TLS();
00328 
00332         void reset();
00333 
00348         QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00349 
00363         void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00364 
00370         void setCertificate(const KeyBundle &kb);
00371 
00375         CertificateCollection trustedCertificates() const;
00376 
00388         void setTrustedCertificates(const CertificateCollection &trusted);
00389 
00395         void setConstraints(SecurityLevel s);
00396 
00405         void setConstraints(int minSSF, int maxSSF);
00406 
00417         void setConstraints(const QStringList &cipherSuiteList);
00418 
00441         QList<CertificateInfoOrdered> issuerList() const;
00442 
00447         void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00448 
00452         void setSession(const TLSSession &session);
00453 
00459         bool canCompress() const;
00460 
00467         bool canSetHostName() const;
00468 
00476         bool compressionEnabled() const;
00477 
00484         void setCompressionEnabled(bool b);
00485 
00490         QString hostName() const;
00491 
00511         void startClient(const QString &host = QString());
00512 
00516         void startServer();
00517 
00527         void continueAfterStep();
00528 
00536         bool isHandshaken() const;
00537 
00543         bool isCompressed() const;
00544 
00548         Version version() const;
00549 
00556         QString cipherSuite() const;
00557 
00567         int cipherBits() const;
00568 
00575         int cipherMaxBits() const;
00576 
00581         TLSSession session() const;
00582 
00588         Error errorCode() const;
00589 
00607         IdentityResult peerIdentityResult() const;
00608 
00617         Validity peerCertificateValidity() const;
00618 
00623         CertificateChain localCertificateChain() const;
00624 
00629         PrivateKey localPrivateKey() const;
00630 
00635         CertificateChain peerCertificateChain() const;
00636 
00637         // reimplemented
00638         virtual bool isClosable() const;
00639         virtual int bytesAvailable() const;
00640         virtual int bytesOutgoingAvailable() const;
00641         virtual void close();
00642         virtual void write(const QByteArray &a);
00643         virtual QByteArray read();
00644         virtual void writeIncoming(const QByteArray &a);
00645         virtual QByteArray readOutgoing(int *plainBytes = 0);
00646         virtual QByteArray readUnprocessed();
00647         virtual int convertBytesWritten(qint64 encryptedBytes);
00648 
00655         int packetsAvailable() const;
00656 
00663         int packetsOutgoingAvailable() const;
00664 
00670         int packetMTU() const;
00671 
00679         void setPacketMTU(int size) const;
00680 
00681 Q_SIGNALS:
00693         void hostNameReceived();
00694 
00706         void certificateRequested();
00707 
00719         void handshaken();
00720 
00721 protected:
00722         void connectNotify(const char *signal);
00723         void disconnectNotify(const char *signal);
00724 
00725 private:
00726         Q_DISABLE_COPY(TLS)
00727 
00728         class Private;
00729         friend class Private;
00730         Private *d;
00731 };
00732 
00757 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00758 {
00759         Q_OBJECT
00760 public:
00764         enum Error
00765         {
00766                 ErrorInit,      
00767                 ErrorHandshake, 
00768                 ErrorCrypt      
00769         };
00770 
00774         enum AuthCondition
00775         {
00776                 AuthFail,          
00777                 NoMechanism,       
00778                 BadProtocol,       
00779                 BadServer,         
00780                 BadAuth,           
00781                 NoAuthzid,         
00782                 TooWeak,           
00783                 NeedEncrypt,       
00784                 Expired,           
00785                 Disabled,          
00786                 NoUser,            
00787                 RemoteUnavailable  
00788         };
00789 
00793         enum AuthFlags
00794         {
00795                 AuthFlagsNone          = 0x00,
00796                 AllowPlain             = 0x01,
00797                 AllowAnonymous         = 0x02,
00798                 RequireForwardSecrecy  = 0x04,
00799                 RequirePassCredentials = 0x08,
00800                 RequireMutualAuth      = 0x10,
00801                 RequireAuthzidSupport  = 0x20  // server-only
00802         };
00803 
00807         enum ClientSendMode
00808         {
00809                 AllowClientSendFirst,
00810                 DisableClientSendFirst
00811         };
00812 
00816         enum ServerSendMode
00817         {
00818                 AllowServerSendLast,
00819                 DisableServerSendLast
00820         };
00821 
00830         class QCA_EXPORT Params
00831         {
00832         public:
00833                 Params();
00834 
00846                 Params(bool user, bool authzid, bool pass, bool realm);
00847 
00853                 Params(const Params &from);
00854                 ~Params();
00855 
00861                 Params & operator=(const Params &from);
00862 
00866                 bool needUsername() const;
00867 
00871                 bool canSendAuthzid() const;
00872 
00876                 bool needPassword() const;
00877 
00881                 bool canSendRealm() const;
00882 
00883         private:
00884                 class Private;
00885                 Private *d;
00886         };
00887 
00896         SASL(QObject *parent = 0, const QString &provider = QString());
00897         ~SASL();
00898 
00902         void reset();
00903 
00916         void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00917 
00933         void setConstraints(AuthFlags f, int minSSF, int maxSSF);
00934 
00941         void setLocalAddress(const QString &addr, quint16 port);
00942 
00949         void setRemoteAddress(const QString &addr, quint16 port);
00950 
00956         void setExternalAuthId(const QString &authid);
00957 
00964         void setExternalSSF(int strength);
00965 
00977         void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
00978 
00990         void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
00991 
00999         void putServerFirstStep(const QString &mech);
01000 
01008         void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01009 
01017         void putStep(const QByteArray &stepData);
01018 
01022         QString mechanism() const;
01023 
01027         QStringList mechanismList() const;
01028 
01032         QStringList realmList() const;
01033 
01037         int ssf() const;
01038 
01042         Error errorCode() const;
01043 
01047         AuthCondition authCondition() const;
01048 
01054         void setUsername(const QString &user);
01055 
01061         void setAuthzid(const QString &auth);
01062 
01068         void setPassword(const SecureArray &pass);
01069 
01075         void setRealm(const QString &realm);
01076 
01080         void continueAfterParams();
01081 
01085         void continueAfterAuthCheck();
01086 
01087         // reimplemented
01088         virtual int bytesAvailable() const;
01089         virtual int bytesOutgoingAvailable() const;
01090         virtual void write(const QByteArray &a);
01091         virtual QByteArray read();
01092         virtual void writeIncoming(const QByteArray &a);
01093         virtual QByteArray readOutgoing(int *plainBytes = 0);
01094         virtual int convertBytesWritten(qint64 encryptedBytes);
01095 
01096 Q_SIGNALS:
01101         void clientStarted(bool clientInit, const QByteArray &clientInitData);
01102 
01107         void serverStarted();
01108 
01116         void nextStep(const QByteArray &stepData);
01117 
01125         void needParams(const QCA::SASL::Params &params);
01126 
01133         void authCheck(const QString &user, const QString &authzid);
01134 
01138         void authenticated();
01139 
01140 private:
01141         Q_DISABLE_COPY(SASL)
01142 
01143         class Private;
01144         friend class Private;
01145         Private *d;
01146 };
01147 
01148 }
01149 
01150 #endif

Generated on Fri Jul 6 12:14:04 2007 for Qt Cryptographic Architecture by  doxygen 1.4.6