qca_securelayer.h

Go to the documentation of this file.
00001 /*
00002  * qca_securelayer.h - Qt Cryptographic Architecture
00003  * Copyright (C) 2003-2007  Justin Karneges <justin@affinix.com>
00004  * Copyright (C) 2004-2006  Brad Hards <bradh@frogmouth.net>
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2.1 of the License, or (at your option) any later version.
00010  *
00011  * This library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with this library; if not, write to the Free Software
00018  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
00019  * 02110-1301  USA
00020  *
00021  */
00022 
00032 #ifndef QCA_SECURELAYER_H
00033 #define QCA_SECURELAYER_H
00034 
00035 #include <QObject>
00036 #include "qca_core.h"
00037 #include "qca_publickey.h"
00038 #include "qca_cert.h"
00039 
00040 namespace QCA {
00041 
00059 enum SecurityLevel
00060 {
00061         SL_None,      
00062         SL_Integrity, 
00063         SL_Export,    
00064         SL_Baseline,  
00065         SL_High,      
00066         SL_Highest    
00067 };
00068 
00104 class QCA_EXPORT SecureLayer : public QObject
00105 {
00106         Q_OBJECT
00107 public:
00114         SecureLayer(QObject *parent = 0);
00115 
00119         virtual bool isClosable() const;
00120 
00125         virtual int bytesAvailable() const = 0;
00126 
00131         virtual int bytesOutgoingAvailable() const = 0;
00132 
00140         virtual void close();
00141 
00149         virtual void write(const QByteArray &a) = 0;
00150 
00157         virtual QByteArray read() = 0;
00158 
00168         virtual void writeIncoming(const QByteArray &a) = 0;
00169 
00179         virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00180 
00188         virtual QByteArray readUnprocessed();
00189 
00195         virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00196 
00197 Q_SIGNALS:
00204         void readyRead();
00205 
00212         void readyReadOutgoing();
00213 
00218         void closed();
00219 
00224         void error();
00225 
00226 private:
00227         Q_DISABLE_COPY(SecureLayer)
00228 };
00229 
00238 class QCA_EXPORT TLSSession : public Algorithm
00239 {
00240 public:
00241         TLSSession();
00242 
00248         TLSSession(const TLSSession &from);
00249 
00250         ~TLSSession();
00251 
00257         TLSSession & operator=(const TLSSession &from);
00258 
00262         bool isNull() const;
00263 };
00264 
00289 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00290 {
00291         Q_OBJECT
00292 public:
00296         enum Mode
00297         {
00298                 Stream,  
00299                 Datagram 
00300         };
00301 
00305         enum Version
00306         {
00307                 TLS_v1, 
00308                 SSL_v3, 
00309                 SSL_v2, 
00310                 DTLS_v1 
00311         };
00312 
00316         enum Error
00317         {
00318                 ErrorSignerExpired,   
00319                 ErrorSignerInvalid,   
00320                 ErrorCertKeyMismatch, 
00321                 ErrorInit,            
00322                 ErrorHandshake,       
00323                 ErrorCrypt            
00324         };
00325 
00329         enum IdentityResult
00330         {
00331                 Valid,              
00332                 HostMismatch,       
00333                 InvalidCertificate, 
00334                 NoCertificate       
00335         };
00336 
00348         explicit TLS(QObject *parent = 0, const QString &provider = QString());
00349 
00361         explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00362 
00366         ~TLS();
00367 
00371         void reset();
00372 
00387         QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00388 
00402         void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00403 
00412         void setCertificate(const KeyBundle &kb);
00413 
00417         CertificateCollection trustedCertificates() const;
00418 
00430         void setTrustedCertificates(const CertificateCollection &trusted);
00431 
00437         void setConstraints(SecurityLevel s);
00438 
00447         void setConstraints(int minSSF, int maxSSF);
00448 
00459         void setConstraints(const QStringList &cipherSuiteList);
00460 
00483         QList<CertificateInfoOrdered> issuerList() const;
00484 
00491         void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00492 
00498         void setSession(const TLSSession &session);
00499 
00505         bool canCompress() const;
00506 
00513         bool canSetHostName() const;
00514 
00522         bool compressionEnabled() const;
00523 
00530         void setCompressionEnabled(bool b);
00531 
00536         QString hostName() const;
00537 
00557         void startClient(const QString &host = QString());
00558 
00562         void startServer();
00563 
00573         void continueAfterStep();
00574 
00582         bool isHandshaken() const;
00583 
00589         bool isCompressed() const;
00590 
00594         Version version() const;
00595 
00602         QString cipherSuite() const;
00603 
00613         int cipherBits() const;
00614 
00621         int cipherMaxBits() const;
00622 
00627         TLSSession session() const;
00628 
00634         Error errorCode() const;
00635 
00653         IdentityResult peerIdentityResult() const;
00654 
00663         Validity peerCertificateValidity() const;
00664 
00669         CertificateChain localCertificateChain() const;
00670 
00675         PrivateKey localPrivateKey() const;
00676 
00681         CertificateChain peerCertificateChain() const;
00682 
00683         // reimplemented
00684         virtual bool isClosable() const;
00685         virtual int bytesAvailable() const;
00686         virtual int bytesOutgoingAvailable() const;
00687         virtual void close();
00688         virtual void write(const QByteArray &a);
00689         virtual QByteArray read();
00690         virtual void writeIncoming(const QByteArray &a);
00691         virtual QByteArray readOutgoing(int *plainBytes = 0);
00692         virtual QByteArray readUnprocessed();
00693         virtual int convertBytesWritten(qint64 encryptedBytes);
00694 
00701         int packetsAvailable() const;
00702 
00709         int packetsOutgoingAvailable() const;
00710 
00716         int packetMTU() const;
00717 
00725         void setPacketMTU(int size) const;
00726 
00727 Q_SIGNALS:
00739         void hostNameReceived();
00740 
00752         void certificateRequested();
00753 
00764         void peerCertificateAvailable();
00765 
00777         void handshaken();
00778 
00779 protected:
00786         void connectNotify(const char *signal);
00787 
00794         void disconnectNotify(const char *signal);
00795 
00796 private:
00797         Q_DISABLE_COPY(TLS)
00798 
00799         class Private;
00800         friend class Private;
00801         Private *d;
00802 };
00803 
00831 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00832 {
00833         Q_OBJECT
00834 public:
00838         enum Error
00839         {
00840                 ErrorInit,      
00841                 ErrorHandshake, 
00842                 ErrorCrypt      
00843         };
00844 
00848         enum AuthCondition
00849         {
00850                 AuthFail,          
00851                 NoMechanism,       
00852                 BadProtocol,       
00853                 BadServer,         
00854                 BadAuth,           
00855                 NoAuthzid,         
00856                 TooWeak,           
00857                 NeedEncrypt,       
00858                 Expired,           
00859                 Disabled,          
00860                 NoUser,            
00861                 RemoteUnavailable  
00862         };
00863 
00867         enum AuthFlags
00868         {
00869                 AuthFlagsNone          = 0x00,
00870                 AllowPlain             = 0x01,
00871                 AllowAnonymous         = 0x02,
00872                 RequireForwardSecrecy  = 0x04,
00873                 RequirePassCredentials = 0x08,
00874                 RequireMutualAuth      = 0x10,
00875                 RequireAuthzidSupport  = 0x20  // server-only
00876         };
00877 
00881         enum ClientSendMode
00882         {
00883                 AllowClientSendFirst,
00884                 DisableClientSendFirst
00885         };
00886 
00890         enum ServerSendMode
00891         {
00892                 AllowServerSendLast,
00893                 DisableServerSendLast
00894         };
00895 
00906         class QCA_EXPORT Params
00907         {
00908         public:
00909                 Params();
00910 
00922                 Params(bool user, bool authzid, bool pass, bool realm);
00923 
00929                 Params(const Params &from);
00930                 ~Params();
00931 
00937                 Params & operator=(const Params &from);
00938 
00942                 bool needUsername() const;
00943 
00947                 bool canSendAuthzid() const;
00948 
00952                 bool needPassword() const;
00953 
00957                 bool canSendRealm() const;
00958 
00959         private:
00960                 class Private;
00961                 Private *d;
00962         };
00963 
00972         explicit SASL(QObject *parent = 0, const QString &provider = QString());
00973 
00974         ~SASL();
00975 
00979         void reset();
00980 
00993         void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00994 
01010         void setConstraints(AuthFlags f, int minSSF, int maxSSF);
01011 
01018         void setLocalAddress(const QString &addr, quint16 port);
01019 
01026         void setRemoteAddress(const QString &addr, quint16 port);
01027 
01033         void setExternalAuthId(const QString &authid);
01034 
01041         void setExternalSSF(int strength);
01042 
01054         void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
01055 
01067         void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01068 
01078         void putServerFirstStep(const QString &mech);
01079 
01090         void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01091 
01101         void putStep(const QByteArray &stepData);
01102 
01106         QString mechanism() const;
01107 
01111         QStringList mechanismList() const;
01112 
01116         QStringList realmList() const;
01117 
01121         int ssf() const;
01122 
01126         Error errorCode() const;
01127 
01131         AuthCondition authCondition() const;
01132 
01138         void setUsername(const QString &user);
01139 
01145         void setAuthzid(const QString &auth);
01146 
01152         void setPassword(const SecureArray &pass);
01153 
01159         void setRealm(const QString &realm);
01160 
01164         void continueAfterParams();
01165 
01169         void continueAfterAuthCheck();
01170 
01171         // reimplemented
01172         virtual int bytesAvailable() const;
01173         virtual int bytesOutgoingAvailable() const;
01174         virtual void write(const QByteArray &a);
01175         virtual QByteArray read();
01176         virtual void writeIncoming(const QByteArray &a);
01177         virtual QByteArray readOutgoing(int *plainBytes = 0);
01178         virtual int convertBytesWritten(qint64 encryptedBytes);
01179 
01180 Q_SIGNALS:
01193         void clientStarted(bool clientInit, const QByteArray &clientInitData);
01194 
01199         void serverStarted();
01200 
01208         void nextStep(const QByteArray &stepData);
01209 
01220         void needParams(const QCA::SASL::Params &params);
01221 
01231         void authCheck(const QString &user, const QString &authzid);
01232 
01236         void authenticated();
01237 
01238 private:
01239         Q_DISABLE_COPY(SASL)
01240 
01241         class Private;
01242         friend class Private;
01243         Private *d;
01244 };
01245 
01246 }
01247 
01248 #endif

Generated on Wed Apr 29 15:15:45 2009 for Qt Cryptographic Architecture by  doxygen 1.5.5