qca_securelayer.h

Go to the documentation of this file.
00001 /*
00002  * qca_securelayer.h - Qt Cryptographic Architecture
00003  * Copyright (C) 2003-2007  Justin Karneges <justin@affinix.com>
00004  * Copyright (C) 2004-2006  Brad Hards <bradh@frogmouth.net>
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2.1 of the License, or (at your option) any later version.
00010  *
00011  * This library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with this library; if not, write to the Free Software
00018  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
00019  *
00020  */
00021 
00031 #ifndef QCA_SECURELAYER_H
00032 #define QCA_SECURELAYER_H
00033 
00034 #include <QObject>
00035 #include "qca_core.h"
00036 #include "qca_publickey.h"
00037 #include "qca_cert.h"
00038 
00039 namespace QCA {
00040 
00058 enum SecurityLevel
00059 {
00060         SL_None,      
00061         SL_Integrity, 
00062         SL_Export,    
00063         SL_Baseline,  
00064         SL_High,      
00065         SL_Highest    
00066 };
00067 
00103 class QCA_EXPORT SecureLayer : public QObject
00104 {
00105         Q_OBJECT
00106 public:
00113         SecureLayer(QObject *parent = 0);
00114 
00118         virtual bool isClosable() const;
00119 
00124         virtual int bytesAvailable() const = 0;
00125 
00130         virtual int bytesOutgoingAvailable() const = 0;
00131 
00139         virtual void close();
00140 
00148         virtual void write(const QByteArray &a) = 0;
00149 
00156         virtual QByteArray read() = 0;
00157 
00167         virtual void writeIncoming(const QByteArray &a) = 0;
00168 
00178         virtual QByteArray readOutgoing(int *plainBytes = 0) = 0;
00179 
00187         virtual QByteArray readUnprocessed();
00188 
00194         virtual int convertBytesWritten(qint64 encryptedBytes) = 0;
00195 
00196 Q_SIGNALS:
00203         void readyRead();
00204 
00211         void readyReadOutgoing();
00212 
00217         void closed();
00218 
00223         void error();
00224 
00225 private:
00226         Q_DISABLE_COPY(SecureLayer)
00227 };
00228 
00237 class QCA_EXPORT TLSSession : public Algorithm
00238 {
00239 public:
00240         TLSSession();
00241 
00247         TLSSession(const TLSSession &from);
00248 
00249         ~TLSSession();
00250 
00256         TLSSession & operator=(const TLSSession &from);
00257 
00261         bool isNull() const;
00262 };
00263 
00286 class QCA_EXPORT TLS : public SecureLayer, public Algorithm
00287 {
00288         Q_OBJECT
00289 public:
00293         enum Mode
00294         {
00295                 Stream,  
00296                 Datagram 
00297         };
00298 
00302         enum Version
00303         {
00304                 TLS_v1, 
00305                 SSL_v3, 
00306                 SSL_v2, 
00307                 DTLS_v1 
00308         };
00309 
00313         enum Error
00314         {
00315                 ErrorSignerExpired,   
00316                 ErrorSignerInvalid,   
00317                 ErrorCertKeyMismatch, 
00318                 ErrorInit,            
00319                 ErrorHandshake,       
00320                 ErrorCrypt            
00321         };
00322 
00326         enum IdentityResult
00327         {
00328                 Valid,              
00329                 HostMismatch,       
00330                 InvalidCertificate, 
00331                 NoCertificate       
00332         };
00333 
00345         explicit TLS(QObject *parent = 0, const QString &provider = QString());
00346 
00358         explicit TLS(Mode mode, QObject *parent = 0, const QString &provider = QString());
00359 
00363         ~TLS();
00364 
00368         void reset();
00369 
00384         QStringList supportedCipherSuites(const Version &version = TLS_v1) const;
00385 
00399         void setCertificate(const CertificateChain &cert, const PrivateKey &key);
00400 
00409         void setCertificate(const KeyBundle &kb);
00410 
00414         CertificateCollection trustedCertificates() const;
00415 
00427         void setTrustedCertificates(const CertificateCollection &trusted);
00428 
00434         void setConstraints(SecurityLevel s);
00435 
00444         void setConstraints(int minSSF, int maxSSF);
00445 
00456         void setConstraints(const QStringList &cipherSuiteList);
00457 
00480         QList<CertificateInfoOrdered> issuerList() const;
00481 
00488         void setIssuerList(const QList<CertificateInfoOrdered> &issuers);
00489 
00495         void setSession(const TLSSession &session);
00496 
00502         bool canCompress() const;
00503 
00510         bool canSetHostName() const;
00511 
00519         bool compressionEnabled() const;
00520 
00527         void setCompressionEnabled(bool b);
00528 
00533         QString hostName() const;
00534 
00554         void startClient(const QString &host = QString());
00555 
00559         void startServer();
00560 
00570         void continueAfterStep();
00571 
00579         bool isHandshaken() const;
00580 
00586         bool isCompressed() const;
00587 
00591         Version version() const;
00592 
00599         QString cipherSuite() const;
00600 
00610         int cipherBits() const;
00611 
00618         int cipherMaxBits() const;
00619 
00624         TLSSession session() const;
00625 
00631         Error errorCode() const;
00632 
00650         IdentityResult peerIdentityResult() const;
00651 
00660         Validity peerCertificateValidity() const;
00661 
00666         CertificateChain localCertificateChain() const;
00667 
00672         PrivateKey localPrivateKey() const;
00673 
00678         CertificateChain peerCertificateChain() const;
00679 
00680         // reimplemented
00681         virtual bool isClosable() const;
00682         virtual int bytesAvailable() const;
00683         virtual int bytesOutgoingAvailable() const;
00684         virtual void close();
00685         virtual void write(const QByteArray &a);
00686         virtual QByteArray read();
00687         virtual void writeIncoming(const QByteArray &a);
00688         virtual QByteArray readOutgoing(int *plainBytes = 0);
00689         virtual QByteArray readUnprocessed();
00690         virtual int convertBytesWritten(qint64 encryptedBytes);
00691 
00698         int packetsAvailable() const;
00699 
00706         int packetsOutgoingAvailable() const;
00707 
00713         int packetMTU() const;
00714 
00722         void setPacketMTU(int size) const;
00723 
00724 Q_SIGNALS:
00736         void hostNameReceived();
00737 
00749         void certificateRequested();
00750 
00761         void peerCertificateAvailable();
00762 
00774         void handshaken();
00775 
00776 protected:
00783         void connectNotify(const char *signal);
00784 
00791         void disconnectNotify(const char *signal);
00792 
00793 private:
00794         Q_DISABLE_COPY(TLS)
00795 
00796         class Private;
00797         friend class Private;
00798         Private *d;
00799 };
00800 
00828 class QCA_EXPORT SASL : public SecureLayer, public Algorithm
00829 {
00830         Q_OBJECT
00831 public:
00835         enum Error
00836         {
00837                 ErrorInit,      
00838                 ErrorHandshake, 
00839                 ErrorCrypt      
00840         };
00841 
00845         enum AuthCondition
00846         {
00847                 AuthFail,          
00848                 NoMechanism,       
00849                 BadProtocol,       
00850                 BadServer,         
00851                 BadAuth,           
00852                 NoAuthzid,         
00853                 TooWeak,           
00854                 NeedEncrypt,       
00855                 Expired,           
00856                 Disabled,          
00857                 NoUser,            
00858                 RemoteUnavailable  
00859         };
00860 
00864         enum AuthFlags
00865         {
00866                 AuthFlagsNone          = 0x00,
00867                 AllowPlain             = 0x01,
00868                 AllowAnonymous         = 0x02,
00869                 RequireForwardSecrecy  = 0x04,
00870                 RequirePassCredentials = 0x08,
00871                 RequireMutualAuth      = 0x10,
00872                 RequireAuthzidSupport  = 0x20  // server-only
00873         };
00874 
00878         enum ClientSendMode
00879         {
00880                 AllowClientSendFirst,
00881                 DisableClientSendFirst
00882         };
00883 
00887         enum ServerSendMode
00888         {
00889                 AllowServerSendLast,
00890                 DisableServerSendLast
00891         };
00892 
00903         class QCA_EXPORT Params
00904         {
00905         public:
00906                 Params();
00907 
00919                 Params(bool user, bool authzid, bool pass, bool realm);
00920 
00926                 Params(const Params &from);
00927                 ~Params();
00928 
00934                 Params & operator=(const Params &from);
00935 
00939                 bool needUsername() const;
00940 
00944                 bool canSendAuthzid() const;
00945 
00949                 bool needPassword() const;
00950 
00954                 bool canSendRealm() const;
00955 
00956         private:
00957                 class Private;
00958                 Private *d;
00959         };
00960 
00969         explicit SASL(QObject *parent = 0, const QString &provider = QString());
00970 
00971         ~SASL();
00972 
00976         void reset();
00977 
00990         void setConstraints(AuthFlags f, SecurityLevel s = SL_None);
00991 
01007         void setConstraints(AuthFlags f, int minSSF, int maxSSF);
01008 
01015         void setLocalAddress(const QString &addr, quint16 port);
01016 
01023         void setRemoteAddress(const QString &addr, quint16 port);
01024 
01030         void setExternalAuthId(const QString &authid);
01031 
01038         void setExternalSSF(int strength);
01039 
01051         void startClient(const QString &service, const QString &host, const QStringList &mechlist, ClientSendMode mode = AllowClientSendFirst);
01052 
01064         void startServer(const QString &service, const QString &host, const QString &realm, ServerSendMode mode = DisableServerSendLast);
01065 
01075         void putServerFirstStep(const QString &mech);
01076 
01087         void putServerFirstStep(const QString &mech, const QByteArray &clientInit);
01088 
01098         void putStep(const QByteArray &stepData);
01099 
01103         QString mechanism() const;
01104 
01108         QStringList mechanismList() const;
01109 
01113         QStringList realmList() const;
01114 
01118         int ssf() const;
01119 
01123         Error errorCode() const;
01124 
01128         AuthCondition authCondition() const;
01129 
01135         void setUsername(const QString &user);
01136 
01142         void setAuthzid(const QString &auth);
01143 
01149         void setPassword(const SecureArray &pass);
01150 
01156         void setRealm(const QString &realm);
01157 
01161         void continueAfterParams();
01162 
01166         void continueAfterAuthCheck();
01167 
01168         // reimplemented
01169         virtual int bytesAvailable() const;
01170         virtual int bytesOutgoingAvailable() const;
01171         virtual void write(const QByteArray &a);
01172         virtual QByteArray read();
01173         virtual void writeIncoming(const QByteArray &a);
01174         virtual QByteArray readOutgoing(int *plainBytes = 0);
01175         virtual int convertBytesWritten(qint64 encryptedBytes);
01176 
01177 Q_SIGNALS:
01190         void clientStarted(bool clientInit, const QByteArray &clientInitData);
01191 
01196         void serverStarted();
01197 
01205         void nextStep(const QByteArray &stepData);
01206 
01217         void needParams(const QCA::SASL::Params &params);
01218 
01228         void authCheck(const QString &user, const QString &authzid);
01229 
01233         void authenticated();
01234 
01235 private:
01236         Q_DISABLE_COPY(SASL)
01237 
01238         class Private;
01239         friend class Private;
01240         Private *d;
01241 };
01242 
01243 }
01244 
01245 #endif

Generated on Thu Sep 6 19:13:35 2007 for Qt Cryptographic Architecture by  doxygen 1.5.2