1 | /*
|
---|
2 | * qca.cpp - Qt Cryptographic Architecture
|
---|
3 | * Copyright (C) 2003 Justin Karneges
|
---|
4 | *
|
---|
5 | * This library is free software; you can redistribute it and/or
|
---|
6 | * modify it under the terms of the GNU Lesser General Public
|
---|
7 | * License as published by the Free Software Foundation; either
|
---|
8 | * version 2.1 of the License, or (at your option) any later version.
|
---|
9 | *
|
---|
10 | * This library is distributed in the hope that it will be useful,
|
---|
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
---|
13 | * Lesser General Public License for more details.
|
---|
14 | *
|
---|
15 | * You should have received a copy of the GNU Lesser General Public
|
---|
16 | * License along with this library; if not, write to the Free Software
|
---|
17 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
---|
18 | *
|
---|
19 | */
|
---|
20 |
|
---|
21 | #include"qca.h"
|
---|
22 |
|
---|
23 | #include<qptrlist.h>
|
---|
24 | #include<qdir.h>
|
---|
25 | #include<qfileinfo.h>
|
---|
26 | #include<qstringlist.h>
|
---|
27 | #include<qlibrary.h>
|
---|
28 | #include<qtimer.h>
|
---|
29 | #include<qhostaddress.h>
|
---|
30 | #include<qapplication.h>
|
---|
31 | #include<qguardedptr.h>
|
---|
32 | #include<stdlib.h>
|
---|
33 | #include"qcaprovider.h"
|
---|
34 |
|
---|
35 | #if defined(Q_OS_WIN32) || defined(Q_OS_OS2)
|
---|
36 | #define PLUGIN_EXT "dll"
|
---|
37 | #elif defined(Q_OS_MAC)
|
---|
38 | #define PLUGIN_EXT "dylib"
|
---|
39 | #else
|
---|
40 | #define PLUGIN_EXT "so"
|
---|
41 | #endif
|
---|
42 |
|
---|
43 | using namespace QCA;
|
---|
44 |
|
---|
45 | class ProviderItem
|
---|
46 | {
|
---|
47 | public:
|
---|
48 | QCAProvider *p;
|
---|
49 | QString fname;
|
---|
50 |
|
---|
51 | static ProviderItem *load(const QString &fname)
|
---|
52 | {
|
---|
53 | QLibrary *lib = new QLibrary(fname);
|
---|
54 | if(!lib->load()) {
|
---|
55 | delete lib;
|
---|
56 | return 0;
|
---|
57 | }
|
---|
58 | void *s = lib->resolve("createProvider");
|
---|
59 | if(!s) {
|
---|
60 | delete lib;
|
---|
61 | return 0;
|
---|
62 | }
|
---|
63 | QCAProvider *(*createProvider)() = (QCAProvider *(*)())s;
|
---|
64 | QCAProvider *p = createProvider();
|
---|
65 | if(!p) {
|
---|
66 | delete lib;
|
---|
67 | return 0;
|
---|
68 | }
|
---|
69 | ProviderItem *i = new ProviderItem(lib, p);
|
---|
70 | i->fname = fname;
|
---|
71 | return i;
|
---|
72 | }
|
---|
73 |
|
---|
74 | static ProviderItem *fromClass(QCAProvider *p)
|
---|
75 | {
|
---|
76 | ProviderItem *i = new ProviderItem(0, p);
|
---|
77 | return i;
|
---|
78 | }
|
---|
79 |
|
---|
80 | ~ProviderItem()
|
---|
81 | {
|
---|
82 | delete p;
|
---|
83 | delete lib;
|
---|
84 | }
|
---|
85 |
|
---|
86 | void ensureInit()
|
---|
87 | {
|
---|
88 | if(init_done)
|
---|
89 | return;
|
---|
90 | init_done = true;
|
---|
91 | p->init();
|
---|
92 | }
|
---|
93 |
|
---|
94 | private:
|
---|
95 | QLibrary *lib;
|
---|
96 | bool init_done;
|
---|
97 |
|
---|
98 | ProviderItem(QLibrary *_lib, QCAProvider *_p)
|
---|
99 | {
|
---|
100 | lib = _lib;
|
---|
101 | p = _p;
|
---|
102 | init_done = false;
|
---|
103 | }
|
---|
104 | };
|
---|
105 |
|
---|
106 | static QPtrList<ProviderItem> providerList;
|
---|
107 | static bool qca_init = false;
|
---|
108 |
|
---|
109 | static bool plugin_have(const QString &fname)
|
---|
110 | {
|
---|
111 | QPtrListIterator<ProviderItem> it(providerList);
|
---|
112 | for(ProviderItem *i; (i = it.current()); ++it) {
|
---|
113 | if(i->fname == fname)
|
---|
114 | return true;
|
---|
115 | }
|
---|
116 | return false;
|
---|
117 | }
|
---|
118 |
|
---|
119 | static void plugin_scan()
|
---|
120 | {
|
---|
121 | QStringList dirs = QApplication::libraryPaths();
|
---|
122 | for(QStringList::ConstIterator it = dirs.begin(); it != dirs.end(); ++it) {
|
---|
123 | QDir libpath(*it);
|
---|
124 | QDir dir(libpath.filePath("crypto"));
|
---|
125 | if(!dir.exists())
|
---|
126 | continue;
|
---|
127 |
|
---|
128 | QStringList list = dir.entryList();
|
---|
129 | for(QStringList::ConstIterator it = list.begin(); it != list.end(); ++it) {
|
---|
130 | QFileInfo fi(dir.filePath(*it));
|
---|
131 | if(fi.isDir())
|
---|
132 | continue;
|
---|
133 | if(fi.extension() != PLUGIN_EXT)
|
---|
134 | continue;
|
---|
135 | QString fname = fi.filePath();
|
---|
136 |
|
---|
137 | // don't load the same plugin again!
|
---|
138 | if(plugin_have(fname))
|
---|
139 | continue;
|
---|
140 | //printf("f=[%s]\n", fname.latin1());
|
---|
141 |
|
---|
142 | ProviderItem *i = ProviderItem::load(fname);
|
---|
143 | if(!i)
|
---|
144 | continue;
|
---|
145 | if(i->p->qcaVersion() != QCA_PLUGIN_VERSION) {
|
---|
146 | delete i;
|
---|
147 | continue;
|
---|
148 | }
|
---|
149 |
|
---|
150 | providerList.append(i);
|
---|
151 | }
|
---|
152 | }
|
---|
153 | }
|
---|
154 |
|
---|
155 | static void plugin_addClass(QCAProvider *p)
|
---|
156 | {
|
---|
157 | ProviderItem *i = ProviderItem::fromClass(p);
|
---|
158 | providerList.prepend(i);
|
---|
159 | }
|
---|
160 |
|
---|
161 | static void plugin_unloadall()
|
---|
162 | {
|
---|
163 | providerList.clear();
|
---|
164 | }
|
---|
165 |
|
---|
166 | static int plugin_caps()
|
---|
167 | {
|
---|
168 | int caps = 0;
|
---|
169 | QPtrListIterator<ProviderItem> it(providerList);
|
---|
170 | for(ProviderItem *i; (i = it.current()); ++it)
|
---|
171 | caps |= i->p->capabilities();
|
---|
172 | return caps;
|
---|
173 | }
|
---|
174 |
|
---|
175 | QString QCA::arrayToHex(const QByteArray &a)
|
---|
176 | {
|
---|
177 | QString out;
|
---|
178 | for(int n = 0; n < (int)a.size(); ++n) {
|
---|
179 | QString str;
|
---|
180 | str.sprintf("%02x", (uchar)a[n]);
|
---|
181 | out.append(str);
|
---|
182 | }
|
---|
183 | return out;
|
---|
184 | }
|
---|
185 |
|
---|
186 | QByteArray QCA::hexToArray(const QString &str)
|
---|
187 | {
|
---|
188 | QByteArray out(str.length() / 2);
|
---|
189 | int at = 0;
|
---|
190 | for(int n = 0; n + 1 < (int)str.length(); n += 2) {
|
---|
191 | uchar a = str[n];
|
---|
192 | uchar b = str[n+1];
|
---|
193 | uchar c = ((a & 0x0f) << 4) + (b & 0x0f);
|
---|
194 | out[at++] = c;
|
---|
195 | }
|
---|
196 | return out;
|
---|
197 | }
|
---|
198 |
|
---|
199 | void QCA::init()
|
---|
200 | {
|
---|
201 | if(qca_init)
|
---|
202 | return;
|
---|
203 | qca_init = true;
|
---|
204 | providerList.setAutoDelete(true);
|
---|
205 | }
|
---|
206 |
|
---|
207 | bool QCA::isSupported(int capabilities)
|
---|
208 | {
|
---|
209 | init();
|
---|
210 |
|
---|
211 | int caps = plugin_caps();
|
---|
212 | if(caps & capabilities)
|
---|
213 | return true;
|
---|
214 |
|
---|
215 | // ok, try scanning for new stuff
|
---|
216 | plugin_scan();
|
---|
217 | caps = plugin_caps();
|
---|
218 | if(caps & capabilities)
|
---|
219 | return true;
|
---|
220 |
|
---|
221 | return false;
|
---|
222 | }
|
---|
223 |
|
---|
224 | void QCA::insertProvider(QCAProvider *p)
|
---|
225 | {
|
---|
226 | plugin_addClass(p);
|
---|
227 | }
|
---|
228 |
|
---|
229 | void QCA::unloadAllPlugins()
|
---|
230 | {
|
---|
231 | plugin_unloadall();
|
---|
232 | }
|
---|
233 |
|
---|
234 | static void *getContext(int cap)
|
---|
235 | {
|
---|
236 | init();
|
---|
237 |
|
---|
238 | // this call will also trip a scan for new plugins if needed
|
---|
239 | if(!QCA::isSupported(cap))
|
---|
240 | return 0;
|
---|
241 |
|
---|
242 | QPtrListIterator<ProviderItem> it(providerList);
|
---|
243 | for(ProviderItem *i; (i = it.current()); ++it) {
|
---|
244 | if(i->p->capabilities() & cap) {
|
---|
245 | i->ensureInit();
|
---|
246 | return i->p->context(cap);
|
---|
247 | }
|
---|
248 | }
|
---|
249 | return 0;
|
---|
250 | }
|
---|
251 |
|
---|
252 |
|
---|
253 | //----------------------------------------------------------------------------
|
---|
254 | // Hash
|
---|
255 | //----------------------------------------------------------------------------
|
---|
256 | class Hash::Private
|
---|
257 | {
|
---|
258 | public:
|
---|
259 | Private()
|
---|
260 | {
|
---|
261 | c = 0;
|
---|
262 | }
|
---|
263 |
|
---|
264 | ~Private()
|
---|
265 | {
|
---|
266 | delete c;
|
---|
267 | }
|
---|
268 |
|
---|
269 | void reset()
|
---|
270 | {
|
---|
271 | c->reset();
|
---|
272 | }
|
---|
273 |
|
---|
274 | QCA_HashContext *c;
|
---|
275 | };
|
---|
276 |
|
---|
277 | Hash::Hash(QCA_HashContext *c)
|
---|
278 | {
|
---|
279 | d = new Private;
|
---|
280 | d->c = c;
|
---|
281 | }
|
---|
282 |
|
---|
283 | Hash::Hash(const Hash &from)
|
---|
284 | {
|
---|
285 | d = new Private;
|
---|
286 | *this = from;
|
---|
287 | }
|
---|
288 |
|
---|
289 | Hash & Hash::operator=(const Hash &from)
|
---|
290 | {
|
---|
291 | delete d->c;
|
---|
292 | d->c = from.d->c->clone();
|
---|
293 | return *this;
|
---|
294 | }
|
---|
295 |
|
---|
296 | Hash::~Hash()
|
---|
297 | {
|
---|
298 | delete d;
|
---|
299 | }
|
---|
300 |
|
---|
301 | void Hash::clear()
|
---|
302 | {
|
---|
303 | d->reset();
|
---|
304 | }
|
---|
305 |
|
---|
306 | void Hash::update(const QByteArray &a)
|
---|
307 | {
|
---|
308 | d->c->update(a.data(), a.size());
|
---|
309 | }
|
---|
310 |
|
---|
311 | QByteArray Hash::final()
|
---|
312 | {
|
---|
313 | QByteArray buf;
|
---|
314 | d->c->final(&buf);
|
---|
315 | return buf;
|
---|
316 | }
|
---|
317 |
|
---|
318 |
|
---|
319 | //----------------------------------------------------------------------------
|
---|
320 | // Cipher
|
---|
321 | //----------------------------------------------------------------------------
|
---|
322 | class Cipher::Private
|
---|
323 | {
|
---|
324 | public:
|
---|
325 | Private()
|
---|
326 | {
|
---|
327 | c = 0;
|
---|
328 | }
|
---|
329 |
|
---|
330 | ~Private()
|
---|
331 | {
|
---|
332 | delete c;
|
---|
333 | }
|
---|
334 |
|
---|
335 | void reset()
|
---|
336 | {
|
---|
337 | dir = Encrypt;
|
---|
338 | key.resize(0);
|
---|
339 | iv.resize(0);
|
---|
340 | err = false;
|
---|
341 | }
|
---|
342 |
|
---|
343 | QCA_CipherContext *c;
|
---|
344 | int dir;
|
---|
345 | int mode;
|
---|
346 | QByteArray key, iv;
|
---|
347 | bool err;
|
---|
348 | };
|
---|
349 |
|
---|
350 | Cipher::Cipher(QCA_CipherContext *c, int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
351 | {
|
---|
352 | d = new Private;
|
---|
353 | d->c = c;
|
---|
354 | reset(dir, mode, key, iv, pad);
|
---|
355 | }
|
---|
356 |
|
---|
357 | Cipher::Cipher(const Cipher &from)
|
---|
358 | {
|
---|
359 | d = new Private;
|
---|
360 | *this = from;
|
---|
361 | }
|
---|
362 |
|
---|
363 | Cipher & Cipher::operator=(const Cipher &from)
|
---|
364 | {
|
---|
365 | delete d->c;
|
---|
366 | d->c = from.d->c->clone();
|
---|
367 | d->dir = from.d->dir;
|
---|
368 | d->mode = from.d->mode;
|
---|
369 | d->key = from.d->key.copy();
|
---|
370 | d->iv = from.d->iv.copy();
|
---|
371 | d->err = from.d->err;
|
---|
372 | return *this;
|
---|
373 | }
|
---|
374 |
|
---|
375 | Cipher::~Cipher()
|
---|
376 | {
|
---|
377 | delete d;
|
---|
378 | }
|
---|
379 |
|
---|
380 | QByteArray Cipher::dyn_generateKey(int size) const
|
---|
381 | {
|
---|
382 | QByteArray buf;
|
---|
383 | if(size != -1)
|
---|
384 | buf.resize(size);
|
---|
385 | else
|
---|
386 | buf.resize(d->c->keySize());
|
---|
387 | if(!d->c->generateKey(buf.data(), size))
|
---|
388 | return QByteArray();
|
---|
389 | return buf;
|
---|
390 | }
|
---|
391 |
|
---|
392 | QByteArray Cipher::dyn_generateIV() const
|
---|
393 | {
|
---|
394 | QByteArray buf(d->c->blockSize());
|
---|
395 | if(!d->c->generateIV(buf.data()))
|
---|
396 | return QByteArray();
|
---|
397 | return buf;
|
---|
398 | }
|
---|
399 |
|
---|
400 | void Cipher::reset(int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
401 | {
|
---|
402 | d->reset();
|
---|
403 |
|
---|
404 | d->dir = dir;
|
---|
405 | d->mode = mode;
|
---|
406 | d->key = key.copy();
|
---|
407 | d->iv = iv.copy();
|
---|
408 | if(!d->c->setup(d->dir, d->mode, d->key.isEmpty() ? 0: d->key.data(), d->key.size(), d->iv.isEmpty() ? 0 : d->iv.data(), pad)) {
|
---|
409 | d->err = true;
|
---|
410 | return;
|
---|
411 | }
|
---|
412 | }
|
---|
413 |
|
---|
414 | bool Cipher::update(const QByteArray &a)
|
---|
415 | {
|
---|
416 | if(d->err)
|
---|
417 | return false;
|
---|
418 |
|
---|
419 | if(!a.isEmpty()) {
|
---|
420 | if(!d->c->update(a.data(), a.size())) {
|
---|
421 | d->err = true;
|
---|
422 | return false;
|
---|
423 | }
|
---|
424 | }
|
---|
425 | return true;
|
---|
426 | }
|
---|
427 |
|
---|
428 | QByteArray Cipher::final(bool *ok)
|
---|
429 | {
|
---|
430 | if(ok)
|
---|
431 | *ok = false;
|
---|
432 | if(d->err)
|
---|
433 | return QByteArray();
|
---|
434 |
|
---|
435 | QByteArray out;
|
---|
436 | if(!d->c->final(&out)) {
|
---|
437 | d->err = true;
|
---|
438 | return QByteArray();
|
---|
439 | }
|
---|
440 | if(ok)
|
---|
441 | *ok = true;
|
---|
442 | return out;
|
---|
443 | }
|
---|
444 |
|
---|
445 |
|
---|
446 | //----------------------------------------------------------------------------
|
---|
447 | // SHA1
|
---|
448 | //----------------------------------------------------------------------------
|
---|
449 | SHA1::SHA1()
|
---|
450 | :Hash((QCA_HashContext *)getContext(CAP_SHA1))
|
---|
451 | {
|
---|
452 | }
|
---|
453 |
|
---|
454 |
|
---|
455 | //----------------------------------------------------------------------------
|
---|
456 | // SHA256
|
---|
457 | //----------------------------------------------------------------------------
|
---|
458 | SHA256::SHA256()
|
---|
459 | :Hash((QCA_HashContext *)getContext(CAP_SHA256))
|
---|
460 | {
|
---|
461 | }
|
---|
462 |
|
---|
463 |
|
---|
464 | //----------------------------------------------------------------------------
|
---|
465 | // MD5
|
---|
466 | //----------------------------------------------------------------------------
|
---|
467 | MD5::MD5()
|
---|
468 | :Hash((QCA_HashContext *)getContext(CAP_MD5))
|
---|
469 | {
|
---|
470 | }
|
---|
471 |
|
---|
472 |
|
---|
473 | //----------------------------------------------------------------------------
|
---|
474 | // BlowFish
|
---|
475 | //----------------------------------------------------------------------------
|
---|
476 | BlowFish::BlowFish(int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
477 | :Cipher((QCA_CipherContext *)getContext(CAP_BlowFish), dir, mode, key, iv, pad)
|
---|
478 | {
|
---|
479 | }
|
---|
480 |
|
---|
481 |
|
---|
482 | //----------------------------------------------------------------------------
|
---|
483 | // TripleDES
|
---|
484 | //----------------------------------------------------------------------------
|
---|
485 | TripleDES::TripleDES(int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
486 | :Cipher((QCA_CipherContext *)getContext(CAP_TripleDES), dir, mode, key, iv, pad)
|
---|
487 | {
|
---|
488 | }
|
---|
489 |
|
---|
490 |
|
---|
491 | //----------------------------------------------------------------------------
|
---|
492 | // AES128
|
---|
493 | //----------------------------------------------------------------------------
|
---|
494 | AES128::AES128(int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
495 | :Cipher((QCA_CipherContext *)getContext(CAP_AES128), dir, mode, key, iv, pad)
|
---|
496 | {
|
---|
497 | }
|
---|
498 |
|
---|
499 |
|
---|
500 | //----------------------------------------------------------------------------
|
---|
501 | // AES256
|
---|
502 | //----------------------------------------------------------------------------
|
---|
503 | AES256::AES256(int dir, int mode, const QByteArray &key, const QByteArray &iv, bool pad)
|
---|
504 | :Cipher((QCA_CipherContext *)getContext(CAP_AES256), dir, mode, key, iv, pad)
|
---|
505 | {
|
---|
506 | }
|
---|
507 |
|
---|
508 |
|
---|
509 | //----------------------------------------------------------------------------
|
---|
510 | // RSAKey
|
---|
511 | //----------------------------------------------------------------------------
|
---|
512 | class RSAKey::Private
|
---|
513 | {
|
---|
514 | public:
|
---|
515 | Private()
|
---|
516 | {
|
---|
517 | c = 0;
|
---|
518 | }
|
---|
519 |
|
---|
520 | ~Private()
|
---|
521 | {
|
---|
522 | delete c;
|
---|
523 | }
|
---|
524 |
|
---|
525 | QCA_RSAKeyContext *c;
|
---|
526 | };
|
---|
527 |
|
---|
528 | RSAKey::RSAKey()
|
---|
529 | {
|
---|
530 | d = new Private;
|
---|
531 | d->c = (QCA_RSAKeyContext *)getContext(CAP_RSA);
|
---|
532 | }
|
---|
533 |
|
---|
534 | RSAKey::RSAKey(const RSAKey &from)
|
---|
535 | {
|
---|
536 | d = new Private;
|
---|
537 | *this = from;
|
---|
538 | }
|
---|
539 |
|
---|
540 | RSAKey & RSAKey::operator=(const RSAKey &from)
|
---|
541 | {
|
---|
542 | delete d->c;
|
---|
543 | d->c = from.d->c->clone();
|
---|
544 | return *this;
|
---|
545 | }
|
---|
546 |
|
---|
547 | RSAKey::~RSAKey()
|
---|
548 | {
|
---|
549 | delete d;
|
---|
550 | }
|
---|
551 |
|
---|
552 | bool RSAKey::isNull() const
|
---|
553 | {
|
---|
554 | return d->c->isNull();
|
---|
555 | }
|
---|
556 |
|
---|
557 | bool RSAKey::havePublic() const
|
---|
558 | {
|
---|
559 | return d->c->havePublic();
|
---|
560 | }
|
---|
561 |
|
---|
562 | bool RSAKey::havePrivate() const
|
---|
563 | {
|
---|
564 | return d->c->havePrivate();
|
---|
565 | }
|
---|
566 |
|
---|
567 | QByteArray RSAKey::toDER(bool publicOnly) const
|
---|
568 | {
|
---|
569 | QByteArray out;
|
---|
570 | if(!d->c->toDER(&out, publicOnly))
|
---|
571 | return QByteArray();
|
---|
572 | return out;
|
---|
573 | }
|
---|
574 |
|
---|
575 | bool RSAKey::fromDER(const QByteArray &a)
|
---|
576 | {
|
---|
577 | return d->c->createFromDER(a.data(), a.size());
|
---|
578 | }
|
---|
579 |
|
---|
580 | QString RSAKey::toPEM(bool publicOnly) const
|
---|
581 | {
|
---|
582 | QByteArray out;
|
---|
583 | if(!d->c->toPEM(&out, publicOnly))
|
---|
584 | return QByteArray();
|
---|
585 |
|
---|
586 | QCString cs;
|
---|
587 | cs.resize(out.size()+1);
|
---|
588 | memcpy(cs.data(), out.data(), out.size());
|
---|
589 | return QString::fromLatin1(cs);
|
---|
590 | }
|
---|
591 |
|
---|
592 | bool RSAKey::fromPEM(const QString &str)
|
---|
593 | {
|
---|
594 | QCString cs = str.latin1();
|
---|
595 | QByteArray a(cs.length());
|
---|
596 | memcpy(a.data(), cs.data(), a.size());
|
---|
597 | return d->c->createFromPEM(a.data(), a.size());
|
---|
598 | }
|
---|
599 |
|
---|
600 | bool RSAKey::fromNative(void *p)
|
---|
601 | {
|
---|
602 | return d->c->createFromNative(p);
|
---|
603 | }
|
---|
604 |
|
---|
605 | bool RSAKey::encrypt(const QByteArray &a, QByteArray *b, bool oaep) const
|
---|
606 | {
|
---|
607 | QByteArray out;
|
---|
608 | if(!d->c->encrypt(a, &out, oaep))
|
---|
609 | return false;
|
---|
610 | *b = out;
|
---|
611 | return true;
|
---|
612 | }
|
---|
613 |
|
---|
614 | bool RSAKey::decrypt(const QByteArray &a, QByteArray *b, bool oaep) const
|
---|
615 | {
|
---|
616 | QByteArray out;
|
---|
617 | if(!d->c->decrypt(a, &out, oaep))
|
---|
618 | return false;
|
---|
619 | *b = out;
|
---|
620 | return true;
|
---|
621 | }
|
---|
622 |
|
---|
623 | bool RSAKey::generate(unsigned int bits)
|
---|
624 | {
|
---|
625 | return d->c->generate(bits);
|
---|
626 | }
|
---|
627 |
|
---|
628 |
|
---|
629 | //----------------------------------------------------------------------------
|
---|
630 | // RSA
|
---|
631 | //----------------------------------------------------------------------------
|
---|
632 | RSA::RSA()
|
---|
633 | {
|
---|
634 | }
|
---|
635 |
|
---|
636 | RSA::~RSA()
|
---|
637 | {
|
---|
638 | }
|
---|
639 |
|
---|
640 | RSAKey RSA::key() const
|
---|
641 | {
|
---|
642 | return v_key;
|
---|
643 | }
|
---|
644 |
|
---|
645 | void RSA::setKey(const RSAKey &k)
|
---|
646 | {
|
---|
647 | v_key = k;
|
---|
648 | }
|
---|
649 |
|
---|
650 | bool RSA::encrypt(const QByteArray &a, QByteArray *b, bool oaep) const
|
---|
651 | {
|
---|
652 | if(v_key.isNull())
|
---|
653 | return false;
|
---|
654 | return v_key.encrypt(a, b, oaep);
|
---|
655 | }
|
---|
656 |
|
---|
657 | bool RSA::decrypt(const QByteArray &a, QByteArray *b, bool oaep) const
|
---|
658 | {
|
---|
659 | if(v_key.isNull())
|
---|
660 | return false;
|
---|
661 | return v_key.decrypt(a, b, oaep);
|
---|
662 | }
|
---|
663 |
|
---|
664 | RSAKey RSA::generateKey(unsigned int bits)
|
---|
665 | {
|
---|
666 | RSAKey k;
|
---|
667 | k.generate(bits);
|
---|
668 | return k;
|
---|
669 | }
|
---|
670 |
|
---|
671 |
|
---|
672 | //----------------------------------------------------------------------------
|
---|
673 | // Cert
|
---|
674 | //----------------------------------------------------------------------------
|
---|
675 | class Cert::Private
|
---|
676 | {
|
---|
677 | public:
|
---|
678 | Private()
|
---|
679 | {
|
---|
680 | c = 0;
|
---|
681 | }
|
---|
682 |
|
---|
683 | ~Private()
|
---|
684 | {
|
---|
685 | delete c;
|
---|
686 | }
|
---|
687 |
|
---|
688 | QCA_CertContext *c;
|
---|
689 | };
|
---|
690 |
|
---|
691 | Cert::Cert()
|
---|
692 | {
|
---|
693 | d = new Private;
|
---|
694 | d->c = (QCA_CertContext *)getContext(CAP_X509);
|
---|
695 | }
|
---|
696 |
|
---|
697 | Cert::Cert(const Cert &from)
|
---|
698 | {
|
---|
699 | d = new Private;
|
---|
700 | *this = from;
|
---|
701 | }
|
---|
702 |
|
---|
703 | Cert & Cert::operator=(const Cert &from)
|
---|
704 | {
|
---|
705 | delete d->c;
|
---|
706 | d->c = from.d->c->clone();
|
---|
707 | return *this;
|
---|
708 | }
|
---|
709 |
|
---|
710 | Cert::~Cert()
|
---|
711 | {
|
---|
712 | delete d;
|
---|
713 | }
|
---|
714 |
|
---|
715 | void Cert::fromContext(QCA_CertContext *ctx)
|
---|
716 | {
|
---|
717 | delete d->c;
|
---|
718 | d->c = ctx;
|
---|
719 | }
|
---|
720 |
|
---|
721 | bool Cert::isNull() const
|
---|
722 | {
|
---|
723 | return d->c->isNull();
|
---|
724 | }
|
---|
725 |
|
---|
726 | QString Cert::commonName() const
|
---|
727 | {
|
---|
728 | CertProperties props = subject();
|
---|
729 | return props["CN"];
|
---|
730 | }
|
---|
731 |
|
---|
732 | QString Cert::serialNumber() const
|
---|
733 | {
|
---|
734 | return d->c->serialNumber();
|
---|
735 | }
|
---|
736 |
|
---|
737 | QString Cert::subjectString() const
|
---|
738 | {
|
---|
739 | return d->c->subjectString();
|
---|
740 | }
|
---|
741 |
|
---|
742 | QString Cert::issuerString() const
|
---|
743 | {
|
---|
744 | return d->c->issuerString();
|
---|
745 | }
|
---|
746 |
|
---|
747 | CertProperties Cert::subject() const
|
---|
748 | {
|
---|
749 | QValueList<QCA_CertProperty> list = d->c->subject();
|
---|
750 | CertProperties props;
|
---|
751 | for(QValueList<QCA_CertProperty>::ConstIterator it = list.begin(); it != list.end(); ++it)
|
---|
752 | props[(*it).var] = (*it).val;
|
---|
753 | return props;
|
---|
754 | }
|
---|
755 |
|
---|
756 | CertProperties Cert::issuer() const
|
---|
757 | {
|
---|
758 | QValueList<QCA_CertProperty> list = d->c->issuer();
|
---|
759 | CertProperties props;
|
---|
760 | for(QValueList<QCA_CertProperty>::ConstIterator it = list.begin(); it != list.end(); ++it)
|
---|
761 | props[(*it).var] = (*it).val;
|
---|
762 | return props;
|
---|
763 | }
|
---|
764 |
|
---|
765 | QDateTime Cert::notBefore() const
|
---|
766 | {
|
---|
767 | return d->c->notBefore();
|
---|
768 | }
|
---|
769 |
|
---|
770 | QDateTime Cert::notAfter() const
|
---|
771 | {
|
---|
772 | return d->c->notAfter();
|
---|
773 | }
|
---|
774 |
|
---|
775 | QByteArray Cert::toDER() const
|
---|
776 | {
|
---|
777 | QByteArray out;
|
---|
778 | if(!d->c->toDER(&out))
|
---|
779 | return QByteArray();
|
---|
780 | return out;
|
---|
781 | }
|
---|
782 |
|
---|
783 | bool Cert::fromDER(const QByteArray &a)
|
---|
784 | {
|
---|
785 | return d->c->createFromDER(a.data(), a.size());
|
---|
786 | }
|
---|
787 |
|
---|
788 | QString Cert::toPEM() const
|
---|
789 | {
|
---|
790 | QByteArray out;
|
---|
791 | if(!d->c->toPEM(&out))
|
---|
792 | return QByteArray();
|
---|
793 |
|
---|
794 | QCString cs;
|
---|
795 | cs.resize(out.size()+1);
|
---|
796 | memcpy(cs.data(), out.data(), out.size());
|
---|
797 | return QString::fromLatin1(cs);
|
---|
798 | }
|
---|
799 |
|
---|
800 | bool Cert::fromPEM(const QString &str)
|
---|
801 | {
|
---|
802 | QCString cs = str.latin1();
|
---|
803 | QByteArray a(cs.length());
|
---|
804 | memcpy(a.data(), cs.data(), a.size());
|
---|
805 | return d->c->createFromPEM(a.data(), a.size());
|
---|
806 | }
|
---|
807 |
|
---|
808 |
|
---|
809 | //----------------------------------------------------------------------------
|
---|
810 | // TLS
|
---|
811 | //----------------------------------------------------------------------------
|
---|
812 | class TLS::Private
|
---|
813 | {
|
---|
814 | public:
|
---|
815 | Private()
|
---|
816 | {
|
---|
817 | c = (QCA_TLSContext *)getContext(CAP_TLS);
|
---|
818 | }
|
---|
819 |
|
---|
820 | ~Private()
|
---|
821 | {
|
---|
822 | delete c;
|
---|
823 | }
|
---|
824 |
|
---|
825 | void reset()
|
---|
826 | {
|
---|
827 | handshaken = false;
|
---|
828 | closing = false;
|
---|
829 | in.resize(0);
|
---|
830 | out.resize(0);
|
---|
831 | from_net.resize(0);
|
---|
832 | to_net.resize(0);
|
---|
833 | host = "";
|
---|
834 | hostMismatch = false;
|
---|
835 | cert = Cert();
|
---|
836 | bytesEncoded = 0;
|
---|
837 | tryMore = false;
|
---|
838 | }
|
---|
839 |
|
---|
840 | void appendArray(QByteArray *a, const QByteArray &b)
|
---|
841 | {
|
---|
842 | int oldsize = a->size();
|
---|
843 | a->resize(oldsize + b.size());
|
---|
844 | memcpy(a->data() + oldsize, b.data(), b.size());
|
---|
845 | }
|
---|
846 |
|
---|
847 | Cert cert;
|
---|
848 | QCA_TLSContext *c;
|
---|
849 | QByteArray in, out, to_net, from_net;
|
---|
850 | int bytesEncoded;
|
---|
851 | bool tryMore;
|
---|
852 | bool handshaken;
|
---|
853 | QString host;
|
---|
854 | bool hostMismatch;
|
---|
855 | bool closing;
|
---|
856 |
|
---|
857 | Cert ourCert;
|
---|
858 | RSAKey ourKey;
|
---|
859 | QPtrList<QCA_CertContext> store;
|
---|
860 | };
|
---|
861 |
|
---|
862 | TLS::TLS(QObject *parent)
|
---|
863 | :QObject(parent)
|
---|
864 | {
|
---|
865 | d = new Private;
|
---|
866 | }
|
---|
867 |
|
---|
868 | TLS::~TLS()
|
---|
869 | {
|
---|
870 | delete d;
|
---|
871 | }
|
---|
872 |
|
---|
873 | void TLS::setCertificate(const Cert &cert, const RSAKey &key)
|
---|
874 | {
|
---|
875 | d->ourCert = cert;
|
---|
876 | d->ourKey = key;
|
---|
877 | }
|
---|
878 |
|
---|
879 | void TLS::setCertificateStore(const QPtrList<Cert> &store)
|
---|
880 | {
|
---|
881 | // convert the cert list into a context list
|
---|
882 | d->store.clear();
|
---|
883 | QPtrListIterator<Cert> it(store);
|
---|
884 | for(Cert *cert; (cert = it.current()); ++it)
|
---|
885 | d->store.append(cert->d->c);
|
---|
886 | }
|
---|
887 |
|
---|
888 | void TLS::reset()
|
---|
889 | {
|
---|
890 | d->reset();
|
---|
891 | }
|
---|
892 |
|
---|
893 | bool TLS::startClient(const QString &host)
|
---|
894 | {
|
---|
895 | d->reset();
|
---|
896 | d->host = host;
|
---|
897 |
|
---|
898 | if(!d->c->startClient(d->store, *d->ourCert.d->c, *d->ourKey.d->c))
|
---|
899 | return false;
|
---|
900 | QTimer::singleShot(0, this, SLOT(update()));
|
---|
901 | return true;
|
---|
902 | }
|
---|
903 |
|
---|
904 | bool TLS::startServer()
|
---|
905 | {
|
---|
906 | d->reset();
|
---|
907 |
|
---|
908 | if(!d->c->startServer(d->store, *d->ourCert.d->c, *d->ourKey.d->c))
|
---|
909 | return false;
|
---|
910 | QTimer::singleShot(0, this, SLOT(update()));
|
---|
911 | return true;
|
---|
912 | }
|
---|
913 |
|
---|
914 | void TLS::close()
|
---|
915 | {
|
---|
916 | if(!d->handshaken || d->closing)
|
---|
917 | return;
|
---|
918 |
|
---|
919 | d->closing = true;
|
---|
920 | QTimer::singleShot(0, this, SLOT(update()));
|
---|
921 | }
|
---|
922 |
|
---|
923 | bool TLS::isHandshaken() const
|
---|
924 | {
|
---|
925 | return d->handshaken;
|
---|
926 | }
|
---|
927 |
|
---|
928 | void TLS::write(const QByteArray &a)
|
---|
929 | {
|
---|
930 | d->appendArray(&d->out, a);
|
---|
931 | update();
|
---|
932 | }
|
---|
933 |
|
---|
934 | QByteArray TLS::read()
|
---|
935 | {
|
---|
936 | QByteArray a = d->in.copy();
|
---|
937 | d->in.resize(0);
|
---|
938 | return a;
|
---|
939 | }
|
---|
940 |
|
---|
941 | void TLS::writeIncoming(const QByteArray &a)
|
---|
942 | {
|
---|
943 | d->appendArray(&d->from_net, a);
|
---|
944 | update();
|
---|
945 | }
|
---|
946 |
|
---|
947 | QByteArray TLS::readOutgoing()
|
---|
948 | {
|
---|
949 | QByteArray a = d->to_net.copy();
|
---|
950 | d->to_net.resize(0);
|
---|
951 | return a;
|
---|
952 | }
|
---|
953 |
|
---|
954 | QByteArray TLS::readUnprocessed()
|
---|
955 | {
|
---|
956 | QByteArray a = d->from_net.copy();
|
---|
957 | d->from_net.resize(0);
|
---|
958 | return a;
|
---|
959 | }
|
---|
960 |
|
---|
961 | const Cert & TLS::peerCertificate() const
|
---|
962 | {
|
---|
963 | return d->cert;
|
---|
964 | }
|
---|
965 |
|
---|
966 | int TLS::certificateValidityResult() const
|
---|
967 | {
|
---|
968 | if(d->hostMismatch)
|
---|
969 | return QCA::TLS::HostMismatch;
|
---|
970 | else
|
---|
971 | return d->c->validityResult();
|
---|
972 | }
|
---|
973 |
|
---|
974 | void TLS::update()
|
---|
975 | {
|
---|
976 | bool force_read = false;
|
---|
977 | bool eof = false;
|
---|
978 | bool done = false;
|
---|
979 | QGuardedPtr<TLS> self = this;
|
---|
980 |
|
---|
981 | if(d->closing) {
|
---|
982 | QByteArray a;
|
---|
983 | int r = d->c->shutdown(d->from_net, &a);
|
---|
984 | d->from_net.resize(0);
|
---|
985 | if(r == QCA_TLSContext::Error) {
|
---|
986 | reset();
|
---|
987 | error(ErrHandshake);
|
---|
988 | return;
|
---|
989 | }
|
---|
990 | if(r == QCA_TLSContext::Success) {
|
---|
991 | d->from_net = d->c->unprocessed().copy();
|
---|
992 | done = true;
|
---|
993 | }
|
---|
994 | d->appendArray(&d->to_net, a);
|
---|
995 | }
|
---|
996 | else {
|
---|
997 | if(!d->handshaken) {
|
---|
998 | QByteArray a;
|
---|
999 | int r = d->c->handshake(d->from_net, &a);
|
---|
1000 | d->from_net.resize(0);
|
---|
1001 | if(r == QCA_TLSContext::Error) {
|
---|
1002 | reset();
|
---|
1003 | error(ErrHandshake);
|
---|
1004 | return;
|
---|
1005 | }
|
---|
1006 | d->appendArray(&d->to_net, a);
|
---|
1007 | if(r == QCA_TLSContext::Success) {
|
---|
1008 | QCA_CertContext *cc = d->c->peerCertificate();
|
---|
1009 | if(cc && !d->host.isEmpty() && d->c->validityResult() == QCA::TLS::Valid) {
|
---|
1010 | if(!cc->matchesAddress(d->host))
|
---|
1011 | d->hostMismatch = true;
|
---|
1012 | }
|
---|
1013 | d->cert.fromContext(cc);
|
---|
1014 | d->handshaken = true;
|
---|
1015 | handshaken();
|
---|
1016 | if(!self)
|
---|
1017 | return;
|
---|
1018 |
|
---|
1019 | // there is a teeny tiny possibility that incoming data awaits. let us get it.
|
---|
1020 | force_read = true;
|
---|
1021 | }
|
---|
1022 | }
|
---|
1023 |
|
---|
1024 | if(d->handshaken) {
|
---|
1025 | if(!d->out.isEmpty() || d->tryMore) {
|
---|
1026 | d->tryMore = false;
|
---|
1027 | QByteArray a;
|
---|
1028 | int enc;
|
---|
1029 | bool more = false;
|
---|
1030 | bool ok = d->c->encode(d->out, &a, &enc);
|
---|
1031 | eof = d->c->eof();
|
---|
1032 | if(ok && enc < (int)d->out.size())
|
---|
1033 | more = true;
|
---|
1034 | d->out.resize(0);
|
---|
1035 | if(!eof) {
|
---|
1036 | if(!ok) {
|
---|
1037 | reset();
|
---|
1038 | error(ErrCrypt);
|
---|
1039 | return;
|
---|
1040 | }
|
---|
1041 | d->bytesEncoded += enc;
|
---|
1042 | if(more)
|
---|
1043 | d->tryMore = true;
|
---|
1044 | d->appendArray(&d->to_net, a);
|
---|
1045 | }
|
---|
1046 | }
|
---|
1047 | if(!d->from_net.isEmpty() || force_read) {
|
---|
1048 | QByteArray a, b;
|
---|
1049 | bool ok = d->c->decode(d->from_net, &a, &b);
|
---|
1050 | eof = d->c->eof();
|
---|
1051 | d->from_net.resize(0);
|
---|
1052 | if(!ok) {
|
---|
1053 | reset();
|
---|
1054 | error(ErrCrypt);
|
---|
1055 | return;
|
---|
1056 | }
|
---|
1057 | d->appendArray(&d->in, a);
|
---|
1058 | d->appendArray(&d->to_net, b);
|
---|
1059 | }
|
---|
1060 |
|
---|
1061 | if(!d->in.isEmpty()) {
|
---|
1062 | readyRead();
|
---|
1063 | if(!self)
|
---|
1064 | return;
|
---|
1065 | }
|
---|
1066 | }
|
---|
1067 | }
|
---|
1068 |
|
---|
1069 | if(!d->to_net.isEmpty()) {
|
---|
1070 | int bytes = d->bytesEncoded;
|
---|
1071 | d->bytesEncoded = 0;
|
---|
1072 | readyReadOutgoing(bytes);
|
---|
1073 | if(!self)
|
---|
1074 | return;
|
---|
1075 | }
|
---|
1076 |
|
---|
1077 | if(eof) {
|
---|
1078 | close();
|
---|
1079 | if(!self)
|
---|
1080 | return;
|
---|
1081 | return;
|
---|
1082 | }
|
---|
1083 |
|
---|
1084 | if(d->closing && done) {
|
---|
1085 | reset();
|
---|
1086 | closed();
|
---|
1087 | }
|
---|
1088 | }
|
---|
1089 |
|
---|
1090 |
|
---|
1091 | //----------------------------------------------------------------------------
|
---|
1092 | // SASL
|
---|
1093 | //----------------------------------------------------------------------------
|
---|
1094 | QString saslappname = "qca";
|
---|
1095 | class SASL::Private
|
---|
1096 | {
|
---|
1097 | public:
|
---|
1098 | Private()
|
---|
1099 | {
|
---|
1100 | c = (QCA_SASLContext *)getContext(CAP_SASL);
|
---|
1101 | }
|
---|
1102 |
|
---|
1103 | ~Private()
|
---|
1104 | {
|
---|
1105 | delete c;
|
---|
1106 | }
|
---|
1107 |
|
---|
1108 | void setSecurityProps()
|
---|
1109 | {
|
---|
1110 | c->setSecurityProps(noPlain, noActive, noDict, noAnon, reqForward, reqCreds, reqMutual, ssfmin, ssfmax, ext_authid, ext_ssf);
|
---|
1111 | }
|
---|
1112 |
|
---|
1113 | // security opts
|
---|
1114 | bool noPlain, noActive, noDict, noAnon, reqForward, reqCreds, reqMutual;
|
---|
1115 | int ssfmin, ssfmax;
|
---|
1116 | QString ext_authid;
|
---|
1117 | int ext_ssf;
|
---|
1118 |
|
---|
1119 | bool tried;
|
---|
1120 | QCA_SASLContext *c;
|
---|
1121 | QHostAddress localAddr, remoteAddr;
|
---|
1122 | int localPort, remotePort;
|
---|
1123 | QByteArray stepData;
|
---|
1124 | bool allowCSF;
|
---|
1125 | bool first, server;
|
---|
1126 |
|
---|
1127 | QByteArray inbuf, outbuf;
|
---|
1128 | };
|
---|
1129 |
|
---|
1130 | SASL::SASL(QObject *parent)
|
---|
1131 | :QObject(parent)
|
---|
1132 | {
|
---|
1133 | d = new Private;
|
---|
1134 | reset();
|
---|
1135 | }
|
---|
1136 |
|
---|
1137 | SASL::~SASL()
|
---|
1138 | {
|
---|
1139 | delete d;
|
---|
1140 | }
|
---|
1141 |
|
---|
1142 | void SASL::setAppName(const QString &name)
|
---|
1143 | {
|
---|
1144 | saslappname = name;
|
---|
1145 | }
|
---|
1146 |
|
---|
1147 | void SASL::reset()
|
---|
1148 | {
|
---|
1149 | d->localPort = -1;
|
---|
1150 | d->remotePort = -1;
|
---|
1151 |
|
---|
1152 | d->noPlain = false;
|
---|
1153 | d->noActive = false;
|
---|
1154 | d->noDict = false;
|
---|
1155 | d->noAnon = false;
|
---|
1156 | d->reqForward = false;
|
---|
1157 | d->reqCreds = false;
|
---|
1158 | d->reqMutual = false;
|
---|
1159 | d->ssfmin = 0;
|
---|
1160 | d->ssfmax = 0;
|
---|
1161 | d->ext_authid = "";
|
---|
1162 | d->ext_ssf = 0;
|
---|
1163 |
|
---|
1164 | d->inbuf.resize(0);
|
---|
1165 | d->outbuf.resize(0);
|
---|
1166 |
|
---|
1167 | d->c->reset();
|
---|
1168 | }
|
---|
1169 |
|
---|
1170 | int SASL::errorCondition() const
|
---|
1171 | {
|
---|
1172 | return d->c->errorCond();
|
---|
1173 | }
|
---|
1174 |
|
---|
1175 | void SASL::setAllowPlain(bool b)
|
---|
1176 | {
|
---|
1177 | d->noPlain = !b;
|
---|
1178 | }
|
---|
1179 |
|
---|
1180 | void SASL::setAllowAnonymous(bool b)
|
---|
1181 | {
|
---|
1182 | d->noAnon = !b;
|
---|
1183 | }
|
---|
1184 |
|
---|
1185 | void SASL::setAllowActiveVulnerable(bool b)
|
---|
1186 | {
|
---|
1187 | d->noActive = !b;
|
---|
1188 | }
|
---|
1189 |
|
---|
1190 | void SASL::setAllowDictionaryVulnerable(bool b)
|
---|
1191 | {
|
---|
1192 | d->noDict = !b;
|
---|
1193 | }
|
---|
1194 |
|
---|
1195 | void SASL::setRequireForwardSecrecy(bool b)
|
---|
1196 | {
|
---|
1197 | d->reqForward = b;
|
---|
1198 | }
|
---|
1199 |
|
---|
1200 | void SASL::setRequirePassCredentials(bool b)
|
---|
1201 | {
|
---|
1202 | d->reqCreds = b;
|
---|
1203 | }
|
---|
1204 |
|
---|
1205 | void SASL::setRequireMutualAuth(bool b)
|
---|
1206 | {
|
---|
1207 | d->reqMutual = b;
|
---|
1208 | }
|
---|
1209 |
|
---|
1210 | void SASL::setMinimumSSF(int x)
|
---|
1211 | {
|
---|
1212 | d->ssfmin = x;
|
---|
1213 | }
|
---|
1214 |
|
---|
1215 | void SASL::setMaximumSSF(int x)
|
---|
1216 | {
|
---|
1217 | d->ssfmax = x;
|
---|
1218 | }
|
---|
1219 |
|
---|
1220 | void SASL::setExternalAuthID(const QString &authid)
|
---|
1221 | {
|
---|
1222 | d->ext_authid = authid;
|
---|
1223 | }
|
---|
1224 |
|
---|
1225 | void SASL::setExternalSSF(int x)
|
---|
1226 | {
|
---|
1227 | d->ext_ssf = x;
|
---|
1228 | }
|
---|
1229 |
|
---|
1230 | void SASL::setLocalAddr(const QHostAddress &addr, Q_UINT16 port)
|
---|
1231 | {
|
---|
1232 | d->localAddr = addr;
|
---|
1233 | d->localPort = port;
|
---|
1234 | }
|
---|
1235 |
|
---|
1236 | void SASL::setRemoteAddr(const QHostAddress &addr, Q_UINT16 port)
|
---|
1237 | {
|
---|
1238 | d->remoteAddr = addr;
|
---|
1239 | d->remotePort = port;
|
---|
1240 | }
|
---|
1241 |
|
---|
1242 | bool SASL::startClient(const QString &service, const QString &host, const QStringList &mechlist, bool allowClientSendFirst)
|
---|
1243 | {
|
---|
1244 | QCA_SASLHostPort la, ra;
|
---|
1245 | if(d->localPort != -1) {
|
---|
1246 | la.addr = d->localAddr;
|
---|
1247 | la.port = d->localPort;
|
---|
1248 | }
|
---|
1249 | if(d->remotePort != -1) {
|
---|
1250 | ra.addr = d->remoteAddr;
|
---|
1251 | ra.port = d->remotePort;
|
---|
1252 | }
|
---|
1253 |
|
---|
1254 | d->allowCSF = allowClientSendFirst;
|
---|
1255 | d->c->setCoreProps(service, host, d->localPort != -1 ? &la : 0, d->remotePort != -1 ? &ra : 0);
|
---|
1256 | d->setSecurityProps();
|
---|
1257 |
|
---|
1258 | if(!d->c->clientStart(mechlist))
|
---|
1259 | return false;
|
---|
1260 | d->first = true;
|
---|
1261 | d->server = false;
|
---|
1262 | d->tried = false;
|
---|
1263 | QTimer::singleShot(0, this, SLOT(tryAgain()));
|
---|
1264 | return true;
|
---|
1265 | }
|
---|
1266 |
|
---|
1267 | bool SASL::startServer(const QString &service, const QString &host, const QString &realm, QStringList *mechlist)
|
---|
1268 | {
|
---|
1269 | QCA_SASLHostPort la, ra;
|
---|
1270 | if(d->localPort != -1) {
|
---|
1271 | la.addr = d->localAddr;
|
---|
1272 | la.port = d->localPort;
|
---|
1273 | }
|
---|
1274 | if(d->remotePort != -1) {
|
---|
1275 | ra.addr = d->remoteAddr;
|
---|
1276 | ra.port = d->remotePort;
|
---|
1277 | }
|
---|
1278 |
|
---|
1279 | d->c->setCoreProps(service, host, d->localPort != -1 ? &la : 0, d->remotePort != -1 ? &ra : 0);
|
---|
1280 | d->setSecurityProps();
|
---|
1281 |
|
---|
1282 | if(!d->c->serverStart(realm, mechlist, saslappname))
|
---|
1283 | return false;
|
---|
1284 | d->first = true;
|
---|
1285 | d->server = true;
|
---|
1286 | d->tried = false;
|
---|
1287 | return true;
|
---|
1288 | }
|
---|
1289 |
|
---|
1290 | void SASL::putServerFirstStep(const QString &mech)
|
---|
1291 | {
|
---|
1292 | int r = d->c->serverFirstStep(mech, 0);
|
---|
1293 | handleServerFirstStep(r);
|
---|
1294 | }
|
---|
1295 |
|
---|
1296 | void SASL::putServerFirstStep(const QString &mech, const QByteArray &clientInit)
|
---|
1297 | {
|
---|
1298 | int r = d->c->serverFirstStep(mech, &clientInit);
|
---|
1299 | handleServerFirstStep(r);
|
---|
1300 | }
|
---|
1301 |
|
---|
1302 | void SASL::handleServerFirstStep(int r)
|
---|
1303 | {
|
---|
1304 | if(r == QCA_SASLContext::Success)
|
---|
1305 | authenticated();
|
---|
1306 | else if(r == QCA_SASLContext::Continue)
|
---|
1307 | nextStep(d->c->result());
|
---|
1308 | else if(r == QCA_SASLContext::AuthCheck)
|
---|
1309 | tryAgain();
|
---|
1310 | else
|
---|
1311 | error(ErrAuth);
|
---|
1312 | }
|
---|
1313 |
|
---|
1314 | void SASL::putStep(const QByteArray &stepData)
|
---|
1315 | {
|
---|
1316 | d->stepData = stepData.copy();
|
---|
1317 | tryAgain();
|
---|
1318 | }
|
---|
1319 |
|
---|
1320 | void SASL::setUsername(const QString &user)
|
---|
1321 | {
|
---|
1322 | d->c->setClientParams(&user, 0, 0, 0);
|
---|
1323 | }
|
---|
1324 |
|
---|
1325 | void SASL::setAuthzid(const QString &authzid)
|
---|
1326 | {
|
---|
1327 | d->c->setClientParams(0, &authzid, 0, 0);
|
---|
1328 | }
|
---|
1329 |
|
---|
1330 | void SASL::setPassword(const QString &pass)
|
---|
1331 | {
|
---|
1332 | d->c->setClientParams(0, 0, &pass, 0);
|
---|
1333 | }
|
---|
1334 |
|
---|
1335 | void SASL::setRealm(const QString &realm)
|
---|
1336 | {
|
---|
1337 | d->c->setClientParams(0, 0, 0, &realm);
|
---|
1338 | }
|
---|
1339 |
|
---|
1340 | void SASL::continueAfterParams()
|
---|
1341 | {
|
---|
1342 | tryAgain();
|
---|
1343 | }
|
---|
1344 |
|
---|
1345 | void SASL::continueAfterAuthCheck()
|
---|
1346 | {
|
---|
1347 | tryAgain();
|
---|
1348 | }
|
---|
1349 |
|
---|
1350 | void SASL::tryAgain()
|
---|
1351 | {
|
---|
1352 | int r;
|
---|
1353 |
|
---|
1354 | if(d->server) {
|
---|
1355 | if(!d->tried) {
|
---|
1356 | r = d->c->nextStep(d->stepData);
|
---|
1357 | d->tried = true;
|
---|
1358 | }
|
---|
1359 | else {
|
---|
1360 | r = d->c->tryAgain();
|
---|
1361 | }
|
---|
1362 |
|
---|
1363 | if(r == QCA_SASLContext::Error) {
|
---|
1364 | error(ErrAuth);
|
---|
1365 | return;
|
---|
1366 | }
|
---|
1367 | else if(r == QCA_SASLContext::Continue) {
|
---|
1368 | d->tried = false;
|
---|
1369 | nextStep(d->c->result());
|
---|
1370 | return;
|
---|
1371 | }
|
---|
1372 | else if(r == QCA_SASLContext::AuthCheck) {
|
---|
1373 | authCheck(d->c->username(), d->c->authzid());
|
---|
1374 | return;
|
---|
1375 | }
|
---|
1376 | }
|
---|
1377 | else {
|
---|
1378 | if(d->first) {
|
---|
1379 | if(!d->tried) {
|
---|
1380 | r = d->c->clientFirstStep(d->allowCSF);
|
---|
1381 | d->tried = true;
|
---|
1382 | }
|
---|
1383 | else
|
---|
1384 | r = d->c->tryAgain();
|
---|
1385 |
|
---|
1386 | if(r == QCA_SASLContext::Error) {
|
---|
1387 | error(ErrAuth);
|
---|
1388 | return;
|
---|
1389 | }
|
---|
1390 | else if(r == QCA_SASLContext::NeedParams) {
|
---|
1391 | //d->tried = false;
|
---|
1392 | QCA_SASLNeedParams np = d->c->clientParamsNeeded();
|
---|
1393 | needParams(np.user, np.authzid, np.pass, np.realm);
|
---|
1394 | return;
|
---|
1395 | }
|
---|
1396 |
|
---|
1397 | QString mech = d->c->mech();
|
---|
1398 | const QByteArray *clientInit = d->c->clientInit();
|
---|
1399 |
|
---|
1400 | d->first = false;
|
---|
1401 | d->tried = false;
|
---|
1402 | clientFirstStep(mech, clientInit);
|
---|
1403 | }
|
---|
1404 | else {
|
---|
1405 | if(!d->tried) {
|
---|
1406 | r = d->c->nextStep(d->stepData);
|
---|
1407 | d->tried = true;
|
---|
1408 | }
|
---|
1409 | else
|
---|
1410 | r = d->c->tryAgain();
|
---|
1411 |
|
---|
1412 | if(r == QCA_SASLContext::Error) {
|
---|
1413 | error(ErrAuth);
|
---|
1414 | return;
|
---|
1415 | }
|
---|
1416 | else if(r == QCA_SASLContext::NeedParams) {
|
---|
1417 | //d->tried = false;
|
---|
1418 | QCA_SASLNeedParams np = d->c->clientParamsNeeded();
|
---|
1419 | needParams(np.user, np.authzid, np.pass, np.realm);
|
---|
1420 | return;
|
---|
1421 | }
|
---|
1422 | d->tried = false;
|
---|
1423 | //else if(r == QCA_SASLContext::Continue) {
|
---|
1424 | nextStep(d->c->result());
|
---|
1425 | // return;
|
---|
1426 | //}
|
---|
1427 | }
|
---|
1428 | }
|
---|
1429 |
|
---|
1430 | if(r == QCA_SASLContext::Success)
|
---|
1431 | authenticated();
|
---|
1432 | else if(r == QCA_SASLContext::Error)
|
---|
1433 | error(ErrAuth);
|
---|
1434 | }
|
---|
1435 |
|
---|
1436 | int SASL::ssf() const
|
---|
1437 | {
|
---|
1438 | return d->c->security();
|
---|
1439 | }
|
---|
1440 |
|
---|
1441 | void SASL::write(const QByteArray &a)
|
---|
1442 | {
|
---|
1443 | QByteArray b;
|
---|
1444 | if(!d->c->encode(a, &b)) {
|
---|
1445 | error(ErrCrypt);
|
---|
1446 | return;
|
---|
1447 | }
|
---|
1448 | int oldsize = d->outbuf.size();
|
---|
1449 | d->outbuf.resize(oldsize + b.size());
|
---|
1450 | memcpy(d->outbuf.data() + oldsize, b.data(), b.size());
|
---|
1451 | readyReadOutgoing(a.size());
|
---|
1452 | }
|
---|
1453 |
|
---|
1454 | QByteArray SASL::read()
|
---|
1455 | {
|
---|
1456 | QByteArray a = d->inbuf.copy();
|
---|
1457 | d->inbuf.resize(0);
|
---|
1458 | return a;
|
---|
1459 | }
|
---|
1460 |
|
---|
1461 | void SASL::writeIncoming(const QByteArray &a)
|
---|
1462 | {
|
---|
1463 | QByteArray b;
|
---|
1464 | if(!d->c->decode(a, &b)) {
|
---|
1465 | error(ErrCrypt);
|
---|
1466 | return;
|
---|
1467 | }
|
---|
1468 | int oldsize = d->inbuf.size();
|
---|
1469 | d->inbuf.resize(oldsize + b.size());
|
---|
1470 | memcpy(d->inbuf.data() + oldsize, b.data(), b.size());
|
---|
1471 | readyRead();
|
---|
1472 | }
|
---|
1473 |
|
---|
1474 | QByteArray SASL::readOutgoing()
|
---|
1475 | {
|
---|
1476 | QByteArray a = d->outbuf.copy();
|
---|
1477 | d->outbuf.resize(0);
|
---|
1478 | return a;
|
---|
1479 | }
|
---|