diff --git a/TODO b/TODO index f8984766..c514e793 100644 --- a/TODO +++ b/TODO @@ -10,7 +10,9 @@ add Base64 add QCA::systemStore() and haveSystemStore() -* Threading consideration (safety, usability) in API and plugins +* Considerations + threading (safety, usability) in API and plugins + smart cards, external keyring drives * finish API: cert/crl: Distinguished Names (Botan has X509_DN) @@ -20,6 +22,7 @@ store: ability to combine stores, iterate over certs? openpgp: be sure to support key expiration and validity smime + pkcs12 format support * finish code for APIs: cipher - needs to handling padding diff --git a/include/QtCrypto/qca_securemessage.h b/include/QtCrypto/qca_securemessage.h index c317ce04..639a09f0 100644 --- a/include/QtCrypto/qca_securemessage.h +++ b/include/QtCrypto/qca_securemessage.h @@ -33,11 +33,17 @@ namespace QCA class Certificate; class Store; class SecureMessageSystem; + typedef QValueList CertificateChain; class SecureMessageKey { public: - enum Type { None, PGP, X509 }; + enum Type + { + None, + PGP, + X509 + }; SecureMessageKey(); SecureMessageKey(const SecureMessageKey &from); ~SecureMessageKey(); @@ -52,9 +58,9 @@ namespace QCA void setPGPSecretKey(const QString &id); // x509 - Certificate x509Certificate() const; + CertificateChain x509CertificateChain() const; PrivateKey x509PrivateKey() const; - void setX509Certificate(const Certificate &c); + void setX509CertificateChain(const CertificateChain &c); void setX509PrivateKey(const PrivateKey &k); // generic @@ -72,32 +78,67 @@ namespace QCA { Q_OBJECT public: - enum Mode { EncryptThenSign, SignThenEncrypt }; - enum Error { ErrBadPassphrase, ErrUnknown }; - enum VerifyResult { VerifyGood, VerifyBad, VerifyNoKey, VerifyError }; + enum Order + { + EncryptThenSign, + SignThenEncrypt + }; + enum Format + { + Binary, // DER/binary + Ascii // PEM/ascii-armored + }; + enum Error + { + ErrPassphrase, // passphrase was either wrong or not provided + ErrFormat, // input format was bad + ErrSigner, // signing key is expired or invalid + ErrUnknown // other error + }; + enum VerifyResult + { + Valid, // indentity is verified, matches signature + Invalid, // valid key provided, but signature failed + BadKey, // invalid key provided + NoKey, // identity unknown + }; SecureMessage(SecureMessageSystem *system); ~SecureMessage(); - bool canEncryptMultiple() const; // can smime do multiple? - void encrypt(const QSecureArray &in, const SecureMessageKey &key); - void encrypt(const QSecureArray &in, const SecureMessageKeyList &keys); - void encryptAndSign(const QSecureArray &in, const SecureMessageKey &key, const SecureMessageKey &signer, Mode m = EncryptThenSign); - void encryptAndSign(const QSecureArray &in, const SecureMessageKeyList &keys, const SecureMessageKey &signer, Mode m = EncryptThenSign); - void decrypt(const QString &in); - void sign(const QSecureArray &in, const SecureMessageKey &signer); - void verify(const QSecureArray &in, const QString &sig); + bool canSignMultiple() const; // PGP can't sign multiple + void setEnableBundleSigner(bool); // Bundle S/MIME certificate chain (default true) + void setFormat(Format f); // (default Binary) + void setRecipient(const SecureMessageKey &key); + void setRecipients(const SecureMessageKeyList &keys); + void setSigner(const SecureMessageKey &key); + void setSigners(const SecureMessageKeyList &keys); + + void startEncrypt(); + void startDecrypt(); + void startSign(bool detachedSignature = true); + void startVerify(const QSecureArray &sig = QSecureArray()); + void startEncryptAndSign(Order o = EncryptThenSign); + void startDecryptAndVerify(Order o = EncryptThenSign); + void update(const QSecureArray &in); + QSecureArray read(int size = -1); + int bytesAvailable() const; + void end(); bool waitForFinished(); bool success() const; Error errorCode() const; - QString encrypted() const; - QSecureArray decrypted() const; - QString signature() const; + + // sign + QSecureArray signature() const; + + // verify + VerifyResult verifyResult() const; + CertValidity keyValidity() const; SecureMessageKey key() const; QDateTime timestamp() const; - VerifyResult verifyResult(); signals: + void readyRead(); void finished(); public: @@ -141,6 +182,7 @@ namespace QCA ~SMIME(); void setStore(const Store &store); + void setPrivateKeys(const QValueList &keys); }; } diff --git a/src/qca_securemessage.cpp b/src/qca_securemessage.cpp index 8530e86d..ec69093f 100644 --- a/src/qca_securemessage.cpp +++ b/src/qca_securemessage.cpp @@ -75,9 +75,9 @@ void SecureMessageKey::setPGPSecretKey(const QString &id) Q_UNUSED(id); } -Certificate SecureMessageKey::x509Certificate() const +CertificateChain SecureMessageKey::x509CertificateChain() const { - return Certificate(); + return CertificateChain(); } PrivateKey SecureMessageKey::x509PrivateKey() const @@ -85,7 +85,7 @@ PrivateKey SecureMessageKey::x509PrivateKey() const return PrivateKey(); } -void SecureMessageKey::setX509Certificate(const Certificate &c) +void SecureMessageKey::setX509CertificateChain(const CertificateChain &c) { Q_UNUSED(c); } @@ -122,12 +122,7 @@ SecureMessage::~SecureMessage() { } -bool SecureMessage::canEncryptMultiple() const -{ - return false; -} - -void SecureMessage::encrypt(const QSecureArray &in, const SecureMessageKey &key) +/*void SecureMessage::encrypt(const QSecureArray &in, const SecureMessageKey &key) { Q_UNUSED(in); Q_UNUSED(key); @@ -170,6 +165,89 @@ void SecureMessage::verify(const QSecureArray &in, const QString &sig) { Q_UNUSED(in); Q_UNUSED(sig); +}*/ + +bool SecureMessage::canSignMultiple() const +{ + return false; +} + +void SecureMessage::setEnableBundleSigner(bool b) +{ + Q_UNUSED(b); +} + +void SecureMessage::setFormat(Format f) +{ + Q_UNUSED(f); +} + +void SecureMessage::setRecipient(const SecureMessageKey &key) +{ + Q_UNUSED(key); +} + +void SecureMessage::setRecipients(const SecureMessageKeyList &keys) +{ + Q_UNUSED(keys); +} + +void SecureMessage::setSigner(const SecureMessageKey &key) +{ + Q_UNUSED(key); +} + +void SecureMessage::setSigners(const SecureMessageKeyList &keys) +{ + Q_UNUSED(keys); +} + +void SecureMessage::startEncrypt() +{ +} + +void SecureMessage::startDecrypt() +{ +} + +void SecureMessage::startSign(bool detachedSignature) +{ + Q_UNUSED(detachedSignature); +} + +void SecureMessage::startVerify(const QSecureArray &sig) +{ + Q_UNUSED(sig); +} + +void SecureMessage::startEncryptAndSign(Order o) +{ + Q_UNUSED(o); +} + +void SecureMessage::startDecryptAndVerify(Order o) +{ + Q_UNUSED(o); +} + +void SecureMessage::update(const QSecureArray &in) +{ + Q_UNUSED(in); +} + +QSecureArray SecureMessage::read(int size) +{ + Q_UNUSED(size); + return QSecureArray(); +} + +int SecureMessage::bytesAvailable() const +{ + return 0; +} + +void SecureMessage::end() +{ } bool SecureMessage::waitForFinished() @@ -187,19 +265,19 @@ SecureMessage::Error SecureMessage::errorCode() const return ErrUnknown; } -QString SecureMessage::encrypted() const -{ - return QString(); -} - -QSecureArray SecureMessage::decrypted() const +QSecureArray SecureMessage::signature() const { return QSecureArray(); } -QString SecureMessage::signature() const +SecureMessage::VerifyResult SecureMessage::verifyResult() const { - return QString(); + return Invalid; +} + +CertValidity SecureMessage::keyValidity() const +{ + return QCA::Valid; } SecureMessageKey SecureMessage::key() const @@ -212,11 +290,6 @@ QDateTime SecureMessage::timestamp() const return QDateTime(); } -SecureMessage::VerifyResult SecureMessage::verifyResult() -{ - return VerifyError; -} - //---------------------------------------------------------------------------- // SecureMessageSystem //---------------------------------------------------------------------------- @@ -277,4 +350,9 @@ void SMIME::setStore(const Store &store) Q_UNUSED(store); } +void SMIME::setPrivateKeys(const QValueList &keys) +{ + Q_UNUSED(keys); +} + }