QuasarApp/qca
4
0
Fork 0
mirror of https://github.com/QuasarApp/qca.git synced 2025-05-07 08:19:33 +00:00
Code Issues Projects Releases Wiki Activity

added PBE, moved some enums and C secmem out of qca_core

Browse Source 
svn path=/trunk/kdesupport/qca/; revision=382285
This commit is contained in:
Justin Karneges 2005-01-25 13:01:45 +00:00
parent b9c40d98fc
commit ca4a3a543d
11 changed files with 152 additions and 154 deletions

35
TODO

@ -11,20 +11,20 @@
threading (safety, usability) in API and plugins
smart cards, external keyring drives
it's possible we use QSecureArray in some unnecessary places
don't forget to QCA_EXPORT everything
* finish API:
move secure memory C functions to qca_tools.h
make public C functions to init in qca_tools.h, that qca_core will use
cert/crl: Distinguished Names (Botan has X509_DN)
cert: turn Info into an enum
openpgp: be sure to support key expiration and validity
shortcuts for reading/writing certs, etc, directly to files?
cert: extensions
tls: session reuse
cert fingerprints (sha1 and md5)
cert/csr/crl: path limit, subject/issuer ids (useful for create/validate)
cert/csr: constraints, ex_constraints, policies (same as above)
cert/csr: subjectAltName
crl: issuer info, authority_key_id
tls: session reuse
openpgp: be sure to support key expiration and validity
shortcuts for reading/writing certs, etc, directly to files?
quoted-printable TextFilter
* finish code for APIs:
@ -39,6 +39,15 @@
default provider should have built-in sha1 and md5 (?)
system store: all added certs need to be flagged as trusted
* build system:
on non-win/mac, allow specifying of flatfile store, else install/use built-in
make sure it installs properly
* qt 4 upgrade:
new include styles
use qmake .prf for auto-discovery by applications
use qplugin
* examples
create example for BigInteger
update cipher example (after API sorted out)
@ -51,23 +60,11 @@
qca-openssl: need to implement locking callbacks.
figure out why Valgrind reports so many memory leaks
* consider new APIs:
cert/pkey: fingerprints (is there a standard for this?)
pkey: ability to choose cipher for toDER/PEM passphrase?
personalbundle: cert chain vs cert + trusted certs?
* build system:
on non-win/mac, allow specifying of flatfile store, else install/use built-in
make sure it installs properly
* qt 4 upgrade:
new include styles
use qmake .prf for auto-discovery by applications
use qplugin
* possibilities for the future:
xmldsig
xmlenc (sort of done already in cutestuff/xmlsec, but need to qca-ify)
advanced pgp functionality (full key info and ability to manipulate keyrings)
Key wrapping - RFC3217 and RFC3394
dtls (secure UDP)
aes pbe algos

37
include/QtCrypto/qca_cert.h

@ -24,14 +24,12 @@
#include <qmap.h>
#include "qca_core.h"
#include "qca_publickey.h"
class QDateTime;
namespace QCA
{
class PublicKey;
class PrivateKey;
/**
Certificate Request Format
*/
@ -41,6 +39,39 @@ namespace QCA
CSR_SPKAC ///< Signed Public Key and Challenge (Netscape) format
};
/**
The validity (or otherwise) of a certificate
*/
enum CertValidity
{
Valid, ///< The certificate is valid
Rejected, ///< The root CA rejected the certificate purpose
Untrusted, ///< The certificate is not trusted
SignatureFailed, ///< The signature does not match
InvalidCA, ///< The Certificate Authority is invalid
InvalidPurpose, ///< The purpose does not match the intended usage
SelfSigned, ///< The certificate is self-signed, and is not
///< found in the list of trusted certificates
Revoked, ///< The certificate has been revoked
PathLengthExceeded, ///< The path length from the root CA to this certificate is too long
Expired, ///< The certificate has expired
Unknown ///< Validity is unknown
};
/**
Specify the intended usage of a certificate
*/
enum CertUsage
{
Any = 0x00, ///< Any application, or unspecified
TLSServer = 0x01, ///< server side of a TLS or SSL connection
TLSClient = 0x02, ///< client side of a TLS or SSL connection
CodeSigning = 0x04, ///< code signing certificate
EmailProtection = 0x08, ///< email (S/MIME) certificate
TimeStamping = 0x10, ///< time stamping certificate
CRLSigning = 0x20 ///< certificate revocation list signing certificate
};
// note: in SPKAC mode, all options are ignored except for challenge
class QCA_EXPORT CertificateOptions
{

85
include/QtCrypto/qca_core.h

@ -29,10 +29,6 @@
#include "qca_export.h"
#include "qca_tools.h"
// Direct secure memory access. For interfacing with C libraries if needed.
QCA_EXPORT void *qca_secure_alloc(int bytes);
QCA_EXPORT void qca_secure_free(void *p);
/**
* QCA - the Qt Cryptographic Architecture
*/
@ -105,87 +101,6 @@ namespace QCA
Decode ///< Operate in the "reverse" direction; for example, decrypting
};
enum DL_Group
{
DSA_512,
DSA_768,
DSA_1024,
IETF_768,
IETF_1024,
IETF_1536,
IETF_2048,
IETF_3072,
IETF_4096
};
/**
Encryption algorithms
*/
enum EncAlgo
{
EME_PKCS1v15, ///< Block type 2 (PKCD1, Version 1.5)
EME_PKCS1_OAEP ///< Optimal asymmetric encryption padding (PKCS1, Version 2.0)
};
/**
Signature algorithm variants
*/
enum SignAlgo
{
SignUnknown, ///< Unknown signing algorithm
EMSA1_SHA1, ///< SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186)
EMSA3_SHA1, ///< SHA1, with EMSA3 (ie PKCS1 Version 1.5) encoding
EMSA3_MD5, ///< MD5, with EMSA3 (ie PKCS1 Version 1.5) encoding (this is the usual RSA algorithm)
EMSA3_MD2, ///< MD2, with EMSA3 (ie PKCS1 Version 1.5) encoding
EMSA3_RIPEMD160 ///< RIPEMD160, with EMSA3 (ie PKCS1 Version 1.5) encoding
};
/**
The validity (or otherwise) of a certificate
*/
enum CertValidity
{
Valid, ///< The certificate is valid
Rejected, ///< The root CA rejected the certificate purpose
Untrusted, ///< The certificate is not trusted
SignatureFailed, ///< The signature does not match
InvalidCA, ///< The Certificate Authority is invalid
InvalidPurpose, ///< The purpose does not match the intended usage
SelfSigned, ///< The certificate is self-signed, and is not
///< found in the list of trusted certificates
Revoked, ///< The certificate has been revoked
PathLengthExceeded, ///< The path length from the root CA to this certificate is too long
Expired, ///< The certificate has expired
Unknown ///< Validity is unknown
};
/**
Specify the intended usage of a certificate
*/
enum CertUsage
{
Any = 0x00, ///< Any application, or unspecified
TLSServer = 0x01, ///< server side of a TLS or SSL connection
TLSClient = 0x02, ///< client side of a TLS or SSL connection
CodeSigning = 0x04, ///< code signing certificate
EmailProtection = 0x08, ///< email (S/MIME) certificate
TimeStamping = 0x10, ///< time stamping certificate
CRLSigning = 0x20 ///< certificate revocation list signing certificate
};
/**
* Specify the lower-bound for acceptable TLS/SASL security layers
*/
enum SecurityLevel
{
SL_None, ///< indicates that no security is ok
SL_Integrity, ///< must at least get integrity protection
SL_Export, ///< must be export level bits or more
SL_Baseline, ///< must be 128 bit or more
SL_High, ///< must be more than 128 bit
SL_Highest ///< SL_High or max possible, whichever is greater
};
/**
* Initialise %QCA.
* This call is not normally required, because it is cleaner

49
include/QtCrypto/qca_publickey.h

@ -37,6 +37,51 @@ namespace QCA
class DHPublicKey;
class DHPrivateKey;
enum DL_Group
{
DSA_512,
DSA_768,
DSA_1024,
IETF_768,
IETF_1024,
IETF_1536,
IETF_2048,
IETF_3072,
IETF_4096
};
/**
Encryption algorithms
*/
enum EncAlgo
{
EME_PKCS1v15, ///< Block type 2 (PKCD1, Version 1.5)
EME_PKCS1_OAEP ///< Optimal asymmetric encryption padding (PKCS1, Version 2.0)
};
/**
Signature algorithm variants
*/
enum SignAlgo
{
SignUnknown, ///< Unknown signing algorithm
EMSA1_SHA1, ///< SHA1, with EMSA1 (IEEE1363-2000) encoding (this is the usual DSA algorithm - FIPS186)
EMSA3_SHA1, ///< SHA1, with EMSA3 (ie PKCS1 Version 1.5) encoding
EMSA3_MD5, ///< MD5, with EMSA3 (ie PKCS1 Version 1.5) encoding (this is the usual RSA algorithm)
EMSA3_MD2, ///< MD2, with EMSA3 (ie PKCS1 Version 1.5) encoding
EMSA3_RIPEMD160 ///< RIPEMD160, with EMSA3 (ie PKCS1 Version 1.5) encoding
};
/**
Password-based encryption
*/
enum PBEAlgo
{
PBEDefault, ///< Use modern default (same as PBE2_TripleDES_SHA1)
PBE2_DES_SHA1, ///< PKCS#5 v2.0 DES/CBC/SHA1
PBE2_TripleDES_SHA1 ///< PKCS#5 v2.0 TripleDES/CBC/SHA1
};
class QCA_EXPORT PKey : public Algorithm
{
public:
@ -137,8 +182,8 @@ namespace QCA
SymmetricKey deriveKey(const PublicKey &theirs);
// import / export
QSecureArray toDER(const QSecureArray &passphrase = QSecureArray() ) const;
QString toPEM(const QSecureArray &passphrase = QSecureArray() ) const;
QSecureArray toDER(const QSecureArray &passphrase = QSecureArray(), PBEAlgo pbe = PBEDefault) const;
QString toPEM(const QSecureArray &passphrase = QSecureArray(), PBEAlgo pbe = PBEDefault) const;
static PrivateKey fromDER(const QSecureArray &a, const QSecureArray &passphrase = QSecureArray(), const QString &provider = QString());
static PrivateKey fromPEM(const QString &s, const QSecureArray &passphrase = QSecureArray(), const QString &provider = QString());

18
include/QtCrypto/qca_securelayer.h

@ -24,15 +24,25 @@
#include <qobject.h>
#include "qca_core.h"
#include "qca_publickey.h"
#include "qca_cert.h"
class QHostAddress;
namespace QCA
{
class PrivateKey;
class Certificate;
class CertificateChain;
class Store;
/**
* Specify the lower-bound for acceptable TLS/SASL security layers
*/
enum SecurityLevel
{
SL_None, ///< indicates that no security is ok
SL_Integrity, ///< must at least get integrity protection
SL_Export, ///< must be export level bits or more
SL_Baseline, ///< must be 128 bit or more
SL_High, ///< must be more than 128 bit
SL_Highest ///< SL_High or max possible, whichever is greater
};
// securefilter basic rule: after calling a function that might
// affect something, call others to get the results.

6
include/QtCrypto/qca_securemessage.h

@ -24,15 +24,13 @@
#include <qobject.h>
#include "qca_core.h"
#include "qca_publickey.h"
#include "qca_cert.h"
class QDateTime;
namespace QCA
{
class PrivateKey;
class Certificate;
class CertificateChain;
class Store;
class SecureMessageSystem;
class SecureMessageKey

4
include/QtCrypto/qca_tools.h

@ -26,6 +26,10 @@
#include <qcstring.h>
#include <qstring.h>
// Direct secure memory access. For interfacing with C libraries if needed.
QCA_EXPORT void *qca_secure_alloc(int bytes);
QCA_EXPORT void qca_secure_free(void *p);
/**
\class QSecureArray qca_tools.h QtCrypto

1
include/QtCrypto/qcaprovider.h

@ -28,6 +28,7 @@
#include <qhostaddress.h>
#include "qca_core.h"
#include "qca_basic.h"
#include "qca_cert.h"
#include <limits>

31
src/qca_core.cpp

@ -21,7 +21,6 @@
#include "qca_core.h"
#include <qptrdict.h>
#include "qca_tools.h"
#include "qca_plugin.h"
#include "qca_textfilter.h"
@ -37,8 +36,6 @@ namespace QCA {
// from qca_tools
bool botan_init(int prealloc, bool mmap);
void botan_deinit();
void *botan_secure_alloc(int bytes);
void botan_secure_free(void *p, int bytes);
// from qca_default
Provider *create_default_provider();
@ -48,7 +45,6 @@ Provider *create_default_provider();
//----------------------------------------------------------------------------
static QCA::ProviderManager *manager = 0;
static QCA::Random *global_rng = 0;
static QPtrDict<int> *memtable = 0;
static bool qca_init = false;
static bool qca_secmem = false;
@ -93,9 +89,6 @@ void init(MemoryMode mode, int prealloc)
#endif
}
memtable = new QPtrDict<int>;
memtable->setAutoDelete(true);
manager = new ProviderManager;
manager->setDefault(create_default_provider()); // manager owns it
}
@ -111,9 +104,6 @@ void deinit()
delete manager;
manager = 0;
delete memtable;
memtable = 0;
botan_deinit();
qca_secmem = false;
qca_init = false;
@ -254,27 +244,6 @@ QByteArray hexToArray(const QString &str)
return Hex().stringToArray(str).toByteArray();
}
} // namespace QCA
void *qca_secure_alloc(int bytes)
{
void *p = QCA::botan_secure_alloc(bytes);
QCA::memtable->insert(p, new int(bytes));
return p;
}
void qca_secure_free(void *p)
{
int *bytes = QCA::memtable->find(p);
if(bytes)
{
QCA::botan_secure_free(p, *bytes);
QCA::memtable->remove(p);
}
}
namespace QCA {
Provider::Context *getContext(const QString &type, const QString &provider)
{
init();

6
src/qca_publickey.cpp

@ -396,13 +396,15 @@ SymmetricKey PrivateKey::deriveKey(const PublicKey &theirs)
return ((PKeyContext *)context())->key()->deriveKey(*(theirContext->key()));
}
QSecureArray PrivateKey::toDER(const QSecureArray &passphrase) const
QSecureArray PrivateKey::toDER(const QSecureArray &passphrase, PBEAlgo pbe) const
{
Q_UNUSED(pbe);
return ((PKeyContext *)context())->privateToDER(passphrase);
}
QString PrivateKey::toPEM(const QSecureArray &passphrase) const
QString PrivateKey::toPEM(const QSecureArray &passphrase, PBEAlgo pbe) const
{
Q_UNUSED(pbe);
return ((PKeyContext *)context())->privateToPEM(passphrase);
}

34
src/qca_tools.cpp

@ -19,16 +19,18 @@
*
*/
#include "qtextstream.h"
#include "qca_tools.h"
#include <qptrdict.h>
#include <qtextstream.h>
#ifdef Q_OS_UNIX
# include <stdlib.h>
# include <sys/mman.h>
#endif
#include "botantools/botantools.h"
using namespace QCA;
namespace QCA {
static bool can_lock()
{
@ -55,11 +57,10 @@ static void add_mmap()
#endif
}
namespace QCA {
// Botan shouldn't throw any exceptions in our init/deinit.
static const Botan::SecureAllocator *alloc = 0;
static QPtrDict<int> *memtable = 0;
bool botan_init(int prealloc, bool mmap)
{
@ -88,11 +89,17 @@ bool botan_init(int prealloc, bool mmap)
}
alloc = Botan::get_allocator("default");
memtable = new QPtrDict<int>;
memtable->setAutoDelete(true);
return secmem;
}
void botan_deinit()
{
delete memtable;
memtable = 0;
alloc = 0;
Botan::Init::shutdown_memory_subsystem();
Botan::Init::set_mutex_type(0);
@ -108,8 +115,27 @@ void botan_secure_free(void *p, int bytes)
alloc->deallocate(p, (Botan::u32bit)bytes);
}
} // end namespace QCA
void *qca_secure_alloc(int bytes)
{
void *p = QCA::botan_secure_alloc(bytes);
QCA::memtable->insert(p, new int(bytes));
return p;
}
void qca_secure_free(void *p)
{
int *bytes = QCA::memtable->find(p);
if(bytes)
{
QCA::botan_secure_free(p, *bytes);
QCA::memtable->remove(p);
}
}
using namespace QCA;
//----------------------------------------------------------------------------
// QSecureArray
//----------------------------------------------------------------------------