mirror of
https://github.com/QuasarApp/qca.git
synced 2025-04-27 03:54:31 +00:00
818 lines
26 KiB
C++
818 lines
26 KiB
C++
/*
|
|
* qca_basic.h - Qt Cryptographic Architecture
|
|
* Copyright (C) 2003-2005 Justin Karneges <justin@affinix.com>
|
|
* Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
|
*
|
|
*/
|
|
|
|
/**
|
|
\file qca_basic.h
|
|
|
|
Header file for classes for cryptographic primitives (basic operations)
|
|
|
|
\note You should not use this header directly from an
|
|
application. You should just use <tt> \#include \<QtCrypto>
|
|
</tt> instead.
|
|
*/
|
|
|
|
#ifndef QCA_BASIC_H
|
|
#define QCA_BASIC_H
|
|
|
|
#include "qca_core.h"
|
|
|
|
namespace QCA
|
|
{
|
|
/**
|
|
\class Random qca_basic.h QtCrypto
|
|
|
|
Source of random numbers
|
|
|
|
QCA provides a built in source of random numbers, which
|
|
can be accessed through this class. You can also use
|
|
an alternative random number source, by implementing
|
|
another provider.
|
|
|
|
The normal use of this class is expected to be through the
|
|
static members - randomChar(), randomInt() and randomArray().
|
|
*/
|
|
class QCA_EXPORT Random : public Algorithm
|
|
{
|
|
public:
|
|
/**
|
|
* Standard Constructor
|
|
*
|
|
* \param provider the provider library for the random
|
|
* number generation
|
|
*/
|
|
Random(const QString &provider = QString());
|
|
|
|
/**
|
|
* Provide a random byte.
|
|
*
|
|
* This method isn't normally required - you should use
|
|
* the static randomChar() method instead.
|
|
*
|
|
* \sa randomChar
|
|
*/
|
|
uchar nextByte();
|
|
|
|
/**
|
|
* Provide a specified number of random bytes
|
|
*
|
|
* This method isn't normally required - you should use
|
|
* the static randomArray() method instead.
|
|
*
|
|
* \param size the number of bytes to provide
|
|
*
|
|
* \sa randomArray
|
|
*/
|
|
SecureArray nextBytes(int size);
|
|
|
|
/**
|
|
* Provide a random character (byte)
|
|
*
|
|
* This is the normal way of obtaining a single random char
|
|
* (ie. 8 bit byte), as shown below:
|
|
* \code
|
|
* myRandomChar = QCA::Random::randomChar();
|
|
* \endcode
|
|
*
|
|
* If you need a number of bytes, perhaps randomArray() may be of use
|
|
*/
|
|
static uchar randomChar();
|
|
|
|
/**
|
|
* Provide a random integer
|
|
*
|
|
* This is the normal way of obtaining a single random integer,
|
|
* as shown below:
|
|
* \code
|
|
* myRandomInt = QCA::Random::randomInt();
|
|
* \endcode
|
|
*/
|
|
static int randomInt();
|
|
|
|
/**
|
|
* Provide a specified number of random bytes
|
|
*
|
|
* \code
|
|
* // build a 30 byte secure array.
|
|
* SecureArray arry = QCA::Random::randomArray(30);
|
|
* \endcode
|
|
*
|
|
* \param size the number of bytes to provide
|
|
*/
|
|
static SecureArray randomArray(int size);
|
|
};
|
|
|
|
/**
|
|
\class Hash qca_basic.h QtCrypto
|
|
|
|
General class for hashing algorithms.
|
|
|
|
Hash is the class for the various hashing algorithms
|
|
within %QCA. SHA256, SHA1 or RIPEMD160 are recommended for
|
|
new applications, although MD2, MD4, MD5 or SHA0 may be
|
|
applicable (for interoperability reasons) for some
|
|
applications.
|
|
|
|
To perform a hash, you create a Hash object, call update()
|
|
with the data that needs to be hashed, and then call
|
|
final(), which returns a QByteArray of the hash result. An
|
|
example (using the SHA1 hash, with 1000 updates of a 1000
|
|
byte string) is shown below:
|
|
|
|
\code
|
|
if(!QCA::isSupported("sha1"))
|
|
printf("SHA1 not supported!\n");
|
|
else {
|
|
QByteArray fillerString;
|
|
fillerString.fill('a', 1000);
|
|
|
|
QCA::Hash shaHash("sha1");
|
|
for (int i=0; i<1000; i++)
|
|
shaHash.update(fillerString);
|
|
QByteArray hashResult = shaHash.final();
|
|
if ( "34aa973cd4c4daa4f61eeb2bdbad27316534016f" == QCA::arrayToHex(hashResult) ) {
|
|
printf("big SHA1 is OK\n");
|
|
} else {
|
|
printf("big SHA1 failed\n");
|
|
}
|
|
}
|
|
\endcode
|
|
|
|
If you only have a simple hash requirement - a single
|
|
string that is fully available in memory at one time - then
|
|
you may be better off with one of the convenience
|
|
methods. So, for example, instead of creating a QCA::Hash
|
|
object, then doing a single update() and the final() call;
|
|
you could simply call QCA::Hash("algoName").hash() with the
|
|
data that you would otherwise have provided to the update()
|
|
call.
|
|
*/
|
|
class QCA_EXPORT Hash : public Algorithm, public BufferedComputation
|
|
{
|
|
public:
|
|
/**
|
|
* Constructor
|
|
*
|
|
* \param type label for the type of hash to be
|
|
* created (eg "sha1" or "md2")
|
|
* \param provider the name of the provider plugin
|
|
* for the subclass (eg "qca-openssl")
|
|
*/
|
|
Hash(const QString &type, const QString &provider = QString());
|
|
|
|
/**
|
|
* Reset a hash, dumping all previous parts of the
|
|
* message.
|
|
*
|
|
* This method clears (or resets) the hash algorithm,
|
|
* effectively undoing any previous update()
|
|
* calls. You should use this call if you are re-using
|
|
* a Hash sub-class object to calculate additional
|
|
* hashes.
|
|
*/
|
|
virtual void clear();
|
|
|
|
/**
|
|
* Update a hash, adding more of the message contents
|
|
* to the digest. The whole message needs to be added
|
|
* using this method before you call final().
|
|
*
|
|
* If you find yourself only calling update() once,
|
|
* you may be better off using a convenience method
|
|
* such as hash() or hashToString() instead.
|
|
*
|
|
* \param a the byte array to add to the hash
|
|
*/
|
|
virtual void update(const SecureArray &a);
|
|
|
|
/**
|
|
* \overload
|
|
*
|
|
* \param a the QByteArray to add to the hash
|
|
*/
|
|
virtual void update(const QByteArray &a);
|
|
|
|
/**
|
|
* \overload
|
|
*
|
|
* This method is provided to assist with code that
|
|
* already exists, and is being ported to %QCA. You are
|
|
* better off passing a SecureArray (as shown above)
|
|
* if you are writing new code.
|
|
*
|
|
* \param data pointer to a char array
|
|
* \param len the length of the array. If not specified
|
|
* (or specified as a negative number), the length will be
|
|
* determined with strlen(), which may not be what you want
|
|
* if the array contains a null (0x00) character.
|
|
*/
|
|
virtual void update(const char *data, int len = -1);
|
|
|
|
/**
|
|
* \overload
|
|
*
|
|
* This allows you to read from a file or other
|
|
* I/O device. Note that the device must be already
|
|
* open for reading
|
|
*
|
|
* \param file an I/O device
|
|
*
|
|
* If you are trying to calculate the hash of
|
|
* a whole file (and it isn't already open), you
|
|
* might want to use code like this:
|
|
* \code
|
|
* QFile f( "file.dat" );
|
|
* if ( f1.open( IO_ReadOnly ) ) {
|
|
* QCA::Hash hashObj("sha1");
|
|
* hashObj.update( f1 );
|
|
* QString output = hashObj.final() ) ),
|
|
* }
|
|
* \endcode
|
|
*/
|
|
virtual void update(QIODevice &file);
|
|
|
|
/**
|
|
* Finalises input and returns the hash result
|
|
*
|
|
* After calling update() with the required data, the
|
|
* hash results are finalised and produced.
|
|
*
|
|
* Note that it is not possible to add further data (with
|
|
* update()) after calling final(), because of the way
|
|
* the hashing works - null bytes are inserted to pad
|
|
* the results up to a fixed size. If you want to
|
|
* reuse the Hash object, you should call clear() and
|
|
* start to update() again.
|
|
*/
|
|
virtual SecureArray final();
|
|
|
|
/**
|
|
* %Hash a byte array, returning it as another
|
|
* byte array.
|
|
*
|
|
* This is a convenience method that returns the
|
|
* hash of a SecureArray.
|
|
*
|
|
* \code
|
|
* SecureArray sampleArray(3);
|
|
* sampleArray.fill('a');
|
|
* SecureArray outputArray = QCA::Hash("md2")::hash(sampleArray);
|
|
* \endcode
|
|
*
|
|
* \param array the QByteArray to hash
|
|
*
|
|
* If you need more flexibility (e.g. you are constructing
|
|
* a large byte array object just to pass it to hash(), then
|
|
* consider creating an Hash object, and then calling
|
|
* update() and final().
|
|
*/
|
|
SecureArray hash(const SecureArray &array);
|
|
|
|
/**
|
|
* %Hash a byte array, returning it as a printable
|
|
* string
|
|
*
|
|
* This is a convenience method that returns the
|
|
* hash of a QSeecureArray as a hexadecimal
|
|
* representation encoded in a QString.
|
|
*
|
|
* \param array the QByteArray to hash
|
|
*
|
|
* If you need more flexibility, you can create a Hash
|
|
* object, call Hash::update() as required, then call
|
|
* Hash::final(), before using the static arrayToHex() method.
|
|
*/
|
|
QString hashToString(const SecureArray &array);
|
|
};
|
|
|
|
/** \page hashing Hashing Algorithms
|
|
|
|
There are a range of hashing algorithms available in
|
|
%QCA. Hashing algorithms are used with the Hash and
|
|
MessageAuthenticationCode classes.
|
|
|
|
The MD2 algorithm takes an arbitrary data stream, known as the
|
|
message and outputs a condensed 128 bit (16 byte)
|
|
representation of that data stream, known as the message
|
|
digest. This algorithm is considered slightly more secure than MD5,
|
|
but is more expensive to compute. Unless backward
|
|
compatibility or interoperability are considerations, you
|
|
are better off using the SHA1 or RIPEMD160 hashing algorithms.
|
|
For more information on %MD2, see B. Kalinski RFC1319 "The %MD2
|
|
Message-Digest Algorithm". The label for MD2 is "md2".
|
|
|
|
The MD4 algorithm takes an arbitrary data stream, known as the
|
|
message and outputs a condensed 128 bit (16 byte)
|
|
representation of that data stream, known as the message
|
|
digest. MD4 is not considered to be secure, based on
|
|
known attacks. It should only be used for applications where
|
|
collision attacks are not a consideration (for example, as
|
|
used in the rsync algorithm for fingerprinting blocks of
|
|
data). If a secure hash is required, you are better off using
|
|
the SHA1 or RIPEMD160 hashing algorithms. MD2 and MD5 are both
|
|
stronger 128 bit hashes. For more information on MD4, see
|
|
R. Rivest RFC1320 "The %MD4 Message-Digest Algorithm". The
|
|
label for MD4 is "md4".
|
|
|
|
The MD5 takes an arbitrary data stream, known as the message
|
|
and outputs a condensed 128 bit (16 byte) representation of
|
|
that data stream, known as the message digest. MD5 is not
|
|
considered to be secure, based on known attacks. It should
|
|
only be used for applications where collision attacks are not
|
|
a consideration. If a secure hash is required, you are better
|
|
off using the SHA1 or RIPEMD160 hashing algorithms. For more
|
|
information on MD5, see R. Rivest RFC1321 "The %MD5
|
|
Message-Digest Algorithm". The label for MD5 is "md5".
|
|
|
|
The RIPEMD160 algorithm takes an arbitrary data stream, known
|
|
as the message (up to \f$2^{64}\f$ bits in length) and outputs
|
|
a condensed 160 bit (20 byte) representation of that data
|
|
stream, known as the message digest. The RIPEMD160 algorithm
|
|
is considered secure in that it is considered computationally
|
|
infeasible to find the message that produced the message
|
|
digest. The label for RIPEMD160 is "ripemd160".
|
|
|
|
The SHA-0 algorithm is a 160 bit hashing function, no longer
|
|
recommended for new applications because of known (partial)
|
|
attacks against it. The label for SHA-0 is "sha0".
|
|
|
|
The SHA-1 algorithm takes an arbitrary data stream, known as
|
|
the message (up to \f$2^{64}\f$ bits in length) and outputs a
|
|
condensed 160 bit (20 byte) representation of that data
|
|
stream, known as the message digest. SHA-1 is considered
|
|
secure in that it is considered computationally infeasible to
|
|
find the message that produced the message digest. For more
|
|
information on the SHA-1 algorithm,, see Federal Information
|
|
Processing Standard Publication 180-2 "Specifications for the
|
|
Secure %Hash Standard", available from
|
|
http://csrc.nist.gov/publications/. The label for SHA-1 is
|
|
"sha1".
|
|
|
|
The SHA-224 algorithm takes an arbitrary data stream, known as
|
|
the message (up to \f$2^{64}\f$ bits in length) and outputs a
|
|
condensed 224 bit (28 byte) representation of that data
|
|
stream, known as the message digest. SHA-224 is a "cut down"
|
|
version of SHA-256, and you may be better off using SHA-256 in
|
|
new designs. The SHA-224 algorithm is considered secure in
|
|
that it is considered computationally infeasible to find the
|
|
message that produced the message digest. For more information
|
|
on SHA-224, see Federal Information Processing Standard
|
|
Publication 180-2 "Specifications for the Secure %Hash
|
|
Standard", with change notice 1, available from
|
|
http://csrc.nist.gov/publications/. The label for SHA-224 is
|
|
"sha224".
|
|
|
|
The SHA-256 algorithm takes an arbitrary data stream, known as
|
|
the message (up to \f$2^{64}\f$ bits in length) and outputs a
|
|
condensed 256 bit (32 byte) representation of that data
|
|
stream, known as the message digest. The SHA-256 algorithm is
|
|
considered secure in that it is considered computationally
|
|
infeasible to find the message that produced the message
|
|
digest. For more information on SHA-256, see Federal
|
|
Information Processing Standard Publication 180-2
|
|
"Specifications for the Secure %Hash Standard", available from
|
|
http://csrc.nist.gov/publications/. The label for SHA-256 is
|
|
"sha256".
|
|
|
|
The SHA-384 algorithm takes an arbitrary data stream, known as
|
|
the message (up to \f$2^{128}\f$ bits in length) and outputs a
|
|
condensed 384 bit (48 byte) representation of that data
|
|
stream, known as the message digest. The SHA-384 algorithm is
|
|
a "cut down" version of SHA-512, and you may be better off
|
|
using SHA-512 in new designs. The SHA-384 algorithm is
|
|
considered secure in that it is considered computationally
|
|
infeasible to find the message that produced the message
|
|
digest. For more information on SHA-384, see Federal
|
|
Information Processing Standard Publication 180-2
|
|
"Specifications for the Secure %Hash Standard", available from
|
|
http://csrc.nist.gov/publications/. The label for SHA-384 is
|
|
"sha384".
|
|
|
|
The SHA-512 algorithm takes an arbitrary data stream, known as
|
|
the message (up to \f$2^{128}\f$ bits in length) and outputs a
|
|
condensed 512 bit (64 byte) representation of that data
|
|
stream, known as the message digest. The SHA-512 algorithm is
|
|
considered secure in that it is considered computationally
|
|
infeasible to find the message that produced the message
|
|
digest. For more information on SHA-512, see Federal
|
|
Information Processing Standard Publication 180-2
|
|
"Specifications for the Secure %Hash Standard", available from
|
|
http://csrc.nist.gov/publications/. The label for SHA-512 is
|
|
"sha512".
|
|
|
|
*/
|
|
|
|
/** \Page padding Padding
|
|
|
|
For those Cipher sub-classes that are block based, there are modes
|
|
that require a full block on encryption and decryption - %Cipher Block
|
|
Chaining mode and Electronic Code Book modes are good examples.
|
|
|
|
Since real world messages are not always a convenient multiple of a
|
|
block size, we have to adding <i>padding</i>. There are a number of
|
|
padding modes that %QCA supports, including not doing any padding
|
|
at all.
|
|
|
|
If you are not going to use padding, then you can pass
|
|
QCA::Cipher::NoPadding as the pad argument to the Cipher sub-class, however
|
|
it is then your responsibility to pass in appropriate data for
|
|
the mode that you are using.
|
|
|
|
The most common padding scheme is known as PKCS#7 (also PKCS#1), and
|
|
it specifies that the pad bytes are all equal to the length of the
|
|
padding ( for example, if you need three pad bytes to complete the block, then
|
|
the padding is 0x03 0x03 0x03 ).
|
|
|
|
On encryption, for algorithm / mode combinations that require
|
|
padding, you will get a block of ciphertext when the input plain text block
|
|
is complete. When you call final(), you will get out the ciphertext that
|
|
corresponds to the last bit of plain text, plus any padding. If you had
|
|
provided plaintext that matched up with a block size, then the cipher
|
|
text block is generated from pure padding - you always get at least some
|
|
padding, to ensure that the padding can be safely removed on decryption.
|
|
|
|
On decryption, for algorithm / mode combinations that use padding,
|
|
you will get back a block of plaintext when the input ciphertext block
|
|
is complete. When you call final(), you will a block that has been stripped
|
|
of ciphertext.
|
|
*/
|
|
|
|
/**
|
|
\class Cipher qca_basic.h QtCrypto
|
|
|
|
General class for cipher (encryption / decryption) algorithms.
|
|
|
|
Cipher is the class for the various algorithms that perform
|
|
low level encryption and decryption within %QCA.
|
|
|
|
AES128, AES192 and AES256 are recommended for new applications.
|
|
|
|
Standard names for ciphers are:
|
|
- Blowfish - "blowfish"
|
|
- TripleDES - "tripledes"
|
|
- DES - "des"
|
|
- AES128 - "aes128"
|
|
- AES192 - "aes192"
|
|
- AES256 - "aes256"
|
|
|
|
*/
|
|
class QCA_EXPORT Cipher : public Algorithm, public Filter
|
|
{
|
|
public:
|
|
/**
|
|
* Mode settings for cipher algorithms
|
|
*/
|
|
enum Mode
|
|
{
|
|
CBC, ///< operate in %Cipher Block Chaining mode
|
|
CFB, ///< operate in %Cipher FeedBack mode
|
|
ECB, ///< operate in Electronic Code Book mode
|
|
OFB ///< operate in Output FeedBack Mode
|
|
};
|
|
|
|
/**
|
|
* Padding variations for cipher algorithms
|
|
*/
|
|
enum Padding
|
|
{
|
|
DefaultPadding, ///< Default for cipher-mode
|
|
NoPadding, ///< Do not use padding
|
|
PKCS7 ///< Pad using the scheme in PKCS#7
|
|
};
|
|
|
|
|
|
/**
|
|
Standard constructor
|
|
|
|
\param type the name of the cipher specialisation to use (e.g. "aes128")
|
|
\param mode the operating Mode to use (e.g. QCA::Cipher::CBC)
|
|
\param pad the type of Padding to use
|
|
\param dir the Direction that this Cipher should use (Encode for encryption, Decode for decryption)
|
|
\param key the SymmetricKey array that is the key
|
|
\param iv the InitializationVector to use (not used for ECB mode)
|
|
\param provider the name of the Provider to use
|
|
|
|
\note Padding only applies to CBC and ECB modes. CFB and OFB ciphertext is always
|
|
the length of the plaintext.
|
|
*/
|
|
Cipher( const QString &type, Mode mode, Padding pad = DefaultPadding,
|
|
Direction dir = Encode, const SymmetricKey &key = SymmetricKey(),
|
|
const InitializationVector &iv = InitializationVector(),
|
|
const QString &provider = QString() );
|
|
|
|
/**
|
|
* Standard copy constructor
|
|
*/
|
|
Cipher(const Cipher &from);
|
|
~Cipher();
|
|
|
|
/**
|
|
Assignment operator
|
|
|
|
\param from the Cipher to copy state from
|
|
*/
|
|
Cipher & operator=(const Cipher &from);
|
|
|
|
/**
|
|
* Return acceptable key lengths
|
|
*/
|
|
KeyLength keyLength() const;
|
|
|
|
/**
|
|
* Test if a key length is valid for the cipher algorithm
|
|
*
|
|
* \param n the key length in bytes
|
|
* \return true if the key would be valid for the current algorithm
|
|
*/
|
|
bool validKeyLength(int n) const;
|
|
|
|
/**
|
|
* return the block size for the cipher object
|
|
*/
|
|
uint blockSize() const;
|
|
|
|
/**
|
|
* reset the cipher object, to allow re-use
|
|
*/
|
|
virtual void clear();
|
|
|
|
/**
|
|
* pass in a byte array of data, which will be encrypted or decrypted
|
|
* (according to the Direction that was set in the constructor or in
|
|
* setup() ) and returned.
|
|
*
|
|
* \param a the array of data to encrypt / decrypt
|
|
*/
|
|
virtual SecureArray update(const SecureArray &a);
|
|
|
|
/**
|
|
* complete the block of data, padding as required, and returning
|
|
* the completed block
|
|
*/
|
|
virtual SecureArray final();
|
|
|
|
/**
|
|
|
|
Test if an update() or final() call succeeded.
|
|
|
|
\return true if the previous call succeeded
|
|
*/
|
|
virtual bool ok() const;
|
|
|
|
/**
|
|
Reset / reconfigure the Cipher
|
|
|
|
You can use this to re-use an existing Cipher, rather than creating a new object
|
|
with a slightly different configuration.
|
|
|
|
\param dir the Direction that this Cipher should use (Encode for encryption, Decode for decryption)
|
|
\param key the SymmetricKey array that is the key
|
|
\param iv the InitializationVector to use
|
|
*/
|
|
void setup(Direction dir, const SymmetricKey &key, const InitializationVector &iv = InitializationVector());
|
|
|
|
/**
|
|
Construct a Cipher type string
|
|
|
|
\param cipherType the name of the algorithm (eg AES128, DES)
|
|
\param modeType the mode to operate the cipher in (eg QCA::CBC, QCA::CFB)
|
|
\param paddingType the padding required (eg QCA::NoPadding, QCA::PCKS7)
|
|
*/
|
|
static QString withAlgorithms(const QString &cipherType, Mode modeType, Padding paddingType);
|
|
|
|
private:
|
|
class Private;
|
|
Private *d;
|
|
};
|
|
|
|
/**
|
|
\class MessageAuthenticationCode qca_basic.h QtCrypto
|
|
|
|
General class for message authentication code (MAC) algorithms.
|
|
|
|
MessageAuthenticationCode is a class for accessing the various
|
|
message authentication code algorithms within %QCA.
|
|
HMAC using SHA1 ("hmac(sha1)") or HMAC using SHA256 ("hmac(sha256)")
|
|
is recommended for new applications.
|
|
|
|
Note that if your application is potentially susceptable to "replay attacks"
|
|
where the message is sent more than once, you should include a counter in
|
|
the message that is covered by the MAC, and check that the counter is always
|
|
incremented every time you receive a message and MAC.
|
|
|
|
For more information on HMAC, see H. Krawczyk et al. RFC2104
|
|
"HMAC: Keyed-Hashing for Message Authentication"
|
|
*/
|
|
class QCA_EXPORT MessageAuthenticationCode : public Algorithm, public BufferedComputation
|
|
{
|
|
public:
|
|
/**
|
|
Standard constructor
|
|
|
|
\param type the name of the MAC (and algorithm, if applicable) to use
|
|
\param key the shared key
|
|
\param provider the provider to use, if a particular provider is required
|
|
*/
|
|
MessageAuthenticationCode(const QString &type,
|
|
const SymmetricKey &key,
|
|
const QString &provider = QString());
|
|
|
|
/**
|
|
* Standard copy constructor
|
|
*/
|
|
MessageAuthenticationCode(const MessageAuthenticationCode &from);
|
|
|
|
~MessageAuthenticationCode();
|
|
|
|
/**
|
|
* Assignment operator.
|
|
*
|
|
* Copies the state (including key) from one MessageAuthenticationCode
|
|
* to another
|
|
*/
|
|
MessageAuthenticationCode & operator=(const MessageAuthenticationCode &from);
|
|
|
|
/**
|
|
* Return acceptable key lengths
|
|
*/
|
|
KeyLength keyLength() const;
|
|
|
|
/**
|
|
* Test if a key length is valid for the MAC algorithm
|
|
*
|
|
* \param n the key length in bytes
|
|
* \return true if the key would be valid for the current algorithm
|
|
*/
|
|
bool validKeyLength(int n) const;
|
|
|
|
/**
|
|
* Reset a MessageAuthenticationCode, dumping all
|
|
* previous parts of the message.
|
|
*
|
|
* This method clears (or resets) the algorithm,
|
|
* effectively undoing any previous update()
|
|
* calls. You should use this call if you are re-using
|
|
* a %MessageAuthenticationCode sub-class object
|
|
* to calculate additional MACs. Note that if the key
|
|
* doesn't need to be changed, you don't need to call
|
|
* setup() again, since the key can just be reused.
|
|
*/
|
|
virtual void clear();
|
|
|
|
/**
|
|
* Update the MAC, adding more of the message contents
|
|
* to the digest. The whole message needs to be added
|
|
* using this method before you call final().
|
|
*
|
|
* \param array the message contents
|
|
*/
|
|
virtual void update(const SecureArray &array);
|
|
|
|
/**
|
|
* Finalises input and returns the MAC result
|
|
*
|
|
* After calling update() with the required data, the
|
|
* hash results are finalised and produced.
|
|
*
|
|
* Note that it is not possible to add further data (with
|
|
* update()) after calling final(). If you want to
|
|
* reuse the %MessageAuthenticationCode object, you
|
|
* should call clear() and start to update() again.
|
|
*/
|
|
virtual SecureArray final();
|
|
|
|
/**
|
|
* Initialise the MAC algorithm.
|
|
*
|
|
* \param key the key to use for the algorithm
|
|
*/
|
|
void setup(const SymmetricKey &key);
|
|
|
|
private:
|
|
class Private;
|
|
Private *d;
|
|
};
|
|
|
|
|
|
/**
|
|
* \class KeyDerivationFunction qca_basic.h QtCrypto
|
|
*
|
|
* General superclass for key derivation algorithms.
|
|
*
|
|
* %KeyDerivationFunction is a superclass for the various
|
|
* key derivation function algorithms within %QCA. You should
|
|
* not need to use it directly unless you are
|
|
* adding another key derivation capability to %QCA - you should be
|
|
* using a sub-class. PBKDF2 using SHA1 is recommended for new applications.
|
|
*/
|
|
class QCA_EXPORT KeyDerivationFunction : public Algorithm
|
|
{
|
|
public:
|
|
/**
|
|
* Standard copy constructor
|
|
*/
|
|
KeyDerivationFunction(const KeyDerivationFunction &from);
|
|
~KeyDerivationFunction();
|
|
|
|
/**
|
|
Assignment operator.
|
|
|
|
Copies the state (including key) from one KeyDerivationFunction
|
|
to another
|
|
*/
|
|
KeyDerivationFunction & operator=(const KeyDerivationFunction &from);
|
|
|
|
/**
|
|
* Generate the key from a specified secret and salt value.
|
|
*
|
|
* \note key length is ignored for some functions
|
|
*
|
|
* \param secret the secret (password or passphrase)
|
|
* \param salt the salt to use
|
|
* \param keyLength the length of key to return
|
|
* \param iterationCount the number of iterations to perform
|
|
*
|
|
* \return the derived key
|
|
*/
|
|
SymmetricKey makeKey(const SecureArray &secret, const InitializationVector &salt, unsigned int keyLength, unsigned int iterationCount);
|
|
|
|
/**
|
|
* Construct the name of the algorithm
|
|
*
|
|
* You can use this to build a standard name string.
|
|
* You probably only need this method if you are
|
|
* creating a new subclass.
|
|
*/
|
|
static QString withAlgorithm(const QString &kdfType, const QString &algType);
|
|
|
|
protected:
|
|
/**
|
|
* Special constructor for subclass initialisation
|
|
*/
|
|
KeyDerivationFunction(const QString &type, const QString &provider);
|
|
|
|
private:
|
|
class Private;
|
|
Private *d;
|
|
};
|
|
|
|
/**
|
|
\class PBKDF1 qca_basic.h QtCrypto
|
|
|
|
Password based key derivation function version 1
|
|
|
|
This class implements Password Based Key Derivation Function version 1,
|
|
as specified in RFC2898, and also in PKCS#5.
|
|
*/
|
|
class QCA_EXPORT PBKDF1 : public KeyDerivationFunction
|
|
{
|
|
public:
|
|
/**
|
|
Standard constructor
|
|
|
|
\param algorithm the name of the hashing algorithm to use
|
|
\param provider the name of the provider to use, if available
|
|
*/
|
|
PBKDF1(const QString &algorithm = "sha1", const QString &provider = QString()) : KeyDerivationFunction(withAlgorithm("pbkdf1", algorithm), provider) {}
|
|
};
|
|
|
|
/**
|
|
\class PBKDF2 qca_basic.h QtCrypto
|
|
|
|
Password based key derivation function version 2
|
|
|
|
This class implements Password Based Key Derivation Function version 2,
|
|
as specified in RFC2898, and also in PKCS#5.
|
|
*/
|
|
class QCA_EXPORT PBKDF2 : public KeyDerivationFunction
|
|
{
|
|
public:
|
|
/**
|
|
Standard constructor
|
|
|
|
\param algorithm the name of the hashing algorithm to use
|
|
\param provider the name of the provider to use, if available
|
|
*/
|
|
PBKDF2(const QString &algorithm = "sha1", const QString &provider = QString()) : KeyDerivationFunction(withAlgorithm("pbkdf2", algorithm), provider) {}
|
|
};
|
|
}
|
|
|
|
#endif
|