Qt
Internal/Contributor docs for the Qt SDK. Note: These are NOT official API docs; those are found at https://doc.qt.io/
Loading...
Searching...
No Matches
qdtls.h
Go to the documentation of this file.
1// Copyright (C) 2018 The Qt Company Ltd.
2// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3// Qt-Security score:significant reason:default
4
5#ifndef QDTLS_H
6#define QDTLS_H
7
8#include <QtNetwork/qtnetworkglobal.h>
9
10#include <QtNetwork/qsslsocket.h>
11#include <QtNetwork/qssl.h>
12
13#include <QtCore/qcryptographichash.h>
14#include <QtCore/qobject.h>
15#include <QtCore/qcontainerfwd.h>
16
17Q_MOC_INCLUDE(<QtNetwork/QSslPreSharedKeyAuthenticator>)
18
19#ifndef Q_QDOC
20QT_REQUIRE_CONFIG(dtls);
21#endif
22
23QT_BEGIN_NAMESPACE
24
25enum class QDtlsError : unsigned char
26{
27 NoError,
28 InvalidInputParameters,
29 InvalidOperation,
30 UnderlyingSocketError,
31 RemoteClosedConnectionError,
32 PeerVerificationError,
33 TlsInitializationError,
34 TlsFatalError,
35 TlsNonFatalError
36};
37
38class QHostAddress;
39class QUdpSocket;
40class QByteArray;
41class QString;
42
43class QDtlsClientVerifierPrivate;
44class Q_NETWORK_EXPORT QDtlsClientVerifier : public QObject
45{
46 Q_OBJECT
47
48public:
49
50 explicit QDtlsClientVerifier(QObject *parent = nullptr);
51 ~QDtlsClientVerifier();
52
53 struct Q_NETWORK_EXPORT GeneratorParameters
54 {
55 GeneratorParameters();
56 GeneratorParameters(QCryptographicHash::Algorithm a, const QByteArray &s);
57 QCryptographicHash::Algorithm hash = QCryptographicHash::Sha1;
58 QByteArray secret;
59 };
60
61 bool setCookieGeneratorParameters(const GeneratorParameters &params);
62 GeneratorParameters cookieGeneratorParameters() const;
63
64 bool verifyClient(QUdpSocket *socket, const QByteArray &dgram,
65 const QHostAddress &address, quint16 port);
66 QByteArray verifiedHello() const;
67
68 QDtlsError dtlsError() const;
69 QString dtlsErrorString() const;
70
71private:
72
73 Q_DECLARE_PRIVATE(QDtlsClientVerifier)
74 Q_DISABLE_COPY(QDtlsClientVerifier)
75};
76
77class QSslPreSharedKeyAuthenticator;
78class QSslConfiguration;
79class QSslCipher;
80class QSslError;
81
82class QDtlsPrivate;
83class Q_NETWORK_EXPORT QDtls : public QObject
84{
85 Q_OBJECT
86
87public:
88
89 enum HandshakeState
90 {
91 HandshakeNotStarted,
92 HandshakeInProgress,
93 PeerVerificationFailed,
94 HandshakeComplete
95 };
96
97 explicit QDtls(QSslSocket::SslMode mode, QObject *parent = nullptr);
98 ~QDtls();
99
100 bool setPeer(const QHostAddress &address, quint16 port,
101 const QString &verificationName = {});
102 bool setPeerVerificationName(const QString &name);
103 QHostAddress peerAddress() const;
104 quint16 peerPort() const;
105 QString peerVerificationName() const;
106 QSslSocket::SslMode sslMode() const;
107
108 void setMtuHint(quint16 mtuHint);
109 quint16 mtuHint() const;
110
111 using GeneratorParameters = QDtlsClientVerifier::GeneratorParameters;
112 bool setCookieGeneratorParameters(const GeneratorParameters &params);
113 GeneratorParameters cookieGeneratorParameters() const;
114
115 bool setDtlsConfiguration(const QSslConfiguration &configuration);
116 QSslConfiguration dtlsConfiguration() const;
117
118 HandshakeState handshakeState() const;
119
120 bool doHandshake(QUdpSocket *socket, const QByteArray &dgram = {});
121 bool handleTimeout(QUdpSocket *socket);
122 bool resumeHandshake(QUdpSocket *socket);
123 bool abortHandshake(QUdpSocket *socket);
124 bool shutdown(QUdpSocket *socket);
125
126 bool isConnectionEncrypted() const;
127 QSslCipher sessionCipher() const;
128 QSsl::SslProtocol sessionProtocol() const;
129
130 qint64 writeDatagramEncrypted(QUdpSocket *socket, const QByteArray &dgram);
131 QByteArray decryptDatagram(QUdpSocket *socket, const QByteArray &dgram);
132
133 QDtlsError dtlsError() const;
134 QString dtlsErrorString() const;
135
136 QList<QSslError> peerVerificationErrors() const;
137 void ignoreVerificationErrors(const QList<QSslError> &errorsToIgnore);
138
139Q_SIGNALS:
140
141 void pskRequired(QSslPreSharedKeyAuthenticator *authenticator);
142 void handshakeTimeout();
143
144private:
145
146 bool startHandshake(QUdpSocket *socket, const QByteArray &dgram);
147 bool continueHandshake(QUdpSocket *socket, const QByteArray &dgram);
148
149 Q_DECLARE_PRIVATE(QDtls)
150 Q_DISABLE_COPY_MOVE(QDtls)
151};
152
153QT_END_NAMESPACE
154
155#endif // QDTLS_H
QDtlsClientVerifierPrivate::backend
std::unique_ptr< QTlsPrivate::DtlsCookieVerifier > backend
Definition qdtls_p.h:35
QDtlsClientVerifier
This class implements server-side DTLS cookie generation and verification.
Definition qdtls.h:45
QDtlsPrivate::backend
std::unique_ptr< QTlsPrivate::DtlsCryptograph > backend
Definition qdtls_p.h:43
QDtls
This class provides encryption for UDP sockets.
Definition qdtls.h:84
QList
Definition qlist.h:81
QOcspResponse
This class represents Online Certificate Status Protocol response.
Definition qocspresponse.h:50
QSslCertificate
The QSslCertificate class provides a convenient API for an X509 certificate.
Definition qsslcertificate.h:38
QSslCipher
The QSslCipher class represents an SSL cryptographic cipher.
Definition qsslcipher.h:23
QSslDiffieHellmanParameters
The QSslDiffieHellmanParameters class provides an interface for Diffie-Hellman parameters for servers...
Definition qssldiffiehellmanparameters.h:32
QSslEllipticCurve
Represents an elliptic curve for use by elliptic-curve cipher algorithms.
Definition qsslellipticcurve.h:19
QSslEllipticCurve::QSslEllipticCurve
constexpr QSslEllipticCurve() noexcept
Constructs an invalid elliptic curve.
Definition qsslellipticcurve.h:21
QSslEllipticCurve::isValid
constexpr bool isValid() const noexcept
Returns true if this elliptic curve is a valid curve, false otherwise.
Definition qsslellipticcurve.h:32
QSslEllipticCurve::operator!=
friend constexpr bool operator!=(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept
Definition qsslellipticcurve.h:44
QSslEllipticCurve::isTlsNamedCurve
Q_NETWORK_EXPORT bool isTlsNamedCurve() const noexcept
Returns true if this elliptic curve is one of the named curves that can be used in the key exchange w...
Definition qsslellipticcurve.cpp:139
QSslEllipticCurve::operator==
friend constexpr bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept
Definition qsslellipticcurve.h:42
QSslError
The QSslError class provides an SSL error.
Definition qsslerror.h:27
QSslKey
The QSslKey class provides an interface for private and public keys.
Definition qsslkey.h:24
QSslKeyingMaterial
Describes exported keying material derived from a TLS session.
Definition qsslkeyingmaterial.h:19
QSslKeyingMaterial::context
QByteArray context() const noexcept
Returns the optional context value used for deriving the keying material.
Definition qsslkeyingmaterial.h:41
QSslKeyingMaterial::QSslKeyingMaterial
QSslKeyingMaterial(const QByteArray &label, qsizetype size, const QByteArray &context=QByteArray()) noexcept
Constructs a QSslKeyingMaterial object with the given exporter label, output size,...
Definition qsslkeyingmaterial.h:21
QSslKeyingMaterial::label
QByteArray label() const noexcept
Returns the exporter label used for deriving the keying material.
Definition qsslkeyingmaterial.h:36
QSslKeyingMaterial::size
qsizetype size() const noexcept
The desired size of the keying material.
Definition qsslkeyingmaterial.h:51
QSslKeyingMaterial::isValid
bool isValid() const noexcept
Returns true if this QSslKeyingMaterial object describes a valid exporter request.
Definition qsslkeyingmaterial.h:31
QSslKeyingMaterial::value
QByteArray value() const noexcept
Returns the exported keying material.
Definition qsslkeyingmaterial.h:46
QSslKeyingMaterial::comparesEqual
friend bool comparesEqual(const QSslKeyingMaterial &lhs, const QSslKeyingMaterial &rhs) noexcept
Definition qsslkeyingmaterial.h:62
QSslPreSharedKeyAuthenticator
The QSslPreSharedKeyAuthenticator class provides authentication data for pre shared keys (PSK) cipher...
Definition qsslpresharedkeyauthenticator.h:19
QSslSocket
The QSslSocket class provides an SSL encrypted socket for both clients and servers.
Definition qsslsocket.h:30
QTlsBackend
QTlsBackend is a factory class, providing implementations for the QSsl classes.
Definition qtlsbackend_p.h:269
QTlsPrivate::TlsKey
TlsKey is an abstract class, that allows a TLS plugin to provide an underlying implementation for the...
Definition qtlsbackend_p.h:60
QTlsPrivate::X509Certificate
X509Certificate is an abstract class that allows a TLS backend to provide an implementation of the QS...
Definition qtlsbackend_p.h:101
QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qrandomaccessasyncfile_darwin.mm:17
QTlsPrivate
Namespace containing onternal types that TLS backends implement.
Definition qocspresponse.h:41
QTlsPrivate::X509Pkcs12ReaderPtr
bool(*)(QIODevice *device, QSslKey *key, QSslCertificate *cert, QList< QSslCertificate > *caCertificates, const QByteArray &passPhrase) X509Pkcs12ReaderPtr
Definition qtlsbackend_p.h:151
operator<<
Q_CORE_EXPORT QDebug operator<<(QDebug debug, QDir::Filters filters)
Definition qdir.cpp:2582
msgUnsupportedMulticastAddress
static QT_BEGIN_NAMESPACE QString msgUnsupportedMulticastAddress()
Definition qdtls.cpp:304
QT_REQUIRE_CONFIG
QT_REQUIRE_CONFIG(liburing)
Q_DECLARE_INTERFACE
Q_DECLARE_INTERFACE(QNetworkAccessBackendFactory, QNetworkAccessBackendFactory_iid)
QOcspRevocationReason
QOcspRevocationReason
Definition qocspresponse.h:29
qHash
constexpr size_t qHash(QSslEllipticCurve curve, size_t seed=0) noexcept
Definition qsslellipticcurve.h:54
Q_DECLARE_TYPEINFO
Q_DECLARE_TYPEINFO(QSslEllipticCurve, Q_PRIMITIVE_TYPE)
qHash
size_t qHash(const QSslKeyingMaterial &material, size_t seed=0)
Definition qsslkeyingmaterial.h:80
QTlsBackend_iid
#define QTlsBackend_iid
Definition qtlsbackend_p.h:400