d4/d8c/qdtls_8h_source.html

// Copyright (C) 2018 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only

// Qt-Security score:significant reason:default


#ifndef QDTLS_H

#define QDTLS_H


#include <QtNetwork/qtnetworkglobal.h>


#include <QtNetwork/qsslsocket.h>

#include <QtNetwork/qssl.h>


#include <QtCore/qcryptographichash.h>

#include <QtCore/qobject.h>

#include <QtCore/qcontainerfwd.h>


Q_MOC_INCLUDE(<QtNetwork/QSslPreSharedKeyAuthenticator>)


#ifndef Q_QDOC

QT_REQUIRE_CONFIG(dtls);

#endif


QT_BEGIN_NAMESPACE


enum class QDtlsError : unsigned char

{

    NoError,

    InvalidInputParameters,

    InvalidOperation,

    UnderlyingSocketError,

    RemoteClosedConnectionError,

    PeerVerificationError,

    TlsInitializationError,

    TlsFatalError,

    TlsNonFatalError

};


class QHostAddress;

class QUdpSocket;

class QByteArray;

class QString;


class QDtlsClientVerifierPrivate;


class Q_NETWORK_EXPORT QDtlsClientVerifier : public QObject

{

    Q_OBJECT


public:


    explicit QDtlsClientVerifier(QObject *parent = nullptr);

    ~QDtlsClientVerifier();


    struct Q_NETWORK_EXPORT GeneratorParameters

    {

        GeneratorParameters();

        GeneratorParameters(QCryptographicHash::Algorithm a, const QByteArray &s);

        QCryptographicHash::Algorithm hash = QCryptographicHash::Sha1;

        QByteArray secret;

    };


    bool setCookieGeneratorParameters(const GeneratorParameters &params);

    GeneratorParameters cookieGeneratorParameters() const;


    bool verifyClient(QUdpSocket *socket, const QByteArray &dgram,

                      const QHostAddress &address, quint16 port);

    QByteArray verifiedHello() const;


    QDtlsError dtlsError() const;

    QString dtlsErrorString() const;


private:


    Q_DECLARE_PRIVATE(QDtlsClientVerifier)

    Q_DISABLE_COPY(QDtlsClientVerifier)

};


class QSslPreSharedKeyAuthenticator;

class QSslConfiguration;

class QSslCipher;

class QSslError;


class QDtlsPrivate;


class Q_NETWORK_EXPORT QDtls : public QObject

{

    Q_OBJECT


public:


    enum HandshakeState

    {

        HandshakeNotStarted,

        HandshakeInProgress,

        PeerVerificationFailed,

        HandshakeComplete

    };


    explicit QDtls(QSslSocket::SslMode mode, QObject *parent = nullptr);

    ~QDtls();


    bool setPeer(const QHostAddress &address, quint16 port,

                 const QString &verificationName = {});

    bool setPeerVerificationName(const QString &name);

    QHostAddress peerAddress() const;

    quint16 peerPort() const;

    QString peerVerificationName() const;

    QSslSocket::SslMode sslMode() const;


    void setMtuHint(quint16 mtuHint);

    quint16 mtuHint() const;


    using GeneratorParameters = QDtlsClientVerifier::GeneratorParameters;

    bool setCookieGeneratorParameters(const GeneratorParameters &params);

    GeneratorParameters cookieGeneratorParameters() const;


    bool setDtlsConfiguration(const QSslConfiguration &configuration);

    QSslConfiguration dtlsConfiguration() const;


    HandshakeState handshakeState() const;


    bool doHandshake(QUdpSocket *socket, const QByteArray &dgram = {});

    bool handleTimeout(QUdpSocket *socket);

    bool resumeHandshake(QUdpSocket *socket);

    bool abortHandshake(QUdpSocket *socket);

    bool shutdown(QUdpSocket *socket);


    bool isConnectionEncrypted() const;

    QSslCipher sessionCipher() const;

    QSsl::SslProtocol sessionProtocol() const;


    qint64 writeDatagramEncrypted(QUdpSocket *socket, const QByteArray &dgram);

    QByteArray decryptDatagram(QUdpSocket *socket, const QByteArray &dgram);


    QDtlsError dtlsError() const;

    QString dtlsErrorString() const;


    QList<QSslError> peerVerificationErrors() const;

    void ignoreVerificationErrors(const QList<QSslError> &errorsToIgnore);


Q_SIGNALS:


    void pskRequired(QSslPreSharedKeyAuthenticator *authenticator);

    void handshakeTimeout();


private:


    bool startHandshake(QUdpSocket *socket, const QByteArray &dgram);

    bool continueHandshake(QUdpSocket *socket, const QByteArray &dgram);


    Q_DECLARE_PRIVATE(QDtls)

    Q_DISABLE_COPY_MOVE(QDtls)

};


QT_END_NAMESPACE


#endif // QDTLS_H

QByteArray::FromBase64Result
\inmodule QtCore
Definition qbytearray.h:785

QDtlsClientVerifierPrivate
Definition qdtls_p.h:31

QDtlsClientVerifierPrivate::QDtlsClientVerifierPrivate
QDtlsClientVerifierPrivate()
Definition qdtls.cpp:335

QDtlsClientVerifierPrivate::backend
std::unique_ptr< QTlsPrivate::DtlsCookieVerifier > backend
Definition qdtls_p.h:35

QDtlsClientVerifierPrivate::~QDtlsClientVerifierPrivate
~QDtlsClientVerifierPrivate()

QDtlsClientVerifier
This class implements server-side DTLS cookie generation and verification.
Definition qdtls.h:45

QDtlsPrivate
Definition qdtls_p.h:39

QDtlsPrivate::QDtlsPrivate
QDtlsPrivate()

QDtlsPrivate::backend
std::unique_ptr< QTlsPrivate::DtlsCryptograph > backend
Definition qdtls_p.h:43

QDtlsPrivate::~QDtlsPrivate
~QDtlsPrivate()

QDtls
This class provides encryption for UDP sockets.
Definition qdtls.h:84

QList
Definition qlist.h:81

QOcspResponsePrivate
Definition qocspresponse_p.h:30

QOcspResponse
This class represents Online Certificate Status Protocol response.
Definition qocspresponse.h:50

QSslCertificatePrivate
Definition qsslcertificate_p.h:33

QSslCertificate
The QSslCertificate class provides a convenient API for an X509 certificate.
Definition qsslcertificate.h:38

QSslCipher
The QSslCipher class represents an SSL cryptographic cipher.
Definition qsslcipher.h:23

QSslContext
Definition qsslcontext_openssl_p.h:32

QSslDiffieHellmanParameters
The QSslDiffieHellmanParameters class provides an interface for Diffie-Hellman parameters for servers...
Definition qssldiffiehellmanparameters.h:32

QSslEllipticCurve
Represents an elliptic curve for use by elliptic-curve cipher algorithms.
Definition qsslellipticcurve.h:19

QSslEllipticCurve::QSslEllipticCurve
constexpr QSslEllipticCurve() noexcept
Constructs an invalid elliptic curve.
Definition qsslellipticcurve.h:21

QSslEllipticCurve::isValid
constexpr bool isValid() const noexcept
Returns true if this elliptic curve is a valid curve, false otherwise.
Definition qsslellipticcurve.h:32

QSslEllipticCurve::operator!=
friend constexpr bool operator!=(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept
Definition qsslellipticcurve.h:44

QSslEllipticCurve::isTlsNamedCurve
Q_NETWORK_EXPORT bool isTlsNamedCurve() const noexcept
Returns true if this elliptic curve is one of the named curves that can be used in the key exchange w...
Definition qsslellipticcurve.cpp:139

QSslEllipticCurve::operator==
friend constexpr bool operator==(QSslEllipticCurve lhs, QSslEllipticCurve rhs) noexcept
Definition qsslellipticcurve.h:42

QSslError
The QSslError class provides an SSL error.
Definition qsslerror.h:27

QSslKeyPrivate
Definition qsslkey_p.h:34

QSslKey
The QSslKey class provides an interface for private and public keys.
Definition qsslkey.h:24

QSslPreSharedKeyAuthenticator
The QSslPreSharedKeyAuthenticator class provides authentication data for pre shared keys (PSK) cipher...
Definition qsslpresharedkeyauthenticator.h:19

QSslSocketPrivate
Definition qsslsocket_p.h:43

QSslSocket
The QSslSocket class provides an SSL encrypted socket for both clients and servers.
Definition qsslsocket.h:30

QTlsBackend
QTlsBackend is a factory class, providing implementations for the QSsl classes.
Definition qtlsbackend_p.h:269

QTlsPrivate::TlsCryptographOpenSSL
Definition qtls_openssl_p.h:38

QTlsPrivate::TlsKey
TlsKey is an abstract class, that allows a TLS plugin to provide an underlying implementation for the...
Definition qtlsbackend_p.h:60

QTlsPrivate::X509Certificate
X509Certificate is an abstract class that allows a TLS backend to provide an implementation of the QS...
Definition qtlsbackend_p.h:101

QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qrandomaccessasyncfile_darwin.mm:17

QTlsPrivate
Namespace containing onternal types that TLS backends implement.
Definition qocspresponse.h:41

QTlsPrivate::X509Pkcs12ReaderPtr
bool(*)(QIODevice *device, QSslKey *key, QSslCertificate *cert, QList< QSslCertificate > *caCertificates, const QByteArray &passPhrase) X509Pkcs12ReaderPtr
Definition qtlsbackend_p.h:151

operator<<
Q_CORE_EXPORT QDebug operator<<(QDebug debug, QDir::Filters filters)
Definition qdir.cpp:2582

msgUnsupportedMulticastAddress
static QT_BEGIN_NAMESPACE QString msgUnsupportedMulticastAddress()
Definition qdtls.cpp:304

QT_REQUIRE_CONFIG
QT_REQUIRE_CONFIG(liburing)

Q_DECLARE_INTERFACE
Q_DECLARE_INTERFACE(QNetworkAccessBackendFactory, QNetworkAccessBackendFactory_iid)

QOcspRevocationReason
QOcspRevocationReason
Definition qocspresponse.h:29

QOcspRevocationReason::RemoveFromCRL
@ RemoveFromCRL
Definition qocspresponse.h:38

QOcspRevocationReason::AffiliationChanged
@ AffiliationChanged
Definition qocspresponse.h:34

QOcspRevocationReason::CertificateHold
@ CertificateHold
Definition qocspresponse.h:37

QOcspRevocationReason::CACompromise
@ CACompromise
Definition qocspresponse.h:33

QOcspRevocationReason::None
@ None
Definition qocspresponse.h:30

QOcspRevocationReason::Unspecified
@ Unspecified
Definition qocspresponse.h:31

QOcspRevocationReason::CessationOfOperation
@ CessationOfOperation
Definition qocspresponse.h:36

QOcspRevocationReason::KeyCompromise
@ KeyCompromise
Definition qocspresponse.h:32

QOcspRevocationReason::Superseded
@ Superseded
Definition qocspresponse.h:35

qHash
constexpr size_t qHash(QSslEllipticCurve curve, size_t seed=0) noexcept
Definition qsslellipticcurve.h:54

Q_DECLARE_TYPEINFO
Q_DECLARE_TYPEINFO(QSslEllipticCurve, Q_PRIMITIVE_TYPE)

QTlsBackend_iid
#define QTlsBackend_iid
Definition qtlsbackend_p.h:400