1 | /**************************************************************************** |
2 | ** |
3 | ** Copyright (C) 2014 Governikus GmbH & Co. KG. |
4 | ** Contact: https://www.qt.io/licensing/ |
5 | ** |
6 | ** This file is part of the QtNetwork module of the Qt Toolkit. |
7 | ** |
8 | ** $QT_BEGIN_LICENSE:LGPL$ |
9 | ** Commercial License Usage |
10 | ** Licensees holding valid commercial Qt licenses may use this file in |
11 | ** accordance with the commercial license agreement provided with the |
12 | ** Software or, alternatively, in accordance with the terms contained in |
13 | ** a written agreement between you and The Qt Company. For licensing terms |
14 | ** and conditions see https://www.qt.io/terms-conditions. For further |
15 | ** information use the contact form at https://www.qt.io/contact-us. |
16 | ** |
17 | ** GNU Lesser General Public License Usage |
18 | ** Alternatively, this file may be used under the terms of the GNU Lesser |
19 | ** General Public License version 3 as published by the Free Software |
20 | ** Foundation and appearing in the file LICENSE.LGPL3 included in the |
21 | ** packaging of this file. Please review the following information to |
22 | ** ensure the GNU Lesser General Public License version 3 requirements |
23 | ** will be met: https://www.gnu.org/licenses/lgpl-3.0.html. |
24 | ** |
25 | ** GNU General Public License Usage |
26 | ** Alternatively, this file may be used under the terms of the GNU |
27 | ** General Public License version 2.0 or (at your option) the GNU General |
28 | ** Public license version 3 or any later version approved by the KDE Free |
29 | ** Qt Foundation. The licenses are as published by the Free Software |
30 | ** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3 |
31 | ** included in the packaging of this file. Please review the following |
32 | ** information to ensure the GNU General Public License requirements will |
33 | ** be met: https://www.gnu.org/licenses/gpl-2.0.html and |
34 | ** https://www.gnu.org/licenses/gpl-3.0.html. |
35 | ** |
36 | ** $QT_END_LICENSE$ |
37 | ** |
38 | ****************************************************************************/ |
39 | |
40 | #include "qsslpresharedkeyauthenticator.h" |
41 | #include "qsslpresharedkeyauthenticator_p.h" |
42 | |
43 | #include <QSharedData> |
44 | |
45 | QT_BEGIN_NAMESPACE |
46 | |
47 | /*! |
48 | \internal |
49 | */ |
50 | QSslPreSharedKeyAuthenticatorPrivate::QSslPreSharedKeyAuthenticatorPrivate() |
51 | : maximumIdentityLength(0), |
52 | maximumPreSharedKeyLength(0) |
53 | { |
54 | } |
55 | |
56 | /*! |
57 | \class QSslPreSharedKeyAuthenticator |
58 | |
59 | \brief The QSslPreSharedKeyAuthenticator class provides authentication data for pre |
60 | shared keys (PSK) ciphersuites. |
61 | |
62 | \inmodule QtNetwork |
63 | |
64 | \reentrant |
65 | |
66 | \ingroup network |
67 | \ingroup ssl |
68 | \ingroup shared |
69 | |
70 | \since 5.5 |
71 | |
72 | The QSslPreSharedKeyAuthenticator class is used by an SSL socket to provide |
73 | the required authentication data in a pre shared key (PSK) ciphersuite. |
74 | |
75 | In a PSK handshake, the client must derive a key, which must match the key |
76 | set on the server. The exact algorithm of deriving the key depends on the |
77 | application; however, for this purpose, the server may send an \e{identity |
78 | hint} to the client. This hint, combined with other information (for |
79 | instance a passphrase), is then used by the client to construct the shared |
80 | key. |
81 | |
82 | The QSslPreSharedKeyAuthenticator provides means to client applications for |
83 | completing the PSK handshake. The client application needs to connect a |
84 | slot to the QSslSocket::preSharedKeyAuthenticationRequired() signal: |
85 | |
86 | \snippet code/src_network_ssl_qsslpresharedkeyauthenticator.cpp 0 |
87 | |
88 | The signal carries a QSslPreSharedKeyAuthenticator object containing the |
89 | identity hint the server sent to the client, and which must be filled with the |
90 | corresponding client identity and the derived key: |
91 | |
92 | \snippet code/src_network_ssl_qsslpresharedkeyauthenticator.cpp 1 |
93 | |
94 | \note PSK ciphersuites are supported only when using OpenSSL 1.0.1 (or |
95 | greater) as the SSL backend. |
96 | |
97 | \note PSK is currently only supported in OpenSSL. |
98 | |
99 | \sa QSslSocket |
100 | */ |
101 | |
102 | /*! |
103 | Constructs a default QSslPreSharedKeyAuthenticator object. |
104 | |
105 | The identity hint, the identity and the key will be initialized to empty |
106 | byte arrays; the maximum length for both the identity and the key will be |
107 | initialized to 0. |
108 | */ |
109 | QSslPreSharedKeyAuthenticator::QSslPreSharedKeyAuthenticator() |
110 | : d(new QSslPreSharedKeyAuthenticatorPrivate) |
111 | { |
112 | } |
113 | |
114 | /*! |
115 | Destroys the QSslPreSharedKeyAuthenticator object. |
116 | */ |
117 | QSslPreSharedKeyAuthenticator::~QSslPreSharedKeyAuthenticator() |
118 | { |
119 | } |
120 | |
121 | /*! |
122 | Constructs a QSslPreSharedKeyAuthenticator object as a copy of \a authenticator. |
123 | |
124 | \sa operator=() |
125 | */ |
126 | QSslPreSharedKeyAuthenticator::QSslPreSharedKeyAuthenticator(const QSslPreSharedKeyAuthenticator &authenticator) |
127 | : d(authenticator.d) |
128 | { |
129 | } |
130 | |
131 | /*! |
132 | Assigns the QSslPreSharedKeyAuthenticator object \a authenticator to this object, |
133 | and returns a reference to the copy. |
134 | */ |
135 | QSslPreSharedKeyAuthenticator &QSslPreSharedKeyAuthenticator::operator=(const QSslPreSharedKeyAuthenticator &authenticator) |
136 | { |
137 | d = authenticator.d; |
138 | return *this; |
139 | } |
140 | |
141 | /*! |
142 | \fn QSslPreSharedKeyAuthenticator &QSslPreSharedKeyAuthenticator::operator=(QSslPreSharedKeyAuthenticator &&authenticator) |
143 | |
144 | Move-assigns the QSslPreSharedKeyAuthenticator object \a authenticator to this |
145 | object, and returns a reference to the moved instance. |
146 | */ |
147 | |
148 | /*! |
149 | \fn void QSslPreSharedKeyAuthenticator::swap(QSslPreSharedKeyAuthenticator &authenticator) |
150 | |
151 | Swaps the QSslPreSharedKeyAuthenticator object \a authenticator with this object. |
152 | This operation is very fast and never fails. |
153 | */ |
154 | |
155 | /*! |
156 | Returns the PSK identity hint as provided by the server. The interpretation |
157 | of this hint is left to the application. |
158 | */ |
159 | QByteArray QSslPreSharedKeyAuthenticator::identityHint() const |
160 | { |
161 | return d->identityHint; |
162 | } |
163 | |
164 | /*! |
165 | Sets the PSK client identity (to be advised to the server) to \a identity. |
166 | |
167 | \note it is possible to set an identity whose length is greater than |
168 | maximumIdentityLength(); in this case, only the first maximumIdentityLength() |
169 | bytes will be actually sent to the server. |
170 | |
171 | \sa identity(), maximumIdentityLength() |
172 | */ |
173 | void QSslPreSharedKeyAuthenticator::setIdentity(const QByteArray &identity) |
174 | { |
175 | d->identity = identity; |
176 | } |
177 | |
178 | /*! |
179 | Returns the PSK client identity. |
180 | |
181 | \sa setIdentity() |
182 | */ |
183 | QByteArray QSslPreSharedKeyAuthenticator::identity() const |
184 | { |
185 | return d->identity; |
186 | } |
187 | |
188 | |
189 | /*! |
190 | Returns the maximum length, in bytes, of the PSK client identity. |
191 | |
192 | \note it is possible to set an identity whose length is greater than |
193 | maximumIdentityLength(); in this case, only the first maximumIdentityLength() |
194 | bytes will be actually sent to the server. |
195 | |
196 | \sa setIdentity() |
197 | */ |
198 | int QSslPreSharedKeyAuthenticator::maximumIdentityLength() const |
199 | { |
200 | return d->maximumIdentityLength; |
201 | } |
202 | |
203 | |
204 | /*! |
205 | Sets the pre shared key to \a preSharedKey. |
206 | |
207 | \note it is possible to set a key whose length is greater than the |
208 | maximumPreSharedKeyLength(); in this case, only the first |
209 | maximumPreSharedKeyLength() bytes will be actually sent to the server. |
210 | |
211 | \sa preSharedKey(), maximumPreSharedKeyLength(), QByteArray::fromHex() |
212 | */ |
213 | void QSslPreSharedKeyAuthenticator::setPreSharedKey(const QByteArray &preSharedKey) |
214 | { |
215 | d->preSharedKey = preSharedKey; |
216 | } |
217 | |
218 | /*! |
219 | Returns the pre shared key. |
220 | |
221 | \sa setPreSharedKey() |
222 | */ |
223 | QByteArray QSslPreSharedKeyAuthenticator::preSharedKey() const |
224 | { |
225 | return d->preSharedKey; |
226 | } |
227 | |
228 | /*! |
229 | Returns the maximum length, in bytes, of the pre shared key. |
230 | |
231 | \note it is possible to set a key whose length is greater than the |
232 | maximumPreSharedKeyLength(); in this case, only the first |
233 | maximumPreSharedKeyLength() bytes will be actually sent to the server. |
234 | |
235 | \sa setPreSharedKey() |
236 | */ |
237 | int QSslPreSharedKeyAuthenticator::maximumPreSharedKeyLength() const |
238 | { |
239 | return d->maximumPreSharedKeyLength; |
240 | } |
241 | |
242 | /*! |
243 | \relates QSslPreSharedKeyAuthenticator |
244 | \since 5.5 |
245 | |
246 | Returns true if the authenticator object \a lhs is equal to \a rhs; false |
247 | otherwise. |
248 | |
249 | Two authenticator objects are equal if and only if they have the same |
250 | identity hint, identity, pre shared key, maximum length for the identity |
251 | and maximum length for the pre shared key. |
252 | |
253 | */ |
254 | bool operator==(const QSslPreSharedKeyAuthenticator &lhs, const QSslPreSharedKeyAuthenticator &rhs) |
255 | { |
256 | return ((lhs.d == rhs.d) || |
257 | (lhs.d->identityHint == rhs.d->identityHint && |
258 | lhs.d->identity == rhs.d->identity && |
259 | lhs.d->maximumIdentityLength == rhs.d->maximumIdentityLength && |
260 | lhs.d->preSharedKey == rhs.d->preSharedKey && |
261 | lhs.d->maximumPreSharedKeyLength == rhs.d->maximumPreSharedKeyLength)); |
262 | } |
263 | |
264 | /*! |
265 | \fn bool operator!=(const QSslPreSharedKeyAuthenticator &lhs, const QSslPreSharedKeyAuthenticator &rhs) |
266 | \relates QSslPreSharedKeyAuthenticator |
267 | \since 5.5 |
268 | |
269 | Returns true if the authenticator object \a lhs is different than \a rhs; |
270 | false otherwise. |
271 | |
272 | */ |
273 | |
274 | QT_END_NAMESPACE |
275 | |