1// Copyright (C) 2018 The Qt Company Ltd.
2// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
3// Qt-Security score:significant reason:default
4
5#ifndef QDTLS_H
6#define QDTLS_H
7
8#include <QtNetwork/qtnetworkglobal.h>
9
10#include <QtNetwork/qsslsocket.h>
11#include <QtNetwork/qssl.h>
12
13#include <QtCore/qcryptographichash.h>
14#include <QtCore/qobject.h>
15#include <QtCore/qcontainerfwd.h>
16
17Q_MOC_INCLUDE(<QtNetwork/QSslPreSharedKeyAuthenticator>)
18
19#ifndef Q_QDOC
20QT_REQUIRE_CONFIG(dtls);
21#endif
22
23QT_BEGIN_NAMESPACE
24
25enum class QDtlsError : unsigned char
26{
27 NoError,
28 InvalidInputParameters,
29 InvalidOperation,
30 UnderlyingSocketError,
31 RemoteClosedConnectionError,
32 PeerVerificationError,
33 TlsInitializationError,
34 TlsFatalError,
35 TlsNonFatalError
36};
37
38class QHostAddress;
39class QUdpSocket;
40class QByteArray;
41class QString;
42
43class QDtlsClientVerifierPrivate;
44class Q_NETWORK_EXPORT QDtlsClientVerifier : public QObject
45{
46 Q_OBJECT
47
48public:
49
50 explicit QDtlsClientVerifier(QObject *parent = nullptr);
51 ~QDtlsClientVerifier();
52
53 struct Q_NETWORK_EXPORT GeneratorParameters
54 {
55 GeneratorParameters();
56 GeneratorParameters(QCryptographicHash::Algorithm a, const QByteArray &s);
57 QCryptographicHash::Algorithm hash = QCryptographicHash::Sha1;
58 QByteArray secret;
59 };
60
61 bool setCookieGeneratorParameters(const GeneratorParameters &params);
62 GeneratorParameters cookieGeneratorParameters() const;
63
64 bool verifyClient(QUdpSocket *socket, const QByteArray &dgram,
65 const QHostAddress &address, quint16 port);
66 QByteArray verifiedHello() const;
67
68 QDtlsError dtlsError() const;
69 QString dtlsErrorString() const;
70
71private:
72
73 Q_DECLARE_PRIVATE(QDtlsClientVerifier)
74 Q_DISABLE_COPY(QDtlsClientVerifier)
75};
76
77class QSslPreSharedKeyAuthenticator;
78class QSslConfiguration;
79class QSslCipher;
80class QSslError;
81
82class QDtlsPrivate;
83class Q_NETWORK_EXPORT QDtls : public QObject
84{
85 Q_OBJECT
86
87public:
88
89 enum HandshakeState
90 {
91 HandshakeNotStarted,
92 HandshakeInProgress,
93 PeerVerificationFailed,
94 HandshakeComplete
95 };
96
97 explicit QDtls(QSslSocket::SslMode mode, QObject *parent = nullptr);
98 ~QDtls();
99
100 bool setPeer(const QHostAddress &address, quint16 port,
101 const QString &verificationName = {});
102 bool setPeerVerificationName(const QString &name);
103 QHostAddress peerAddress() const;
104 quint16 peerPort() const;
105 QString peerVerificationName() const;
106 QSslSocket::SslMode sslMode() const;
107
108 void setMtuHint(quint16 mtuHint);
109 quint16 mtuHint() const;
110
111 using GeneratorParameters = QDtlsClientVerifier::GeneratorParameters;
112 bool setCookieGeneratorParameters(const GeneratorParameters &params);
113 GeneratorParameters cookieGeneratorParameters() const;
114
115 bool setDtlsConfiguration(const QSslConfiguration &configuration);
116 QSslConfiguration dtlsConfiguration() const;
117
118 HandshakeState handshakeState() const;
119
120 bool doHandshake(QUdpSocket *socket, const QByteArray &dgram = {});
121 bool handleTimeout(QUdpSocket *socket);
122 bool resumeHandshake(QUdpSocket *socket);
123 bool abortHandshake(QUdpSocket *socket);
124 bool shutdown(QUdpSocket *socket);
125
126 bool isConnectionEncrypted() const;
127 QSslCipher sessionCipher() const;
128 QSsl::SslProtocol sessionProtocol() const;
129
130 qint64 writeDatagramEncrypted(QUdpSocket *socket, const QByteArray &dgram);
131 QByteArray decryptDatagram(QUdpSocket *socket, const QByteArray &dgram);
132
133 QDtlsError dtlsError() const;
134 QString dtlsErrorString() const;
135
136 QList<QSslError> peerVerificationErrors() const;
137 void ignoreVerificationErrors(const QList<QSslError> &errorsToIgnore);
138
139Q_SIGNALS:
140
141 void pskRequired(QSslPreSharedKeyAuthenticator *authenticator);
142 void handshakeTimeout();
143
144private:
145
146 bool startHandshake(QUdpSocket *socket, const QByteArray &dgram);
147 bool continueHandshake(QUdpSocket *socket, const QByteArray &dgram);
148
149 Q_DECLARE_PRIVATE(QDtls)
150 Q_DISABLE_COPY_MOVE(QDtls)
151};
152
153QT_END_NAMESPACE
154
155#endif // QDTLS_H
156

source code of qtbase/src/network/ssl/qdtls.h