Warning, /libraries/qca/Mainpage.dox is written in an unsupported language. File is not indexed.
0001 /** 0002 \mainpage Qt Cryptographic Architecture 0003 0004 Taking a hint from the similarly-named 0005 <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html">Java 0006 Cryptography Architecture</a>, %QCA aims to provide a 0007 straightforward and cross-platform cryptographic API, using Qt 0008 datatypes and conventions. %QCA separates the API from the 0009 implementation, using plugins known as Providers. The advantage 0010 of this model is to allow applications to avoid linking to or 0011 explicitly depending on any particular cryptographic library. 0012 This allows one to easily change or upgrade Provider 0013 implementations without even needing to recompile the 0014 application! 0015 0016 %QCA should work everywhere %Qt does, including Windows/Unix/MacOSX. This 0017 version of %QCA is for Qt4 or Qt5, and requires no Qt3 compatibility code. 0018 0019 \section features Features 0020 0021 This library provides an easy API for the following features: 0022 - Secure byte arrays (QCA::SecureArray) 0023 - Arbitrary precision integers (QCA::BigInteger) 0024 - Random number generation (QCA::Random) 0025 - SSL/TLS (QCA::TLS) 0026 - X509 certificates (QCA::Certificate and QCA::CertificateCollection) 0027 - X509 certificate revocation lists (QCA::CRL) 0028 - Built-in support for operating system certificate root storage (QCA::systemStore) 0029 - Simple Authentication and Security Layer (SASL) (QCA::SASL) 0030 - Cryptographic Message Syntax (e.g., for S/MIME) (QCA::CMS) 0031 - PGP messages (QCA::OpenPGP) 0032 - Unified PGP/CMS API (QCA::SecureMessage) 0033 - Subsystem for managing Smart Cards and PGP keyrings (QCA::KeyStore) 0034 - Simple but flexible logging system (QCA::Logger) 0035 - RSA (QCA::RSAPrivateKey and QCA::RSAPublicKey) 0036 - DSA (QCA::DSAPrivateKey and QCA::DSAPublicKey) 0037 - Diffie-Hellman (QCA::DHPrivateKey and QCA::DHPublicKey) 0038 - Hashing (QCA::Hash) with 0039 - SHA-0 0040 - SHA-1 0041 - MD2 0042 - MD4 0043 - MD5 0044 - RIPEMD160 0045 - SHA-224 0046 - SHA-256 0047 - SHA-384 0048 - SHA-512 0049 - Whirlpool 0050 - Ciphers (QCA::Cipher) using 0051 - BlowFish 0052 - Triple DES 0053 - DES 0054 - AES (128, 192 and 256 bit) 0055 - CAST5 (also known as CAST-128) 0056 - Message Authentication Code (QCA::MessageAuthenticationCode), using 0057 - HMAC with SHA-1 0058 - HMAC with MD5 0059 - HMAC with RIPEMD160 0060 - HMAC with SHA-224 0061 - HMAC with SHA-256 0062 - HMAC with SHA-384 0063 - HMAC with SHA-512 0064 - Encoding and decoding of hexadecimal (QCA::Hex) and 0065 Base64 (QCA::Base64) strings. 0066 0067 Functionality is supplied via plugins. This is useful for avoiding 0068 dependence on a particular crypto library and makes upgrading easier, 0069 as there is no need to recompile your application when adding or 0070 upgrading a crypto plugin. Also, by pushing crypto functionality into 0071 plugins, your application is free of legal issues, such as export 0072 regulation. 0073 0074 And of course, you get a very simple crypto API for Qt, where you can 0075 do things like: 0076 \code 0077 QString hash = QCA::Hash("sha1").hashToString(blockOfData); 0078 \endcode 0079 0080 \section using Using QCA 0081 0082 The application simply includes <QtCrypto> and links to 0083 libqca, which provides the 'wrapper API' and plugin loader. Crypto 0084 functionality is determined during runtime, and plugins are loaded 0085 from the 'crypto' subfolder of the %Qt library paths. There are <a 0086 href="examples.html">additional examples available</a>. 0087 0088 \subsection tute1 Introduction 0089 0090 Using %QCA is much like using Qt, and if you are familiar with 0091 Qt, then it should feel "natural". There are a few things you 0092 do need to know though, to build reliable applications: 0093 - %QCA needs to be initialized before you use any class that 0094 requires plugin support, or uses secure memory. That is most 0095 of %QCA, so you should assume that you need to perform 0096 initialization. The easiest way to do this is to instantiate 0097 a QCA::Initializer object and ensure it is not deleted (or 0098 allowed to go out of scope) until you have finished using 0099 %QCA. 0100 - Most features/algorithms are provided by plugins/\ref providers. 0101 You should check that the required feature is actually 0102 available (using QCA::isSupported()) before trying to create 0103 it. If you try to create a class and suitable provider support 0104 is not available, you will get back a null object, and when 0105 you try to use one of the methods, your application will 0106 segfault. Also, for features that take algorithm names (e.g. 0107 QCA::Hash, which takes the name of the hashing algorithm such 0108 as "md5" or "sha256"), the name is looked up at run-time, so 0109 if you make a typographical error (e.g. "md56") it will compile 0110 correctly, but segfault at run-time. 0111 0112 \subsection tute2 Thoughts on security 0113 0114 %QCA tries to be flexible in what it supports. That does not mean that 0115 every possible combination of features makes sense though. 0116 0117 We strongly recommend against coming up with your own design made up 0118 of low-level cryptographic primitives (e.g. QCA::Hash, QCA::Cipher and 0119 similar features) and trying to use higher level capabilities. In particular, 0120 we recommend looking at QCA::TLS, QCA::SASL, QCA::CMS and QCA::OpenPGP 0121 as starting points. 0122 0123 When selecting a particular cryptographic feature, you should make sure 0124 that you understand what sort of threats your application is likely 0125 to be exposed to, and how that threat can be effectively countered. In 0126 addition, you should consider whether you can avoid adding cryptographic 0127 features directly to your application (e.g. for secure transport, you 0128 may be able to tunnel your application over SSH). 0129 0130 Also, you may need to look beyond %QCA for some security needs (e.g. 0131 for authentication, your situation may be more suited to using 0132 Kerberos than SASL or TLS). 0133 0134 \subsection intro-design Design 0135 0136 The architecture of %QCA is shown below: 0137 0138 \image html qca-arch.png "QCA Architecture" 0139 \image latex qca-arch.eps "QCA Architecture" width=\textwidth 0140 0141 Application authors normally only need to use the User API. The 0142 provider API is available for plugin authors, but can also 0143 be used by application authors to provide very specific capabilities. 0144 0145 For more information on the design of %QCA, you might like to review 0146 the \ref architecture description. 0147 0148 \section availability Availability 0149 0150 \subsection qca2code Releases 0151 0152 The latest release packages can be found in the 0153 <a href="https://download.kde.org/stable/qca/">%QCA 2.x download area</a>. 0154 0155 See the <a href="https://userbase.kde.org/QCA/">project web site</a> for 0156 further information about %QCA releases. 0157 0158 \subsection qca2dev Current development 0159 0160 The latest version of the code is available from the KDE Git server 0161 (there is no formal release of the current version at this time). 0162 Naturally you will need %Qt properly set up and configured in order 0163 to build and use %QCA. 0164 0165 The Git code can be browsed 0166 <a href="https://commits.kde.org/qca"> 0167 via the web</a> 0168 0169 Use 0170 \verbatim 0171 git clone https://invent.kde.org/libraries/qca.git 0172 \endverbatim 0173 to get the latest sources. 0174 */ 0175 0176 /** \page architecture Architecture 0177 0178 \note You don't need to understand any of this to use %QCA - it is 0179 documented for those who are curious, and for anyone planning to 0180 extend or modify %QCA. 0181 0182 The design of %QCA is based on the Bridge design pattern. The intent of 0183 the Bridge pattern is to "Decouple an abstraction from its 0184 implementation so that the two can vary independently." [Gamma et.al, 0185 pg 151]. 0186 0187 To understand how this decoupling works in the case of %QCA, is is 0188 easiest to look at an example - a cryptographic Hash. The API is 0189 pretty simple (although I've left out some parts that aren't required 0190 for this example): 0191 0192 \code 0193 class QCA_EXPORT Hash : public Algorithm, public BufferedComputation 0194 { 0195 public: 0196 Hash(const QString &type, const QString &provider); 0197 virtual void clear(); 0198 virtual void update(const QCA::SecureArray &a); 0199 virtual QCA::SecureArray final(); 0200 } 0201 \endcode 0202 0203 The implementation for the Hash class is almost as simple: 0204 0205 \code 0206 Hash::Hash(const QString &type, const QString &provider) 0207 :Algorithm(type, provider) 0208 { 0209 } 0210 0211 void Hash::clear() 0212 { 0213 static_cast<HashContext *>(context())->clear(); 0214 } 0215 0216 void Hash::update(const QCA::SecureArray &a) 0217 { 0218 static_cast<HashContext *>(context())->update(a); 0219 } 0220 0221 QCA::SecureArray Hash::final() 0222 { 0223 return static_cast<HashContext *>(context())->final(); 0224 } 0225 \endcode 0226 0227 The reason why it looks so simple is that the various methods in Hash 0228 just call out to equivalent routines in the context() object. The 0229 context comes from a call (getContext()) that is made as part of the 0230 Algorithm constructor. That getContext() call causes %QCA to work 0231 through the list of providers (generally plugins) that it knows about, 0232 looking for a provider that can produce the right kind of context (in 0233 this case, a HashContext). 0234 0235 The code for a HashContext doesn't need to be linked into %QCA - it can 0236 be varied in its implementation, including being changed at run-time. The 0237 application doesn't need to know how HashContext is implemented, because 0238 it just has to deal with the Hash class interface. In fact, HashContext 0239 may not be implemented, so the application should check (using 0240 QCA::isSupported()) before trying to use features that are implemented 0241 with plugins. 0242 0243 The code for one implementation (in this case, calling OpenSSL) is shown 0244 below. 0245 \code 0246 class opensslHashContext : public HashContext 0247 { 0248 public: 0249 opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type) 0250 { 0251 m_algorithm = algorithm; 0252 EVP_DigestInit( &m_context, m_algorithm ); 0253 }; 0254 0255 ~opensslHashContext() 0256 { 0257 EVP_MD_CTX_cleanup(&m_context); 0258 } 0259 0260 void clear() 0261 { 0262 EVP_MD_CTX_cleanup(&m_context); 0263 EVP_DigestInit( &m_context, m_algorithm ); 0264 } 0265 0266 void update(const QCA::SecureArray &a) 0267 { 0268 EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); 0269 } 0270 0271 QCA::SecureArray final() 0272 { 0273 QCA::SecureArray a( EVP_MD_size( m_algorithm ) ); 0274 EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); 0275 return a; 0276 } 0277 0278 Provider::Context *clone() const 0279 { 0280 return new opensslHashContext(*this); 0281 } 0282 0283 protected: 0284 const EVP_MD *m_algorithm; 0285 EVP_MD_CTX m_context; 0286 }; 0287 \endcode 0288 0289 This approach (using an Adapter pattern) is very common in %QCA backends, 0290 because the plugins are often based on existing libraries. 0291 0292 In addition to the various Context objects, each provider also has 0293 a parameterised Factory class that has a createContext() method, as 0294 shown below: 0295 \code 0296 Context *createContext(const QString &type) 0297 { 0298 //OpenSSL_add_all_digests(); 0299 if ( type == "sha1" ) 0300 return new opensslHashContext( EVP_sha1(), this, type); 0301 else if ( type == "sha0" ) 0302 return new opensslHashContext( EVP_sha(), this, type); 0303 else if ( type == "md5" ) 0304 return new opensslHashContext( EVP_md5(), this, type); 0305 else if ( type == "aes128-cfb" ) 0306 return new opensslCipherContext( EVP_aes_128_cfb(), 0, this, type); 0307 else if ( type == "aes128-cbc" ) 0308 return new opensslCipherContext( EVP_aes_128_cbc(), 0, this, type); 0309 else 0310 return 0; 0311 } 0312 \endcode 0313 0314 The resulting effect is that %QCA can ask the provider to provide an appropriate 0315 Context object without worrying about how it is implemented. 0316 0317 For features that are implemented with variable algorithms (for example, HashContext can 0318 support a wide range of algorithms - MD5, SHA0, and SHA1 in the example above; and 0319 CipherContext and MACContext can also do this), we need to be able to let applications 0320 determine which algorithms are supported. This is handled through the InfoContext class. 0321 A typical example is shown below: 0322 \code 0323 class opensslInfoContext : public InfoContext 0324 { 0325 Q_OBJECT 0326 public: 0327 opensslInfoContext(Provider *p) : InfoContext(p) 0328 { 0329 } 0330 0331 Context *clone() const 0332 { 0333 return new opensslInfoContext(*this); 0334 } 0335 0336 QStringList supportedHashTypes() const 0337 { 0338 QStringList list; 0339 list += "sha1"; 0340 list += "sha0"; 0341 list += "md5"; 0342 return list; 0343 } 0344 0345 // MAC and Cipher types can go in here 0346 }; 0347 \endcode 0348 0349 Note that InfoContext is itself a feature, so you have to add it to the createContext() 0350 method for the provider, as shown below: 0351 \code 0352 Context *createContext(const QString &type) 0353 { 0354 if ( type == "sha1" ) 0355 return new opensslHashContext( EVP_sha1(), this, type); 0356 else if ( type == "sha0" ) 0357 return new opensslHashContext( EVP_sha(), this, type); 0358 else if ( type == "md5" ) 0359 return new opensslHashContext( EVP_md5(), this, type); 0360 else if ( type == "info" ) 0361 return new opensslInfoContext( this ); 0362 else 0363 return 0; 0364 } 0365 \endcode 0366 0367 */ 0368 0369 /** \page providers Providers 0370 0371 %QCA works on the concept of a "provider". There is a limited 0372 internal provider (named "default"), but most of the work is 0373 done in plugin modules. 0374 0375 The logic to selection of a provider is fairly simple. The user can 0376 specify a provider name - if that name exists, and the provider supports 0377 the requested feature, then the named provider is used. If that 0378 didn't work, then the available plugins are searched (based on a 0379 priority order) for the requested feature. If that doesn't work, 0380 then the default provider is searched for the requested feature. 0381 0382 So the only way to get the default provider is to either have no other support 0383 whatsoever, or to specify the default provider directly (this goes for the 0384 algorithm constructors as well as setGlobalRNG()). 0385 0386 You can add your own provider in two ways - as a shared object plugin, 0387 and as a part of the client code. 0388 0389 The shared object plugin needs to be able to be found using the 0390 built-in scan logic - this normally means you need to install it into 0391 the plugins/crypto subdirectory within the directory that Qt is 0392 installed to. This will make it available for all applications. 0393 0394 If you have a limited application domain (such as a specialist 0395 algorithm, or a need to be bug-compatible), you may find it easier to 0396 create a client-side provider, and add it using the 0397 QCA::insertProvider call. There is an example of this - see 0398 <a href="aes-cmac_8cpp-example.html">the AES-CMAC example</a>. 0399 */ 0400