Warning, /libraries/qca/Mainpage.dox is written in an unsupported language. File is not indexed.

0001 /**
0002    \mainpage Qt Cryptographic Architecture
0003 
0004    Taking a hint from the similarly-named
0005    <a href="http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html">Java
0006    Cryptography Architecture</a>, %QCA aims to provide a
0007    straightforward and cross-platform cryptographic API, using Qt
0008    datatypes and conventions.  %QCA separates the API from the
0009    implementation, using plugins known as Providers.  The advantage
0010    of this model is to allow applications to avoid linking to or
0011    explicitly depending on any particular cryptographic library.
0012    This allows one to easily change or upgrade Provider
0013    implementations without even needing to recompile the
0014    application!
0015 
0016    %QCA should work everywhere %Qt does, including Windows/Unix/MacOSX. This
0017    version of %QCA is for Qt4 or Qt5, and requires no Qt3 compatibility code.
0018 
0019    \section features Features
0020 
0021    This library provides an easy API for the following features:
0022      - Secure byte arrays (QCA::SecureArray)
0023      - Arbitrary precision integers (QCA::BigInteger)
0024      - Random number generation (QCA::Random)
0025      - SSL/TLS (QCA::TLS)
0026      - X509 certificates (QCA::Certificate and QCA::CertificateCollection)
0027      - X509 certificate revocation lists (QCA::CRL)
0028      - Built-in support for operating system certificate root storage (QCA::systemStore)
0029      - Simple Authentication and Security Layer (SASL) (QCA::SASL)
0030      - Cryptographic Message Syntax (e.g., for S/MIME) (QCA::CMS)
0031      - PGP messages (QCA::OpenPGP)
0032      - Unified PGP/CMS API (QCA::SecureMessage)
0033      - Subsystem for managing Smart Cards and PGP keyrings (QCA::KeyStore)
0034      - Simple but flexible logging system (QCA::Logger)
0035      - RSA (QCA::RSAPrivateKey and QCA::RSAPublicKey)
0036      - DSA (QCA::DSAPrivateKey and QCA::DSAPublicKey)
0037      - Diffie-Hellman (QCA::DHPrivateKey and QCA::DHPublicKey)
0038      - Hashing (QCA::Hash) with
0039          - SHA-0
0040          - SHA-1
0041          - MD2
0042          - MD4
0043          - MD5
0044          - RIPEMD160
0045          - SHA-224
0046          - SHA-256
0047          - SHA-384
0048          - SHA-512
0049          - Whirlpool
0050      - Ciphers (QCA::Cipher) using
0051          - BlowFish
0052          - Triple DES
0053          - DES
0054          - AES (128, 192 and 256 bit)
0055          - CAST5 (also known as CAST-128)
0056      - Message Authentication Code (QCA::MessageAuthenticationCode), using
0057          - HMAC with SHA-1
0058          - HMAC with MD5
0059          - HMAC with RIPEMD160
0060          - HMAC with SHA-224
0061          - HMAC with SHA-256
0062          - HMAC with SHA-384
0063          - HMAC with SHA-512
0064      - Encoding and decoding of hexadecimal (QCA::Hex) and 
0065      Base64 (QCA::Base64) strings.
0066   
0067    Functionality is supplied via plugins.  This is useful for avoiding
0068    dependence on a particular crypto library and makes upgrading easier,
0069    as there is no need to recompile your application when adding or
0070    upgrading a crypto plugin.  Also, by pushing crypto functionality into
0071    plugins, your application is free of legal issues, such as export
0072    regulation.
0073  
0074    And of course, you get a very simple crypto API for Qt, where you can
0075    do things like:
0076    \code
0077    QString hash = QCA::Hash("sha1").hashToString(blockOfData);
0078    \endcode
0079 
0080    \section using Using QCA
0081 
0082    The application simply includes &lt;QtCrypto> and links to
0083    libqca, which provides the 'wrapper API' and plugin loader.  Crypto
0084    functionality is determined during runtime, and plugins are loaded
0085    from the 'crypto' subfolder of the %Qt library paths. There are <a
0086    href="examples.html">additional examples available</a>.
0087 
0088    \subsection tute1 Introduction
0089 
0090    Using %QCA is much like using Qt, and if you are familiar with
0091    Qt, then it should feel "natural". There are a few things you
0092    do need to know though, to build reliable applications:
0093    - %QCA needs to be initialized before you use any class that
0094      requires plugin support, or uses secure memory. That is most
0095      of %QCA, so you should assume that you need to perform 
0096      initialization. The easiest way to do this is to instantiate
0097      a QCA::Initializer object and ensure it is not deleted (or
0098      allowed to go out of scope) until you have finished using 
0099      %QCA.
0100    - Most features/algorithms are provided by plugins/\ref providers.
0101      You should check that the required feature is actually 
0102      available (using QCA::isSupported()) before trying to create
0103      it. If you try to create a class and suitable provider support
0104      is not available, you will get back a null object, and when
0105      you try to use one of the methods, your application will
0106      segfault. Also, for features that take algorithm names (e.g.
0107      QCA::Hash, which takes the name of the hashing algorithm such
0108      as "md5" or "sha256"), the name is looked up at run-time, so
0109      if you make a typographical error (e.g. "md56") it will compile
0110      correctly, but segfault at run-time.
0111 
0112    \subsection tute2 Thoughts on security
0113 
0114    %QCA tries to be flexible in what it supports. That does not mean that
0115    every possible combination of features makes sense though. 
0116 
0117    We strongly recommend against coming up with your own design made up
0118    of low-level cryptographic primitives (e.g. QCA::Hash, QCA::Cipher and
0119    similar features) and trying to use higher level capabilities. In particular,
0120    we recommend looking at QCA::TLS, QCA::SASL, QCA::CMS and QCA::OpenPGP
0121    as starting points. 
0122 
0123    When selecting a particular cryptographic feature, you should make sure
0124    that you understand what sort of threats your application is likely
0125    to be exposed to, and how that threat can be effectively countered. In 
0126    addition, you should consider whether you can avoid adding cryptographic
0127    features directly to your application (e.g. for secure transport, you
0128    may be able to tunnel your application over SSH).
0129 
0130    Also, you may need to look beyond %QCA for some security needs (e.g.
0131    for authentication, your situation may be more suited to using 
0132    Kerberos than SASL or TLS).
0133 
0134    \subsection intro-design Design
0135 
0136    The architecture of %QCA is shown below:
0137 
0138    \image html qca-arch.png "QCA Architecture"
0139    \image latex qca-arch.eps "QCA Architecture" width=\textwidth
0140 
0141    Application authors normally only need to use the User API. The
0142    provider API is available for plugin authors, but can also
0143    be used by application authors to provide very specific capabilities.
0144 
0145    For more information on the design of %QCA, you might like to review
0146    the \ref architecture description.
0147  
0148    \section availability Availability
0149 
0150    \subsection qca2code Releases
0151 
0152    The latest release packages can be found in the
0153    <a href="https://download.kde.org/stable/qca/">%QCA 2.x download area</a>.
0154 
0155    See the <a href="https://userbase.kde.org/QCA/">project web site</a> for
0156    further information about %QCA releases.
0157 
0158    \subsection qca2dev Current development
0159 
0160    The latest version of the code is available from the KDE Git server
0161    (there is no formal release of the current version at this time).
0162    Naturally you will need %Qt properly set up and configured in order
0163    to build and use %QCA.
0164 
0165    The Git code can be browsed
0166    <a href="https://commits.kde.org/qca">
0167    via the web</a>
0168 
0169    Use
0170    \verbatim
0171    git clone https://invent.kde.org/libraries/qca.git
0172    \endverbatim
0173    to get the latest sources.
0174  */
0175 
0176 /** \page architecture Architecture
0177 
0178 \note You don't need to understand any of this to use %QCA - it is
0179 documented for those who are curious, and for anyone planning to
0180 extend or modify %QCA.
0181 
0182 The design of %QCA is based on the Bridge design pattern. The intent of
0183 the Bridge pattern is to "Decouple an abstraction from its
0184 implementation so that the two can vary independently." [Gamma et.al,
0185 pg 151].
0186 
0187 To understand how this decoupling works in the case of %QCA, is is
0188 easiest to look at an example - a cryptographic Hash. The API is
0189 pretty simple (although I've left out some parts that aren't required
0190 for this example):
0191 
0192 \code
0193 class QCA_EXPORT Hash : public Algorithm, public BufferedComputation
0194 {
0195 public:
0196     Hash(const QString &type, const QString &provider);
0197     virtual void clear();
0198     virtual void update(const QCA::SecureArray &a);
0199     virtual QCA::SecureArray final();
0200 }
0201 \endcode
0202 
0203 The implementation for the Hash class is almost as simple:
0204 
0205 \code
0206 Hash::Hash(const QString &type, const QString &provider)
0207 :Algorithm(type, provider)
0208 {
0209 }
0210 
0211 void Hash::clear()
0212 {
0213         static_cast<HashContext *>(context())->clear();
0214 }
0215 
0216 void Hash::update(const QCA::SecureArray &a)
0217 {
0218         static_cast<HashContext *>(context())->update(a);
0219 }
0220 
0221 QCA::SecureArray Hash::final()
0222 {
0223         return static_cast<HashContext *>(context())->final();
0224 }
0225 \endcode
0226 
0227 The reason why it looks so simple is that the various methods in Hash
0228 just call out to equivalent routines in the context() object. The
0229 context comes from a call (getContext()) that is made as part of the
0230 Algorithm constructor. That getContext() call causes %QCA to work
0231 through the list of providers (generally plugins) that it knows about,
0232 looking for a provider that can produce the right kind of context (in
0233 this case, a HashContext).
0234 
0235   The code for a HashContext doesn't need to be linked into %QCA - it can
0236 be varied in its implementation, including being changed at run-time. The
0237 application doesn't need to know how HashContext is implemented, because
0238   it just has to deal with the Hash class interface. In fact, HashContext
0239   may not be implemented, so the application should check (using 
0240   QCA::isSupported()) before trying to use features that are implemented
0241 with plugins.
0242 
0243   The code for one implementation (in this case, calling OpenSSL) is shown
0244 below. 
0245 \code
0246 class opensslHashContext : public HashContext
0247 {
0248 public:
0249     opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
0250     {
0251         m_algorithm = algorithm;
0252         EVP_DigestInit( &m_context, m_algorithm );
0253     };
0254 
0255     ~opensslHashContext()
0256     {
0257         EVP_MD_CTX_cleanup(&m_context);
0258     }
0259 
0260     void clear()
0261     {
0262         EVP_MD_CTX_cleanup(&m_context);
0263         EVP_DigestInit( &m_context, m_algorithm );
0264     }
0265 
0266     void update(const QCA::SecureArray &a)
0267     {
0268         EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
0269     }
0270 
0271     QCA::SecureArray final()
0272     {
0273         QCA::SecureArray a( EVP_MD_size( m_algorithm ) );
0274         EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
0275         return a;
0276     }
0277 
0278     Provider::Context *clone() const
0279     {
0280         return new opensslHashContext(*this);
0281     }
0282 
0283 protected:
0284     const EVP_MD *m_algorithm;
0285     EVP_MD_CTX m_context;
0286 };
0287 \endcode
0288 
0289 This approach (using an Adapter pattern) is very common in %QCA backends,
0290 because the plugins are often based on existing libraries.
0291 
0292   In addition to the various Context objects, each provider also has
0293   a parameterised Factory class that has a createContext() method, as
0294   shown below:
0295 \code
0296         Context *createContext(const QString &type)
0297         {
0298                 //OpenSSL_add_all_digests();
0299                 if ( type == "sha1" )
0300                         return new opensslHashContext( EVP_sha1(), this, type);
0301                 else if ( type == "sha0" )
0302                         return new opensslHashContext( EVP_sha(), this, type);
0303                 else if ( type == "md5" )
0304                         return new opensslHashContext( EVP_md5(), this, type);
0305                 else if ( type == "aes128-cfb" )
0306                         return new opensslCipherContext( EVP_aes_128_cfb(), 0, this, type);
0307                 else if ( type == "aes128-cbc" )
0308                         return new opensslCipherContext( EVP_aes_128_cbc(), 0, this, type);
0309                 else
0310                         return 0;
0311         }
0312 \endcode
0313 
0314 The resulting effect is that %QCA can ask the provider to provide an appropriate
0315 Context object without worrying about how it is implemented.
0316 
0317 For features that are implemented with variable algorithms (for example, HashContext can
0318 support a wide range of algorithms - MD5, SHA0, and SHA1 in the example above; and
0319 CipherContext and MACContext can also do this), we need to be able to let applications
0320 determine which algorithms are supported. This is handled through the InfoContext class.
0321 A typical example is shown below:
0322 \code
0323         class opensslInfoContext : public InfoContext
0324         {
0325                 Q_OBJECT
0326         public:
0327                 opensslInfoContext(Provider *p) : InfoContext(p)
0328                 {
0329                 }
0330 
0331                 Context *clone() const
0332                 {
0333                         return new opensslInfoContext(*this);
0334                 }
0335 
0336                 QStringList supportedHashTypes() const
0337                 {
0338                         QStringList list;
0339                         list += "sha1";
0340                         list += "sha0";
0341                         list += "md5";
0342                         return list;
0343                 }
0344 
0345                 // MAC and Cipher types can go in here
0346         };
0347 \endcode
0348 
0349 Note that InfoContext is itself a feature, so you have to add it to the createContext()
0350 method for the provider, as shown below:
0351 \code
0352         Context *createContext(const QString &type)
0353         {
0354                 if ( type == "sha1" )
0355                         return new opensslHashContext( EVP_sha1(), this, type);
0356                 else if ( type == "sha0" )
0357                         return new opensslHashContext( EVP_sha(), this, type);
0358                 else if ( type == "md5" )
0359                         return new opensslHashContext( EVP_md5(), this, type);
0360                 else if ( type == "info" )
0361                         return new opensslInfoContext( this );
0362                 else
0363                         return 0;
0364         }
0365 \endcode
0366 
0367 */
0368 
0369 /** \page providers Providers
0370 
0371 %QCA works on the concept of a "provider". There is a limited
0372 internal provider (named "default"), but most of the work is
0373 done in plugin modules.
0374 
0375 The logic to selection of a provider is fairly simple. The user can 
0376 specify a provider name - if that name exists, and the provider supports
0377 the requested feature, then the named provider is used. If that
0378 didn't work, then the available plugins are searched (based on a
0379 priority order) for the requested feature. If that doesn't work,
0380 then the default provider is searched for the requested feature.
0381 
0382 So the only way to get the default provider is to either have no other support
0383 whatsoever, or to specify the default provider directly (this goes for the
0384 algorithm constructors as well as setGlobalRNG()).
0385 
0386 You can add your own provider in two ways - as a shared object plugin,
0387 and as a part of the client code.
0388 
0389 The shared object plugin needs to be able to be found using the
0390 built-in scan logic - this normally means you need to install it into
0391 the plugins/crypto subdirectory within the directory that Qt is
0392 installed to. This will make it available for all applications.
0393 
0394 If you have a limited application domain (such as a specialist
0395 algorithm, or a need to be bug-compatible), you may find it easier to
0396 create a client-side provider, and add it using the
0397 QCA::insertProvider call. There is an example of this - see
0398 <a href="aes-cmac_8cpp-example.html">the AES-CMAC example</a>.
0399 */
0400