blob: f6bfdbc7cf2171cb081b501a8a551b9e513d38b0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
// Copyright (C) 2018 The Qt Company Ltd.
// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
#ifndef QTLS_SCHANNEL_P_H
#define QTLS_SCHANNEL_P_H
//
// W A R N I N G
// -------------
//
// This file is not part of the Qt API. It exists purely as an
// implementation detail. This header file may change from version to
// version without notice, or even be removed.
//
// We mean it.
//
#include <QtNetwork/private/qtnetworkglobal_p.h>
QT_REQUIRE_CONFIG(schannel);
#include "../shared/qwincrypt_p.h"
#include "qtlsbackend_schannel_p.h"
#include <QtNetwork/private/qsslsocket_p.h>
#define SECURITY_WIN32
#define SCHANNEL_USE_BLACKLISTS 1
#include <winternl.h> // needed for UNICODE defines
#include <security.h>
#include <schnlsp.h>
#undef SCHANNEL_USE_BLACKLISTS
#undef SECURITY_WIN32
QT_BEGIN_NAMESPACE
namespace QTlsPrivate {
class TlsCryptographSchannel final : public TlsCryptograph
{
Q_DISABLE_COPY_MOVE(TlsCryptographSchannel)
public:
TlsCryptographSchannel();
~TlsCryptographSchannel();
void init(QSslSocket *q, QSslSocketPrivate *d) override;
void startClientEncryption() override;
void startServerEncryption() override;
void transmit() override;
void disconnectFromHost() override;
void disconnected() override;
QSslCipher sessionCipher() const override;
QSsl::SslProtocol sessionProtocol() const override;
void continueHandshake() override;
QList<QSslError> tlsErrors() const override;
private:
enum class SchannelState {
InitializeHandshake, // create and transmit context (client)/accept context (server)
PerformHandshake, // get token back, process it
VerifyHandshake, // Verify that things are OK
Done, // Connection encrypted!
Renegotiate // Renegotiating!
} schannelState = SchannelState::InitializeHandshake;
void reset();
bool acquireCredentialsHandle();
ULONG getContextRequirements();
bool createContext(); // for clients
bool acceptContext(); // for server
bool performHandshake();
bool verifyHandshake();
bool renegotiate();
bool sendToken(void *token, unsigned long tokenLength, bool emitError = true);
QString targetName() const;
bool checkSslErrors();
void deallocateContext();
void freeCredentialsHandle();
void closeCertificateStores();
void sendShutdown();
void initializeCertificateStores();
bool verifyCertContext(CERT_CONTEXT *certContext);
bool rootCertOnDemandLoadingAllowed();
bool hasUndecryptedData() const override { return intermediateBuffer.size() > 0; }
QSslSocket *q = nullptr;
QSslSocketPrivate *d = nullptr;
SecPkgContext_ConnectionInfo connectionInfo = {};
SecPkgContext_StreamSizes streamSizes = {};
CredHandle credentialHandle; // Initialized in ctor
CtxtHandle contextHandle; // Initialized in ctor
QByteArray intermediateBuffer; // data which is left-over or incomplete
QHCertStorePointer localCertificateStore = nullptr;
QHCertStorePointer peerCertificateStore = nullptr;
QHCertStorePointer caCertificateStore = nullptr;
const CERT_CONTEXT *localCertContext = nullptr;
ULONG contextAttributes = 0;
qint64 missingData = 0;
bool renegotiating = false;
bool shutdown = false;
QList<QSslError> sslErrors;
};
} // namespace QTlsPrivate
QT_END_NAMESPACE
#endif // QTLS_SCHANNEL_P_H
|