db/d44/qsslsocket__qt_8cpp_source.html

// Copyright (C) 2014 Jeremy Lainé <jeremy.laine@m4x.org>

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only


#include "qasn1element_p.h"


#include <QtCore/qbytearray.h>

#include <QtCore/qdatastream.h>

#include <QtCore/qmessageauthenticationcode.h>

#include <QtCore/qrandom.h>


#include <QtNetwork/private/qsslsocket_p.h>

#include <QtNetwork/private/qsslkey_p.h>


QT_BEGIN_NAMESPACE


/*

    PKCS12 helpers.

*/


static QAsn1Element wrap(quint8 type, const QAsn1Element &child)

{

    QByteArray value;

    QDataStream stream(&value, QIODevice::WriteOnly);

    child.write(stream);

    return QAsn1Element(type, value);

}


static QAsn1Element _q_PKCS7_data(const QByteArray &data)

{

    QList<QAsn1Element> items;

    items << QAsn1Element::fromObjectId("1.2.840.113549.1.7.1");

    items << wrap(QAsn1Element::Context0Type,

                  QAsn1Element(QAsn1Element::OctetStringType, data));

    return QAsn1Element::fromVector(items);

}


static QByteArray _q_PKCS12_keygen(char id, const QByteArray &salt, const QString &passPhrase, int n, int r)

{

    const int u = 20;

    const int v = 64;


    // password formatting

    QByteArray passUnicode(passPhrase.size() * 2 + 2, '\0');

    char *p = passUnicode.data();

    for (int i = 0; i < passPhrase.size(); ++i) {

        quint16 ch = passPhrase[i].unicode();

        *(p++) = (ch & 0xff00) >> 8;

        *(p++) = (ch & 0xff);

    }


    // prepare I

    QByteArray D(64, id);

    QByteArray S, P;

    const int sSize = v * ((salt.size() + v - 1) / v);

    S.resize(sSize);

    for (int i = 0; i < sSize; ++i)

        S[i] = salt[i % salt.size()];

    const int pSize = v * ((passUnicode.size() + v - 1) / v);

    P.resize(pSize);

    for (int i = 0; i < pSize; ++i)

        P[i] = passUnicode[i % passUnicode.size()];

    QByteArray I = S + P;


    // apply hashing

    const int c = (n + u - 1) / u;

    QByteArray A;

    QByteArray B;

    B.resize(v);

    for (int i = 0; i < c; ++i) {

        // hash r iterations

        QByteArray Ai = D + I;

        for (int j = 0; j < r; ++j)

            Ai = QCryptographicHash::hash(Ai, QCryptographicHash::Sha1);


        for (int j = 0; j < v; ++j)

            B[j] = Ai[j % u];


        // modify I as Ij = (Ij + B + 1) modulo 2^v

        for (int p = 0; p < I.size(); p += v) {

            quint8 carry = 1;

            for (int j = v - 1; j >= 0; --j) {

                quint16 v = quint8(I[p + j]) + quint8(B[j]) + carry;

                I[p + j] = v & 0xff;

                carry = (v & 0xff00) >> 8;

            }

        }

        A += Ai;

    }

    return A.left(n);

}


static QByteArray _q_PKCS12_salt()

{

    QByteArray salt;

    salt.resize(8);

    for (int i = 0; i < salt.size(); ++i)

        salt[i] = (QRandomGenerator::global()->generate() & 0xff);

    return salt;

}


static QByteArray _q_PKCS12_certBag(const QSslCertificate &cert)

{

    QList<QAsn1Element> items;

    items << QAsn1Element::fromObjectId("1.2.840.113549.1.12.10.1.3");


    // certificate

    QList<QAsn1Element> certItems;

    certItems << QAsn1Element::fromObjectId("1.2.840.113549.1.9.22.1");

    certItems << wrap(QAsn1Element::Context0Type,

                      QAsn1Element(QAsn1Element::OctetStringType, cert.toDer()));

    items << wrap(QAsn1Element::Context0Type,

                  QAsn1Element::fromVector(certItems));


    // local key id

    const QByteArray localKeyId = cert.digest(QCryptographicHash::Sha1);

    QList<QAsn1Element> idItems;

    idItems << QAsn1Element::fromObjectId("1.2.840.113549.1.9.21");

    idItems << wrap(QAsn1Element::SetType,

                    QAsn1Element(QAsn1Element::OctetStringType, localKeyId));

    items << wrap(QAsn1Element::SetType, QAsn1Element::fromVector(idItems));


    // dump

    QAsn1Element root = wrap(QAsn1Element::SequenceType, QAsn1Element::fromVector(items));

    QByteArray ba;

    QDataStream stream(&ba, QIODevice::WriteOnly);

    root.write(stream);

    return ba;

}


static QAsn1Element _q_PKCS12_key(const QSslKey &key)

{

    Q_ASSERT(key.algorithm() == QSsl::Rsa || key.algorithm() == QSsl::Dsa);


    QList<QAsn1Element> keyItems;

    keyItems << QAsn1Element::fromInteger(0);

    QList<QAsn1Element> algoItems;

    if (key.algorithm() == QSsl::Rsa)

        algoItems << QAsn1Element::fromObjectId(RSA_ENCRYPTION_OID);

    else if (key.algorithm() == QSsl::Dsa)

        algoItems << QAsn1Element::fromObjectId(DSA_ENCRYPTION_OID);

    algoItems << QAsn1Element(QAsn1Element::NullType);

    keyItems << QAsn1Element::fromVector(algoItems);

    keyItems << QAsn1Element(QAsn1Element::OctetStringType, key.toDer());

    return QAsn1Element::fromVector(keyItems);

}


static QByteArray _q_PKCS12_shroudedKeyBag(const QSslKey &key, const QString &passPhrase, const QByteArray &localKeyId)

{

    const int iterations = 2048;

    QByteArray salt = _q_PKCS12_salt();

    QByteArray cKey = _q_PKCS12_keygen(1, salt, passPhrase, 24, iterations);

    QByteArray cIv = _q_PKCS12_keygen(2, salt, passPhrase, 8, iterations);


    // prepare and encrypt data

    QByteArray plain;

    QDataStream plainStream(&plain, QIODevice::WriteOnly);

    _q_PKCS12_key(key).write(plainStream);

    QByteArray crypted = QSslKeyPrivate::encrypt(QTlsPrivate::Cipher::DesEde3Cbc,

                                                 plain, cKey, cIv);


    QList<QAsn1Element> items;

    items << QAsn1Element::fromObjectId("1.2.840.113549.1.12.10.1.2");


    // key

    QList<QAsn1Element> keyItems;

    QList<QAsn1Element> algoItems;

    algoItems << QAsn1Element::fromObjectId("1.2.840.113549.1.12.1.3");

    QList<QAsn1Element> paramItems;

    paramItems << QAsn1Element(QAsn1Element::OctetStringType, salt);

    paramItems << QAsn1Element::fromInteger(iterations);

    algoItems << QAsn1Element::fromVector(paramItems);

    keyItems << QAsn1Element::fromVector(algoItems);

    keyItems << QAsn1Element(QAsn1Element::OctetStringType, crypted);

    items << wrap(QAsn1Element::Context0Type,

                  QAsn1Element::fromVector(keyItems));


    // local key id

    QList<QAsn1Element> idItems;

    idItems << QAsn1Element::fromObjectId("1.2.840.113549.1.9.21");

    idItems << wrap(QAsn1Element::SetType,

                    QAsn1Element(QAsn1Element::OctetStringType, localKeyId));

    items << wrap(QAsn1Element::SetType,

                  QAsn1Element::fromVector(idItems));


    // dump

    QAsn1Element root = wrap(QAsn1Element::SequenceType, QAsn1Element::fromVector(items));

    QByteArray ba;

    QDataStream stream(&ba, QIODevice::WriteOnly);

    root.write(stream);

    return ba;

}


static QByteArray _q_PKCS12_bag(const QList<QSslCertificate> &certs, const QSslKey &key, const QString &passPhrase)

{

    QList<QAsn1Element> items;


    // certs

    for (int i = 0; i < certs.size(); ++i)

        items << _q_PKCS7_data(_q_PKCS12_certBag(certs[i]));


    // key

    if (!key.isNull()) {

        const QByteArray localKeyId = certs.first().digest(QCryptographicHash::Sha1);

        items << _q_PKCS7_data(_q_PKCS12_shroudedKeyBag(key, passPhrase, localKeyId));

    }


    // dump

    QAsn1Element root = QAsn1Element::fromVector(items);

    QByteArray ba;

    QDataStream stream(&ba, QIODevice::WriteOnly);

    root.write(stream);

    return ba;

}


static QAsn1Element _q_PKCS12_mac(const QByteArray &data, const QString &passPhrase)

{

    const int iterations = 2048;


    // salt generation

    QByteArray macSalt = _q_PKCS12_salt();

    QByteArray key = _q_PKCS12_keygen(3, macSalt, passPhrase, 20, iterations);


    // HMAC calculation

    QMessageAuthenticationCode hmac(QCryptographicHash::Sha1, key);

    hmac.addData(data);


    QList<QAsn1Element> algoItems;

    algoItems << QAsn1Element::fromObjectId("1.3.14.3.2.26");

    algoItems << QAsn1Element(QAsn1Element::NullType);


    QList<QAsn1Element> digestItems;

    digestItems << QAsn1Element::fromVector(algoItems);

    digestItems << QAsn1Element(QAsn1Element::OctetStringType, hmac.result());


    QList<QAsn1Element> macItems;

    macItems << QAsn1Element::fromVector(digestItems);

    macItems << QAsn1Element(QAsn1Element::OctetStringType, macSalt);

    macItems << QAsn1Element::fromInteger(iterations);

    return QAsn1Element::fromVector(macItems);

}


QByteArray _q_makePkcs12(const QList<QSslCertificate> &certs, const QSslKey &key, const QString &passPhrase)

{

    QList<QAsn1Element> items;


    // version

    items << QAsn1Element::fromInteger(3);


    // auth safe

    const QByteArray data = _q_PKCS12_bag(certs, key, passPhrase);

    items << _q_PKCS7_data(data);


    // HMAC

    items << _q_PKCS12_mac(data, passPhrase);


    // dump

    QAsn1Element root = QAsn1Element::fromVector(items);

    QByteArray ba;

    QDataStream stream(&ba, QIODevice::WriteOnly);

    root.write(stream);

    return ba;

}


QT_END_NAMESPACE

QAsn1Element
Definition qasn1element_p.h:83

QAsn1Element::SetType
@ SetType
Definition qasn1element_p.h:99

QAsn1Element::NullType
@ NullType
Definition qasn1element_p.h:91

QAsn1Element::OctetStringType
@ OctetStringType
Definition qasn1element_p.h:90

QAsn1Element::SequenceType
@ SequenceType
Definition qasn1element_p.h:98

QAsn1Element::Context0Type
@ Context0Type
Definition qasn1element_p.h:108

QAsn1Element::fromVector
static QAsn1Element fromVector(const QList< QAsn1Element > &items)
Definition qasn1element.cpp:161

QAsn1Element::fromObjectId
static QAsn1Element fromObjectId(const QByteArray &id)
Definition qasn1element.cpp:171

QAsn1Element::write
void write(QDataStream &data) const
Definition qasn1element.cpp:117

QAsn1Element::fromInteger
static QAsn1Element fromInteger(unsigned int val)
Definition qasn1element.cpp:150

QByteArray
\inmodule QtCore
Definition qbytearray.h:57

QByteArray::resize
void resize(qsizetype size)
Sets the size of the byte array to size bytes.
Definition qbytearray.cpp:1880

QCryptographicHash::Sha1
@ Sha1
Definition qcryptographichash.h:27

QCryptographicHash::hash
static QByteArray hash(QByteArrayView data, Algorithm method)
Returns the hash of data using method.
Definition qcryptographichash.cpp:1157

QDataStream
\inmodule QtCore\reentrant
Definition qdatastream.h:46

QIODeviceBase::WriteOnly
@ WriteOnly
Definition qiodevicebase.h:19

QMessageAuthenticationCode
\inmodule QtCore
Definition qmessageauthenticationcode.h:17

QRandomGenerator::global
static Q_DECL_CONST_FUNCTION QRandomGenerator * global()
\threadsafe
Definition qrandom.h:275

QSslCertificate
The QSslCertificate class provides a convenient API for an X509 certificate.
Definition qsslcertificate.h:35

QSslKeyPrivate::encrypt
static Q_NETWORK_EXPORT QByteArray encrypt(Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv)
Definition qsslkey_p.cpp:87

QSslKey
The QSslKey class provides an interface for private and public keys.
Definition qsslkey.h:23

QString
\macro QT_RESTRICTED_CAST_FROM_ASCII
Definition qstring.h:129

j
int j
Definition doc_src_containers.cpp:275

i
i
[1]
Definition doc_src_containers.cpp:169

QSsl::Rsa
@ Rsa
Definition qssl.h:36

QSsl::Dsa
@ Dsa
Definition qssl.h:37

QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qstandardpaths_haiku.cpp:21

QT_END_NAMESPACE
Definition qsharedpointer.cpp:1590

QTlsPrivate::Cipher::DesEde3Cbc
@ DesEde3Cbc

qasn1element_p.h

DSA_ENCRYPTION_OID
#define DSA_ENCRYPTION_OID
Definition qasn1element_p.h:29

RSA_ENCRYPTION_OID
#define RSA_ENCRYPTION_OID
Definition qasn1element_p.h:28

stream
EGLStreamKHR stream
Definition qeglstreamconvenience_p.h:67

value
EGLOutputLayerEXT EGLint EGLAttrib value
[5]
Definition qeglstreamconvenience_p.h:46

A
n varying highp vec2 A
Definition qopenglengineshadersource_p.h:204

v
GLsizei const GLfloat * v
[13]
Definition qopengles2ext.h:788

key
GLuint64 key
Definition qopengles2ext.h:2268

r
GLboolean r
[2]
Definition qopengles2ext.h:337

data
GLint GLsizei GLsizei GLenum GLenum GLsizei void * data
Definition qopengles2ext.h:206

type
GLenum type
Definition qopengles2ext.h:150

n
GLfloat n
Definition qopengles2ext.h:795

c
const GLubyte * c
Definition qopenglext.h:12701

p
GLfloat GLfloat p
[1]
Definition qopenglext.h:12698

Q_ASSERT
#define Q_ASSERT(cond)
Definition qrandom.cpp:47

B
#define B
Definition qssgrenderloadedtexture.cpp:350

_q_PKCS12_salt
static QByteArray _q_PKCS12_salt()
Definition qsslsocket_qt.cpp:99

_q_PKCS7_data
static QAsn1Element _q_PKCS7_data(const QByteArray &data)
Definition qsslsocket_qt.cpp:28

_q_makePkcs12
QByteArray _q_makePkcs12(const QList< QSslCertificate > &certs, const QSslKey &key, const QString &passPhrase)
Definition qsslsocket_qt.cpp:249

_q_PKCS12_bag
static QByteArray _q_PKCS12_bag(const QList< QSslCertificate > &certs, const QSslKey &key, const QString &passPhrase)
Definition qsslsocket_qt.cpp:200

_q_PKCS12_certBag
static QByteArray _q_PKCS12_certBag(const QSslCertificate &cert)
Definition qsslsocket_qt.cpp:108

_q_PKCS12_shroudedKeyBag
static QByteArray _q_PKCS12_shroudedKeyBag(const QSslKey &key, const QString &passPhrase, const QByteArray &localKeyId)
Definition qsslsocket_qt.cpp:154

_q_PKCS12_mac
static QAsn1Element _q_PKCS12_mac(const QByteArray &data, const QString &passPhrase)
Definition qsslsocket_qt.cpp:222

_q_PKCS12_keygen
static QByteArray _q_PKCS12_keygen(char id, const QByteArray &salt, const QString &passPhrase, int n, int r)
PKCS #12 key derivation.
Definition qsslsocket_qt.cpp:44

_q_PKCS12_key
static QAsn1Element _q_PKCS12_key(const QSslKey &key)
Definition qsslsocket_qt.cpp:137

wrap
static QT_BEGIN_NAMESPACE QAsn1Element wrap(quint8 type, const QAsn1Element &child)
Definition qsslsocket_qt.cpp:20

quint16
unsigned short quint16
Definition qtypes.h:48

quint8
unsigned char quint8
Definition qtypes.h:46

ba
QByteArray ba
[0]
Definition src_corelib_io_qdebug.cpp:31

ch
char ch
Definition src_corelib_io_qtextstream.cpp:30

items
QList< QTreeWidgetItem * > items
Definition src_gui_itemviews_qtreewidget.cpp:7

child
QLayoutItem * child
[0]
Definition src_gui_kernel_qlayout.cpp:25

cert
QList< QSslCertificate > cert
[0]
Definition src_network_access_qnetworkreply.cpp:7

certs
const auto certs
[1]
Definition src_network_ssl_qsslcertificate.cpp:5