You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
6.3 KiB
184 lines
6.3 KiB
/* This file is part of the TDE libraries
|
|
Copyright (C) 2015 Timothy Pearson <kb9vqf@pearsoncomputing.net>
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Library General Public
|
|
License version 2 as published by the Free Software Foundation.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Library General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Library General Public License
|
|
along with this library; see the file COPYING.LIB. If not, write to
|
|
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
|
|
Boston, MA 02110-1301, USA.
|
|
*/
|
|
|
|
#ifndef _TDECRYPTOGRAPHICCARDDEVICE_H
|
|
#define _TDECRYPTOGRAPHICCARDDEVICE_H
|
|
|
|
#include "ksslconfig.h"
|
|
#include "tdegenericdevice.h"
|
|
|
|
#ifndef _TDECRYPTOGRAPHICCARDDEVICE_INTERNAL
|
|
#ifdef KSSL_HAVE_SSL
|
|
typedef struct x509_st X509;
|
|
#else
|
|
struct X509;
|
|
#endif
|
|
#endif
|
|
|
|
class TQEventLoopThread;
|
|
class CryptoCardDeviceWatcher;
|
|
|
|
typedef TQValueList<X509*> X509CertificatePtrList;
|
|
typedef TQValueListIterator<X509*> X509CertificatePtrListIterator;
|
|
|
|
class TDECORE_EXPORT TDECryptographicCardDevice : public TDEGenericDevice
|
|
{
|
|
Q_OBJECT
|
|
|
|
public:
|
|
/**
|
|
* Constructor.
|
|
* @param Device type
|
|
*/
|
|
TDECryptographicCardDevice(TDEGenericDeviceType::TDEGenericDeviceType dt, TQString dn=TQString::null);
|
|
|
|
/**
|
|
* Destructor.
|
|
*/
|
|
~TDECryptographicCardDevice();
|
|
|
|
/**
|
|
* Enable / disable monitoring of insert / remove events.
|
|
* @param enable true to enable, false to disable.
|
|
*/
|
|
void enableCardMonitoring(bool enable);
|
|
|
|
/**
|
|
* Enable / disable PIN entry.
|
|
*
|
|
* @note You must connect to pinRequested and call setProvidedPin with
|
|
* the provided PIN, otherwise the TDECryptographicCardDevice object
|
|
* will hang waiting for input.
|
|
*
|
|
* @param enable true to enable, false to disable.
|
|
*
|
|
* @see setProvidedPin(TQString pin)
|
|
* @see pinRequested
|
|
*/
|
|
void enablePINEntryCallbacks(bool enable);
|
|
|
|
/**
|
|
* If monitoring of insert / remove events is enabled,
|
|
* return whether or not a card is present.
|
|
* @return -1 if status unknown, 0 if card not present,
|
|
* 1 if card is present.
|
|
*/
|
|
int cardPresent();
|
|
|
|
/**
|
|
* If monitoring of insert / remove events is enabled,
|
|
* and a card has been inserted, @return the card's ATR.
|
|
* @return TQString::null if no card or card status unknown.
|
|
*/
|
|
TQString cardATR();
|
|
|
|
/**
|
|
* If monitoring of insert / remove events is enabled,
|
|
* and a card has been inserted, @return a list of all
|
|
* X509 certificates on the card.
|
|
* @return an empty list if no card or card contents unknown.
|
|
*
|
|
* @example KSSLCertificate* tdeCert = KSSLCertificate::fromX509(cardX509Certificates().first());
|
|
*/
|
|
X509CertificatePtrList cardX509Certificates();
|
|
|
|
/**
|
|
* Sets the user-provided PIN from within the pinRequested callback.
|
|
* This method must not be called from anywhere else in user code.
|
|
* @param pin the user-provided PIN, TQString::null to abort
|
|
*
|
|
* @see pinRequested(TQString prompt)
|
|
*/
|
|
void setProvidedPin(TQString pin);
|
|
|
|
/**
|
|
* If the inserted card and system configuration provides a PIN for automatic
|
|
* pin-less operation, @returns the PIN to use when unlocking the card, otherwise
|
|
* @returns TQString::null.
|
|
*
|
|
* @see pinRequested(TQString prompt)
|
|
* @see setProvidedPin(TQString pin)
|
|
*/
|
|
TQString autoPIN();
|
|
|
|
/**
|
|
* If monitoring of insert / remove events is enabled, and a card has been inserted,
|
|
* decrypt data originally encrypted using a public key from one of the certificates
|
|
* stored on the card.
|
|
* This operation takes place on the card, and in most cases will require PIN entry.
|
|
* This method decrypts one data object only
|
|
* @param ciphertext Encrypted data
|
|
* @param plaintext Decrypted data
|
|
* @param errstr Pointer to TQString to be loaded with error description on failure
|
|
* @return 0 on success, -1 on general failure, -2 on encryption failure, -3 on user cancel
|
|
*/
|
|
int decryptDataEncryptedWithCertPublicKey(TQByteArray &ciphertext, TQByteArray &plaintext, TQString *errstr=NULL);
|
|
|
|
/**
|
|
* If monitoring of insert / remove events is enabled, and a card has been inserted,
|
|
* decrypt data originally encrypted using a public key from one of the certificates
|
|
* stored on the card.
|
|
* This operation takes place on the card, and in most cases will require PIN entry.
|
|
* This method is used to decrypt multiple data objects in one pass.
|
|
* @param cipherTextList Encrypted data object list
|
|
* @param plainTextList Decrypted data object list
|
|
* @param retcodes Return code for each data object
|
|
* @param errstr Pointer to TQString to be loaded with error description on failure
|
|
* @return 0 on success, -1 on general failure, -2 on encryption failure, -3 on user cancel
|
|
*/
|
|
int decryptDataEncryptedWithCertPublicKey(TQValueList<TQByteArray> &cipherTextList, TQValueList<TQByteArray> &plainTextList, TQValueList<int> &retcodes, TQString *errstr);
|
|
|
|
/**
|
|
* Create a new random key and encrypt with the public key
|
|
* contained in the given certificate.
|
|
* @param plaintext Generated (decrypted) random key
|
|
* @param ciphertext Encrypted key
|
|
* @param certificate X509 certificate containing the public key to use
|
|
* @return 0 on success, -1 on general failure, -2 on encryption failure
|
|
*/
|
|
static int createNewSecretRSAKeyFromCertificate(TQByteArray &plaintext, TQByteArray &ciphertext, X509* certificate);
|
|
|
|
/**
|
|
* @return The built-in PKCS provider library file name, including the full path
|
|
*/
|
|
static TQString pkcsProviderLibrary();
|
|
|
|
public slots:
|
|
void cardStatusChanged(TQString status, TQString atr);
|
|
void workerRequestedPin(TQString prompt);
|
|
|
|
signals:
|
|
void cardInserted(TDECryptographicCardDevice*);
|
|
void cardRemoved(TDECryptographicCardDevice*);
|
|
void certificateListAvailable(TDECryptographicCardDevice*);
|
|
void pinRequested(TQString prompt, TDECryptographicCardDevice* cdevice);
|
|
|
|
private:
|
|
TQEventLoopThread *m_watcherThread;
|
|
CryptoCardDeviceWatcher *m_watcherObject;
|
|
|
|
bool m_cardPresent;
|
|
TQString m_cardATR;
|
|
X509CertificatePtrList m_cardCertificates;
|
|
|
|
friend class TDEHardwareDevices;
|
|
friend class CryptoCardDeviceWatcher;
|
|
};
|
|
|
|
#endif // _TDECRYPTOGRAPHICCARDDEVICE_H
|