d5/dc6/qtlskey__schannel_8cpp_source.html

// Copyright (C) 2021 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only


#include <QtNetwork/private/qssl_p.h>


#include "qtlsbackend_schannel_p.h"

#include "qtlskey_schannel_p.h"


#include "../shared/qwincrypt_p.h"


#include <QtNetwork/private/qtlsbackend_p.h>

#include <QtNetwork/private/qsslkey_p.h>


#include <QtNetwork/qsslkey.h>


#include <QtCore/qscopeguard.h>

#include <QtCore/qbytearray.h>

#include <QtCore/qvarlengtharray.h>


QT_BEGIN_NAMESPACE


namespace {

const wchar_t *getName(QSslKeyPrivate::Cipher cipher)

{

    switch (cipher) {

    case QTlsPrivate::Cipher::DesCbc:

        return BCRYPT_DES_ALGORITHM;

    case QTlsPrivate::Cipher::DesEde3Cbc:

        return BCRYPT_3DES_ALGORITHM;

    case QTlsPrivate::Cipher::Rc2Cbc:

        return BCRYPT_RC2_ALGORITHM;

    case QTlsPrivate::Cipher::Aes128Cbc:

    case QTlsPrivate::Cipher::Aes192Cbc:

    case QTlsPrivate::Cipher::Aes256Cbc:

        return BCRYPT_AES_ALGORITHM;

    }

    Q_UNREACHABLE();

}


BCRYPT_ALG_HANDLE getHandle(QSslKeyPrivate::Cipher cipher)

{

    BCRYPT_ALG_HANDLE handle;

    NTSTATUS status = BCryptOpenAlgorithmProvider(

            &handle, // phAlgorithm

            getName(cipher), // pszAlgId

            nullptr, // pszImplementation

            0 // dwFlags

    );

    if (status < 0) {

        qCWarning(lcTlsBackendSchannel, "Failed to open algorithm handle (%ld)!", status);

        return nullptr;

    }


    return handle;

}


BCRYPT_KEY_HANDLE generateSymmetricKey(BCRYPT_ALG_HANDLE handle,

                                       const QByteArray &key)

{

    BCRYPT_KEY_HANDLE keyHandle;

    NTSTATUS status = BCryptGenerateSymmetricKey(

            handle, // hAlgorithm

            &keyHandle, // phKey

            nullptr, // pbKeyObject (can ignore)

            0, // cbKeyObject (also ignoring)

            reinterpret_cast<unsigned char *>(const_cast<char *>(key.data())), // pbSecret

            ULONG(key.length()), // cbSecret

            0 // dwFlags

    );

    if (status < 0) {

        qCWarning(lcTlsBackendSchannel, "Failed to generate symmetric key (%ld)!", status);

        return nullptr;

    }


    status = BCryptSetProperty(

            keyHandle, // hObject

            BCRYPT_CHAINING_MODE, // pszProperty

            reinterpret_cast<UCHAR *>(const_cast<wchar_t *>(BCRYPT_CHAIN_MODE_CBC)), // pbInput

            ARRAYSIZE(BCRYPT_CHAIN_MODE_CBC), // cbInput

            0 // dwFlags

    );

    if (status < 0) {

        BCryptDestroyKey(keyHandle);

        qCWarning(lcTlsBackendSchannel, "Failed to change the symmetric key's chaining mode (%ld)!",

                  status);

        return nullptr;

    }

    return keyHandle;

}


QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key,

                   const QByteArray &iv, bool encrypt)

{

    BCRYPT_ALG_HANDLE handle = getHandle(cipher);

    if (!handle)

        return {};

    auto handleDealloc = qScopeGuard([&handle]() {

        BCryptCloseAlgorithmProvider(handle, 0);

    });


    BCRYPT_KEY_HANDLE keyHandle = generateSymmetricKey(handle, key);

    if (!keyHandle)

        return {};

    auto keyHandleDealloc = qScopeGuard([&keyHandle]() {

        BCryptDestroyKey(keyHandle);

    });


    QByteArray ivCopy = iv; // This gets modified, so we take a copy


    ULONG sizeNeeded = 0;

    QVarLengthArray<unsigned char> output;

    auto cryptFunction = encrypt ? BCryptEncrypt : BCryptDecrypt;

    for (int i = 0; i < 2; i++) {

        output.resize(int(sizeNeeded));

        auto input = reinterpret_cast<unsigned char *>(const_cast<char *>(data.data()));

        // Need to call it twice because the first iteration lets us know the size needed.

        NTSTATUS status = cryptFunction(

                keyHandle, // hKey

                input, // pbInput

                ULONG(data.length()), // cbInput

                nullptr, // pPaddingInfo

                reinterpret_cast<unsigned char *>(ivCopy.data()), // pbIV

                ULONG(ivCopy.length()), // cbIV

                sizeNeeded ? output.data() : nullptr, // pbOutput

                ULONG(output.length()), // cbOutput

                &sizeNeeded, // pcbResult

                BCRYPT_BLOCK_PADDING // dwFlags

        );

        if (status < 0) {

            qCWarning(lcTlsBackendSchannel, "%s failed (%ld)!", encrypt ? "Encrypt" : "Decrypt",

                      status);

            return {};

        }

    }


    return QByteArray(reinterpret_cast<const char *>(output.constData()), int(sizeNeeded));

}

} // anonymous namespace


namespace QTlsPrivate {


QByteArray TlsKeySchannel::decrypt(Cipher cipher, const QByteArray &data, const QByteArray &key,

                                   const QByteArray &iv) const

{

    return doCrypt(cipher, data, key, iv, false);

}


QByteArray TlsKeySchannel::encrypt(Cipher cipher, const QByteArray &data, const QByteArray &key,

                                   const QByteArray &iv) const

{

    return doCrypt(cipher, data, key, iv, true);

}


} // namespace QTlsPrivate


QT_END_NAMESPACE


QByteArray
\inmodule QtCore
Definition qbytearray.h:57

QTlsPrivate::TlsKeySchannel::decrypt
QByteArray decrypt(Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv) const override
Definition qtlskey_schannel.cpp:142

QTlsPrivate::TlsKeySchannel::encrypt
QByteArray encrypt(Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv) const override
Definition qtlskey_schannel.cpp:148

QVarLengthArray
Definition qvarlengtharray.h:267

i
i
[1]
Definition doc_src_containers.cpp:167

QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qstandardpaths_haiku.cpp:21

QT_BEGIN_NAMESPACE::getName
const wchar_t * getName(QSslKeyPrivate::Cipher cipher)
Definition qtlskey_schannel.cpp:23

QT_BEGIN_NAMESPACE::getHandle
BCRYPT_ALG_HANDLE getHandle(QSslKeyPrivate::Cipher cipher)
Definition qtlskey_schannel.cpp:40

QT_BEGIN_NAMESPACE::generateSymmetricKey
BCRYPT_KEY_HANDLE generateSymmetricKey(BCRYPT_ALG_HANDLE handle, const QByteArray &key)
Definition qtlskey_schannel.cpp:57

QT_END_NAMESPACE
Definition qsharedpointer.cpp:1545

QTlsPrivate
Namespace containing onternal types that TLS backends implement.
Definition qocspresponse.h:40

QTlsPrivate::Cipher
Cipher
Definition qssl_p.h:29

QTlsPrivate::Cipher::DesEde3Cbc
@ DesEde3Cbc

QTlsPrivate::Cipher::DesCbc
@ DesCbc

QTlsPrivate::Cipher::Aes192Cbc
@ Aes192Cbc

QTlsPrivate::Cipher::Aes128Cbc
@ Aes128Cbc

QTlsPrivate::Cipher::Aes256Cbc
@ Aes256Cbc

QTlsPrivate::Cipher::Rc2Cbc
@ Rc2Cbc

QTlsPrivate::doCrypt
QByteArray doCrypt(QSslKeyPrivate::Cipher cipher, const QByteArray &data, const QByteArray &key, const QByteArray &iv, bool enc)
Definition qtlskey_openssl.cpp:411

qCWarning
#define qCWarning(category,...)
Definition qloggingcategory.h:125

handle
GLuint64 GLenum void * handle
Definition qopengles2ext.h:1575

key
GLuint64 key
Definition qopengles2ext.h:2268

data
GLint GLsizei GLsizei GLenum GLenum GLsizei void * data
Definition qopengles2ext.h:206

input
GLenum GLenum GLenum input
Definition qopenglext.h:10816

qScopeGuard
QScopeGuard< typename std::decay< F >::type > qScopeGuard(F &&f)
[qScopeGuard]
Definition qscopeguard.h:60

qtlsbackend_schannel_p.h

qtlskey_schannel_p.h

output
QT_BEGIN_NAMESPACE typedef uchar * output
Definition qvideoframeconversionhelper_p.h:24