Schannel support

Adds support for Schannel, an SSL backend for Windows, as an
alternative to OpenSSL.

[ChangeLog][QtNetwork][Ssl] Added support for Schannel on Desktop
Windows. To build Qt with Schannel support use '-schannel' during
configure.

Task-number: QTBUG-62637
Change-Id: Ic4fb8ed3657dab994f9f4a4ac5cbddc7001a0a46
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>

1 files changed, 155 insertions, 0 deletions

diff --git a/src/network/ssl/qsslsocket_schannel_p.h b/src/network/ssl/qsslsocket_schannel_p.h
new file mode 100644
index 0000000000..9879e2fc60
--- /dev/null
+++ b/src/network/ssl/qsslsocket_schannel_p.h
@@ -0,0 +1,155 @@
+/****************************************************************************
+**
+** Copyright (C) 2018 The Qt Company Ltd.
+** Contact: https://www.qt.io/licensing/
+**
+** This file is part of the QtNetwork module of the Qt Toolkit.
+**
+** $QT_BEGIN_LICENSE:LGPL$
+** Commercial License Usage
+** Licensees holding valid commercial Qt licenses may use this file in
+** accordance with the commercial license agreement provided with the
+** Software or, alternatively, in accordance with the terms contained in
+** a written agreement between you and The Qt Company. For licensing terms
+** and conditions see https://www.qt.io/terms-conditions. For further
+** information use the contact form at https://www.qt.io/contact-us.
+**
+** GNU Lesser General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU Lesser
+** General Public License version 3 as published by the Free Software
+** Foundation and appearing in the file LICENSE.LGPL3 included in the
+** packaging of this file. Please review the following information to
+** ensure the GNU Lesser General Public License version 3 requirements
+** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
+**
+** GNU General Public License Usage
+** Alternatively, this file may be used under the terms of the GNU
+** General Public License version 2.0 or (at your option) the GNU General
+** Public license version 3 or any later version approved by the KDE Free
+** Qt Foundation. The licenses are as published by the Free Software
+** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
+** included in the packaging of this file. Please review the following
+** information to ensure the GNU General Public License requirements will
+** be met: https://www.gnu.org/licenses/gpl-2.0.html and
+** https://www.gnu.org/licenses/gpl-3.0.html.
+**
+** $QT_END_LICENSE$
+**
+****************************************************************************/
+
+#ifndef QSSLSOCKET_SCHANNEL_P_H
+#define QSSLSOCKET_SCHANNEL_P_H
+
+//
+//  W A R N I N G
+//  -------------
+//
+// This file is not part of the Qt API. It exists purely as an
+// implementation detail. This header file may change from version to
+// version without notice, or even be removed.
+//
+// We mean it.
+//
+
+QT_REQUIRE_CONFIG(schannel);
+
+#include <QtNetwork/private/qtnetworkglobal_p.h>
+
+#include "qsslsocket_p.h"
+
+#define SECURITY_WIN32
+#include <security.h>
+#include <schnlsp.h>
+#undef SECURITY_WIN32
+
+#include <memory>
+
+QT_BEGIN_NAMESPACE
+
+struct QHCertStoreDeleter {
+    void operator()(HCERTSTORE store)
+    {
+        CertCloseStore(store, 0);
+    }
+};
+typedef std::unique_ptr<void, QHCertStoreDeleter> QHCertStorePointer;
+
+class QSslSocketBackendPrivate final : public QSslSocketPrivate
+{
+    Q_DISABLE_COPY_MOVE(QSslSocketBackendPrivate)
+    Q_DECLARE_PUBLIC(QSslSocket)
+public:
+    QSslSocketBackendPrivate();
+    ~QSslSocketBackendPrivate();
+
+    // Platform specific functions
+    void startClientEncryption() override;
+    void startServerEncryption() override;
+    void transmit() override;
+    void disconnectFromHost() override;
+    void disconnected() override;
+    QSslCipher sessionCipher() const override;
+    QSsl::SslProtocol sessionProtocol() const override;
+    void continueHandshake() override;
+
+    static QList<QSslCipher> defaultCiphers();
+    static QList<QSslError> verify(const QList<QSslCertificate> &certificateChain,
+                                   const QString &hostName);
+    static bool importPkcs12(QIODevice *device, QSslKey *key, QSslCertificate *cert,
+                             QList<QSslCertificate> *caCertificates, const QByteArray &passPhrase);
+
+private:
+    enum class SchannelState {
+        InitializeHandshake, // create and transmit context (client)/accept context (server)
+        PerformHandshake, // get token back, process it
+        VerifyHandshake, // Verify that things are OK
+        Done, // Connection encrypted!
+        Renegotiate // Renegotiating!
+    } schannelState = SchannelState::InitializeHandshake;
+
+    void reset();
+    bool acquireCredentialsHandle();
+    ULONG getContextRequirements();
+    bool createContext(); // for clients
+    bool acceptContext(); // for server
+    bool performHandshake();
+    bool verifyHandshake();
+    bool renegotiate();
+
+    bool sendToken(void *token, unsigned long tokenLength, bool emitError = true);
+    QString targetName() const;
+
+    bool checkSslErrors();
+    void deallocateContext();
+    void freeCredentialsHandle();
+    void closeCertificateStores();
+    void sendShutdown();
+
+    void initializeCertificateStores();
+    bool verifyCertContext(CERT_CONTEXT *certContext);
+
+    bool rootCertOnDemandLoadingAllowed();
+
+    SecPkgContext_ConnectionInfo connectionInfo = {};
+    SecPkgContext_StreamSizes streamSizes = {};
+
+    CredHandle credentialHandle; // Initialized in ctor
+    CtxtHandle contextHandle; // Initialized in ctor
+
+    QByteArray intermediateBuffer; // data which is left-over or incomplete
+
+    QHCertStorePointer localCertificateStore = nullptr;
+    QHCertStorePointer peerCertificateStore = nullptr;
+    QHCertStorePointer caCertificateStore = nullptr;
+
+    const CERT_CONTEXT *localCertContext = nullptr;
+
+    ULONG contextAttributes = 0;
+
+    bool renegotiating = false;
+    bool peerCertVerified = false;
+};
+
+QT_END_NAMESPACE
+
+#endif // QSSLSOCKET_SCHANNEL_P_H