|
1 // Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // Name : CSipSecIpsecMechanism.cpp |
|
15 // Part of : SIPSec |
|
16 // Version : SIP/6.0 |
|
17 // |
|
18 |
|
19 |
|
20 |
|
21 #include <pfkey_send.h> |
|
22 |
|
23 #include "sipstrings.h" |
|
24 #include "siprequest.h" |
|
25 #include "sipresponse.h" |
|
26 #include "sipsecurityclientheader.h" |
|
27 #include "TSIPTransportParams.h" |
|
28 #include "SipLogs.h" |
|
29 |
|
30 #include "CSipSecIpsecMechanism.h" |
|
31 #include "SipSecUtils.h" |
|
32 #include "CSipSecAgreeContext.h" |
|
33 #include "CSipSecSaDbMsgSender.h" |
|
34 #include "CSipSecSaDbMsgReceiver.h" |
|
35 #include "CStateTentative.h" |
|
36 #include "CStatePendingKey.h" |
|
37 #include "CStatePendingSa.h" |
|
38 #include "CStatePendingPolicy.h" |
|
39 #include "CStateTemporal.h" |
|
40 #include "CStateInUse.h" |
|
41 #include "CStateOld.h" |
|
42 #include "CStateDying.h" |
|
43 #include "CStateDeleting.h" |
|
44 #include "CStateClearing.h" |
|
45 |
|
46 #ifdef CPPUNIT_TEST |
|
47 #include "CActiveObjController1.h" |
|
48 #endif |
|
49 |
|
50 const TInt KStatesGranularity = 10; |
|
51 |
|
52 // ---------------------------------------------------------------------------- |
|
53 // CSipSecIpsecMechanism::NewL |
|
54 // ---------------------------------------------------------------------------- |
|
55 // |
|
56 CSipSecIpsecMechanism* CSipSecIpsecMechanism::NewL( TAny* aInitParam ) |
|
57 { |
|
58 CSipSecIpsecMechanism* self = CSipSecIpsecMechanism::NewLC( aInitParam ); |
|
59 CleanupStack::Pop( self ); |
|
60 return self; |
|
61 } |
|
62 |
|
63 // ---------------------------------------------------------------------------- |
|
64 // CSipSecIpsecMechanism::NewLC |
|
65 // ---------------------------------------------------------------------------- |
|
66 // |
|
67 CSipSecIpsecMechanism* CSipSecIpsecMechanism::NewLC( TAny* aInitParam ) |
|
68 { |
|
69 TSIPSecMechanismInitParams* p = |
|
70 static_cast<TSIPSecMechanismInitParams*>( aInitParam ); |
|
71 CSipSecIpsecMechanism* |
|
72 self = new ( ELeave ) CSipSecIpsecMechanism( p ); |
|
73 CleanupStack::PushL( self ); |
|
74 self->ConstructL(); |
|
75 return self; |
|
76 } |
|
77 |
|
78 // ---------------------------------------------------------------------------- |
|
79 // Destructor |
|
80 // ---------------------------------------------------------------------------- |
|
81 // |
|
82 CSipSecIpsecMechanism::~CSipSecIpsecMechanism() |
|
83 { |
|
84 delete iSaDbMsgReceiver; |
|
85 delete iSaDbMsgSender; |
|
86 iSecAgreeContexts.ResetAndDestroy(); |
|
87 iSecAgreeContexts.Close(); |
|
88 iStates.ResetAndDestroy(); |
|
89 iStates.Close(); |
|
90 iPolicyServ.Close(); |
|
91 iSaDb.Close(); |
|
92 iSockServ.Close(); |
|
93 } |
|
94 |
|
95 // ---------------------------------------------------------------------------- |
|
96 // CSipSecIpsecMechanism::Name |
|
97 // ---------------------------------------------------------------------------- |
|
98 // |
|
99 const TDesC8& CSipSecIpsecMechanism::Name() const |
|
100 { |
|
101 return KIpSec3gpp; |
|
102 } |
|
103 |
|
104 // ---------------------------------------------------------------------------- |
|
105 // CSipSecIpsecMechanism::InitializeSecurityClientL |
|
106 // ---------------------------------------------------------------------------- |
|
107 // |
|
108 void CSipSecIpsecMechanism::InitializeSecurityClientL( |
|
109 CSIPSecurityClientHeader& /*aSecurityClient*/ ) |
|
110 { |
|
111 } |
|
112 |
|
113 // ---------------------------------------------------------------------------- |
|
114 // CSipSecIpsecMechanism::ProcessSecurityVerifyL |
|
115 // ---------------------------------------------------------------------------- |
|
116 // |
|
117 void CSipSecIpsecMechanism::ProcessSecurityVerifyL( |
|
118 TSIPTransportParams& /*aTransportParams*/, |
|
119 CSIPRequest& aRequest, |
|
120 TInetAddr& aNextHop, |
|
121 const CUri8& /*aRemoteTarget*/, |
|
122 const TDesC8& /*aOutboundProxy*/, |
|
123 MSIPSecUser* /*aUser*/, |
|
124 TRegistrationId /*aRegistrationId*/, |
|
125 RPointerArray<CSIPSecurityServerHeader>& /*aSecurityServer*/, |
|
126 RPointerArray<CSIPSecurityVerifyHeader>& aSecurityVerify ) |
|
127 { |
|
128 // No action if verify hdrs exist already in the request |
|
129 if ( aRequest.HasHeader( |
|
130 SIPStrings::StringF( SipStrConsts::ESecurityVerifyHeader ) ) ) |
|
131 { |
|
132 return; |
|
133 } |
|
134 |
|
135 // In case when two records exist already but more recent record is not |
|
136 // yet in "temporal" state, ipsec still has to use old sec verify hdrs. |
|
137 // FW would like to already use new sec verifys instead. |
|
138 CSipSecAgreeContext* c = FindContext( aNextHop ); |
|
139 if ( c ) |
|
140 { |
|
141 c->ApplyRulesL( aSecurityVerify ); |
|
142 } |
|
143 } |
|
144 |
|
145 // ---------------------------------------------------------------------------- |
|
146 // CSipSecIpsecMechanism::AddSecurityParamsL |
|
147 // ---------------------------------------------------------------------------- |
|
148 // |
|
149 void CSipSecIpsecMechanism::AddSecurityParamsL( |
|
150 TSIPTransportParams& aTransportParams, |
|
151 CSIPRequest& aRequest, |
|
152 TRegistrationId /*aRegistrationId*/, |
|
153 TTransactionId /*aTransactionId*/, |
|
154 TInetAddr& aNextHop, |
|
155 const CUri8& /*aRemoteTarget*/, |
|
156 const TDesC8& aOutboundProxy, |
|
157 MSIPSecUser* aUser ) |
|
158 { |
|
159 CSipSecAgreeContext* c = FindContext( aNextHop ); |
|
160 if ( c ) |
|
161 { |
|
162 c->ApplyRulesL( aTransportParams, aRequest, aOutboundProxy, aUser ); |
|
163 } |
|
164 else |
|
165 { |
|
166 ProcessInitialReqisterL( aTransportParams, aRequest ); |
|
167 } |
|
168 } |
|
169 |
|
170 // ---------------------------------------------------------------------------- |
|
171 // CSipSecIpsecMechanism::ResponseReceivedL |
|
172 // ---------------------------------------------------------------------------- |
|
173 // |
|
174 TBool CSipSecIpsecMechanism::ResponseReceivedL( |
|
175 TSIPTransportParams& aTransportParams, |
|
176 CSIPResponse& aResponse, |
|
177 CSIPRequest& aRequest, |
|
178 TRegistrationId /*aRegistrationId*/, |
|
179 TTransactionId /*aTransactionId*/, |
|
180 TInetAddr& aNextHop, |
|
181 const CUri8& /*aRemoteTarget*/, |
|
182 const TDesC8& /*aOutboundProxy*/, |
|
183 MSIPSecUser* aUser, |
|
184 MSIPSecSecurityMechanismObserver& aObserver ) |
|
185 { |
|
186 CSipSecAgreeContext* c = FindContext( aUser ); |
|
187 if ( c ) |
|
188 { |
|
189 c->ApplyRulesL( aResponse, aRequest, aObserver ); |
|
190 } |
|
191 else |
|
192 { |
|
193 // No context was found for the user, create possibly new one |
|
194 CreateNewContextL( aTransportParams, |
|
195 aResponse, |
|
196 aRequest, |
|
197 aNextHop, |
|
198 aUser, |
|
199 aObserver ); |
|
200 } |
|
201 |
|
202 return EFalse; |
|
203 } |
|
204 |
|
205 // ---------------------------------------------------------------------------- |
|
206 // CSipSecIpsecMechanism::IsServerInitiatedSecAgreeAllowed |
|
207 // ---------------------------------------------------------------------------- |
|
208 // |
|
209 TBool CSipSecIpsecMechanism::IsServerInitiatedSecAgreeAllowed() const |
|
210 { |
|
211 return EFalse; |
|
212 } |
|
213 |
|
214 // ---------------------------------------------------------------------------- |
|
215 // CSipSecIpsecMechanism::ParametersUpdatedL |
|
216 // ---------------------------------------------------------------------------- |
|
217 // |
|
218 TBool CSipSecIpsecMechanism::ParametersUpdatedL( MSIPSecUser* aUser ) |
|
219 { |
|
220 // Digest has possibly updated keying material |
|
221 CSipSecAgreeContext* c = FindContext( aUser ); |
|
222 if ( c ) |
|
223 { |
|
224 const TDesC8* key = 0; |
|
225 |
|
226 TRAPD( err, key = &iEngineContext.ValueL( KSIPSecIK ) ); |
|
227 if ( err == KErrNone ) |
|
228 { |
|
229 return c->SetAuthKeyL( *key ); |
|
230 } |
|
231 c->AuthKeyFailedL(); |
|
232 } |
|
233 return EFalse; |
|
234 } |
|
235 |
|
236 // ---------------------------------------------------------------------------- |
|
237 // CSipSecIpsecMechanism::CancelPendingOperations |
|
238 // ---------------------------------------------------------------------------- |
|
239 // |
|
240 void CSipSecIpsecMechanism::CancelPendingOperations( |
|
241 MSIPSecSecurityMechanismObserver* aObserver ) |
|
242 { |
|
243 if ( !aObserver ) |
|
244 { |
|
245 return; |
|
246 } |
|
247 |
|
248 // Must cancel outstanding add SA requests |
|
249 for ( TInt i = 0; i < iSecAgreeContexts.Count(); i++ ) |
|
250 { |
|
251 iSecAgreeContexts[ i ]->CancelPendingOps( aObserver ); |
|
252 } |
|
253 } |
|
254 |
|
255 // ---------------------------------------------------------------------------- |
|
256 // CSipSecIpsecMechanism::ClearCache |
|
257 // ---------------------------------------------------------------------------- |
|
258 // |
|
259 void CSipSecIpsecMechanism::ClearCache( |
|
260 MSIPSecUser* aUser ) |
|
261 { |
|
262 CSipSecAgreeContext* c = FindContext( aUser ); |
|
263 if ( c ) |
|
264 { |
|
265 TRAPD( err, c->ClearL() ); |
|
266 if ( err != KErrNone ) |
|
267 { |
|
268 DeleteContext( c ); |
|
269 } |
|
270 } |
|
271 } |
|
272 |
|
273 // ---------------------------------------------------------------------------- |
|
274 // CSipSecIpsecMechanism::SetCredentialsL |
|
275 // ---------------------------------------------------------------------------- |
|
276 // |
|
277 void CSipSecIpsecMechanism::SetCredentialsL( |
|
278 TTransactionId /*aTransactionId*/, |
|
279 const TDesC8& /*aRealm*/, |
|
280 const TDesC8& /*aOutboundProxy*/, |
|
281 const TDesC8& /*aUserName*/, |
|
282 const TDesC8& /*aPassword*/ ) |
|
283 { |
|
284 } |
|
285 |
|
286 // ---------------------------------------------------------------------------- |
|
287 // CSipSecIpsecMechanism::SetCredentialsL |
|
288 // ---------------------------------------------------------------------------- |
|
289 // |
|
290 void CSipSecIpsecMechanism::SetCredentialsL( |
|
291 const MSIPSecUser& /*aUser*/, |
|
292 const TDesC8& /*aRealm*/, |
|
293 const TDesC8& /*aOutboundProxy*/, |
|
294 const TDesC8& /*aUserName*/, |
|
295 const TDesC8& /*aPassword*/ ) |
|
296 { |
|
297 } |
|
298 |
|
299 // ---------------------------------------------------------------------------- |
|
300 // CSipSecIpsecMechanism::IgnoreChallenge |
|
301 // ---------------------------------------------------------------------------- |
|
302 // |
|
303 TInt CSipSecIpsecMechanism::IgnoreChallenge( |
|
304 TTransactionId /*aTransactionId*/, |
|
305 const TDesC8& /*aRealm*/, |
|
306 const MSIPSecUser* /*aTrustedUser*/ ) |
|
307 { |
|
308 return KErrNotFound; |
|
309 } |
|
310 |
|
311 // ---------------------------------------------------------------------------- |
|
312 // CSipSecIpsecMechanism::SetCredentialsL |
|
313 // ---------------------------------------------------------------------------- |
|
314 // |
|
315 TInt CSipSecIpsecMechanism::RemoveCredentials( const TDesC8& /*aRealm*/ ) |
|
316 { |
|
317 return KErrNotFound; |
|
318 } |
|
319 |
|
320 // ---------------------------------------------------------------------------- |
|
321 // CSipSecIpsecMechanism::MessageSentL |
|
322 // ---------------------------------------------------------------------------- |
|
323 // |
|
324 void CSipSecIpsecMechanism::MessageSentL( TInt /*aStatus*/, TInt /*aMsgType*/ ) |
|
325 { |
|
326 } |
|
327 |
|
328 // ---------------------------------------------------------------------------- |
|
329 // CSipSecIpsecMechanism::MessageReceived |
|
330 // ---------------------------------------------------------------------------- |
|
331 // |
|
332 void CSipSecIpsecMechanism::MessageReceived( TInt aStatus ) |
|
333 { |
|
334 if ( aStatus == KErrNone && |
|
335 iReceiveBuffer.Length() > 0 && |
|
336 iReceiveBuffer.MsgHdr().sadb_msg_pid == PID ) |
|
337 { |
|
338 ConsumeSadbMessage(); |
|
339 } |
|
340 |
|
341 iReceiveBuffer.FillZ(); |
|
342 iSaDbMsgReceiver->Receive( iReceiveBuffer ); |
|
343 } |
|
344 |
|
345 // ---------------------------------------------------------------------------- |
|
346 // CSipSecIpsecMechanism::T1 |
|
347 // ---------------------------------------------------------------------------- |
|
348 // |
|
349 TUint CSipSecIpsecMechanism::T1() |
|
350 { |
|
351 return iT1; |
|
352 } |
|
353 |
|
354 // ---------------------------------------------------------------------------- |
|
355 // CSipSecIpsecMechanism::Sadb |
|
356 // ---------------------------------------------------------------------------- |
|
357 // |
|
358 RSADB& CSipSecIpsecMechanism::Sadb() |
|
359 { |
|
360 return iSaDb; |
|
361 } |
|
362 |
|
363 // ---------------------------------------------------------------------------- |
|
364 // CSipSecIpsecMechanism::PolicyServer |
|
365 // ---------------------------------------------------------------------------- |
|
366 // |
|
367 RIpsecPolicyServ& CSipSecIpsecMechanism::PolicyServer() |
|
368 { |
|
369 return iPolicyServ; |
|
370 } |
|
371 |
|
372 // ---------------------------------------------------------------------------- |
|
373 // CSipSecIpsecMechanism::SeqNumber |
|
374 // ---------------------------------------------------------------------------- |
|
375 // |
|
376 TUint CSipSecIpsecMechanism::SeqNumber() |
|
377 { |
|
378 return ++iSeqNum; |
|
379 } |
|
380 |
|
381 // ---------------------------------------------------------------------------- |
|
382 // CSipSecIpsecMechanism::TimerMan |
|
383 // ---------------------------------------------------------------------------- |
|
384 // |
|
385 MTimerManager& CSipSecIpsecMechanism::TimerMan() |
|
386 { |
|
387 return iTimerMgr; |
|
388 } |
|
389 |
|
390 // ---------------------------------------------------------------------------- |
|
391 // CSipSecIpsecMechanism::TransportMan |
|
392 // ---------------------------------------------------------------------------- |
|
393 // |
|
394 MSIPTransportMgr& CSipSecIpsecMechanism::TransportMan() |
|
395 { |
|
396 return iTransportMgr; |
|
397 } |
|
398 |
|
399 // ---------------------------------------------------------------------------- |
|
400 // CSipSecIpsecMechanism::UpdateSecCliL |
|
401 // ---------------------------------------------------------------------------- |
|
402 // |
|
403 void CSipSecIpsecMechanism::UpdateSecCliL( |
|
404 RPointerArray<CSIPSecurityHeaderBase>& aSecCliHeaders ) |
|
405 { |
|
406 // Update protected client port and both SPIs |
|
407 // |
|
408 TUint spic = SipSecUtils::RandomNumber( iSeed, KMinSPI, KMaxSPI ); |
|
409 TUint spis = SipSecUtils::RandomNumber( iSeed, KMinSPI, KMaxSPI ); |
|
410 TUint portc = SipSecUtils::RandomNumber( iSeed, KMinPort, KMaxPort ); |
|
411 |
|
412 for ( TInt i = 0; i < aSecCliHeaders.Count(); i++ ) |
|
413 { |
|
414 CSIPSecurityClientHeader* sch = |
|
415 static_cast<CSIPSecurityClientHeader*>( aSecCliHeaders[ i ] ); |
|
416 |
|
417 if ( SipSecUtils::HasParamL( *sch, KSpic ) && |
|
418 SipSecUtils::HasParamL( *sch, KSpis ) && |
|
419 SipSecUtils::HasParamL( *sch, KPortc ) ) |
|
420 { |
|
421 SipSecUtils::SetParamL( *sch, KSpic, spic ); |
|
422 SipSecUtils::SetParamL( *sch, KSpis, spis ); |
|
423 SipSecUtils::SetParamL( *sch, KPortc, portc ); |
|
424 } |
|
425 } |
|
426 } |
|
427 |
|
428 // ---------------------------------------------------------------------------- |
|
429 // CSipSecIpsecMechanism::ContextCleared |
|
430 // ---------------------------------------------------------------------------- |
|
431 // |
|
432 void CSipSecIpsecMechanism::ContextCleared( |
|
433 CSipSecAgreeContext* aContext ) |
|
434 { |
|
435 DeleteContext(aContext); |
|
436 } |
|
437 |
|
438 // ---------------------------------------------------------------------------- |
|
439 // CSipSecIpsecMechanism::TransportRemovalObserver |
|
440 // ---------------------------------------------------------------------------- |
|
441 // |
|
442 MSIPTransportRemovalObserver* CSipSecIpsecMechanism::TransportRemovalObserver() |
|
443 { |
|
444 return this; |
|
445 } |
|
446 |
|
447 // ---------------------------------------------------------------------------- |
|
448 // CSipSecIpsecMechanism::ProcessInitialReqisterL |
|
449 // ---------------------------------------------------------------------------- |
|
450 // |
|
451 void CSipSecIpsecMechanism::ProcessInitialReqisterL( |
|
452 TSIPTransportParams& aTransportParams, |
|
453 CSIPRequest& aRequest ) |
|
454 { |
|
455 // 1. Check if Security-Client header is in request |
|
456 // 2. Generate IPSEC port numbers if not yet in the request |
|
457 // 3. Generate SPIs |
|
458 // 4. Do not have to reserve channels yet |
|
459 // 5. Disable SigComp usage for initial register |
|
460 |
|
461 if ( !SipSecUtils::Match( SipStrConsts::ERegister, aRequest.Method() ) ) |
|
462 { |
|
463 return; |
|
464 } |
|
465 |
|
466 // Ownership of headers inside the returned array is not transferred. |
|
467 // Returned array has been pushed into cleanupstack using TCleanupItem |
|
468 // which will call only Reset() for RPointerArray and destructs |
|
469 // the object if leave occurs. |
|
470 RPointerArray< CSIPSecurityHeaderBase >* secClientHdrs = |
|
471 SipSecUtils::HeadersWithMechanismLC( |
|
472 aRequest, |
|
473 SipStrConsts::ESecurityClientHeader, |
|
474 KIpSec3gpp ); |
|
475 |
|
476 TInt ipsecHdrsCount( secClientHdrs->Count() ); |
|
477 |
|
478 if ( ipsecHdrsCount > 0 ) |
|
479 { |
|
480 __ASSERT_ALWAYS( ipsecHdrsCount <= 2, User::Leave( KErrOverflow ) ); |
|
481 |
|
482 CSIPSecurityClientHeader* sch1 = |
|
483 static_cast< CSIPSecurityClientHeader* >( (*secClientHdrs)[ 0 ] ); |
|
484 InitSecCliHeaderL( sch1 ); |
|
485 |
|
486 if ( iCaps.iAlgMd5.Length() && iCaps.iAlgSha.Length() ) |
|
487 { |
|
488 CSIPSecurityClientHeader* sch2 = |
|
489 static_cast<CSIPSecurityClientHeader*>( sch1->CloneL() ); |
|
490 |
|
491 CleanupStack::PushL( sch2 ); |
|
492 SipSecUtils::SetParamL( *sch2, KAlgorithm, iCaps.iAlgSha ); |
|
493 if ( ipsecHdrsCount == 1 ) |
|
494 { |
|
495 aRequest.AddHeaderL( sch2 ); |
|
496 } |
|
497 else |
|
498 { |
|
499 aRequest.ReplaceHeaderL( (*secClientHdrs)[ 1 ], sch2 ); |
|
500 } |
|
501 CleanupStack::Pop( sch2 ); |
|
502 } |
|
503 |
|
504 aTransportParams.SetIgnoreCompartmentId( ETrue ); |
|
505 } |
|
506 |
|
507 CleanupStack::PopAndDestroy( secClientHdrs ); |
|
508 } |
|
509 |
|
510 // ---------------------------------------------------------------------------- |
|
511 // CSipSecIpsecMechanism::RemovalCompleted |
|
512 // ---------------------------------------------------------------------------- |
|
513 // |
|
514 void CSipSecIpsecMechanism::RemovalCompleted( TUint32 aTransportId ) |
|
515 { |
|
516 for ( TInt i = 0; i < iSecAgreeContexts.Count(); i++ ) |
|
517 { |
|
518 iSecAgreeContexts[ i ]->RemovalCompleted( aTransportId ); |
|
519 } |
|
520 } |
|
521 |
|
522 // ---------------------------------------------------------------------------- |
|
523 // CSipSecIpsecMechanism::Capable |
|
524 // ---------------------------------------------------------------------------- |
|
525 // |
|
526 TBool CSipSecIpsecMechanism::Capable() |
|
527 { |
|
528 return iCaps.iProt.Length() && iCaps.iMode.Length() && |
|
529 ( iCaps.iAlgMd5.Length() || iCaps.iAlgSha.Length() ); |
|
530 } |
|
531 |
|
532 // ---------------------------------------------------------------------------- |
|
533 // CSipSecIpsecMechanism::ConsumeSadbMessage |
|
534 // ---------------------------------------------------------------------------- |
|
535 // |
|
536 void CSipSecIpsecMechanism::ConsumeSadbMessage() |
|
537 { |
|
538 switch ( iReceiveBuffer.MsgHdr().sadb_msg_type ) |
|
539 { |
|
540 case SADB_REGISTER: |
|
541 { |
|
542 SadbRegister(); |
|
543 break; |
|
544 } |
|
545 case SADB_ADD: |
|
546 { |
|
547 SadbAdd(); |
|
548 break; |
|
549 } |
|
550 default: |
|
551 { |
|
552 // SADB_GETSPI, SADB_UPDATE |
|
553 // SADB_DELETE, SADB_ACQUIRE, SADB_FLUSH, SADB_GET, SADB_EXPIRE |
|
554 break; |
|
555 } |
|
556 } |
|
557 } |
|
558 |
|
559 // ---------------------------------------------------------------------------- |
|
560 // CSipSecIpsecMechanism::SadbRegister |
|
561 // ---------------------------------------------------------------------------- |
|
562 // |
|
563 void CSipSecIpsecMechanism::SadbRegister() |
|
564 { |
|
565 TPfkeyAnyExt ext; |
|
566 TInt s = iReceiveBuffer.NextExtension( ext ); |
|
567 __ASSERT_DEBUG( s == KErrNone, User::Panic( KMsgPanic, s ) ); |
|
568 TBool foundSupportedAuth( EFalse ); |
|
569 while ( s == KErrNone && !foundSupportedAuth ) |
|
570 { |
|
571 if ( ext.ExtType() == SADB_EXT_SUPPORTED_AUTH ) |
|
572 { |
|
573 foundSupportedAuth = ETrue; |
|
574 } |
|
575 else |
|
576 { |
|
577 s = iReceiveBuffer.NextExtension( ext ); |
|
578 } |
|
579 } |
|
580 |
|
581 if ( s != KErrNone ) |
|
582 { |
|
583 return; |
|
584 } |
|
585 |
|
586 iCaps.iMode.Set( KTransMode ); |
|
587 iCaps.iProt.Set( KEspProtocol ); |
|
588 TInt len = ext.ExtLen() * KWordLen; |
|
589 TInt offset = KSizeOfSADBSupported; |
|
590 TPtrC8 alg; |
|
591 for ( ; offset<len; offset = offset+KSizeOfSADBAlg ) |
|
592 { |
|
593 alg.Set( ext.Mid( offset, KSizeOfSADBAlg ) ); |
|
594 const sadb_alg* a = reinterpret_cast<const sadb_alg*>( alg.Ptr() ); |
|
595 if ( a->sadb_alg_id == SADB_AALG_MD5HMAC && |
|
596 a->sadb_alg_maxbits >= MD5_KEYLENGTH && |
|
597 a->sadb_alg_minbits <= MD5_KEYLENGTH ) |
|
598 { |
|
599 iCaps.iAlgMd5.Set( KHmacMd596 ); |
|
600 } |
|
601 if ( a->sadb_alg_id == SADB_AALG_SHA1HMAC && |
|
602 a->sadb_alg_maxbits >= SHA_KEYLENGTH && |
|
603 a->sadb_alg_minbits <= SHA_KEYLENGTH ) |
|
604 { |
|
605 iCaps.iAlgSha.Set( KHmacSha196 ); |
|
606 } |
|
607 } |
|
608 } |
|
609 |
|
610 // ---------------------------------------------------------------------------- |
|
611 // CSipSecIpsecMechanism::SadbAdd |
|
612 // ---------------------------------------------------------------------------- |
|
613 // |
|
614 void CSipSecIpsecMechanism::SadbAdd() |
|
615 { |
|
616 // In case of SADB_ADD message, we are interested only about operations |
|
617 // success. Convert sadb_msg error to Symbian error code. |
|
618 |
|
619 sadb_msg& m = iReceiveBuffer.MsgHdr(); |
|
620 TInt err = -( ( m.sadb_msg_reserved << 8 ) | m.sadb_msg_errno ); |
|
621 |
|
622 // Propagate error to contexts |
|
623 for ( TInt i = 0; i < iSecAgreeContexts.Count(); i++ ) |
|
624 { |
|
625 iSecAgreeContexts[ i ]->SADBAddMsgReceived( m.sadb_msg_seq, err ); |
|
626 } |
|
627 } |
|
628 |
|
629 // ---------------------------------------------------------------------------- |
|
630 // CSipSecIpsecMechanism::InitSecCliHeaderL |
|
631 // ---------------------------------------------------------------------------- |
|
632 // |
|
633 void CSipSecIpsecMechanism::InitSecCliHeaderL( |
|
634 CSIPSecurityClientHeader* aCliHeader ) |
|
635 { |
|
636 __ASSERT_ALWAYS( Capable(),User::Leave( KErrNotReady ) ); |
|
637 if ( iCaps.iAlgMd5.Length() ) |
|
638 { |
|
639 SipSecUtils::SetParamL( *aCliHeader, KAlgorithm, iCaps.iAlgMd5 ); |
|
640 } |
|
641 else |
|
642 { |
|
643 SipSecUtils::SetParamL( *aCliHeader, KAlgorithm, iCaps.iAlgSha ); |
|
644 } |
|
645 SipSecUtils::SetParamL( *aCliHeader, KProtocol, iCaps.iProt ); |
|
646 |
|
647 SipSecUtils::SetParamL( *aCliHeader, KMode, iCaps.iMode ); |
|
648 |
|
649 TUint rn = SipSecUtils::RandomNumber( iSeed, KMinSPI, KMaxSPI ); |
|
650 SipSecUtils::SetParamL( *aCliHeader, KSpic, rn ); |
|
651 |
|
652 rn = SipSecUtils::RandomNumber( iSeed, KMinSPI, KMaxSPI ); |
|
653 SipSecUtils::SetParamL( *aCliHeader, KSpis, rn ); |
|
654 |
|
655 rn = SipSecUtils::RandomNumber( iSeed, KMinPort, KMaxPort ); |
|
656 SipSecUtils::SetParamL( *aCliHeader, KPortc, rn ); |
|
657 |
|
658 rn = SipSecUtils::RandomNumber( iSeed, KMinPort, KMaxPort ); |
|
659 SipSecUtils::SetParamL( *aCliHeader, KPorts, rn ); |
|
660 } |
|
661 |
|
662 // ---------------------------------------------------------------------------- |
|
663 // CSipSecIpsecMechanism::CreateNewContextL |
|
664 // ---------------------------------------------------------------------------- |
|
665 // |
|
666 void CSipSecIpsecMechanism::CreateNewContextL( |
|
667 TSIPTransportParams& aTransportParams, |
|
668 CSIPResponse& aResponse, |
|
669 CSIPRequest& aRequest, |
|
670 TInetAddr& aNextHop, |
|
671 MSIPSecUser* aUser, |
|
672 MSIPSecSecurityMechanismObserver& aObserver ) |
|
673 { |
|
674 if ( aResponse.ResponseCode() != K401Response || |
|
675 !SipSecUtils::HeaderWithMechanism( |
|
676 aResponse, |
|
677 SipStrConsts::ESecurityServerHeader, |
|
678 KIpSec3gpp ) ) |
|
679 { |
|
680 return; |
|
681 } |
|
682 |
|
683 CSipSecAgreeContext* ctx = |
|
684 CSipSecAgreeContext::NewL( *this, |
|
685 aTransportParams, |
|
686 aResponse, |
|
687 aRequest, |
|
688 aNextHop, |
|
689 aUser, |
|
690 aObserver, |
|
691 iStates ); |
|
692 CleanupStack::PushL( ctx ); |
|
693 iSecAgreeContexts.AppendL( ctx ); |
|
694 CleanupStack::Pop( ctx ); |
|
695 |
|
696 |
|
697 #ifdef CPPUNIT_TEST |
|
698 if ( iObjCtr->iCtxCtrl1 == NULL ) |
|
699 { |
|
700 iObjCtr->iCtxCtrl1 = ctx->iObjCtr; |
|
701 } |
|
702 else |
|
703 { |
|
704 if ( iObjCtr->iCtxCtrl2 == NULL ) |
|
705 { |
|
706 iObjCtr->iCtxCtrl2 = ctx->iObjCtr; |
|
707 } |
|
708 else |
|
709 { |
|
710 // Add new member (e.g. iObjCtr->iCtxCtrl3) to store ctx->iObjCtr |
|
711 User::Panic( KNullDesC, KErrNotSupported ); |
|
712 } |
|
713 } |
|
714 #endif |
|
715 } |
|
716 |
|
717 // ---------------------------------------------------------------------------- |
|
718 // CSipSecIpsecMechanism::FindContext |
|
719 // ---------------------------------------------------------------------------- |
|
720 // |
|
721 CSipSecAgreeContext* CSipSecIpsecMechanism::FindContext( |
|
722 const MSIPSecUser* aSipUser ) |
|
723 { |
|
724 for ( TInt i = 0; i < iSecAgreeContexts.Count(); i++ ) |
|
725 { |
|
726 if ( iSecAgreeContexts[ i ]->HasSecUser( aSipUser ) ) |
|
727 { |
|
728 return iSecAgreeContexts[ i ]; |
|
729 } |
|
730 } |
|
731 return 0; |
|
732 } |
|
733 |
|
734 // ---------------------------------------------------------------------------- |
|
735 // CSipSecIpsecMechanism::FindContext |
|
736 // ---------------------------------------------------------------------------- |
|
737 // |
|
738 CSipSecAgreeContext* CSipSecIpsecMechanism::FindContext( |
|
739 const TInetAddr& aNextHop ) |
|
740 { |
|
741 for ( TInt i = 0; i < iSecAgreeContexts.Count(); i++ ) |
|
742 { |
|
743 if ( iSecAgreeContexts[ i ]->HasNextHop( aNextHop ) ) |
|
744 { |
|
745 return iSecAgreeContexts[ i ]; |
|
746 } |
|
747 } |
|
748 return 0; |
|
749 } |
|
750 |
|
751 // ---------------------------------------------------------------------------- |
|
752 // CSipSecIpsecMechanism::DeleteContext |
|
753 // ---------------------------------------------------------------------------- |
|
754 // |
|
755 void CSipSecIpsecMechanism::DeleteContext( |
|
756 CSipSecAgreeContext* aContext ) |
|
757 { |
|
758 TInt i = iSecAgreeContexts.Find( aContext ); |
|
759 iSecAgreeContexts.Remove( i ); |
|
760 iSecAgreeContexts.Compress(); |
|
761 delete aContext; |
|
762 } |
|
763 |
|
764 // ---------------------------------------------------------------------------- |
|
765 // CSipSecIpsecMechanism::InitializeStatesL |
|
766 // ---------------------------------------------------------------------------- |
|
767 // |
|
768 void CSipSecIpsecMechanism::InitializeStatesL() |
|
769 { |
|
770 CTentative* te = new ( ELeave ) CTentative(); |
|
771 CleanupStack::PushL( te ); |
|
772 iStates.AppendL( te ); |
|
773 CleanupStack::Pop( te ); |
|
774 CPendingKey* pk = new ( ELeave ) CPendingKey(); |
|
775 CleanupStack::PushL( pk ); |
|
776 iStates.AppendL( pk ); |
|
777 CleanupStack::Pop( pk ); |
|
778 CPendingSa* ps = new ( ELeave ) CPendingSa(); |
|
779 CleanupStack::PushL( ps ); |
|
780 iStates.AppendL( ps ); |
|
781 CleanupStack::Pop( ps ); |
|
782 CPendingPolicy* pp = new ( ELeave ) CPendingPolicy(); |
|
783 CleanupStack::PushL( pp ); |
|
784 iStates.AppendL( pp ); |
|
785 CleanupStack::Pop( pp ); |
|
786 CTemporal* tm = new ( ELeave ) CTemporal(); |
|
787 CleanupStack::PushL( tm ); |
|
788 iStates.AppendL( tm ); |
|
789 CleanupStack::Pop( tm ); |
|
790 CInUse* us = new ( ELeave ) CInUse(); |
|
791 CleanupStack::PushL( us ); |
|
792 iStates.AppendL( us ); |
|
793 CleanupStack::Pop( us ); |
|
794 COld* ol = new ( ELeave ) COld(); |
|
795 CleanupStack::PushL( ol ); |
|
796 iStates.AppendL( ol ); |
|
797 CleanupStack::Pop( ol ); |
|
798 CDying* dy = new ( ELeave ) CDying(); |
|
799 CleanupStack::PushL( dy ); |
|
800 iStates.AppendL( dy ); |
|
801 CleanupStack::Pop( dy ); |
|
802 CDeleting* de = new ( ELeave ) CDeleting(); |
|
803 CleanupStack::PushL( de ); |
|
804 iStates.AppendL( de ); |
|
805 CleanupStack::Pop( de ); |
|
806 CClearing* cl = new ( ELeave ) CClearing(); |
|
807 CleanupStack::PushL( cl ); |
|
808 iStates.AppendL( cl ); |
|
809 CleanupStack::Pop( cl ); |
|
810 } |
|
811 |
|
812 // ---------------------------------------------------------------------------- |
|
813 // CSipSecIpsecMechanism::ConstructL |
|
814 // ---------------------------------------------------------------------------- |
|
815 // |
|
816 void CSipSecIpsecMechanism::ConstructL() |
|
817 { |
|
818 __SIP_LOG( "IPSecPlugin::ConstructL()" ) |
|
819 |
|
820 InitializeStatesL(); |
|
821 |
|
822 User::LeaveIfError( iSockServ.Connect() ); |
|
823 User::LeaveIfError( iSaDb.Open( iSockServ ) ); |
|
824 User::LeaveIfError( iPolicyServ.Connect() ); |
|
825 |
|
826 iSaDbMsgReceiver = CSipSecSaDbMsgReceiver::NewL( *this, iSaDb ); |
|
827 |
|
828 #ifdef CPPUNIT_TEST |
|
829 iObjCtr = new ( ELeave ) CActiveObjController1(); |
|
830 iObjCtr->SetRecvBuffer( this ); |
|
831 iObjCtr->AddMechRecvL( iSaDbMsgReceiver ); |
|
832 #endif |
|
833 |
|
834 iSaDbMsgReceiver->Receive( iReceiveBuffer ); |
|
835 |
|
836 iSaDbMsgSender = CSipSecSaDbMsgSender::NewL( *this, iSaDb ); |
|
837 |
|
838 #ifdef CPPUNIT_TEST |
|
839 iObjCtr->AddMechSendL( iSaDbMsgSender ); |
|
840 #endif |
|
841 |
|
842 TPfkeySendMsg* |
|
843 msg = new ( ELeave ) TPfkeySendMsg( SADB_REGISTER, SADB_SATYPE_ESP, |
|
844 ++iSeqNum, PID ); |
|
845 CleanupStack::PushL( msg ); |
|
846 sadb_msg &m = msg->MsgHdr(); |
|
847 m.sadb_msg_len = static_cast<TUint16>( msg->Length() / KWordLen ); |
|
848 iSaDbMsgSender->SendL( msg, SADB_REGISTER ); |
|
849 CleanupStack::Pop( msg ); // msg ownership was transferred |
|
850 } |
|
851 |
|
852 // ---------------------------------------------------------------------------- |
|
853 // Constructor |
|
854 // ---------------------------------------------------------------------------- |
|
855 // |
|
856 CSipSecIpsecMechanism::CSipSecIpsecMechanism( |
|
857 TSIPSecMechanismInitParams* aInitParams ) : |
|
858 iTimerMgr( aInitParams->iTimer ), |
|
859 iEngineContext( aInitParams->iEngineContext ), |
|
860 iTransportMgr( aInitParams->iTransportMgr ), |
|
861 iT1( aInitParams->iT1 ), |
|
862 iStates( KStatesGranularity ) |
|
863 { |
|
864 TTime time; |
|
865 time.HomeTime(); |
|
866 iSeed = time.Int64(); |
|
867 } |
|
868 |
|
869 // End of File |