/*

* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

* All rights reserved.

* This component and the accompanying materials are made available

* under the terms of "Eclipse Public License v1.0"

* which accompanies this distribution, and is available

* at the URL "http://www.eclipse.org/legal/epl-v10.html".

*

* Initial Contributors:

* Nokia Corporation - initial contribution.

*

* Contributors:

*

* Description: IKEv2 Proposal handling.

*

*/

#include <e32math.h>

#include <in_sock.h>

#include "ikedebug.h"

#include "ikev2proposal.h"

#include "ikev2SAdata.h"

#include "ikev2payloads.h"

#include "ikemsgrec.h"

#include "ikev2const.h"

#include "ikev2plugin.h"

#include "ikepolparser.h"

#include "ikev2identity.h"

#include "ikev2ipsecsadata.h"

#include "ikev2Negotiation.h"

#include <networking/pfkeyv2.h>

HBufC8* Ikev2Proposal::FromPolicyToProposaL(TIkev2SAData& aIkeSaData, 

                                            const TDesC8& aRekeySpi, 

                                            TInt aDHGroupGuess, 

                                            TBool aRekey)

{

	//

	// Build IKE SA proposal from IKE policy data

	// Because proposal information is presented as "IKEv1"

	// proposals in policy these are presented as sequence of

	// proposals. All these transforms contains 4 different type transform

	// payloads.

	//

	TProposalData* PropList = aIkeSaData.iIkeData->iPropList;

	if ( !aRekey )

	{

        aIkeSaData.iEAPType = aIkeSaData.iIkeData->iEAPProtocol;

	}

	if (!PropList)

	{		

		User::LeaveIfNull(PropList);		

	}

	HBufC8* saData = HBufC8::NewL(512);    //512 should be enough for all Proposals

	TUint8  PropNum = 1;

	TUint16 SaLth   = 0;

	TUint16 PropLth;

	TUint16 TranLth;

	TUint16 PRF;

	TUint16 DHGroup;		

	TProposalIkev2*  Proposal = TProposalIkev2::Cast(saData->Ptr());

	TProposalIkev2*  Next = Proposal;

	TTransformIkev2* Transform;

	TDataAttributes* Attributes;

	while ( PropList )

	{

		Proposal = Next;

		TPayloadIkev2::Cast(Proposal)->Init();   // Initialize Payload general header

		TPayloadIkev2::Cast(Proposal)->SetNextPayload(IKEV2_PAYLOAD_PROP);		

		Proposal->SetNum(PropNum);

		Proposal->SetProtocol(IKEV2_PROTOCOL);

		if ( aRekey )

		{

			Proposal->SetSPISize(IKEV2_SPI_SIZE);

			Mem::Copy(Proposal->SPI(), aRekeySpi.Ptr(), IKEV2_SPI_SIZE);

		}

		else Proposal->SetSPISize(0);

		Proposal->SetNumTrans(4);

		PropLth = (TUint16)Proposal->PropHdrLth();	

		Transform = Proposal->TransformPl();

		TPayloadIkev2::Cast(Transform)->Init();   // Initialize Payload general header		

		TPayloadIkev2::Cast(Transform)->SetNextPayload(IKEV2_PAYLOAD_TRANS);

		Transform->SetType(IKEV2_ENCR);   // Encryption Algorithm transform (1)

		Transform->SetReserved();

		TranLth = (TUint16)Transform->Size();

		switch ( PropList->iEncrAlg )

		{

			case IKE_PARSER_DES_CBC:

				Transform->SetID(ENCR_DES);				

				break;

			case IKE_PARSER_DES3_CBC:

				Transform->SetID(ENCR_3DES);				

				break;

			case IKE_PARSER_AES_CBC:

				Transform->SetID(ENCR_AES_CBC);

				//

				// Add key length attribute to transform data

				//

				Transform->SetID(ENCR_AES_CBC);

				Attributes = Transform->Attributes();

				Attributes->SetType(IKEV2_ENCR_KEY_LTH);

				Attributes->SetBasic();

				if (PropList->iEncrKeyLth)

					 Attributes->SetValue((TUint16)PropList->iEncrKeyLth);

				else Attributes->SetValue(128);	//default AES key size

				TranLth = (TUint16)(TranLth + Attributes->Size());

				break;

			default:

				Transform->SetID(ENCR_3DES);	// Use 3DES as default									

				break;

		}

		TPayloadIkev2::Cast(Transform)->SetLength(TranLth);		

		PropLth = (TUint16)(PropLth + TranLth);

		Transform = (TTransformIkev2*)TPayloadIkev2::Cast(Transform)->Next();

		TPayloadIkev2::Cast(Transform)->Init();   // Initialize Payload general header				

		TPayloadIkev2::Cast(Transform)->SetNextPayload(IKEV2_PAYLOAD_TRANS);

		Transform->SetType(IKEV2_INTEG);   // Integrity Algorithm (3)

		Transform->SetReserved();

		TranLth = (TUint16)Transform->Size();

		switch ( PropList->iHashAlg )

		{

			case IKE_PARSER_MD5:

				Transform->SetID(AUTH_HMAC_MD5_96);

				PRF = IKE_PARSER_MD5;

				break;

			case IKE_PARSER_SHA1:

				Transform->SetID(AUTH_HMAC_SHA1_96);

				PRF = IKE_PARSER_SHA1;

				break;

			default:

				Transform->SetID(AUTH_HMAC_SHA1_96);

				PRF = IKE_PARSER_SHA1;				

				break;

		}

		TPayloadIkev2::Cast(Transform)->SetLength(TranLth);				

		PropLth = (TUint16)(PropLth + TranLth);

		Transform = (TTransformIkev2*)TPayloadIkev2::Cast(Transform)->Next();		

		TPayloadIkev2::Cast(Transform)->Init();   // Initialize Payload general header		

		TPayloadIkev2::Cast(Transform)->SetNextPayload(IKEV2_PAYLOAD_TRANS);

		Transform->SetType(IKEV2_PRF);   // Pseudo-random Function (2)

		Transform->SetReserved();

		TranLth = (TUint16)Transform->Size();

		if ( PropList->iPRF )

			PRF = PropList->iPRF;	

		switch ( PRF )

		{

			case IKE_PARSER_MD5:

				Transform->SetID(PRF_HMAC_MD5);

				break;

			case IKE_PARSER_SHA1:

				Transform->SetID(PRF_HMAC_SHA1);

				break;

			default:

				Transform->SetID(AUTH_HMAC_SHA1_96);

				break;			

		}

		TPayloadIkev2::Cast(Transform)->SetLength(TranLth);

		PropLth = (TUint16)(PropLth + TranLth);

		Transform = (TTransformIkev2*)TPayloadIkev2::Cast(Transform)->Next();				

		TPayloadIkev2::Cast(Transform)->Init();   // Initialize Payload general header

		TPayloadIkev2::Cast(Transform)->SetNextPayload(IKEV2_PAYLOAD_NONE);

		Transform->SetType(IKEV2_DH);   // Diffie-Hellman Group (4)

		Transform->SetReserved();

		TranLth = (TUint16)Transform->Size();

		DHGroup = (PropList->iGroupDesc == 0) ? aIkeSaData.iIkeData->iGroupDesc_II : 

                                                PropList->iGroupDesc;

		DHGroup = Ikev2Proposal::GetDHGroup(DHGroup);

		Transform->SetID(DHGroup);

		TPayloadIkev2::Cast(Transform)->SetLength(TranLth);

		if ( PropNum == aDHGroupGuess)

		{

		   if (aIkeSaData.iDHGroup == 0) 

		       aIkeSaData.iDHGroup = DHGroup;  // Preferred group for initial KE payload

		   switch ( PropList->iAuthMeth )

		   {	   

			     case IKE_PARSER_DSS_SIG:

			         aIkeSaData.iAuthMethod = DSS_DIGITAL_SIGN;

					 break;

				 case IKE_PARSER_RSA_SIG:

				 case IKE_PARSER_RSA_REV_ENCR:					 

				     aIkeSaData.iAuthMethod = RSA_DIGITAL_SIGN;

					 break;

				 default:

				     aIkeSaData.iAuthMethod = PRESHARED_KEY;

					 break;

		   }		 

		}	

		if ( aIkeSaData.iLifetime == 0 ) 

		    aIkeSaData.iLifetime = PropList->iLifetimeSec; // Init lifetime

		else if ( PropList->iLifetimeSec && (aIkeSaData.iLifetime > PropList->iLifetimeSec) )

		    aIkeSaData.iLifetime = PropList->iLifetimeSec; // Take shorter time				

		PropLth = (TUint16)(PropLth + TranLth);

		SaLth   = (TUint16)(SaLth + PropLth);

		TPayloadIkev2::Cast(Proposal)->SetLength(PropLth);		

		PropNum ++;

		Next     = (TProposalIkev2*)TPayloadIkev2::Cast(Proposal)->Next();	

		PropList = PropList->iNext;

	}

	if ( aIkeSaData.iLifetime == 0 )

	    aIkeSaData.iLifetime = IKEV2_DEF_LIFETIME;	

	TPayloadIkev2::Cast(Proposal)->SetNextPayload(IKEV2_PAYLOAD_NONE);

	saData->Des().SetLength(SaLth);

	return saData;

}

HBufC8* Ikev2Proposal::GetPSKFromPolicyL(CIkeData* aHostData)

{

    ASSERT(aHostData);

	//

	// Get Preshared Key from IKE policy and return in to caller in

	// HBufc8.

	//

	HBufC8 *PSK = NULL;

	if ( aHostData->iPresharedKey.iFormat ==  STRING_KEY )

	{

	    PSK = HBufC8::NewL(aHostData->iPresharedKey.iKey.Length());

		PSK->Des().Copy(aHostData->iPresharedKey.iKey);

	}

    else if ( aHostData->iPresharedKey.iFormat == HEX_KEY ) 

    {

        PSK = HBufC8::NewL(aHostData->iPresharedKey.iKey.Length() / 2);

        for(TInt i = 0; i < aHostData->iPresharedKey.iKey.Length(); i += 2)

        {        

            TPtrC hexByte(aHostData->iPresharedKey.iKey.Mid(i, 2));

            TLex lex(hexByte);

            TUint8 value;

            User::LeaveIfError(lex.Val(value, EHex));

            PSK->Des().Append(&value, 1);

        }

    }

	return PSK;

}

TUint16 Ikev2Proposal::GetDHGroup(TInt aDHGroup)

{

	//

	// Map DH group Enum value used in IKE policy to the real DH group

	// transform type value used in IKEv2 negotiation

	// If aDHGroup parameter is not defined mapping is done to

	// iGroupDesc_II data member value in CIkeData    

	//

	TUint16 DHTransId = 0;

	switch ( aDHGroup )

	{

		case IKE_PARSER_MODP_768:

			DHTransId = DH_GROUP_768;						    

			break;

		case IKE_PARSER_MODP_1024:

			DHTransId = DH_GROUP_1024;

			break;

		case IKE_PARSER_MODP_1536:

			DHTransId = DH_GROUP_1536;

			break;

	  case IKE_PARSER_MODP_2048:

			DHTransId = DH_GROUP_2048;

			break;

		default:

			break;

	}

	return DHTransId;

}

HBufC8* Ikev2Proposal::BuildSaResponseL(TProposalIkev2* aAcceptedProp, CIkev2Payloads* aAcceptedTrans)

{

    ASSERT(aAcceptedProp && aAcceptedTrans);

    HBufC8* SaRespBfr = HBufC8::NewL(256);  //256 should be enough response

	//

	// Build SA response payload based on Transform payloads which are

	// marked to be "SELECTED" in request proposal

	//

	TProposalIkev2*  Proposal = TProposalIkev2::Cast(const_cast<TUint8*>(SaRespBfr->Ptr()));

	TUint16 PropLth = (TUint16)aAcceptedProp->PropHdrLth();	

	Mem::Copy((TUint8*)Proposal, (TUint8*)aAcceptedProp, PropLth);

	TTransformIkev2* Transform = Proposal->TransformPl();

	TTransformIkev2* LastTrans = Transform;

	TTransformIkev2* AccTransform;

	TUint8 NbrOfTransforms = 0;

	TInt TranCount  = aAcceptedTrans->iTrans->Count();

	for ( TInt i = 0; i < TranCount; ++i )		   	

	{

		AccTransform = (TTransformIkev2*)aAcceptedTrans->iTrans->At(i);

		if ( AccTransform->IsSelected() )

		{

		   NbrOfTransforms ++;

		   Mem::Copy((TUint8*)Transform, (TUint8*)AccTransform, TPayloadIkev2::Cast(AccTransform)->GetLength());

		   Transform->NotSelected(); // Reset selected bit !		   		   

		   PropLth = (TUint16)(PropLth + TPayloadIkev2::Cast(AccTransform)->GetLength());

		   TPayloadIkev2::Cast(Transform)->SetNextPayload(IKEV2_PAYLOAD_TRANS);

		   LastTrans = Transform;

		   Transform = (TTransformIkev2*)TPayloadIkev2::Cast(Transform)->Next();

		}	

	}

	TPayloadIkev2::Cast(LastTrans)->SetNextPayload(IKEV2_PAYLOAD_NONE);		   	

	TPayloadIkev2::Cast(Proposal)->SetNextPayload(IKEV2_PAYLOAD_NONE);	

	TPayloadIkev2::Cast(Proposal)->SetLength(PropLth);

	Proposal->SetNumTrans(NbrOfTransforms);

	SaRespBfr->Des().SetLength(PropLth);

	return SaRespBfr;

}

TBool Ikev2Proposal::GetSelectedProposalData(TIkev2SAData& aIkev2SaData,

                                             TIkeV2IpsecSAData& aChildSaData,

                                             const CIkev2Payloads& aAcceptedProp, 

                                             const TProposalIkev2& aProp)

{

	//

	// Get IKE SA algorithm information from Transform payload which are

	// marked to be "SELECTED"

	//

	TTransformIkev2* Transform;

	TDataAttributes* Attribute;

	TUint16 EncrAlg;

	TInt    KeyLth;

	TUint8 ExistingTypes = 0;

	TUint8 RequiredTypes;

	TUint8 Protocol = aProp.GetProtocol();

	switch ( Protocol )

	{

		case IKEV2_IPSEC_AH:

		    {

			RequiredTypes  = (1 << IKEV2_INTEG);

			aChildSaData.iSaType = SADB_SATYPE_AH;

			TUint32 spi = 0;

			aProp.GetIpsecSPI(&spi);			

			aChildSaData.iSPI_Out = TPtrC8(reinterpret_cast<TUint8*>(&spi), sizeof(spi));

		    }

			break;

		case IKEV2_IPSEC_ESP:

		    {

			RequiredTypes = (1 << IKEV2_ENCR);

			aChildSaData.iSaType = SADB_SATYPE_ESP;

            TUint32 spi = 0;

            aProp.GetIpsecSPI(&spi);           			

            aChildSaData.iSPI_Out = TPtrC8(reinterpret_cast<TUint8*>(&spi), sizeof(spi));

		    }

			break;

		default:  //IKEV2_PROTOCOL:

			RequiredTypes = ((1 << IKEV2_ENCR) | (1 << IKEV2_PRF) | (1 << IKEV2_INTEG) | (1 << IKEV2_DH));

			break;			

	}	

	TInt TranCount  = aAcceptedProp.iTrans->Count();

	for ( TInt i = 0; i < TranCount; ++i )		   	

	{

		Transform = (TTransformIkev2*)aAcceptedProp.iTrans->At(i);

		if ( Transform->IsSelected() )

		{

			Transform->NotSelected(); // Reset private "selected" bit

			switch ( Transform->GetType() )

			{

				case IKEV2_ENCR:

					ExistingTypes |= (1 << IKEV2_ENCR);

					EncrAlg = Transform->GetID();

					if ( Protocol == IKEV2_PROTOCOL )

					    aIkev2SaData.iEncrAlg   = EncrAlg;

					else aChildSaData.iEncrAlg = EncrAlg;

					if ( EncrAlg == ENCR_AES_CBC )

					{

					    //

						// Get encryption key length from attributes

						// (or use default key length 128 bit)

						//

					   if ( TPayloadIkev2::Cast(Transform)->GetLength() > Transform->Size() )

					   {

						  Attribute = Transform->Attributes();

						  KeyLth    = (Attribute->GetValue() >> 3); // byte length

					   }

					   else KeyLth = 16;  // default: 16 bytes = 128 bits

					   if ( Protocol == IKEV2_PROTOCOL )					   

					       aIkev2SaData.iCipherKeyLth   = KeyLth;

					   else aChildSaData.iCipherKeyLth = KeyLth;

					}

					break;

				case IKEV2_PRF:

					ExistingTypes |= (1 << IKEV2_PRF);

					if ( Protocol == IKEV2_PROTOCOL )					   

					    aIkev2SaData.iPRFAlg = Transform->GetID();

					break;

				case IKEV2_INTEG:

					ExistingTypes |= (1 << IKEV2_INTEG);

					if ( Protocol == IKEV2_PROTOCOL )

					    aIkev2SaData.iIntegAlg   = Transform->GetID();

					else aChildSaData.iIntegAlg = Transform->GetID();

					break;

				case IKEV2_DH:

					ExistingTypes |= (1 << IKEV2_DH);

					if ( Protocol == IKEV2_PROTOCOL )

					    aIkev2SaData.iDHGroup   = Transform->GetID();

					break;

				case IKEV2_ESN:

					ExistingTypes |= (1 << IKEV2_ESN);

					if ( Protocol != IKEV2_PROTOCOL )

					    aChildSaData.iESN = (TUint8)Transform->GetID();

					break;

				default:

					break;

			}	

		}	

	}

 	return ((RequiredTypes & ExistingTypes) == RequiredTypes);

}	

TBool Ikev2Proposal::VerifySaResponseL(TIkev2SAData& aIkeSaData, 

                                       TIkeV2IpsecSAData& aIpsecSaData,  

                                       const TDesC8& aReferenceSaData, 

                                       const CIkev2Payloads& aRespProp)

{

	//

	// Verify content of an IKE SA response to proposed IKE SA transform

	// list. The IKE SA proposal selected by peer MUST contain one

	// proposal and transform selected from our SA proposal  

	//

	if ( aRespProp.iProps->Count() != 1 )

		return EFalse;

	TBool Status = EFalse;

	TPtrC8 unprocessedReferenceSaData(aReferenceSaData);

	while(!Status && unprocessedReferenceSaData.Length() > 0)

	    {	    

        TPayloadIkev2* referenceProposal = TPayloadIkev2::Cast(unprocessedReferenceSaData.Ptr());

        CIkev2Payloads* OwnProp = CIkev2Payloads::NewL(referenceProposal, IKEV2_PAYLOAD_PROP, aIkeSaData);        

        CleanupStack::PushL(OwnProp);

        //Something is seriously wrong, if we can't parse our own reference data

        __ASSERT_DEBUG(OwnProp->Status() == KErrNone, User::Invariant());

        TProposalIkev2* Prop = (TProposalIkev2*)aRespProp.iProps->At(0); 	  	

        Status = Ikev2Proposal::VerifyProposaL(OwnProp, Prop, aIkeSaData);

        if ( Status )

        {	   

           Status = Ikev2Proposal::GetSelectedProposalData(aIkeSaData, aIpsecSaData, aRespProp, *Prop);

        }	     

        CleanupStack::PopAndDestroy(OwnProp); 

        unprocessedReferenceSaData.Set(unprocessedReferenceSaData.Mid(referenceProposal->GetLength()));

	    }

	return Status;

}

TBool Ikev2Proposal::VerifySaRequestAndGetProposedSaBufferL(TIkev2SAData& aIkeSaData, 

                                                            TIkeV2IpsecSAData& aIpsecSaData,

                                                            const TDesC8& aReferenceSaData, 

                                                            const CIkev2Payloads& aProposed,

                                                            HBufC8*& aProposedSaBuffer)

{

    __ASSERT_DEBUG(aReferenceSaData.Length() > 0, User::Invariant());

	//

	// Verify content of an IKE SA request against a reference

	// proposals built according to the local policy.

	//

	if ( !aProposed.iSa )

		return EFalse;

	TBool Status = EFalse;

	TPtrC8 unprocessedReferenceSaData(aReferenceSaData);

	while (!Status && unprocessedReferenceSaData.Length() > 0)

	{	

        TPayloadIkev2* referenceSa = TPayloadIkev2::Cast(unprocessedReferenceSaData.Ptr());

        unprocessedReferenceSaData.Set(unprocessedReferenceSaData.Mid(referenceSa->GetLength()));

        CIkev2Payloads* OwnProp = CIkev2Payloads::NewL(referenceSa, IKEV2_PAYLOAD_PROP, aIkeSaData);

        //If we can't parse our own reference proposal something is seriously wrong.

        __ASSERT_DEBUG(OwnProp->Status() == KErrNone, User::Invariant());

        CleanupStack::PushL(OwnProp);

       CIkev2Payloads* PeerProp = CIkev2Payloads::NewL((TPayloadIkev2*)aProposed.iSa, IKEV2_PAYLOAD_SA, aIkeSaData);

       CleanupStack::PushL(PeerProp);

       Status = (PeerProp->Status() == KErrNone);

       if ( Status )

       {	   

          Status = EFalse; 		

          TInt PropCount = PeerProp->iProps->Count();

          for ( TInt i = 0; i < PropCount; ++i )		   

          {

              TProposalIkev2* Prop = (TProposalIkev2*)PeerProp->iProps->At(i);

              Status = Ikev2Proposal::VerifyProposaL(OwnProp, Prop, aIkeSaData);