|
1 /* |
|
2 * Copyright (c) 2002-2005 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * This file contains the class definitions for IPsec security policy. |
|
16 * |
|
17 */ |
|
18 |
|
19 |
|
20 |
|
21 #ifndef _SPDB_H |
|
22 #define _SPDB_H |
|
23 |
|
24 ////////////////////////////////////////////////////////////////////////////// |
|
25 // INCLUDE FILES |
|
26 ////////////////////////////////////////////////////////////////////////////// |
|
27 |
|
28 #include <in_sock.h> |
|
29 #include "sa_spec.h" |
|
30 |
|
31 ////////////////////////////////////////////////////////////////////////////// |
|
32 // FORWARD DECLARATIONS |
|
33 ////////////////////////////////////////////////////////////////////////////// |
|
34 |
|
35 class CPolicySelector; |
|
36 class CSecpolBundleItem; |
|
37 |
|
38 ////////////////////////////////////////////////////////////////////////////// |
|
39 // ENUMERATIONS |
|
40 ////////////////////////////////////////////////////////////////////////////// |
|
41 |
|
42 enum TPolicySpecType |
|
43 { |
|
44 EPolSpecSA, |
|
45 EPolSpecEP |
|
46 }; |
|
47 |
|
48 ////////////////////////////////////////////////////////////////////////////// |
|
49 // CONSTANTS |
|
50 ////////////////////////////////////////////////////////////////////////////// |
|
51 |
|
52 const TUint KPolicySelector_INBOUND = 0x1; |
|
53 |
|
54 const TUint KPolicySelector_OUTBOUND = 0x2; |
|
55 |
|
56 const TUint KPolicySelector_SYMMETRIC = |
|
57 (KPolicySelector_INBOUND | KPolicySelector_OUTBOUND); |
|
58 |
|
59 const TUint KPolicySelector_INTERFACE = 0x4; |
|
60 |
|
61 typedef class CArrayPtrFlat<CSecpolBundleItem> CSecPolBundleList; |
|
62 |
|
63 ////////////////////////////////////////////////////////////////////////////// |
|
64 // CLASS DECLARATIONS |
|
65 ////////////////////////////////////////////////////////////////////////////// |
|
66 |
|
67 ////////////////////////////////////////////////////////////////////////////// |
|
68 // class CPolicySpec |
|
69 // Specify requirements for a single Security Association. The same |
|
70 // requirements can be shared by multiple policy bundles (policy actions). |
|
71 ////////////////////////////////////////////////////////////////////////////// |
|
72 // |
|
73 class CPolicySpec : public CBase |
|
74 { |
|
75 friend class CSecurityPolicy; |
|
76 |
|
77 public: |
|
78 HBufC8 *iName; |
|
79 |
|
80 // Actual storage of the Identity strings. If present, the |
|
81 // TSecurityAssocSpec will only have constant reference to this ! |
|
82 HBufC8 *iRemoteIdentity; |
|
83 HBufC8 *iLocalIdentity; |
|
84 |
|
85 IMPORT_C static CPolicySpec* NewL(); |
|
86 |
|
87 IMPORT_C void Construct(); |
|
88 |
|
89 IMPORT_C static CPolicySpec* NewL(TDesC &aName, |
|
90 TPolicySpecType iSpectype = EPolSpecSA); |
|
91 |
|
92 IMPORT_C void ConstructL(TDesC &aName, |
|
93 TPolicySpecType aSpectype = EPolSpecSA); |
|
94 |
|
95 // Used to initialize with an existing CPolicySpec |
|
96 IMPORT_C static CPolicySpec* NewL(CPolicySpec *aPolSpec); |
|
97 |
|
98 IMPORT_C void ConstructL(CPolicySpec *aPolSpec); |
|
99 |
|
100 IMPORT_C ~CPolicySpec(); |
|
101 |
|
102 TSecurityAssocSpec iSpec; |
|
103 |
|
104 TEpSpec iEpSpec; |
|
105 |
|
106 TPolicySpecType iSpectype; |
|
107 |
|
108 private: |
|
109 CPolicySpec(); |
|
110 |
|
111 TSglQueLink iNext; |
|
112 }; |
|
113 |
|
114 |
|
115 ////////////////////////////////////////////////////////////////////////////// |
|
116 // class CSecpolBundleItem |
|
117 ////////////////////////////////////////////////////////////////////////////// |
|
118 // |
|
119 class CSecpolBundleItem : public CBase |
|
120 { |
|
121 friend class CSecurityPolicy; |
|
122 friend class CPolicySelector; |
|
123 |
|
124 public: |
|
125 |
|
126 ~CSecpolBundleItem(); |
|
127 |
|
128 // Security Association specification |
|
129 CPolicySpec *iSpec; |
|
130 |
|
131 // Tunnel IP address |
|
132 TInetAddr iTunnel; |
|
133 |
|
134 // Tunnel Endpoint name |
|
135 HBufC8* iTunnelEpName; |
|
136 |
|
137 HBufC* iTunnelEpFQDN; |
|
138 |
|
139 TSglQueLink iNext; |
|
140 |
|
141 }; |
|
142 |
|
143 ////////////////////////////////////////////////////////////////////////////// |
|
144 // class TSecpolBundle |
|
145 ////////////////////////////////////////////////////////////////////////////// |
|
146 // |
|
147 class TSecpolBundle : public TSglQue<CSecpolBundleItem> |
|
148 { |
|
149 public: |
|
150 TSecpolBundle(): |
|
151 |
|
152 TSglQue<CSecpolBundleItem>(_FOFF(CSecpolBundleItem, iNext)) {}; |
|
153 }; |
|
154 |
|
155 typedef class TSglQueIter<CSecpolBundleItem> TSecpolBundleIter; |
|
156 |
|
157 ////////////////////////////////////////////////////////////////////////////// |
|
158 // class CSAList |
|
159 ////////////////////////////////////////////////////////////////////////////// |
|
160 // |
|
161 class CSAList : public CArrayFixFlat<CPolicySpec *> |
|
162 { |
|
163 public: |
|
164 IMPORT_C static CSAList* NewL(TInt aGranularity); |
|
165 |
|
166 IMPORT_C void Construct(TInt aGranularity); |
|
167 |
|
168 IMPORT_C static CSAList* NewL(CSAList *aSAList); |
|
169 |
|
170 IMPORT_C void ConstructL(CSAList *aSAList); |
|
171 private: |
|
172 |
|
173 CSAList(TInt aGranularity); |
|
174 |
|
175 CSAList(CSAList *aSAList); |
|
176 }; |
|
177 |
|
178 ////////////////////////////////////////////////////////////////////////////// |
|
179 // struct TSAPairNode |
|
180 ////////////////////////////////////////////////////////////////////////////// |
|
181 // |
|
182 struct TSAPairNode |
|
183 { |
|
184 CPolicySpec *iOldSA; |
|
185 CPolicySpec *iNewSA; |
|
186 TSAPairNode *iNext; |
|
187 }; |
|
188 |
|
189 ////////////////////////////////////////////////////////////////////////////// |
|
190 // class CSAPairList |
|
191 // Translation table used when copying a policy |
|
192 ////////////////////////////////////////////////////////////////////////////// |
|
193 // |
|
194 class CSAPairList : public CBase |
|
195 { |
|
196 public: |
|
197 ~CSAPairList(); |
|
198 |
|
199 void AddL(CPolicySpec *aOldSA, CPolicySpec *aNewSA); |
|
200 |
|
201 CPolicySpec *Translate(CPolicySpec *aOldSA); |
|
202 private: |
|
203 |
|
204 TSAPairNode *iList; |
|
205 }; |
|
206 |
|
207 ////////////////////////////////////////////////////////////////////////////// |
|
208 // class CSelectorList |
|
209 ////////////////////////////////////////////////////////////////////////////// |
|
210 // |
|
211 class CSelectorList : public CArrayFixFlat<CPolicySelector *> |
|
212 { |
|
213 public: |
|
214 IMPORT_C static CSelectorList* NewL(TInt aGranularity); |
|
215 |
|
216 IMPORT_C void Construct(TInt aGranularity); |
|
217 |
|
218 IMPORT_C static CSelectorList* NewL(CSelectorList* CPolicySelector, |
|
219 CSAPairList* aTable); |
|
220 |
|
221 IMPORT_C void ConstructL(CSelectorList *CPolicySelector, |
|
222 CSAPairList *aTable); |
|
223 |
|
224 private: |
|
225 CSelectorList(TInt aGranularity); |
|
226 |
|
227 CSelectorList(CSelectorList *CPolicySelector, CSAPairList *aTable); |
|
228 }; |
|
229 |
|
230 ////////////////////////////////////////////////////////////////////////////// |
|
231 // class CPolicySelector |
|
232 // Map the selectors from an IP packet/connection into a bundle |
|
233 ////////////////////////////////////////////////////////////////////////////// |
|
234 // |
|
235 class CPolicySelector : public CBase |
|
236 { |
|
237 friend class CSecurityPolicy; |
|
238 friend class TParser; |
|
239 public: |
|
240 IMPORT_C static CPolicySelector* NewL(); |
|
241 IMPORT_C void Construct(); |
|
242 IMPORT_C static CPolicySelector* NewL(CPolicySelector *aPS); |
|
243 IMPORT_C void ConstructL(CPolicySelector *aPS); |
|
244 |
|
245 IMPORT_C ~CPolicySelector(); |
|
246 |
|
247 TInt Match(const TInetAddr& aSrc, |
|
248 const TInetAddr& aDst, |
|
249 TInt aProtocol, |
|
250 TInt aIcmpType, |
|
251 TInt aIcmpCode, |
|
252 TInt aType) const; |
|
253 |
|
254 // Checks if this policy is using this SA |
|
255 IMPORT_C TBool UseSA(CPolicySpec* aSA, |
|
256 TInetAddr* tunnel = NULL); |
|
257 |
|
258 // Return a Copy of the aIndex element of the SA bundle |
|
259 CSecpolBundleItem* FindBundleL(TInt aIndex); |
|
260 |
|
261 // Gets the list of FQDN names requiring DNS lookup |
|
262 void GetFQDNAddressListL(CSecPolBundleList& aPolList); |
|
263 |
|
264 private: |
|
265 CPolicySelector(); |
|
266 |
|
267 public: |
|
268 |
|
269 // |
|
270 // If the addr is to match any address, the mask must all zeroes |
|
271 // If the addr is to match as is, the mask must be all ones |
|
272 // If the selector is to match a transport connection, the |
|
273 // port numbers are stored as non-zero in iDst and iSrc, |
|
274 // and iProtocol is non-zero. |
|
275 // |
|
276 TUint iDirection; |
|
277 TInetAddr iRemote; // including port selector, if port non-zero |
|
278 TInetAddr iRemoteMask; // only address part used, as a mask |
|
279 TInetAddr iLocal; // including port selector, if port non-zero |
|
280 TInetAddr iLocalMask; // only address part used, as a mask |
|
281 HBufC8* iRemSelEpName; //rem endpoint name |
|
282 HBufC8* iRemMaskEpName; //rem mask ep name |
|
283 HBufC8* iLocSelEpName; //loc endpoint name |
|
284 HBufC8* iLocMaskEpName; //loc mask endpoint name |
|
285 TInt iProtocol; // used, if non-zero |
|
286 TInt iIcmpType; // used, if != -1 |
|
287 TInt iIcmpCode; // used, if != -1 |
|
288 TInt iType; // used, if != -1 |
|
289 TBool iDropAction; // ETrue - drop action |
|
290 TInt iSequenceNumber; // Selector's writing sequence |
|
291 TUint32 iCompWord; // Selector's sorting properties, see |
|
292 TBool iGlobalSelector; //flag specifying if this is a global selector |
|
293 TBool iIsFinal; |
|
294 TBool iIsMerge; |
|
295 TSecpolBundle iBundle; |
|
296 TSglQueLink iNext; |
|
297 TBuf<20> iInterface; ///< Limited to specific interface, if non-NULL |
|
298 TInt iFQDNCount; |
|
299 }; |
|
300 |
|
301 ////////////////////////////////////////////////////////////////////////////// |
|
302 // class CSecurityPolicy |
|
303 // Map the selectors from an IP packet/connection into a bundle |
|
304 ////////////////////////////////////////////////////////////////////////////// |
|
305 // |
|
306 class CSecurityPolicy : public CBase |
|
307 { |
|
308 friend class CProtocolSecpol; |
|
309 public: |
|
310 IMPORT_C CSecurityPolicy(); |
|
311 IMPORT_C void ConstructL(CSecurityPolicy *aSecPol); |
|
312 IMPORT_C void ConstructL(); |
|
313 ~CSecurityPolicy(); |
|
314 |
|
315 IMPORT_C CPolicySpec *FindSpec(const TDesC8 &aName); |
|
316 |
|
317 TSecpolBundle *FindBundle(TUint aDirection, |
|
318 const TInetAddr &aSrc, |
|
319 const TInetAddr &aDst, |
|
320 TInt aProtocol, |
|
321 TInt aIcmpType, |
|
322 TInt aIcmpCode, |
|
323 TInt aType); |
|
324 |
|
325 TInt SearchForEPNameL(TDesC& aTokenString); |
|
326 |
|
327 // |
|
328 // The following methods are really intended to be used only |
|
329 // by the Policy parser, not for generic consumption! |
|
330 // |
|
331 void GetFQDNAddressListL(CSecPolBundleList& aPolList); |
|
332 |
|
333 void Add(CPolicySpec *aSpec) |
|
334 { |
|
335 iSpecs->AppendL(aSpec); |
|
336 } |
|
337 |
|
338 void Add(CPolicySelector *aSelector) |
|
339 { |
|
340 iSelectors->AppendL(aSelector); |
|
341 } |
|
342 |
|
343 inline CSAList *SAList() |
|
344 { |
|
345 return iSpecs; |
|
346 } |
|
347 |
|
348 inline void SetSAList(CSAList *aSAList) |
|
349 { |
|
350 delete iSpecs; |
|
351 iSpecs = aSAList; |
|
352 } |
|
353 |
|
354 inline CSelectorList *SelectorList() |
|
355 { |
|
356 return iSelectors; |
|
357 } |
|
358 |
|
359 inline void SetSelectorList(CSelectorList *aSelList) |
|
360 { |
|
361 delete iSelectors; |
|
362 iSelectors = aSelList; |
|
363 } |
|
364 |
|
365 inline void SetFQDNCount(const TInt& aCount) |
|
366 { |
|
367 iFQDNCount = aCount; |
|
368 } |
|
369 |
|
370 inline void IncFQDNCount(const TInt& aCount = 1) |
|
371 { |
|
372 iFQDNCount += aCount; |
|
373 } |
|
374 |
|
375 inline const TInt FQDNCount() const |
|
376 { |
|
377 return iFQDNCount; |
|
378 } |
|
379 |
|
380 private: |
|
381 |
|
382 CSAPairList* CreateTranslationTableL(CSAList* aOldSAList, |
|
383 CSAList* aNewSAList); |
|
384 |
|
385 private: |
|
386 |
|
387 CSAList* iSpecs; |
|
388 |
|
389 CSelectorList* iSelectors; |
|
390 |
|
391 TInt iFQDNCount; |
|
392 }; |
|
393 |
|
394 #endif |