--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/ipsec/ipsec6/inc/sadb.h	Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,265 @@
+// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// sadb.h - IPv6/IPv4 security association database
+//
+
+
+
+/**
+ @internalComponent
+*/
+#ifndef __SADB_H__
+#define __SADB_H__
+
+#include <e32std.h>
+#include <timeout.h>
+#include <networking/pfkeyv2.h>
+#include "sa_spec.h"
+#include "pfkeymsg.h"
+#include "natt_eng.h"
+#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
+#define MAX_PROPOSALS_PER_SA 8
+#endif // SYMBIAN_IPSEC_VOIP_SUPPORT
+class CIpsecCryptoManager;
+class CAuthenticationBase;
+class CEncryptionBase;
+
+class TExtendedSequenceNumber
+	/**
+	* The 64-bit sequence number.
+	*/
+	{
+public:
+	inline TUint32 operator++ ();
+	inline int operator! () const;
+	inline TExtendedSequenceNumber & operator= (TUint32);
+	inline operator TUint32() const;
+	inline void SetHigh(TUint32);
+	inline TUint32 High() const;
+private:
+	TUint32 iLow;
+	TUint32 iHigh;
+	};
+
+TUint32 TExtendedSequenceNumber::operator++ ()
+	{
+	if (++iLow == 0)
+		++iHigh;
+	return iLow;
+	}
+	
+int TExtendedSequenceNumber::operator! () const
+	{
+	return (iLow == 0) && (iHigh == 0);
+	}
+	
+TExtendedSequenceNumber &TExtendedSequenceNumber::operator= (TUint32 aVal)
+	{
+	iLow = aVal;
+	return *this;
+	}
+	
+TExtendedSequenceNumber::operator TUint32() const
+	{
+	return iLow;
+	}
+	
+void TExtendedSequenceNumber::SetHigh(TUint32 aVal)
+	{
+	iHigh = aVal;
+	}
+	
+TUint32 TExtendedSequenceNumber::High() const
+	{
+	return iHigh;
+	}
+
+class RTrafficSelector
+	/**
+	* Internal Traffic Selector
+	*/
+	{
+public:
+	TBool operator<=(const RTrafficSelector &aSel) const;
+
+	RIpAddress iSrc;			//< Source Address
+	RIpAddress iDst;			//< Destination Address
+	TUint16 iPortSrc;			//< Source port [0..65535]	
+	TUint16 iPortDst;			//< Destination port [0..65535]
+	TUint8 iProtocol;			//< Protocol [0..255]
+	};
+	
+class RTrafficSelectorSet : public RArray<RTrafficSelector>
+	/**
+	* A collection of Traffic Selectors
+	*/
+	{
+public:
+	~RTrafficSelectorSet() { Reset();}
+	void Close() { Reset(); RArray<RTrafficSelector>::Close(); }
+	void Reset();
+	};
+
+class RAssociationInfo : public RTrafficSelector
+	/**
+	* Security association info
+	*
+	* This contains the assocation specific selector information.
+	*
+	* The fields of RTrafficSelector implement the PFP (Populate
+	* From Packet) feature, but with "reinterpeeted" member names
+	*/
+	{
+public:
+	CIdentity *iSrcIdentity;	//< Source Identity Pointer
+	CIdentity *iDstIdentity;	//< Destination Identity Pointer
+	};
+
+
+class CSecurityAssoc : public CBase
+	/**
+	* Security Association (SA).
+	*
+	* This CSecurityAssoc class implements the Security Association Database (SAD)
+	* for functionality that deals with individual, and isolated SA instances
+	* (the MAssociationManager = CProtocolKey, takes care of the managing of
+	* the collection of these SA instances).
+	*/
+	{
+	friend class CProtocolKey;
+	friend class TIpsecAH;
+	friend class TIpsecESP;
+	friend class TAcquireMessage;
+	friend class TExpireMessage;
+	friend class CSecurityAssocTimeoutLinkage;
+public:
+	inline TInt State() const { return iState; }
+	inline TUint32 SPI() const { return iSPI; }
+	inline CNatTraversal* NatTraversal() const { return iNatTraversal; }	
+	TInt UpdateL(MAssociationManager &aManager, const TPfkeyMessage &aMsg, CIpsecCryptoManager *aCryptoLib);
+	inline TUint32 TunnelIndex() const { return iTunnelIndex; }
+	void Attach(RSecurityAssociation &aHandle) { iHandles.Attach(aHandle); }
+private:
+	CSecurityAssoc(const TPfkeyMessage &aMsg);
+	CSecurityAssoc(const TSecurityAssocSpec &aSpec,
+		const RIpAddress &aSrc,
+		const RIpAddress &aDst,
+		const RAssociationInfo &aInfo);
+	void Cleanup();
+	// *NOTE* Open/Close are still private methods internal
+	// to the class and it's friends! Not for general use!
+	inline void Open() { ++iRefs; }
+	// Close returns KErrDied, if instance is deleted and
+	// KErrNone otherwise!
+	TInt Close();
+	~CSecurityAssoc();
+	void SetErrorValue(TInt errValue)	{ iErrValue = errValue; }
+	int ReplayCheck(TUint32 aSeq);
+	void ReplayUpdate(TUint32 aSeq);
+	TInt MatchSpec(const TSecurityAssocSpec &aSpec,
+#ifdef 	SYMBIAN_IPSEC_VOIP_SUPPORT	
+     const CPropList *aPropList,
+#endif //		
+
+		const RIpAddress &aSrc,
+		const RIpAddress &aDst,
+		const RAssociationInfo &aInfo,
+		const RTrafficSelector &aPkt) const;
+	//
+	//
+	//
+	TInt TimerExpired(MAssociationManager &aManager, const TTime &aNow);
+	TInt CountExpired(MAssociationManager &aManager);
+	TInt TimerInit(MAssociationManager &aManager);
+	TInt MarkUsed(MAssociationManager &aManager);
+
+	// Security Association State
+	TUint8 iType;				//< SA Type (AH or ESP)
+	TUint8 iState;				//< State of the SA (LARVAL, MATURE, DYING, DEAD)
+	TUint iUsed:1;				//< =1, after first use of this SA.
+	TUint iTestInWindow:1;		//< (Replay Check) iTestSeq is within window
+	TUint iReplayCheck:1;		//< (Replay Check) =1, if replay check is enabled
+
+	TUint32 iSPI;				//< Assigned SPI number (network byteorder!)
+	TUint32 iFlags;				//< Security Association Flags
+	CSecurityAssoc *iNext;		//< Links SAs with same hash code together.
+	RCircularList iHandles;		//z Attached handles
+	TInt DoCallbacks();
+	/**
+	* The reference count.
+	* A very short term reference count to be used when
+	* calling methods whose side effect may be the destruction
+	* of this SA. The CSecurityAssoc destructor is run, when
+	* this count goes negative! Initial value is ZERO!
+	* (see Open()/Close() methods)
+	*/
+	TInt iRefs;
+
+	// Security Association end points
+	// SAs must be unique by triple (iType, iSPI, iDst)
+	RIpAddress iDst;			//< Dst Address of the SA
+	RIpAddress iSrc;			//< Src Address of the SA
+
+	// Additional Negotiated Information
+	RAssociationInfo iInfo;
+public:
+	RTrafficSelectorSet iTS;	
+private:
+	CNatTraversal *iNatTraversal;	//< NULL or NAT Traversal state
+	TUint32 iTunnelIndex;			//< Associated VPN interface (set through a special proxy address).
+
+	/**
+	* Current Lifetime tracking.
+	*
+	* @li iCurrent.iAddtime
+	*	the universal time of SA creation
+	* @li iCurrent.iUsetime
+	*	NullTTime(), before first use and the corresponding
+	*	Hard/iSoft values contain the lifetime in seconds.
+	*	the universal time of first SA use, iHard/iSoft
+	*/
+	TLifetime iCurrent;
+	TLifetime iHard;			//< Hard lifetime limits
+	TLifetime iSoft;			//< Soft lifetime limits
+
+	TInt iErrValue; 			//< Error code from KMD Server
+
+	// Encryption and authentication section
+	TUint8 iAalg;				//< Authentication algorithm number
+	TUint8 iEalg;				//< Encryption algorithm number
+	HBufC8 *iIV;				//< A temp buffer for iv
+	CAuthenticationBase *iAeng;	//< Authentication engine instance
+	CEncryptionBase *iEeng;		//< Encryption engine instance
+	
+
+	// Running information
+	TExtendedSequenceNumber iTestSeq;	//< The sequence nr currently being tested.
+	TExtendedSequenceNumber iRecvSeq;	//< The sequence nr in previous incoming header
+	TExtendedSequenceNumber iSendSeq;	//< The sequence nr in previous outgoing header
+	TUint32 iBitmap[4];			//< The bitmap for anti-replay service (now 128 bits max)
+
+	static inline TInt BitmapWord(TUint32 aSeq)
+		// Compute the index to bitmap [0..4]
+		{ return (aSeq >> 5) & 0x3; }
+	static inline TInt BitmapBit(TUint32 aSeq)
+		// Compute the bit numer [0..31] within bitmap element
+		{return aSeq & 0x1f; }
+public:
+	RTimeout iTimeout;			//< Lifetime timer Queue
+	};
+
+// * This value must be a power of 2 (2**n)
+const TUint32 KMaxReplayWindowLength = 4 * 32;
+
+#endif