networksecurity/ipsec/ipsec6/inc/spdb.h
author Pat Downey <patd@symbian.org>
Wed, 01 Sep 2010 12:33:58 +0100
branchRCL_3
changeset 58 8d540f55e491
parent 57 abbed5a4b42a
child 75 c1029e558ef5
permissions -rw-r--r--
Revert incorrect RCL_3 drop: Revision: 201035 Kit: 201035

// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
// spdb.h - IPSEC security policy database
// Security Policy Database
//



/**
 @file spdb.h
 @internalComponent
*/
#ifndef __SPDB_H__
#define __SPDB_H__

#include <e32std.h>
#include <networking/crypto.h>	// only for TAlgorithmClass, is this really necessary?
#include "sa_spec.h"
#include "ipaddress.h"

class REndPoints;
class RIpAddress;


#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
 class CSecurityProposalSpec  : public CBase
    {
    public:
    	TUint8 iType;
    	TUint8 iAalg;
    	TUint16 iAalgLen;
    	TUint8 iEalg;	
    	TUint16 iEalgLen;	
    	TUint iLarvalLifetime;	        
    	struct sadb_lifetime iHard;	
    	struct sadb_lifetime iSoft;  	
	// Limits for key lengths (for ACQUIRE only)
	TUint16 iMinAuthBits, iMaxAuthBits;		//< Required length of the authentication key
	TUint16 iMinEncryptBits, iMaxEncryptBits;	//< Required length of the encryption key    	
    };
    
    
//
// class CPropList
//
//
class CPropList : public CArrayFixFlat<CSecurityProposalSpec *>
    {
    public:
         static CPropList* NewL(TInt aGranularity);

         void Construct(TInt aGranularity);

         static CPropList* NewL(CPropList *aSAList);

         void ConstructL(CPropList *aSAList);
    private:

        CPropList(TInt aGranularity);

        CPropList(CPropList *aSAList);
    };
#endif SYMBIAN_IPSEC_VOIP_SUPPORT




class CPolicySpec : public CIpsecReferenceCountObject
	/**
	* Security association template.
	*
	* Specify requirements for a Security Association.
	*
	* Each policy syntax construct "sa name = { parameters }" creates
	* an instance of this.
	*/
	{
	~CPolicySpec();				// private!
public:
    CPolicySpec();

	TSecurityAssocSpec iSpec;		//< The parameters of SA template
	HBufC *iName;					//< The name of the SA template
#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
	CPropList *iPropList;
#endif //SYMBIAN_IPSEC_VOIP_SUPPORT
	};

class CPolicyAction : public CIpsecReferenceCountObject
	/**
	* Policy action description.
	*
	* Specify single IPsec action/transformation to do.
	*
	* Each policy syntax element the actions part of the
	* "selector = { actions }" policy syntax generates
	* one instance from this class.
	*/
	{
public:
	~CPolicyAction();
	CPolicySpec *iSpec;			//< Security Association specification
 	CTransportSelector *iTS;	//< The selector applicapble to this action.
 	TUint iOptional:1;			//< ==1, if this item is optional (experimental "feature")
	TUint iIsTunnel:1;			//< ==1, if tunnel address is was set (even if set as "::")
	RIpAddress iTunnel;			//< Use SA in tunnel mode (if specified non-zero)
	};

typedef class RArray<CPolicyAction *> RPolicyActions;

class CSelectorInterface : public CBase
	/**
	* Hold interface information.
	*
	* Maintain mapping between interface name and index.
	*
	* Each policy syntax that uses "if name" selector references
	* an instance of from this class. Only one instance per interface
	* name is used.
	*/
	{
public:
	CSelectorInterface();
	~CSelectorInterface();
	CSelectorInterface *iNext;	//< Next Inteface
	TUint32 iInterfaceIndex;	//< Real Interface Index, loaded at policy load time
	HBufC *iName;				//< Interface Name
	};

class CPolicySelector : public CBase
	/**
	* Selector and Action definition.
	*
	* The IPsec policy consists of an ordered sequence of instances of this
	* object. Each is describes actions to be done, if the selector part
	* matches.
	*/
	{
public:
	CPolicySelector();
	~CPolicySelector();
	CPolicySelector *iNext;				//< The next selector.
	const CSelectorInterface *iInterface;//< Limited to specific interface, if non-NULL
	TUint32 iFilterMask;				//< The filter definition.
	TUint32 iFilterData;				//< The filter definition.
	CTransportSelector *iTS;			//< The transport selectors.
	RPolicyActions iActions;			//< The actions, when selector matches

	TInt iScope_Exception;				// UMA scope exception

	};

class CSecurityPolicy : public CBase
	/**
	* Security Policy Database (SPD).
	*
	* The CSecurityPolicy class is a representation of a Security Policy Database (SPD).
	* Each call to static SetPolicy function creates a new SPD from the text string
	* which describes the policy.
	*/
	{
	friend class CProtocolSecpol;
	friend class TParser;
	//
	// Construct an empty policy object
	//
	CSecurityPolicy();
	~CSecurityPolicy();
public:
	static TInt SetPolicy(CSecurityPolicy * &aPolicy, const TDesC &aNewPolicy, TUint &aOffset, REndPoints &aEp);

	//
	// The following methods are really intended to be used only
	// by the Policy parser, not for generic consumption!
	CPolicySpec *FindSpec(const TDesC &aName) const;

	inline TAlgorithmMap *FindAlg(TAlgorithmClass aClass, TInt anAlg) const;
	inline TAlgorithmMap *FindAlg(const TDesC &aLib, const TDesC &anAlg) const;
	inline TAlgorithmMap *NewAlgL(const TDesC &aLib, const TDesC &anAlg) const;
	const CSelectorInterface *LookupInterfaceL(const TDesC &aName);

	CPolicySelector *iSelectors;			//< Policy selectors to match
private:
	RArray<CPolicySpec *> iSpecs;			//< SA specifications
	RArray<RIpAddress> iEndPoints;			//< EP definitions

	CAlgorithmList *iAlgorithms;			//< Algorithm Mapping
	CSelectorInterface *iInterfaces;		//< Interface Names
	};


TAlgorithmMap *CSecurityPolicy::FindAlg(TAlgorithmClass aClass, TInt anAlg) const
	/**
	* Find algorithm by class and number.
	*
	* @param aClass The class (digest or cipher)
	* @param anAlg The number
	* @return Algorithm mapping or NULL.
	*/
	{
	return iAlgorithms->Lookup(aClass, anAlg);
	}

TAlgorithmMap *CSecurityPolicy::FindAlg(const TDesC &aLib, const TDesC &anAlg) const
	/**
	* Find algorithm by name.
	* @param aLib The libary name (or empty)
	* @param anAlg The algorithm name
	* @return Algorithm mapping or NULL.
	*/
	{
	return iAlgorithms->Lookup(aLib, anAlg);
	}

TAlgorithmMap *CSecurityPolicy::NewAlgL(const TDesC &aLib, const TDesC &anAlg) const
	/**
	* Create new algorithm entry.
	*
	* @param aLib The library name
	* @param anAlg The algorithm name
	* @return Algorithm mapping or NULL.
	* @leave if allocation fails.
	*/
	{
	iAlgorithms->AddL(EAlgorithmClass_Cipher, 0, 0, aLib, anAlg);
	return iAlgorithms->Lookup(aLib, anAlg);
	}

#endif