|
1 /* |
|
2 * Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKE policy parser main module |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 #ifndef __IKEPOLPARSER_H |
|
21 #define __IKEPOLPARSER_H |
|
22 |
|
23 #include <f32file.h> |
|
24 #include <badesca.h> |
|
25 #include <in_sock.h> |
|
26 |
|
27 #define FIRST_SEC_PARSER_VERSION 1 |
|
28 #define SEC_PARSER_VERSION 3 |
|
29 |
|
30 #define IKE_HOST_SEPARATOR _L("[HOST]") |
|
31 #define IKE_SEPARATOR _L("[IKE]") |
|
32 #define IKE_HOST_SEPARATOR_LEN 6 |
|
33 #define IKE_GENERAL_SEPARATOR _L("[GENERAL]") |
|
34 #define IKE_GENERAL_SEPARATOR_LEN 9 |
|
35 |
|
36 #define MAX_INFO_SIZE 1024 |
|
37 #define PIECE_AVG_LENGTH 2048 |
|
38 |
|
39 const TInt KIkePolicyBufferSizeIncrement = 6000; |
|
40 |
|
41 const TInt KNokiaNattDefaultPort = 9872; |
|
42 |
|
43 //Security Ike Parser Error codes |
|
44 // NOTE! The error code values below MUST be kept in sync with |
|
45 // the corresponding error code values defined together by |
|
46 // vpnapi/data/vpnerr.rss and vpnapi/data/vpnerr.ra |
|
47 const TInt KSecParserErrMode = -5263; |
|
48 const TInt KSecParserErrNotify = -5264; |
|
49 const TInt KSecParserErrCommit = -5265; |
|
50 const TInt KSecParserErrIpsecExpire = -5266; |
|
51 const TInt KSecParserErrSendCert = -5267; |
|
52 const TInt KSecParserErrInitialContact = -5268; |
|
53 const TInt KSecParserErrResponderLifetime = -5269; |
|
54 const TInt KSecParserErrReplayStatus = -5270; |
|
55 const TInt KSecParserErrGroupDesc_II = -5271; |
|
56 const TInt KSecParserErrProposal = -5272; |
|
57 const TInt KSecParserErrEncrAlg = -5273; |
|
58 const TInt KSecParserErrAuthMethod = -5274; |
|
59 const TInt KSecParserErrHashAlg = -5275; |
|
60 const TInt KSecParserErrGroupDesc = -5276; |
|
61 const TInt KSecParserErrGroupType = -5277; |
|
62 const TInt KSecParserErrLifeBytes = -5278; |
|
63 const TInt KSecParserErrLifeSecs = -5279; |
|
64 const TInt KSecParserErrPRF = -5280; |
|
65 const TInt KSecParserErrPreKey = -5281; |
|
66 const TInt KSecParserErrPreFormat = -5282; |
|
67 const TInt KSecParserErrCA = -5283; |
|
68 const TInt KSecParserErrOwnCerts = -5284; |
|
69 const TInt KSecParserErrOwnName = -5285; |
|
70 const TInt KSecParserErrOwnKey = -5286; |
|
71 const TInt KSecParserErrPeerCerts = -5287; |
|
72 const TInt KSecParserErrPeerAddr = -5288; |
|
73 const TInt KSecParserErrPeerMask = -5289; |
|
74 const TInt KSecParserErrMaxLifetimeSec = -5290; |
|
75 const TInt KSecParserErrMaxLifetimeKB = -5291; |
|
76 const TInt KSecParserErrMaxRetrans = -5292; |
|
77 const TInt KSecParserErrNoSeparator = -5293; |
|
78 const TInt KSecParserErrCRACKLAMType = -5294; |
|
79 const TInt KSecParserErrUseIntAddr = -5295; |
|
80 const TInt KSecParserErrUseNATProbe = -5296; |
|
81 const TInt KSecParserErrUnknown = -5297; |
|
82 |
|
83 |
|
84 |
|
85 //Values for the choice lists used in the .RSS |
|
86 enum {IKE_PARSER_MAIN, |
|
87 IKE_PARSER_AGGRESSIVE}; //Modes |
|
88 enum {IKE_PARSER_DES_CBC, |
|
89 IKE_PARSER_DES3_CBC, |
|
90 IKE_PARSER_AES_CBC}; |
|
91 enum {IKE_PARSER_PRE_SHARED, |
|
92 IKE_PARSER_DSS_SIG, |
|
93 IKE_PARSER_RSA_SIG, |
|
94 IKE_PARSER_RSA_ENCR, |
|
95 IKE_PARSER_RSA_REV_ENCR, |
|
96 IKE_PARSER_CRACK}; |
|
97 enum {IKE_PARSER_MD5, |
|
98 IKE_PARSER_SHA1}; |
|
99 enum {IKE_PARSER_MODP_768 = 1, |
|
100 IKE_PARSER_MODP_1024 = 2, |
|
101 IKE_PARSER_MODP_1536 = 5, |
|
102 IKE_PARSER_MODP_2048 = 14}; |
|
103 enum {IKE_PARSER_DEFAULT, |
|
104 IKE_PARSER_MODP}; |
|
105 enum {IKE_PARSER_NONE, |
|
106 IKE_PARSER_DES3_CBC_MAC}; |
|
107 |
|
108 //CRACK Legacy Authentication types |
|
109 #define IKE_PARSER_CRACK_PASSWORD 1 |
|
110 |
|
111 //------------------------------------------------------------------------ |
|
112 // |
|
113 // IKE Parser |
|
114 // |
|
115 //------------------------------------------------------------------------ |
|
116 |
|
117 //Data on a single proposal |
|
118 struct TProposalData |
|
119 { |
|
120 TUint8 iEncrAlg; |
|
121 TUint8 iAuthMeth; |
|
122 TUint8 iHashAlg; |
|
123 TUint8 iGroupDesc; |
|
124 TUint8 iGroupType; |
|
125 TUint8 iPRF; |
|
126 TUint32 iLifetimeKb; |
|
127 TUint32 iLifetimeSec; |
|
128 TInt iEncrKeyLth; |
|
129 |
|
130 TProposalData *iNext; //Used for chaining |
|
131 TProposalData *iPrev; //to make easier changing the order |
|
132 |
|
133 }; |
|
134 |
|
135 |
|
136 static const TUint KMaxPresharedKeyLength = 256; |
|
137 enum TKeyFormat |
|
138 { |
|
139 STRING_KEY = 0, |
|
140 HEX_KEY = 1 |
|
141 }; |
|
142 |
|
143 struct TPresharedKeyData |
|
144 { |
|
145 TBuf<KMaxPresharedKeyLength> iKey; |
|
146 TKeyFormat iFormat; |
|
147 }; |
|
148 |
|
149 enum TCertFormat |
|
150 { |
|
151 PEM_CERT = 0, |
|
152 BIN_CERT = 1, |
|
153 CA_NAME = 2, |
|
154 KEY_ID = 3, |
|
155 APPL_UID = 4 |
|
156 }; |
|
157 |
|
158 |
|
159 //RSA Encryption peer public keys |
|
160 struct TCertInfo |
|
161 { |
|
162 TCertFormat iFormat; |
|
163 TFileName iData; |
|
164 }; |
|
165 |
|
166 |
|
167 enum TIdentityAsRfc822Name |
|
168 { |
|
169 EIdentityAsRfc822NameUndefined = 0, |
|
170 EIdentityAsRfc822NameYes = 1, |
|
171 EIdentityAsRfc822NameNo = 2 |
|
172 }; |
|
173 |
|
174 //Own certificates |
|
175 struct TOwnCertInfo |
|
176 { |
|
177 TCertFormat iFormat; |
|
178 TFileName iData; //File containing the peer RSA public key |
|
179 TBuf<128> iRfc822NameFqdn; |
|
180 TIdentityAsRfc822Name iIdentityAsRfc822Name; |
|
181 TBuf<256> iSubjectDnSuffix; |
|
182 TInt iPrivateKeyLength; |
|
183 TInt iOwnCertExists; // 0 = no own cert 1 = own cert exists |
|
184 }; |
|
185 |
|
186 class TStringData |
|
187 { |
|
188 public: |
|
189 TStringData() :iBfr(NULL) {} |
|
190 TStringData(HBufC16* aBfr) :iBfr(aBfr) {} |
|
191 ~TStringData() {delete iBfr;} |
|
192 static inline TStringData* NewL(TInt aLth) |
|
193 { |
|
194 HBufC16* Databfr = HBufC16::NewL(aLth); |
|
195 TStringData* StringData = new (ELeave)TStringData(Databfr); |
|
196 return StringData; |
|
197 } |
|
198 static inline TStringData* NewL(const TPtrC16& aString) |
|
199 { |
|
200 TStringData* Obj = TStringData::NewL(aString.Length()); |
|
201 Obj->iBfr->Des().Copy(aString); |
|
202 return Obj; |
|
203 } |
|
204 inline TPtrC16 GetData() |
|
205 { |
|
206 TPtrC16 DataPtr(NULL, 0); |
|
207 if ( iBfr ) |
|
208 DataPtr.Set(iBfr->Des()); |
|
209 return DataPtr; |
|
210 } |
|
211 inline HBufC8* GetAsciiDataL() |
|
212 { |
|
213 HBufC8* Bfr8 = NULL; |
|
214 if ( iBfr ) |
|
215 { |
|
216 Bfr8 = HBufC8::NewL(iBfr->Des().Length()); |
|
217 Bfr8->Des().Copy(iBfr->Des()); |
|
218 } |
|
219 return Bfr8; |
|
220 } |
|
221 |
|
222 private: |
|
223 HBufC16* iBfr; // Variable length data buffer |
|
224 |
|
225 }; |
|
226 |
|
227 |
|
228 class CIkeData : public CBase |
|
229 { |
|
230 public: |
|
231 IMPORT_C static CIkeData* NewL(); |
|
232 IMPORT_C static CIkeData* NewL(const CIkeData *aData); |
|
233 IMPORT_C void ConstructL(const CIkeData *aData); |
|
234 |
|
235 EXPORT_C ~CIkeData(); |
|
236 IMPORT_C void CopyL(const CIkeData *aData); |
|
237 void Empty(); |
|
238 private: |
|
239 CIkeData(); |
|
240 public: |
|
241 TStringData* iFQDNAddr; //Peer host address in FQDN format |
|
242 TInetAddr iAddr; //Peer host address |
|
243 TInetAddr iMask; //Peer host mask |
|
244 TInetAddr iDnsServer; |
|
245 TUint8 iMode; |
|
246 TUint8 iIkeVersion; //Preferred IKE version |
|
247 TUint8 iIdType; //IKE Phase 1 identity type code. Integer value according to rfc2407 |
|
248 TUint8 iRemoteIdType; |
|
249 TBool iSkipRemoteIdCheck; |
|
250 TBuf<128> iFQDN; |
|
251 TStringData* iRemoteIdentity; |
|
252 TBool iAcceptPartialRemoteId; |
|
253 |
|
254 TBool iNotify; |
|
255 TBool iCommit; //COMMIT bit processing |
|
256 TBool iInitialContact; //INITIAL-CONTACT sending |
|
257 TBool iResponderLifetime; //RESPONDER_LIFETIME sending |
|
258 TBool iReplayStatus; //REPLAY_STATUS sending |
|
259 TBool iIpsecExpires; //IPSEC SAs expire with ISAKMP SAs |
|
260 TBool iAlwaysSendCert; //Sends a Cert without even if NOT receiving a CR |
|
261 |
|
262 // Private IKE extension |
|
263 TBool iUseInternalAddr; |
|
264 TBool iUseNatProbing; |
|
265 TBool iUseXauth; //Use XAUTH defined in <draft-beaulieu-ike-xauth-02.txt> |
|
266 TBool iUseCfgMode; //Use CFG-MODE defined in <draft-dukes-ike-mode-cfg-01.txt> |
|
267 TBool iUseMobIke; //Use MOBIKE Ikev2 extension<draft-ietf-mobike-protocol-04.txt> |
|
268 TInt iEspUdpPort; //Port value for IPSEC ESP encapsulation (= In NAT-traversal) |
|
269 TInt iNatKeepAlive; //NAT keep alive timeout in seconds (if zero not used) |
|
270 TUint8 iDscp; //DSCP tag |
|
271 TInt iDPDHeartBeat; //DPD Heart beat timeout in seconds (if zero not used) |
|
272 TInt iRekeyingThreshold; //Rekeying threshold value |
|
273 TUint8 iGroupDesc_II; |
|
274 TUint8 iCRACKLAMType; //CRACK Legacy Authentication Method type |
|
275 TStringData* iCRACKLAMUserName; |
|
276 TStringData* iCRACKLAMPassword; |
|
277 TStringData* iClientCertType; |
|
278 TUint8 iEAPProtocol; |
|
279 TUint8 iEAPReserved; |
|
280 TBool iEAPHideIdentity; |
|
281 TStringData* iEAPRealmPrefix; |
|
282 TStringData* iEAPManualRealm; |
|
283 TStringData* iEAPManualUserName; |
|
284 TBool iCARequired; //If RSA based authentication method is used then at least one CA is required |
|
285 TBool iCAFound; //CAs section |
|
286 TInt iNumProp; |
|
287 TProposalData *iPropList; |
|
288 TPresharedKeyData iPresharedKey; |
|
289 TCertInfo iCA; // Left for backward compatibility |
|
290 CArrayFixFlat<TCertInfo*> *iCAList; // For multiple CAs |
|
291 TOwnCertInfo iOwnCert; |
|
292 TCertInfo iPrivKey; |
|
293 TCertInfo iPeerCert; |
|
294 |
|
295 }; |
|
296 |
|
297 |
|
298 class CIkeDataArray : public CArrayFixFlat<CIkeData*> |
|
299 { |
|
300 public: |
|
301 IMPORT_C static CIkeDataArray* NewL(TInt aGranularity); |
|
302 IMPORT_C static CIkeDataArray* NewL(CIkeDataArray *aData); |
|
303 IMPORT_C void ConstructL(CIkeDataArray *aData); |
|
304 |
|
305 IMPORT_C ~CIkeDataArray(); |
|
306 IMPORT_C void CopyL(CIkeDataArray *aData); |
|
307 IMPORT_C void Empty(); |
|
308 private: |
|
309 CIkeDataArray(TInt aGranularity); |
|
310 CIkeDataArray(CIkeDataArray *aData); |
|
311 public: |
|
312 //General Data |
|
313 TUint32 iMaxLifetimeSec; |
|
314 TUint32 iMaxLifetimeKB; |
|
315 TInt iMaxRetrans; |
|
316 TInt iMaxTraceFileSize; |
|
317 }; |
|
318 |
|
319 class TIkeParser : public TLex |
|
320 { |
|
321 public: |
|
322 IMPORT_C TIkeParser(); |
|
323 IMPORT_C TIkeParser(const TDesC &aStr, TInt aVersion = SEC_PARSER_VERSION); |
|
324 IMPORT_C void MainParseL(CIkeDataArray *aIkeList); |
|
325 IMPORT_C void ParseL(CIkeData *aConf); |
|
326 IMPORT_C static TInt MainWrite(CIkeData *aConf, HBufC8*& aPolBfr); |
|
327 IMPORT_C static TInt GeneralInfoWrite( |
|
328 TUint32 aMaxLifetimeSec, TUint32 aMaxLifetimeKB, |
|
329 TInt aMaxRetrans, HBufC8*& aPolBfr); |
|
330 IMPORT_C static TInt GeneralInfoWrite( |
|
331 TUint32 aMaxLifetimeSec, TUint32 aMaxLifetimeKB, |
|
332 TInt aMaxRetrans, TInt aMaxTraceFileSize, HBufC8*& aPolBfr); |
|
333 IMPORT_C static TInt Write(CIkeData *aConf, HBufC8*& aPolBfr); |
|
334 IMPORT_C void ParseIKESectionsL(CIkeDataArray *aIkeList); |
|
335 IMPORT_C static TInt BufferAppend( HBufC8*& aPolBfr, const TDesC8& aText); |
|
336 |
|
337 private: |
|
338 TInt ParseGeneralData(CIkeDataArray *aIkeList); |
|
339 void ParseIkePieceL(CIkeData *aIkeData, TInt aVersion, TPtrC& aSectionName); |
|
340 void DoMainParseL(CIkeDataArray *aIkeList, TPtrC& aSectionName); |
|
341 TInt ParseProposals(CIkeData *aConf); |
|
342 TInt ParsePresharedKeys(CIkeData *aConf); |
|
343 TInt ParseCAs(CIkeData *aConf); |
|
344 TInt ParseCAItem(CIkeData *aConf, TCertInfo *aCA, TPtrC& aToken); |
|
345 void ParseCAListL(CIkeData *aConf, TInt aCACount, TPtrC& aToken); |
|
346 TInt ParseOwnCerts(CIkeData *aConf); |
|
347 TInt ParsePeerCerts(CIkeData *aConf); |
|
348 TInt CheckPolicy(CIkeData* aConf); |
|
349 TPtrC GetRestOfLine(); |
|
350 TInt ParseFileName(TDes& aFileName); |
|
351 |
|
352 static TBufC<16> TextMode(const TInt aMode); |
|
353 static TBufC<16> TextEncrAlg(const TInt aAlg, const TInt aKeyLth); |
|
354 static TBufC<16> TextAuthMethod(const TInt aMethod); |
|
355 static TBufC<16> TextHashAlg(const TInt aAlg); |
|
356 static TBufC<16> TextGroupDesc(const TInt aDesc); |
|
357 static TBufC<16> TextGroupType(const TInt aType); |
|
358 static TBufC<16> TextPRF(const TInt aPRF); |
|
359 static TBufC<16> TextFormat(const TKeyFormat aFormat); |
|
360 static TBufC<16> CertFormat(TCertFormat aFormat); |
|
361 static TBufC<16> TextLAMType(const TUint8 aLAMType); |
|
362 private: |
|
363 TInt iVersion; |
|
364 }; |
|
365 |
|
366 |
|
367 class CGeneralData : public CBase |
|
368 { |
|
369 public: |
|
370 IMPORT_C CGeneralData(); |
|
371 IMPORT_C CGeneralData(CGeneralData* aData); |
|
372 public: |
|
373 TInt iDeactivationTimeout; |
|
374 }; |
|
375 |
|
376 |
|
377 |
|
378 //------------------------------------------------------------------------ |
|
379 //Multiple Security Info combined |
|
380 class CSecurityPiece : public CBase |
|
381 { |
|
382 public: |
|
383 IMPORT_C void ConstructL(TInt aSize = 64); //default 64 bytes description |
|
384 inline HBufC *Info() {return iInfo;} |
|
385 IMPORT_C void SetInfoL(const TDesC &aDes); //needed to resize it if needed |
|
386 inline CIkeData *IkeData() {return iIkeData;} |
|
387 inline CGeneralData *GeneralData(){return iGeneralData;} |
|
388 IMPORT_C ~CSecurityPiece(); |
|
389 |
|
390 private: |
|
391 HBufC* iInfo; |
|
392 CIkeData *iIkeData; |
|
393 CGeneralData *iGeneralData; |
|
394 }; |
|
395 |
|
396 typedef CArrayFixFlat<CSecurityPiece *> CPiecesList; |
|
397 |
|
398 // |
|
399 // class TSecParser |
|
400 // |
|
401 |
|
402 class TSecParser : public TLex |
|
403 { |
|
404 public: |
|
405 IMPORT_C TSecParser(const TDesC &aDes); |
|
406 IMPORT_C TInt ParseL(CSecurityPiece *aPiece_data); |
|
407 IMPORT_C static TInt Write(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); |
|
408 IMPORT_C TInt ParseGeneralData(CGeneralData* aData); |
|
409 private: |
|
410 TBool CheckVersion(); |
|
411 void ParseInfoL(CSecurityPiece *aPiece_data); |
|
412 void NextTag(); |
|
413 TInt DoParseL(CSecurityPiece *aPiece_data, TBool aIncludeIKE); |
|
414 TInt ParseGeneral(CGeneralData *aGeneralData); |
|
415 |
|
416 static TInt WriteVersion(HBufC8*& aPolBfr); |
|
417 static TInt WriteInfo(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); |
|
418 static TInt WriteIke(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); |
|
419 |
|
420 private: |
|
421 TInt iVersion; //File version |
|
422 }; |
|
423 |
|
424 class TGeneralParser : public TLex |
|
425 { |
|
426 public: |
|
427 IMPORT_C TGeneralParser(const TDesC &aStr); |
|
428 IMPORT_C TInt Parse(CGeneralData *aData); |
|
429 }; |
|
430 |
|
431 class IkeParser |
|
432 { |
|
433 public: |
|
434 IMPORT_C static RArray<TUid>* GetApplUidListL(const TDesC16& aApplUidString); |
|
435 IMPORT_C static HBufC8* TextToHexOctetsL(const TDesC16& aTextString); |
|
436 IMPORT_C static TBool TextToHexOctets(const TDesC16& aTextString, TDes8& aHexOctets); |
|
437 |
|
438 private: |
|
439 void static NextHexaDigit(TLex& aUidString); |
|
440 TBool static DeHex(const TUint16* aUcStr, TInt aStrLen, TUint8* aDstBfr); |
|
441 TBool static HexVal(TUint8& c); |
|
442 }; |
|
443 |
|
444 #endif |