1 /*

     2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:  IKEv1 SA data definition

    15 *

    16 */

    17 

    18 

    19 #ifndef T_IKEV1SADATA_H

    20 #define T_IKEV1SADATA_H

    21 

    22 #include "internaladdress.h"

    23 #include "ikemsgheader.h"

    24 #include "ikev1payloads.h"

    25 

    26 class CIkeData;

    27 

    28 #define   IKEV1_KEY_MATERIAL_SIZE   64

    29 #define   IKEV1_MAX_IV_SIZE         20        //Max hash algorithm output size

    30 #define   DEFAULT_MAX_ISAKMP_LIFETIME 28000   //for security reasons

    31 

    32 // Class TIkev1SAData is the IKEv1 SA parameter definition 

    33 // which is used to pass SA information between IKE server and IKEv1

    34 // plug-in.

    35 class TIkev1SAData 

    36 {

    37 public:

    38     TIkev1SAData()

    39     :iCookie_I(),

    40 	 iCookie_R(),

    41      iSAId(0),

    42      iSAState(0),

    43      iInitiator(EFalse),

    44      iDPDSupported(EFalse),

    45      iFamiliarPeer(EFalse),

    46      iNAT_T_Required(EFalse),

    47      iAutoLogin(EFalse),

    48      iNAT_D_Flags(0),

    49      iIkeData(NULL),

    50      iLocalAddr(),

    51 	 iRemoteAddr(),

    52 	 iDestinAddr(),

    53      iVirtualIp(NULL),

    54      iSeq(0),

    55      iPrevExchange(0),

    56      iFlags(0),

    57      iEncrAlg(0),

    58      iHashAlg(0),

    59      iAuthMethod(0),

    60      iGroupDesc(0),

    61      iGroupType(0),

    62      iKeyLength(0),

    63      iPRF(0),

    64      iLifeTimeSecs(0),

    65      iLifeTimeKB(0),

    66      iDPDRetry(0),

    67      iDPDSequence(0),

    68      iPendingDPDSequence(0),

    69      iExpectedDPDSequence(0),

    70      iLastIKEMsgInfo(),

    71      iLastMsg(NULL)

    72          {}

    73 	inline void CleanUp()

    74 	{

    75 	    delete iVirtualIp;

    76         iVirtualIp = NULL;

    77         delete iLastMsg;

    78         iLastMsg = NULL;

    79     }

    80 	inline void StoreVirtualIp(CInternalAddress* aVirtualIp)

    81 	{

    82 		delete iVirtualIp;

    83 		iVirtualIp = aVirtualIp;

    84 	}

    85 	inline void CopyL(TIkev1SAData& aSrc)

    86 	{

    87 	   CInternalAddress* SavedVip = iVirtualIp;

    88 	   HBufC8* SavedLastMsg = iLastMsg;

    89 	   Mem::Copy((TUint8*)&iCookie_I, (TUint8*)&aSrc.iCookie_I, sizeof(TIkev1SAData));

    90 	   iVirtualIp = SavedVip;

    91 	   iLastMsg = SavedLastMsg;

    92 	   if ( aSrc.iVirtualIp )

    93 	       {

    94 	       StoreVirtualIp(CInternalAddress::NewL(*(aSrc.iVirtualIp)));

    95 	       }

    96 	   if ( aSrc.iLastMsg &&

    97 	        aSrc.iLastMsg != iLastMsg )

    98 	       {

    99 	       delete iLastMsg;

   100 	       iLastMsg = aSrc.iLastMsg->AllocL();

   101 	       }

   102 	}

   103 

   104 public:

   105 	TCookie   iCookie_I;        // Initiator Cookie

   106 	TCookie   iCookie_R;        // Responder Cookie

   107 	TUint32   iSAId;            // Internal negotiation Id

   108 	

   109 	TInt      iSAState;         // IKE SA State

   110 	TBool     iInitiator;       // TRUE if local end is initiator

   111 	TBool     iDPDSupported;    // Both ends support DPD 	

   112 	TBool     iFamiliarPeer;    // Nokia VPN implementation detected in peer    

   113 	TBool     iNAT_T_Required;  // True when NAT detected between local end and peer

   114 	TBool     iAutoLogin;       // SA negotiated due RKMD::Activate request

   115 	TUint32   iNAT_D_Flags;     // If not zero, there is NAT between sites	

   116 	

   117 	CIkeData* iIkeData;     

   118 

   119 	TInetAddr iLocalAddr;   

   120 	TInetAddr iRemoteAddr;      // Remote Address ("From Policy")

   121 	TInetAddr iDestinAddr;      // Current peer destination address and port

   122 	CInternalAddress* iVirtualIp; // Virtual IP address (and DNS addresses)

   123 

   124 	TUint32 iSeq;               // For PFKEY API

   125 	TUint8  iPrevExchange;      // Used to process the last msg of Phase I

   126 	TUint8  iFlags;             // Flags in the msg header

   127 	//

   128 	// Selected IKE SA proposal 

   129 	//

   130 	TUint16 iEncrAlg;           //OAKLEY encryption function    

   131 	TUint16 iHashAlg;           //OAKLEY hash function          

   132 	TUint16 iAuthMethod;        //OAKLEY authentication function

   133 	TUint16 iGroupDesc;         //OAKLEY GROUP

   134 	TUint16 iGroupType;         //OAKLEY GROUP type

   135 	TUint16 iKeyLength;         //Encryption key length

   136 	TUint16 iPRF;               //Reserved

   137 	TUint32 iLifeTimeSecs;      //SA lifetime seconds

   138 	TUint32 iLifeTimeKB;        //SA lifetime KiloBytes

   139 	

   140 	//

   141 	// IKE SA DPD (keep alive) protocol parameters

   142 	//

   143 	TInt    iDPDRetry;

   144 	TUint32 iDPDSequence;

   145 	TUint32 iPendingDPDSequence;

   146 	TUint32 iExpectedDPDSequence;

   147 	

   148 	// Last IKE msg info

   149 	TLastIKEMsg iLastIKEMsgInfo;

   150 	HBufC8*     iLastMsg;

   151 	TInetAddr   iLastRemoteAddr;

   152 	

   153     //

   154 	// IKEv1 keymaterial

   155 	//

   156 	TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID;      //KEY used for encryption/decryption of messages

   157 	TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_d;    //KEY used to derive keys for non-ISAKMP SAs

   158 	TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_a;    //KEY used for authentication of ISAKMP messages

   159 	TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_e;    //KEY used for encryption/decryption of ISAKMP messages

   160 

   161 	TBuf8<IKEV1_MAX_IV_SIZE>       iIV;          //normal IV

   162 	TBuf8<IKEV1_MAX_IV_SIZE>       iLastIV;      //Saves the last IV of PHASE_I to compute iNotifIV everytime and the first IV in Quick mode

   163 

   164 };

   165 

   166 

   167 class CSARekeyInfo : public CBase

   168 {

   169 	public:

   170 		static CSARekeyInfo* NewL(const TCookie& aICookie, const TCookie& aRCookie, 

   171 		                          CInternalAddress* aInternalAddr)

   172 		{

   173 			return new (ELeave) CSARekeyInfo(aICookie, aRCookie, aInternalAddr);

   174 		}

   175 		~CSARekeyInfo()

   176 		{   

   177 		    delete iInternalAddr;

   178 		}

   179 	

   180 		inline const TCookie&  GetCookieI() { return iCookie_I;}  

   181 		inline const TCookie&  GetCookieR() { return iCookie_R;}

   182 		inline CInternalAddress* GetInternalAddr()

   183 		{

   184 			CInternalAddress* VirtualIp = iInternalAddr;

   185 			iInternalAddr = NULL;

   186 			return VirtualIp;

   187 		}		

   188 

   189     private:

   190    		CSARekeyInfo(const TCookie& aICookie, const TCookie& aRCookie, 

   191    		             CInternalAddress* aInternalAddr)

   192    		:iCookie_I(aICookie),

   193 		 iCookie_R(aRCookie),

   194 		 iInternalAddr(aInternalAddr)

   195    		{}

   196 

   197 	private:

   198 		TCookie iCookie_I;      // Initiator Cookie of the IKE SA rekeyed

   199 		TCookie iCookie_R;      // Responder Cookie of the IKE SA rekeyed

   200 		CInternalAddress* iInternalAddr; 

   201 	

   202 };

   203 

   204 

   205 class TIpsecSPI

   206 {

   207 	public:

   208 		TIpsecSPI()

   209 		:iSrcAddr(), iDstAddr(), iSPI(0), iInbound(EFalse), iProtocol(0)

   210 		    {};

   211 	public:

   212 		TInetAddr iSrcAddr;

   213 		TInetAddr iDstAddr;

   214 		TUint32   iSPI;

   215 		TBool     iInbound;    // Inbound = ETrue

   216 		TUint8    iProtocol;

   217 		TUint8    iReserved[3];

   218 };

   219 

   220 #endif // T_IKEV1SADATA_H