|
1 /* |
|
2 * Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKEv1 SA data definition |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #ifndef T_IKEV1SADATA_H |
|
20 #define T_IKEV1SADATA_H |
|
21 |
|
22 #include "internaladdress.h" |
|
23 #include "ikemsgheader.h" |
|
24 #include "ikev1payloads.h" |
|
25 |
|
26 class CIkeData; |
|
27 |
|
28 #define IKEV1_KEY_MATERIAL_SIZE 64 |
|
29 #define IKEV1_MAX_IV_SIZE 20 //Max hash algorithm output size |
|
30 #define DEFAULT_MAX_ISAKMP_LIFETIME 28000 //for security reasons |
|
31 |
|
32 // Class TIkev1SAData is the IKEv1 SA parameter definition |
|
33 // which is used to pass SA information between IKE server and IKEv1 |
|
34 // plug-in. |
|
35 class TIkev1SAData |
|
36 { |
|
37 public: |
|
38 TIkev1SAData() |
|
39 :iCookie_I(), |
|
40 iCookie_R(), |
|
41 iSAId(0), |
|
42 iSAState(0), |
|
43 iInitiator(EFalse), |
|
44 iDPDSupported(EFalse), |
|
45 iFamiliarPeer(EFalse), |
|
46 iNAT_T_Required(EFalse), |
|
47 iAutoLogin(EFalse), |
|
48 iNAT_D_Flags(0), |
|
49 iIkeData(NULL), |
|
50 iLocalAddr(), |
|
51 iRemoteAddr(), |
|
52 iDestinAddr(), |
|
53 iVirtualIp(NULL), |
|
54 iSeq(0), |
|
55 iPrevExchange(0), |
|
56 iFlags(0), |
|
57 iEncrAlg(0), |
|
58 iHashAlg(0), |
|
59 iAuthMethod(0), |
|
60 iGroupDesc(0), |
|
61 iGroupType(0), |
|
62 iKeyLength(0), |
|
63 iPRF(0), |
|
64 iLifeTimeSecs(0), |
|
65 iLifeTimeKB(0), |
|
66 iDPDRetry(0), |
|
67 iDPDSequence(0), |
|
68 iPendingDPDSequence(0), |
|
69 iExpectedDPDSequence(0), |
|
70 iLastIKEMsgInfo(), |
|
71 iLastMsg(NULL) |
|
72 {} |
|
73 inline void CleanUp() |
|
74 { |
|
75 delete iVirtualIp; |
|
76 iVirtualIp = NULL; |
|
77 delete iLastMsg; |
|
78 iLastMsg = NULL; |
|
79 } |
|
80 inline void StoreVirtualIp(CInternalAddress* aVirtualIp) |
|
81 { |
|
82 delete iVirtualIp; |
|
83 iVirtualIp = aVirtualIp; |
|
84 } |
|
85 inline void CopyL(TIkev1SAData& aSrc) |
|
86 { |
|
87 CInternalAddress* SavedVip = iVirtualIp; |
|
88 HBufC8* SavedLastMsg = iLastMsg; |
|
89 Mem::Copy((TUint8*)&iCookie_I, (TUint8*)&aSrc.iCookie_I, sizeof(TIkev1SAData)); |
|
90 iVirtualIp = SavedVip; |
|
91 iLastMsg = SavedLastMsg; |
|
92 if ( aSrc.iVirtualIp ) |
|
93 { |
|
94 StoreVirtualIp(CInternalAddress::NewL(*(aSrc.iVirtualIp))); |
|
95 } |
|
96 if ( aSrc.iLastMsg && |
|
97 aSrc.iLastMsg != iLastMsg ) |
|
98 { |
|
99 delete iLastMsg; |
|
100 iLastMsg = aSrc.iLastMsg->AllocL(); |
|
101 } |
|
102 } |
|
103 |
|
104 public: |
|
105 TCookie iCookie_I; // Initiator Cookie |
|
106 TCookie iCookie_R; // Responder Cookie |
|
107 TUint32 iSAId; // Internal negotiation Id |
|
108 |
|
109 TInt iSAState; // IKE SA State |
|
110 TBool iInitiator; // TRUE if local end is initiator |
|
111 TBool iDPDSupported; // Both ends support DPD |
|
112 TBool iFamiliarPeer; // Nokia VPN implementation detected in peer |
|
113 TBool iNAT_T_Required; // True when NAT detected between local end and peer |
|
114 TBool iAutoLogin; // SA negotiated due RKMD::Activate request |
|
115 TUint32 iNAT_D_Flags; // If not zero, there is NAT between sites |
|
116 |
|
117 CIkeData* iIkeData; |
|
118 |
|
119 TInetAddr iLocalAddr; |
|
120 TInetAddr iRemoteAddr; // Remote Address ("From Policy") |
|
121 TInetAddr iDestinAddr; // Current peer destination address and port |
|
122 CInternalAddress* iVirtualIp; // Virtual IP address (and DNS addresses) |
|
123 |
|
124 TUint32 iSeq; // For PFKEY API |
|
125 TUint8 iPrevExchange; // Used to process the last msg of Phase I |
|
126 TUint8 iFlags; // Flags in the msg header |
|
127 // |
|
128 // Selected IKE SA proposal |
|
129 // |
|
130 TUint16 iEncrAlg; //OAKLEY encryption function |
|
131 TUint16 iHashAlg; //OAKLEY hash function |
|
132 TUint16 iAuthMethod; //OAKLEY authentication function |
|
133 TUint16 iGroupDesc; //OAKLEY GROUP |
|
134 TUint16 iGroupType; //OAKLEY GROUP type |
|
135 TUint16 iKeyLength; //Encryption key length |
|
136 TUint16 iPRF; //Reserved |
|
137 TUint32 iLifeTimeSecs; //SA lifetime seconds |
|
138 TUint32 iLifeTimeKB; //SA lifetime KiloBytes |
|
139 |
|
140 // |
|
141 // IKE SA DPD (keep alive) protocol parameters |
|
142 // |
|
143 TInt iDPDRetry; |
|
144 TUint32 iDPDSequence; |
|
145 TUint32 iPendingDPDSequence; |
|
146 TUint32 iExpectedDPDSequence; |
|
147 |
|
148 // Last IKE msg info |
|
149 TLastIKEMsg iLastIKEMsgInfo; |
|
150 HBufC8* iLastMsg; |
|
151 TInetAddr iLastRemoteAddr; |
|
152 |
|
153 // |
|
154 // IKEv1 keymaterial |
|
155 // |
|
156 TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID; //KEY used for encryption/decryption of messages |
|
157 TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_d; //KEY used to derive keys for non-ISAKMP SAs |
|
158 TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_a; //KEY used for authentication of ISAKMP messages |
|
159 TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_e; //KEY used for encryption/decryption of ISAKMP messages |
|
160 |
|
161 TBuf8<IKEV1_MAX_IV_SIZE> iIV; //normal IV |
|
162 TBuf8<IKEV1_MAX_IV_SIZE> iLastIV; //Saves the last IV of PHASE_I to compute iNotifIV everytime and the first IV in Quick mode |
|
163 |
|
164 }; |
|
165 |
|
166 |
|
167 class CSARekeyInfo : public CBase |
|
168 { |
|
169 public: |
|
170 static CSARekeyInfo* NewL(const TCookie& aICookie, const TCookie& aRCookie, |
|
171 CInternalAddress* aInternalAddr) |
|
172 { |
|
173 return new (ELeave) CSARekeyInfo(aICookie, aRCookie, aInternalAddr); |
|
174 } |
|
175 ~CSARekeyInfo() |
|
176 { |
|
177 delete iInternalAddr; |
|
178 } |
|
179 |
|
180 inline const TCookie& GetCookieI() { return iCookie_I;} |
|
181 inline const TCookie& GetCookieR() { return iCookie_R;} |
|
182 inline CInternalAddress* GetInternalAddr() |
|
183 { |
|
184 CInternalAddress* VirtualIp = iInternalAddr; |
|
185 iInternalAddr = NULL; |
|
186 return VirtualIp; |
|
187 } |
|
188 |
|
189 private: |
|
190 CSARekeyInfo(const TCookie& aICookie, const TCookie& aRCookie, |
|
191 CInternalAddress* aInternalAddr) |
|
192 :iCookie_I(aICookie), |
|
193 iCookie_R(aRCookie), |
|
194 iInternalAddr(aInternalAddr) |
|
195 {} |
|
196 |
|
197 private: |
|
198 TCookie iCookie_I; // Initiator Cookie of the IKE SA rekeyed |
|
199 TCookie iCookie_R; // Responder Cookie of the IKE SA rekeyed |
|
200 CInternalAddress* iInternalAddr; |
|
201 |
|
202 }; |
|
203 |
|
204 |
|
205 class TIpsecSPI |
|
206 { |
|
207 public: |
|
208 TIpsecSPI() |
|
209 :iSrcAddr(), iDstAddr(), iSPI(0), iInbound(EFalse), iProtocol(0) |
|
210 {}; |
|
211 public: |
|
212 TInetAddr iSrcAddr; |
|
213 TInetAddr iDstAddr; |
|
214 TUint32 iSPI; |
|
215 TBool iInbound; // Inbound = ETrue |
|
216 TUint8 iProtocol; |
|
217 TUint8 iReserved[3]; |
|
218 }; |
|
219 |
|
220 #endif // T_IKEV1SADATA_H |