|
1 /* |
|
2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKEv2 SA data definition |
|
15 * Class TIkev2SAData is the IKEv2 SA parameter definition which |
|
16 * is used to pass SA information between IKE server and IKEv2 |
|
17 * plug-in. |
|
18 * |
|
19 */ |
|
20 #ifndef __IKEV2SADATA_H__ |
|
21 #define __IKEV2SADATA_H__ |
|
22 #include <e32def.h> |
|
23 #include <in_sock.h> |
|
24 #include "ikemsgheader.h" |
|
25 #include "internaladdress.h" |
|
26 #include "ipsecsadata.h" |
|
27 #include "ipsecsalifetime.h" |
|
28 #include "ikev2message.h" |
|
29 |
|
30 class CIkeData; |
|
31 |
|
32 #define SECOND 1000000 // One second is 1000000 us. (1 us. per tick) |
|
33 |
|
34 // |
|
35 // Private generic PFKEY extension type value |
|
36 // |
|
37 #define IKEV2_KEY_MATERIAL_SIZE 40 |
|
38 #define IKEV2_MAX_IV_SIZE 16 |
|
39 |
|
40 class TIkev2SAData |
|
41 { |
|
42 public: |
|
43 TIkev2SAData(); |
|
44 |
|
45 void CleanUp(); |
|
46 void FreeRespMsg(); |
|
47 void FreeRequestMsg(); |
|
48 void StoreVirtualIp(const TInetAddr& aVirtualAddr); |
|
49 void SaveRespMsg(CIkeV2Message* aRespMsg); |
|
50 void SaveRequestMsg(CIkeV2Message* aRequestMsg); |
|
51 void Copy(TIkev2SAData& aSrc); |
|
52 TUint32 SaId() const; |
|
53 void SetSaId(TUint32 aSaId); |
|
54 TIkeSPI& SpiI(); |
|
55 void SetSpiI(const TIkeSPI& aSpiI); |
|
56 TIkeSPI& SpiR(); |
|
57 void SetSpiR(const TIkeSPI& aSpiR); |
|
58 |
|
59 void GenerateIkeKeyDerivatesL(const TDesC8& aSKEYSEED,TUint16 aPrfAlg, |
|
60 const TDesC8& aNonceI, const TDesC8& aNonceR); |
|
61 |
|
62 /** |
|
63 * Gets the request message ID we should use in our next |
|
64 * request. |
|
65 */ |
|
66 TUint32 NextRequestId() const; |
|
67 |
|
68 /** |
|
69 * Get the message ID we expecting see |
|
70 * in a next received response. |
|
71 */ |
|
72 TUint32 ExpectedResponseId() const; |
|
73 |
|
74 /** |
|
75 * Get the message ID we expecting see |
|
76 * in a next received request. We should |
|
77 * also use this message ID in our |
|
78 * corresponding response. |
|
79 */ |
|
80 TUint32 ExpectedRequestId() const; |
|
81 |
|
82 |
|
83 private: |
|
84 TUint32 iSAId; // Internal negotiation Id |
|
85 TIkeSPI iSPI_I; // Initiator SPI |
|
86 TIkeSPI iSPI_R; // Responder SPI |
|
87 |
|
88 public: |
|
89 |
|
90 TInt iSAState; // IKE SA State |
|
91 TBool iInitiator; // TRUE if local end is initiator |
|
92 |
|
93 CIkeData* iIkeData; |
|
94 TUint32 iVpnIapId; |
|
95 |
|
96 TInetAddr iLocalAddr; // The address of the physical interface we are using. |
|
97 TInetAddr iVirtualAddr; // The address assigned to the VPN interface by the SGW. |
|
98 TInetAddr iRemoteAddr; // Remote Address ("From Policy") |
|
99 TInetAddr iDestinAddr; // Current peer destination address and port. |
|
100 // (Is different that iRemoteAddr, if the SGW is behind NAT) |
|
101 |
|
102 TUint32 iNATFlags; // If not zero, there is NAT between sites |
|
103 TBool iFloatedPort; // If true floated port used (and NON-ESP-MARKER) |
|
104 |
|
105 TUint32 iWindowSize; // Message ID window size (currently 1) |
|
106 CIkeV2Message* iLastResponse; // The last IKE response message buffer |
|
107 CIkeV2Message* iLastRequest; // The last IKE response message buffer |
|
108 TInt iRespRetryCount;// Count of response retries tranmitted in sequence |
|
109 |
|
110 // |
|
111 // Selected IKE SA proposal |
|
112 // |
|
113 TUint16 iEncrAlg; // Encryption algorithm (transform ID 1) |
|
114 TUint16 iPRFAlg; // Pseudo Random function (transform ID 2) |
|
115 TUint16 iIntegAlg; // Integrity algorithm (transform ID 3) |
|
116 TUint16 iDHGroup; // Diffie Hellmann Group(transform ID 4) |
|
117 |
|
118 TUint16 iEAPType; // EAP type if any |
|
119 TUint16 iAuthMethod; // Authentication method selected |
|
120 TUint32 iLifetime; // Local lifetime in seconds |
|
121 TInt iCipherKeyLth; // Cipher key length |
|
122 TInt iCipherBlkLth; // Cipher block length |
|
123 TInt iIntChkSumLth; // Integrity checksum length |
|
124 TBool iMobikeUsed; // MOBIKE protocol supported by both ends |
|
125 // |
|
126 // IKEv2 keymaterial |
|
127 // |
|
128 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_d; |
|
129 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ai; |
|
130 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ar; |
|
131 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ei; |
|
132 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_er; |
|
133 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_pi; |
|
134 TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_pr; |
|
135 }; |
|
136 |
|
137 |
|
138 // |
|
139 // IKE SA states |
|
140 // |
|
141 const TInt KSaStateNotDefined = 0; |
|
142 const TInt KSaStateReady = 1; |
|
143 /* |
|
144 const TInt KSaStateRekeying = 2; |
|
145 const TInt KSaStateWaitingChildSa = 3; |
|
146 const TInt KSaStateDeleting = 4; |
|
147 const TInt KSaStateNotifying = 5; |
|
148 const TInt KSaStateRoaming = 6; |
|
149 */ |
|
150 |
|
151 #endif |