1 /*

     2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:  IKEv2 SA data definition

    15 *                Class TIkev2SAData is the IKEv2 SA parameter definition which

    16 *                is used to pass SA information between IKE server and IKEv2

    17 *                plug-in.

    18 *

    19 */

    20 #ifndef __IKEV2SADATA_H__

    21 #define __IKEV2SADATA_H__

    22 #include <e32def.h>

    23 #include <in_sock.h>

    24 #include "ikemsgheader.h"

    25 #include "internaladdress.h"

    26 #include "ipsecsadata.h"

    27 #include "ipsecsalifetime.h"

    28 #include "ikev2message.h"

    29 

    30 class CIkeData;

    31 

    32 #define SECOND 1000000  // One second is 1000000 us. (1 us. per tick)

    33 

    34 //

    35 // Private generic PFKEY extension type value 

    36 //

    37 #define   IKEV2_KEY_MATERIAL_SIZE   40

    38 #define   IKEV2_MAX_IV_SIZE         16

    39 

    40 class TIkev2SAData 

    41 {

    42 public:

    43     TIkev2SAData();

    44 

    45     void CleanUp();

    46 	void FreeRespMsg();

    47     void FreeRequestMsg();

    48 	void StoreVirtualIp(const TInetAddr& aVirtualAddr);

    49 	void SaveRespMsg(CIkeV2Message* aRespMsg);

    50 	void SaveRequestMsg(CIkeV2Message* aRequestMsg);

    51 	void Copy(TIkev2SAData& aSrc);

    52     TUint32 SaId() const; 

    53     void SetSaId(TUint32 aSaId);

    54     TIkeSPI& SpiI();

    55     void SetSpiI(const TIkeSPI& aSpiI);

    56     TIkeSPI& SpiR();

    57     void SetSpiR(const TIkeSPI& aSpiR);

    58 

    59     void GenerateIkeKeyDerivatesL(const TDesC8& aSKEYSEED,TUint16 aPrfAlg, 

    60                                   const TDesC8& aNonceI, const TDesC8& aNonceR);

    61     

    62     /**

    63      * Gets the request message ID we should use in our next

    64      * request.

    65      */

    66     TUint32 NextRequestId() const;

    67     

    68     /**

    69      * Get the message ID we expecting see

    70      * in a next received response.

    71      */    

    72     TUint32 ExpectedResponseId() const;

    73     

    74     /**

    75      * Get the message ID we expecting see

    76      * in a next received request. We should

    77      * also use this message ID in our

    78      * corresponding response. 

    79      */

    80     TUint32 ExpectedRequestId() const;

    81     

    82     

    83 private:

    84 	TUint32 iSAId;          // Internal negotiation Id

    85 	TIkeSPI iSPI_I;         // Initiator SPI 

    86 	TIkeSPI iSPI_R;         // Responder SPI

    87 

    88 public:	

    89 

    90 	TInt    iSAState;       // IKE SA State

    91 	TBool   iInitiator;     // TRUE if local end is initiator

    92 	

    93 	CIkeData* iIkeData;     

    94 	TUint32   iVpnIapId;    

    95 	

    96 	TInetAddr iLocalAddr;   // The address of the physical interface we are using.

    97 	TInetAddr iVirtualAddr; // The address assigned to the VPN interface by the SGW.

    98 	TInetAddr iRemoteAddr;  // Remote Address ("From Policy")

    99 	TInetAddr iDestinAddr;  // Current peer destination address and port.

   100 	                        // (Is different that iRemoteAddr, if the SGW is behind NAT)

   101     

   102 	TUint32   iNATFlags;    // If not zero, there is NAT between sites

   103 	TBool     iFloatedPort; // If true floated port used (and NON-ESP-MARKER)

   104 

   105 	TUint32 iWindowSize;    // Message ID window size (currently 1)

   106 	CIkeV2Message* iLastResponse; // The last IKE response message buffer

   107 	CIkeV2Message* iLastRequest; // The last IKE response message buffer

   108 	TInt    iRespRetryCount;// Count of response retries tranmitted in sequence

   109 	

   110 	//

   111 	// Selected IKE SA proposal 

   112 	//

   113 	TUint16 iEncrAlg;       // Encryption algorithm (transform ID 1)

   114 	TUint16 iPRFAlg;        // Pseudo Random function (transform ID 2)

   115 	TUint16 iIntegAlg;      // Integrity algorithm  (transform ID 3)

   116 	TUint16 iDHGroup;       // Diffie Hellmann Group(transform ID 4)

   117 	

   118 	TUint16 iEAPType;       // EAP type if any	

   119 	TUint16 iAuthMethod;    // Authentication method selected

   120 	TUint32 iLifetime;      // Local lifetime in seconds

   121 	TInt    iCipherKeyLth;  // Cipher key length

   122 	TInt    iCipherBlkLth;  // Cipher block length

   123 	TInt    iIntChkSumLth;  // Integrity checksum length

   124 	TBool   iMobikeUsed;    // MOBIKE protocol supported by both ends

   125     //

   126 	// IKEv2 keymaterial

   127 	//

   128 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_d;

   129 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ai;

   130 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ar;	

   131 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_ei;

   132 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_er;	

   133 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_pi;

   134 	TBuf8<IKEV2_KEY_MATERIAL_SIZE> iSK_pr;	

   135 };

   136 

   137 

   138 //

   139 //  IKE SA states

   140 //

   141 const TInt KSaStateNotDefined     = 0;

   142 const TInt KSaStateReady          = 1;

   143 /*

   144 const TInt KSaStateRekeying       = 2;

   145 const TInt KSaStateWaitingChildSa = 3;

   146 const TInt KSaStateDeleting       = 4;

   147 const TInt KSaStateNotifying      = 5;

   148 const TInt KSaStateRoaming        = 6;

   149 */

   150 

   151 #endif