1 /*

     2 * Copyright (c) 2003-2007 Nokia Corporation and/or its subsidiary(-ies).

     3 * All rights reserved.

     4 * This component and the accompanying materials are made available

     5 * under the terms of "Eclipse Public License v1.0"

     6 * which accompanies this distribution, and is available

     7 * at the URL "http://www.eclipse.org/legal/epl-v10.html".

     8 *

     9 * Initial Contributors:

    10 * Nokia Corporation - initial contribution.

    11 *

    12 * Contributors:

    13 *

    14 * Description:  IKEv2 SA

    15 *

    16 */

    17 

    18 

    19 #include "ikedebug.h"

    20 #include "ikev2SA.h"

    21 #include "ikepolparser.h"

    22 #include "ikev2ipsecsadata.h"

    23 #include "ikev2pluginsession.h"

    24 

    25 CIkev2SA* CIkev2SA::NewL(CIkev2PluginSession& aIkeV2PluginSession, TIkev2SAData& aIkev2SAdata, MIkeDebug& aDebug)

    26 {

    27 	CIkev2SA *sa = new (ELeave) CIkev2SA(aIkeV2PluginSession, aDebug);

    28 	sa->ConstructL(aIkev2SAdata);

    29 	return sa;

    30 }

    31 

    32 

    33 CIkev2SA::CIkev2SA(CIkev2PluginSession& aIkeV2PluginSession, MIkeDebug& aDebug)

    34 :CTimer(EPriorityStandard), iIkeV2PluginSession(aIkeV2PluginSession), iDebug(aDebug)

    35 {

    36     CActiveScheduler::Add(this);

    37 }

    38 

    39 

    40 void CIkev2SA::ConstructL(TIkev2SAData& aIkev2SAdata)

    41 {

    42 	CTimer::ConstructL();		

    43 	iIkeV2SaData.Copy(aIkev2SAdata);

    44 	//

    45 	// Calculate lifetime value for the new IKE SA

    46 	// The jitter value is adjusted from SA internal ID (SAId mod 8) 

    47 	//

    48     iRemainingTime = iIkeV2SaData.iLifetime + (iIkeV2SaData.SaId() % 8);

    49 	iIkeV2SaData.iSAState  = KSaStateReady;

    50 

    51 	TInt DPDHeartbeat = 0;

    52 	if ( iIkeV2SaData.iIkeData->iDPDHeartBeat )

    53 	   DPDHeartbeat = iIkeV2SaData.iIkeData->iDPDHeartBeat;      

    54 

    55 	if ( DPDHeartbeat )

    56 	{

    57 		iIkeKeepAlive = CIkeV2KeepAlive::NewL(DPDHeartbeat, *this);

    58 	}

    59 										  

    60 	DEBUG_LOG2(_L("IKEv2 SA constructed, SAId: %d, Lifetime: %d"), iIkeV2SaData.SaId(), iRemainingTime);

    61 	

    62 	StartTimer();

    63 }

    64 

    65 

    66 CIkev2SA::~CIkev2SA()

    67 {

    68     if (IsActive())

    69         Cancel();

    70 	PurgeIpsecDataQue();  	

    71 	iIkeV2SaData.CleanUp();

    72 	delete iIkeKeepAlive;	

    73 }

    74 

    75 

    76 void CIkev2SA::DoCancel()

    77 {

    78     CTimer::DoCancel();

    79 }

    80 

    81 void CIkev2SA::UpdateL(TIkev2SAData* aIkev2SAdata, TIkeV2IpsecSAData* aIpsecSAdata)

    82 {

    83     DEBUG_LOG(_L("CIkev2SA::UpdateL"));

    84 

    85 	if ( aIkev2SAdata )

    86 	{

    87 	   //

    88 	   // Update IKE Sa data information and reset/restart IKE SA lifetime

    89 	   //

    90 	    iIkeV2SaData.Copy(*aIkev2SAdata);

    91 	    iIkeV2SaData.iSAState = KSaStateReady;		

    92 	}

    93 	if ( aIpsecSAdata )

    94 	{

    95 	   //

    96 	   // Link an Ipsec SA pair information into IKE SA

    97 	   //

    98 		TIkeV2IpsecSAData* IpsecSA = new (ELeave) TIkeV2IpsecSAData(iDebug);

    99 		IpsecSA->Copy(*aIpsecSAdata);

   100 		LinkIpsecSa(IpsecSA);						  

   101 		DEBUG_LOG3(_L("Ipsec SA added into IKE SA, SAId: %d, In SPI: %d, Out SPI: %d"),

   102 				   iIkeV2SaData.SaId(), &aIpsecSAdata->iSPI_In, &aIpsecSAdata->iSPI_Out);

   103 	}

   104 }

   105 

   106 TBool CIkev2SA::RemoteAddrChanged(TInetAddr& aNewIp)

   107 {

   108 

   109 #if __DEBUG

   110 	TBuf<40> txt_addr;				

   111 	aNewIp.OutputWithScope(txt_addr);

   112 	DEBUG_LOG2(_L("Remote IP changed IKE SA: %d, new address %S"), iIkeV2SaData.SaId(), &txt_addr);

   113 #endif //__DEBUG

   114 	aNewIp = aNewIp; //To silence UREL warnings: contents of DEB macro invisible in UREL builds

   115 	

   116 	return ETrue;

   117 }

   118 

   119 

   120 TIkeV2IpsecSAData* CIkev2SA::RemoveIpsecSaData(const TDesC8& aInSpi, const TDesC8& aOutSpi)

   121 { 

   122     return FindIpsecSaData(aInSpi, aOutSpi, ETrue); 

   123 } 

   124 

   125 

   126 TIkeV2IpsecSAData* CIkev2SA::FindIpsecSaData(const TDesC8& aInSpi, const TDesC8& aOutSpi, TBool aRemove)

   127 {

   128 

   129     __ASSERT_DEBUG( aInSpi.Length() == 4 || aInSpi.Length() == 0, User::Invariant() );

   130     __ASSERT_DEBUG( aOutSpi.Length() == 4 || aOutSpi.Length() == 0, User::Invariant() );

   131     __ASSERT_DEBUG( aInSpi.Length() != 0 || aOutSpi.Length() != 0, User::Invariant() );

   132 

   133 	TInt Found = 0;

   134 	if ( aInSpi.Length() > 0 )

   135 		Found ++;

   136 	if ( aOutSpi.Length() > 0 )

   137 		Found ++;

   138 	if ( Found == 0 )

   139 	   return NULL;	

   140 

   141 	TInt Match;

   142 	TIkeV2IpsecSAData* Prev = NULL;

   143 	TIkeV2IpsecSAData* Sa   = iIpsecSaQue;

   144 

   145 	while ( Sa )

   146 	{

   147 		Match = 0;

   148 		if ( aInSpi.Length() > 0 && (aInSpi.Compare(Sa->iSPI_In) == 0))

   149            Match ++;   		

   150 		if ( aOutSpi.Length() > 0 && (aOutSpi.Compare(Sa->iSPI_Out) == 0) )

   151 		   Match ++;

   152 		if ( Match == Found )

   153 		{

   154 		   if ( aRemove )

   155 		   {

   156 			  if ( Prev )

   157 				   Prev->iNext = Sa->iNext;

   158 			  else iIpsecSaQue = Sa->iNext;

   159 		   }	   

   160 		   break;

   161 		}

   162 		Prev = Sa;

   163 		Sa   = Sa->iNext;

   164 	}

   165 	return Sa;

   166 }

   167 

   168 void CIkev2SA::DeleteIpsecSaData(const TDesC8& aInSpi, const TDesC8& aOutSpi)

   169 {

   170 	TIkeV2IpsecSAData* SaData = FindIpsecSaData(aInSpi, aOutSpi, ETrue);

   171 	if ( SaData )

   172 	{

   173 		SaData->PurgeKeyMaterial();

   174 		SaData->DeleteRekeyData();

   175 		DeleteIpsecSas(SaData);		

   176 		delete SaData;

   177 	}	

   178 }

   179 

   180 void CIkev2SA::LinkIpsecSa(TIkeV2IpsecSAData* aSa) 

   181 {

   182     ASSERT(aSa);

   183     aSa->iNext = iIpsecSaQue; 

   184     iIpsecSaQue = aSa;

   185 }   

   186 

   187 void CIkev2SA::PurgeIpsecDataQue()

   188 {

   189 	

   190 	TIkeV2IpsecSAData* Sa = iIpsecSaQue;

   191 	while ( iIpsecSaQue )

   192 	{

   193 		iIpsecSaQue = Sa->iNext;

   194 		Sa->PurgeKeyMaterial();

   195 		Sa->DeleteRekeyData();

   196 		DeleteIpsecSas(Sa);

   197 		delete Sa;

   198 		Sa = iIpsecSaQue;

   199 	}	

   200 }

   201 

   202 void CIkev2SA::DeleteIpsecSas(TIkeV2IpsecSAData* aSa)

   203 {

   204     ASSERT(aSa);

   205 	TInetAddr LocalAddr;

   206 	if ( aSa->iSrcSpecific )

   207 		 LocalAddr = iIkeV2SaData.iLocalAddr;

   208 	else LocalAddr.Init(0); 

   209 	LocalAddr.SetPort(0);	

   210 	TInetAddr RemoteAddr = iIkeV2SaData.iRemoteAddr;

   211 	RemoteAddr.SetPort(0);

   212 	if ( aSa->iSPI_In.Length() > 0 ) 

   213 	{

   214         TUint32 spi;

   215         TPtr8 spiPtr(reinterpret_cast<TUint8*>(&spi), sizeof(spi));

   216         spiPtr = aSa->iSPI_In;

   217 		iIkeV2PluginSession.DeleteIpsecSA(spi, RemoteAddr, LocalAddr, aSa->iSaType);

   218 	}

   219 	if ( aSa->iSPI_Out.Length() > 0 )

   220 	{

   221         TUint32 spi;

   222         TPtr8 spiPtr(reinterpret_cast<TUint8*>(&spi), sizeof(spi));

   223         spiPtr = aSa->iSPI_Out;

   224         iIkeV2PluginSession.DeleteIpsecSA(spi, LocalAddr, RemoteAddr, aSa->iSaType);

   225 	}

   226 }

   227 

   228 

   229 void CIkev2SA::RunL()

   230 {

   231 	//

   232 	// If IKE SA lifetime expired, delete IKE SA if there is no

   233 	// active IPSEC SA:s alive. If there is rekey IKE SA.

   234 	//

   235     DEBUG_LOG2(_L("CIkev2SA::RunL, SAId=%d, remaining time=%d"),

   236             iIkeV2SaData.SaId(), iRemainingTime );

   237 	if (iRemainingTime == 0) 

   238 	{										 		

   239 		if ( iIpsecSaQue )

   240 		{

   241 		    iIkeV2PluginSession.RekeyIkeSAL(&iIkeV2SaData);

   242 		}

   243 		else 

   244 		{		 

   245 		    iIkeV2PluginSession.DeleteIkeSAL(&iIkeV2SaData, ETrue); // "Normal" close

   246 		}

   247 	}

   248 	else StartTimer();

   249 	

   250 }

   251 

   252 void CIkev2SA::StartTimer()

   253 {

   254 	if (iRemainingTime > KMaxTInt/SECOND)   //To avoid overflowing the Timer

   255 	{

   256 		iRemainingTime -= KMaxTInt/SECOND;

   257 		After(KMaxTInt);

   258 	}

   259 	else    //No overflow

   260 	{

   261 		After(iRemainingTime*SECOND);

   262 		iRemainingTime = 0;

   263 	}

   264 }

   265 

   266 

   267 void CIkev2SA::EventHandlerL()

   268 {

   269 	//

   270 	// The implementation for class MDpdHeartBeatEventHandler virtual function

   271 	// This method is called by an CIkeKeepAlive object instance when

   272 	// DPD heartbeat timeout has elapsed.

   273 	//

   274     iIkeV2PluginSession.KeepAliveIkeSAL(&iIkeV2SaData);

   275 }

   276 

   277 

   278 TIkeV2IpsecSAData* CIkev2SA::GetIpsecSaQue()

   279 { 

   280     TIkeV2IpsecSAData* Que = iIpsecSaQue; 

   281     iIpsecSaQue = NULL; 

   282     return Que; 

   283 }

   284 

   285 

   286 void CIkev2SA::SetIpsecSaQue(TIkeV2IpsecSAData* aQue) 

   287 { 

   288     if (aQue != NULL) 

   289         { 

   290         LinkIpsecSa(aQue); 

   291         } 

   292 }

   293