|
1 /* |
|
2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IKEv2 SA data definition |
|
15 * Class TIkev2SAData is the IKEv2 SA parameter definition which |
|
16 * is used to pass SA information between IKE server and IKEv2 |
|
17 * plug-in. |
|
18 * |
|
19 */ |
|
20 |
|
21 #include "ikev2SAdata.h" |
|
22 #include "ikecrypto.h" |
|
23 #include "ikev2const.h" |
|
24 |
|
25 TIkev2SAData::TIkev2SAData() |
|
26 ://iSAId(0), |
|
27 iSPI_I(), |
|
28 iSPI_R(), |
|
29 iSAState(0), |
|
30 iInitiator(EFalse), |
|
31 iIkeData(NULL), |
|
32 iVpnIapId(0), |
|
33 iLocalAddr(), |
|
34 iVirtualAddr(), |
|
35 iRemoteAddr(), |
|
36 iDestinAddr(), |
|
37 iNATFlags(0), |
|
38 iFloatedPort(EFalse), |
|
39 iWindowSize(0), |
|
40 iRespRetryCount(0), |
|
41 iEncrAlg(0), |
|
42 iPRFAlg(0), |
|
43 iIntegAlg(0), |
|
44 iDHGroup(0), |
|
45 iEAPType(0), |
|
46 iAuthMethod(0), |
|
47 iLifetime(0), |
|
48 iCipherKeyLth(0), |
|
49 iCipherBlkLth(0), |
|
50 iIntChkSumLth(0), |
|
51 iMobikeUsed(EFalse) |
|
52 { |
|
53 iSPI_I.SetLength(iSPI_I.MaxLength()); |
|
54 iSPI_I.FillZ(); |
|
55 |
|
56 iSPI_R.SetLength(iSPI_R.MaxLength()); |
|
57 iSPI_R.FillZ(); |
|
58 } |
|
59 |
|
60 |
|
61 void TIkev2SAData::CleanUp() |
|
62 { |
|
63 FreeRespMsg(); |
|
64 FreeRequestMsg(); |
|
65 } |
|
66 |
|
67 |
|
68 void TIkev2SAData::FreeRespMsg() |
|
69 { |
|
70 delete iLastResponse; |
|
71 iLastResponse = NULL; |
|
72 } |
|
73 |
|
74 |
|
75 void TIkev2SAData::FreeRequestMsg() |
|
76 { |
|
77 delete iLastRequest; |
|
78 iLastRequest = NULL; |
|
79 } |
|
80 |
|
81 |
|
82 void TIkev2SAData::StoreVirtualIp(const TInetAddr& aVirtualAddr) |
|
83 { |
|
84 iVirtualAddr = aVirtualAddr; |
|
85 } |
|
86 |
|
87 |
|
88 void TIkev2SAData::SaveRespMsg(CIkeV2Message* aRespMsg) |
|
89 { |
|
90 FreeRespMsg(); |
|
91 iLastResponse = aRespMsg; |
|
92 } |
|
93 |
|
94 |
|
95 void TIkev2SAData::SaveRequestMsg(CIkeV2Message* aRequestMsg) |
|
96 { |
|
97 FreeRequestMsg(); |
|
98 iLastRequest = aRequestMsg; |
|
99 } |
|
100 |
|
101 |
|
102 void TIkev2SAData::Copy(TIkev2SAData& aSrc) |
|
103 { |
|
104 TInetAddr savedVirtualAddr = iVirtualAddr; |
|
105 CIkeV2Message* savedLastResponse = iLastResponse; |
|
106 CIkeV2Message* savedLastRequest = iLastRequest; |
|
107 |
|
108 Mem::Copy((TUint8*)&iSAId, (TUint8*)&aSrc.iSAId, sizeof(TIkev2SAData)); |
|
109 |
|
110 if (iLastResponse != NULL) |
|
111 { |
|
112 delete savedLastResponse; |
|
113 aSrc.iLastResponse = NULL; |
|
114 } |
|
115 else |
|
116 { |
|
117 iLastResponse = savedLastResponse; |
|
118 } |
|
119 |
|
120 if (iLastRequest != NULL) |
|
121 { |
|
122 delete savedLastRequest; |
|
123 aSrc.iLastRequest = NULL; |
|
124 } |
|
125 else |
|
126 { |
|
127 iLastRequest = savedLastRequest; |
|
128 } |
|
129 |
|
130 if ( iVirtualAddr.IsUnspecified() ) |
|
131 iVirtualAddr = savedVirtualAddr; |
|
132 } |
|
133 |
|
134 |
|
135 TUint32 TIkev2SAData::SaId() const |
|
136 { |
|
137 return iSAId; |
|
138 } |
|
139 |
|
140 |
|
141 void TIkev2SAData::SetSaId(TUint32 aSaId) |
|
142 { |
|
143 iSAId = aSaId; |
|
144 } |
|
145 |
|
146 |
|
147 TIkeSPI& TIkev2SAData::SpiI() |
|
148 { |
|
149 return iSPI_I; |
|
150 } |
|
151 |
|
152 |
|
153 void TIkev2SAData::SetSpiI(const TIkeSPI& aSpiI) |
|
154 { |
|
155 iSPI_I = aSpiI; |
|
156 } |
|
157 |
|
158 |
|
159 TIkeSPI& TIkev2SAData::SpiR() |
|
160 { |
|
161 return iSPI_R; |
|
162 } |
|
163 |
|
164 |
|
165 void TIkev2SAData::SetSpiR(const TIkeSPI& aSpiR) |
|
166 { |
|
167 iSPI_R = aSpiR; |
|
168 } |
|
169 |
|
170 void TIkev2SAData::GenerateIkeKeyDerivatesL(const TDesC8& aSKEYSEED,TUint16 aPrfAlg, |
|
171 const TDesC8& aNonceI, const TDesC8& aNonceR) |
|
172 { |
|
173 // |
|
174 // Generate IKE keying information from SKEYDSEED (its |
|
175 // derivates). |
|
176 // SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr |
|
177 // = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr ) |
|
178 // Since the amount of keying material needed may be greater than |
|
179 // the size of the output of the prf algorithm prf+ is used as |
|
180 // follows prf+ (SKEYSEED,S) = T1 | T2 | T3 | T4 | ... |
|
181 // where: T1 = prf (SKEYSEED, S | 0x01) |
|
182 // T2 = prf (SKEYSEED, T1 | S | 0x02) .. |
|
183 // TN = prf (SKEYSEED, TN-1 | S | 0xN ) ;[ N < 256 ] |
|
184 // Calculate first required key material length: |
|
185 // Length of SK_d = Length of PRF algorithm output |
|
186 // Length of SK_ai and SK_ar = Length of integrity algorithm key |
|
187 // Length of SK_ei and SK_er = Length of cipher algorithm key |
|
188 // Length of SK_pi and SK_pr = Length of PRF output |
|
189 // |
|
190 TInt EncKeyLth = IkeCrypto::AlgorithmInfo(IKEV2_ENCR, iEncrAlg, &iCipherBlkLth); |
|
191 if ( iCipherKeyLth == 0 ) |
|
192 iCipherKeyLth = EncKeyLth; |
|
193 TInt IntKeyLth = IkeCrypto::AlgorithmInfo(IKEV2_INTEG, iIntegAlg, &iIntChkSumLth); |
|
194 TInt PrfKeyLth = IkeCrypto::AlgorithmInfo(IKEV2_PRF, iPRFAlg, NULL); |
|
195 TInt KeyMatLth = 2*iCipherKeyLth + 2*IntKeyLth + 3*PrfKeyLth; |
|
196 HBufC8* S = HBufC8::NewL(aNonceI.Length() + aNonceR.Length() + 2*IKEV2_SPI_SIZE); |
|
197 CleanupStack::PushL(S); |
|
198 // |
|
199 // Copy value S = (Ni | Nr | SPIi | SPIr) into work buffer S |
|
200 // |
|
201 S->Des().Copy(aNonceI); |
|
202 S->Des().Append(aNonceR); |
|
203 S->Des().Append(SpiI()); |
|
204 S->Des().Append(SpiR()); |
|
205 |
|
206 HBufC8* KeyMat = IkeCrypto::GenerateKeyingMaterialL(aSKEYSEED, S->Des(), KeyMatLth, aPrfAlg); |
|
207 // |
|
208 // Store derived key material into negotiation object in the |
|
209 // following order: Key material = |
|
210 // SK_d | SK_ai | SK_ar | SK_ei | SK_er | SK_pi | SK_pr |
|
211 // |
|
212 TUint8* KeyMatBfr = (TUint8*)KeyMat->Ptr(); // Keymaterial buffer start |
|
213 iSK_d.Copy(KeyMatBfr, PrfKeyLth); |
|
214 KeyMatBfr += PrfKeyLth; |
|
215 iSK_ai.Copy(KeyMatBfr,IntKeyLth ); |
|
216 KeyMatBfr += IntKeyLth; |
|
217 iSK_ar.Copy(KeyMatBfr, IntKeyLth); |
|
218 KeyMatBfr += IntKeyLth; |
|
219 iSK_ei.Copy(KeyMatBfr, iCipherKeyLth); |
|
220 KeyMatBfr += iCipherKeyLth; |
|
221 iSK_er.Copy(KeyMatBfr, iCipherKeyLth); |
|
222 KeyMatBfr += iCipherKeyLth; |
|
223 iSK_pi.Copy(KeyMatBfr,PrfKeyLth ); |
|
224 KeyMatBfr += PrfKeyLth; |
|
225 iSK_pr.Copy(KeyMatBfr, PrfKeyLth); |
|
226 |
|
227 KeyMat->Des().FillZ(); // Wipe out key material (T1 | T2 | ...) data from buffer |
|
228 delete KeyMat; |
|
229 |
|
230 CleanupStack::PopAndDestroy(); //S |
|
231 } |
|
232 |
|
233 |
|
234 TUint32 TIkev2SAData::NextRequestId() const |
|
235 { |
|
236 TUint32 msgId = 0; |
|
237 if(iLastRequest != NULL) |
|
238 { |
|
239 msgId = iLastRequest->MessageId() + 1; |
|
240 } |
|
241 return msgId; |
|
242 } |
|
243 |
|
244 |
|
245 TUint32 TIkev2SAData::ExpectedResponseId() const |
|
246 { |
|
247 __ASSERT_DEBUG(iLastRequest != NULL, User::Invariant()); |
|
248 return iLastRequest->MessageId(); |
|
249 } |
|
250 |
|
251 TUint32 TIkev2SAData::ExpectedRequestId() const |
|
252 { |
|
253 TUint32 msgId = 0; |
|
254 if(iLastResponse != NULL) |
|
255 { |
|
256 msgId = iLastResponse->MessageId() + 1; |
|
257 } |
|
258 return msgId; |
|
259 } |