|
1 /* |
|
2 * Copyright (c) 2002-2006 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: IPSec policy parser main module. |
|
15 * A parser for IPsec policies. Converts textual IPsec policies into |
|
16 * in-memory data structures and vice versa. |
|
17 * |
|
18 */ |
|
19 |
|
20 |
|
21 |
|
22 #ifndef __IPSECPOLPARSER_H |
|
23 #define __IPSECPOLPARSER_H |
|
24 |
|
25 ////////////////////////////////////////////////////////////////////////////// |
|
26 // INCLUDE FILES |
|
27 ////////////////////////////////////////////////////////////////////////////// |
|
28 |
|
29 #include <f32file.h> |
|
30 #include <in_sock.h> |
|
31 |
|
32 #include "spdb.h" |
|
33 |
|
34 ////////////////////////////////////////////////////////////////////////////// |
|
35 // CONSTANTS |
|
36 ////////////////////////////////////////////////////////////////////////////// |
|
37 |
|
38 #define FIRST_SEC_PARSER_VERSION 1 |
|
39 #define SEC_PARSER_VERSION 3 |
|
40 |
|
41 #define MAX_EALG_VALUE 255 |
|
42 #define MAX_INFO_SIZE 1024 |
|
43 #define PIECE_AVG_LENGTH 2048 |
|
44 |
|
45 #define PFKEY_INI_OUTBOUND 8 |
|
46 #define PFKEY_INI_INBOUND 4 |
|
47 #define KErrKeyParser 50 |
|
48 |
|
49 const TInt KPolicyBufferSizeIncrement = 6000; |
|
50 |
|
51 ////////////////////////////////////////////////////////////////////////////// |
|
52 // ENUMERATIONS |
|
53 ////////////////////////////////////////////////////////////////////////////// |
|
54 |
|
55 typedef enum |
|
56 { |
|
57 token_string, |
|
58 token_equal, |
|
59 token_comma, |
|
60 token_brace_left, |
|
61 token_brace_right, |
|
62 token_par_left, |
|
63 token_par_right, |
|
64 token_error, |
|
65 token_eof |
|
66 } |
|
67 token_type; |
|
68 |
|
69 ////////////////////////////////////////////////////////////////////////////// |
|
70 // FORWARD DECLARATIONS |
|
71 ////////////////////////////////////////////////////////////////////////////// |
|
72 |
|
73 class CIpSecurityPiece; |
|
74 |
|
75 ////////////////////////////////////////////////////////////////////////////// |
|
76 // CLASS DECLARATIONS |
|
77 ////////////////////////////////////////////////////////////////////////////// |
|
78 |
|
79 ////////////////////////////////////////////////////////////////////////////// |
|
80 // class TPolicyParser |
|
81 // This parser is utilized by IPsec Policy Manager to convert a given policy |
|
82 // from string format into binary object format and vice versa. |
|
83 ////////////////////////////////////////////////////////////////////////////// |
|
84 // |
|
85 class TPolicyParser : public TLex |
|
86 { |
|
87 public: |
|
88 IMPORT_C TPolicyParser(const TDesC& aPolicy); |
|
89 |
|
90 IMPORT_C TInt ParseL(CIpSecurityPiece* aPieceData); |
|
91 |
|
92 IMPORT_C static TInt Write(CSecurityPolicy* aSp, |
|
93 HBufC8*& aPolBfr, |
|
94 TBool aSortingOrder = EFalse); |
|
95 |
|
96 IMPORT_C static TInt BufferAppend(HBufC8*& aPolBfr, |
|
97 const TDesC8& aText); |
|
98 |
|
99 private: |
|
100 static TInt WriteSAs(CSAList* aSAList, |
|
101 HBufC8*& aPolBfr); |
|
102 |
|
103 static void TextSA(CPolicySpec* aSA, TDes8& aBuf); |
|
104 |
|
105 static TInt WriteSelectors(CSelectorList* aSelList, |
|
106 HBufC8*& aPolBfr, |
|
107 TBool aSortingOrder = EFalse); |
|
108 |
|
109 static TInt WriteSelectorsInSortingOrder(CSelectorList* aSelList, |
|
110 HBufC8*& aPolBfr, |
|
111 TBool aSortingOrder = ETrue); |
|
112 |
|
113 static void TextSel(CPolicySelector* aSel, |
|
114 TDes8& aBuf, |
|
115 TBool aSortingOrder = EFalse); |
|
116 |
|
117 TInt parse_ip_addr_and_maskL(TInetAddr& addr, |
|
118 TInetAddr& mask, |
|
119 HBufC8*& aSelEpName, |
|
120 HBufC8*& aMaskEpName, |
|
121 CSecurityPolicy* aSecPol = NULL); |
|
122 |
|
123 TInt parse_sa_spec_listL(TSecpolBundle& aBundle, |
|
124 CSecurityPolicy* aSp, TInt& aFQDNCount); |
|
125 |
|
126 TInt parse_sa_spec_paramsL(CPolicySpec& aSpec); |
|
127 |
|
128 TInt parse_conn2saL(CSecurityPolicy* aSp); |
|
129 |
|
130 TInt parse_sa_specL(CSecurityPolicy* aSp); |
|
131 |
|
132 TInt parse_ep_specL(CSecurityPolicy* aSp); |
|
133 |
|
134 TInt parse_ep_spec_paramsL(CPolicySpec& aSpec); |
|
135 |
|
136 token_type NextToken(); |
|
137 |
|
138 void SkipSpaceAndMark(); |
|
139 |
|
140 void Error(TRefByValue <const TDesC> aFmt, ...); |
|
141 |
|
142 public: |
|
143 |
|
144 int iLine; |
|
145 |
|
146 TBuf<200> iMsg; |
|
147 |
|
148 TPtrC iToken; |
|
149 }; |
|
150 |
|
151 ////////////////////////////////////////////////////////////////////////////// |
|
152 // class CKeysData |
|
153 // This object contains IPsec key information. |
|
154 ////////////////////////////////////////////////////////////////////////////// |
|
155 // |
|
156 class CKeysData : public CBase |
|
157 { |
|
158 public: |
|
159 IMPORT_C CKeysData(); |
|
160 IMPORT_C CKeysData(CKeysData* aKey); |
|
161 |
|
162 public: |
|
163 TUint8 sa_type; |
|
164 TInt spi; |
|
165 TUint8 encr_alg; |
|
166 TUint8 auth_alg; |
|
167 TInt direction; |
|
168 TInt lifetime_bytes; |
|
169 TInt lifetime_sec; |
|
170 TInetAddr src_addr; |
|
171 TInetAddr dst_addr; |
|
172 TUint8 protocol; |
|
173 TBuf8<256> auth_key; |
|
174 TBuf8<256> encr_key; |
|
175 }; |
|
176 |
|
177 ////////////////////////////////////////////////////////////////////////////// |
|
178 // class CKeysDataArray |
|
179 // Container for storing IPsec keys. |
|
180 ////////////////////////////////////////////////////////////////////////////// |
|
181 // |
|
182 class CKeysDataArray : public CArrayFixFlat<CKeysData *> |
|
183 { |
|
184 public: |
|
185 IMPORT_C static CKeysDataArray* NewL(TInt aGranularity); |
|
186 IMPORT_C static CKeysDataArray* NewL(CKeysDataArray* aData); |
|
187 |
|
188 IMPORT_C void Construct(TInt aGranularity); |
|
189 |
|
190 IMPORT_C void ConstructL(CKeysDataArray* aData); |
|
191 |
|
192 IMPORT_C ~CKeysDataArray(); |
|
193 |
|
194 IMPORT_C void CopyL(CKeysDataArray* aData); |
|
195 |
|
196 IMPORT_C void Empty(); |
|
197 |
|
198 private: |
|
199 |
|
200 CKeysDataArray(TInt aGranularity); |
|
201 |
|
202 CKeysDataArray(CKeysDataArray* aData); |
|
203 }; |
|
204 |
|
205 ////////////////////////////////////////////////////////////////////////////// |
|
206 // class TKeyParser |
|
207 // Parses IPsec key information from string format into binary format |
|
208 // and vice versa. |
|
209 ////////////////////////////////////////////////////////////////////////////// |
|
210 // |
|
211 class TKeyParser : public TLex |
|
212 { |
|
213 public: |
|
214 IMPORT_C TKeyParser(const TDesC& aStr); |
|
215 |
|
216 IMPORT_C TInt ParseL(CKeysDataArray* aKeys); |
|
217 |
|
218 IMPORT_C static TInt Write(CKeysDataArray* aKeys, RFile& aFile); |
|
219 |
|
220 private: |
|
221 static void TextPFKey(CKeysData* aKey, TDes8& aElem); |
|
222 |
|
223 void NextToken(); |
|
224 |
|
225 TPtrC8 DeHex(const TDesC& aStr); |
|
226 |
|
227 int SkipSpaceAndMark(); |
|
228 |
|
229 static TUint8 HexVal(TUint8 aChar); |
|
230 |
|
231 TPtrC iToken; |
|
232 |
|
233 // Non-zero, if next token is first in line |
|
234 TInt iFirst; |
|
235 |
|
236 TBuf8<256> iHex; |
|
237 }; |
|
238 |
|
239 ////////////////////////////////////////////////////////////////////////////// |
|
240 // class CIpSecurityPiece |
|
241 // Contains all IPsec policy information. |
|
242 ////////////////////////////////////////////////////////////////////////////// |
|
243 // |
|
244 class CIpSecurityPiece : public CBase |
|
245 { |
|
246 public: |
|
247 |
|
248 // Factory methods for object creation |
|
249 IMPORT_C void ConstructL(TInt aSize = 64); |
|
250 IMPORT_C ~CIpSecurityPiece(); |
|
251 |
|
252 // |
|
253 IMPORT_C void SetInfoL(const TDesC& aDes); |
|
254 |
|
255 IMPORT_C CSecPolBundleList* FQDNAddressListL(); |
|
256 |
|
257 |
|
258 inline HBufC* Info() { return iInfo;} |
|
259 |
|
260 inline CSecurityPolicy* Policies() { return iPolicies;} |
|
261 |
|
262 inline void SetPolicies(CSecurityPolicy* aPolicy) {iPolicies = aPolicy;} |
|
263 |
|
264 inline CKeysDataArray* Keys() { return iKeys;} |
|
265 |
|
266 // Buffer for last error text |
|
267 TBuf<200> iErrorInfo; |
|
268 |
|
269 private: |
|
270 |
|
271 // Buffer for IPsec policy information text |
|
272 HBufC* iInfo; |
|
273 |
|
274 // IPsec Policy data |
|
275 CSecurityPolicy* iPolicies; |
|
276 |
|
277 // IPsec keys data |
|
278 CKeysDataArray* iKeys; |
|
279 |
|
280 // List of tunnel endpoint requiring DNS lookup |
|
281 CSecPolBundleList* iPolicyList; |
|
282 |
|
283 }; |
|
284 |
|
285 ////////////////////////////////////////////////////////////////////////////// |
|
286 // class TIpSecParser |
|
287 // Parser for IPsec policies. |
|
288 ////////////////////////////////////////////////////////////////////////////// |
|
289 // |
|
290 class TIpSecParser : public TLex |
|
291 { |
|
292 public: |
|
293 IMPORT_C TIpSecParser(const TDesC& aDes); |
|
294 |
|
295 IMPORT_C TInt ParseL(CIpSecurityPiece* aPiece_data); |
|
296 |
|
297 IMPORT_C static TInt Write(CIpSecurityPiece* aPiece_data, |
|
298 HBufC8*& aPolBfr); |
|
299 |
|
300 IMPORT_C TInt ParseAndIgnoreIKEL(CIpSecurityPiece* aPiece_data); |
|
301 |
|
302 private: |
|
303 TBool CheckVersion(); |
|
304 |
|
305 void ParseInfoL(CIpSecurityPiece* aPiece_data); |
|
306 |
|
307 TInt ParsePoliciesL(CIpSecurityPiece* aPieceData); |
|
308 |
|
309 TInt ParseKeysL(CKeysDataArray* aKeys); |
|
310 |
|
311 void NextTag(); |
|
312 |
|
313 TInt DoParseL(CIpSecurityPiece* aPiece_data, TBool aIncludeIKE); |
|
314 |
|
315 static TInt WriteVersion(HBufC8*& aPolBfr); |
|
316 |
|
317 static TInt WriteInfo(CIpSecurityPiece* aPiece_data, |
|
318 HBufC8*& aPolBfr); |
|
319 |
|
320 static TInt WritePolicies(CIpSecurityPiece* aPiece_data, |
|
321 HBufC8*& aPolBfr); |
|
322 |
|
323 static TInt WriteKeys(CIpSecurityPiece* aPiece_data, |
|
324 RFile& aFile); |
|
325 |
|
326 private: |
|
327 |
|
328 // IPsec policy version info |
|
329 TInt iVersion; |
|
330 }; |
|
331 |
|
332 #endif |