|
1 /* |
|
2 * Copyright (c) 2002-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Security parser algorithm manager. |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 #ifndef __SA_SPEC_H |
|
21 #define __SA_SPEC_H |
|
22 |
|
23 #include <networking/pfkeyv2.h> |
|
24 |
|
25 // |
|
26 // This file collects minimal definitions that need to be exported |
|
27 // from the Security Associations Database into Security Policy |
|
28 // database |
|
29 // |
|
30 // |
|
31 // Mapping of low level types in pfkeyv2.h into more semantic names |
|
32 // (This is to avoid a need to look many places in case pfkeyv2 changes) |
|
33 // |
|
34 typedef uint32_t TLifetimeAllocations; |
|
35 typedef uint64_t TLifetimeBytes; |
|
36 typedef uint64_t TLifetimeSeconds; |
|
37 |
|
38 |
|
39 // |
|
40 // The default life time in seconds for larval SA's created by |
|
41 // GETSPI (may also be used as a default for iLarvalLifetime in |
|
42 // TSecurityAssocSpec). |
|
43 // |
|
44 const TInt KLifetime_LARVAL_DEFAULT = 30; // seonds! |
|
45 |
|
46 class TIdentity : public TPtr8 |
|
47 { |
|
48 public: |
|
49 TIdentity(): TPtr8(0,0) {} |
|
50 }; |
|
51 |
|
52 // TLifetime, a help structure |
|
53 |
|
54 class TLifetime |
|
55 { |
|
56 public: |
|
57 TLifetime(const struct sadb_lifetime &aLifetime); |
|
58 static void Freeze(TTime &aTime, const TTime &aNow); |
|
59 TLifetime(); |
|
60 // For current, these will count items used so far. For Hard and |
|
61 // Soft these will contain the limit values for the current |
|
62 // counts. |
|
63 // study: present unspecified limit with 0 or max value? |
|
64 TLifetimeAllocations iAllocations; // Connections limit |
|
65 TLifetimeBytes iBytes; // Transmitted bytes limit |
|
66 // |
|
67 // For Current, these will record the creation and first use times. |
|
68 // For Hard and Soft, these will record the expiration times (e.g. |
|
69 // simple comparison with the current time can be used to test for |
|
70 // expiration, and for returning CURRENT values to application, use |
|
71 // the SecondsFrom method with current. |
|
72 // |
|
73 TTime iAddtime; // Lifetime limit from creation |
|
74 TTime iUsetime; // Lifetime limit from first use |
|
75 }; |
|
76 |
|
77 |
|
78 // |
|
79 // A template to be used while creating new security |
|
80 // associations (subclassed in Security Policy Database) |
|
81 // |
|
82 |
|
83 // |
|
84 // TSecurityAssocSpec |
|
85 // |
|
86 // Specify what is required from the SA that can be used |
|
87 // for the outbound packet. If no matching SA is found, an |
|
88 // acquire message is generated, and these values specify |
|
89 // the requested values for the SA. |
|
90 // |
|
91 // src, proxy |
|
92 // if no tunnel, proxy=INADDR_ANY, src=IP src |
|
93 // if tunnel, proxy=IP src, src=current host |
|
94 // |
|
95 class TSecurityAssocSpec |
|
96 { |
|
97 public: |
|
98 // |
|
99 // SA selection fields |
|
100 // |
|
101 TUint8 iType; // SA type (AH or ESP) |
|
102 TUint8 iAalg; // Authentication algorithm id |
|
103 TUint16 iAalgLen; // Authentication algorithm key length |
|
104 TUint8 iEalg; // Encryption algorithm id |
|
105 TUint16 iEalgLen; // Encryption algorithm Key length |
|
106 TUint8 iReplayWindowLength; // Replay Window length (equal or greater) |
|
107 TUint8 iPfs:1; // SA must have same value of PFS |
|
108 TUint8 iMatchSrc:1; // SA must have a matching src |
|
109 TUint8 iMatchProxy:1; // SA must have a matching proxy |
|
110 TUint8 iMatchProtocol:1; // SA must have a matching protocol |
|
111 TUint8 iMatchLocalPort:1; // SA must have a matching src port |
|
112 TUint8 iMatchRemotePort:1; // SA must have a matching dst port |
|
113 TUint8 iMatchLocal:1; //resulting SA is limited to the specific local adress defined by the packet |
|
114 TUint8 iMatchRemote:1; //resulting SA is limited to the specific remote adress defined by the packet |
|
115 |
|
116 // |
|
117 // Identity reference |
|
118 // (This is currently only used for ACQUIRE Message) |
|
119 // |
|
120 |
|
121 //!!!!!!!!!!!!!!!!!!!!!!!!!! Fields deleted!!!! |
|
122 |
|
123 //struct sadb_ident iIdentity; // Preformatted for the PFKEY |
|
124 //TIdentity iIdentityData; // NUL terminated Identity (NUL included |
|
125 // in the length!) |
|
126 //!!!!!!!!!!!!!!!!!!!!!!!!!! |
|
127 |
|
128 // |
|
129 // iLarvalLifetime specifies the maximum time to wait in |
|
130 // larval/egg state, when an ACQUIRE request originating |
|
131 // from this template is sent to the key management. |
|
132 // |
|
133 TUint iLarvalLifetime; // Seconds (0 => use KLifetime_LARVAL_DEFAULT) |
|
134 // |
|
135 // These are only used in specifying the life time requirements |
|
136 // for the acquire message and are thus preformatted to be used |
|
137 // directly as a component of the TPfkeyMessage. |
|
138 |
|
139 struct sadb_lifetime iHard; // Hard Lifetime requirement |
|
140 struct sadb_lifetime iSoft; // Soft Lifetime requirement |
|
141 }; |
|
142 |
|
143 // endpoint name specification |
|
144 class TEpSpec |
|
145 { |
|
146 public: |
|
147 TInetAddr iEpAddr; |
|
148 TBool iIsOptional; |
|
149 }; |
|
150 |
|
151 |
|
152 #endif |