--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/vpnengine/ikev1lib/inc/ikev1SAdata.h Thu Dec 17 09:14:51 2009 +0200
@@ -0,0 +1,220 @@
+/*
+* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: IKEv1 SA data definition
+*
+*/
+
+
+#ifndef T_IKEV1SADATA_H
+#define T_IKEV1SADATA_H
+
+#include "internaladdress.h"
+#include "ikemsgheader.h"
+#include "ikev1payloads.h"
+
+class CIkeData;
+
+#define IKEV1_KEY_MATERIAL_SIZE 64
+#define IKEV1_MAX_IV_SIZE 20 //Max hash algorithm output size
+#define DEFAULT_MAX_ISAKMP_LIFETIME 28000 //for security reasons
+
+// Class TIkev1SAData is the IKEv1 SA parameter definition
+// which is used to pass SA information between IKE server and IKEv1
+// plug-in.
+class TIkev1SAData
+{
+public:
+ TIkev1SAData()
+ :iCookie_I(),
+ iCookie_R(),
+ iSAId(0),
+ iSAState(0),
+ iInitiator(EFalse),
+ iDPDSupported(EFalse),
+ iFamiliarPeer(EFalse),
+ iNAT_T_Required(EFalse),
+ iAutoLogin(EFalse),
+ iNAT_D_Flags(0),
+ iIkeData(NULL),
+ iLocalAddr(),
+ iRemoteAddr(),
+ iDestinAddr(),
+ iVirtualIp(NULL),
+ iSeq(0),
+ iPrevExchange(0),
+ iFlags(0),
+ iEncrAlg(0),
+ iHashAlg(0),
+ iAuthMethod(0),
+ iGroupDesc(0),
+ iGroupType(0),
+ iKeyLength(0),
+ iPRF(0),
+ iLifeTimeSecs(0),
+ iLifeTimeKB(0),
+ iDPDRetry(0),
+ iDPDSequence(0),
+ iPendingDPDSequence(0),
+ iExpectedDPDSequence(0),
+ iLastIKEMsgInfo(),
+ iLastMsg(NULL)
+ {}
+ inline void CleanUp()
+ {
+ delete iVirtualIp;
+ iVirtualIp = NULL;
+ delete iLastMsg;
+ iLastMsg = NULL;
+ }
+ inline void StoreVirtualIp(CInternalAddress* aVirtualIp)
+ {
+ delete iVirtualIp;
+ iVirtualIp = aVirtualIp;
+ }
+ inline void CopyL(TIkev1SAData& aSrc)
+ {
+ CInternalAddress* SavedVip = iVirtualIp;
+ HBufC8* SavedLastMsg = iLastMsg;
+ Mem::Copy((TUint8*)&iCookie_I, (TUint8*)&aSrc.iCookie_I, sizeof(TIkev1SAData));
+ iVirtualIp = SavedVip;
+ iLastMsg = SavedLastMsg;
+ if ( aSrc.iVirtualIp )
+ {
+ StoreVirtualIp(CInternalAddress::NewL(*(aSrc.iVirtualIp)));
+ }
+ if ( aSrc.iLastMsg &&
+ aSrc.iLastMsg != iLastMsg )
+ {
+ delete iLastMsg;
+ iLastMsg = aSrc.iLastMsg->AllocL();
+ }
+ }
+
+public:
+ TCookie iCookie_I; // Initiator Cookie
+ TCookie iCookie_R; // Responder Cookie
+ TUint32 iSAId; // Internal negotiation Id
+
+ TInt iSAState; // IKE SA State
+ TBool iInitiator; // TRUE if local end is initiator
+ TBool iDPDSupported; // Both ends support DPD
+ TBool iFamiliarPeer; // Nokia VPN implementation detected in peer
+ TBool iNAT_T_Required; // True when NAT detected between local end and peer
+ TBool iAutoLogin; // SA negotiated due RKMD::Activate request
+ TUint32 iNAT_D_Flags; // If not zero, there is NAT between sites
+
+ CIkeData* iIkeData;
+
+ TInetAddr iLocalAddr;
+ TInetAddr iRemoteAddr; // Remote Address ("From Policy")
+ TInetAddr iDestinAddr; // Current peer destination address and port
+ CInternalAddress* iVirtualIp; // Virtual IP address (and DNS addresses)
+
+ TUint32 iSeq; // For PFKEY API
+ TUint8 iPrevExchange; // Used to process the last msg of Phase I
+ TUint8 iFlags; // Flags in the msg header
+ //
+ // Selected IKE SA proposal
+ //
+ TUint16 iEncrAlg; //OAKLEY encryption function
+ TUint16 iHashAlg; //OAKLEY hash function
+ TUint16 iAuthMethod; //OAKLEY authentication function
+ TUint16 iGroupDesc; //OAKLEY GROUP
+ TUint16 iGroupType; //OAKLEY GROUP type
+ TUint16 iKeyLength; //Encryption key length
+ TUint16 iPRF; //Reserved
+ TUint32 iLifeTimeSecs; //SA lifetime seconds
+ TUint32 iLifeTimeKB; //SA lifetime KiloBytes
+
+ //
+ // IKE SA DPD (keep alive) protocol parameters
+ //
+ TInt iDPDRetry;
+ TUint32 iDPDSequence;
+ TUint32 iPendingDPDSequence;
+ TUint32 iExpectedDPDSequence;
+
+ // Last IKE msg info
+ TLastIKEMsg iLastIKEMsgInfo;
+ HBufC8* iLastMsg;
+ TInetAddr iLastRemoteAddr;
+
+ //
+ // IKEv1 keymaterial
+ //
+ TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID; //KEY used for encryption/decryption of messages
+ TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_d; //KEY used to derive keys for non-ISAKMP SAs
+ TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_a; //KEY used for authentication of ISAKMP messages
+ TBuf8<IKEV1_KEY_MATERIAL_SIZE> iSKEYID_e; //KEY used for encryption/decryption of ISAKMP messages
+
+ TBuf8<IKEV1_MAX_IV_SIZE> iIV; //normal IV
+ TBuf8<IKEV1_MAX_IV_SIZE> iLastIV; //Saves the last IV of PHASE_I to compute iNotifIV everytime and the first IV in Quick mode
+
+};
+
+
+class CSARekeyInfo : public CBase
+{
+ public:
+ static CSARekeyInfo* NewL(const TCookie& aICookie, const TCookie& aRCookie,
+ CInternalAddress* aInternalAddr)
+ {
+ return new (ELeave) CSARekeyInfo(aICookie, aRCookie, aInternalAddr);
+ }
+ ~CSARekeyInfo()
+ {
+ delete iInternalAddr;
+ }
+
+ inline const TCookie& GetCookieI() { return iCookie_I;}
+ inline const TCookie& GetCookieR() { return iCookie_R;}
+ inline CInternalAddress* GetInternalAddr()
+ {
+ CInternalAddress* VirtualIp = iInternalAddr;
+ iInternalAddr = NULL;
+ return VirtualIp;
+ }
+
+ private:
+ CSARekeyInfo(const TCookie& aICookie, const TCookie& aRCookie,
+ CInternalAddress* aInternalAddr)
+ :iCookie_I(aICookie),
+ iCookie_R(aRCookie),
+ iInternalAddr(aInternalAddr)
+ {}
+
+ private:
+ TCookie iCookie_I; // Initiator Cookie of the IKE SA rekeyed
+ TCookie iCookie_R; // Responder Cookie of the IKE SA rekeyed
+ CInternalAddress* iInternalAddr;
+
+};
+
+
+class TIpsecSPI
+{
+ public:
+ TIpsecSPI()
+ :iSrcAddr(), iDstAddr(), iSPI(0), iInbound(EFalse), iProtocol(0)
+ {};
+ public:
+ TInetAddr iSrcAddr;
+ TInetAddr iDstAddr;
+ TUint32 iSPI;
+ TBool iInbound; // Inbound = ETrue
+ TUint8 iProtocol;
+ TUint8 iReserved[3];
+};
+
+#endif // T_IKEV1SADATA_H