Mercurial Mercurial > oss > MCL > sf > os > networkingsrv / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
networksecurity/ipsec/ipsec6/inc/spdb.h
changeset 0 af10295192d8
child 20 7e41d162e158 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/ipsec/ipsec6/inc/spdb.h	Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,237 @@
+// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// spdb.h - IPSEC security policy database
+// Security Policy Database
+//
+
+
+
+/**
+ @file spdb.h
+ @internalComponent
+*/
+#ifndef __SPDB_H__
+#define __SPDB_H__
+
+#include <e32std.h>
+#include <networking/crypto.h>	// only for TAlgorithmClass, is this really necessary?
+#include "sa_spec.h"
+#include "ipaddress.h"
+
+class REndPoints;
+class RIpAddress;
+
+
+#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
+ class CSecurityProposalSpec  : public CBase
+    {
+    public:
+    	TUint8 iType;
+    	TUint8 iAalg;
+    	TUint16 iAalgLen;
+    	TUint8 iEalg;	
+    	TUint16 iEalgLen;	
+    	TUint iLarvalLifetime;	        
+    	struct sadb_lifetime iHard;	
+    	struct sadb_lifetime iSoft;  	
+	// Limits for key lengths (for ACQUIRE only)
+	TUint16 iMinAuthBits, iMaxAuthBits;		//< Required length of the authentication key
+	TUint16 iMinEncryptBits, iMaxEncryptBits;	//< Required length of the encryption key    	
+    };
+    
+    
+//
+// class CPropList
+//
+//
+class CPropList : public CArrayFixFlat<CSecurityProposalSpec *>
+    {
+    public:
+         static CPropList* NewL(TInt aGranularity);
+
+         void Construct(TInt aGranularity);
+
+         static CPropList* NewL(CPropList *aSAList);
+
+         void ConstructL(CPropList *aSAList);
+    private:
+
+        CPropList(TInt aGranularity);
+
+        CPropList(CPropList *aSAList);
+    };
+#endif SYMBIAN_IPSEC_VOIP_SUPPORT
+
+
+
+
+class CPolicySpec : public CIpsecReferenceCountObject
+	/**
+	* Security association template.
+	*
+	* Specify requirements for a Security Association.
+	*
+	* Each policy syntax construct "sa name = { parameters }" creates
+	* an instance of this.
+	*/
+	{
+	~CPolicySpec();				// private!
+public:
+    CPolicySpec();
+
+	TSecurityAssocSpec iSpec;		//< The parameters of SA template
+	HBufC *iName;					//< The name of the SA template
+#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
+	CPropList *iPropList;
+#endif //SYMBIAN_IPSEC_VOIP_SUPPORT
+	};
+
+class CPolicyAction : public CIpsecReferenceCountObject
+	/**
+	* Policy action description.
+	*
+	* Specify single IPsec action/transformation to do.
+	*
+	* Each policy syntax element the actions part of the
+	* "selector = { actions }" policy syntax generates
+	* one instance from this class.
+	*/
+	{
+public:
+	~CPolicyAction();
+	CPolicySpec *iSpec;			//< Security Association specification
+ 	CTransportSelector *iTS;	//< The selector applicapble to this action.
+ 	TUint iOptional:1;			//< ==1, if this item is optional (experimental "feature")
+	TUint iIsTunnel:1;			//< ==1, if tunnel address is was set (even if set as "::")
+	RIpAddress iTunnel;			//< Use SA in tunnel mode (if specified non-zero)
+	};
+
+typedef class RArray<CPolicyAction *> RPolicyActions;
+
+class CSelectorInterface : public CBase
+	/**
+	* Hold interface information.
+	*
+	* Maintain mapping between interface name and index.
+	*
+	* Each policy syntax that uses "if name" selector references
+	* an instance of from this class. Only one instance per interface
+	* name is used.
+	*/
+	{
+public:
+	CSelectorInterface();
+	~CSelectorInterface();
+	CSelectorInterface *iNext;	//< Next Inteface
+	TUint32 iInterfaceIndex;	//< Real Interface Index, loaded at policy load time
+	HBufC *iName;				//< Interface Name
+	};
+
+class CPolicySelector : public CBase
+	/**
+	* Selector and Action definition.
+	*
+	* The IPsec policy consists of an ordered sequence of instances of this
+	* object. Each is describes actions to be done, if the selector part
+	* matches.
+	*/
+	{
+public:
+	CPolicySelector();
+	~CPolicySelector();
+	CPolicySelector *iNext;				//< The next selector.
+	const CSelectorInterface *iInterface;//< Limited to specific interface, if non-NULL
+	TUint32 iFilterMask;				//< The filter definition.
+	TUint32 iFilterData;				//< The filter definition.
+	CTransportSelector *iTS;			//< The transport selectors.
+	RPolicyActions iActions;			//< The actions, when selector matches
+	};
+
+class CSecurityPolicy : public CBase
+	/**
+	* Security Policy Database (SPD).
+	*
+	* The CSecurityPolicy class is a representation of a Security Policy Database (SPD).
+	* Each call to static SetPolicy function creates a new SPD from the text string
+	* which describes the policy.
+	*/
+	{
+	friend class CProtocolSecpol;
+	friend class TParser;
+	//
+	// Construct an empty policy object
+	//
+	CSecurityPolicy();
+	~CSecurityPolicy();
+public:
+	static TInt SetPolicy(CSecurityPolicy * &aPolicy, const TDesC &aNewPolicy, TUint &aOffset, REndPoints &aEp);
+
+	//
+	// The following methods are really intended to be used only
+	// by the Policy parser, not for generic consumption!
+	CPolicySpec *FindSpec(const TDesC &aName) const;
+
+	inline TAlgorithmMap *FindAlg(TAlgorithmClass aClass, TInt anAlg) const;
+	inline TAlgorithmMap *FindAlg(const TDesC &aLib, const TDesC &anAlg) const;
+	inline TAlgorithmMap *NewAlgL(const TDesC &aLib, const TDesC &anAlg) const;
+	const CSelectorInterface *LookupInterfaceL(const TDesC &aName);
+
+	CPolicySelector *iSelectors;			//< Policy selectors to match
+private:
+	RArray<CPolicySpec *> iSpecs;			//< SA specifications
+	RArray<RIpAddress> iEndPoints;			//< EP definitions
+
+	CAlgorithmList *iAlgorithms;			//< Algorithm Mapping
+	CSelectorInterface *iInterfaces;		//< Interface Names
+	};
+
+
+TAlgorithmMap *CSecurityPolicy::FindAlg(TAlgorithmClass aClass, TInt anAlg) const
+	/**
+	* Find algorithm by class and number.
+	*
+	* @param aClass The class (digest or cipher)
+	* @param anAlg The number
+	* @return Algorithm mapping or NULL.
+	*/
+	{
+	return iAlgorithms->Lookup(aClass, anAlg);
+	}
+
+TAlgorithmMap *CSecurityPolicy::FindAlg(const TDesC &aLib, const TDesC &anAlg) const
+	/**
+	* Find algorithm by name.
+	* @param aLib The libary name (or empty)
+	* @param anAlg The algorithm name
+	* @return Algorithm mapping or NULL.
+	*/
+	{
+	return iAlgorithms->Lookup(aLib, anAlg);
+	}
+
+TAlgorithmMap *CSecurityPolicy::NewAlgL(const TDesC &aLib, const TDesC &anAlg) const
+	/**
+	* Create new algorithm entry.
+	*
+	* @param aLib The library name
+	* @param anAlg The algorithm name
+	* @return Algorithm mapping or NULL.
+	* @leave if allocation fails.
+	*/
+	{
+	iAlgorithms->AddL(EAlgorithmClass_Cipher, 0, 0, aLib, anAlg);
+	return iAlgorithms->Lookup(aLib, anAlg);
+	}
+
+#endif
MCL/sf/os/networkingsrv