--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/networksecurity/ipsec/ipsec6/inc/spdb.h Tue Jan 26 15:23:49 2010 +0200
@@ -0,0 +1,237 @@
+// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// spdb.h - IPSEC security policy database
+// Security Policy Database
+//
+
+
+
+/**
+ @file spdb.h
+ @internalComponent
+*/
+#ifndef __SPDB_H__
+#define __SPDB_H__
+
+#include <e32std.h>
+#include <networking/crypto.h> // only for TAlgorithmClass, is this really necessary?
+#include "sa_spec.h"
+#include "ipaddress.h"
+
+class REndPoints;
+class RIpAddress;
+
+
+#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
+ class CSecurityProposalSpec : public CBase
+ {
+ public:
+ TUint8 iType;
+ TUint8 iAalg;
+ TUint16 iAalgLen;
+ TUint8 iEalg;
+ TUint16 iEalgLen;
+ TUint iLarvalLifetime;
+ struct sadb_lifetime iHard;
+ struct sadb_lifetime iSoft;
+ // Limits for key lengths (for ACQUIRE only)
+ TUint16 iMinAuthBits, iMaxAuthBits; //< Required length of the authentication key
+ TUint16 iMinEncryptBits, iMaxEncryptBits; //< Required length of the encryption key
+ };
+
+
+//
+// class CPropList
+//
+//
+class CPropList : public CArrayFixFlat<CSecurityProposalSpec *>
+ {
+ public:
+ static CPropList* NewL(TInt aGranularity);
+
+ void Construct(TInt aGranularity);
+
+ static CPropList* NewL(CPropList *aSAList);
+
+ void ConstructL(CPropList *aSAList);
+ private:
+
+ CPropList(TInt aGranularity);
+
+ CPropList(CPropList *aSAList);
+ };
+#endif SYMBIAN_IPSEC_VOIP_SUPPORT
+
+
+
+
+class CPolicySpec : public CIpsecReferenceCountObject
+ /**
+ * Security association template.
+ *
+ * Specify requirements for a Security Association.
+ *
+ * Each policy syntax construct "sa name = { parameters }" creates
+ * an instance of this.
+ */
+ {
+ ~CPolicySpec(); // private!
+public:
+ CPolicySpec();
+
+ TSecurityAssocSpec iSpec; //< The parameters of SA template
+ HBufC *iName; //< The name of the SA template
+#ifdef SYMBIAN_IPSEC_VOIP_SUPPORT
+ CPropList *iPropList;
+#endif //SYMBIAN_IPSEC_VOIP_SUPPORT
+ };
+
+class CPolicyAction : public CIpsecReferenceCountObject
+ /**
+ * Policy action description.
+ *
+ * Specify single IPsec action/transformation to do.
+ *
+ * Each policy syntax element the actions part of the
+ * "selector = { actions }" policy syntax generates
+ * one instance from this class.
+ */
+ {
+public:
+ ~CPolicyAction();
+ CPolicySpec *iSpec; //< Security Association specification
+ CTransportSelector *iTS; //< The selector applicapble to this action.
+ TUint iOptional:1; //< ==1, if this item is optional (experimental "feature")
+ TUint iIsTunnel:1; //< ==1, if tunnel address is was set (even if set as "::")
+ RIpAddress iTunnel; //< Use SA in tunnel mode (if specified non-zero)
+ };
+
+typedef class RArray<CPolicyAction *> RPolicyActions;
+
+class CSelectorInterface : public CBase
+ /**
+ * Hold interface information.
+ *
+ * Maintain mapping between interface name and index.
+ *
+ * Each policy syntax that uses "if name" selector references
+ * an instance of from this class. Only one instance per interface
+ * name is used.
+ */
+ {
+public:
+ CSelectorInterface();
+ ~CSelectorInterface();
+ CSelectorInterface *iNext; //< Next Inteface
+ TUint32 iInterfaceIndex; //< Real Interface Index, loaded at policy load time
+ HBufC *iName; //< Interface Name
+ };
+
+class CPolicySelector : public CBase
+ /**
+ * Selector and Action definition.
+ *
+ * The IPsec policy consists of an ordered sequence of instances of this
+ * object. Each is describes actions to be done, if the selector part
+ * matches.
+ */
+ {
+public:
+ CPolicySelector();
+ ~CPolicySelector();
+ CPolicySelector *iNext; //< The next selector.
+ const CSelectorInterface *iInterface;//< Limited to specific interface, if non-NULL
+ TUint32 iFilterMask; //< The filter definition.
+ TUint32 iFilterData; //< The filter definition.
+ CTransportSelector *iTS; //< The transport selectors.
+ RPolicyActions iActions; //< The actions, when selector matches
+ };
+
+class CSecurityPolicy : public CBase
+ /**
+ * Security Policy Database (SPD).
+ *
+ * The CSecurityPolicy class is a representation of a Security Policy Database (SPD).
+ * Each call to static SetPolicy function creates a new SPD from the text string
+ * which describes the policy.
+ */
+ {
+ friend class CProtocolSecpol;
+ friend class TParser;
+ //
+ // Construct an empty policy object
+ //
+ CSecurityPolicy();
+ ~CSecurityPolicy();
+public:
+ static TInt SetPolicy(CSecurityPolicy * &aPolicy, const TDesC &aNewPolicy, TUint &aOffset, REndPoints &aEp);
+
+ //
+ // The following methods are really intended to be used only
+ // by the Policy parser, not for generic consumption!
+ CPolicySpec *FindSpec(const TDesC &aName) const;
+
+ inline TAlgorithmMap *FindAlg(TAlgorithmClass aClass, TInt anAlg) const;
+ inline TAlgorithmMap *FindAlg(const TDesC &aLib, const TDesC &anAlg) const;
+ inline TAlgorithmMap *NewAlgL(const TDesC &aLib, const TDesC &anAlg) const;
+ const CSelectorInterface *LookupInterfaceL(const TDesC &aName);
+
+ CPolicySelector *iSelectors; //< Policy selectors to match
+private:
+ RArray<CPolicySpec *> iSpecs; //< SA specifications
+ RArray<RIpAddress> iEndPoints; //< EP definitions
+
+ CAlgorithmList *iAlgorithms; //< Algorithm Mapping
+ CSelectorInterface *iInterfaces; //< Interface Names
+ };
+
+
+TAlgorithmMap *CSecurityPolicy::FindAlg(TAlgorithmClass aClass, TInt anAlg) const
+ /**
+ * Find algorithm by class and number.
+ *
+ * @param aClass The class (digest or cipher)
+ * @param anAlg The number
+ * @return Algorithm mapping or NULL.
+ */
+ {
+ return iAlgorithms->Lookup(aClass, anAlg);
+ }
+
+TAlgorithmMap *CSecurityPolicy::FindAlg(const TDesC &aLib, const TDesC &anAlg) const
+ /**
+ * Find algorithm by name.
+ * @param aLib The libary name (or empty)
+ * @param anAlg The algorithm name
+ * @return Algorithm mapping or NULL.
+ */
+ {
+ return iAlgorithms->Lookup(aLib, anAlg);
+ }
+
+TAlgorithmMap *CSecurityPolicy::NewAlgL(const TDesC &aLib, const TDesC &anAlg) const
+ /**
+ * Create new algorithm entry.
+ *
+ * @param aLib The library name
+ * @param anAlg The algorithm name
+ * @return Algorithm mapping or NULL.
+ * @leave if allocation fails.
+ */
+ {
+ iAlgorithms->AddL(EAlgorithmClass_Cipher, 0, 0, aLib, anAlg);
+ return iAlgorithms->Lookup(aLib, anAlg);
+ }
+
+#endif