diff -r 000000000000 -r 33413c0669b9 vpnengine/ikepolparser/inc/ikepolparser.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/ikepolparser/inc/ikepolparser.h Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,444 @@ +/* +* Copyright (c) 1999-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: IKE policy parser main module +* +*/ + + + +#ifndef __IKEPOLPARSER_H +#define __IKEPOLPARSER_H + +#include +#include +#include + +#define FIRST_SEC_PARSER_VERSION 1 +#define SEC_PARSER_VERSION 3 + +#define IKE_HOST_SEPARATOR _L("[HOST]") +#define IKE_SEPARATOR _L("[IKE]") +#define IKE_HOST_SEPARATOR_LEN 6 +#define IKE_GENERAL_SEPARATOR _L("[GENERAL]") +#define IKE_GENERAL_SEPARATOR_LEN 9 + +#define MAX_INFO_SIZE 1024 +#define PIECE_AVG_LENGTH 2048 + +const TInt KIkePolicyBufferSizeIncrement = 6000; + +const TInt KNokiaNattDefaultPort = 9872; + +//Security Ike Parser Error codes +// NOTE! The error code values below MUST be kept in sync with +// the corresponding error code values defined together by +// vpnapi/data/vpnerr.rss and vpnapi/data/vpnerr.ra +const TInt KSecParserErrMode = -5263; +const TInt KSecParserErrNotify = -5264; +const TInt KSecParserErrCommit = -5265; +const TInt KSecParserErrIpsecExpire = -5266; +const TInt KSecParserErrSendCert = -5267; +const TInt KSecParserErrInitialContact = -5268; +const TInt KSecParserErrResponderLifetime = -5269; +const TInt KSecParserErrReplayStatus = -5270; +const TInt KSecParserErrGroupDesc_II = -5271; +const TInt KSecParserErrProposal = -5272; +const TInt KSecParserErrEncrAlg = -5273; +const TInt KSecParserErrAuthMethod = -5274; +const TInt KSecParserErrHashAlg = -5275; +const TInt KSecParserErrGroupDesc = -5276; +const TInt KSecParserErrGroupType = -5277; +const TInt KSecParserErrLifeBytes = -5278; +const TInt KSecParserErrLifeSecs = -5279; +const TInt KSecParserErrPRF = -5280; +const TInt KSecParserErrPreKey = -5281; +const TInt KSecParserErrPreFormat = -5282; +const TInt KSecParserErrCA = -5283; +const TInt KSecParserErrOwnCerts = -5284; +const TInt KSecParserErrOwnName = -5285; +const TInt KSecParserErrOwnKey = -5286; +const TInt KSecParserErrPeerCerts = -5287; +const TInt KSecParserErrPeerAddr = -5288; +const TInt KSecParserErrPeerMask = -5289; +const TInt KSecParserErrMaxLifetimeSec = -5290; +const TInt KSecParserErrMaxLifetimeKB = -5291; +const TInt KSecParserErrMaxRetrans = -5292; +const TInt KSecParserErrNoSeparator = -5293; +const TInt KSecParserErrCRACKLAMType = -5294; +const TInt KSecParserErrUseIntAddr = -5295; +const TInt KSecParserErrUseNATProbe = -5296; +const TInt KSecParserErrUnknown = -5297; + + + +//Values for the choice lists used in the .RSS +enum {IKE_PARSER_MAIN, + IKE_PARSER_AGGRESSIVE}; //Modes +enum {IKE_PARSER_DES_CBC, + IKE_PARSER_DES3_CBC, + IKE_PARSER_AES_CBC}; +enum {IKE_PARSER_PRE_SHARED, + IKE_PARSER_DSS_SIG, + IKE_PARSER_RSA_SIG, + IKE_PARSER_RSA_ENCR, + IKE_PARSER_RSA_REV_ENCR, + IKE_PARSER_CRACK}; +enum {IKE_PARSER_MD5, + IKE_PARSER_SHA1}; +enum {IKE_PARSER_MODP_768 = 1, + IKE_PARSER_MODP_1024 = 2, + IKE_PARSER_MODP_1536 = 5, + IKE_PARSER_MODP_2048 = 14}; +enum {IKE_PARSER_DEFAULT, + IKE_PARSER_MODP}; +enum {IKE_PARSER_NONE, + IKE_PARSER_DES3_CBC_MAC}; + +//CRACK Legacy Authentication types +#define IKE_PARSER_CRACK_PASSWORD 1 + +//------------------------------------------------------------------------ +// +// IKE Parser +// +//------------------------------------------------------------------------ + +//Data on a single proposal +struct TProposalData +{ + TUint8 iEncrAlg; + TUint8 iAuthMeth; + TUint8 iHashAlg; + TUint8 iGroupDesc; + TUint8 iGroupType; + TUint8 iPRF; + TUint32 iLifetimeKb; + TUint32 iLifetimeSec; + TInt iEncrKeyLth; + + TProposalData *iNext; //Used for chaining + TProposalData *iPrev; //to make easier changing the order + +}; + + +static const TUint KMaxPresharedKeyLength = 256; +enum TKeyFormat +{ + STRING_KEY = 0, + HEX_KEY = 1 +}; + +struct TPresharedKeyData +{ + TBuf iKey; + TKeyFormat iFormat; +}; + +enum TCertFormat +{ + PEM_CERT = 0, + BIN_CERT = 1, + CA_NAME = 2, + KEY_ID = 3, + APPL_UID = 4 +}; + + +//RSA Encryption peer public keys +struct TCertInfo +{ + TCertFormat iFormat; + TFileName iData; +}; + + +enum TIdentityAsRfc822Name + { + EIdentityAsRfc822NameUndefined = 0, + EIdentityAsRfc822NameYes = 1, + EIdentityAsRfc822NameNo = 2 + }; + +//Own certificates +struct TOwnCertInfo +{ + TCertFormat iFormat; + TFileName iData; //File containing the peer RSA public key + TBuf<128> iRfc822NameFqdn; + TIdentityAsRfc822Name iIdentityAsRfc822Name; + TBuf<256> iSubjectDnSuffix; + TInt iPrivateKeyLength; + TInt iOwnCertExists; // 0 = no own cert 1 = own cert exists +}; + +class TStringData +{ + public: + TStringData() :iBfr(NULL) {} + TStringData(HBufC16* aBfr) :iBfr(aBfr) {} + ~TStringData() {delete iBfr;} + static inline TStringData* NewL(TInt aLth) + { + HBufC16* Databfr = HBufC16::NewL(aLth); + TStringData* StringData = new (ELeave)TStringData(Databfr); + return StringData; + } + static inline TStringData* NewL(const TPtrC16& aString) + { + TStringData* Obj = TStringData::NewL(aString.Length()); + Obj->iBfr->Des().Copy(aString); + return Obj; + } + inline TPtrC16 GetData() + { + TPtrC16 DataPtr(NULL, 0); + if ( iBfr ) + DataPtr.Set(iBfr->Des()); + return DataPtr; + } + inline HBufC8* GetAsciiDataL() + { + HBufC8* Bfr8 = NULL; + if ( iBfr ) + { + Bfr8 = HBufC8::NewL(iBfr->Des().Length()); + Bfr8->Des().Copy(iBfr->Des()); + } + return Bfr8; + } + + private: + HBufC16* iBfr; // Variable length data buffer + +}; + + +class CIkeData : public CBase +{ +public: + IMPORT_C static CIkeData* NewL(); + IMPORT_C static CIkeData* NewL(const CIkeData *aData); + IMPORT_C void ConstructL(const CIkeData *aData); + + EXPORT_C ~CIkeData(); + IMPORT_C void CopyL(const CIkeData *aData); + void Empty(); +private: + CIkeData(); +public: + TStringData* iFQDNAddr; //Peer host address in FQDN format + TInetAddr iAddr; //Peer host address + TInetAddr iMask; //Peer host mask + TInetAddr iDnsServer; + TUint8 iMode; + TUint8 iIkeVersion; //Preferred IKE version + TUint8 iIdType; //IKE Phase 1 identity type code. Integer value according to rfc2407 + TUint8 iRemoteIdType; + TBool iSkipRemoteIdCheck; + TBuf<128> iFQDN; + TStringData* iRemoteIdentity; + TBool iAcceptPartialRemoteId; + + TBool iNotify; + TBool iCommit; //COMMIT bit processing + TBool iInitialContact; //INITIAL-CONTACT sending + TBool iResponderLifetime; //RESPONDER_LIFETIME sending + TBool iReplayStatus; //REPLAY_STATUS sending + TBool iIpsecExpires; //IPSEC SAs expire with ISAKMP SAs + TBool iAlwaysSendCert; //Sends a Cert without even if NOT receiving a CR + +// Private IKE extension + TBool iUseInternalAddr; + TBool iUseNatProbing; + TBool iUseXauth; //Use XAUTH defined in + TBool iUseCfgMode; //Use CFG-MODE defined in + TBool iUseMobIke; //Use MOBIKE Ikev2 extension + TInt iEspUdpPort; //Port value for IPSEC ESP encapsulation (= In NAT-traversal) + TInt iNatKeepAlive; //NAT keep alive timeout in seconds (if zero not used) + TUint8 iDscp; //DSCP tag + TInt iDPDHeartBeat; //DPD Heart beat timeout in seconds (if zero not used) + TInt iRekeyingThreshold; //Rekeying threshold value + TUint8 iGroupDesc_II; + TUint8 iCRACKLAMType; //CRACK Legacy Authentication Method type + TStringData* iCRACKLAMUserName; + TStringData* iCRACKLAMPassword; + TStringData* iClientCertType; + TUint8 iEAPProtocol; + TUint8 iEAPReserved; + TBool iEAPHideIdentity; + TStringData* iEAPRealmPrefix; + TStringData* iEAPManualRealm; + TStringData* iEAPManualUserName; + TBool iCARequired; //If RSA based authentication method is used then at least one CA is required + TBool iCAFound; //CAs section + TInt iNumProp; + TProposalData *iPropList; + TPresharedKeyData iPresharedKey; + TCertInfo iCA; // Left for backward compatibility + CArrayFixFlat *iCAList; // For multiple CAs + TOwnCertInfo iOwnCert; + TCertInfo iPrivKey; + TCertInfo iPeerCert; + +}; + + +class CIkeDataArray : public CArrayFixFlat +{ +public: + IMPORT_C static CIkeDataArray* NewL(TInt aGranularity); + IMPORT_C static CIkeDataArray* NewL(CIkeDataArray *aData); + IMPORT_C void ConstructL(CIkeDataArray *aData); + + IMPORT_C ~CIkeDataArray(); + IMPORT_C void CopyL(CIkeDataArray *aData); + IMPORT_C void Empty(); +private: + CIkeDataArray(TInt aGranularity); + CIkeDataArray(CIkeDataArray *aData); +public: + //General Data + TUint32 iMaxLifetimeSec; + TUint32 iMaxLifetimeKB; + TInt iMaxRetrans; + TInt iMaxTraceFileSize; +}; + +class TIkeParser : public TLex +{ +public: + IMPORT_C TIkeParser(); + IMPORT_C TIkeParser(const TDesC &aStr, TInt aVersion = SEC_PARSER_VERSION); + IMPORT_C void MainParseL(CIkeDataArray *aIkeList); + IMPORT_C void ParseL(CIkeData *aConf); + IMPORT_C static TInt MainWrite(CIkeData *aConf, HBufC8*& aPolBfr); + IMPORT_C static TInt GeneralInfoWrite( + TUint32 aMaxLifetimeSec, TUint32 aMaxLifetimeKB, + TInt aMaxRetrans, HBufC8*& aPolBfr); + IMPORT_C static TInt GeneralInfoWrite( + TUint32 aMaxLifetimeSec, TUint32 aMaxLifetimeKB, + TInt aMaxRetrans, TInt aMaxTraceFileSize, HBufC8*& aPolBfr); + IMPORT_C static TInt Write(CIkeData *aConf, HBufC8*& aPolBfr); + IMPORT_C void ParseIKESectionsL(CIkeDataArray *aIkeList); + IMPORT_C static TInt BufferAppend( HBufC8*& aPolBfr, const TDesC8& aText); + +private: + TInt ParseGeneralData(CIkeDataArray *aIkeList); + void ParseIkePieceL(CIkeData *aIkeData, TInt aVersion, TPtrC& aSectionName); + void DoMainParseL(CIkeDataArray *aIkeList, TPtrC& aSectionName); + TInt ParseProposals(CIkeData *aConf); + TInt ParsePresharedKeys(CIkeData *aConf); + TInt ParseCAs(CIkeData *aConf); + TInt ParseCAItem(CIkeData *aConf, TCertInfo *aCA, TPtrC& aToken); + void ParseCAListL(CIkeData *aConf, TInt aCACount, TPtrC& aToken); + TInt ParseOwnCerts(CIkeData *aConf); + TInt ParsePeerCerts(CIkeData *aConf); + TInt CheckPolicy(CIkeData* aConf); + TPtrC GetRestOfLine(); + TInt ParseFileName(TDes& aFileName); + + static TBufC<16> TextMode(const TInt aMode); + static TBufC<16> TextEncrAlg(const TInt aAlg, const TInt aKeyLth); + static TBufC<16> TextAuthMethod(const TInt aMethod); + static TBufC<16> TextHashAlg(const TInt aAlg); + static TBufC<16> TextGroupDesc(const TInt aDesc); + static TBufC<16> TextGroupType(const TInt aType); + static TBufC<16> TextPRF(const TInt aPRF); + static TBufC<16> TextFormat(const TKeyFormat aFormat); + static TBufC<16> CertFormat(TCertFormat aFormat); + static TBufC<16> TextLAMType(const TUint8 aLAMType); +private: + TInt iVersion; +}; + + +class CGeneralData : public CBase +{ +public: + IMPORT_C CGeneralData(); + IMPORT_C CGeneralData(CGeneralData* aData); +public: + TInt iDeactivationTimeout; +}; + + + +//------------------------------------------------------------------------ +//Multiple Security Info combined +class CSecurityPiece : public CBase +{ +public: + IMPORT_C void ConstructL(TInt aSize = 64); //default 64 bytes description + inline HBufC *Info() {return iInfo;} + IMPORT_C void SetInfoL(const TDesC &aDes); //needed to resize it if needed + inline CIkeData *IkeData() {return iIkeData;} + inline CGeneralData *GeneralData(){return iGeneralData;} + IMPORT_C ~CSecurityPiece(); + +private: + HBufC* iInfo; + CIkeData *iIkeData; + CGeneralData *iGeneralData; +}; + +typedef CArrayFixFlat CPiecesList; + +// +// class TSecParser +// + +class TSecParser : public TLex +{ +public: + IMPORT_C TSecParser(const TDesC &aDes); + IMPORT_C TInt ParseL(CSecurityPiece *aPiece_data); + IMPORT_C static TInt Write(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); + IMPORT_C TInt ParseGeneralData(CGeneralData* aData); +private: + TBool CheckVersion(); + void ParseInfoL(CSecurityPiece *aPiece_data); + void NextTag(); + TInt DoParseL(CSecurityPiece *aPiece_data, TBool aIncludeIKE); + TInt ParseGeneral(CGeneralData *aGeneralData); + + static TInt WriteVersion(HBufC8*& aPolBfr); + static TInt WriteInfo(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); + static TInt WriteIke(CSecurityPiece *aPiece_data, HBufC8*& aPolBfr); + +private: + TInt iVersion; //File version +}; + +class TGeneralParser : public TLex +{ +public: + IMPORT_C TGeneralParser(const TDesC &aStr); + IMPORT_C TInt Parse(CGeneralData *aData); +}; + +class IkeParser +{ + public: + IMPORT_C static RArray* GetApplUidListL(const TDesC16& aApplUidString); + IMPORT_C static HBufC8* TextToHexOctetsL(const TDesC16& aTextString); + IMPORT_C static TBool TextToHexOctets(const TDesC16& aTextString, TDes8& aHexOctets); + + private: + void static NextHexaDigit(TLex& aUidString); + TBool static DeHex(const TUint16* aUcStr, TInt aStrLen, TUint8* aDstBfr); + TBool static HexVal(TUint8& c); +}; + +#endif