diff -r 000000000000 -r 33413c0669b9 vpnengine/ikev1lib/inc/ikev1SAdata.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/vpnengine/ikev1lib/inc/ikev1SAdata.h Thu Dec 17 09:14:51 2009 +0200 @@ -0,0 +1,220 @@ +/* +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: IKEv1 SA data definition +* +*/ + + +#ifndef T_IKEV1SADATA_H +#define T_IKEV1SADATA_H + +#include "internaladdress.h" +#include "ikemsgheader.h" +#include "ikev1payloads.h" + +class CIkeData; + +#define IKEV1_KEY_MATERIAL_SIZE 64 +#define IKEV1_MAX_IV_SIZE 20 //Max hash algorithm output size +#define DEFAULT_MAX_ISAKMP_LIFETIME 28000 //for security reasons + +// Class TIkev1SAData is the IKEv1 SA parameter definition +// which is used to pass SA information between IKE server and IKEv1 +// plug-in. +class TIkev1SAData +{ +public: + TIkev1SAData() + :iCookie_I(), + iCookie_R(), + iSAId(0), + iSAState(0), + iInitiator(EFalse), + iDPDSupported(EFalse), + iFamiliarPeer(EFalse), + iNAT_T_Required(EFalse), + iAutoLogin(EFalse), + iNAT_D_Flags(0), + iIkeData(NULL), + iLocalAddr(), + iRemoteAddr(), + iDestinAddr(), + iVirtualIp(NULL), + iSeq(0), + iPrevExchange(0), + iFlags(0), + iEncrAlg(0), + iHashAlg(0), + iAuthMethod(0), + iGroupDesc(0), + iGroupType(0), + iKeyLength(0), + iPRF(0), + iLifeTimeSecs(0), + iLifeTimeKB(0), + iDPDRetry(0), + iDPDSequence(0), + iPendingDPDSequence(0), + iExpectedDPDSequence(0), + iLastIKEMsgInfo(), + iLastMsg(NULL) + {} + inline void CleanUp() + { + delete iVirtualIp; + iVirtualIp = NULL; + delete iLastMsg; + iLastMsg = NULL; + } + inline void StoreVirtualIp(CInternalAddress* aVirtualIp) + { + delete iVirtualIp; + iVirtualIp = aVirtualIp; + } + inline void CopyL(TIkev1SAData& aSrc) + { + CInternalAddress* SavedVip = iVirtualIp; + HBufC8* SavedLastMsg = iLastMsg; + Mem::Copy((TUint8*)&iCookie_I, (TUint8*)&aSrc.iCookie_I, sizeof(TIkev1SAData)); + iVirtualIp = SavedVip; + iLastMsg = SavedLastMsg; + if ( aSrc.iVirtualIp ) + { + StoreVirtualIp(CInternalAddress::NewL(*(aSrc.iVirtualIp))); + } + if ( aSrc.iLastMsg && + aSrc.iLastMsg != iLastMsg ) + { + delete iLastMsg; + iLastMsg = aSrc.iLastMsg->AllocL(); + } + } + +public: + TCookie iCookie_I; // Initiator Cookie + TCookie iCookie_R; // Responder Cookie + TUint32 iSAId; // Internal negotiation Id + + TInt iSAState; // IKE SA State + TBool iInitiator; // TRUE if local end is initiator + TBool iDPDSupported; // Both ends support DPD + TBool iFamiliarPeer; // Nokia VPN implementation detected in peer + TBool iNAT_T_Required; // True when NAT detected between local end and peer + TBool iAutoLogin; // SA negotiated due RKMD::Activate request + TUint32 iNAT_D_Flags; // If not zero, there is NAT between sites + + CIkeData* iIkeData; + + TInetAddr iLocalAddr; + TInetAddr iRemoteAddr; // Remote Address ("From Policy") + TInetAddr iDestinAddr; // Current peer destination address and port + CInternalAddress* iVirtualIp; // Virtual IP address (and DNS addresses) + + TUint32 iSeq; // For PFKEY API + TUint8 iPrevExchange; // Used to process the last msg of Phase I + TUint8 iFlags; // Flags in the msg header + // + // Selected IKE SA proposal + // + TUint16 iEncrAlg; //OAKLEY encryption function + TUint16 iHashAlg; //OAKLEY hash function + TUint16 iAuthMethod; //OAKLEY authentication function + TUint16 iGroupDesc; //OAKLEY GROUP + TUint16 iGroupType; //OAKLEY GROUP type + TUint16 iKeyLength; //Encryption key length + TUint16 iPRF; //Reserved + TUint32 iLifeTimeSecs; //SA lifetime seconds + TUint32 iLifeTimeKB; //SA lifetime KiloBytes + + // + // IKE SA DPD (keep alive) protocol parameters + // + TInt iDPDRetry; + TUint32 iDPDSequence; + TUint32 iPendingDPDSequence; + TUint32 iExpectedDPDSequence; + + // Last IKE msg info + TLastIKEMsg iLastIKEMsgInfo; + HBufC8* iLastMsg; + TInetAddr iLastRemoteAddr; + + // + // IKEv1 keymaterial + // + TBuf8 iSKEYID; //KEY used for encryption/decryption of messages + TBuf8 iSKEYID_d; //KEY used to derive keys for non-ISAKMP SAs + TBuf8 iSKEYID_a; //KEY used for authentication of ISAKMP messages + TBuf8 iSKEYID_e; //KEY used for encryption/decryption of ISAKMP messages + + TBuf8 iIV; //normal IV + TBuf8 iLastIV; //Saves the last IV of PHASE_I to compute iNotifIV everytime and the first IV in Quick mode + +}; + + +class CSARekeyInfo : public CBase +{ + public: + static CSARekeyInfo* NewL(const TCookie& aICookie, const TCookie& aRCookie, + CInternalAddress* aInternalAddr) + { + return new (ELeave) CSARekeyInfo(aICookie, aRCookie, aInternalAddr); + } + ~CSARekeyInfo() + { + delete iInternalAddr; + } + + inline const TCookie& GetCookieI() { return iCookie_I;} + inline const TCookie& GetCookieR() { return iCookie_R;} + inline CInternalAddress* GetInternalAddr() + { + CInternalAddress* VirtualIp = iInternalAddr; + iInternalAddr = NULL; + return VirtualIp; + } + + private: + CSARekeyInfo(const TCookie& aICookie, const TCookie& aRCookie, + CInternalAddress* aInternalAddr) + :iCookie_I(aICookie), + iCookie_R(aRCookie), + iInternalAddr(aInternalAddr) + {} + + private: + TCookie iCookie_I; // Initiator Cookie of the IKE SA rekeyed + TCookie iCookie_R; // Responder Cookie of the IKE SA rekeyed + CInternalAddress* iInternalAddr; + +}; + + +class TIpsecSPI +{ + public: + TIpsecSPI() + :iSrcAddr(), iDstAddr(), iSPI(0), iInbound(EFalse), iProtocol(0) + {}; + public: + TInetAddr iSrcAddr; + TInetAddr iDstAddr; + TUint32 iSPI; + TBool iInbound; // Inbound = ETrue + TUint8 iProtocol; + TUint8 iReserved[3]; +}; + +#endif // T_IKEV1SADATA_H