|
1 // Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // spdb.h - IPSEC security policy database |
|
15 // Security Policy Database |
|
16 // |
|
17 |
|
18 |
|
19 |
|
20 /** |
|
21 @file spdb.h |
|
22 @internalComponent |
|
23 */ |
|
24 #ifndef __SPDB_H__ |
|
25 #define __SPDB_H__ |
|
26 |
|
27 #include <e32std.h> |
|
28 #include <networking/crypto.h> // only for TAlgorithmClass, is this really necessary? |
|
29 #include "sa_spec.h" |
|
30 #include "ipaddress.h" |
|
31 |
|
32 class REndPoints; |
|
33 class RIpAddress; |
|
34 |
|
35 |
|
36 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
37 class CSecurityProposalSpec : public CBase |
|
38 { |
|
39 public: |
|
40 TUint8 iType; |
|
41 TUint8 iAalg; |
|
42 TUint16 iAalgLen; |
|
43 TUint8 iEalg; |
|
44 TUint16 iEalgLen; |
|
45 TUint iLarvalLifetime; |
|
46 struct sadb_lifetime iHard; |
|
47 struct sadb_lifetime iSoft; |
|
48 // Limits for key lengths (for ACQUIRE only) |
|
49 TUint16 iMinAuthBits, iMaxAuthBits; //< Required length of the authentication key |
|
50 TUint16 iMinEncryptBits, iMaxEncryptBits; //< Required length of the encryption key |
|
51 }; |
|
52 |
|
53 |
|
54 // |
|
55 // class CPropList |
|
56 // |
|
57 // |
|
58 class CPropList : public CArrayFixFlat<CSecurityProposalSpec *> |
|
59 { |
|
60 public: |
|
61 static CPropList* NewL(TInt aGranularity); |
|
62 |
|
63 void Construct(TInt aGranularity); |
|
64 |
|
65 static CPropList* NewL(CPropList *aSAList); |
|
66 |
|
67 void ConstructL(CPropList *aSAList); |
|
68 private: |
|
69 |
|
70 CPropList(TInt aGranularity); |
|
71 |
|
72 CPropList(CPropList *aSAList); |
|
73 }; |
|
74 #endif SYMBIAN_IPSEC_VOIP_SUPPORT |
|
75 |
|
76 |
|
77 |
|
78 |
|
79 class CPolicySpec : public CIpsecReferenceCountObject |
|
80 /** |
|
81 * Security association template. |
|
82 * |
|
83 * Specify requirements for a Security Association. |
|
84 * |
|
85 * Each policy syntax construct "sa name = { parameters }" creates |
|
86 * an instance of this. |
|
87 */ |
|
88 { |
|
89 ~CPolicySpec(); // private! |
|
90 public: |
|
91 CPolicySpec(); |
|
92 |
|
93 TSecurityAssocSpec iSpec; //< The parameters of SA template |
|
94 HBufC *iName; //< The name of the SA template |
|
95 #ifdef SYMBIAN_IPSEC_VOIP_SUPPORT |
|
96 CPropList *iPropList; |
|
97 #endif //SYMBIAN_IPSEC_VOIP_SUPPORT |
|
98 }; |
|
99 |
|
100 class CPolicyAction : public CIpsecReferenceCountObject |
|
101 /** |
|
102 * Policy action description. |
|
103 * |
|
104 * Specify single IPsec action/transformation to do. |
|
105 * |
|
106 * Each policy syntax element the actions part of the |
|
107 * "selector = { actions }" policy syntax generates |
|
108 * one instance from this class. |
|
109 */ |
|
110 { |
|
111 public: |
|
112 ~CPolicyAction(); |
|
113 CPolicySpec *iSpec; //< Security Association specification |
|
114 CTransportSelector *iTS; //< The selector applicapble to this action. |
|
115 TUint iOptional:1; //< ==1, if this item is optional (experimental "feature") |
|
116 TUint iIsTunnel:1; //< ==1, if tunnel address is was set (even if set as "::") |
|
117 RIpAddress iTunnel; //< Use SA in tunnel mode (if specified non-zero) |
|
118 }; |
|
119 |
|
120 typedef class RArray<CPolicyAction *> RPolicyActions; |
|
121 |
|
122 class CSelectorInterface : public CBase |
|
123 /** |
|
124 * Hold interface information. |
|
125 * |
|
126 * Maintain mapping between interface name and index. |
|
127 * |
|
128 * Each policy syntax that uses "if name" selector references |
|
129 * an instance of from this class. Only one instance per interface |
|
130 * name is used. |
|
131 */ |
|
132 { |
|
133 public: |
|
134 CSelectorInterface(); |
|
135 ~CSelectorInterface(); |
|
136 CSelectorInterface *iNext; //< Next Inteface |
|
137 TUint32 iInterfaceIndex; //< Real Interface Index, loaded at policy load time |
|
138 HBufC *iName; //< Interface Name |
|
139 }; |
|
140 |
|
141 class CPolicySelector : public CBase |
|
142 /** |
|
143 * Selector and Action definition. |
|
144 * |
|
145 * The IPsec policy consists of an ordered sequence of instances of this |
|
146 * object. Each is describes actions to be done, if the selector part |
|
147 * matches. |
|
148 */ |
|
149 { |
|
150 public: |
|
151 CPolicySelector(); |
|
152 ~CPolicySelector(); |
|
153 CPolicySelector *iNext; //< The next selector. |
|
154 const CSelectorInterface *iInterface;//< Limited to specific interface, if non-NULL |
|
155 TUint32 iFilterMask; //< The filter definition. |
|
156 TUint32 iFilterData; //< The filter definition. |
|
157 CTransportSelector *iTS; //< The transport selectors. |
|
158 RPolicyActions iActions; //< The actions, when selector matches |
|
159 }; |
|
160 |
|
161 class CSecurityPolicy : public CBase |
|
162 /** |
|
163 * Security Policy Database (SPD). |
|
164 * |
|
165 * The CSecurityPolicy class is a representation of a Security Policy Database (SPD). |
|
166 * Each call to static SetPolicy function creates a new SPD from the text string |
|
167 * which describes the policy. |
|
168 */ |
|
169 { |
|
170 friend class CProtocolSecpol; |
|
171 friend class TParser; |
|
172 // |
|
173 // Construct an empty policy object |
|
174 // |
|
175 CSecurityPolicy(); |
|
176 ~CSecurityPolicy(); |
|
177 public: |
|
178 static TInt SetPolicy(CSecurityPolicy * &aPolicy, const TDesC &aNewPolicy, TUint &aOffset, REndPoints &aEp); |
|
179 |
|
180 // |
|
181 // The following methods are really intended to be used only |
|
182 // by the Policy parser, not for generic consumption! |
|
183 CPolicySpec *FindSpec(const TDesC &aName) const; |
|
184 |
|
185 inline TAlgorithmMap *FindAlg(TAlgorithmClass aClass, TInt anAlg) const; |
|
186 inline TAlgorithmMap *FindAlg(const TDesC &aLib, const TDesC &anAlg) const; |
|
187 inline TAlgorithmMap *NewAlgL(const TDesC &aLib, const TDesC &anAlg) const; |
|
188 const CSelectorInterface *LookupInterfaceL(const TDesC &aName); |
|
189 |
|
190 CPolicySelector *iSelectors; //< Policy selectors to match |
|
191 private: |
|
192 RArray<CPolicySpec *> iSpecs; //< SA specifications |
|
193 RArray<RIpAddress> iEndPoints; //< EP definitions |
|
194 |
|
195 CAlgorithmList *iAlgorithms; //< Algorithm Mapping |
|
196 CSelectorInterface *iInterfaces; //< Interface Names |
|
197 }; |
|
198 |
|
199 |
|
200 TAlgorithmMap *CSecurityPolicy::FindAlg(TAlgorithmClass aClass, TInt anAlg) const |
|
201 /** |
|
202 * Find algorithm by class and number. |
|
203 * |
|
204 * @param aClass The class (digest or cipher) |
|
205 * @param anAlg The number |
|
206 * @return Algorithm mapping or NULL. |
|
207 */ |
|
208 { |
|
209 return iAlgorithms->Lookup(aClass, anAlg); |
|
210 } |
|
211 |
|
212 TAlgorithmMap *CSecurityPolicy::FindAlg(const TDesC &aLib, const TDesC &anAlg) const |
|
213 /** |
|
214 * Find algorithm by name. |
|
215 * @param aLib The libary name (or empty) |
|
216 * @param anAlg The algorithm name |
|
217 * @return Algorithm mapping or NULL. |
|
218 */ |
|
219 { |
|
220 return iAlgorithms->Lookup(aLib, anAlg); |
|
221 } |
|
222 |
|
223 TAlgorithmMap *CSecurityPolicy::NewAlgL(const TDesC &aLib, const TDesC &anAlg) const |
|
224 /** |
|
225 * Create new algorithm entry. |
|
226 * |
|
227 * @param aLib The library name |
|
228 * @param anAlg The algorithm name |
|
229 * @return Algorithm mapping or NULL. |
|
230 * @leave if allocation fails. |
|
231 */ |
|
232 { |
|
233 iAlgorithms->AddL(EAlgorithmClass_Cipher, 0, 0, aLib, anAlg); |
|
234 return iAlgorithms->Lookup(aLib, anAlg); |
|
235 } |
|
236 |
|
237 #endif |