1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
|
/*
* Authentication Header declarations
* Copyright (C) 1996, 1997 John Ioannidis.
* Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* RCSID $Id: ipsec_ah.h,v 1.2 2004/03/22 21:53:18 as Exp $
*/
#include "ipsec_md5h.h"
#include "ipsec_sha1.h"
#ifndef IPPROTO_AH
#define IPPROTO_AH 51
#endif /* IPPROTO_AH */
#define AH_FLENGTH 12 /* size of fixed part */
#define AHMD5_KMAX 64 /* MD5 max 512 bits key */
#define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
#define AHMD596_KLEN 16 /* MD5 128 bits key */
#define AHSHA196_KLEN 20 /* SHA1 160 bits key */
#define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
#define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
#define AHMD596_BLKLEN 64 /* MD5 block length */
#define AHSHA196_BLKLEN 64 /* SHA1 block length */
#define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */
#define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */
#define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */
#define AH_BLKLEN_MAX 128 /* keep up to date! */
#define AH_AMAX AHSHA196_ALEN /* keep up to date! */
#define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
#define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
#define DB_AH_PKTRX 0x0001
#define DB_AH_PKTRX2 0x0002
#define DB_AH_DMP 0x0004
#define DB_AH_IPSA 0x0010
#define DB_AH_XF 0x0020
#define DB_AH_INAU 0x0040
#define DB_AH_REPLAY 0x0100
#ifdef __KERNEL__
/* General HMAC algorithm is described in RFC 2104 */
#define HMAC_IPAD 0x36
#define HMAC_OPAD 0x5C
struct md5_ctx {
MD5_CTX ictx; /* context after H(K XOR ipad) */
MD5_CTX octx; /* context after H(K XOR opad) */
};
struct sha1_ctx {
SHA1_CTX ictx; /* context after H(K XOR ipad) */
SHA1_CTX octx; /* context after H(K XOR opad) */
};
struct auth_alg {
void (*init)(void *ctx);
void (*update)(void *ctx, unsigned char *bytes, __u32 len);
void (*final)(unsigned char *hash, void *ctx);
int hashlen;
};
extern struct inet_protocol ah_protocol;
struct options;
extern int
ah_rcv(struct sk_buff *skb,
struct device *dev,
struct options *opt,
__u32 daddr,
unsigned short len,
__u32 saddr,
int redo,
struct inet_protocol *protocol);
struct ahhdr /* Generic AH header */
{
__u8 ah_nh; /* Next header (protocol) */
__u8 ah_hl; /* AH length, in 32-bit words */
__u16 ah_rv; /* reserved, must be 0 */
__u32 ah_spi; /* Security Parameters Index */
__u32 ah_rpl; /* Replay prevention */
__u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
};
#define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi
* and the ah_hl, says how many bytes after that
* to cover. */
#ifdef CONFIG_IPSEC_DEBUG
extern int debug_ah;
#endif /* CONFIG_IPSEC_DEBUG */
#endif /* __KERNEL__ */
/*
* $Log: ipsec_ah.h,v $
* Revision 1.2 2004/03/22 21:53:18 as
* merged alg-0.8.1 branch with HEAD
*
* Revision 1.1.4.1 2004/03/16 09:48:18 as
* alg-0.8.1rc12 patch merged
*
* Revision 1.1 2004/03/15 20:35:25 as
* added files from freeswan-2.04-x509-1.5.3
*
* Revision 1.20 2003/02/06 02:21:34 rgb
*
* Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
* Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
* Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
*
* Revision 1.19 2002/09/16 21:19:13 mcr
* fixes for west-ah-icmp-01 - length of AH header must be
* calculated properly, and next_header field properly copied.
*
* Revision 1.18 2002/05/14 02:37:02 rgb
* Change reference from _TDB to _IPSA.
*
* Revision 1.17 2002/04/24 07:36:46 mcr
* Moved from ./klips/net/ipsec/ipsec_ah.h,v
*
* Revision 1.16 2002/02/20 01:27:06 rgb
* Ditched a pile of structs only used by the old Netlink interface.
*
* Revision 1.15 2001/12/11 02:35:57 rgb
* Change "struct net_device" to "struct device" for 2.2 compatibility.
*
* Revision 1.14 2001/11/26 09:23:47 rgb
* Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
*
* Revision 1.13.2.1 2001/09/25 02:18:24 mcr
* replace "struct device" with "struct netdevice"
*
* Revision 1.13 2001/06/14 19:35:08 rgb
* Update copyright date.
*
* Revision 1.12 2000/09/12 03:21:20 rgb
* Cleared out unused htonq.
*
* Revision 1.11 2000/09/08 19:12:55 rgb
* Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
*
* Revision 1.10 2000/01/21 06:13:10 rgb
* Tidied up spacing.
* Added macros for HMAC padding magic numbers.(kravietz)
*
* Revision 1.9 1999/12/07 18:16:23 rgb
* Fixed comments at end of #endif lines.
*
* Revision 1.8 1999/04/11 00:28:56 henry
* GPL boilerplate
*
* Revision 1.7 1999/04/06 04:54:25 rgb
* Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
* patch shell fixes.
*
* Revision 1.6 1999/01/26 02:06:01 rgb
* Removed CONFIG_IPSEC_ALGO_SWITCH macro.
*
* Revision 1.5 1999/01/22 06:17:49 rgb
* Updated macro comments.
* Added context types to support algorithm switch code.
* 64-bit clean-up -- converting 'u long long' to __u64.
*
* Revision 1.4 1998/07/14 15:54:56 rgb
* Add #ifdef __KERNEL__ to protect kernel-only structures.
*
* Revision 1.3 1998/06/30 18:05:16 rgb
* Comment out references to htonq.
*
* Revision 1.2 1998/06/25 19:33:46 rgb
* Add prototype for protocol receive function.
* Rearrange for more logical layout.
*
* Revision 1.1 1998/06/18 21:27:43 henry
* move sources from klips/src to klips/net/ipsec, to keep stupid
* kernel-build scripts happier in the presence of symlinks
*
* Revision 1.4 1998/05/18 22:28:43 rgb
* Disable key printing facilities from /proc/net/ipsec_*.
*
* Revision 1.3 1998/04/21 21:29:07 rgb
* Rearrange debug switches to change on the fly debug output from user
* space. Only kernel changes checked in at this time. radij.c was also
* changed to temporarily remove buggy debugging code in rj_delete causing
* an OOPS and hence, netlink device open errors.
*
* Revision 1.2 1998/04/12 22:03:17 rgb
* Updated ESP-3DES-HMAC-MD5-96,
* ESP-DES-HMAC-MD5-96,
* AH-HMAC-MD5-96,
* AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
* from old standards (RFC182[5-9] to new (as of March 1998) drafts.
*
* Fixed eroute references in /proc/net/ipsec*.
*
* Started to patch module unloading memory leaks in ipsec_netlink and
* radij tree unloading.
*
* Revision 1.1 1998/04/09 03:05:55 henry
* sources moved up from linux/net/ipsec
*
* Revision 1.1.1.1 1998/04/08 05:35:02 henry
* RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
*
* Revision 0.4 1997/01/15 01:28:15 ji
* Added definitions for new AH transforms.
*
* Revision 0.3 1996/11/20 14:35:48 ji
* Minor Cleanup.
* Rationalized debugging code.
*
* Revision 0.2 1996/11/02 00:18:33 ji
* First limited release.
*
*
*/
|
