projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
removed old FreeS/WAN cvs revision entries
[strongswan.git] / src / libfreeswan / ipsec_ah.h
1 /*
2 * Authentication Header declarations
3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * RCSID $Id: ipsec_ah.h,v 1.2 2004/03/22 21:53:18 as Exp $
17 */
18
19 #include "ipsec_md5h.h"
20 #include "ipsec_sha1.h"
21
22 #ifndef IPPROTO_AH
23 #define IPPROTO_AH 51
24 #endif /* IPPROTO_AH */
25
26 #define AH_FLENGTH 12 /* size of fixed part */
27 #define AHMD5_KMAX 64 /* MD5 max 512 bits key */
28 #define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
29
30 #define AHMD596_KLEN 16 /* MD5 128 bits key */
31 #define AHSHA196_KLEN 20 /* SHA1 160 bits key */
32
33 #define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
34 #define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
35
36 #define AHMD596_BLKLEN 64 /* MD5 block length */
37 #define AHSHA196_BLKLEN 64 /* SHA1 block length */
38 #define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */
39 #define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */
40 #define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */
41
42 #define AH_BLKLEN_MAX 128 /* keep up to date! */
43
44 #define AH_AMAX AHSHA196_ALEN /* keep up to date! */
45 #define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
46 #define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
47
48 #define DB_AH_PKTRX 0x0001
49 #define DB_AH_PKTRX2 0x0002
50 #define DB_AH_DMP 0x0004
51 #define DB_AH_IPSA 0x0010
52 #define DB_AH_XF 0x0020
53 #define DB_AH_INAU 0x0040
54 #define DB_AH_REPLAY 0x0100
55
56 #ifdef __KERNEL__
57
58 /* General HMAC algorithm is described in RFC 2104 */
59
60 #define HMAC_IPAD 0x36
61 #define HMAC_OPAD 0x5C
62
63 struct md5_ctx {
64 MD5_CTX ictx; /* context after H(K XOR ipad) */
65 MD5_CTX octx; /* context after H(K XOR opad) */
66 };
67
68 struct sha1_ctx {
69 SHA1_CTX ictx; /* context after H(K XOR ipad) */
70 SHA1_CTX octx; /* context after H(K XOR opad) */
71 };
72
73 struct auth_alg {
74 void (*init)(void *ctx);
75 void (*update)(void *ctx, unsigned char *bytes, __u32 len);
76 void (*final)(unsigned char *hash, void *ctx);
77 int hashlen;
78 };
79
80 extern struct inet_protocol ah_protocol;
81
82 struct options;
83
84 extern int
85 ah_rcv(struct sk_buff *skb,
86 struct device *dev,
87 struct options *opt,
88 __u32 daddr,
89 unsigned short len,
90 __u32 saddr,
91 int redo,
92 struct inet_protocol *protocol);
93
94 struct ahhdr /* Generic AH header */
95 {
96 __u8 ah_nh; /* Next header (protocol) */
97 __u8 ah_hl; /* AH length, in 32-bit words */
98 __u16 ah_rv; /* reserved, must be 0 */
99 __u32 ah_spi; /* Security Parameters Index */
100 __u32 ah_rpl; /* Replay prevention */
101 __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
102 };
103 #define AH_BASIC_LEN 8 /* basic AH header is 8 bytes, nh,hl,rv,spi
104 * and the ah_hl, says how many bytes after that
105 * to cover. */
106
107
108 #ifdef CONFIG_IPSEC_DEBUG
109 extern int debug_ah;
110 #endif /* CONFIG_IPSEC_DEBUG */
111 #endif /* __KERNEL__ */
strongSwan - IPsec VPN