2 * Authentication Header declarations
3 * Copyright (C) 1996, 1997 John Ioannidis.
4 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
16 * RCSID $Id: ipsec_ah.h,v 1.16 2002/02/20 01:27:06 rgb Exp $
19 #include "ipsec_md5h.h"
20 #include "ipsec_sha1.h"
24 #endif /* IPPROTO_AH */
26 #define AH_FLENGTH 12 /* size of fixed part */
27 #define AHMD5_KMAX 64 /* MD5 max 512 bits key */
28 #define AHMD5_AMAX 12 /* MD5 96 bits of authenticator */
30 #define AHMD596_KLEN 16 /* MD5 128 bits key */
31 #define AHSHA196_KLEN 20 /* SHA1 160 bits key */
33 #define AHMD596_ALEN 16 /* MD5 128 bits authentication length */
34 #define AHSHA196_ALEN 20 /* SHA1 160 bits authentication length */
36 #define AHMD596_BLKLEN 64 /* MD5 block length */
37 #define AHSHA196_BLKLEN 64 /* SHA1 block length */
38 #define AHSHA2_256_BLKLEN 64 /* SHA2-256 block length */
39 #define AHSHA2_384_BLKLEN 128 /* SHA2-384 block length (?) */
40 #define AHSHA2_512_BLKLEN 128 /* SHA2-512 block length */
42 #define AH_BLKLEN_MAX 128 /* keep up to date! */
44 #define AH_AMAX AHSHA196_ALEN /* keep up to date! */
45 #define AHHMAC_HASHLEN 12 /* authenticator length of 96bits */
46 #define AHHMAC_RPLLEN 4 /* 32 bit replay counter */
48 #define DB_AH_PKTRX 0x0001
49 #define DB_AH_PKTRX2 0x0002
50 #define DB_AH_DMP 0x0004
51 #define DB_AH_TDB 0x0010
52 #define DB_AH_XF 0x0020
53 #define DB_AH_INAU 0x0040
54 #define DB_AH_REPLAY 0x0100
58 /* General HMAC algorithm is described in RFC 2104 */
60 #define HMAC_IPAD 0x36
61 #define HMAC_OPAD 0x5C
64 MD5_CTX ictx; /* context after H(K XOR ipad) */
65 MD5_CTX octx; /* context after H(K XOR opad) */
69 SHA1_CTX ictx; /* context after H(K XOR ipad) */
70 SHA1_CTX octx; /* context after H(K XOR opad) */
73 extern struct inet_protocol ah_protocol;
78 ah_rcv(struct sk_buff *skb,
85 struct inet_protocol *protocol);
87 struct ah /* Generic AH header */
89 __u8 ah_nh; /* Next header (protocol) */
90 __u8 ah_hl; /* AH length, in 32-bit words */
91 __u16 ah_rv; /* reserved, must be 0 */
92 __u32 ah_spi; /* Security Parameters Index */
93 __u32 ah_rpl; /* Replay prevention */
94 __u8 ah_data[AHHMAC_HASHLEN];/* Authentication hash */
97 #ifdef CONFIG_IPSEC_DEBUG
99 #endif /* CONFIG_IPSEC_DEBUG */
100 #endif /* __KERNEL__ */
103 * $Log: ipsec_ah.h,v $
104 * Revision 1.16 2002/02/20 01:27:06 rgb
105 * Ditched a pile of structs only used by the old Netlink interface.
107 * Revision 1.15 2001/12/11 02:35:57 rgb
108 * Change "struct net_device" to "struct device" for 2.2 compatibility.
110 * Revision 1.14 2001/11/26 09:23:47 rgb
111 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
113 * Revision 1.13.2.1 2001/09/25 02:18:24 mcr
114 * replace "struct device" with "struct netdevice"
116 * Revision 1.13 2001/06/14 19:35:08 rgb
117 * Update copyright date.
119 * Revision 1.12 2000/09/12 03:21:20 rgb
120 * Cleared out unused htonq.
122 * Revision 1.11 2000/09/08 19:12:55 rgb
123 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
125 * Revision 1.10 2000/01/21 06:13:10 rgb
127 * Added macros for HMAC padding magic numbers.(kravietz)
129 * Revision 1.9 1999/12/07 18:16:23 rgb
130 * Fixed comments at end of #endif lines.
132 * Revision 1.8 1999/04/11 00:28:56 henry
135 * Revision 1.7 1999/04/06 04:54:25 rgb
136 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
139 * Revision 1.6 1999/01/26 02:06:01 rgb
140 * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
142 * Revision 1.5 1999/01/22 06:17:49 rgb
143 * Updated macro comments.
144 * Added context types to support algorithm switch code.
145 * 64-bit clean-up -- converting 'u long long' to __u64.
147 * Revision 1.4 1998/07/14 15:54:56 rgb
148 * Add #ifdef __KERNEL__ to protect kernel-only structures.
150 * Revision 1.3 1998/06/30 18:05:16 rgb
151 * Comment out references to htonq.
153 * Revision 1.2 1998/06/25 19:33:46 rgb
154 * Add prototype for protocol receive function.
155 * Rearrange for more logical layout.
157 * Revision 1.1 1998/06/18 21:27:43 henry
158 * move sources from klips/src to klips/net/ipsec, to keep stupid
159 * kernel-build scripts happier in the presence of symlinks
161 * Revision 1.4 1998/05/18 22:28:43 rgb
162 * Disable key printing facilities from /proc/net/ipsec_*.
164 * Revision 1.3 1998/04/21 21:29:07 rgb
165 * Rearrange debug switches to change on the fly debug output from user
166 * space. Only kernel changes checked in at this time. radij.c was also
167 * changed to temporarily remove buggy debugging code in rj_delete causing
168 * an OOPS and hence, netlink device open errors.
170 * Revision 1.2 1998/04/12 22:03:17 rgb
171 * Updated ESP-3DES-HMAC-MD5-96,
172 * ESP-DES-HMAC-MD5-96,
174 * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
175 * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
177 * Fixed eroute references in /proc/net/ipsec*.
179 * Started to patch module unloading memory leaks in ipsec_netlink and
180 * radij tree unloading.
182 * Revision 1.1 1998/04/09 03:05:55 henry
183 * sources moved up from linux/net/ipsec
185 * Revision 1.1.1.1 1998/04/08 05:35:02 henry
186 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
188 * Revision 0.4 1997/01/15 01:28:15 ji
189 * Added definitions for new AH transforms.
191 * Revision 0.3 1996/11/20 14:35:48 ji
193 * Rationalized debugging code.
195 * Revision 0.2 1996/11/02 00:18:33 ji
196 * First limited release.