1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
/* $OpenBSD: ip_ah.h,v 1.4 1997/02/26 02:38:11 angelos Exp $ */
/*
* The author of this code is John Ioannidis, ji@tla.org,
* (except when noted otherwise).
*
* This code was written for BSD/OS in Athens, Greece, in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis, kermit@forthnet.gr.
*
* Copyright (C) 1995, 1996, 1997 by John Ioannidis and Angelos D. Keromytis.
*
* Permission to use, copy, and modify this software without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NEITHER AUTHOR MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
/*
* Authentication Header Processing
* Per RFC1826 (Atkinson, 1995)
*/
#include <netinet/ip_md5.h>
#include <netinet/ip_sha1.h>
struct ah
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int8_t ah_data[1]; /* More, really*/
};
#define AH_FLENGTH 8 /* size of fixed part */
struct ahstat
{
u_int32_t ahs_hdrops; /* packet shorter than header shows */
u_int32_t ahs_notdb;
u_int32_t ahs_badkcr;
u_int32_t ahs_badauth;
u_int32_t ahs_noxform;
u_int32_t ahs_qfull;
u_int32_t ahs_wrap;
u_int32_t ahs_replay;
u_int32_t ahs_badauthl; /* bad authenticator length */
u_int32_t ahs_input; /* Input AH packets */
u_int32_t ahs_output; /* Output AH packets */
};
#define AHHMACMD5_KMAX 64 /* max 512 bits key */
#define AHHMACMD5_AMAX 64 /* up to 512 bits of authenticator */
#define AHHMACMD5_RPLS 2 /* 64 bits of replay counter */
#define HMACMD5_HASHLEN 16
#define HMACMD5_RPLENGTH 8
#define HMACMD5_IPAD_VAL 0x36
#define HMACMD5_OPAD_VAL 0x5C
#define AHHMACMD5_KMAX 64 /* max 512 bits key */
#define AHHMACMD5_AMAX 64 /* up to 512 bits of authenticator */
#define AHHMACMD5_RPLS 2 /* 64 bits of replay counter */
#define HMACMD5_HASHLEN 16
#define HMACMD5_RPLENGTH 8
#define HMACMD5_IPAD_VAL 0x36
#define HMACMD5_OPAD_VAL 0x5C
struct ahhmacmd5
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int64_t ah_rpl; /* Replay prevention */
u_int8_t ah_data[AHHMACMD5_AMAX];/* Authenticator */
};
struct ahhmacmd5_xencap
{
u_int16_t amx_alen;
u_int16_t amx_rpl;
int32_t amx_wnd;
u_int8_t amx_key[AHHMACMD5_KMAX];
};
struct ahhmacmd5_xdata
{
u_int32_t amx_alen; /* authenticator length */
int32_t amx_wnd;
u_int64_t amx_rpl; /* Replay counter */
u_int64_t amx_bitmap;
MD5_CTX amx_ictx; /* Internal key+padding */
MD5_CTX amx_octx; /* External key+padding */
};
#define AHHMACSHA1_KMAX 64 /* max 512 bits key */
#define AHHMACSHA1_AMAX 64 /* up to 512 bits of authenticator */
#define AHHMACSHA1_RPLS 2 /* 64 bits of replay counter */
#define HMACSHA1_HASHLEN 20
#define HMACSHA1_RPLENGTH 8
#define HMACSHA1_IPAD_VAL 0x36
#define HMACSHA1_OPAD_VAL 0x5C
struct ahhmacsha1
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int64_t ah_rpl; /* Replay prevention */
u_int8_t ah_data[AHHMACSHA1_AMAX];/* Authenticator */
};
struct ahhmacsha1_xencap
{
u_int32_t amx_alen;
int32_t amx_wnd;
u_int8_t amx_key[AHHMACSHA1_KMAX];
};
struct ahhmacsha1_xdata
{
u_int32_t amx_alen; /* authenticator length */
int32_t amx_wnd;
u_int64_t amx_rpl; /* Replay counter */
u_int64_t amx_bitmap;
SHA1_CTX amx_ictx; /* Internal key+padding */
SHA1_CTX amx_octx; /* External key+padding */
};
#define AHMD5_KMAX 32 /* max 256 bits key */
#define AHMD5_AMAX 64 /* up to 512 bits of authenticator */
struct ahmd5
{
u_int8_t ah_nh; /* Next header (protocol) */
u_int8_t ah_hl; /* AH length, in 32-bit words */
u_int16_t ah_rv; /* reserved, must be 0 */
u_int32_t ah_spi; /* Security Parameters Index */
u_int8_t ah_data[AHMD5_AMAX]; /* */
};
struct ahmd5_xdata
{
u_int16_t amx_klen; /* Key material length */
u_int16_t amx_alen; /* authenticator length */
u_int8_t amx_key[AHMD5_KMAX]; /* Key material */
};
#ifdef _KERNEL
struct ahstat ahstat;
#endif
|