]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libfreeswan/ipsec_esp.h
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
(no commit message)
[people/ms/strongswan.git] / src / libfreeswan / ipsec_esp.h
1 /*
2 * Copyright (C) 1996, 1997 John Ioannidis.
3 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * RCSID $Id: ipsec_esp.h,v 1.2 2004/03/22 21:53:18 as Exp $
16 */
17
18 #include "freeswan/ipsec_md5h.h"
19 #include "freeswan/ipsec_sha1.h"
20
21 #include "crypto/des.h"
22
23 #ifndef IPPROTO_ESP
24 #define IPPROTO_ESP 50
25 #endif /* IPPROTO_ESP */
26
27 #define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/
28
29 #define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */
30 #define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */
31 #define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */
32 #define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */
33 #define EMT_ESPDES_IV_SZ 8 /* IV size */
34 #define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */
35
36 #define ESP_IV_MAXSZ 16 /* This is _critical_ */
37 #define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int))
38
39 #define DB_ES_PKTRX 0x0001
40 #define DB_ES_PKTRX2 0x0002
41 #define DB_ES_IPSA 0x0010
42 #define DB_ES_XF 0x0020
43 #define DB_ES_IPAD 0x0040
44 #define DB_ES_INAU 0x0080
45 #define DB_ES_OINFO 0x0100
46 #define DB_ES_OINFO2 0x0200
47 #define DB_ES_OH 0x0400
48 #define DB_ES_REPLAY 0x0800
49
50 #ifdef __KERNEL__
51 struct des_eks {
52 des_key_schedule ks;
53 };
54
55 extern struct inet_protocol esp_protocol;
56
57 struct options;
58
59 extern int
60 esp_rcv(struct sk_buff *skb,
61 struct device *dev,
62 struct options *opt,
63 __u32 daddr,
64 unsigned short len,
65 __u32 saddr,
66 int redo,
67 struct inet_protocol *protocol);
68
69 /* Only for 64 bits IVs, eg. ESP_3DES :P */
70 struct esphdr
71 {
72 __u32 esp_spi; /* Security Parameters Index */
73 __u32 esp_rpl; /* Replay counter */
74 __u8 esp_iv[8]; /* iv */
75 };
76
77 #ifdef CONFIG_IPSEC_DEBUG
78 extern int debug_esp;
79 #endif /* CONFIG_IPSEC_DEBUG */
80 #endif /* __KERNEL__ */
81
82 /*
83 * $Log: ipsec_esp.h,v $
84 * Revision 1.2 2004/03/22 21:53:18 as
85 * merged alg-0.8.1 branch with HEAD
86 *
87 * Revision 1.1.4.1 2004/03/16 09:48:18 as
88 * alg-0.8.1rc12 patch merged
89 *
90 * Revision 1.1 2004/03/15 20:35:25 as
91 * added files from freeswan-2.04-x509-1.5.3
92 *
93 * Revision 1.21 2003/02/06 02:21:34 rgb
94 *
95 * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
96 * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
97 * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
98 *
99 * Revision 1.20 2002/05/14 02:37:02 rgb
100 * Change reference from _TDB to _IPSA.
101 *
102 * Revision 1.19 2002/04/24 07:55:32 mcr
103 * #include patches and Makefiles for post-reorg compilation.
104 *
105 * Revision 1.18 2002/04/24 07:36:46 mcr
106 * Moved from ./klips/net/ipsec/ipsec_esp.h,v
107 *
108 * Revision 1.17 2002/02/20 01:27:07 rgb
109 * Ditched a pile of structs only used by the old Netlink interface.
110 *
111 * Revision 1.16 2001/12/11 02:35:57 rgb
112 * Change "struct net_device" to "struct device" for 2.2 compatibility.
113 *
114 * Revision 1.15 2001/11/26 09:23:48 rgb
115 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
116 *
117 * Revision 1.14.2.3 2001/10/23 04:16:42 mcr
118 * get definition of des_key_schedule from des.h
119 *
120 * Revision 1.14.2.2 2001/10/22 20:33:13 mcr
121 * use "des_key_schedule" structure instead of cooking our own.
122 *
123 * Revision 1.14.2.1 2001/09/25 02:18:25 mcr
124 * replace "struct device" with "struct netdevice"
125 *
126 * Revision 1.14 2001/06/14 19:35:08 rgb
127 * Update copyright date.
128 *
129 * Revision 1.13 2000/09/08 19:12:56 rgb
130 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
131 *
132 * Revision 1.12 2000/08/01 14:51:50 rgb
133 * Removed _all_ remaining traces of DES.
134 *
135 * Revision 1.11 2000/01/10 16:36:20 rgb
136 * Ditch last of EME option flags, including initiator.
137 *
138 * Revision 1.10 1999/12/07 18:16:22 rgb
139 * Fixed comments at end of #endif lines.
140 *
141 * Revision 1.9 1999/04/11 00:28:57 henry
142 * GPL boilerplate
143 *
144 * Revision 1.8 1999/04/06 04:54:25 rgb
145 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
146 * patch shell fixes.
147 *
148 * Revision 1.7 1999/01/26 02:06:00 rgb
149 * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
150 *
151 * Revision 1.6 1999/01/22 15:22:05 rgb
152 * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto
153 * until pluto can be fixed properly.
154 *
155 * Revision 1.5 1999/01/22 06:18:16 rgb
156 * Updated macro comments.
157 * Added key schedule types to support algorithm switch code.
158 *
159 * Revision 1.4 1998/08/12 00:07:32 rgb
160 * Added data structures for new xforms: null, {,3}dessha1.
161 *
162 * Revision 1.3 1998/07/14 15:57:01 rgb
163 * Add #ifdef __KERNEL__ to protect kernel-only structures.
164 *
165 * Revision 1.2 1998/06/25 19:33:46 rgb
166 * Add prototype for protocol receive function.
167 * Rearrange for more logical layout.
168 *
169 * Revision 1.1 1998/06/18 21:27:45 henry
170 * move sources from klips/src to klips/net/ipsec, to keep stupid
171 * kernel-build scripts happier in the presence of symlinks
172 *
173 * Revision 1.6 1998/06/05 02:28:08 rgb
174 * Minor comment fix.
175 *
176 * Revision 1.5 1998/05/27 22:34:00 rgb
177 * Changed structures to accomodate key separation.
178 *
179 * Revision 1.4 1998/05/18 22:28:43 rgb
180 * Disable key printing facilities from /proc/net/ipsec_*.
181 *
182 * Revision 1.3 1998/04/21 21:29:07 rgb
183 * Rearrange debug switches to change on the fly debug output from user
184 * space. Only kernel changes checked in at this time. radij.c was also
185 * changed to temporarily remove buggy debugging code in rj_delete causing
186 * an OOPS and hence, netlink device open errors.
187 *
188 * Revision 1.2 1998/04/12 22:03:20 rgb
189 * Updated ESP-3DES-HMAC-MD5-96,
190 * ESP-DES-HMAC-MD5-96,
191 * AH-HMAC-MD5-96,
192 * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
193 * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
194 *
195 * Fixed eroute references in /proc/net/ipsec*.
196 *
197 * Started to patch module unloading memory leaks in ipsec_netlink and
198 * radij tree unloading.
199 *
200 * Revision 1.1 1998/04/09 03:06:00 henry
201 * sources moved up from linux/net/ipsec
202 *
203 * Revision 1.1.1.1 1998/04/08 05:35:02 henry
204 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
205 *
206 * Revision 0.5 1997/06/03 04:24:48 ji
207 * Added ESP-3DES-MD5-96 transform.
208 *
209 * Revision 0.4 1997/01/15 01:28:15 ji
210 * Added definitions for new ESP transforms.
211 *
212 * Revision 0.3 1996/11/20 14:35:48 ji
213 * Minor Cleanup.
214 * Rationalized debugging code.
215 *
216 * Revision 0.2 1996/11/02 00:18:33 ji
217 * First limited release.
218 *
219 *
220 */
Michael's strongswan development tree