2 * Copyright (C) 1996, 1997 John Ioannidis.
3 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: ipsec_esp.h,v 1.2 2004/03/22 21:53:18 as Exp $
18 #include "freeswan/ipsec_md5h.h"
19 #include "freeswan/ipsec_sha1.h"
21 #include "crypto/des.h"
24 #define IPPROTO_ESP 50
25 #endif /* IPPROTO_ESP */
27 #define ESP_HEADER_LEN 8 /* 64 bits header (spi+rpl)*/
29 #define EMT_ESPDESCBC_ULEN 20 /* coming from user mode */
30 #define EMT_ESPDES_KMAX 64 /* 512 bit secret key enough? */
31 #define EMT_ESPDES_KEY_SZ 8 /* 56 bit secret key with parity = 64 bits */
32 #define EMT_ESP3DES_KEY_SZ 24 /* 168 bit secret key with parity = 192 bits */
33 #define EMT_ESPDES_IV_SZ 8 /* IV size */
34 #define ESP_DESCBC_BLKLEN 8 /* DES-CBC block size */
36 #define ESP_IV_MAXSZ 16 /* This is _critical_ */
37 #define ESP_IV_MAXSZ_INT (ESP_IV_MAXSZ/sizeof(int))
39 #define DB_ES_PKTRX 0x0001
40 #define DB_ES_PKTRX2 0x0002
41 #define DB_ES_IPSA 0x0010
42 #define DB_ES_XF 0x0020
43 #define DB_ES_IPAD 0x0040
44 #define DB_ES_INAU 0x0080
45 #define DB_ES_OINFO 0x0100
46 #define DB_ES_OINFO2 0x0200
47 #define DB_ES_OH 0x0400
48 #define DB_ES_REPLAY 0x0800
55 extern struct inet_protocol esp_protocol
;
60 esp_rcv(struct sk_buff
*skb
,
67 struct inet_protocol
*protocol
);
69 /* Only for 64 bits IVs, eg. ESP_3DES :P */
72 __u32 esp_spi
; /* Security Parameters Index */
73 __u32 esp_rpl
; /* Replay counter */
74 __u8 esp_iv
[8]; /* iv */
77 #ifdef CONFIG_IPSEC_DEBUG
79 #endif /* CONFIG_IPSEC_DEBUG */
80 #endif /* __KERNEL__ */
83 * $Log: ipsec_esp.h,v $
84 * Revision 1.2 2004/03/22 21:53:18 as
85 * merged alg-0.8.1 branch with HEAD
87 * Revision 1.1.4.1 2004/03/16 09:48:18 as
88 * alg-0.8.1rc12 patch merged
90 * Revision 1.1 2004/03/15 20:35:25 as
91 * added files from freeswan-2.04-x509-1.5.3
93 * Revision 1.21 2003/02/06 02:21:34 rgb
95 * Moved "struct auth_alg" from ipsec_rcv.c to ipsec_ah.h .
96 * Changed "struct ah" to "struct ahhdr" and "struct esp" to "struct esphdr".
97 * Removed "#ifdef INBOUND_POLICY_CHECK_eroute" dead code.
99 * Revision 1.20 2002/05/14 02:37:02 rgb
100 * Change reference from _TDB to _IPSA.
102 * Revision 1.19 2002/04/24 07:55:32 mcr
103 * #include patches and Makefiles for post-reorg compilation.
105 * Revision 1.18 2002/04/24 07:36:46 mcr
106 * Moved from ./klips/net/ipsec/ipsec_esp.h,v
108 * Revision 1.17 2002/02/20 01:27:07 rgb
109 * Ditched a pile of structs only used by the old Netlink interface.
111 * Revision 1.16 2001/12/11 02:35:57 rgb
112 * Change "struct net_device" to "struct device" for 2.2 compatibility.
114 * Revision 1.15 2001/11/26 09:23:48 rgb
115 * Merge MCR's ipsec_sa, eroute, proc and struct lifetime changes.
117 * Revision 1.14.2.3 2001/10/23 04:16:42 mcr
118 * get definition of des_key_schedule from des.h
120 * Revision 1.14.2.2 2001/10/22 20:33:13 mcr
121 * use "des_key_schedule" structure instead of cooking our own.
123 * Revision 1.14.2.1 2001/09/25 02:18:25 mcr
124 * replace "struct device" with "struct netdevice"
126 * Revision 1.14 2001/06/14 19:35:08 rgb
127 * Update copyright date.
129 * Revision 1.13 2000/09/08 19:12:56 rgb
130 * Change references from DEBUG_IPSEC to CONFIG_IPSEC_DEBUG.
132 * Revision 1.12 2000/08/01 14:51:50 rgb
133 * Removed _all_ remaining traces of DES.
135 * Revision 1.11 2000/01/10 16:36:20 rgb
136 * Ditch last of EME option flags, including initiator.
138 * Revision 1.10 1999/12/07 18:16:22 rgb
139 * Fixed comments at end of #endif lines.
141 * Revision 1.9 1999/04/11 00:28:57 henry
144 * Revision 1.8 1999/04/06 04:54:25 rgb
145 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes
148 * Revision 1.7 1999/01/26 02:06:00 rgb
149 * Removed CONFIG_IPSEC_ALGO_SWITCH macro.
151 * Revision 1.6 1999/01/22 15:22:05 rgb
152 * Re-enable IV in the espblkrply_edata structure to avoid breaking pluto
153 * until pluto can be fixed properly.
155 * Revision 1.5 1999/01/22 06:18:16 rgb
156 * Updated macro comments.
157 * Added key schedule types to support algorithm switch code.
159 * Revision 1.4 1998/08/12 00:07:32 rgb
160 * Added data structures for new xforms: null, {,3}dessha1.
162 * Revision 1.3 1998/07/14 15:57:01 rgb
163 * Add #ifdef __KERNEL__ to protect kernel-only structures.
165 * Revision 1.2 1998/06/25 19:33:46 rgb
166 * Add prototype for protocol receive function.
167 * Rearrange for more logical layout.
169 * Revision 1.1 1998/06/18 21:27:45 henry
170 * move sources from klips/src to klips/net/ipsec, to keep stupid
171 * kernel-build scripts happier in the presence of symlinks
173 * Revision 1.6 1998/06/05 02:28:08 rgb
176 * Revision 1.5 1998/05/27 22:34:00 rgb
177 * Changed structures to accomodate key separation.
179 * Revision 1.4 1998/05/18 22:28:43 rgb
180 * Disable key printing facilities from /proc/net/ipsec_*.
182 * Revision 1.3 1998/04/21 21:29:07 rgb
183 * Rearrange debug switches to change on the fly debug output from user
184 * space. Only kernel changes checked in at this time. radij.c was also
185 * changed to temporarily remove buggy debugging code in rj_delete causing
186 * an OOPS and hence, netlink device open errors.
188 * Revision 1.2 1998/04/12 22:03:20 rgb
189 * Updated ESP-3DES-HMAC-MD5-96,
190 * ESP-DES-HMAC-MD5-96,
192 * AH-HMAC-SHA1-96 since Henry started freeswan cvs repository
193 * from old standards (RFC182[5-9] to new (as of March 1998) drafts.
195 * Fixed eroute references in /proc/net/ipsec*.
197 * Started to patch module unloading memory leaks in ipsec_netlink and
198 * radij tree unloading.
200 * Revision 1.1 1998/04/09 03:06:00 henry
201 * sources moved up from linux/net/ipsec
203 * Revision 1.1.1.1 1998/04/08 05:35:02 henry
204 * RGB's ipsec-0.8pre2.tar.gz ipsec-0.8
206 * Revision 0.5 1997/06/03 04:24:48 ji
207 * Added ESP-3DES-MD5-96 transform.
209 * Revision 0.4 1997/01/15 01:28:15 ji
210 * Added definitions for new ESP transforms.
212 * Revision 0.3 1996/11/20 14:35:48 ji
214 * Rationalized debugging code.
216 * Revision 0.2 1996/11/02 00:18:33 ji
217 * First limited release.