source
code documentation
ah.c File Reference
Detailed Description
RFC2402 - IP Authentication Header (AH).
- Author:
- Christian Scheurer <http://www.christianscheurer.ch>
OUTLINE: The AH functions are used to authenticate IPsec traffic.
IMPLEMENTATION: All functions work in-place (i.g. manipulate directly the original packet without copying any data). For the encapsulation routine, the caller must ensure that space for the new IP and AH header are available in front of the packet:
| pointer to packet header
____________________________\/_____________________________
| ¦ ¦ ¦ |
| Ethernet ¦ newIP ¦ AH, ICV ¦ original (inner) packet |
|__________¦_______¦_________¦______________________________|
¦ ¦
¦<-- room for new headers -->¦
This document is part of embedded IPsec
Copyright (c) 2003 Niklaus Schild and Christian Scheurer, HTI Biel/Bienne
All rights reserved.
This file contains code from the OpenSSL Project
portions Copyright (c) 1998-2003 OpenSSL (www.openssl.org)
Definition in file ah.c.
#include <string.h>
#include "ipsec/ipsec.h"
#include "ipsec/util.h"
#include "ipsec/debug.h"
#include "ipsec/sa.h"
#include "ipsec/md5.h"
#include "ipsec/sha1.h"
#include "ipsec/ah.h"
Go to the source code of this file.
Function Documentation
|
Checks AH header and ICV (RFC 2402). Mutable fields of the outer IP header are set to zero prior to the ICV calculation.
- Todo:
- Extend function to support transport mode
- Parameters:
-
outer_packet | pointer used to access the (outer) IP packet which hast to be checked |
payload_offset | pointer used to return offset of inner (original) IP packet relative to the start of the outer header |
payload_size | pointer used to return total size of the inner (original) IP packet |
sa | pointer to security association holding the secret authentication key |
- Returns:
- IPSEC_STATUS_SUCCESS packet could be authenticated
IPSEC_STATUS_FAILURE packet is corrupted or ICV does not match
IPSEC_STATUS_NOT_IMPLEMENTED invalid mode (only IPSEC_TUNNEL mode is implemented)
Definition at line 100 of file ah.c. |
|
Adds AH and outer IP header, calculates ICV (RFC 2402).
- Warning:
- Attention: this function requires room (IPSEC_AH_HDR_SIZE + IPSEC_AUTH_ICV + IPSEC_MIN_IPHDR_SIZE) in front of the inner_packet pointer to add outer IP header and AH header. Depending on the TCP/IP stack implementation, additional space for the Link layer (Ethernet header) should be added).
- Todo:
- Extend function to support transport mode
- Parameters:
-
inner_packet | pointer used to access the (outer) IP packet which hast to be checked |
payload_offset | pointer used to return offset of inner (original) IP packet relative to the start of the outer header |
payload_size | pointer used to return total size of the inner (original) IP packet |
src | IP address of the local tunnel start point (external IP address) |
dst | IP address of the remote tunnel end point (external IP address) |
sa | pointer to security association holding the secret authentication key |
- Returns:
- IPSEC_STATUS_SUCCESS packet could be authenticated
IPSEC_STATUS_FAILURE packet is corrupted or ICV does not match
IPSEC_STATUS_NOT_IMPLEMENTED invalid mode (only IPSEC_TUNNEL mode is implemented)
- Todo:
- fix TTL update and checksum calculation
id must be generated properly and incremented
Definition at line 214 of file ah.c. |
Variable Documentation
|
save session state to detect replays - must be 32 bits. Note: must be initialized with zero (0x00000000) when a new SA is established!
Definition at line 76 of file ah.c. |
|
save session state to detect replays Note: must be initialized with zero (0x00000000) when a new SA is established!
Definition at line 79 of file ah.c. |
|