embedded IPsec source code documentation

Main Page | Alphabetical List | Data Structures | File List | Data Fields | Globals | Related Pages

esp.h File Reference

Detailed Description

Header for the Encapsulating Security Payload module.

Author:
Niklaus Schild <n.schild@gmx.ch>
This document is part of embedded IPsec
Copyright (c) 2003 Niklaus Schild and Christian Scheurer, HTI Biel/Bienne
All rights reserved.
This file contains code from the OpenSSL Project
portions Copyright (c) 1998-2003 OpenSSL (www.openssl.org)

Definition in file esp.h.

#include "ipsec/sa.h"

Go to the source code of this file.

Data Structures

struct  esp_packet_struct
struct  ipsec_esp_header_struct

Defines

#define IPSEC_ESP_IV_SIZE   (8)
#define IPSEC_ESP_SPI_SIZE   (4)
#define IPSEC_ESP_SEQ_SIZE   (4)
#define IPSEC_ESP_HDR_SIZE   (IPSEC_ESP_SPI_SIZE+IPSEC_ESP_SEQ_SIZE)

Typedefs

typedef ipsec_esp_header_struct ipsec_esp_header
typedef esp_packet_struct esp_packet

Functions

ipsec_status ipsec_esp_decapsulate (ipsec_ip_header *packet, int *offset, int *len, sad_entry *sa)
ipsec_status ipsec_esp_encapsulate (ipsec_ip_header *packet, int *offset, int *len, sad_entry *sa, __u32 src_addr, __u32 dest_addr)

Variables

__u32 ipsec_esp_bitmap
__u32 ipsec_esp_lastSeq

Define Documentation

#define IPSEC_ESP_HDR_SIZE   (IPSEC_ESP_SPI_SIZE+IPSEC_ESP_SEQ_SIZE)
 

Defines the size (in bytes) of the ESP header. Actually it defines just the size of the header which is located in

Definition at line 51 of file esp.h.

#define IPSEC_ESP_IV_SIZE   (8)
 

Defines the size (in bytes) of the Initialization Vector used by DES and 3DES

Definition at line 48 of file esp.h.

#define IPSEC_ESP_SEQ_SIZE   (4)
 

Defines the size (in bytes) of the Sequence Number of an ESP packet

Definition at line 50 of file esp.h.

#define IPSEC_ESP_SPI_SIZE   (4)
 

Defines the size (in bytes) of the SPI of an ESP packet

Definition at line 49 of file esp.h.

Typedef Documentation

typedef struct esp_packet_struct esp_packet
 

typedef struct ipsec_esp_header_struct ipsec_esp_header
 

Function Documentation

ipsec_status ipsec_esp_decapsulate ipsec_ip_header packet,
int *  offset,
int *  len,
sad_entry sa
 

Decapsulates an IP packet containing an ESP header.

Parameters:
packet pointer to the ESP header
offset pointer to the offset which is passed back
len pointer to the length of the decapsulated packet
sa pointer to the SA
Returns:
IPSEC_STATUS_SUCCESS if the packet could be decapsulated properly

IPSEC_STATUS_FAILURE if the SA's authentication algorithm was invalid or if ICV comparison failed

IPSEC_STATUS_BAD_PACKET if the decryption gave back a strange packet

Definition at line 111 of file esp.c.

ipsec_status ipsec_esp_encapsulate ipsec_ip_header packet,
int *  offset,
int *  len,
sad_entry sa,
__u32  src_addr,
__u32  dest_addr
 

Encapsulates an IP packet into an ESP packet which will again be added to an IP packet.

Parameters:
packet pointer to the IP packet
offset pointer to the offset which will point to the new encapsulated packet
len pointer to the length of the new encapsulated packet
sa pointer to the SA
src_addr source IP address of the outer IP header
dest_addr destination IP address of the outer IP header
Returns:
IPSEC_STATUS_SUCCESS if the packet was properly encapsulated

IPSEC_STATUS_TTL_EXPIRED if the TTL expired

IPSEC_STATUS_FAILURE if the SA contained a bad authentication algorithm

Todo:
fix TTL update and checksum calculation

id must be generated properly and incremented

1st packet needs to be sent out with squ = 1

Definition at line 230 of file esp.c.

Variable Documentation

__u32 ipsec_esp_bitmap
 

save session state to detect replays - must be 32 bits. Note: must be initialized with zero (0x00000000) when a new SA is established!

Definition at line 69 of file esp.h.

__u32 ipsec_esp_lastSeq
 

save session state to detect replays Note: must be initialized with zero (0x00000000) when a new SA is established!

Definition at line 70 of file esp.h.

Copyright 2003 by Christian Scheurer and Niklaus Schild