-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathipea.h
More file actions
77 lines (63 loc) · 2.02 KB
/
ipea.h
File metadata and controls
77 lines (63 loc) · 2.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/*
* IP Encryption and Authentication Protocol
*
* Author: Vuong Hoang <vuonghv.cs@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#ifndef _IPEA_IPEA_H
#define _IPEA_IPEA_H
#include <linux/types.h>
#include <linux/skbuff.h>
#define LICENSE "GPL"
#define ALIAS "ipea"
#define DRIVER_AUTHOR "Vuong Hoang <vuonghv.cs@gmail.com>"
#define DRIVER_DESC "IP Encryption and Authentication Protocol"
/* This IP number in the Protocol field of the IPv4 */
#define IPEA_PROTOCOL_NUMBER 0xEE
#define IPEA_MAC_SIZE 20 /* HMAC(SHA1) */
#define IPEA_ENCRYPT_BLOCKSIZE 16 /* AES */
#define IPEA_ENC_MAX_KEYSIZE 32
#define IPEA_HMAC_MAX_KEYSIZE 32
#define AES_BLOCK_SIZE 16
#define AES_128_KEYSIZE 16
#define AES_192_KEYSIZE 24
#define AES_256_KEYSIZE 32
#define HMAC_KEY_SIZE 20
enum CRYPTO_ALG {
CRYPTO_AES_128,
CRYPTO_AES_192,
CRYPTO_AES_256
};
enum CRYPTO_MODE {
CBC, CTR
};
/* Currently, only support AES-CBC */
struct ipea_key {
size_t ekeylen;
size_t hkeylen;
u8 ekey[IPEA_ENC_MAX_KEYSIZE]; /* encryption key */
u8 iv[AES_BLOCK_SIZE]; /* init vector for CBC mode */
u8 hkey[IPEA_HMAC_MAX_KEYSIZE]; /* hmac key */
};
struct ipea_hdr {
u8 enc_alg; /* Encryption algorithm used */
u8 mode;
u8 protocol; /* saved the protocol field of IP header */
};
/* Encrypt the IP-packet's payload by using AES-CBC
* then hash the packet by using HMAC-SHA1
* exclude TTL, DSCP, Header Checksum
*/
int ipea_encrypt_mac(struct sk_buff *skb,
const struct ipea_hdr *ea_hdr,
const struct ipea_key *ipkey);
/* Verify the IP-packet
* return true if the packet is valid, otherwise false
*/
bool ipea_valid(struct sk_buff *skb, const struct ipea_key *ipeakey);
int ipea_decrypt(struct sk_buff *skb, const struct ipea_key *ipkey);
#endif /* _IPEA_IPEA_H */