message.h

mobile ip 在linux下的一种实现

 * - Session Key based authentication (i.e. session key is used like shared
 *   secret)
 * - used in local location updates
 * VENDOR_EXT_DYNAMICS_SHA_HA_AUTH 17
 * - Surrogate Home Agent-private Home Agent Authentication
 */

#define GET_VENDOR_AUTH_EXT_LEN(msg_key) (msg_key->length + 2)
#define GET_VENDOR_AUTH_LEN(msg_key) (msg_key->length - (NVSE_HEADER_LEN + 4))
#define MIN_VENDOR_AUTH_LEN (NVSE_HEADER_LEN + 4)
#define MSG_VENDOR_AUTH_DATA(msg) (((unsigned char*)msg) + \
sizeof(struct vendor_msg_auth))

struct vendor_msg_auth {
	VENDOR_EXT_HEADER
	__u32 spi;
} ATTRIBUTE_PACKED;


/* Most of these extensions are based on regkey draft, but the type of the
 * length field is changed (now 8 bits) and the implemention is using vendor
 * extensions with type > 127
 *
 * msg_key vendor sub_type can be:
 *
 * Foreign Agent Key Request (regkey: type=113)
 * VENDOR_EXT_DYNAMICS_FA_KEYREQ 3
 *  - sent by foreign agents to next higher agent if there is a security
 *    association to that agent
 *  - does not have key data (i.e. length = 4 always)
 *  - sent in registration requests
 *
 * Foreign Agent Public Key (regkey: type=115)
 * VENDOR_EXT_DYNAMICS_FA_PUBKEY 4
 *  - sent by foreign agents to next higher agent if no security association
 *    is available
 *  - contains foreign agent public key (RSA)
 *  - sent in registration requests
 *
 * Mobile Node Key Request (regkey: no similar type)
 * VENDOR_EXT_DYNAMICS_MN_KEYREQ 5
 *  - sent by mobile node to home agent
 *  - does not have key data (i.e. length = 4 always)
 *  - sent in registration requests
 *
 * Home-Mobile Key Reply (regkey: type=120)
 * VENDOR_EXT_DYNAMICS_MN_KEYREP 6
 *  - sent by home agent (indirectly) to mobile node
 *  - contains session key encrypted with shared secret
 *  - sent in registration replies
 *
 * Foreign Agent Key Reply (regkey: type=121)
 * VENDOR_EXT_DYNAMICS_FA_KEYREP 7
 *  - sent by agents to next lower foreign agent
 *  - contains session key encrypted with shared secret
 *  - sent in registration replies
 *
 * Foreign Agent Public Key Reply (regkey: type=123)
 * VENDOR_EXT_DYNAMICS_FA_PUBKEYREP 8
 *  - sent by agents to next lower foreign agent
 *  - contains encrypted session key (RSA)
 *  - sent in registration replies
 *
 * Public Key Hash
 * VENDOR_EXT_DYNAMICS_PUBKEY_HASH 11
 *  - sent by FAs in the agentadv and by MN in the registration request
 *  - used for man-in-the-middle style attack prevention
 *  - contains the hash code of the HFA's public key
 */

#define GET_KEY_EXT_LEN(msg_key) (msg_key->length + 2)
#define GET_KEY_LEN(msg_key) (msg_key->length - (NVSE_HEADER_LEN + 4))
#define MIN_KEY_EXT_LEN (NVSE_HEADER_LEN + 4)
#define MSG_KEY_DATA(msg) ((unsigned char*)(((char*)msg) + \
        sizeof(struct msg_key)))

#define PUBKEY_ALG_SPI_RSA 1000

struct msg_key {
	VENDOR_EXT_HEADER
	__u32 spi;
} ATTRIBUTE_PACKED;

/* See draft-ietf-mobileip-regkey-00.txt for more detailed description
 * of the key request/reply extensions.
 */

/* VENDOR_EXT_DYNAMICS_FA_NAI 12 */
/* VENDOR_EXT_DYNAMICS_PREVIOUS_FA_NAI 13 */
#define GET_NAI_EXT_LEN(msg_nai) (msg_nai->length + 2)
#define GET_NAI_LEN(msg_nai) (msg_nai->length - NVSE_HEADER_LEN)
#define MSG_NAI_DATA(msg_nai) ((unsigned char*)(((char*)msg_nai) + \
        sizeof(struct fa_nai_ext)))
#define MAX_NAI_LEN 128

struct fa_nai_ext {
	VENDOR_EXT_HEADER
} ATTRIBUTE_PACKED;


/* VENDOR_EXT_DYNAMICS_GRE_KEY 14 */
#define GET_GRE_KEY_EXT_LEN(msg_gre) (msg_gre->length + 2)
#define GET_GRE_KEY_LEN(msg_gre) (msg_gre->length - NVSE_HEADER_LEN)
struct gre_key_ext {
	VENDOR_EXT_HEADER
	__u32 key;
} ATTRIBUTE_PACKED;

/* VENDOR_EXT_DYNAMICS_SFA_DEBUG 15 */
#define GET_SFA_DEBUG_EXT_LEN(msg_sfa) (msg_sfa->length + 2)
struct sfa_debug_ext {
	VENDOR_EXT_HEADER
	struct in_addr sfa_addr;
} ATTRIBUTE_PACKED;

/* VENDOR_EXT_DYNAMICS_PRIV_HA 16 */
#define GET_PRIV_HA_EXT_LEN(msg) (msg->length + 2)
struct priv_ha_ext {
	VENDOR_EXT_HEADER
	__u32 priv_ha;
} ATTRIBUTE_PACKED;

/* VENDOR_EXT_DYNAMICS_NONCE 18 */
#define GET_NONCE_EXT_LEN(msg) (msg->length + 2)
struct nonce_ext {
	VENDOR_EXT_HEADER
	__u32 nonce;
} ATTRIBUTE_PACKED;

/* RFC 2002 */
#define ONE_BYTE_PADDING 0


/* RFC 3024 */

#define ENCAPS_DELIVERY_EXT 130
struct encaps_delivery_ext {
	__u8 type; /* 130 */
	__u8 length; /* 0 */
} ATTRIBUTE_PACKED;


/* RFC 2794 */

#define MN_NAI_EXT 131

#define GET_MN_NAI_EXT_LEN(msg_nai) (msg_nai->length + 2)
#define GET_MN_NAI_LEN(msg_nai) (msg_nai->length)
#define MSG_MN_NAI_DATA(msg_nai) ((unsigned char*)(((char*)msg_nai) + \
        sizeof(struct mn_nai_ext)))

struct mn_nai_ext {
	__u8 type; /* 131 */
	__u8 length;
} ATTRIBUTE_PACKED;


/* RFC 3012 */

#define AGENT_ADV_CHALLENGE_EXT 24
#define MN_FA_CHALLENGE_EXT 132

#define GET_CHALLENGE_EXT_LEN(ext) (ext->length + 2)
#define GET_CHALLENGE_LEN(ext) (ext->length)
#define MSG_CHALLENGE_EXT_DATA(ext) ((unsigned char *)(((char *) ext) + \
        sizeof(struct challenge_ext)))
#define MAX_CHALLENGE_LEN 256

struct challenge_ext {
	__u8 type; /* 24 / 132 */
	__u8 length;
	/* followed by 0 .. 256 bytes of challenge data */
} ATTRIBUTE_PACKED;


#define GENERALIZED_AUTH_EXT 36

/* generalized auth. ext. subtypes */
#define GENERALIZED_AUTH_MN_AAA 1

#define GET_GEN_AUTH_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_AUTH_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_AUTH_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_auth_ext))

struct generalized_auth_ext {
	__u8 type; /* 36 */
	__u8 subtype; /* 1 */
	__u16 length;
	__u32 spi;
	/* followed by 16 or more bytes of authenticator data */
} ATTRIBUTE_PACKED;

#define CHAP_SPI 2


/* draft-ietf-mobileip-gen-key-00 */

/* Generalized MN-FA Key Request Extension */

#define GENERALIZED_MN_FA_KEY_REQ_EXT 40

#define GET_GEN_MN_FA_KEY_REQ_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_MN_FA_KEY_REQ_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_MN_FA_KEY_REQ_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_mn_fa_key_req_ext))

struct generalized_mn_fa_key_req_ext {
	__u8 type; /* 40 */
	__u8 subtype;
	__u16 length;
	__u32 mn_spi;
	/* followed by (SHOULD be at least 16 bytes of) subtype data */
} ATTRIBUTE_PACKED;

/* MN-FA Key Request subtypes */
/* draft-ietf-mobileip-aaa-key-07.txt */
#define GEN_MN_FA_KEY_REQ_FROM_AAA 7
/* this extension MUST appear before MN-AAA auth. ext. */


/* Generalized MN-FA Key Reply Extension */

#define GENERALIZED_MN_FA_KEY_REP_EXT 41

#define GET_GEN_MN_FA_KEY_REP_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_MN_FA_KEY_REP_LEN(ext) (ntohs(ext->length))
#define MSG_GEN_MN_FA_KEY_REP_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_mn_fa_key_rep_ext))

struct generalized_mn_fa_key_rep_ext {
	__u8 type; /* 41 */
	__u8 subtype;
	__u16 length;
	/* followed by subtype data */
} ATTRIBUTE_PACKED;

/* MN-FA Key Reply subtypes */
/* draft-ietf-mobileip-aaa-key-07.txt */
#define GEN_MN_FA_KEY_REP_KEY_MATERIAL_FROM_AAA 7
/* this extension MUST appear before MN-FA auth. ext. */
struct mn_fa_key_material_from_aaa {
	u32 lifetime;
	u32 aaa_spi;
	u32 fa_spi;
	u16 alg_id;
	/* followed by key material; a random value of at least 64 bits */
} ATTRIBUTE_PACKED;


/* Generalized MN-HA Key Request Extension */

#define GENERALIZED_MN_HA_KEY_REQ_EXT 42

#define GET_GEN_MN_HA_KEY_REQ_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_MN_HA_KEY_REQ_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_MN_HA_KEY_REQ_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_mn_ha_key_req_ext))

struct generalized_mn_ha_key_req_ext {
	__u8 type; /* 42 */
	__u8 subtype;
	__u16 length;
	__u32 mn_spi;
	/* followed by (SHOULD be at least 16 bytes of) subtype data */
} ATTRIBUTE_PACKED;

/* MN-HA Key Request subtypes */
/* draft-ietf-mobileip-aaa-key-07.txt */
#define GEN_MN_HA_KEY_REQ_FROM_AAA 7
/* this extension MUST appear before MN-AAA auth. ext. */


/* Generalized MN-HA Key Reply Extension */

#define GENERALIZED_MN_HA_KEY_REP_EXT 43

#define GET_GEN_MN_HA_KEY_REP_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_MN_HA_KEY_REP_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_MN_HA_KEY_REP_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_mn_ha_key_rep_ext))

struct generalized_mn_ha_key_rep_ext {
	__u8 type; /* 43 */
	__u8 subtype;
	__u16 length;
	__u32 lifetime;
	/* followed by subtype data */
} ATTRIBUTE_PACKED;

/* MN-HA Key Reply subtypes */
/* draft-ietf-mobileip-aaa-key-07.txt */
#define GEN_MN_HA_KEY_REP_KEY_MATERIAL_FROM_AAA 1
/* this extension MUST appear before MN-HA auth. ext. */
struct mn_ha_key_material_from_aaa {
	u32 aaa_spi;
	u32 ha_spi;
	u16 alg_id;
	u16 replay_method;
	/* followed by key material; a random value of at least 64 bits */
} ATTRIBUTE_PACKED;


/* Generalized FA-HA Key Reply Extension */

#define GENERALIZED_FA_HA_KEY_REP_EXT 45

#define GET_GEN_FA_HA_KEY_REP_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_FA_HA_KEY_REP_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_FA_HA_KEY_REP_DATA(ext) (((unsigned char *) ext) + \
	sizeof(struct generalized_fa_ha_key_rep_ext))

struct generalized_fa_ha_key_rep_ext {
	__u8 type; /* 45 */
	__u8 subtype;
	__u16 length;
	__u32 lifetime;
	/* followed by subtype data */
} ATTRIBUTE_PACKED;


/* Generalized FA-FA Key Reply Extension */

#define GENERALIZED_FA_FA_KEY_REP_EXT 46

#define GET_GEN_FA_FA_KEY_REP_EXT_LEN(ext) (ntohs(ext->length) + 4)
#define GET_GEN_FA_FA_KEY_REP_LEN(ext) (ntohs(ext->length) - 4)
#define MSG_GEN_FA_FA_KEY_REP_DATA(ext) (((unsigned cfar *) ext) + \
	sizeof(struct generalized_fa_fa_key_rep_ext))

struct generalized_fa_fa_key_rep_ext {
	__u8 type; /* 46 */
	__u8 subtype;
	__u16 length;
	__u32 fa_fa_spi;
	/* followed by subtype data */
} ATTRIBUTE_PACKED;


/* draft-ietf-mobileip-aaa-key-07.txt */

/* Algorithm Identifiers */
#define AAA_KEY_ALG_MD5 1		/* MD5/prefix+suffix, RFC 2002 */
#define AAA_KEY_ALG_HMAC_MD5 2		/* HMAC MD5, RFC 2104 */
#define AAA_KEY_ALG_SHA1 3		/* FIPS 180-1 */

/* Replay Methods */
#define AAA_KEY_REPLAY_NONE 1		/* RFC 2002 */
#define AAA_KEY_REPLAY_TIMESTAMPS 2	/* RFC 2002 */
#define AAA_KEY_REPLAY_NONCES 3		/* RFC 2002 */

#endif /* MESSAGE_H */