auth.h

mobile ip 在linux下的一种实现

/* $Id: auth.h,v 1.16 2001/07/14 15:19:16 jm Exp $
 * Message Authentication Routines
 *
 * Dynamic hierarchial IP tunnel
 * Copyright (C) 1998-2001, Dynamics group
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation. See README and COPYING for
 * more details.
 */

#ifndef AUTH_H
#define AUTH_H

#include "message.h"

#define AUTH_ALG_MD5 1
/* Original RFC 2002 does not include the SPI field of the authentication
 * extension in the protected data area. This has been fixed in the
 * draft-ietf-mobileip-v2-00.txt, but to  handle the both situations this
 * extra "algorithm" is added; the only difference is that it does not use
 * the SPI field in MAC calculation (i.e. conforms to RFC 2002). If the
 * default version does not work, the alternative is tried automatically. */
#define AUTH_ALG_MD5_RFC2002 -1

/* RFC 3012, Sec. 8 */
#define AUTH_ALG_RADIUS 2
/* RFC 2002, number 3 as an alias for AUTH_ALD_MD5 */
#define AUTH_ALG_MD5_PREFIX_SUFFIX 3
/* RFC 2104 */
#define AUTH_ALG_HMAC_MD5 4
/* FIPS 180-1 */
#define AUTH_ALG_SHA1 5
/* RFC 2104 */
#define AUTH_ALG_HMAC_SHA1 6

#define REPLAY_PROTECTION_NONE 0
#define REPLAY_PROTECTION_TIMESTAMP 1
#define REPLAY_PROTECTION_NONCE 2

/* the maximum session key length with any of the implemented algorithms */
#define MAX_SK_LEN 20
#define MD5_SK_LEN 16
#define SHA1_SK_LEN 20

int auth_add(int alg, unsigned char *key, unsigned int keylen,
	     unsigned char *data, struct msg_auth *auth,
	     __u8 auth_type, __u32 spi);
int auth_check(int alg, unsigned char *key, unsigned int keylen,
	       unsigned char *data, struct msg_auth *auth);
int auth_add_vendor(int alg, unsigned char *key, unsigned int keylen,
		    unsigned char *data, struct vendor_msg_auth *auth,
		    __u16 auth_type, __u32 spi);
int auth_check_vendor(int alg, unsigned char *key, unsigned int keylen,
		      unsigned char *data, struct vendor_msg_auth *auth);
int auth_add_gen(int alg, unsigned char *key, unsigned int keylen,
		 unsigned char *data, unsigned char *challenge,
		 int challenge_len, struct generalized_auth_ext *auth,
		 __u8 auth_subtype, __u32 spi);
int auth_check_gen(int alg, unsigned char *key, unsigned int keylen,
		   unsigned char *data, struct generalized_auth_ext *auth);
int auth_encrypt(int alg, unsigned char *ssec, unsigned int sseclen,
		 unsigned char *key, struct msg_key *keyrep,
		 struct reg_rep *data, __u8 keytype, __u32 spi);
unsigned char* auth_decrypt(int alg, unsigned char *key, unsigned int keylen,
			    struct msg_key *keyrep, struct reg_rep *data,
			    int *sk_len);
int generate_session_key(int alg, unsigned char *key, unsigned int key_len,
			 unsigned char *session_key);
int auth_is_protected(void *ext, void *auth);
int auth_aaa_key_alg_id_to_dynamics(int alg_id);
int auth_aaa_key_replay_to_dynamics(int replay);
int auth_generate_key(int alg, unsigned char *key, unsigned int keylen,
		      const unsigned char *keymaterial,
		      unsigned int keymateriallen,
		      const unsigned char *nodeaddr, unsigned int nodeaddrlen,
		      unsigned char *genkey, unsigned int *genkeylen);
int auth_supported_auth_alg(int alg);

#endif