esp.h
Go to the documentation of this file.
1 /**
2  * @file esp.h
3  * @brief ESP (IP Encapsulating Security Payload)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 #ifndef _ESP_H
32 #define _ESP_H
33 
34 //Dependencies
35 #include "ipsec/ipsec.h"
36 
37 //ESP support
38 #ifndef ESP_SUPPORT
39  #define ESP_SUPPORT ENABLED
40 #elif (ESP_SUPPORT != ENABLED && ESP_SUPPORT != DISABLED)
41  #error ESP_SUPPORT parameter is not valid
42 #endif
43 
44 //Extended Sequence Numbers support
45 #ifndef ESP_ESN_SUPPORT
46  #define ESP_ESN_SUPPORT ENABLED
47 #elif (ESP_ESN_SUPPORT != ENABLED && ESP_ESN_SUPPORT != DISABLED)
48  #error ESP_ESN_SUPPORT parameter is not valid
49 #endif
50 
51 //CBC cipher mode support
52 #ifndef ESP_CBC_SUPPORT
53  #define ESP_CBC_SUPPORT ENABLED
54 #elif (ESP_CBC_SUPPORT != ENABLED && ESP_CBC_SUPPORT != DISABLED)
55  #error ESP_CBC_SUPPORT parameter is not valid
56 #endif
57 
58 //CTR cipher mode support
59 #ifndef ESP_CTR_SUPPORT
60  #define ESP_CTR_SUPPORT DISABLED
61 #elif (ESP_CTR_SUPPORT != ENABLED && ESP_CTR_SUPPORT != DISABLED)
62  #error ESP_CTR_SUPPORT parameter is not valid
63 #endif
64 
65 //CCM_8 AEAD support
66 #ifndef ESP_CCM_8_SUPPORT
67  #define ESP_CCM_8_SUPPORT DISABLED
68 #elif (ESP_CCM_8_SUPPORT != ENABLED && ESP_CCM_8_SUPPORT != DISABLED)
69  #error ESP_CCM_8_SUPPORT parameter is not valid
70 #endif
71 
72 //CCM_12 AEAD support
73 #ifndef ESP_CCM_12_SUPPORT
74  #define ESP_CCM_12_SUPPORT DISABLED
75 #elif (ESP_CCM_12_SUPPORT != ENABLED && ESP_CCM_12_SUPPORT != DISABLED)
76  #error ESP_CCM_12_SUPPORT parameter is not valid
77 #endif
78 
79 //CCM_16 AEAD support
80 #ifndef ESP_CCM_16_SUPPORT
81  #define ESP_CCM_16_SUPPORT DISABLED
82 #elif (ESP_CCM_16_SUPPORT != ENABLED && ESP_CCM_16_SUPPORT != DISABLED)
83  #error ESP_CCM_16_SUPPORT parameter is not valid
84 #endif
85 
86 //GCM_8 AEAD support
87 #ifndef ESP_GCM_8_SUPPORT
88  #define ESP_GCM_8_SUPPORT DISABLED
89 #elif (ESP_GCM_8_SUPPORT != ENABLED && ESP_GCM_8_SUPPORT != DISABLED)
90  #error ESP_GCM_8_SUPPORT parameter is not valid
91 #endif
92 
93 //GCM_12 AEAD support
94 #ifndef ESP_GCM_12_SUPPORT
95  #define ESP_GCM_12_SUPPORT DISABLED
96 #elif (ESP_GCM_12_SUPPORT != ENABLED && ESP_GCM_12_SUPPORT != DISABLED)
97  #error ESP_GCM_12_SUPPORT parameter is not valid
98 #endif
99 
100 //GCM_16 AEAD support
101 #ifndef ESP_GCM_16_SUPPORT
102  #define ESP_GCM_16_SUPPORT ENABLED
103 #elif (ESP_GCM_16_SUPPORT != ENABLED && ESP_GCM_16_SUPPORT != DISABLED)
104  #error ESP_GCM_16_SUPPORT parameter is not valid
105 #endif
106 
107 //ChaCha20Poly1305 AEAD support
108 #ifndef ESP_CHACHA20_POLY1305_SUPPORT
109  #define ESP_CHACHA20_POLY1305_SUPPORT ENABLED
110 #elif (ESP_CHACHA20_POLY1305_SUPPORT != ENABLED && ESP_CHACHA20_POLY1305_SUPPORT != DISABLED)
111  #error ESP_CHACHA20_POLY1305_SUPPORT parameter is not valid
112 #endif
113 
114 //CMAC integrity support
115 #ifndef ESP_CMAC_SUPPORT
116  #define ESP_CMAC_SUPPORT DISABLED
117 #elif (ESP_CMAC_SUPPORT != ENABLED && ESP_CMAC_SUPPORT != DISABLED)
118  #error ESP_CMAC_SUPPORT parameter is not valid
119 #endif
120 
121 //HMAC integrity support
122 #ifndef ESP_HMAC_SUPPORT
123  #define ESP_HMAC_SUPPORT ENABLED
124 #elif (ESP_HMAC_SUPPORT != ENABLED && ESP_HMAC_SUPPORT != DISABLED)
125  #error ESP_HMAC_SUPPORT parameter is not valid
126 #endif
127 
128 //KMAC128 integrity support (experimental)
129 #ifndef ESP_KMAC128_SUPPORT
130  #define ESP_KMAC128_SUPPORT DISABLED
131 #elif (ESP_KMAC128_SUPPORT != ENABLED && ESP_KMAC128_SUPPORT != DISABLED)
132  #error ESP_KMAC128_SUPPORT parameter is not valid
133 #endif
134 
135 //KMAC256 integrity support (experimental)
136 #ifndef ESP_KMAC256_SUPPORT
137  #define ESP_KMAC256_SUPPORT DISABLED
138 #elif (ESP_KMAC256_SUPPORT != ENABLED && ESP_KMAC256_SUPPORT != DISABLED)
139  #error ESP_KMAC256_SUPPORT parameter is not valid
140 #endif
141 
142 //IDEA cipher support (insecure)
143 #ifndef ESP_IDEA_SUPPORT
144  #define ESP_IDEA_SUPPORT DISABLED
145 #elif (ESP_IDEA_SUPPORT != ENABLED && ESP_IDEA_SUPPORT != DISABLED)
146  #error ESP_IDEA_SUPPORT parameter is not valid
147 #endif
148 
149 //DES cipher support (insecure)
150 #ifndef ESP_DES_SUPPORT
151  #define ESP_DES_SUPPORT DISABLED
152 #elif (ESP_DES_SUPPORT != ENABLED && ESP_DES_SUPPORT != DISABLED)
153  #error ESP_DES_SUPPORT parameter is not valid
154 #endif
155 
156 //Triple DES cipher support (weak)
157 #ifndef ESP_3DES_SUPPORT
158  #define ESP_3DES_SUPPORT DISABLED
159 #elif (ESP_3DES_SUPPORT != ENABLED && ESP_3DES_SUPPORT != DISABLED)
160  #error ESP_3DES_SUPPORT parameter is not valid
161 #endif
162 
163 //AES 128-bit cipher support
164 #ifndef ESP_AES_128_SUPPORT
165  #define ESP_AES_128_SUPPORT ENABLED
166 #elif (ESP_AES_128_SUPPORT != ENABLED && ESP_AES_128_SUPPORT != DISABLED)
167  #error ESP_AES_128_SUPPORT parameter is not valid
168 #endif
169 
170 //AES 192-bit cipher support
171 #ifndef ESP_AES_192_SUPPORT
172  #define ESP_AES_192_SUPPORT ENABLED
173 #elif (ESP_AES_192_SUPPORT != ENABLED && ESP_AES_192_SUPPORT != DISABLED)
174  #error ESP_AES_192_SUPPORT parameter is not valid
175 #endif
176 
177 //AES 256-bit cipher support
178 #ifndef ESP_AES_256_SUPPORT
179  #define ESP_AES_256_SUPPORT ENABLED
180 #elif (ESP_AES_256_SUPPORT != ENABLED && ESP_AES_256_SUPPORT != DISABLED)
181  #error ESP_AES_256_SUPPORT parameter is not valid
182 #endif
183 
184 //Camellia 128-bit cipher support
185 #ifndef ESP_CAMELLIA_128_SUPPORT
186  #define ESP_CAMELLIA_128_SUPPORT DISABLED
187 #elif (ESP_CAMELLIA_128_SUPPORT != ENABLED && ESP_CAMELLIA_128_SUPPORT != DISABLED)
188  #error ESP_CAMELLIA_128_SUPPORT parameter is not valid
189 #endif
190 
191 //Camellia 192-bit cipher support
192 #ifndef ESP_CAMELLIA_192_SUPPORT
193  #define ESP_CAMELLIA_192_SUPPORT DISABLED
194 #elif (ESP_CAMELLIA_192_SUPPORT != ENABLED && ESP_CAMELLIA_192_SUPPORT != DISABLED)
195  #error ESP_CAMELLIA_192_SUPPORT parameter is not valid
196 #endif
197 
198 //Camellia 256-bit cipher support
199 #ifndef ESP_CAMELLIA_256_SUPPORT
200  #define ESP_CAMELLIA_256_SUPPORT DISABLED
201 #elif (ESP_CAMELLIA_256_SUPPORT != ENABLED && ESP_CAMELLIA_256_SUPPORT != DISABLED)
202  #error ESP_CAMELLIA_256_SUPPORT parameter is not valid
203 #endif
204 
205 //SM4 cipher support (experimental)
206 #ifndef ESP_SM4_SUPPORT
207  #define ESP_SM4_SUPPORT DISABLED
208 #elif (ESP_SM4_SUPPORT != ENABLED && ESP_SM4_SUPPORT != DISABLED)
209  #error ESP_SM4_SUPPORT parameter is not valid
210 #endif
211 
212 //MD5 hash support (insecure)
213 #ifndef ESP_MD5_SUPPORT
214  #define ESP_MD5_SUPPORT DISABLED
215 #elif (ESP_MD5_SUPPORT != ENABLED && ESP_MD5_SUPPORT != DISABLED)
216  #error ESP_MD5_SUPPORT parameter is not valid
217 #endif
218 
219 //SHA-1 hash support (weak)
220 #ifndef ESP_SHA1_SUPPORT
221  #define ESP_SHA1_SUPPORT ENABLED
222 #elif (ESP_SHA1_SUPPORT != ENABLED && ESP_SHA1_SUPPORT != DISABLED)
223  #error ESP_SHA1_SUPPORT parameter is not valid
224 #endif
225 
226 //SHA-256 hash support
227 #ifndef ESP_SHA256_SUPPORT
228  #define ESP_SHA256_SUPPORT ENABLED
229 #elif (ESP_SHA256_SUPPORT != ENABLED && ESP_SHA256_SUPPORT != DISABLED)
230  #error ESP_SHA256_SUPPORT parameter is not valid
231 #endif
232 
233 //SHA-384 hash support
234 #ifndef ESP_SHA384_SUPPORT
235  #define ESP_SHA384_SUPPORT ENABLED
236 #elif (ESP_SHA384_SUPPORT != ENABLED && ESP_SHA384_SUPPORT != DISABLED)
237  #error ESP_SHA384_SUPPORT parameter is not valid
238 #endif
239 
240 //SHA-512 hash support
241 #ifndef ESP_SHA512_SUPPORT
242  #define ESP_SHA512_SUPPORT ENABLED
243 #elif (ESP_SHA512_SUPPORT != ENABLED && ESP_SHA512_SUPPORT != DISABLED)
244  #error ESP_SHA512_SUPPORT parameter is not valid
245 #endif
246 
247 //SHA3-256 hash support (experimental)
248 #ifndef ESP_SHA3_256_SUPPORT
249  #define ESP_SHA3_256_SUPPORT DISABLED
250 #elif (ESP_SHA3_256_SUPPORT != ENABLED && ESP_SHA3_256_SUPPORT != DISABLED)
251  #error ESP_SHA3_256_SUPPORT parameter is not valid
252 #endif
253 
254 //SHA3-384 hash support (experimental)
255 #ifndef ESP_SHA3_384_SUPPORT
256  #define ESP_SHA3_384_SUPPORT DISABLED
257 #elif (ESP_SHA3_384_SUPPORT != ENABLED && ESP_SHA3_384_SUPPORT != DISABLED)
258  #error ESP_SHA3_384_SUPPORT parameter is not valid
259 #endif
260 
261 //SHA3-512 hash support (experimental)
262 #ifndef ESP_SHA3_512_SUPPORT
263  #define ESP_SHA3_512_SUPPORT DISABLED
264 #elif (ESP_SHA3_512_SUPPORT != ENABLED && ESP_SHA3_512_SUPPORT != DISABLED)
265  #error ESP_SHA3_512_SUPPORT parameter is not valid
266 #endif
267 
268 //SM3 hash support (experimental)
269 #ifndef ESP_SM3_SUPPORT
270  #define ESP_SM3_SUPPORT DISABLED
271 #elif (ESP_SM3_SUPPORT != ENABLED && ESP_SM3_SUPPORT != DISABLED)
272  #error ESP_SM3_SUPPORT parameter is not valid
273 #endif
274 
275 //Size of the buffer for input/output operations
276 #ifndef ESP_BUFFER_SIZE
277  #define ESP_BUFFER_SIZE 2048
278 #elif (ESP_BUFFER_SIZE < 256)
279  #error ESP_BUFFER_SIZE parameter is not valid
280 #endif
281 
282 //Maximum digest size
283 #if (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA512_SUPPORT == ENABLED)
284  #define ESP_MAX_DIGEST_SIZE 64
285 #elif (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA384_SUPPORT == ENABLED)
286  #define ESP_MAX_DIGEST_SIZE 48
287 #elif (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA256_SUPPORT == ENABLED)
288  #define ESP_MAX_DIGEST_SIZE 32
289 #else
290  #define ESP_MAX_DIGEST_SIZE 12
291 #endif
292 
293 //Maximum size of the ICV field
294 #if (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA512_SUPPORT == ENABLED)
295  #define ESP_MAX_ICV_SIZE 32
296 #elif (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA384_SUPPORT == ENABLED)
297  #define ESP_MAX_ICV_SIZE 24
298 #elif (ESP_HMAC_SUPPORT == ENABLED && ESP_SHA256_SUPPORT == ENABLED)
299  #define ESP_MAX_ICV_SIZE 16
300 #else
301  #define ESP_MAX_ICV_SIZE 12
302 #endif
303 
304 //C++ guard
305 #ifdef __cplusplus
306 extern "C" {
307 #endif
308 
309 //CC-RX, CodeWarrior or Win32 compiler?
310 #if defined(__CCRX__)
311  #pragma pack
312 #elif defined(__CWCC__) || defined(_WIN32)
313  #pragma pack(push, 1)
314 #endif
315 
316 
317 /**
318  * @brief ESP header
319  **/
320 
321 typedef __packed_struct
322 {
323  uint32_t spi; //0-3
324  uint32_t seqNum; //4-7
325  uint8_t payloadData[]; //8
326 } EspHeader;
327 
328 
329 /**
330  * @brief ESP trailer
331  **/
332 
333 typedef __packed_struct
334 {
335  uint8_t padLength; //0
336  uint8_t nextHeader; //1
337  uint8_t icv[]; //2
338 } EspTrailer;
339 
340 
341 //CC-RX, CodeWarrior or Win32 compiler?
342 #if defined(__CCRX__)
343  #pragma unpack
344 #elif defined(__CWCC__) || defined(_WIN32)
345  #pragma pack(pop)
346 #endif
347 
348 //ESP related functions
349 error_t ipv4ProcessEspHeader(NetInterface *interface,
350  const Ipv4Header *ipv4Header, const NetBuffer *buffer, size_t offset,
351  NetRxAncillary *ancillary);
352 
353 void espDumpHeader(const EspHeader *espHeader);
354 
355 //C++ guard
356 #ifdef __cplusplus
357 }
358 #endif
359 
360 #endif
seqNum
uint32_t seqNum
Definition: esp.h:324
Ipv4Header
#define Ipv4Header
Definition: ipv4.h:36
spi
uint32_t spi
Definition: ah.h:196
NetBuffer
Structure describing a buffer that spans multiple chunks.
Definition: net_mem.h:89
espDumpHeader
void espDumpHeader(const EspHeader *espHeader)
Dump ESP header for debugging purpose.
Definition: esp.c:301
__packed_struct
typedef __packed_struct
ESP header.
Definition: esp.h:322
icv
uint8_t icv[]
Definition: esp.h:337
error_t
error_t
Error codes.
Definition: error.h:43
nextHeader
uint8_t nextHeader
Definition: esp.h:336
NetRxAncillary
#define NetRxAncillary
Definition: net_misc.h:40
NetInterface
#define NetInterface
Definition: net.h:36
EspTrailer
EspTrailer
Definition: esp.h:338
payloadData
uint8_t payloadData[]
Definition: esp.h:325
EspHeader
EspHeader
Definition: esp.h:326
ipsec.h
IPsec (IP security)
ipv4ProcessEspHeader
error_t ipv4ProcessEspHeader(NetInterface *interface, const Ipv4Header *ipv4Header, const NetBuffer *buffer, size_t offset, NetRxAncillary *ancillary)
Process ESP protected packet.
Definition: esp.c:61