Documentation/networking/tcp_ao.rst

Source file repositories/reference/linux-study-clean/Documentation/networking/tcp_ao.rst

File Facts

System
Linux kernel
Corpus path
Documentation/networking/tcp_ao.rst
Extension
.rst
Size
23684 bytes
Lines
470
Domain
Support Tooling And Documentation
Bucket
Documentation
Inferred role
Support Tooling And Documentation: documentation
Status
atlas-only

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

.. SPDX-License-Identifier: GPL-2.0

========================================================
TCP Authentication Option Linux implementation (RFC5925)
========================================================

TCP Authentication Option (TCP-AO) provides a TCP extension aimed at verifying
segments between trusted peers. It adds a new TCP header option with
a Message Authentication Code (MAC). MACs are produced from the content
of a TCP segment using a key known to both peers.
The intent of TCP-AO is to deprecate TCP-MD5 providing better security,
key rotation and support for a variety of MAC algorithms.

1. Introduction
===============

.. table:: Short and Limited Comparison of TCP-AO and TCP-MD5

 +----------------------+------------------------+-----------------------+
 |                      |       TCP-MD5          |         TCP-AO        |
 +======================+========================+=======================+
 |Supported MAC         |MD5 of data and key     |HMAC-SHA-1-96 and      |
 |algorithms            |(cryptographically weak)|AES-128-CMAC-96.       |
 |                      |                        |Implementations are    |
 |                      |                        |permitted to support   |
 |                      |                        |additional algorithms. |
 +----------------------+------------------------+-----------------------+
 |Length of MACs (bytes)|16                      |12 for HMAC-SHA-1-96   |
 |                      |                        |and AES-128-CMAC-96.   |
 |                      |                        |Implementations are    |
 |                      |                        |permitted to support   |
 |                      |                        |any MAC length that    |
 |                      |                        |fits in the TCP header.|
 +----------------------+------------------------+-----------------------+
 |Number of keys per    |1                       |Many                   |
 |TCP connection        |                        |                       |
 +----------------------+------------------------+-----------------------+
 |Possibility to change |Non-practical (both     |Supported by protocol  |
 |an active key         |peers have to change    |                       |
 |                      |them during MSL)        |                       |
 +----------------------+------------------------+-----------------------+
 |Protection against    |No                      |Yes: ignoring them     |
 |ICMP 'hard errors'    |                        |by default on          |
 |                      |                        |established connections|
 +----------------------+------------------------+-----------------------+
 |Protection against    |No                      |Yes: pseudo-header     |
 |traffic-crossing      |                        |includes TCP ports.    |
 |attack                |                        |                       |
 +----------------------+------------------------+-----------------------+
 |Protection against    |No                      |Sequence Number        |
 |replayed TCP segments |                        |Extension (SNE) and    |
 |                      |                        |Initial Sequence       |
 |                      |                        |Numbers (ISNs)         |
 +----------------------+------------------------+-----------------------+
 |Supports              |Yes                     |No. ISNs+SNE are needed|
 |Connectionless Resets |                        |to correctly sign RST. |
 +----------------------+------------------------+-----------------------+
 |Standards             |RFC 2385                |RFC 5925, RFC 5926     |
 +----------------------+------------------------+-----------------------+


1.1 Frequently Asked Questions (FAQ) with references to RFC 5925
----------------------------------------------------------------

Q: Can either SendID or RecvID be non-unique for the same 4-tuple
(srcaddr, srcport, dstaddr, dstport)?

A: No [3.1]::

   >> The IDs of MKTs MUST NOT overlap where their TCP connection

Annotation

Implementation Notes