SPECIFICATION
For outgoing messages, the SHA protocol calculates a 20 byte checksum
and pushes it onto the front of the message. For incoming messages,
a 20 byte checksum is popped from the front of the message, and
compared against the computed checksum of the rest of the message.
No special action is taken when the compare fails; the shortened
message is passed on as usual to the next higher protocol.
If tracing is enabled, a message is printed when the compare fails.
There is an option to use an implicit prefix at the front of each
packet when computing the checksum; separate prefixes may be used
for incoming and outgoing packets.
The checksum algorithm is NIST's Secure Hash Algorithm, intended for use with the NIST Digital Signature Standard. It is believed to have various good cryptographic qualities.
REALM
SHA is in the ASYNC realm.
PARTICIPANTS
SHA passes participants to the lower protocols without manipulating them.
CONTROL OPERATIONS
SHA recognizes the following control operations; all others are passed
unchanged to the lower protocol or session.
GETMAXPACKET and GETOPTPACKET: The packet size returned by the lower protocol/session is diminished by 20 bytes and passed on.
IP_PSEUDOHDR: This control operation turns on the IP pseudoheader length-fixup flag, either for a session or the entire protocol. The control operation is also passed to the lower session or protocol. See IP (page ) for an explanation of this kludge.
The PREFIX control operations apply only to sessions, not the protocol.
HASH_SETLOCALPREFIXsets the implicit prefix used in computing the checksum for each outgoing packet. The prefix may be reset as desired, or turned off by setting a prefix of length 0.
HASH_SETREMOTEPREFIXsets the implicit prefix for incoming packets.
HASH_SETPREFIXsets the implicit prefix for both directions.
CONFIGURATION
SHA expects to be configured on top of a transport protocol that
preserves packet boundaries (i.e. SHA will not work on top of TCP).
Example of a graph.comp file:
--------------------------------- @; name=simeth/0; name=eth protocols=simeth/0; name=arp protocols=eth; name=vnet protocols=eth,arp; name=ip protocols=vnet; name=sha protocols=ip; name=udp protocols=sha; name=udptest protocols=udp; @; prottbl = ../../../etc/prottbl.nonstd; ---------------------------------
AUTHOR
Richard Schroeppel