2. Authentication Header Format
The protocol header (IPv4, IPv6, or IPv6 Extension) immediately preceding the AH header SHALL contain the value 51 in its Protocol (IPv4) or Next Header (IPv6, Extension) fields [DH98]. Figure 1 illustrates the format for AH.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Header | Payload Len | RESERVED |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Security Parameters Index (SPI) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number Field |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Integrity Check Value-ICV (variable) |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 1. AH Format
The following table refers to the fields that comprise AH, (illustrated in Figure 1), plus other fields included in the integrity computation, and illustrates which fields are covered by the ICV and what is transmitted.
| Field | # of bytes | Requ'd [1] | Integ Covers | What is Xmtd |
|---|---|---|---|---|
| IP Header | variable | M | [2] | plain |
| Next Header | 1 | M | Y | plain |
| Payload Len | 1 | M | Y | plain |
| RESERVED | 2 | M | Y | plain |
| SPI | 4 | M | Y | plain |
| Seq# (low-order 32 bits) | 4 | M | Y | plain |
| ICV | variable | M | Y[3] | plain |
| IP datagram [4] | variable | M | Y | plain |
| Seq# (high-order 32 bits) | 4 | if ESN | Y | not xmtd |
| ICV Padding | variable | if need | Y | not xmtd |
[1] - M = mandatory
[2] - See Section 3.3.3, "Integrity Check Value Calculation", for details of which IP header fields are covered.
[3] - Zeroed before ICV calculation (resulting ICV placed here after calculation)
[4] - If tunnel mode -> IP datagram
If transport mode -> next header and data
The following subsections define the fields that comprise the AH format. All the fields described here are mandatory; i.e., they are always present in the AH format and are included in the Integrity Check Value (ICV) computation (see Sections 2.6 and 3.3.3).
Note: All of the cryptographic algorithms used in IPsec expect their input in canonical network byte order (see Appendix of RFC 791 [RFC791]) and generate their output in canonical network byte order. IP packets are also transmitted in network byte order.
AH does not contain a version number, therefore if there are concerns about backward compatibility, they MUST be addressed by using a signaling mechanism between the two IPsec peers to ensure compatible versions of AH, e.g., IKE [IKEv2] or an out-of-band configuration mechanism.