We have implemented the Secure TCP on a BSD/386 UNIX system for the IBM PC/AT platforms. We implemented only security service type 2.
In our implementation, all the files in tcp_input.c, tcp_output.c, tcp_subr.c , tcp_usrreq.c , tcp.hand in_pcb.h are modified to perform negotiation, data integrity and data confidentiality processes. Moreover, we added the re-entrant cipher module (DES and MD5) to the UNIX kernel.
In order to maintain the Secure TCP state transition and session keys for encryption/decryption processes, we define the STCPCB (Secure TCP Control Block) data structure. This data structure is prepared for each Secure TCP connections. In this STCPCB, the transmitted TCP segments are kept for segment retransmissions, while the plaintext is kept in the original TCPCB. This implementation helps to retransmit the TCP segment quickly, because the recalculation of MAC and the encryption of the original TCP segment data is eliminated in the retransmission procedure.