blob: 9d1a6e28e8ab85f3c04756357abb35f1b8bade98 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2002-2003 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _SYS_IPHADA_H
#define _SYS_IPHADA_H
#pragma ident "%Z%%M% %I% %E% SMI"
#ifdef __cplusplus
extern "C" {
#endif
#define DA_ICV_MAX_LEN 128 /* max ICV length [bytes] */
/*
* iphada.h header for IP Hardware Acceleration Data Attributes
*
* This is a contract private interface for use by the Sun
* Hardware Accelerated Ethernet driver ONLY.
*/
typedef struct da_ipsec {
int da_type; /* M_CTL message ident */
int da_flag;
uint32_t da_icv_len; /* da_icv length in bytes */
uchar_t da_icv[DA_ICV_MAX_LEN]; /* ICV for AH or ESP+auth */
} da_ipsec_t;
#define IPHADA_M_CTL 0xA1D53DE5u
/*
* IPSec algorithms capabilities (cip_data in dl_capab_ipsec_t)
*/
typedef struct {
t_uscalar_t alg_type;
t_uscalar_t alg_prim; /* algorithm primitive */
t_uscalar_t alg_thruput; /* approx throughput metric in Mb/s */
t_uscalar_t alg_flag; /* flags */
t_uscalar_t alg_minbits; /* minimum key len in bits */
t_uscalar_t alg_maxbits; /* maximum key len in bits */
t_uscalar_t alg_incrbits; /* key len increment in bits */
} dl_capab_ipsec_alg_t;
/*
* IPSec sub-capability (follows dl_capability_sub_t)
*/
typedef struct {
t_uscalar_t cip_version; /* interface version */
t_uscalar_t cip_nciphers; /* number ciphers supported */
dl_capab_ipsec_alg_t cip_data[1]; /* data */
} dl_capab_ipsec_t;
/*
* Algorithm types (alg_type field of dl_capab_ipsec_alg_t)
*/
#define DL_CAPAB_IPSEC_ALG_AUTH 0x01 /* authentication alg. */
#define DL_CAPAB_IPSEC_ALG_ENCR 0x02 /* encryption alg. */
/* alg_prim ciphers */
#define DL_CAPAB_IPSEC_ENCR_DES 0x02
#define DL_CAPAB_IPSEC_ENCR_3DES 0x03
#define DL_CAPAB_IPSEC_ENCR_BLOWFISH 0x07
#define DL_CAPAB_IPSEC_ENCR_NULL 0x0b /* no encryption */
#define DL_CAPAB_IPSEC_ENCR_AES 0x0c
/* alg_prim authentications */
#define DL_CAPAB_IPSEC_AUTH_NONE 0x00 /* no authentication */
#define DL_CAPAB_IPSEC_AUTH_MD5HMAC 0x02
#define DL_CAPAB_IPSEC_AUTH_SHA1HMAC 0x03
/* alg_flag values */
#define DL_CAPAB_ALG_ENABLE 0x01 /* enable this algorithm */
/*
* For DL_CT_IPSEC_AH and DL_CT_IPSEC_ESP, the optional dl_key data
* that follows the dl_control_req_t or dl_control_ack_t will be the IPsec
* SPI (Security Parameters Index) value and the destination address.
* This is defined as being unique per protocol.
*/
#define DL_CTL_IPSEC_ADDR_LEN 16 /* IP addr length in bytes */
typedef struct dl_ct_ipsec_key {
uint32_t dl_key_spi; /* Security Parameters Index value */
uchar_t dl_key_dest_addr[DL_CTL_IPSEC_ADDR_LEN]; /* dest IP address */
uint32_t dl_key_addr_family; /* family of dest IP address */
/* (AF_INET or AF_INET6) */
} dl_ct_ipsec_key_t;
#define DL_CT_IPSEC_MAX_KEY_LEN 512 /* max key length in bytes */
/*
* Possible flags for sadb_sa_flags.
*/
#define DL_CT_IPSEC_INBOUND 0x01 /* SA can be used for inbound pkts */
#define DL_CT_IPSEC_OUTBOUND 0x02 /* SA can be used for outbound pkts */
/*
* minimal SADB entry content
* fields are defined as per RFC 2367 and <net/pfkeyv2.h>
* This defines the content and format of the dl_data portion of
* the dl_control_req_t or dl_control_ack_t.
*/
typedef struct dl_ct_ipsec {
uint8_t sadb_sa_auth; /* Authentication algorithm */
uint8_t sadb_sa_encrypt; /* Encryption algorithm */
uint32_t sadb_sa_flags; /* SA flags. */
uint16_t sadb_key_len_a; /* auth key length in bytes */
uint16_t sadb_key_bits_a; /* auth key length in bits */
uint16_t sadb_key_data_a[DL_CT_IPSEC_MAX_KEY_LEN]; /* key data */
uint16_t sadb_key_len_e; /* encr key length in bytes */
uint16_t sadb_key_bits_e; /* encr key length in bits */
uint16_t sadb_key_data_e[DL_CT_IPSEC_MAX_KEY_LEN]; /* key data */
} dl_ct_ipsec_t;
#ifdef __cplusplus
}
#endif
#endif /* _SYS_IPHADA_H */
|
