IPSEC_OFFLOAD_V2_ALGORITHM_INFO - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
// ndis.h
typedef struct _IPSEC_OFFLOAD_V2_ALGORITHM_INFO {
ULONG Identifier;
ULONG KeyLength;
ULONG KeyOffsetBytes;
ULONG AdditionalInfo;
} IPSEC_OFFLOAD_V2_ALGORITHM_INFO, *PIPSEC_OFFLOAD_V2_ALGORITHM_INFO;
View the official Windows Driver Kit DDI referenceNo description available.
[The IPsec Task Offload feature is deprecated and should not be used.]
The IPSEC_OFFLOAD_V2_ALGORITHM_INFO structure specifies an algorithm that is used for a security association (SA).
IdentifierThe encryption or authentication algorithm that is used for the SA.
If the algorithm is an encryption algorithm, Identifier can be any of the following values:
Specifies no confidentiality algorithm. This value is used for null encryption--that is, when a packet is not encrypted but does include ESP authentication information.
Specifies the DES algorithm for encrypting and decrypting ESP payloads.
Specifies the triple-DES algorithm for encrypting and decrypting ESP payloads.
Specifies the AES-GCM 128 algorithm for encrypting and computing a cryptographic checksum or decrypting and validating a cryptographic checksum for an ESP payload. Note that this is a combined mode algorithm.
Specifies the AES-GCM 192 algorithm for encrypting and computing a cryptographic checksum or decrypting and validating a cryptographic checksum for an ESP payload. Note that this is a combined mode algorithm.
Specifies the AES-GCM 256 algorithm for encrypting and computing a cryptographic checksum or decrypting and validating a cryptographic checksum for an ESP payload. Note that this is a combined mode algorithm.
Specifies the Advanced Encryption Standard - cipher-block chaining mode (AES-CBC) 128 algorithm for encrypting and decrypting ESP payloads.
Specifies the AES-CBC 192 algorithm for encrypting and decrypting ESP payloads.
Specifies the AES-CBC 256 algorithm for encrypting and decrypting ESP payloads.
If the algorithm is an authentication algorithm, Identifier can be one of the following values:
Specifies the keyed message digest 5 (MD5) algorithm for computing or validating a cryptographic checksum.
Specifies the secure hash algorithm (SHA) 1 algorithm for computing or validating a cryptographic checksum.
Specifies the SHA 256 algorithm for computing or validating a cryptographic checksum.
Specifies the Advanced Encryption Standard - Galois/Counter Mode (AES- GMAC) 128 algorithm for computing or validating a cryptographic checksum.
Specifies the AES- GMAC 192 algorithm for computing or validating a cryptographic checksum.
Specifies the AES- GMAC 256 algorithm for computing or validating a cryptographic checksum.
KeyLengthThe length, in bytes, of the key for the algorithm. The key is contained in the array at the KeyData member in the IPSEC_OFFLOAD_V2_ADD_SA structure.
KeyLength indicates the length of the cryptographic algorithm, starting at the offset that is specified in KeyOffsetBytes .
If both algorithms ( AuthenticationAlgorithm and EncryptionAlgorithm ) are specified in IPSEC_OFFLOAD_V2_SECURITY_ASSOCIATION, the keys are concatenated. The respective keys start at the offset that is specified in KeyOffsetBytes .
KeyOffsetBytesThe offset, in bytes, into in the array at the KeyData member in the IPSEC_OFFLOAD_V2_ADD_SA structure.
AdditionalInfoAdditional information that should be interpreted differently based on the algorithm. For AES-GCM, AdditionalInfo contains the ICV length.
The IPSEC_OFFLOAD_V2_ALGORITHM_INFO structure specifies algorithm information in the EncryptionAlgorithm and AuthenticationAlgorithm members of the IPSEC_OFFLOAD_V2_SECURITY_ASSOCIATION structure.
IPSEC_OFFLOAD_V2_SECURITY_ASSOCIATION