[][src]Crate ipsec_parser

IPsec parsers

This crate contains several parsers using for IPsec. The most useful is the IKEv2 parser.

ESP is supported, but only to read the envelope of the payload.

Encapsulated ESP is supported, to differentiate between IKE and ESP headers.

IKEv2 parser

An IKEv2 (RFC7296) parser, implemented with the nom parser combinator framework.

The code is available on Github and is part of the Rusticata project.

To parse an IKE packet, first read the header using parse_ikev2_header, then use the type from the header to parse the remaining part:

use ipsec_parser::*;
use nom::IResult;

static IKEV2_INIT_RESP: &'static [u8] = include_bytes!("../assets/ike-sa-init-resp.bin");

fn test_ikev2_init_resp() {
    let bytes = IKEV2_INIT_RESP;
    match parse_ikev2_header(&bytes) {
        Ok( (rem, ref hdr) ) => {
            match parse_ikev2_payload_list(rem,hdr.next_payload) {
                Ok( (_, Ok(ref p)) ) => {
                    // p is a list of payloads
                    // first one is always dummy
                    assert!(p.len() > 0);
                    assert_eq!(p[0].content, IkeV2PayloadContent::Dummy);
                    for payload in p {
                        match payload.content {
                            IkeV2PayloadContent::SA(ref sa) => { /* .. */ },
                            _ => ()
                        }
                    }
                },
                e => { eprintln!("Parsing payload failed: {:?}", e); },
            }
        },
        _ => { eprintln!("Parsing header failed"); },
    }
}

Structs

AuthenticationMethod

Method of authentication used.

AuthenticationPayload

Authentication Payload

CertificateEncoding

Certificate Encoding

CertificatePayload

Certificate Payload

CertificateRequestPayload

Certificate Request Payload

DeletePayload

Delete Payload

ESPHeader

Encapsulating Security Payload Packet Format

IdentificationPayload

Identification Payloads

IdentificationType

Type of Identification

IkeExchangeType

Payload exchange type: SA, Auth, CreateChildSA, etc.

IkePayloadType

Payload type

IkeTransformAuthType

Authentication / Integrity values

IkeTransformDHType

Diffie-Hellman values

IkeTransformESNType

Extended Sequence Number values

IkeTransformEncType

Encryption values

IkeTransformPRFType

Pseudo-Random Function values

IkeTransformType

Transform (cryptographic algorithm) type

IkeV2Header

The IKE Header

IkeV2GenericPayload

Generic (unparsed payload)

IkeV2Proposal

Ciphersuite Proposal

IkeV2PayloadHeader

Generic Payload Header

IkeV2Payload

IKE Message Payload

IkeV2RawTransform

Raw representation of a transform (cryptographic algorithm) and parameters

KeyExchangePayload

Key Exchange Payload

NoncePayload

Nonce Payload

NotifyPayload

Notify Payload

NotifyType

Notify Message Type

ProtocolID

Protocol type: IKE, AH or ESP

TSType

Type of Traffic Selector

TrafficSelector

Traffic Selector

TrafficSelectorPayload

Traffic Selector Payload

VendorIDPayload

Vendor ID Payload

Enums

ESPData

UDP-encapsulated Packet Formats

IkeV2PayloadContent

IKE Message Payload Content

IkeV2Transform

IKEv2 Transform (cryptographic algorithm)

Constants

IKEV2_FLAG_INITIATOR
IKEV2_FLAG_VERSION
IKEV2_FLAG_RESPONSE

Functions

parse_esp_encapsulated

Parse an encapsulated ESP packet

parse_esp_header

Parse an ESP packet

parse_ikev2_header
parse_ikev2_payload_generic
parse_ikev2_transform
parse_ikev2_proposal
parse_ikev2_payload_sa
parse_ikev2_payload_kex
parse_ikev2_payload_ident_init
parse_ikev2_payload_ident_resp
parse_ikev2_payload_certificate
parse_ikev2_payload_certificate_request
parse_ikev2_payload_authentication
parse_ikev2_payload_nonce
parse_ikev2_payload_notify
parse_ikev2_payload_vendor_id
parse_ikev2_payload_delete
parse_ikev2_payload_ts
parse_ikev2_payload_ts_init
parse_ikev2_payload_ts_resp
parse_ikev2_payload_unknown
parse_ikev2_payload_with_type
parse_ikev2_payload_list
parse_ikev2_message

Parse an IKEv2 message