[][src]Struct ipsec_parser::IkeV2Proposal

pub struct IkeV2Proposal<'a> {
    pub last: u8,
    pub reserved: u8,
    pub proposal_length: u16,
    pub proposal_num: u8,
    pub protocol_id: ProtocolID,
    pub spi_size: u8,
    pub num_transforms: u8,
    pub spi: Option<&'a [u8]>,
    pub transforms: Vec<IkeV2RawTransform<'a>>,
}

Ciphersuite Proposal

The Proposal structure contains within it a Proposal Num and an IPsec protocol ID. Each structure MUST have a proposal number one (1) greater than the previous structure. The first Proposal in the initiator's SA payload MUST have a Proposal Num of one (1). One reason to use multiple proposals is to propose both standard crypto ciphers and combined-mode ciphers. Combined-mode ciphers include both integrity and encryption in a single encryption algorithm, and MUST either offer no integrity algorithm or a single integrity algorithm of "NONE", with no integrity algorithm being the RECOMMENDED method. If an initiator wants to propose both combined- mode ciphers and normal ciphers, it must include two proposals: one will have all the combined-mode ciphers, and the other will have all the normal ciphers with the integrity algorithms. For example, one such proposal would have two proposal structures. Proposal 1 is ESP with AES-128, AES-192, and AES-256 bits in Cipher Block Chaining (CBC) mode, with either HMAC-SHA1-96 or XCBC-96 as the integrity algorithm; Proposal 2 is AES-128 or AES-256 in GCM mode with an 8-octet Integrity Check Value (ICV). Both proposals allow but do not require the use of ESNs (Extended Sequence Numbers). This can be illustrated as:

This example is not tested
SA Payload
   |
   +--- Proposal #1 ( Proto ID = ESP(3), SPI size = 4,
   |     |            7 transforms,      SPI = 0x052357bb )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 128 )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 192 )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 256 )
   |     |
   |     +-- Transform INTEG ( Name = AUTH_HMAC_SHA1_96 )
   |     +-- Transform INTEG ( Name = AUTH_AES_XCBC_96 )
   |     +-- Transform ESN ( Name = ESNs )
   |     +-- Transform ESN ( Name = No ESNs )
   |
   +--- Proposal #2 ( Proto ID = ESP(3), SPI size = 4,
         |            4 transforms,      SPI = 0x35a1d6f2 )
         |
         +-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
         |     +-- Attribute ( Key Length = 128 )
         |
         +-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
         |     +-- Attribute ( Key Length = 256 )
         |
         +-- Transform ESN ( Name = ESNs )
         +-- Transform ESN ( Name = No ESNs )

Each Proposal/Protocol structure is followed by one or more transform structures. The number of different transforms is generally determined by the Protocol. AH generally has two transforms: Extended Sequence Numbers (ESNs) and an integrity check algorithm. ESP generally has three: ESN, an encryption algorithm, and an integrity check algorithm. IKE generally has four transforms: a Diffie-Hellman group, an integrity check algorithm, a PRF algorithm, and an encryption algorithm. For each Protocol, the set of permissible transforms is assigned Transform ID numbers, which appear in the header of each transform.

Defined in RFC7296 section 3.3.1

Fields

last: u8reserved: u8proposal_length: u16proposal_num: u8protocol_id: ProtocolIDspi_size: u8num_transforms: u8spi: Option<&'a [u8]>transforms: Vec<IkeV2RawTransform<'a>>

Trait Implementations

impl<'a> Clone for IkeV2Proposal<'a>[src]

fn clone_from(&mut self, source: &Self)
1.0.0
[src]

Performs copy-assignment from source. Read more

impl<'a> PartialEq<IkeV2Proposal<'a>> for IkeV2Proposal<'a>[src]

impl<'a> Debug for IkeV2Proposal<'a>[src]

Auto Trait Implementations

impl<'a> Send for IkeV2Proposal<'a>

impl<'a> Sync for IkeV2Proposal<'a>

Blanket Implementations

impl<T, U> Into for T where
    U: From<T>, [src]

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

impl<T> From for T[src]

impl<T, U> TryFrom for T where
    U: Into<T>, [src]

type Error = !

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

impl<T> Borrow for T where
    T: ?Sized[src]

impl<T, U> TryInto for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

🔬 This is a nightly-only experimental API. (try_from)

The type returned in the event of a conversion error.

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> BorrowMut for T where
    T: ?Sized[src]