Struct ipsec_parser::IkeV2Proposal

pub struct IkeV2Proposal<'a> {
    pub last: u8,
    pub reserved: u8,
    pub proposal_length: u16,
    pub proposal_num: u8,
    pub protocol_id: ProtocolID,
    pub spi_size: u8,
    pub num_transforms: u8,
    pub spi: Option<&'a [u8]>,
    pub transforms: Vec<IkeV2RawTransform<'a>>,
}

Ciphersuite Proposal

The Proposal structure contains within it a Proposal Num and an IPsec protocol ID. Each structure MUST have a proposal number one (1) greater than the previous structure. The first Proposal in the initiator's SA payload MUST have a Proposal Num of one (1). One reason to use multiple proposals is to propose both standard crypto ciphers and combined-mode ciphers. Combined-mode ciphers include both integrity and encryption in a single encryption algorithm, and MUST either offer no integrity algorithm or a single integrity algorithm of "NONE", with no integrity algorithm being the RECOMMENDED method. If an initiator wants to propose both combined- mode ciphers and normal ciphers, it must include two proposals: one will have all the combined-mode ciphers, and the other will have all the normal ciphers with the integrity algorithms. For example, one such proposal would have two proposal structures. Proposal 1 is ESP with AES-128, AES-192, and AES-256 bits in Cipher Block Chaining (CBC) mode, with either HMAC-SHA1-96 or XCBC-96 as the integrity algorithm; Proposal 2 is AES-128 or AES-256 in GCM mode with an 8-octet Integrity Check Value (ICV). Both proposals allow but do not require the use of ESNs (Extended Sequence Numbers). This can be illustrated as:

SA Payload
   |
   +--- Proposal #1 ( Proto ID = ESP(3), SPI size = 4,
   |     |            7 transforms,      SPI = 0x052357bb )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 128 )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 192 )
   |     |
   |     +-- Transform ENCR ( Name = ENCR_AES_CBC )
   |     |     +-- Attribute ( Key Length = 256 )
   |     |
   |     +-- Transform INTEG ( Name = AUTH_HMAC_SHA1_96 )
   |     +-- Transform INTEG ( Name = AUTH_AES_XCBC_96 )
   |     +-- Transform ESN ( Name = ESNs )
   |     +-- Transform ESN ( Name = No ESNs )
   |
   +--- Proposal #2 ( Proto ID = ESP(3), SPI size = 4,
         |            4 transforms,      SPI = 0x35a1d6f2 )
         |
         +-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
         |     +-- Attribute ( Key Length = 128 )
         |
         +-- Transform ENCR ( Name = AES-GCM with a 8 octet ICV )
         |     +-- Attribute ( Key Length = 256 )
         |
         +-- Transform ESN ( Name = ESNs )
         +-- Transform ESN ( Name = No ESNs )

Each Proposal/Protocol structure is followed by one or more transform structures. The number of different transforms is generally determined by the Protocol. AH generally has two transforms: Extended Sequence Numbers (ESNs) and an integrity check algorithm. ESP generally has three: ESN, an encryption algorithm, and an integrity check algorithm. IKE generally has four transforms: a Diffie-Hellman group, an integrity check algorithm, a PRF algorithm, and an encryption algorithm. For each Protocol, the set of permissible transforms is assigned Transform ID numbers, which appear in the header of each transform.

Defined in RFC7296 section 3.3.1

Fields

last: u8

reserved: u8

proposal_length: u16

proposal_num: u8

protocol_id: ProtocolID

spi_size: u8

num_transforms: u8

spi: Option<&'a [u8]>

transforms: Vec<IkeV2RawTransform<'a>>

Trait Implementations

impl<'a> Clone for IkeV2Proposal<'a>

pub fn clone(&self) -> IkeV2Proposal<'a>

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for IkeV2Proposal<'a>

pub fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> PartialEq<IkeV2Proposal<'a>> for IkeV2Proposal<'a>

pub fn eq(&self, other: &IkeV2Proposal<'a>) -> bool

This method tests for self and other values to be equal, and is used by ==.

pub fn ne(&self, other: &IkeV2Proposal<'a>) -> bool

This method tests for !=.

impl<'a> StructuralPartialEq for IkeV2Proposal<'a>