2.2.70 FW_PHASE1_CRYPTO_SUITE

  • Article

This structure describes an IPsec Phase 1 (or main mode) cryptographic suite. A cryptographic suite is a proposal of a set of algorithms and parameters that specify how different types of enforcement and protection are suggested to be performed. 

 typedef struct _tag_FW_PHASE1_CRYPTO_SUITE {
   [range(FW_CRYPTO_KEY_EXCHANGE_NONE, FW_CRYPTO_KEY_EXCHANGE_MAX-1)] 
     FW_CRYPTO_KEY_EXCHANGE_TYPE KeyExchange;
   [range(FW_CRYPTO_ENCRYPTION_NONE+1, FW_CRYPTO_ENCRYPTION_MAX-1)] 
     FW_CRYPTO_ENCRYPTION_TYPE Encryption;
   [range(FW_CRYPTO_HASH_NONE+1, FW_CRYPTO_HASH_MAX-1)] 
     FW_CRYPTO_HASH_TYPE Hash;
   unsigned long dwP1CryptoSuiteFlags;
 } FW_PHASE1_CRYPTO_SUITE,
  *PFW_PHASE1_CRYPTO_SUITE;

KeyExchange: This field is of type FW_CRYPTO_KEY_EXCHANGE_TYPE. It specifies the key exchange algorithm for this suite proposal.

Encryption: This field is of type FW_CRYPTO_ENCRYPTION_TYPE. It specifies the encryption algorithm for this suite proposal.

Hash: This field is of type FW_CRYPTO_HASH_TYPE. It specifies the hash (integrity protection) algorithm for this suite proposal.

dwP1CryptoSuiteFlags: This is a reserved value and is not used. It MUST be set to 0x00000000.