Share via

2.2.81 FW_PHASE1_SA_DETAILS

  • Article

This structure represents a security association that is established after the main mode negotiations take place; it contains the selected algorithms to enforce IPsec and the methods and results of the authentication process.

 typedef struct _tag_FW_PHASE1_SA_DETAILS {
   unsigned __int64 SaId;
   [range( FW_PHASE1_KEY_MODULE_INVALID+1,FW_PHASE1_KEY_MODULE_MAX-1)] 
     FW_PHASE1_KEY_MODULE_TYPE KeyModuleType;
   FW_ENDPOINTS Endpoints;
   FW_PHASE1_CRYPTO_SUITE SelectedProposal;
   unsigned long dwProposalLifetimeKBytes;
   unsigned long dwProposalLifetimeMinutes;
   unsigned long dwProposalMaxNumPhase2;
   FW_COOKIE_PAIR CookiePair;
   PFW_AUTH_INFO pFirstAuth;
   PFW_AUTH_INFO pSecondAuth;
   unsigned long dwP1SaFlags;
 } FW_PHASE1_SA_DETAILS,
  *PFW_PHASE1_SA_DETAILS;

SaId: A 64-bit integer that uniquely identifies the security association.

KeyModuleType: The keying protocol used, IKE or AuthIP. The field MUST contain only a value from the FW_PHASE1_KEY_MODULE_TYPE enumeration.

Endpoints: This field contains IP address information of the two endpoints that established this security association. An address of zero means the security association applies to any endpoint.

SelectedProposal: This is the Phase1 cryptographic suite that was selected by the negotiation of the keying protocol.

dwProposalLifetimeKBytes: Currently not supported.

dwProposalLifetimeMinutes: This field specifies the lifetime in minutes of this security association before a rekey MUST happen.

dwProposalMaxNumPhase2: This field specifies the number of Phase2 (quick mode) negotiations (rekeys) that can happen before this security association MUST be renegotiated.

CookiePair: This value is used for diagnostics.

pFirstAuth: A pointer to an FW_AUTH_INFO structure that contains the information that resulted from the method negotiated and used for first authentication. This pointer MUST NOT be null.

pSecondAuth: A pointer to an FW_AUTH_INFO structure that contains the information that resulted from the method negotiated and used for second authentication. If the field is NULL, the second authentication was not performed.

dwP1SaFlags: Reserved value and not currently used. It MUST be set to 0.