Поделиться через

3.4.5.1 Quick Mode First Exchange Response

  • Статья

Quick Mode First Exchange Response packet

Figure 8: Quick Mode First Exchange Response packet

If the initiator is not in Quick Mode Initiator First Packet Sent state, when the responder receives the above packet it MUST tear down the corresponding main mode security association (MM SA) if it can match the packet to an existing one, or silently discard the packet otherwise.

On receiving this packet when the initiator is in Quick Mode Initiator First Packet Sent state (see section 3.4.7.3), the initiator MUST verify that message is constructed as follows:

  • HDR: The ISAKMP header MUST be identical in format to the first IKE phase 2 initiator packet, as specified in [RFC2409] section 5.5, with this exception: the exchange type MUST be 243 (MM exchange type) for the first quick mode exchange under this main mode or 244 (quick mode exchange type) for any subsequent quick mode exchange. The Encrypted flag MUST be set.

  • The following payloads MUST be encapsulated in an encrypted Crypto payload. The Crypto payload MUST be verified to have been constructed in the following way:

    • The seqNUM field MUST be set to the current value of the main mode security association database (MMSAD) sequence number for the current exchange type, as specified in section 3.1.4.

    • The Initialization_Vector and Encrypted payload fields MUST be computed as specified in [RFC4303] section 2.3.

    • The Padding field MUST be computed as specified in [RFC4303] section 2.4.

    • The Integrity Checksum Data field MUST be computed as specified in [RFC4303] section 2.8, and MUST cover the ISAKMP header to the beginning of the Integrity Checksum Data. It MUST be computed using the HMAC of the hash algorithm that is negotiated in main mode. The default mechanism specified in [RFC4303] MUST be used to generate the pad contents.

  • HAuth2: The ISAKMP Hash payload that contains Auth2. Auth2 MUST be computed as specified in section 3.1.7.4.

  • IDi, IDr, SA, Ni(qm), KE: These payloads MUST be identical to the corresponding IKE payloads ([RFC2408] sections 3.8, 3.4, and 3.13). The SA, IDi, and IDr payloads MUST be constructed by looking up the PAD Entry IDs ([RFC4301] section 4.4.3.1). The key exchange (KE) payload MUST be sent if quick mode perfect forward secrecy is required by the SPD.

  • Notify (exchange_info): The EXCHANGE_INFO Notify payload indicates to the peer that either guaranteed encryption is active, or that the sender uses negotiation discovery. A precondition for sending this notify is that the MM SA MUST have the PeerIsNegotiationDiscoveryCapable flag set (section 3.2.5.1). These two policy options are specified in [MS-IKEE] section 3.7.4.

  • SKWt: The responder SHOULD<16> optionally send a Key Dictation Weight payload if it is evaluating the dictating keys. This payload MUST update the KeyDictationWtRemote field with the contents of the packet per QM SA.

    • If LocalEndWantsToDictateKey is set, then if KeyDictationWtLocal > KeyDictationWtRemote, set KeyDictationLocalWinner to TRUE, else set KeyDictationRemoteWinner to TRUE.

    • If LocalEndWantsToDictateKey is not set, then, irrespective of the KeyDictationWtRemote value, set KeyDictationRemoteWinner to TRUE.

  • KeyDict(In) and KeyDict(Out): Since the responder already has the initiator's Key_Dictation_Weight value, it could potentially have won the negotiation. If this is true and there is no Extended Mode, then the responder MUST have sent the Key Dictation payloads for the initiator to use as quick mode keys.

If the initiator encounters any errors in the processing of the received message, it MUST be treated as an Invalid Message event as specified in section 3.4.7.1.

Otherwise, it MUST add inbound QM SA to SAD and send the second quick mode exchange request specified in the following diagram, and transition to Quick Mode Initiator Second Packet Sent state.

If the QM SA is added and if either the ImpersonationActiveMM or ImpersonationActive EM flag is TRUE for the MM SA corresponding to the QM SA, then the value of ImpersonationHandle from the MM SA MUST be copied over to the QM SA.

This packet MUST contain only:

  • A Notify payload of Notify type NOTIFY_QM_SYNCHRONIZE. See section 2.2.3.5.

  • KeyDict(In) and KeyDict(Out): If the initiator won the Key_Dictation_Weight negotiation (that is, KeyDictationLocalWinner is set) and there is no Extended Mode in effect, then the initiator can dictate the quick mode keys to the responder by constructing these payloads.

Quick Mode Synchronize Notify packet

Figure 9: Quick Mode Synchronize Notify packet