4.7G Default IKEv2 message and information element contents
36.5083GPPCommon test environments for User Equipment (UE) conformance testingEvolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Packet Core (EPC)Release 17TS
– IKE_SA_INIT request
This message is sent by the UE to the SS.
Table 4.7G-1: IKE_SA_INIT request
Derivation path: IETF RFC 5996 [57] |
|||
Information Element |
Value/remark |
Comment |
Condition |
IKE Header |
|||
Initiator’s IKE_SA SPI |
Not checked |
||
Responder’s IKE_SA SPI |
0 |
First message in IKE_SA_INIT exchange |
|
Next Payload |
‘00100001’B |
SA |
|
Exchange Type |
‘00100010’B |
IKE_SA_INIT |
|
Security Association Payload |
The presence of all Transform type and related Transform ID are checked. These are allowed in one or more Proposals in any combination. |
||
Next Payload |
’00100010’B |
KE |
|
More proposal |
Not checked |
||
Proposal # |
Not checked |
Cryptographic suite |
|
Protocol ID |
‘00000001’B |
IKE |
|
SPI size |
Not checked |
||
Number of transforms |
Not checked |
||
More transform or Last transform |
Not checked |
||
Transform type |
‘00000001’B |
Encryption Algorithm |
|
Transform ID |
‘00000011’B |
ENCR_3DES |
|
More transform or Last transform |
Not checked |
||
Transform type |
‘00000001’B |
Encryption Algorithm |
|
Transform ID |
‘00001100’B |
ENCR_AES_CBC |
|
More transform or Last transform |
Not checked |
||
Transform type |
‘00000010’B |
Pseudorandom Function |
|
Transform ID |
‘00000010’B |
PRF_HMAC_SHA1 |
|
More transform or Last transform |
Not checked |
||
Transform type |
‘00000011’B |
Integrity Algorithm |
|
Transform ID |
‘00000010’B |
AUTH_HMAC_SHA1_96 |
|
More transform or Last transform |
Not checked |
||
Transform type |
‘00000011’B |
Integrity Algorithm |
|
Transform ID |
‘00000101’B |
AUTH_AES_XCBC_96 |
|
More transform or Last transform |
Not checked |
||
Transform type |
‘00000100’B |
Diffie-Hellman group |
|
Transform ID |
‘00000010’B |
1024-bit MODP |
|
Last transform or More transform |
Not checked |
||
Transform type |
‘00000100’B |
Diffie-Hellman group |
|
Transform ID |
‘00001110’B |
2048-bit MODP |
|
Key Exchange Payload |
|||
Next Payload |
‘00101000’B |
Nonce |
|
Diffie-Hellman Group Num |
‘0000000000000010’B or ‘0000000000001110’B |
DH group 2 or 14 |
|
Key Exchange data |
Not checked |
||
Nonce Payload |
|||
Next Payload |
‘00000000’B |
No Next Payload if Nonce is the last payload |
|
Nonce data |
Not checked |
||
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. NOTE 2: The Check for Next Payload is to check the presence of (SA, KE, Nonce and No Next Payload). The SS shall not reject as invalid a message with those payloads in any other order. |
– IKE_SA_INIT response
This message is sent by the SS to the UE.
Table 4.7G-2: IKE_SA_INIT response
Derivation path: IETF RFC 5996 [57] |
|||
Information Element |
Value/remark |
Comment |
Condition |
IKE Header |
|||
Initiator’s IKE_SA SPI |
Same as that set by the UE in IKE_SA_INIT request |
||
Responder’s IKE_SA SPI |
Set by the SS |
||
Next Payload |
‘00100001’B |
SA |
|
Exchange Type |
‘00100010’B |
IKE_SA_INIT |
|
Security Association Payload |
|||
Next Payload |
’00100010’B |
KE |
|
Proposal |
One of the proposals included in IKE_SA_INIT request |
||
Key Exchange Payload |
|||
Next Payload |
‘00101000’B |
Nonce |
|
Diffie-Hellman Group Num |
One of the proposals included in IKE_SA_INIT request |
||
Key Exchange data |
Set by the SS |
||
Nonce Payload |
|||
Next Payload |
‘00000000’B |
No Next Payload if Nonce is the last payload |
|
Nonce data |
Set by the SS |
– IKE_AUTH_request
This message is sent by the UE to the SS.
Table 4.7G-3: IKE_AUTH request
Derivation path: IETF RFC 5996 [57] |
|||
Information Element |
Value/remark |
Comment |
Condition |
IKE Header |
|||
Next Payload |
‘00101111’B or ‘00110000’B or ‘00100111’B |
CP or EAP or AUTH |
|
Exchange Type |
‘00100011’B |
IKE_AUTH |
|
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. |
– IKE_AUTH response
This message is sent by the SS to the UE.
Table 4.7G-4: IKE_AUTH response
Derivation path: IETF RFC 5996 [57] |
|||
Information Element |
Value/remark |
Comment |
Condition |
The presence and values for applicable fields are provided according to the test model [see TS 36.523-3 [20] cl. 4.4.6]. |