4.7G Default IKEv2 message and information element contents

36.5083GPPCommon test environments for User Equipment (UE) conformance testingEvolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Packet Core (EPC)Release 17TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

– IKE_SA_INIT request

This message is sent by the UE to the SS.

Table 4.7G-1: IKE_SA_INIT request

Derivation path: IETF RFC 5996 [57]
Information Element	Value/remark	Comment	Condition
IKE Header
Initiator’s IKE_SA SPI	Not checked
Responder’s IKE_SA SPI	0	First message in IKE_SA_INIT exchange
Next Payload	‘00100001’B	SA
Exchange Type	‘00100010’B	IKE_SA_INIT
Security Association Payload		The presence of all Transform type and related Transform ID are checked. These are allowed in one or more Proposals in any combination.
Next Payload	’00100010’B	KE
More proposal	Not checked
Proposal #	Not checked	Cryptographic suite
Protocol ID	‘00000001’B	IKE
SPI size	Not checked
Number of transforms	Not checked
More transform or Last transform	Not checked
Transform type	‘00000001’B	Encryption Algorithm
Transform ID	‘00000011’B	ENCR_3DES
More transform or Last transform	Not checked
Transform type	‘00000001’B	Encryption Algorithm
Transform ID	‘00001100’B	ENCR_AES_CBC
More transform or Last transform	Not checked
Transform type	‘00000010’B	Pseudorandom Function
Transform ID	‘00000010’B	PRF_HMAC_SHA1
More transform or Last transform	Not checked
Transform type	‘00000011’B	Integrity Algorithm
Transform ID	‘00000010’B	AUTH_HMAC_SHA1_96
More transform or Last transform	Not checked
Transform type	‘00000011’B	Integrity Algorithm
Transform ID	‘00000101’B	AUTH_AES_XCBC_96
More transform or Last transform	Not checked
Transform type	‘00000100’B	Diffie-Hellman group
Transform ID	‘00000010’B	1024-bit MODP
Last transform or More transform	Not checked
Transform type	‘00000100’B	Diffie-Hellman group
Transform ID	‘00001110’B	2048-bit MODP
Key Exchange Payload
Next Payload	‘00101000’B	Nonce
Diffie-Hellman Group Num	‘0000000000000010’B or ‘0000000000001110’B	DH group 2 or 14
Key Exchange data	Not checked
Nonce Payload
Next Payload	‘00000000’B	No Next Payload if Nonce is the last payload
Nonce data	Not checked
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored. NOTE 2: The Check for Next Payload is to check the presence of (SA, KE, Nonce and No Next Payload). The SS shall not reject as invalid a message with those payloads in any other order.

– IKE_SA_INIT response

This message is sent by the SS to the UE.

Table 4.7G-2: IKE_SA_INIT response

Derivation path: IETF RFC 5996 [57]
Information Element	Value/remark	Comment	Condition
IKE Header
Initiator’s IKE_SA SPI	Same as that set by the UE in IKE_SA_INIT request
Responder’s IKE_SA SPI	Set by the SS
Next Payload	‘00100001’B	SA
Exchange Type	‘00100010’B	IKE_SA_INIT
Security Association Payload
Next Payload	’00100010’B	KE
Proposal	One of the proposals included in IKE_SA_INIT request
Key Exchange Payload
Next Payload	‘00101000’B	Nonce
Diffie-Hellman Group Num	One of the proposals included in IKE_SA_INIT request
Key Exchange data	Set by the SS
Nonce Payload
Next Payload	‘00000000’B	No Next Payload if Nonce is the last payload
Nonce data	Set by the SS

– IKE_AUTH_request

This message is sent by the UE to the SS.

Table 4.7G-3: IKE_AUTH request

Derivation path: IETF RFC 5996 [57]
Information Element	Value/remark	Comment	Condition
IKE Header
Next Payload	‘00101111’B or ‘00110000’B or ‘00100111’B	CP or EAP or AUTH
Exchange Type	‘00100011’B	IKE_AUTH
NOTE 1: The order of Payloads/fields is not checked, unless explicitly specified. Additional Payloads/fields are ignored.

– IKE_AUTH response

This message is sent by the SS to the UE.

Table 4.7G-4: IKE_AUTH response

Derivation path: IETF RFC 5996 [57]
Information Element	Value/remark	Comment	Condition
		The presence and values for applicable fields are provided according to the test model [see TS 36.523-3 [20] cl. 4.4.6].