| IKE, Internet Key Exchange |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP, IPSec. |
| Protocol type: | Application layer key exchange protocol. |
| Port: | 500 (UDP). |
| MIME subtype: | |
| SNMP MIBs: | |
| Working groups: | ipsecme, IP Security Maintenance and Extensions. |
| Links: |
IANA: IPSec registry. IANA: IKEv2 Parameters. |
IKE is a hybrid of the ISAKMP framework and the Oakley and SKEME protocols.
ISAKMP provides a framework for authentication and key exchange but does not define them. It is designed to be key exchange independant; that is, it is designed to support many different key exchanges.
Oakley describes a series of key exchanges, known as modes, and details the services provided by each (e.g. perfect forward secrecy for keys, identity protection, and authentication).
SKEME describes a versatile key exchange technique which provides anonymity, repudiability, and quick key refreshment.
Perfect Forward Secrecy is supported.
IKEv2 does not interoperate with IKEv1, but it has enough of the header format in common that both versions can unambiguously run over the same UDP port.
Oakley and SKEME each define a method to establish an authenticated key exchange. This includes payloads construction, the information payloads carry, the order in which they are processed and how they are used.
While Oakley defines "modes", ISAKMP defines "phases". The relationship between the two is very straightforward and IKE presents different exchanges as modes which operate in one of two phases.
Phase 1 is where the two ISAKMP peers establish a secure, authenticated channel with which to communicate. This is called the ISAKMP Security Association (SA). "Main Mode" and "Aggressive Mode" each accomplish a phase 1 exchange. "Main Mode" and "Aggressive Mode" MUST ONLY be used in phase 1.
Phase 2 is where Security Associations are negotiated on behalf of services such as IPsec or any other service which needs key material and/or parameter negotiation. "Quick Mode" accomplishes a phase 2 exchange. "Quick Mode" MUST ONLY be used in phase 2.
| MAC header | IP header | UDP header | IKE header | Data ::: |
IKEv2 header:
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Initiator SPI - | |||||||||||||||||||||||||||||||
| Responder SPI - | |||||||||||||||||||||||||||||||
| Next payload | Major ver | Minor ver | Exchange type | Flags | |||||||||||||||||||||||||||
| Message ID | |||||||||||||||||||||||||||||||
| Length | |||||||||||||||||||||||||||||||
| Data ::: | |||||||||||||||||||||||||||||||
Initiator SPI.
8 bytes.
A value chosen by the initiator to identify a unique IKE security association.
This value MUST NOT be cleared to zero.
Responder SPI.
8 bytes.
A value chosen by the responder to identify a unique IKE security association.
This value MUST be cleared to zero in the first message of an IKE Initial Exchange
(including repeats of that message including a cookie) and MUST NOT be zero in any other message.
Next payload.
8 bits.
Indicates the type of payload that immediately follows the header.
| Type | Description | References |
|---|---|---|
| 0 | No next payload. | RFC 4306 |
| 1 - 32 | reserved. | RFC 4306 |
| 33 | SA, Security Association. | RFC 4306 |
| 34 | KE, Key Exchange. | RFC 4306 |
| 35 | IDi, Identification - Initiator. | RFC 4306 |
| 36 | IDr, Identification - Responder. | RFC 4306 |
| 37 | CERT, Certificate. | RFC 4306 |
| 38 | CERTREQ, Certificate Request. | RFC 4306 |
| 39 | AUTH, Authentication. | RFC 4306 |
| 40 | Ni and Nr, Nonce. | RFC 4306 |
| 41 | N, Notify. | RFC 4306 |
| 42 | D, Delete. | RFC 4306 |
| 43 | V, Vendor ID. | RFC 4306 |
| 44 | TSi, Traffic Selector - Initiator. | RFC 4306 |
| 45 | TSr, Traffic Selector - Responder. | RFC 4306 |
| 46 | E, Encrypted. | RFC 4306 |
| 47 | CP, Configuration. | RFC 4306 |
| 48 | EAP, Extensible Authentication. | RFC 4306 |
| 49 - 127 | reserved | RFC 4306 |
| 128 - 255 | private use. | RFC 4306 |
Major ver.
4 bits.
Indicates the major version of the IKE protocol to use.
Minor ver.
4 bits.
Indicates the minor version of the IKE protocol to use.
Exchange type.
8 bits.
Indicates the type of exchange being used.
This constrains the payloads sent in each message and orderings of messages in an exchange.
| Type | Description | References |
|---|---|---|
| 0 - 33 | reserved. | RFC 4306 |
| 34 | IKE_SA_INIT. | RFC 4306 |
| 35 | IKE_AUTH. | RFC 4306 |
| 36 | CREATE_CHILD_SA. | RFC 4306 |
| 37 | INFORMATIONAL. | RFC 4306 |
| 38 | IKE_SESSION_RESUME. | RFC 5723 |
| 39 - 239 | reserved. | RFC 4306 |
| 240 - 255 | Private use. | RFC 4306 |
Flags.
8 bits.
Indicates specific options that are set for the message.
The presence of options is indicated by the appropriate bit in the flags field being set.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 |
|---|---|---|---|---|---|---|---|
| 0 | I | V | R | 0 | |||
I, Initiator. 1 bit.
Indicates the message was sent by the initiator if set.V, Version. 1 bit.
Indicates that the sender is capable of speaking a higher major version number of the protocol than the one indicated in the major version number field. Implementations of IKEv2 must clear this bit when sending and MUST ignore it in incoming messages.R, Response. 1 bit.
Indicates that this message is a response to a message containing the same message ID. This bit MUST be cleared in all request messages and MUST be set in all responses. An IKE endpoint MUST NOT generate a response to a message that is marked as being a response.
Attribute classes:
| Value | Type | Description |
|---|---|---|
| 1 | basic | Encryption algorithm. |
| 2 | basic | Hash algorithm. |
| 3 | basic | Authentication method. |
| 4 | basic | Group description. |
| 5 | basic | Group type. |
| 6 | variable | Group prime/irreducible polynomial. |
| 7 | variable | Group generator one. |
| 8 | variable | Group generator two. |
| 9 | variable | Group curve A. |
| 10 | variable | Group curve B. |
| 11 | basic | Life type. |
| 12 | variable | Life duration. |
| 13 | basic | PRF. |
| 14 | basic | Key length. |
| 15 | basic | Field size. |
| 16 | variable | Group order. |
| 17 - 16383 | Reserved to IANA. | |
| 16384 - 32767 | Private use among mutually consenting parties. |
Encryption algorithms:
| Value | Algorithm | Mode | Rounds | Block size | References |
|---|---|---|---|---|---|
| 1 | DES. | CBC | RFC 2405 | ||
| 2 | IDEA. | CBC | RFC 2409 | ||
| 3 | Blowfish. | CBC | RFC 2409 | ||
| 4 | RC5. | CBC | 16 | 64 | |
| 5 | 3DES. | CBC | |||
| 6 | CAST. | CBC | |||
| 7 | AES. | CBC | |||
| 8 | Camellia | CBC | RFC 4312 | ||
| 9 - 65000 | |||||
| 65001 - 65535 | private use. |
Hash algorithms:
| Value | Algorithm | References |
|---|---|---|
| 1 | MD5. | |
| 2 | SHA. | |
| 3 | Tiger. | |
| 4 | SHA2-256. | |
| 5 | SHA2-384. | |
| 6 | SHA2-512. |
Notify messages, message types:
| Value | Message type | References |
|---|---|---|
| 0 | RFC 4306 | |
| 1 | UNSUPPORTED_CRITICAL_PAYLOAD. | RFC 4306 |
| 2 3 | RFC 4306 | |
| 4 | INVALID_IKE_SPI. | RFC 4306 |
| 5 | INVALID_MAJOR_VERSION. | RFC 4306 |
| 6 | RFC 4306 | |
| 7 | INVALID_SYNTAX. | RFC 4306 |
| 8 | RFC 4306 | |
| 9 | INVALID_MESSAGE_ID. | RFC 4306 |
| 10 | RFC 4306 | |
| 11 | INVALID_SPI. | RFC 4306 |
| 12 13 | RFC 4306 | |
| 14 | NO_PROPOSAL_CHOSEN. | RFC 4306 |
| 15 16 | RFC 4306 | |
| 17 | INVALID_KE_PAYLOAD. | RFC 4306 |
| 18 - 23 | RFC 4306 | |
| 24 | AUTHENTICATION_FAILED. | RFC 4306 |
| 25 - 33 | RFC 4306 | |
| 34 | SINGLE_PAIR_REQUIRED. | RFC 4306 |
| 35 | NO_ADDITIONAL_SAS. | RFC 4306 |
| 36 | INTERNAL_ADDRESS_FAILURE. | RFC 4306 |
| 37 | FAILED_CP_REQUIRED. | RFC 4306 |
| 38 | TS_UNACCEPTABLE | RFC 4306 |
| 39 | INVALID_SELECTORS. | RFC 4306 |
| 40 | UNACCEPTABLE_ADDRESSES. | RFC 4555 |
| 41 | UNEXPECTED_NAT_DETECTED. | RFC 4555 |
| 42 | USE_ASSIGNED_HoA. | RFC 5026 |
| 43 - 8191 | Error types, reserved to IANA. | RFC 4306 |
| 8192 - 16383 | Error types, private use. | RFC 4306 |
Notify messages, status types:
| Value | Status type | References |
|---|---|---|
| 16384 | INITIAL_CONTACT. | RFC 4306 |
| 16385 | SET_WINDOW_SIZE. | RFC 4306 |
| 16386 | ADDITIONAL_TS_POSSIBLE. | RFC 4306 |
| 16387 | IPCOMP_SUPPORTED. | RFC 4306 |
| 16388 | NAT_DETECTION_SOURCE_IP. | RFC 4306 |
| 16389 | NAT_DETECTION_DESTINATION_IP. | RFC 4306 |
| 16390 | COOKIE. | RFC 4306 |
| 16391 | USE_TRANSPORT_MODE. | RFC 4306 |
| 16392 | HTTP_CERT_LOOKUP_SUPPORTED. | RFC 4306 |
| 16393 | REKEY_SA. | RFC 4306 |
| 16394 | ESP_TFC_PADDING_NOT_SUPPORTED. | RFC 4306 |
| 16395 | NON_FIRST_FRAGMENTS_ALSO. | RFC 4306 |
| 16396 | MOBIKE_SUPPORTED. | RFC 4555 |
| 16397 | ADDITIONAL_IP4_ADDRESS. | RFC 4555 |
| 16398 | ADDITIONAL_IP6_ADDRESS. | RFC 4555 |
| 16399 | NO_ADDITIONAL_ADDRESSES. | RFC 4555 |
| 16400 | UPDATE_SA_ADDRESSES. | RFC 4555 |
| 16401 | COOKIE2. | RFC 4555 |
| 16402 | NO_NATS_ALLOWED. | RFC 4555 |
| 16403 | AUTH_LIFETIME. | RFC 4478 |
| 16404 | MULTIPLE_AUTH_SUPPORTED. | RFC 4739 |
| 16405 | ANOTHER_AUTH_FOLLOWS. | RFC 4739 |
| 16406 - 40959 | reserved to IANA.. | RFC 4306 |
| 40960 - 65535 | PRIVATE USE. | RFC 4306 |
Quick mode.
RFCs:
[RFC 3104] RSIP Support for End-to-end IPsec.
[RFC 3193] Securing L2TP using IPsec.
[RFC 3526] More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE).
[RFC 3706] A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers.
[RFC 3723] Securing Block Storage Protocols over IP.
[RFC 3947] Negotiation of NAT-Traversal in the IKE.
[RFC 4106] The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP).
[RFC 4109] Algorithms for Internet Key Exchange version 1 (IKEv1).
[RFC 4301] Security Architecture for the Internet Protocol.
[RFC 4306] Internet Key Exchange (IKEv2) Protocol.
[RFC 4307] Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2).
[RFC 4308] Cryptographic Suites for IPsec.
[RFC 4309] Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP).
[RFC 4312] The Camellia Cipher Algorithm and Its Use With IPsec.
[RFC 4322] Opportunistic Encryption using the Internet Key Exchange (IKE).
[RFC 4434] The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE).
[RFC 4478] Repeated Authentication in Internet Key Exchange (IKEv2) Protocol.
[RFC 4543] The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH.
[RFC 5282] Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol.
[RFC 5386] Better-Than-Nothing Security: An Unauthenticated Mode of IPsec.
[RFC 2409] The Internet Key Exchange (IKE).
[RFC 3664] The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE).
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |