2.2.9 Correlation Payload (IKEv2) Packet
The Correlation Payload (IKEv2) packet format is as follows. There are two IKE_SAs here, SAcurrent and SAoriginal. This payload is sent under the protection of SACurrent. The payload type value for a Correlation payload is 0xc8 from the private payload type range, as specified in [RFC4306] section 3.2.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Next_Payload |
RESERVED |
Payload_Length |
|||||||||||||||||||||||||||||
|
IKE_SA_Initiator_SPI |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
IKE_SA_Responder_SPI |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
Correlation_Hash (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
Next_Payload (1 byte): This field MUST be as specified in [RFC2408] section 3.2.
RESERVED (1 byte): This field MUST be as specified in [RFC2408] section 3.2.
Payload_Length (2 bytes): This field MUST be as specified in [RFC2408] section 3.2.
IKE_SA_Initiator_SPI (8 bytes): This MUST be set to the initiator's SPI from the IKE_SA being correlated, SAoriginal. This value is taken from the IKEv2 header of the prior IKE_SA, as specified in [RFC4306] section 3.1.
IKE_SA_Responder_SPI (8 bytes): This MUST be set to the responder's (1) SPI from the IKE_SA being correlated, SAoriginal. This value is taken from the IKEv2 header of the prior IKE_SA, as specified in [RFC4306] section 3.1.
Correlation_Hash (variable): This computes a keyed hash using the SAcurrent's negotiated PRF function. The key used is the SK_ai on the initiator and the SK_ar for the responder (1) from SAoriginal. See [RFC4306] section 2.14. The correlation hash is as follows.
-
-
prf(SK_a(i or r), SAcurrent.InitiatorSpi|SAcurrent.ResponderSpi|SAoriginal.InitiatorSpi|SAoriginal.responderSpi)
-