https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3
Currently, there are no IKEv2 exchanges that define messages,
containing both unprotected payloads and payloads, that are protected
by the Encrypted payload. However, IKEv2 does not prohibit such
construction. If some future IKEv2 extension defines such a message
and it needs to be fragmented, all unprotected payloads MUST be
placed in the first fragment (with the Fragment Number field equal to
1), along with the Encrypted Fragment payload, which MUST be present
in every IKE Fragment message and be the last payload in it.
Below is an example of a fragmenting message that contains both
protected and unprotected payloads.
HDR(MID=n), PLD0, SK(NextPld=PLD1) {PLD1 ... PLDN}
Original Message
HDR(MID=n), PLD0, SKF(NextPld=PLD1, Frag#=1, TotalFrags=m) {...},
...
IKE Fragment Messages
Perhaps I'm confused by the terminology, but I can't see how to
construct a message containing both SK/SKF and unprotected payloads.
My understanding is that the HDR and PLD0 are "integrity
[cryptographically] protected" by:
https://datatracker.ietf.org/doc/html/rfc7383#section-2.5.3
o Integrity Checksum Data is the cryptographic checksum of the
entire message starting with the Fixed IKE header through the Pad
Length. The checksum MUST be computed over the encrypted message.
Its length is determined by the integrity algorithm negotiated.
while PLD1... are additionally encrypted (encrypt then sign).
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
