3.5.5.2 Received Quick Mode Second Exchange Request

Quick Mode Synchronize Notify packet

Figure 17: Quick Mode Synchronize Notify packet

If the responder is not in Quick Mode Responder First Exchange Done state, when the responder receives the above packet it MUST tear down the corresponding main mode if it can match the packet to an existing main mode, and silently discard the packet otherwise.

On receiving the above packet in Quick Mode Responder First Exchange Done state, the responder MUST verify the packet, and if it is valid, send out the response specified by the following diagram, and transition to Quick Mode Responder Done state.

To verify the incoming packet, the responder MUST do the following:

  • HDR: Verify that the ISAKMP header is identical to the first IKE phase 2 initiator packet (as specified in [RFC2409] section 5.5), except that the exchange type MUST be 244 (quick mode exchange type)

  • Decrypt the Crypto payload to obtain the rest of the payloads and verify the AuthIP packet integrity check. The decryption and integrity verification procedure is specified in [RFC4303] section 3.4.

  • Verify that the decrypted packet contains only a single payload, which MUST be a Notify payload of Notify type NOTIFY_QM_SYNCHRONIZE (see section 2.2.3.5).

  • If the initiator won the Key Dictation Weight negotiation (that is, KeyDictationLocalWinner is set), then the responder MUST consume the quick mode keys supplied in the KeyDict(in) and KeyDict(out) payloads.

If the responder encounters any errors in verifying the packet, it MUST be treated as an Invalid Message event. See section 3.5.7.1.

The QM SA keys MUST be computed using the key material generation algorithm from section 3.1. The first ipsechashLength bytes of IPSecEncryptKey MUST be used for the QM SA authentication key and the last ipseccryptLength bytes MUST be used for the QM SA encryption key.

Quick Mode Synchronize Notify Response packet

Figure 18: Quick Mode Synchronize Notify Response packet

If either the ImpersonationActiveMM or ImpersonationActive EM flag is TRUE for the MM SA corresponding to the QM SA, then the ImpersonationHandle value from the MM SA MUST be copied over to the QM SA.

The inbound/outbound QM SAs MUST also be added to the SAD prior to sending this packet.