[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Negotiated Hash Algorithms in ISAKMP/OAKLEY
Edward,
> Is this a correct interpretation of the ISAKMP/OAKLEY spec:
>
> All hashes used in messages and keying material are the NATIVE form of
> the negotiated hash algorithm which is either MD5 or SHA
No, they are the HMAC version.
> The ONLY time the HMAC version of MD5 or SHA is used is during the Oakley
> Phase1 authentication (specifically, in authentication with a pre-shared key,
> the HASH_I and HASH_R will be the HMAC version
> of MD5 or SHA depending on what was negotiated).
>
> Correct?
Anytime you see prf it generally refers to the HMAC version of the negotiated
hash function (negotiable pseudo-random functions are coming, but for now
just assume prf=HMAC). These are used for mostly all hashing functions:
authentication purposes and generation of key blobs (in phase1 and phase2).
The only place where the native mode of the negotiated hash function is used
is to generate the IV (in appendix B).
> (If I am incorrect and you can actually negotiate to use HMAC MD5 or
> NATIVE MD5 for example, then what is the Oakley number for that, does it
> need to be supported, and what would you use during
> authentication? The HMAC version of HMAC MD5 for example?????)
You don't negotiate HMAC or native forms you just negotiate H: the hash
function. That is then used in both native and HMAC modes. For authentication
you'd use a prf (aka the HMAC version of your negotiated H) to generate a
hash. That either directly authenticates the exchange or it is signed,
and verified depending on your authentication method (the negotiated A, from
E-H-A: encryption-hash-authentication).
Dan.
References: