[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

key derivation for ESP Authentication Algorithm

To: ipsec@tis.com
Subject: key derivation for ESP Authentication Algorithm
From: Norio Korekawa <korekawa@rinfo.sei.co.jp>
Date: Fri, 20 Feb 1998 19:44:44 +0900
Sender: owner-ipsec@ex.tis.com

Hello,

I have a question about derivation of Phase 2 keying material and
I would greatly appreciate receiving an answer from someone of this group.

My question is: How is a key for ESP Authentication Algorithm derived 
from a keying material SKEYID_d?

I think it is derived in the same way as a key for ESP Encryption Algorithm
is derived, according to the following procedure.  So the difference
between the two(Encryption and Authentication) keys is only its
length, I think.  Am I right?

      -----------------------------------------------------------------	
      KEYMAT = prf(SKEYID_d, [g(qm)^xy] | protocol | SPI | Ni_b | Nr_b)

      KEYMAT = K1 | K2 | K3 | ...
      where
        K1 = prf(SKEYID_d, [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b)
        K2 = prf(SKEYID_d, K1 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
        Nr_b)
        K3 = prf(SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
        Nr_b)
        etc.
      -----------------------------------------------------------------	

I'm afraid that I'm making a wrong guess, but I hope some will
kindly answer to me.

Thanks in advance,
Norio Korekawa(korekawa@rinfo.sei.co.jp)
SUMITOMO ELECTRIC INDUSTRIES, LTD.

Follow-Ups:

Re: key derivation for ESP Authentication Algorithm

From: Lewis McCarthy <lmccarth@cs.umass.edu>

Prev by Date: Summary list -- IPsec Architecture
Next by Date: Stale SAs
Prev by thread: Summary list -- IPsec Architecture
Next by thread: Re: key derivation for ESP Authentication Algorithm
Index(es):
- Main
- Thread