[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
key derivation for ESP Authentication Algorithm
Hello,
I have a question about derivation of Phase 2 keying material and
I would greatly appreciate receiving an answer from someone of this group.
My question is: How is a key for ESP Authentication Algorithm derived
from a keying material SKEYID_d?
I think it is derived in the same way as a key for ESP Encryption Algorithm
is derived, according to the following procedure. So the difference
between the two(Encryption and Authentication) keys is only its
length, I think. Am I right?
-----------------------------------------------------------------
KEYMAT = prf(SKEYID_d, [g(qm)^xy] | protocol | SPI | Ni_b | Nr_b)
KEYMAT = K1 | K2 | K3 | ...
where
K1 = prf(SKEYID_d, [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b)
K2 = prf(SKEYID_d, K1 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
Nr_b)
K3 = prf(SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
Nr_b)
etc.
-----------------------------------------------------------------
I'm afraid that I'm making a wrong guess, but I hope some will
kindly answer to me.
Thanks in advance,
Norio Korekawa(korekawa@rinfo.sei.co.jp)
SUMITOMO ELECTRIC INDUSTRIES, LTD.
Follow-Ups: