[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key derivation for ESP Authentication Algorithm



Norio Korekawa writes:
> I have a question about derivation of Phase 2 keying material and
> I would greatly appreciate receiving an answer from someone of this 
> group.

I haven't seen any replies to this, so I'll take a stab at it.

> My question is: How is a key for ESP Authentication Algorithm derived
> from a keying material SKEYID_d?
> 
> I think it is derived in the same way as a key for ESP Encryption 
> Algorithm is derived, according to the following procedure.  

Yes, the raw keying material for each is derived as in the text you
quoted. (The derivation of the actual keys from that raw material is 
algorithm specific.)

> So the difference between the two(Encryption and Authentication) keys 
> is only its length, I think.  Am I right?

No, the keying material for encryption differs entirely from 
the keying material for authentication. This happens because the 
"protocol" value used to derive KEYMAT is a transform-specific value.
The encryption transform is associated with one value for "protocol" 
and the authentication transform is associated with some other value
for "protocol".

Per IKE 5.5, pg.18:

	In either case, "protocol" and "SPI" are from the ISAKMP 
	Proposal Payload that contained the negotiated Transform.


>       -----------------------------------------------------------------
>       KEYMAT = prf(SKEYID_d, [g(qm)^xy] | protocol | SPI | Ni_b | Nr_b)
> 
>       KEYMAT = K1 | K2 | K3 | ...
>       where
>         K1 = prf(SKEYID_d, [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b)
>         K2 = prf(SKEYID_d, K1 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
>         Nr_b)
>         K3 = prf(SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b |
>         Nr_b)
>         etc.
>       -----------------------------------------------------------------
> 
> I'm afraid that I'm making a wrong guess, but I hope some will
> kindly answer to me.
> 
> Thanks in advance,
> Norio Korekawa(korekawa@rinfo.sei.co.jp)
> SUMITOMO ELECTRIC INDUSTRIES, LTD.

Hope this helps

-Lewis  <pseudonym@acm.org>  <http://www.cs.umass.edu/~lmccarth>


Follow-Ups: References: