[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key derivation for ESP Authentication Algorithm
> > I have a question about derivation of Phase 2 keying material and
> > I would greatly appreciate receiving an answer from someone of this
> > group.
>
> I haven't seen any replies to this, so I'll take a stab at it.
Thanks for your prompt answer. But please let me ask you once again.
> > So the difference between the two(Encryption and Authentication) keys
> > is only its length, I think. Am I right?
>
> No, the keying material for encryption differs entirely from
> the keying material for authentication. This happens because the
> "protocol" value used to derive KEYMAT is a transform-specific value.
> The encryption transform is associated with one value for "protocol"
> and the authentication transform is associated with some other value
> for "protocol".
>
> Per IKE 5.5, pg.18:
>
> In either case, "protocol" and "SPI" are from the ISAKMP
> Proposal Payload that contained the negotiated Transform.
>
> Hope this helps
I should have written "(ESP Encryption and ESP Authentication)",
instead of "(Encryption and Authentication)". In this case,
only ESP is employed, and I think "protocol" is PROTO_IPSEC_ESP.
That's why, I think that a key for ESP Encryption and a key for
ESP Authentication are derived from the same KEYMAT, because
the same "protocol" value(PROTO_IPSEC_ESP) and the same SPI
are used for the computation.
Hope to hear your comments again.
Thanks,
Norio Korekawa
Follow-Ups:
References: