[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: HELP
Hi,
The shared secret g^xy should be in the form of octet string:
MS byte value --> LS byte value
[0] [1] [2] ...
leading
byte
In the byte [0] there might be junk bits that must be 0.
In case of EC groups, RFC2409 says that you
have to use only X-coordinate. Data marshalling
must be the same as in case of MODP, since
the difference is not mentioned.
Unfortunately, RFC2409 does not explain the
data format, which should be present. Otherwise,
people will be confused about the data format
(for the components in the hash function, for instance)
and have problems in interoperability of different
IKE implementaions.
You can take a look at
http://grouper.ieee.org/groups/1363/draft.html
to learn about data marshalling in other standards.
Regards,
Yuri
Wang Huaibo wrote:
> Hi,
> I am a student from China, and am interested in IPsec,
> I have a question about IKE, followed fragment is cut off
> from RFC1409:
>
> KEYMAT = prf(SKEYID_d, g(qm)^xy | protocol | SPI | Ni_b |
> Nr_b)
> where g(qm)^xy is the shared secret from the ephemeral
> Diffie-Hellman exchange of this Quick Mode.
>
> I wonder how to determine the bits of item g(qm)^xy,as to MODP,
> the leading(high order or most significant bits) zero should be
> trimmed off? as to ECP or EC2N, the item is a point ,say,(X,Y), then
> the Y should be compressed, and the leading zero should be trimmed
> off?
>
> THANKS & REGARDS
>
> Wang Huaibo
>
> 6/2
References:
- HELP
- From: Wang Huaibo <whb60292@mail1.sjtu.edu.cn>