[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IKE key derivation.
I have a question about key derivation in IKE.
When you generate the keying material as explained in RFC2409 (§5.5)
after a quick mode you get:
KEYMAT = prf(SKEYID_d, protocol | SPI | Ni_b, Nr_b) or
KEYMAT = prf(SKEYID_d, g(qm) ^xy | protocol | SPI | Ni_b, Nr_b) -- if
pfs is used.
Then a bit further :
RFC2409>> It is up to the service to define how keys are derived from
the keying material.
For AH this is straightforward since you just have to derive one key.
But my problem is how to use that keying material to derive the
ciphering key and the authentication key for ESP (using both
authentication and confidentiality services) ?
Should I select the first bits for the ciphering key or for the
authentication key ? I did'nt manage to find the answers in the RFCs.
Thanks for your help.
Regards.
Alain.
--
Alain Jourez
Service Télématique et Communication
Université Libre de Bruxelles Tél. +32 (0) 2 650 57 04
Boulevard du Triomphe, CP 230 Fax +32 (0) 2 629 38 16
B-1050 Bruxelles - Belgium mailto:alain.jourez@helios.iihe.ac.be