[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IKE key derivation.

I have a question about key derivation in IKE.

When you generate the keying material as explained in RFC2409  (§5.5)
after a quick mode you get:
KEYMAT = prf(SKEYID_d,  protocol | SPI | Ni_b, Nr_b) or
KEYMAT = prf(SKEYID_d,  g(qm) ^xy | protocol | SPI | Ni_b, Nr_b) -- if
pfs is used.
Then a bit further :
RFC2409>> It is up to the service to define how keys are derived from
the keying material.

For AH this is straightforward since you just have to derive one key.

But my problem is how to use that keying material to derive the
ciphering key and the authentication key for ESP (using both
authentication and confidentiality services) ?

Should I select the first bits for the ciphering key or for the
authentication key ? I did'nt manage to find the answers in the RFCs.

Thanks for your help.

                      Alain Jourez
          Service  Télématique et  Communication

Université Libre de Bruxelles   Tél. +32 (0) 2 650 57 04
Boulevard du Triomphe, CP 230   Fax  +32 (0) 2 629 38 16
B-1050 Bruxelles - Belgium      mailto:alain.jourez@helios.iihe.ac.be