[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

prf's in IKE Phase 2

To: ipsec@lists.tislabs.com
Subject: prf's in IKE Phase 2
From: "Jason Palmatier" <palmatie@us.ibm.com>
Date: Mon, 11 Jun 2001 13:59:56 -0400
Sender: owner-ipsec@lists.tislabs.com

I have a question about the prf referenced in RFC 2409 in IKE Quick Mode
negotiations.  Where does the prf used to create the HASH values and KEYMAT
come from?  I would think that for HASH(1), HASH(2), and HASH(3) the prf
would be the hash algorithm negotiated in Phase 1 and that for the KEYMAT
it would be hash algorithm negotiated in this Phase 2 Quick Mode.  An
example of this would be a Phase 1 where SHA was negotiated and where MD5
is negotiated for the final Phase 2 Quick Mode SA.  Then the following
calculations would hold:

   HASH(1) = *SHA*(SKEYID_a, M-ID | SA | Ni [ | KE ] [ | IDci | IDcr )
   HASH(2) = *SHA*(SKEYID_a, M-ID | Ni_b | SA | Nr [ | KE ] [ | IDci | IDcr
)
   HASH(3) = *SHA*(SKEYID_a, 0 | M-ID | Ni_b | Nr_b)

   KEYMAT = *MD5*(SKEYID_d, protocol | SPI | Ni_b | Nr_b).
                                             OR
   KEYMAT = *MD5*(SKEYID_d, g(qm)^xy | protocol | SPI | Ni_b | Nr_b)

Is this correct?  If not, what is the correct way to calculate these and
still use the hash algorithm negotiated for this Quick Mode to generate the
keying material used by IPsec?  Any help would be appreciated.


Jason

Jason Palmatier
iSeries IP Development
IBM Corp.
Endicott, NY
email: palmatie@us.ibm.com

Prev by Date: RE: IPSEC Security Gateways & NAT
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: Re: digital certificate
Next by thread: mluticast authentication using AH
Index(es):
- Main
- Thread