Re: key derivation for ESP Authentication Algorithm

Norio Korekawa <korekawa@rinfo.sei.co.jp> Mon, 23 February 1998 02:10 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id VAA09043 for ipsec-outgoing; Sun, 22 Feb 1998 21:10:35 -0500 (EST)
Message-Id: <199802230223.LAA00749@baba-yaga.rinfo.sei.co.jp>
X-Authentication-Warning: baba-yaga.rinfo.sei.co.jp: localhost.rinfo.sei.co.jp [127.0.0.1] didn't use HELO protocol
To: lmccarth@cs.umass.edu
Cc: ipsec@tis.com
Subject: Re: key derivation for ESP Authentication Algorithm
In-Reply-To: Your message of "Sat, 21 Feb 1998 19:42:53 -0500"
References: <34EF748D.6956@cs.umass.edu>
X-Mailer: Mew version 1.70 on Emacs 19.28.1 / Mule 2.3
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Mon, 23 Feb 1998 11:23:43 +0900
From: Norio Korekawa <korekawa@rinfo.sei.co.jp>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> > I have a question about derivation of Phase 2 keying material and
> > I would greatly appreciate receiving an answer from someone of this 
> > group.
> 
> I haven't seen any replies to this, so I'll take a stab at it.

Thanks for your prompt answer.  But please let me ask you once again.

> > So the difference between the two(Encryption and Authentication) keys 
> > is only its length, I think.  Am I right?
> 
> No, the keying material for encryption differs entirely from 
> the keying material for authentication. This happens because the 
> "protocol" value used to derive KEYMAT is a transform-specific value.
> The encryption transform is associated with one value for "protocol" 
> and the authentication transform is associated with some other value
> for "protocol".
> 
> Per IKE 5.5, pg.18:
> 
> 	In either case, "protocol" and "SPI" are from the ISAKMP 
> 	Proposal Payload that contained the negotiated Transform.
> 
> Hope this helps

I should have written "(ESP Encryption and ESP Authentication)",
instead of "(Encryption and Authentication)".  In this case, 
only ESP is employed, and I think "protocol" is PROTO_IPSEC_ESP.
That's why, I think that a key for ESP Encryption and a key for
ESP Authentication are derived from the same KEYMAT, because
the same "protocol" value(PROTO_IPSEC_ESP) and the same SPI
are used for the computation.

Hope to hear your comments again.

Thanks,
Norio Korekawa