>> Looking at Section 6.3 HIP DEX KEYMAT Generation, it discusses
>> using Diffie-Hellman derived key Kij, but I don't see anything
>> about using I_NONCE. There is a random #I provided by the
>> Responder from the PUZZLE parameter, but nothing about a
>> random I_NONCE supplied by the Initiator.
>
> In 6.3:
>
> IKM Input keying material
> the Diffie-Hellman derived key, concatenated with the
> random I_NONCE value for the Master Key SA
> the Diffie-Hellman derived key, concatenated with the
> random values of the ENCRYPTED_KEY parameters in
> the same order as the HITs with sort(HIT-I | HIT-R)
> for the Pair-wise Key SA
Is this a new table row, or maybe something happened to the output?
It looks good.
In the dex-12 html/text versions I'm seeing the following text, which does not
list IKM or info inputs for CKDF-Extract:
The CKDF-Extract function is the following operation:
CKDF-Extract(I, IKM, info) -> PRK
Inputs:
I Random #I, provided by the Responder, from the PUZZLE
parameter
The CKDF-Expand function is the following operation:
Moskowitz, et al. Expires August 12, 2020 [Page 32]
Internet-Draft HIP Diet EXchange (DEX) February 2020
CKDF-Expand(PRK, info, L) -> OKM
Inputs:
PRK a pseudorandom key of at least RHASH_len/8 octets
(either the output from the extract step or the
concatenation of the random values of the
ENCRYPTED_KEY parameters in the same order as the
HITs with sort(HIT-I | HIT-R) in case of no extract)
info sort(HIT-I | HIT-R) | "CKDF-Expand"
where "CKDF-Expand" is an octet string
L length of output keying material in octets
(<= 255*RHASH_len/8)
_______________________________________________
Hipsec mailing list
Hipsec@ietf.org
https://www.ietf.org/mailman/listinfo/hipsec
