Generally, for authentication and PRF purposes, IKEv1 uses HMAC forms of
authentication algorithms. For most algorithms (e.g., MD5, SHA1, etc.)
there is both a non-keyed form of the hash and also a keyed HMAC form.
This doesn't seem to be true for AES-XCBC, which is explicitly defined as
a keyed hash function.
RFC 3947 documents the use of a non-keyed hash for generating a NAT-D
payload. It says that "this uses the negotiated HASH algorithm". What
hash algorithm should one use if AES-XCBC is being used for
authentication?
(Fortunately, IKEv2 does not have this problem; it explicitly specifies
the use of SHA-1 for the NAT_DETECTION_* payloads.)
Scott Moonen ([email protected])
z/OS Communications Server TCP/IP Development
http://scott.andstuff.org/
http://www.linkedin.com/in/smoonen
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
