Hello,
The basic IKEv2 cert auth mechanism for RSA (from RFC 5996) seems to be to hash
using SHA-1 before signing.
However when using ECDSA certs for IKEv2 I am trying to make sure I am reading
RFC 4754 correctly when it says the following:
"Moreover, ECDSA cannot be specified for IKEv2
independently of an associated hash function since IKEv2 does not
have a transform type for hash functions. For this reason, it is
necessary to specify the hash function as part of the signature
algorithm. Furthermore, the elliptic curve group must be specified
since the choice of hash function depends on it as well. As a
result, it is necessary to specify three signature algorithms, named
ECDSA-256, ECDSA-384, and ECDSA-521. Each of these algorithms
represents an instantiation of the ECDSA algorithm using a particular
elliptic curve group and hash function. The three hash functions are
specified in [SHS]. For reasons of consistency, this document
defines the signatures for IKE in the same way.
Digital
Signature
Algorithm Elliptic Curve Group Hash Function
----------- -------------------------- ---------------
ECDSA-256 256-bit random ECP group SHA-256
ECDSA-384 384-bit random ECP group SHA-384
ECDSA-521 521-bit random ECP group SHA-512"
Does this mean we proceed just like RSA here but hash with SHA-256 and not
SHA-1 for ECDSA-256 cert and then proceed to sign as usual.
Similarly use SHA-384 and SHA-512 for ECDSA-384 and ECDSA-521 respectively.
Is that the correct reading of this excerpt?
Thanks
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
