be closed immediately.
o Public Key (or certificate) (variable length) - The
- public key or certificate. The public key or certificate
- in this field is encoded in the manner as defined in their
- respective definitions; see previous field.
+ public key or certificate of the party. This public key
+ is used to verify the digital signature. The public key
+ or certificate in this field is encoded in the manner as
+ defined in their respective definitions; see previous field.
o Public Data Length (2 bytes) - The length of the Public Data
field, not including any other field.
o Public Data (variable length) - The public data to be
- sent to the receiver. See section 2.2 Key Exchange
- Procedure for detailed description how this field is
- computed. This value is binary encoded.
+ sent to the receiver (Diffie-Hellman public values). See
+ section 2.2 Key Exchange Procedure for detailed description
+ how this field is computed. This value is binary encoded.
o Signature Length (2 bytes) - The length of the signature,
not including any other field.
If the Mutual Authentication flag is set then initiator
MUST also produce signature data SIGN_i which the responder
will verify. The initiator MUST compute a hash value
- HASH_i = hash(Key Exchange Start Payload | public key
- (or certificate) | e). It then signs the HASH_i value with
- its private key resulting a signature SIGN_i.
+ HASH_i = hash(Initiator's Key Exchange Start Payload |
+ public key (or certificate) | e). It then signs the HASH_i
+ value with its private key resulting a signature SIGN_i.
2. Responder generates a random number y, where 1 < y < q,
and computes f = g ^ y mod p. It then computes the
shared secret KEY = e ^ y mod p, and, a hash value
- HASH = hash(Key Exchange Start Payload data | public
- key (or certificate) | Initiator's public key (or
- certificate) | e | f | KEY). It then signs
+ HASH = hash(Initiator's Key Exchange Start Payload |
+ public key (or certificate) | Initiator's public key
+ (or certificate) | e | f | KEY). It then signs
the HASH value with its private key resulting a signature
SIGN.
The keys MUST be derived from the key material as follows:
.in 6
-Sending Initial Vector (IV) = hash(0 | KEY | HASH)
-Receiving Initial Vector (IV) = hash(1 | KEY | HASH)
-Sending Encryption Key = hash(2 | KEY | HASH)
-Receiving Encryption Key = hash(3 | KEY | HASH)
-Sending HMAC Key = hash(4 | KEY | HASH)
-Receiving HMAC Key = hash(5 | KEY | HASH)
+Sending Initial Vector (IV) = hash(0x0 | KEY | HASH)
+Receiving Initial Vector (IV) = hash(0x1 | KEY | HASH)
+Sending Encryption Key = hash(0x2 | KEY | HASH)
+Receiving Encryption Key = hash(0x3 | KEY | HASH)
+Sending HMAC Key = hash(0x4 | KEY | HASH)
+Receiving HMAC Key = hash(0x5 | KEY | HASH)
.in 3
be produced in the following manner:
.in 6
-K1 = hash(2 | KEY | HASH)
+K1 = hash(0x2 | KEY | HASH)
K2 = hash(KEY | HASH | K1)
K3 = hash(KEY | HASH | K1 | K2) ...
Sending Encryption Key = K1 | K2 | K3 ...
-K1 = hash(3 | KEY | HASH)
+K1 = hash(0x3 | KEY | HASH)
K2 = hash(KEY | HASH | K1)
K3 = hash(KEY | HASH | K1 | K2) ...
projects / crypto.git / blobdiff