Unformatted text preview: (secret, A(2) ║seed) ║
HMAC_hash(secret, A(3) ║ seed) ║ ...
Where, A() is defined as:
A(0) = seed
A(i) = HMAC_hash(secret, A(i-1))
• P_hash can be reiterated as many times as is necessary to produce the required quantity of data. For
example, if P_SHA-1 were being used to create 64 bytes of data, it would have to be reiterated 4
times (through A(4)), creating 80 bytes of output data. The last 16 bytes of the final iteration would
then be discarded, leaving 64 bytes of output data.
• SHA-1 output is 160 bits or 20 bytes. 47 VPN, IPSec and TLS TLS Alert Protocol
• Alert messages convey information about the status of the connection.
• There are two types of alerts: Fatal and Warning.
Fatal Alert: Indicates that the connection is so bad that it needs to be terminated
Warning Alert: Indicates that there are some problems in the connection. • Error Alerts
unexpected_message: An inappropriate message was received. Fatal.
bad_record_mac: This alert is returned if a record is received with an incorrect MAC. Fatal.
decompression_failure: The decompression function received improper input. Fatal.
handshake_failure: Reception of a handshake_failure alert message indicates that the sender was
unable to negotiate an acceptable set of security parameters given the options available. Fatal. illegal_parameter: A field in the handshake was out of range or inconsistent with other fields. Fatal.
no_certificate: A no_certificate alert message may be sent in response to a certification request if
no appropriate certificate is available. bad_certificate: A certificate was corrupt, contained signatures were not verifiable.
unsupported_certificate: A certificate was of an unsupported type.
certificate_revoked: A certificate was revoked by its signer.
certificate_expired: A certificate has expired or is not currently valid.
certificate_unknown: Some other (unspecified) issue arose in processing the certificate, rendering
VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 48 • When an error is de...
View Full Document
- Spring '10
- VPNs, M. Mogollon, IKE v2