B.5 Derivation of passwd and Ks

33.2203GPPGeneric Authentication Architecture (GAA)Generic Bootstrapping Architecture (GBA)TS

Tools: ARFCN - Frequency Conversion for 5G NR/LTE/UMTS/GSM

Derivation of passwd and Ks for GBA_Digest shall follow the same procedure as NAF specific key derivation in GBA and GBA_U as specified in clause B.3.

The input parameters for the key derivation function to derive passwd and Ks shall be the following:

– FC = 0x01,

– P1 = TLS_MK_Extr,

– L1 = length of TLS_MK_Extr is 48 octets (i.e. 0x00 0x30),

In the derivation of passwd as specified in clause M.6.3, step 5,

– P0 = "GBA_Digest_RESP"
(i.e. 0x47 0x42 0x41 0x5F 0x44 0x69 0x67 0x65 0x73 0x74 0x5F 0x52 0x45 0x53 0x50), and

– L0 = length of P0 is 15 octets (i.e., 0x00 0x0F).

In the key derivation of Ks as specified in clause M.6.3, step 6,

– P0 = "GBA_Digest_Ks"
(i.e. 0x47 0x42 0x41 0x5F 0x44 0x69 0x67 0x65 0x73 0x74 0x5F 0x4B 0x73),

– L0 = length of P0 is 13 octets (i.e., 0x00 0x0D),

– P2 = RESP, and

– L2 = length of RESP is variable and depends on the algorithm used in HTTP Digest (e.g., 32 if SHA-256 is used).

The Key to be used in key derivation function shall be:

– H(A1) as specified in clause M.6.3, step 5.

NOTE: In the present document this function is denoted as:
passwd = KDF (H(A1), "GBA_Digest_RESP", TLS_MK_Extr), and
Ks = KDF (H(A1), " GBA_Digest_Ks", TLS_MK_Extr, RESP).