Phase 2 Suite - 2.1 AH Hash Algorithm

Keys: Software\Policies\...\Phase2CryptoSets\<wszSetId>\<SuiteIndex>.

Value: "2_1AhHash"

Type: REG_SZ.

Size: Equal to size of the Data field.

Data: this value is a Unicode string encoded using the following grammar rule:

 AH_ESP_HASH2_1_VAL = "SHA256" / "AES-GCM128" / "AES-GCM192" / "AES-GCM256"

SHA256: This token represents the FW_CRYPTO_HASH_SHA256 enumeration value as defined in [MS-FASP] section 2.2.67. The remaining token values in this list can be found in the same Protocol specification section.

AES-GCM128: This token represents the FW_CRYPTO_HASH_AES_GMAC128 enumeration value.

AES-GCM192: This token represents the FW_CRYPTO_HASH_AES_GMAC192 enumeration value.

AES-GCM256: This token represents the FW_CRYPTO_HASH_AES_GMAC256 enumeration value.

This value represents the AhHash field of the FW_PHASE2_CRYPTO_SUITE structure as defined in [MS-FASP] section 2.2.70. If this value appears in the suite key, then a SkipVersion value with a version of 0x0200 MUST be present.