Hello,
I am implementing RFC 5996 and am confused with section 2.13. The text defines
prf+ (K,S), but does not define K or S. Specifically I am trying to generate
SKEYSEED using PRF_HMAC_SHA1. The HMAC function takes a variable length data
and a secret. For prf+ (K,S), are the nonce's (K) the data portion of the HMAC
algorithm or the secret?
2.13 mentions SK_d, SK_pi, etc. but these are not used until 2.14 where the same
description is duplicated from 2.13. I would be grateful if K and S can be well
defined in section 2.13 instead of SK_d, SK_pi, etc.
Best Regards,
Sean Lawless
Sr. SW Engineer
Blunk Microsystems LLC
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
