From 8c41f5a789f9c2157b8b7151aebf612d2ccd72ff Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 15 Oct 2010 17:59:50 +1100
Subject: [PATCH] fix comment explaining key derivation

---
 mech_eap/util_krb.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/mech_eap/util_krb.c b/mech_eap/util_krb.c
index 48c79a4..a11f1f4 100644
--- a/mech_eap/util_krb.c
+++ b/mech_eap/util_krb.c
@@ -73,12 +73,13 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
 }
 
 /*
- * Derive a key for RFC 4121 use by using the following
- * derivation function:
+ * Derive a key K for RFC 4121 use by using the following
+ * derivation function (based on RFC 4402);
  *
- *    random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
- *
- * where random-to-key and prf are defined in RFC 3961.
+ * KMSK = random-to-key(MSK)
+ * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
+ * L = output key size
+ * K = truncate(L, T1 || T2 || .. || Tn)
  */
 OM_uint32
 gssEapDeriveRfc3961Key(OM_uint32 *minor,
-- 
2.1.4