fix comment explaining key derivation

author Luke Howard <lukeh@padl.com>

Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)

committer Luke Howard <lukeh@padl.com>

Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)
author Luke Howard <lukeh@padl.com>
Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)
committer Luke Howard <lukeh@padl.com>
Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)
diff --git a/util_krb.c b/util_krb.c

index 48c79a4..a11f1f4 100644 (file)
--- a/util_krb.c
+++ b/util_krb.c
@@ -73,12 +73,13 @@ gssEapKerberosInit(OM_uint32 *minor, krb5_context *context)
  }
  
  /*
- * Derive a key for RFC 4121 use by using the following
- * derivation function:
+ * Derive a key K for RFC 4121 use by using the following
+ * derivation function (based on RFC 4402);
   *
- *    random-to-key(prf(random-to-key([e]msk), "rfc4121-gss-eap"))
- *
- * where random-to-key and prf are defined in RFC 3961.
+ * KMSK = random-to-key(MSK)
+ * Tn = pseudo-random(KMSK, n || "rfc4121-gss-eap")
+ * L = output key size
+ * K = truncate(L, T1 || T2 || .. || Tn)
   */
  OM_uint32
  gssEapDeriveRfc3961Key(OM_uint32 *minor,
author	Luke Howard <lukeh@padl.com>
	Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)
committer	Luke Howard <lukeh@padl.com>
	Fri, 15 Oct 2010 06:59:50 +0000 (17:59 +1100)