W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Potential contradiction in HKDF?

From: Richard Barnes <rbarnes@bbn.com>
Date: Mon, 1 Apr 2013 11:18:16 -0400
Message-Id: <BD19062A-9C48-4216-8410-84D1CE3E7F56@bbn.com>
To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
The current description of HKDF says "the algorithm described in RFC 5869 [RFC5869] and NIST SP 800-56C [SP800-56C], using HMAC in counter mode, as described in Section 5.1 of NIST SP 800-108 [SP800-108]."

However, it appears that the algorithm defined in RFC 5869 is different from the algorithm described in Section 5.1 of SP800-108.  To summarize the difference:

RFC 5869:  K(i) := PRF(K_I, K(i-1) || info || i)
SP800-108: K(i) := PRF(K_I, i || Label || 0x00 || Context || L) 

Am I mis-reading these specs, or do we need to choose one or the other?

--Richard
Received on Monday, 1 April 2013 15:18:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC