Potential contradiction in HKDF? from Richard Barnes on 2013-04-01 (public-webcrypto@w3.org from April 2013)

From: Richard Barnes <rbarnes@bbn.com>
Date: Mon, 1 Apr 2013 11:18:16 -0400
To: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-Id: <BD19062A-9C48-4216-8410-84D1CE3E7F56@bbn.com>

The current description of HKDF says "the algorithm described in RFC 5869 [RFC5869] and NIST SP 800-56C [SP800-56C], using HMAC in counter mode, as described in Section 5.1 of NIST SP 800-108 [SP800-108]."

However, it appears that the algorithm defined in RFC 5869 is different from the algorithm described in Section 5.1 of SP800-108.  To summarize the difference:

RFC 5869:  K(i) := PRF(K_I, K(i-1) || info || i)
SP800-108: K(i) := PRF(K_I, i || Label || 0x00 || Context || L) 

Am I mis-reading these specs, or do we need to choose one or the other?

--Richard

Received on Monday, 1 April 2013 15:18:48 UTC