from the article https://tools.ietf.org/html/rfc2409
i understood that in phase1 HMAC is used as PRF to derive keys from DH session key... please i need an to correct my understanding.
1-nonces + pre-shared key result in seed which help in derive another keys?? is this correct
2-DH session-key +seed( nonces + pre-shared key) + both cookies + number will result in 3 derived key ( encryption, Authentcaion ,Derivative key) ???? is this correct ?
*message 5,6 are used to autheticate the DH exchange and prove the derived keys are identical by:
3-identity hash = ID (encrypted by derived encryption key) + HASH ( ID +presharedkey + other values) the other values are: nonces + DH session key + cookies ) is this correct ?????
------------------------------------------------------------------------------------------------------------------------------------------------------------------
if the above details are correct and i hope so i have two last questions:
HMAC require an input (or message ) + input key material >>>>>So
1- when HMAC is used to generate the 3 derviated keys >>and when HMAC is used is message 5,6 , How the above parameters are entered as input and input key ??????????
2-Does the derived authentiaction key (SKEYID_a) is used in message 5,6 ????
im sorry for bothering but i really need answers to this questions as it cause a headache 