5.4. Session Key Computation - how to derive the salt

[sschulz-t]

I have a question regarding the current draft https://openid.net/specs/openid-4-verifiable-presentations-over-ble-1_0.html.

In section “5.4. Session Key Computation” you specify the key exchange and state that the salt should be derived via sha-256:

openid4vp_ble/main.md

Lines 273 to 287 in e5370d5

	The Verifier MUST derive its session key using HKDF as defined in [@!RFC5869] with the following parameters:
	* Hash: SHA-256
	* IKM: Zab
	* salt: SHA-256
	* info: “SKVerifier” (encoded as ASCII string)
	* L: 32 octets
	The Wallet MUST derive its session key using HKDF as defined in [@!RFC5869] with the following parameters:
	* Hash: SHA-256
	* IKM: Zab
	* salt: SHA-256
	* info: “SKWallet” (encoded as ASCII string)
	* L: 32 octets

What is the input for the hash function?

seems like there is a related ongoing discussion in this pr: #18

[gsasikumar]

Please assume we will use a SHA256(random nonce). It is under discussion in #18 . If you would like to contribute it would be nice to discuss there.

[sschulz-t]

Ok, i will use the sha256(nonce from identify packet) for now (using the raw bytes of the nonce).