2.2.3.1.1 Computing the PeerHashToken
The PeerHashToken contains only an authenticator element. The authenticator element carries a base64-encoded security token as the text node. The security token is an HMACSHA256 value that MUST be computed as follows.
NodeSecurityToken = HMACSHA256(HASHEDKEY)
HASHEDKEY = (SHA256(PWD)+PUBLICKEY)
Where:
HMACSHA256 is the Hash-based Message Authentication Mode (HMAC) function with hash function SHA256.
SHA256 refers to the SHA256 hash algorithm.
PWD is the password as a Unicode byte stream. PWD bytes are used as the secret for the HMACSHA256 function.
PUBLICKEY is the public key of the node for which the PeerHashToken is being computed. Public key bits of the certificate that are provisioned for the neighbor connection MUST be used here.
HASHEDKEY is computed by concatenating the byte streams of (a) the output of the function SHA256 over the PWD and (b) the public key in the node's certificate.