IPSEC uses it's own key exchange based on it's own prf. These are defined in
RFC4306, and RFC2409. We need to implement softoken versions of these functions so that IPSEC applications can generate keys and use them without extracting them and processing them themselves.
Downstream Red Hat Bug:https://bugzilla.redhat.com/show_bug.cgi?id=1381667
try: -b do -p all -u all -t all -e all