I have a custom build of a Unix OS.

My task: Adding an IPSec to the OS.

I am working on Phase I, done sending the first 2 packets.

What I am trying to do now is making the Identification Payload.
I’ve been reading RFC 2409 (Apendix B) which discuss the keying materials (SKEYID, SKEYID_d, SKEYID_a, SKEYID_e and the IV making).

Now, I use SHA-1 for authontication and thus I use HMAC-SHA1 and my encryption algorithm is AES-256.
The real problem is that the RFC is not clear enough of what should I do regarding the PRF.
It says:

"Use of negotiated PRFs may require the
PRF output to be expanded due to
the PRF feedback mechanism employed by
this document."

I use SHA-1, does it mean I do not negotiate a PRF?

In my opinion, AES is the only algorithm that needs expention (a fixed length of 256 bit), so, do I need to expand only the SKEYID_e?

If you happen to know a clearer, though relible, source then the RFC please post a link.