Page MenuHome GnuPG

libgcrypt self tests for FIPS 140
Closed, ResolvedPublic

Description

For FIPS 140, we need to add more tests:

  • CMAC (CMAC-AES, CMAC-TDES)
  • PBKDF2
  • possibly, more

Revisions and Commits

Event Timeline

For CMAC tests, we would need to use newer test vectors.

There are two versions of SP 800-38B

  • (05/01/2005)
  • (10/6/2016)

RFC4493 (June 2006) https://tools.ietf.org/html/rfc4493 has the test vectors from the older one.

New test vectors are available here:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/TDES_CMAC.pdf

Our tests are now in tests/basic.c.

We will extend src/fips.c to have run_cmac_selftests which calsl _gcry_cmac_selftest.
_gcry_cmac_selftest should be written in cipher/cipher-cmac.c.

gniibe renamed this task from libgcrypt tests for FIPS 140 to libgcrypt self tests for FIPS 140.Dec 15 2020, 6:50 AM
werner triaged this task as High priority.Jan 5 2021, 9:13 AM

Flagged as high becuase this is RC for Libgcrypt 1.9