For FIPS 140, we need to add more tests:
- CMAC (CMAC-AES, CMAC-TDES)
- PBKDF2
- possibly, more
Description
Description
Revisions and Commits
Revisions and Commits
| rC libgcrypt | |||
| rC7a0da2492536 kdf: Add selftest. | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • gniibe | T5182 libgcrypt self tests for FIPS 140 | ||
| Resolved | • werner | T4294 Release Libgcrypt 1.9.0 |
Event Timeline
Comment Actions
For CMAC tests, we would need to use newer test vectors.
There are two versions of SP 800-38B
- (05/01/2005)
- (10/6/2016)
RFC4493 (June 2006) https://tools.ietf.org/html/rfc4493 has the test vectors from the older one.
New test vectors are available here:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/AES_CMAC.pdf
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/TDES_CMAC.pdf
Comment Actions
Our tests are now in tests/basic.c.
We will extend src/fips.c to have run_cmac_selftests which calsl _gcry_cmac_selftest.
_gcry_cmac_selftest should be written in cipher/cipher-cmac.c.
Comment Actions
I cannot find good test vectors for PBKDF2 with HMAC-SHA-2.
This one: https://tools.ietf.org/html/rfc7914#section-11 (but the length of salt is too small).
Or, indirectly, there is one example in https://tools.ietf.org/html/rfc7677 (SCRAM-SHA-256).
Two articles:
https://www.reddit.com/r/crypto/comments/abv007/where_can_i_find_test_vectors_for_rfc8018_pbkdf2/
https://stackoverflow.com/questions/5130513/pbkdf2-hmac-sha2-test-vectors