libgcrypt self tests for FIPS 140
Closed, ResolvedPublic


For FIPS 140, we need to add more tests:

  • PBKDF2
  • possibly, more
gniibe created this task.Dec 15 2020, 6:30 AM

For CMAC tests, we would need to use newer test vectors.

There are two versions of SP 800-38B

  • (05/01/2005)
  • (10/6/2016)

RFC4493 (June 2006) has the test vectors from the older one.

New test vectors are available here:

gniibe added a comment.EditedDec 15 2020, 6:36 AM

Our tests are now in tests/basic.c.

We will extend src/fips.c to have run_cmac_selftests which calsl _gcry_cmac_selftest.
_gcry_cmac_selftest should be written in cipher/cipher-cmac.c.

gniibe renamed this task from libgcrypt tests for FIPS 140 to libgcrypt self tests for FIPS 140.Dec 15 2020, 6:50 AM
werner added a subscriber: werner.Dec 15 2020, 11:23 AM

I cannot find good test vectors for PBKDF2 with HMAC-SHA-2.

This one: (but the length of salt is too small).
Or, indirectly, there is one example in (SCRAM-SHA-256).

Two articles:

werner triaged this task as High priority.Tue, Jan 5, 9:13 AM

Flagged as high becuase this is RC for Libgcrypt 1.9

werner moved this task from Backlog to For 1.9 on the libgcrypt board.Thu, Jan 7, 11:41 AM
gniibe claimed this task.Fri, Jan 15, 7:47 AM
gniibe removed a parent task: T4294: Release Libgcrypt 1.9.0.
werner moved this task from For 1.9 to For 1.10 on the libgcrypt board.Mon, Jan 18, 7:08 PM
gniibe closed this task as Resolved.Tue, Jan 19, 6:35 AM