[gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Oct 6 13:32:55 CEST 2020

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515

@smuellerDD thank you for the review!

> CMAC: I see no problems in having both AES key sizes tested, but one would suffice (also cryptographically).

Removed one (AES-128).

> HKDF: looks good - Is that code also applicable to TLS 1.3 KDF? If so, I would recommend adding a comment to state that avoiding later questions. If not, what about considering a TLS 1.3 KDF self test?

I'm a bit confused about this; would you mind clarifying what exactly "TLS 1.3 KDF" means (ideally in the RFC 8446 terms)?

I see some [discussions](https://mailarchive.ietf.org/arch/msg/tls/qANkz08Yyel84C1pzPGc2g9h3XI/) regarding SP800-56C additions of HKDF a while ago, but not sure what was the outcome.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201006/abda7a99/attachment.html>

More information about the Gnutls-devel mailing list