[gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Oct 6 13:32:55 CEST 2020
Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515
@smuellerDD thank you for the review!
> CMAC: I see no problems in having both AES key sizes tested, but one would suffice (also cryptographically).
Removed one (AES-128).
> HKDF: looks good - Is that code also applicable to TLS 1.3 KDF? If so, I would recommend adding a comment to state that avoiding later questions. If not, what about considering a TLS 1.3 KDF self test?
I'm a bit confused about this; would you mind clarifying what exactly "TLS 1.3 KDF" means (ideally in the RFC 8446 terms)?
I see some [discussions](https://mailarchive.ietf.org/arch/msg/tls/qANkz08Yyel84C1pzPGc2g9h3XI/) regarding SP800-56C additions of HKDF a while ago, but not sure what was the outcome.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424396515
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201006/abda7a99/attachment.html>
More information about the Gnutls-devel
mailing list