[gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Oct 6 13:59:03 CEST 2020



Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 was reviewed by Stephan Mueller

--
  
Stephan Mueller commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424424030

The TLS 1.3 use of HKDF and the specification in SP800-56C rev 1 are not the same. For TLS, basically the system invokes HKDF in a number of steps to get to the different key material.

For a self test I could fathom that as input you use a shared secret and as output you gather the exporter master secret that you compare with a known good value. But any other type of generated secret would suffice too. That should be done using the same code that is used by the TLS stack.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201006/4c7f9f35/attachment.html>


More information about the Gnutls-devel mailing list