[gnutls-devel] GnuTLS | fips: enable self-tests for KDF algorithms and CMAC (!1341)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Oct 6 13:59:03 CEST 2020
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1341 was reviewed by Stephan Mueller
--
Stephan Mueller commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341#note_424424030
The TLS 1.3 use of HKDF and the specification in SP800-56C rev 1 are not the same. For TLS, basically the system invokes HKDF in a number of steps to get to the different key material.
For a self test I could fathom that as input you use a shared secret and as output you gather the exporter master secret that you compare with a known good value. But any other type of generated secret would suffice too. That should be done using the same code that is used by the TLS stack.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1341
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20201006/4c7f9f35/attachment.html>
More information about the Gnutls-devel
mailing list