KDFs: allow for a fixed sized fixed info #1407
Comments
|
Thanks @smuellerDD, just to be clear, you're running up against this issue when registering the KDA / HKDF / SP800-56Cr1 or KDA / HKDF / SP800-56Cr2 algorithms? |
|
Am Mittwoch, 25. Januar 2023, 18:29:01 CET schrieb livebe01:
Hi livebe01,
Thanks @smuellerDD, just to be clear, you're running up against this issue
when registering the KDA / HKDF / SP800-56Cr1 or KDA / HKDF / SP800-56Cr2
algorithms?
56Cr1
Here is the request where we get variable partyIDs:
```
{
"revision":"Sp800-56Cr1",
"algorithm":"KDA",
"mode":"HKDF",
"prereqVals":[
{
"algorithm":"HMAC",
"valValue":"same"
},
{
"algorithm":"SHA",
"valValue":"same"
}
],
"hmacAlg":[
"SHA2-256",
"SHA2-512"
],
"z":[
256
],
"l":512,
"macSaltMethods":[
"default"
],
"fixedInfoPattern":"uPartyInfo||vPartyInfo||
literal[00000000000000000000000000000000000000000000000000000000002000000000020000]",
"encoding":[
"concatenation"
]
}
```
Ciao
Stephan
|
|
As a vendor is asking for it, may I inquire the status? |
|
Hi @smuellerDD, sorry. Covid ran through our house and stole a week of our lives. I'm looking at this. |
|
I think we'd like to address your need with a version of the KDA testing that removes the fixedInfo from the scope of the testing as requested in usnistgov/ACVP-Server#136. We'll work to get this out in an upcoming release ASAP. |
|
May I ask for the status of it considering that we have a vendor asking for this. He cannot verify his KDF implementation without it. |
|
Yes, I've worked on a feature that will address this off and on, but it is not ready. I will send you an email regarding accomplishing this testing via a custom vector set so that we're not holding this up any longer. |
|
We are in a similar situation and look forward to the fix. |
|
K, thanks @Viharrai. Can you send me an email at livebe01 at nist dot gov? |
According to the SP800-56 series, uPartyInfo and vPartyInfo is required, but there is no requirement about the size other than it must be non-NULL.
However, SP800-56A rev 3 section 5.8.2.1.1 it is required that the components forming the fixed info are either a fixed length bit string or has a form of datalen||data.
When requesting a HKDF test vector with the demo server uPartyInfo||vPartyInfo||literal, we find that the party info strings are not always 32 bytes, but sometimes more.
For the implementation we currently work with we need a fixed size of the party info.
Thus, would it be possible to either allow the vector request to specify the size of the party info or to change the ACVP server to produce always fixed sized party info?
The text was updated successfully, but these errors were encountered: