Closed davyrouillard closed 1 year ago
Good question. My interpretation is this:
KAS-ECC-CDH: Compliance with the agreement on shared secret Z (only). The key agreement scheme is the one mentioned in the SP800-56C r3, Section 6. No key derivation is done after Z is agreed upon.
KAS-ECC: Compliance with NIST-approved key agreement AND (optionally) derivation. Testing may be done End-to-End, meaning both operations (derivation and KEX) are done by single security service and a calling sequence is within the module boundary. You may also certify key confirmation (i.e. 56Ar3, 5.9)
So depends what you need, but it's worth noting that KAS-ECC-CDH is rarely used in practice by it's own. So maybe at some point you will need FIPS-certified key derivation.
Hi @davyrouillard, one way to look at this would be to ask what you want the entries on your CMVP cert to look like? I'm a bit removed from that topic these days and I'm aware that there are changes under way with how the CMVP certs will display CAVP certs and algorithms. What I can tell you is that KAS ECC SSC ephemeralUnified Sp800-56Ar3 will result in a KAS-ECC-SSC Sp800-56Ar3 CAVP cert entry which equates to a FIPS 140-2 CMVP cert KAS-SSC algorithm entry and that KAS ECC CDH-Component will get you a KAS-ECC CDH-Component CAVP cert entry which would equal to a FIPS 140-2 CMVP cert CVL algorithm entry. Is that helpful?
Protocol Section https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ecc.html https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ssc-ecc.html
Protocol Question Hi, I do not well understand the difference between "KAS ECC CDH-Component - HTML" and "KAS ECC SSC ephemeralUnified Sp800-56Ar3 - HTML". Both seem allow to test the Diffie-Hellman primitive specified in [SP 800-56A] that generates a shared secret. The only difference I can see is the version of SP800-56A covered:
But since the computation shared secret method is the same for ECC CDH in the both cases, I do not know which one to use. So my question is "how do I choose between this 2 test methods for an implementation that performs key agreement with ECC CDH share secret computation and key derivation are tested individually?"
Thanks you. Davy