Closed rnunez83 closed 7 months ago
livebe01
commented
8 months ago Hi @rnunez83, either approach will work. If they can modify their test environment, that would be the quickest for us. Otherwise, we can create custom vector sets for them (will require some coordination with us and some manual labor on our end).
rnunez83
commented
8 months ago Hi @rnunez83, either approach will work. If they can modify their test environment, that would be the quickest for us. Otherwise, we can create custom vector sets for them (will require some coordination with us and some manual labor on our end).
@livebe01 , thanks for confirming it would be acceptable to modify the test environment to support a 4 byte 'L'.
I would like to confirm that the approach would be acceptable for SP800-108 KDF as well? In the spec for kbkdf, there is a note: "The fixedData or fixed input data string that is used by the IUT is needed by the ACVP server to verify that the IUT correctly derived the keying material. The server does not validate the correct construction of the fixed input data string".
If the test vectors are modified to meet the test case, but the real implementation follows the protocol, is that acceptable?
livebe01
commented
8 months ago I'm not sure that I understand your question related to the kbkdf implementation. I think that with the kbkdf testing the IUT supplies the actual fixedData used. If that's the case, then I don't think it matters how many bits the IUT is using to represent L as long as it is actually including it in the fixedData as required by the SP.
livebe01
commented
7 months ago Hi @rnunez83, can this ticket be closed?
Protocol Section In the ACVTS definition of HKDF, the definition of one of the fixed field parameters 'l', is specified as being required to be 4 bytes by ACVTS. It states in the Fixed Info Pattern Candidates description section: https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56c/hkdf/sections/05-capabilities.adoc#fixedinfopatternconstruction
that for 'l' : "The length of the derived keying material in bits, MUST be represented in 32 bits for ACVP testing"
but RFC5869 makes no mention of this length requirement: https://datatracker.ietf.org/doc/html/rfc5869
Protocol Question What is your question?
We are working with a vendor who implements HKDF according to SPDM protocol. This protocol requires the 'l' value to be 2 Bytes and thus we would like to know whether they need to modify their test environment to support this or whether the CAVP could make this field size accept 2 Byte values.