NIST SP 800-108r1-upd1: KDF Counter Implementation #1644
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
As a note for the reviewers. I'm still on the fence with the proposed |
nebeid
reviewed
Jun 25, 2024
nebeid
reviewed
Jun 26, 2024
skmcgrail
force-pushed
the
kbkdf-counter
branch
2 times, most recently
from
481f50f to
20fbfaf
Compare
nebeid
previously approved these changes
Jul 4, 2024
dkostic
reviewed
Jul 9, 2024
dkostic
reviewed
Jul 9, 2024
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1644 +/- ##
==========================================
+ Coverage 78.19% 78.22% +0.02%
==========================================
Files 571 572 +1
Lines 95465 95537 +72
Branches 13704 13688 -16
==========================================
+ Hits 74653 74733 +80
+ Misses 20201 20194 -7
+ Partials 611 610 -1 ☔ View full report in Codecov by Sentry. |
nebeid
reviewed
Jul 10, 2024
dkostic
approved these changes
Jul 18, 2024
nebeid
approved these changes
Jul 18, 2024
sgmenda-aws
pushed a commit
to sgmenda-aws/aws-lc
that referenced
this pull request
Jul 23, 2024
### Description of changes: This pull request implements the KDF in Counter Mode defined in [Section 4 of NIST.SP.800-108r1-upd1](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1-upd1.pdf#%5B%7B%22num%22%3A77%2C%22gen%22%3A0%7D%2C%7B%22name%22%3A%22XYZ%22%7D%2C70%2C300%2C0%5D) The abbreviation `KBKDF` stands for Key-based key derivation function. `ctr` is abbreviation for counter. ### Call-outs: * We will need to add appropriate service indicator logic ahead of our next FIPS certification round. * We will need to wire-up ACVP tests separately. ### Testing: Test vectors are provided [here](https://github.com/aws/aws-lc/pull/1644/files#diff-d0cd06e99fdc733df70e2aa730e973c5ed0ab73ff851c33b1f2e5f44beb8a82d) By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
skmcgrail
added a commit
that referenced
this pull request
Aug 1, 2024
## What's Changed * Added options to x509 tool by @ecdeye in #1696 * Add support to detect Neoverse V2 cores by @andrewhop in #1706 * Move OCSP functions for Ruby out of internal.h by @samuel40791765 in #1704 * Add aes-256-xts to EVP_get_cipherbyname by @torben-hansen in #1707 * Match using CMAKE_SYSTEM_PROCESSOR_LOWER by @justsmth in #1709 * Update MySQL to 9.0.0 by @skmcgrail in #1685 * [EC] Unify scalar multiplication for P-256/384/521 by @dkostic in #1693 * Adds const qualifier to ciphertext parameter in EVP_PKEY_decapsulate by @maddeleine in #1713 * Upstream merge 2024 06 24 by @nebeid in #1661 * NIST SP 800-108r1-upd1: KDF Counter Implementation by @skmcgrail in #1644 * Upstream merge 2024 07 09 by @nebeid in #1694 * Design for support of HMAC precomputed keys by @fabrice102 in #1574 * Fix for select point from table in ec_nistp scalar_mul by @dkostic in #1719 * X509toolcomparison by @ecdeye in #1714 * AWS-LC s2n-bignum update 2024-07-22 by @dkostic in #1718 * Add OpenVPN to CI by @smittals2 in #1705 * Lower required Go version, add CI test for specific version by @andrewhop in #1717 * ec2-test-framework enhancements and graviton 4 testing by @samuel40791765 in #1715 * sha + chacha: Move AArch64/X86-64 dispatching to C. by @justsmth in #1625 * Show number of pruned ec2 instances in dashboard by @samuel40791765 in #1728 * rsa and md5 tools by @ecdeye in #1722 * FIPS 203 IPD update: ML-KEM-IPD-768 and ML-KEM-IPD-1024 by @jakemas in #1724 * bump mysql CI to 9.0.1 by @samuel40791765 in #1727 * Support utility OCSP request functions by @samuel40791765 in #1708 * add support for OCSP_SINGLERESP functions by @samuel40791765 in #1703
This was referenced Aug 1, 2024
lilpoozie2005
approved these changes
Sep 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This pull request implements the KDF in Counter Mode
defined in Section 4 of NIST.SP.800-108r1-upd1
The abbreviation
KBKDFstands for Key-based key derivation function.ctris abbreviation for counter.Call-outs:
next FIPS certification round.
Testing:
Test vectors are provided here
By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.