Re: [TLS] [Cfrg] NIST crypto group and HKDF (and therefore TLS 1.3)

Thu, 14 May 2020 11:21:24 -0700 

Hi Torsten,

The HKDF is one of the approved KDFs for being used together with an approved 
key exchange as specified in 56C.

At this moment, a standalone HKDF is not approved yet.

Draft version 2 of SP 800-133 (Section 6.3, item# 3: 
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2-draft.pdf
 )specifies an option for a HKDF's extraction step when the IKM is a shared 
secret generated from a NIST's approved random bit generator in SP 800-90 
series (like external pre-shared key in TLS 1.3) or when the IKM is a 
pseudorandom key derived from a previous approved key exchange (like a 
resumption in TLS 1.3).


Recommendation for Cryptographic Key 
Generation<https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2-draft.pdf>
Draft NIST Special Publication 800-133 . Revision 2. Recommendation for 
Cryptographic Key Generation. Elaine Barker . Allen Roginsky . Richard Davis . 
This publication is available free of charge from:
nvlpubs.nist.gov


When/if that extraction step option is officially approved, meaning the current 
NIST's approved HKDFs in key exchanges in SP 800-56C would become NIST-approved 
standalone HKDFs, we'll publish their test vectors.

Regards,
Quynh.

________________________________
From: "Torsten Schütze" <torsten.schue...@gmx.net>
Sent: Tuesday, May 12, 2020 8:36 AM
To: Dang, Quynh H. (Fed) <quynh.d...@nist.gov>
Cc: Hugo Krawczyk <h...@ee.technion.ac.il>; c...@ietf.org <c...@ietf.org>; 
tls@ietf.org <tls@ietf.org>; rs...@akamai.com <rs...@akamai.com>
Subject: Aw: Re: [Cfrg] NIST crypto group and HKDF (and therefore TLS 1.3)

Hi Quynh,

thank you for your quick response. I knew that omitting some fields was 
allowed, but not that permutations are allowed, too. Okay, this makes HKDF RFC 
5869 definitely to a NIST SP800-56C rev 2 compliant KDF. But what to do about 
the CAVP tests or approved test vectors. Couldn't NIST provide for the very 
often used RFC 5869 HKDF approved test vectors? I coulnd't find any. Only for 
some older, application specific KDFs. Of course, I can generate them by myself 
with an independent implementation, but I'm talking about evaluation/approval 
business here.

Regards

Torsten




_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to