{"algorithm":"HMAC-SHA3-384","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[{"increment":8,"max":384,"min":32}],"revision":"1.0"},
{"algorithm":"HMAC-SHA3-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[{"increment":8,"max":512,"min":32}],"revision":"1.0"},
+ {"algorithm":"KDA","mode":"HKDF","revision":"Sp800-56Cr1","fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"macSaltMethods":["default","random"],"l":2048,"z":[{"min":224,"max":65336,"increment":8}]},
+
{"algorithm":"PBKDF","capabilities":[{"iterationCount":[{"min":1,"max":10000,"increment":1}],"keyLen":[{"min":112,"max":4096,"increment":8}],"passwordLen":[{"min":8,"max":64,"increment":1}],"saltLen":[{"min":128,"max":512,"increment":8}],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}],"revision":"1.0"},
{"algorithm":"ML-KEM","mode":"keyGen","revision":"FIPS203","parameterSets":["ML-KEM-768","ML-KEM-1024"]},
{"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-224.bz2", "Out": "expected/HMAC-SHA2-512-224.bz2"},
{"Wrapper": "go", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
+ {"Wrapper": "go", "In": "vectors/KDA.bz2", "Out": "expected/KDA.bz2"},
+
{"Wrapper": "go", "In": "vectors/HMAC-SHA3-224.bz2", "Out": "expected/HMAC-SHA3-224.bz2"},
{"Wrapper": "go", "In": "vectors/HMAC-SHA3-256.bz2", "Out": "expected/HMAC-SHA3-256.bz2"},
{"Wrapper": "go", "In": "vectors/HMAC-SHA3-384.bz2", "Out": "expected/HMAC-SHA3-384.bz2"},
{"Wrapper": "go", "In": "vectors/ACVP-AES-GCM.bz2", "Out": "expected/ACVP-AES-GCM.bz2"},
{"Wrapper": "go", "In": "vectors/CMAC-AES.bz2", "Out": "expected/CMAC-AES.bz2"}
-]
\ No newline at end of file
+]
"crypto/internal/fips140/ecdsa"
"crypto/internal/fips140/ed25519"
"crypto/internal/fips140/edwards25519"
+ "crypto/internal/fips140/hkdf"
"crypto/internal/fips140/hmac"
"crypto/internal/fips140/mlkem"
"crypto/internal/fips140/pbkdf2"
// https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#section-7
// AES algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html#section-7.3
+ // HKDF KDA algorithm capabilities:
+ // https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-hkdf.html#section-7.3
//go:embed acvp_capabilities.json
capabilitiesJson []byte
"HMAC-SHA3-384": cmdHmacAft(func() fips140.Hash { return sha3.New384() }),
"HMAC-SHA3-512": cmdHmacAft(func() fips140.Hash { return sha3.New512() }),
+ "HKDF/SHA2-224": cmdHkdfAft(func() fips140.Hash { return sha256.New224() }),
+ "HKDF/SHA2-256": cmdHkdfAft(func() fips140.Hash { return sha256.New() }),
+ "HKDF/SHA2-384": cmdHkdfAft(func() fips140.Hash { return sha512.New384() }),
+ "HKDF/SHA2-512": cmdHkdfAft(func() fips140.Hash { return sha512.New() }),
+ "HKDF/SHA2-512/224": cmdHkdfAft(func() fips140.Hash { return sha512.New512_224() }),
+ "HKDF/SHA2-512/256": cmdHkdfAft(func() fips140.Hash { return sha512.New512_256() }),
+ "HKDF/SHA3-224": cmdHkdfAft(func() fips140.Hash { return sha3.New224() }),
+ "HKDF/SHA3-256": cmdHkdfAft(func() fips140.Hash { return sha3.New256() }),
+ "HKDF/SHA3-384": cmdHkdfAft(func() fips140.Hash { return sha3.New384() }),
+ "HKDF/SHA3-512": cmdHkdfAft(func() fips140.Hash { return sha3.New512() }),
+
"PBKDF": cmdPbkdf(),
"ML-KEM-768/keyGen": cmdMlKem768KeyGenAft(),
}
}
+func cmdHkdfAft(h func() fips140.Hash) command {
+ return command{
+ requiredArgs: 4, // Key, salt, info, length bytes
+ handler: func(args [][]byte) ([][]byte, error) {
+ key := args[0]
+ salt := args[1]
+ info := args[2]
+ keyLen := int(binary.LittleEndian.Uint32(args[3]))
+
+ return [][]byte{hkdf.Key(h, key, salt, string(info), keyLen)}, nil
+ },
+ }
+}
+
func cmdPbkdf() command {
return command{
// Hash name, key length, salt, password, iteration count