ACVP icon indicating copy to clipboard operation
ACVP copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

IKEv2 KDF - Varying DKM Lengths

Open arthurTheAardvark opened this issue 1 year ago • 8 comments

Protocol Section https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-ikev2.html#name-test-groups

Protocol Question This document https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/components/askdfvs.pdf and this commit https://github.com/usnistgov/ACVP/pull/308/files indicate that the IKE_SA and CHILD_SA DKM lengths use to be 2 different fields (dkmLen, dkmChildLen). The latest protocol only allows 1 length field (derivedKeyingMaterialLength). Our IKEv2 KDF outputs length X for IKE_SA DKMs and length Y for CHILD_SAs. Is there any way to request vectors for this type of implementation?

arthurTheAardvark avatar Jul 21 '22 18:07 arthurTheAardvark

@celic Can you provide any insight into this? Thanks!

GlennUL avatar Jul 28 '22 22:07 GlennUL

@ben might be able to provide an update. I'm out on travel.

On Fri, Jul 29, 2022, 12:24 AM GlennUL @.***> wrote:

@celic https://github.com/celic Can you provide any insight into this? Thanks!

— Reply to this email directly, view it on GitHub https://github.com/usnistgov/ACVP/issues/1357#issuecomment-1198688398, or unsubscribe https://github.com/notifications/unsubscribe-auth/AATQXEL4CJPALWWVXVD2EGLVWMCBNANCNFSM54ITLPMA . You are receiving this because you were mentioned.Message ID: @.***>

celic avatar Jul 29 '22 01:07 celic

Hi @GlennUL, @arthurTheAardvark, what are the IKE_SA DKM and CHILD_SA lengths your implementation supports?

livebe01 avatar Jul 29 '22 13:07 livebe01

Hi @livebe01, when using "aes256gcm16-prfsha384-ecp384" the IKE_SA DKM_LEN is 216 bytes. The CHILD_SA DKM_LEN is 72 bytes.

arthurTheAardvark avatar Jul 29 '22 17:07 arthurTheAardvark

Thanks @arthurTheAardvark. We're looking at this and will get you an answer.

livebe01 avatar Aug 01 '22 17:08 livebe01

Hi @arthurTheAardvark, I took a look at the askdfvs.pdf document that you referenced as well as the last available version of CAVS. It appears that there used to be an option for CHILD_SA DKM length in CAVS, but it also appears to have been removed from CAVS at some point with no note as to why. That said, this is something that is simple to add to the IKEv2 testing. It won't make it into the next release (due out later this week if all goes well), but we'll get this out as part of the following one.

livebe01 avatar Aug 09 '22 20:08 livebe01

@livebe01 Thank you very much for looking into it. Do you have an estimate of when the the following release will be?

arthurTheAardvark avatar Aug 09 '22 20:08 arthurTheAardvark

I’d like to have it out in the next 30 days, but given scheduled leave, ICMC coming up, and the number of lab audits we have lined up, it may take longer.

Ben

livebe01 avatar Aug 11 '22 12:08 livebe01

This change is on Demo in release v1.1.0.26

livebe01 avatar Oct 31 '22 20:10 livebe01

This change is on Prod in release v1.1.0.26

livebe01 avatar Nov 22 '22 13:11 livebe01