diff options
| author | Daiki Ueno <ueno@gnu.org> | 2020-10-05 16:12:46 +0200 |
|---|---|---|
| committer | Daiki Ueno <ueno@gnu.org> | 2020-10-06 14:15:32 +0200 |
| commit | 93c0e3ba4d2cfee86b32f28f33303a2193c4133c (patch) | |
| tree | 31e62f55e2949e0bb8169f8fcbc71e9f275f6d68 /lib/includes/gnutls/self-test.h | |
| parent | 6f034aa2e9f140626de2b9413715651dffe9e394 (diff) | |
| download | gnutls-93c0e3ba4d2cfee86b32f28f33303a2193c4133c.tar.gz | |
fips: add self-tests for HKDF
FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As
the guidance only requires running a single instance of each KDF
mechanism, this only exercises HKDF-Extract and HKDF-Expand operations
with HMAC-SHA-256 as the underlying MAC.
Although HKDF is non-approved, it would be sensible to do that as it
will be approved in FIPS140-3.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/includes/gnutls/self-test.h')
| -rw-r--r-- | lib/includes/gnutls/self-test.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/includes/gnutls/self-test.h b/lib/includes/gnutls/self-test.h index aacbe94ca6..9b7be81590 100644 --- a/lib/includes/gnutls/self-test.h +++ b/lib/includes/gnutls/self-test.h @@ -34,5 +34,6 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher); int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac); int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest); int gnutls_pk_self_test(unsigned flags, gnutls_pk_algorithm_t pk); +int gnutls_hkdf_self_test(unsigned flags, gnutls_mac_algorithm_t mac); #endif /* GNUTLS_SELF_TEST_H */ |