fips: add self-tests for HKDF

FIPS140-2 IG D.8 mandates self-test on approved KDF algorithms. As the guidance only requires running a single instance of each KDF mechanism, this only exercises HKDF-Extract and HKDF-Expand operations with HMAC-SHA-256 as the underlying MAC. Although HKDF is non-approved, it would be sensible to do that as it will be approved in FIPS140-3. Signed-off-by: Daiki Ueno <ueno@gnu.org>
author: Daiki Ueno <ueno@gnu.org> 2020-10-05 16:12:46 +0200
committer: Daiki Ueno <ueno@gnu.org> 2020-10-06 14:15:32 +0200
commit: 93c0e3ba4d2cfee86b32f28f33303a2193c4133c (patch)
tree: 31e62f55e2949e0bb8169f8fcbc71e9f275f6d68 /lib/libgnutls.map
parent: 6f034aa2e9f140626de2b9413715651dffe9e394 (diff)
download: gnutls-93c0e3ba4d2cfee86b32f28f33303a2193c4133c.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 61276e5340..386b66f83e 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1347,6 +1347,7 @@ GNUTLS_FIPS140_3_4 {
 	gnutls_pk_self_test;
 	gnutls_mac_self_test;
 	gnutls_digest_self_test;
+	gnutls_hkdf_self_test;
 	#for FIPS140-2 validation
 	drbg_aes_reseed;
 	drbg_aes_init;
author	Daiki Ueno <ueno@gnu.org>	2020-10-05 16:12:46 +0200
committer	Daiki Ueno <ueno@gnu.org>	2020-10-06 14:15:32 +0200
commit	93c0e3ba4d2cfee86b32f28f33303a2193c4133c (patch)
tree	31e62f55e2949e0bb8169f8fcbc71e9f275f6d68 /lib/libgnutls.map
parent	6f034aa2e9f140626de2b9413715651dffe9e394 (diff)
download	gnutls-93c0e3ba4d2cfee86b32f28f33303a2193c4133c.tar.gz