SP800-56Crev2 Two-Step KDF: Allow requester to specify salt length used in SP800-56Crev2 KDFs

[rnunez83]

Currently in the SP800-56Crev2 two-step KDF ACVP capabilities specification, it allow the requester to specify "how the salt is determined (default being all 00s, random being a random salt)" by specifying "macSaltMethod"

https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56c/twostep/sections/05-capabilities.adoc#two-step-kda-capabilities

In the testvector-requests.json we have received, This length is fixed to 128 bytes (1024 bits)when using SHA-384 hash function. The salt length is shown in the "saltLen" field in the testvector-request.json (see Table 3. KdfConfiguration JSON Object in the following link: https://github.com/usnistgov/ACVP/blob/master/src/kas/sp800-56c/twostep/sections/06-test-vectors.adoc#kdfconfiguration-json-schema

Details on suggestion
In Section 4.2 of SP800-56Crev2, it specifies that "This Recommendation places no restriction on the length of a chosen salt other than the requirement that its byte length be greater than zero but no greater than the length of a single input block to the hash function, hash, used to implement HMAC-hash."

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf#page=24

My request is to allow the requester to specify the length of the salt from a range of [8-bits to "Effective Bit Length of salt" for a given Hash function] shown in SP800-56Crev2 Table 2.

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr2.pdf#page=23

[livebe01]

This sounds like a reasonable request. I assume that you need this feature to test an implementation. Is that correct?

[rnunez83]

thanks for you positive reply.

yes. the feature request is to test an implementation.

[livebe01]

Great, thank you. We'll get this implemented and out as soon as possible.

[livebe01]

Hi @rnunez83, just a heads up that I just sent you an email related to this ticket.

-Ben

[livebe01]

This feature has been added to KDA HKDF SP800-56Cr2 and will be included in the next release.

[livebe01]

The fix for this is on Demo in release v1.1.0.32.

[rnunez83]

hi @livebe01. can you confirm what the registration is supposed to include for the salt length registration?
in Table 2 of the capabilities.adoc, it says that the key should be "SaltLens" and the value should be an integer array, but in test-vectors.adoc it has the key as "SaltLen" (without the 's). I tried to generate test vectors with the following registration, but the saltlength generated is not the length I specified.

{
"acvVersion":"1.0"
},
{
"isSample":true,
"operation":"register",
"certificateRequest":"no",
"debugRequest":"yes",
"production":"no",
"encryptAtRest":"yes",
"algorithms":[
{
"revision":"Sp800-56Cr1",
"algorithm":"KDA",
"mode":"HKDF",
"prereqVals":[
{
"algorithm":"HMAC",
"valValue":"same"
}
],
"hmacAlg":[
"SHA2-384"
],
"z":[
384
],
"l":384,
"macSaltMethods":[
"default"
],
"saltLens":[
384
],
"fixedInfoPattern":"l||uPartyInfo||vPartyInfo",
"encoding":[
"concatenation"
]
}
]
}

but the testvector.json generated shows the default salt length (1024):
"tgId": 1,
"testType": "AFT",
"kdfConfiguration": {
"kdfType": "hkdf",
"l": 384,
"saltLen": 1024,
"saltMethod": "default",
"fixedInfoPattern": "l||uPartyInfo||vPartyInfo",
"fixedInfoEncoding": "concatenation",
"hmacAlg": "SHA2-384"
},
"zLength": 384,
"tests": [
{
"tcId": 1,
"kdfParameter": {
"kdfType": "hkdf",
"salt": "0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[livebe01]

hi @rnunez83, sure. Try the same registration, but use KDA HKDF Sp800-56Cr2. I only implemented the feature for Sp800-56Cr2.

-Ben

[rnunez83]

I see. 56Cr2. I successfully generated test vectors. I close out the ticket now. thanks!

[livebe01]

The fix for this is on Prod in release v1.1.0.32.