[strongSwan-dev] Strongswan KDF Test

neutrino network neutrino.network1 at gmail.com
Tue Apr 9 03:34:30 CEST 2019

*How can a KDF implementation for IKEv2 in the strongswan implementation
case can be verified for conformance with NIST SP800-135, please?* NIST
Application-Specific Key Derivation Function Validation System (ASKDFVS)
discuss KDF test vectors(TV), can we test these TV against strongswan
through some test software suit provide by strongswan, if any. Ubuntu
Strongswan Cryptographic Module ( 140sp2978) mentions of /usr/lib/ipsec
/ikev2-kdf-selftest, which I could not find yet.

SP800-135 KDF recommendation further propose usage of SP800-56C for key
extraction and SP800-108 for key expansion. *What mode e.g counter,
feedback, pipeline as per SP800-108, strongswan use for key expansion,

I tried to register/join through stongswan website but login registration
is pending from couple of days therefore sharing here, excuse for any
inconvenience, please.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20190409/ad1aea16/attachment.html>

More information about the Dev mailing list