https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1711597#M65488 <P>Hello <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/182492">@Thiru_S</a>,</P> <P>Could you please go to <A href="https://www.nxp.com/support/support:SUPPORTHOME" target="_blank">Support | NXP Semiconductors</A> and request an NDA to obtain the K81's SDK?</P> <P>Best regards, Raul.</P> Fri, 25 Aug 2023 17:48:51 GMT RaRo 2023-08-25T17:48:51Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1708236#M65469 <P>Dear Team,</P><P>We have used mbedtls based ctr_drbg algorithm along with hardware LTC based AES-256 encryption in our project on MK81 MCU.</P><P>We want to apply for FIPS certification to justify the DRBG algorithm is standard one.</P><P>Please help to give some sample input and output data to test and validate the ctr_drbg with LTC based AES-256 bit encryption as backend.</P><P>Currently we got some info from FIPS, but they have used software based AES backend in ctr_drbg to generate inputs and outputs, we are unable to validate the result in our hardware which is having different results due to the AES backend difference.</P><P>Please help to get validate the correct output using the crt_drbg algorithm for FIPS.</P><P>&nbsp;</P><P>Thank you.</P><P>Thiru.</P><P>&nbsp;</P> Mon, 21 Aug 2023 09:26:24 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1708236#M65469 Thiru_S 2023-08-21T09:26:24Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1710953#M65479 <P>Hello&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/182492">@Thiru_S</a>,</P> <P>Have you checked the TWR-K81F150M SDK's mbedtls examples? You could download the SDK <A href="https://mcuxpresso.nxp.com/en/welcome" target="_self">here</A>.</P> <P>Also, might be useful to take a look at the Mbed TLS documentation hub about <A href="https://mbed-tls.readthedocs.io/en/latest/kb/generic/is-mbedtls-fips-certified/#:~:text=While%20the%20Mbed%20TLS%20library%20is%20not%20FIPS,taking%20us%20an%20important%20step%20towards%20FIPS%20certification." target="_self">FIPS</A>.</P> <P>Best regards, Raul.</P> Thu, 24 Aug 2023 19:16:42 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1710953#M65479 RaRo 2023-08-24T19:16:42Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1711100#M65483 <P>Hi Raul,</P><P>Thank you for the info.</P><P><SPAN>"TWR-K81F150M" SDK is not present in the SDK builder, your link shows like below,</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Thiru_S_0-1692929533753.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/237982iC7115163AB65C4F7/image-size/medium?v=v2&amp;px=400" role="button" title="Thiru_S_0-1692929533753.png" alt="Thiru_S_0-1692929533753.png" /></span>&nbsp;&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Thiru_S_1-1692929642009.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/237983iBCB9E6C58BE5C135/image-size/medium?v=v2&amp;px=400" role="button" title="Thiru_S_1-1692929642009.png" alt="Thiru_S_1-1692929642009.png" /></span></P><P>&nbsp;</P><P>Please advise.</P><P>Thank you.</P><P>Thiru.</P><P>&nbsp;</P> Fri, 25 Aug 2023 02:14:37 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1711100#M65483 Thiru_S 2023-08-25T02:14:37Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1711597#M65488 <P>Hello <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/182492">@Thiru_S</a>,</P> <P>Could you please go to <A href="https://www.nxp.com/support/support:SUPPORTHOME" target="_blank">Support | NXP Semiconductors</A> and request an NDA to obtain the K81's SDK?</P> <P>Best regards, Raul.</P> Fri, 25 Aug 2023 17:48:51 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1711597#M65488 RaRo 2023-08-25T17:48:51Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1716116#M65511 <P>Hi&nbsp;<a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/206649">@RaRo</a>&nbsp;,</P><P>I have SDK for MK81, But i'm not able to find any specific example for the CTR DRBG only found the selftest code in ctr_drbg.c file under mbedtls modules.</P><P>This self test procedure is not suitable for the FIPS sample inputs and outputs.</P><P>Is the NXP supports FIPS certification for CTR_DRBG algorithm (STD:&nbsp;<SPAN>SP800-90A</SPAN>)?</P><P>Thank you.</P><P>Thiru.</P> Mon, 04 Sep 2023 02:21:24 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1716116#M65511 Thiru_S 2023-09-04T02:21:24Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1718997#M65530 <P class="lia-align-justify">Hello <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/182492">@Thiru_S</a>,</P> <P class="lia-align-justify">Let us double check the information for the K81. In general, NXP have <A href="https://www.nxp.com/products/security-and-authentication/authentication/edgelock-se050-plug-and-trust-secure-element-family-enhanced-iot-security-with-high-flexibility:SE050" target="_blank">EdgeLock SE050 | Enhanced IoT Security | NXP Semiconductors</A> which supports FIPS certification.</P> <P class="lia-align-justify">At the meantime, have you checked the <A href="http://sp800-90Arev1-final%20(7-16-2015) with ceiling corrections (nist.gov)" target="_self">Recommendation for Random Number Generation Using Deterministic Random Bit Generators</A>? It might be useful to take a look at as it provides example pseudocode for each DRBG mechanism, which you could access <A href="https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values" target="_self">here</A>.&nbsp;</P> <P class="lia-align-justify">Best regards, Raul.</P> Thu, 07 Sep 2023 18:37:39 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1718997#M65530 RaRo 2023-09-07T18:37:39Z https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1722251#M65539 <P class="lia-align-justify">Hello <a href="https://community.nxp.com/t5/user/viewprofilepage/user-id/182492">@Thiru_S</a>,</P> <P class="lia-align-justify">First of all, let us apologize for the delay.</P> <P class="lia-align-justify"><STRONG>K81 doesn't provide <EM>CTR_DRBG</EM> implementation</STRONG>. You could combine<EM> TRNG</EM> as seed and<EM> CTR-AES</EM> to implement <EM>CTR_DRBG</EM> according to <EM>FIPS CTR_DRBG</EM> specification such as <EM>mbedTLS</EM> as reference.</P> <P class="lia-align-justify">K81 supports part of <EM>FIPS CAVP</EM> certification, please refer to the following link:&nbsp; <A href="https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=1593" target="_blank">https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=1593</A></P> <P class="lia-align-justify">Best regards, Raul.</P> Wed, 13 Sep 2023 17:57:36 GMT https://community.nxp.com/t5/Kinetis-Microcontrollers/How-to-justify-mbedtls-ctr-drbg-algorithm-in-MK81-for-FIPS/m-p/1722251#M65539 RaRo 2023-09-13T17:57:36Z