ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to justify mbedtls_ctr_drbg algorithm in MK81 for FIPS certification?

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

How to justify mbedtls_ctr_drbg algorithm in MK81 for FIPS certification?

‎08-21-2023 02:26 AM
1,661件の閲覧回数
Thiru_S
Contributor III

Dear Team,

We have used mbedtls based ctr_drbg algorithm along with hardware LTC based AES-256 encryption in our project on MK81 MCU.

We want to apply for FIPS certification to justify the DRBG algorithm is standard one.

Please help to give some sample input and output data to test and validate the ctr_drbg with LTC based AES-256 bit encryption as backend.

Currently we got some info from FIPS, but they have used software based AES backend in ctr_drbg to generate inputs and outputs, we are unable to validate the result in our hardware which is having different results due to the AES backend difference.

Please help to get validate the correct output using the crt_drbg algorithm for FIPS.

 

Thank you.

Thiru.

 

0 件の賞賛
返信
6 返答(返信)

‎09-03-2023 07:21 PM
1,462件の閲覧回数
Thiru_S
Contributor III

Hi @RaRo ,

I have SDK for MK81, But i'm not able to find any specific example for the CTR DRBG only found the selftest code in ctr_drbg.c file under mbedtls modules.

This self test procedure is not suitable for the FIPS sample inputs and outputs.

Is the NXP supports FIPS certification for CTR_DRBG algorithm (STD: SP800-90A)?

Thank you.

Thiru.

0 件の賞賛
返信

‎09-13-2023 10:57 AM
1,333件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

First of all, let us apologize for the delay.

K81 doesn't provide CTR_DRBG implementation. You could combine TRNG as seed and CTR-AES to implement CTR_DRBG according to FIPS CTR_DRBG specification such as mbedTLS as reference.

K81 supports part of FIPS CAVP certification, please refer to the following link:  https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=1593

Best regards, Raul.

0 件の賞賛
返信

‎09-07-2023 11:37 AM
1,425件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Let us double check the information for the K81. In general, NXP have EdgeLock SE050 | Enhanced IoT Security | NXP Semiconductors which supports FIPS certification.

At the meantime, have you checked the Recommendation for Random Number Generation Using Deterministic Random Bit Generators? It might be useful to take a look at as it provides example pseudocode for each DRBG mechanism, which you could access here

Best regards, Raul.

0 件の賞賛
返信

‎08-24-2023 07:13 PM
1,579件の閲覧回数
Thiru_S
Contributor III

Hi Raul,

Thank you for the info.

"TWR-K81F150M" SDK is not present in the SDK builder, your link shows like below,

Thiru_S_0-1692929533753.png  

Thiru_S_1-1692929642009.png

 

Please advise.

Thank you.

Thiru.

 

0 件の賞賛
返信

‎08-25-2023 10:48 AM
1,570件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Could you please go to Support | NXP Semiconductors and request an NDA to obtain the K81's SDK?

Best regards, Raul.

0 件の賞賛
返信

‎08-24-2023 12:16 PM
1,606件の閲覧回数
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Have you checked the TWR-K81F150M SDK's mbedtls examples? You could download the SDK here.

Also, might be useful to take a look at the Mbed TLS documentation hub about FIPS.

Best regards, Raul.

0 件の賞賛
返信