FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

How to justify mbedtls_ctr_drbg algorithm in MK81 for FIPS certification?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to justify mbedtls_ctr_drbg algorithm in MK81 for FIPS certification?

‎08-21-2023 02:26 AM
1,202 Views
Thiru_S
Contributor III

Dear Team,

We have used mbedtls based ctr_drbg algorithm along with hardware LTC based AES-256 encryption in our project on MK81 MCU.

We want to apply for FIPS certification to justify the DRBG algorithm is standard one.

Please help to give some sample input and output data to test and validate the ctr_drbg with LTC based AES-256 bit encryption as backend.

Currently we got some info from FIPS, but they have used software based AES backend in ctr_drbg to generate inputs and outputs, we are unable to validate the result in our hardware which is having different results due to the AES backend difference.

Please help to get validate the correct output using the crt_drbg algorithm for FIPS.

 

Thank you.

Thiru.

 

0 Kudos
Reply
6 Replies

‎09-03-2023 07:21 PM
1,003 Views
Thiru_S
Contributor III

Hi @RaRo ,

I have SDK for MK81, But i'm not able to find any specific example for the CTR DRBG only found the selftest code in ctr_drbg.c file under mbedtls modules.

This self test procedure is not suitable for the FIPS sample inputs and outputs.

Is the NXP supports FIPS certification for CTR_DRBG algorithm (STD: SP800-90A)?

Thank you.

Thiru.

0 Kudos
Reply

‎09-13-2023 10:57 AM
874 Views
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

First of all, let us apologize for the delay.

K81 doesn't provide CTR_DRBG implementation. You could combine TRNG as seed and CTR-AES to implement CTR_DRBG according to FIPS CTR_DRBG specification such as mbedTLS as reference.

K81 supports part of FIPS CAVP certification, please refer to the following link:  https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=1593

Best regards, Raul.

0 Kudos
Reply

‎09-07-2023 11:37 AM
966 Views
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Let us double check the information for the K81. In general, NXP have EdgeLock SE050 | Enhanced IoT Security | NXP Semiconductors which supports FIPS certification.

At the meantime, have you checked the Recommendation for Random Number Generation Using Deterministic Random Bit Generators? It might be useful to take a look at as it provides example pseudocode for each DRBG mechanism, which you could access here

Best regards, Raul.

0 Kudos
Reply

‎08-24-2023 07:13 PM
1,120 Views
Thiru_S
Contributor III

Hi Raul,

Thank you for the info.

"TWR-K81F150M" SDK is not present in the SDK builder, your link shows like below,

Thiru_S_0-1692929533753.png  

Thiru_S_1-1692929642009.png

 

Please advise.

Thank you.

Thiru.

 

0 Kudos
Reply

‎08-25-2023 10:48 AM
1,111 Views
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Could you please go to Support | NXP Semiconductors and request an NDA to obtain the K81's SDK?

Best regards, Raul.

0 Kudos
Reply

‎08-24-2023 12:16 PM
1,147 Views
RaRo
NXP TechSupport
NXP TechSupport

Hello @Thiru_S,

Have you checked the TWR-K81F150M SDK's mbedtls examples? You could download the SDK here.

Also, might be useful to take a look at the Mbed TLS documentation hub about FIPS.

Best regards, Raul.

0 Kudos
Reply