SP 800-108 Key-Based Key Derivation Functions (KBKDF) Validation List

Last Update: 2/1/2013

KDF Validation List

Overview

The page provides technical information about implementations that have been validated as conforming to the key-based key derivation functions as approved in "Special Publication 800-108 Recommendation for Key Derivation Using Pseudorandom Functions (Revised) dated October 2009.

The list below describes implementations which have been validated as correctly implementing the KBKDF algorithm, using the validation tests found in " The SP800-108 Key Derivation Function Validation System (KBKDFVS).The testing is handled by NVLAP-accredited Cryptographic And Security Testing (CST) Laboratories.

The implementations below consist of software, firmware, hardware and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the implementations described in this list. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this list reflects the current status of each implementation. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list. In addition to a general description of each product, this list mentions the features that were tested as conforming to the KBKDF; these features are listed on the validation that is issued to the vendor. The following notation is used to describe the implemented features that were successfully tested.

Legend for Description Field


Mode: [Counter Mode] [Feedback Mode] [Double-Pipeline Iteration Mode]	Families of KDF
MACSupported([CMACAES128][CMACAES192] [CMACAES256] [CMACTDES2] [CMACTDES3] [HMACSHA1] [HMACSHA224] [HMACSHA256] [HMACSHA384] [HMACSHA512])	Pseudorandom Function (PRF) used to compute the keying material
Llength(Values tested)	Length of the derived keying material
ZeroLenIVSupported([True] [False])	Required ONLY for Feedback Mode
CounterUsedInData([True] [False])	Required in Feedback and Double-Pipeline Iteration Modes
rlength([8][16][24][32])	Length of the binary representation of the counter i.
LocationCounter For CounterMode:([BeforeFixedData] [AfterFixedData]) For Feedback and Double-Pipeline Iteration Modes:([BeforeIterationData] [AfterIterationData] [AfterFixedData])	Location of counter in the data to be MACed. Required for Counter Mode. If CounterUsedInData = True for Feedback and/or Double-Pipeline Iteration Modes, this is required.

KBKDF Validated Implementations

Validation No.	Vendor	Implementation	Operational Environment	Val. Date	Modes/States/Key sizes/ Description/Notes
7	GOTrust Technology Inc. 10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist. Taichung City, 408 Taiwan -Sean Huang TEL: +886-4-23202525 FAX: +886-4-23202580	GO-Trust Cipher Library Version 1.0 (Firmware)	ARM SecurCore SC300	1/18/2013	CTR_Mode: ( Llength( Min20 Max70 ) MACSupported( [HMACSHA1] [HMACSHA256] ) LocationCounter( [AfterFixedData] ) rlength( [8] ) ) RNG Val#999 HMAC Val#1426 "The GO-Trust Cipher Library is designed to provide FIPS140-2 algorithm support for the GO-Trust Cryptographic Module. This module supports GO-Trust applications (for example: KingCall and KingText) by providing validated Cryptographic Services. The incorporation of these algorithms makes these products ideal for enterprise and governmen"
6	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych TEL: 613.221.5081 FAX: 613.723.5079 -Laurie Smith TEL: 613.221.5026 FAX: 613.723.5079	Luna IS Cryptographic Library Version 6.3.1 (Firmware)	AMCC 440EPx Power PC (PPC440EPx) Embedded Processor	11/21/2012	CTR_Mode: ( Llength( Min16 Max256 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [CMACTDES2] [CMACTDES3] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) ) AES Val#2282 DRBG Val#277 "The Luna IS cryptographic library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor."
5	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 -Laurie Smith TEL: 613-221-5026 FAX: 613-723-5079	Luna G5 Cryptographic Library Version 6.2.3 (Firmware)	AMCC PowerPC 440EPx	10/23/2012	CTR_Mode: ( Llength( Min16 Max256 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [CMACTDES2] [CMACTDES3] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) ) AES Val#2263 TDES Val#1415 DRBG Val#277 "The G5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 10/31/12: Updated implementation information;
4	TecSec Services Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA -Ron Parsons TEL: 571- 299-4127 FAX: 571-299-4101 -Roger Butler TEL: 571-331-6130	KDF108-CTR-CKM-OS755 Version Revno: 620 (Firmware)	Inside Secure AT90SC Part Family	10/5/2012	CTR_Mode: ( Llength( Min1 Max96 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] ) LocationCounter( [AfterFixedData] ) rlength( [8] ) ) AES Val#2226 DRBG Val#98 HMAC Val#1354 "TecSec Armored Card Attribute Container cryptographic service library." This implementation also tested: CTR_Mode: ( Llength( Min1 Max128 ) MACSupported( [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
3	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers TEL: 800-Microsoft FAX: (none)	Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations Version 6.2.9200	Qualcomm Snapdragon S4 w/ Windows RT (ARMv7 Thumb-2); NVIDIA Tegra T3 Quad-Core w/ Windows RT (ARMv7 Thumb-2); Intel Core i7 with AES-NI w/ Windows 8 Enterprise (x64); Intel Pentium D w/ Windows 8 Enterprise (x64); AMD Athlon 64 X2 Dual Core w/ Windows 8 Enterprise (x86); Intel Pentium D w/ Windows Server 2012 (x64); Intel Core i7 with AES-NI w/ Windows Server 2012 (x64); Qualcomm Snapdragon S4 w/ Windows Phone 8 (ARMv7 Thumb-2)	9/26/2012	CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) ) DRBG Val#258 HMAC Val#1345 "The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography." 11/29/12: Added new tested information; 01/16/13: Updated and added new tested implementation information;
2	Atos Worldline SA/NV Haachtsesteenweg 1142 Brussels, 1130 Belgium -Filip Demaertalaere TEL: +32 2 727 61 67 -Sam Yala TEL: +32 2 727 61 94	ACC (Atos Worldline Cryptographic Core) Version 1.2 (Firmware)	Freescale	8/3/2012	FeedbackMode: ( Llength( Min16 Max32 ) MACSupported( [HMACSHA256] ) ZeroLenlVSupported[True] ) DRBG Val#138 HMAC Val#1068 "The ACC is the cryptographic engine of Atos Worldline Hardware Security Module. The ACC makes use of dedicated hardware accelerators." 10/03/12: Updated implementation information;
1	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren TEL: 321-264-2928	Thales Datacryptor Version 5.0 (Firmware)	PowerPC Core 405	5/17/2012	CTR_Mode: ( Llength( Min0 Max250 ) MACSupported( [CMACAES256] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) ) KAS Val#34 AES Val#2030 "The Thales Datacryptor protects the confidentiality and integrity of sensitive data travelling over public networks."

Need Assistance?

Computer Security Division
National Institute of Standards and Technology