The page provides technical information about implementations that have been validated as conforming to the key-based key derivation functions as approved in "Special Publication 800-108 Recommendation for Key Derivation Using Pseudorandom Functions (Revised) dated October 2009.
The list below describes implementations which have been validated as correctly implementing the KBKDF algorithm, using the validation tests found in " The SP800-108 Key Derivation Function Validation System (KBKDFVS).The testing is handled by NVLAP-accredited Cryptographic And Security Testing (CST) Laboratories.
The implementations below consist of software, firmware, hardware and any combination thereof. The National Institute of Standards and Technology (NIST) has made every attempt to provide complete and accurate information about the implementations described in this list. However, due to the possibility of changes made within individual companies, NIST cannot guarantee that this list reflects the current status of each implementation. It is the responsibility of the vendor to notify NIST of any necessary changes to its entry in the following list. In addition to a general description of each product, this list mentions the features that were tested as conforming to the KBKDF; these features are listed on the validation that is issued to the vendor. The following notation is used to describe the implemented features that were successfully tested.
Mode: [Counter Mode] [Feedback Mode] [Double-Pipeline Iteration Mode] | Families of KDF |
MACSupported([CMACAES128][CMACAES192] [CMACAES256] [CMACTDES2] [CMACTDES3] [HMACSHA1] [HMACSHA224] [HMACSHA256] [HMACSHA384] [HMACSHA512]) | Pseudorandom Function (PRF) used to compute the keying material |
Llength(Values tested) | Length of the derived keying material |
ZeroLenIVSupported([True] [False]) | Required ONLY for Feedback Mode |
CounterUsedInData([True] [False]) | Required in Feedback and Double-Pipeline Iteration Modes |
rlength([8][16][24][32]) | Length of the binary representation of the counter i. |
LocationCounter For CounterMode:([BeforeFixedData] [AfterFixedData]) For Feedback and Double-Pipeline Iteration Modes:([BeforeIterationData] [AfterIterationData] [AfterFixedData]) |
Location of counter in the data to be MACed. Required for Counter Mode. If CounterUsedInData = True for Feedback and/or Double-Pipeline Iteration Modes, this is required. |
Validation No. |
Vendor | Implementation | Environment |
Val. Date |
Modes/States/Key sizes/ Description/Notes |
---|---|---|---|---|---|
7 | GOTrust Technology Inc. 10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist. Taichung City, 408 Taiwan -Sean Huang
|
Version 1.0 (Firmware) | ARM SecurCore SC300 | 1/18/2013 |
CTR_Mode:
(
Llength(
Min20
Max70
)
MACSupported(
[HMACSHA1]
[HMACSHA256]
)
LocationCounter(
[AfterFixedData]
)
rlength(
[8]
)
)
RNG Val#999 HMAC Val#1426 "The GO-Trust Cipher Library is designed to provide FIPS140-2 algorithm support for the GO-Trust Cryptographic Module. This module supports GO-Trust applications (for example: KingCall and KingText) by providing validated Cryptographic Services. The incorporation of these algorithms makes these products ideal for enterprise and governmen" |
6 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.3.1 (Firmware) | AMCC 440EPx Power PC (PPC440EPx) Embedded Processor | 11/21/2012 |
CTR_Mode:
(
Llength(
Min16
Max256
)
MACSupported(
[CMACAES128]
[CMACAES192]
[CMACAES256]
[CMACTDES2]
[CMACTDES3]
)
LocationCounter(
[BeforeFixedData]
)
rlength(
[32]
)
)
AES Val#2282 DRBG Val#277 "The Luna IS cryptographic library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." |
5 | SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Brych
-Laurie Smith
|
Version 6.2.3 (Firmware) | AMCC PowerPC 440EPx | 10/23/2012 |
CTR_Mode:
(
Llength(
Min16
Max256
)
MACSupported(
[CMACAES128]
[CMACAES192]
[CMACAES256]
[CMACTDES2]
[CMACTDES3]
)
LocationCounter(
[BeforeFixedData]
)
rlength(
[32]
)
)
AES Val#2263 TDES Val#1415 DRBG Val#277 "The G5 Cryptographic Library provides a broad suite of high-performance cryptographic operations. All cryptographic algorithms are implemented within the module''s firmware or associated co-processor." 10/31/12: Updated implementation information; |
4 | TecSec Services Incorporated 12950 Worldgate Drive Suite 100 Herndon, VA 20170 USA -Ron Parsons
-Roger Butler
|
Version Revno: 620 (Firmware) | Inside Secure AT90SC Part Family | 10/5/2012 |
CTR_Mode:
(
Llength(
Min1
Max96
)
MACSupported(
[CMACAES128]
[CMACAES192]
[CMACAES256]
)
LocationCounter(
[AfterFixedData]
)
rlength(
[8]
)
)
AES Val#2226 DRBG Val#98 HMAC Val#1354 "TecSec Armored Card Attribute Container cryptographic service library." This implementation also tested: CTR_Mode: ( Llength( Min1 Max128 ) MACSupported( [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) ) |
3 | Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tim Myers
|
Version 6.2.9200 | Qualcomm Snapdragon S4 w/ Windows RT (ARMv7 Thumb-2); NVIDIA Tegra T3 Quad-Core w/ Windows RT (ARMv7 Thumb-2); Intel Core i7 with AES-NI w/ Windows 8 Enterprise (x64); Intel Pentium D w/ Windows 8 Enterprise (x64); AMD Athlon 64 X2 Dual Core w/ Windows 8 Enterprise (x86); Intel Pentium D w/ Windows Server 2012 (x64); Intel Core i7 with AES-NI w/ Windows Server 2012 (x64); Qualcomm Snapdragon S4 w/ Windows Phone 8 (ARMv7 Thumb-2) | 9/26/2012 |
CTR_Mode:
(
Llength(
Min0
Max4
)
MACSupported(
[HMACSHA1]
[HMACSHA256]
[HMACSHA512]
)
LocationCounter(
[BeforeFixedData]
)
rlength(
[32]
)
)
DRBG Val#258 HMAC Val#1345 "The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module which can be dynamically linked into applications by developers to permit the use of FIPS 140-2 Level 1 compliant cryptography." 11/29/12: Added new tested information; |
2 | Atos Worldline SA/NV Haachtsesteenweg 1142 Brussels, 1130 Belgium -Filip Demaertalaere
-Sam Yala
|
Version 1.2 (Firmware) | Freescale | 8/3/2012 |
FeedbackMode: (
Llength(
Min16
Max32
)
MACSupported(
[HMACSHA256]
)
ZeroLenlVSupported[True]
)
DRBG Val#138 HMAC Val#1068 "The ACC is the cryptographic engine of Atos Worldline Hardware Security Module. The ACC makes use of dedicated hardware accelerators." 10/03/12: Updated implementation information; |
1 | Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren
|
Version 5.0 (Firmware) | PowerPC Core 405 | 5/17/2012 |
CTR_Mode:
(
Llength(
Min0
Max250
)
MACSupported(
[CMACAES256]
)
LocationCounter(
[BeforeFixedData]
)
rlength(
[32]
)
)
KAS Val#34 AES Val#2030 "The Thales Datacryptor protects the confidentiality and integrity of sensitive data travelling over public networks." |
Computer Security Division
National Institute of Standards and Technology