Paper 2019/1421
Extending NIST's CAVP Testing of Cryptographic Hash Function Implementations
Nicky Mouha and Christopher Celi
Abstract
This paper describes a vulnerability in Apple's CoreCrypto library, which affects 11 out of the 12 implemented hash functions: every implemented hash function except MD2 (Message Digest 2), as well as several higher-level operations such as the Hash-based Message Authentication Code (HMAC) and the Ed25519 signature scheme. The vulnerability is present in each of Apple's CoreCrypto libraries that are currently validated under FIPS 140-2 (Federal Information Processing Standard). For inputs of about
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. CT-RSA 2020
- Keywords
- CVE-2019-8741FIPSCAVPACVPAppleCoreCryptohash functionvulnerability
- Contact author(s)
- nicky @ mouha be
- History
- 2019-12-10: received
- Short URL
- https://ia.cr/2019/1421
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1421, author = {Nicky Mouha and Christopher Celi}, title = {Extending {NIST}'s {CAVP} Testing of Cryptographic Hash Function Implementations}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/1421}, year = {2019}, url = {https://eprint.iacr.org/2019/1421} }