Hi, *How can a KDF implementation for IKEv2 in the strongswan implementation case can be verified for conformance with NIST SP800-135, please?* NIST Application-Specific Key Derivation Function Validation System (ASKDFVS) discuss KDF test vectors(TV), can we test these TV against strongswan through some test software suit provide by strongswan, if any. Ubuntu Strongswan Cryptographic Module ( 140sp2978) mentions of /usr/lib/ipsec /ikev2-kdf-selftest, which I could not find yet.
SP800-135 KDF recommendation further propose usage of SP800-56C for key extraction and SP800-108 for key expansion. *What mode e.g counter, feedback, pipeline as per SP800-108, strongswan use for key expansion, please?* I tried to register/join through stongswan website but login registration is pending from couple of days therefore sharing here, excuse for any inconvenience, please. Regards.
