Hi,
I am facing a couple of issues with wpa_supplicant when built with a
crypto library that aims FIPS 140-3 compliance.
First, SAE. In sae_derive_pwe_ecc and sae_derive_pwe_ffc, an HMAC is
calculated. The HMAC key is obtained by concatenating two MAC addresses.
The crypto library's HMAC function called by hmac_sha256_vector returns
an error code, on the grounds that the 96-bit key is shorter than the
minimum 112-bit length recommended by NIST SP 800-131A Rev. 2
<https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final>.
Next, SAE-PK. SAE-PK involves the AES-SIV cipher, which is not
FIPS-approved.
Does this mean that WPA3 is incompatible with FIPS? That would be
puzzling, when the arguably less secure WPA2 does not pose such a
problem (only constraints on the length of SSID/passphrases).
Or, can it be claimed that these operations do not fulfill a security
function? In which case, I believe, using a non-FIPS-approved algorithm
is permitted.
Regards.
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
