Am Freitag, 12. Juni 2020, 17:51:52 CEST schrieb Peter P.: Hi Peter, > Hi, > > According to NIST SP800-131A Table 9, HMAC generation in FIPS must > have a keylen of 14 bytes minimum. I've noticed that in the crypto > algorithm testing framework, the HMAC test vectors from RFC 4231 all > have a test case that utilizes a 4 byte key. > Is this permissible when operating the kernel in FIPS mode and if so > how is the 14 byte minimum keysize enforced? SP800-131A specifies the ciphers and their cryptographic strengths. Thus, the specification you refer to there shall ensure that HMAC with an appropriate strength is used. When performing a self test, the cryptographic strength of the cipher is irrelevant as only the mathematical construct is verified to work correctly. Thus, using a smaller HMAC key is considered to be acceptible for FIPS 140-2 section 4.9. Note, it would even be possible to use, say, RSA with a 512 bit key for the self test knowing that SP800-131A allows key sizes 2048 and higher. Though, there is no limitation on the key length supported for HMAC. Note, SP800-131A allows using HMAC with keys < 112 bits provided it is only used for verification in legacy mode. Thus, limiting it in the code would not be the right way. Ciao Stephan