Re: HMAC Selftests keylen in FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Freitag, 12. Juni 2020, 17:51:52 CEST schrieb Peter P.:

Hi Peter,

> Hi,
> 
> According to NIST SP800-131A Table 9, HMAC generation in FIPS must
> have a keylen of 14 bytes minimum. I've noticed that in the crypto
> algorithm testing framework, the HMAC test vectors from RFC 4231 all
> have a test case that utilizes a 4 byte key.
> Is this permissible when operating the kernel in FIPS mode and if so
> how is the 14 byte minimum keysize enforced?

SP800-131A specifies the ciphers and their cryptographic strengths. Thus, the 
specification you refer to there shall ensure that HMAC with an appropriate 
strength is used.

When performing a self test, the cryptographic strength of the cipher is 
irrelevant as only the mathematical construct is verified to work correctly. 
Thus, using a smaller HMAC key is considered to be acceptible for FIPS 140-2 
section 4.9.

Note, it would even be possible to use, say, RSA with a 512 bit key for the 
self test knowing that SP800-131A allows key sizes 2048 and higher.

Though, there is no limitation on the key length supported for HMAC. Note, 
SP800-131A allows using HMAC with keys < 112 bits provided it is only used for 
verification in legacy mode. Thus, limiting it in the code would not be the 
right way.

Ciao
Stephan





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux