Hi,
According to NIST SP800-131A Table 9, HMAC generation in FIPS must
have a keylen of 14 bytes minimum. I've noticed that in the crypto
algorithm testing framework, the HMAC test vectors from RFC 4231 all
have a test case that utilizes a 4 byte key.
Is this permissible when operating the kernel in FIPS mode and if so
how is the 14 byte minimum keysize enforced?
Thanks,
Peter
Am Freitag, 12. Juni 2020, 17:51:52 CEST schrieb Peter P.:
Hi Peter,
> Hi,
>
> According to NIST SP800-131A Table 9, HMAC generation in FIPS must
> have a keylen of 14 bytes minimum. I've noticed that in the crypto
> algorithm testing framework, the HMAC test vectors from RFC 4231 all
> have a test case that utilizes a 4 byte key.
> Is this permissible when operating the kernel in FIPS mode and if so
> how is the 14 byte minimum keysize enforced?
SP800-131A specifies the ciphers and their cryptographic strengths. Thus, the
specification you refer to there shall ensure that HMAC with an appropriate
strength is used.
When performing a self test, the cryptographic strength of the cipher is
irrelevant as only the mathematical construct is verified to work correctly.
Thus, using a smaller HMAC key is considered to be acceptible for FIPS 140-2
section 4.9.
Note, it would even be possible to use, say, RSA with a 512 bit key for the
self test knowing that SP800-131A allows key sizes 2048 and higher.
Though, there is no limitation on the key length supported for HMAC. Note,
SP800-131A allows using HMAC with keys < 112 bits provided it is only used for
verification in legacy mode. Thus, limiting it in the code would not be the
right way.
Ciao
Stephan