Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp569889ybg; Fri, 12 Jun 2020 08:52:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwyStcpFS5VoP27ntXRaCGvJlUul8TGqjyc/9eOxxrarvx+b4khlvk+ksG7DPGJRSmxxD8d X-Received: by 2002:a05:6402:1285:: with SMTP id w5mr12511066edv.73.1591977165976; Fri, 12 Jun 2020 08:52:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591977165; cv=none; d=google.com; s=arc-20160816; b=wk5FFRirb9p6S/wcyxSS/PyqwxcX7Ccu2UUGPUzBPZu94jSrKHeCtQ6mDQ2n2dikwz Yb5tmD6U12P8XAZ0y8tbg9slFuOtFtJ1movW+RoNYAgfbGtmAB/VkpOnuYO0o/GQ+shf 5sD5fmAN1ZKZC1sDQ3dFd85irWr2+DQshlGf5GhUGtxUUde1NM9fGqCOCqdhGDuI7i/L cPeAhI0THeDPUs2Z6x47O8TMhsF/2jHpbNlT2Df1xgTq6Uklkp2xqOstRGbYfyZZEUO+ VWvnruHe09Biu76MINxP+KCanctA4RqonqJQsUpAxWP4N6Q7tNwK7RjZVn6d+B6+PZzG pBNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:to:subject:message-id:date:from :mime-version:dkim-signature; bh=9kz8AERaPiTJbAZG6MShvL8NjfCcS5uVMTJomAkemfY=; b=hhncZX26a8dpMN0JATkPejtmTUe4DJVEEo1sUI++yY3nmtnnJrbRDuT4DlCDwkJYyM 1R14k9kerYGeEY9FnYnbNG+5lJ9vEsvDlgKbQOhAzEgMgcKHGyFXNEZqf0ndL5lCjImj s9oyp8295GrdgVqbfw9tkzHIEv8xgJXLL69KKyrSZe77vfuBXh4q6Y7ePX+o9tQG+YZN kH447AK+j3FQ0ud/gt3XKCD0C3SIej+x+CStjsol7kC/tQmZe42NHxkAzdcWF3lQzOId EBRRvpOSRLITP1SaAxJrX0DzA1NcRpIxJ1t56r/oJ5vBQBRiaSmNt5A5GzHeayS78hWR cHxw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Z+AP021v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o25si4076979ejh.304.2020.06.12.08.52.11; Fri, 12 Jun 2020 08:52:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Z+AP021v; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726085AbgFLPwF (ORCPT + 99 others); Fri, 12 Jun 2020 11:52:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726053AbgFLPwE (ORCPT ); Fri, 12 Jun 2020 11:52:04 -0400 Received: from mail-oi1-x232.google.com (mail-oi1-x232.google.com [IPv6:2607:f8b0:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A597DC03E96F for ; Fri, 12 Jun 2020 08:52:04 -0700 (PDT) Received: by mail-oi1-x232.google.com with SMTP id d67so9078683oig.6 for ; Fri, 12 Jun 2020 08:52:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=9kz8AERaPiTJbAZG6MShvL8NjfCcS5uVMTJomAkemfY=; b=Z+AP021vDFwAnBd3I5STvHHSLsysFOzVw2FeNWsGR267xTpxswMSjufZhKkBZnpsmB bnql0K0n2rh0io6c+Ag1OcCjkxb9P/4rVJ0lvLmymWjcSbfmPejWZusGoavHa/G0u/90 NLEQgzWIJx88M1bS5iFi+JjG6llV8rB+XYFh1dnELv9OBanzUvBGozjv//EOv83mHuvO HukLZ5qgDkQlmpgoyd0VfhPkXiN5SOOfguyEY9eho7mAk6m1pQduhfM7yxcwgOmYzhMS M2+FVA6RlW5Q3QuQQA8NpkFRqh9BQIkk5ul/aEeu6RN4PnwrGd69eNMSpdYukjoGwOyA yJXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=9kz8AERaPiTJbAZG6MShvL8NjfCcS5uVMTJomAkemfY=; b=UxL4ADanEKMgQSH6LSC62BwRptAv+A/DFZxTiEfa+z9BFlDxGTk+zNEhOQYZKNr0Ux bao6DCx9B6YxJx7Z3UYpOHIZL5XR/7K5wbanE4IfeYEzmt83MNxK2TbFQ576aUjdn6MS Y2+29QvtxC/Uc06f8PnR312hObxYH83iiziouYQDzM6xBblgQXoZT1ojpFfZKkGWDj77 hGrEnc/IWwnqh8kh1mD6VskeYkHtepJFFjo7BeSllWY4KwIBz82d5HtASqz2VYvfCPd2 v27Ydy2kxDZzzRCXQCH3yCNOKNXsCaKZONfSLgS31QXyyRmHXSPt0vYdb6eHJO1ZKaqz iCuQ== X-Gm-Message-State: AOAM532nouCcisMtYoC9bbEB8JGUaWOfq6pjMvWlnwFWARhbU0XbjdjI XhxJ2RRS/++eci4mjPBF6NxjwaDxIP7lIWX1IquqLg== X-Received: by 2002:a54:4102:: with SMTP id l2mr2723497oic.29.1591977123637; Fri, 12 Jun 2020 08:52:03 -0700 (PDT) MIME-Version: 1.0 From: "Peter P." Date: Fri, 12 Jun 2020 11:51:52 -0400 Message-ID: Subject: HMAC Selftests keylen in FIPS mode To: linux-crypto@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, According to NIST SP800-131A Table 9, HMAC generation in FIPS must have a keylen of 14 bytes minimum. I've noticed that in the crypto algorithm testing framework, the HMAC test vectors from RFC 4231 all have a test case that utilizes a 4 byte key. Is this permissible when operating the kernel in FIPS mode and if so how is the 14 byte minimum keysize enforced? Thanks, Peter