lewyble
commented
4 years ago @dmhale1 - thoughts?
Closed QuentinGouchet closed 3 years ago
lewyble
commented
4 years ago @dmhale1 - thoughts?
dmhale1
commented
4 years ago I will check on this one and get back to you.
dmhale1
commented
3 years ago The issue was truncation and we wanted to be clear that the full digest was needed (and in the cert). Understand the redundancy claim but don’t see this hurting anything so we want to leave it as is. Plus, it matches how we do all these requirements.
In FCS_COP.1(2) and (4), a selection has to be made by the ST author regarding the message digest size of the message-digest (SHA) and keyed-message digest (HMAC) operations.
Regarding the message digest (SHA), it is redundant to specify the size of the output, since the specification of the hash function already specifies the output, i.e. SHA-256 will have a 256-bit message digest output. It is implicit to the selection of the hash function.
Regarding keyed-message digests (HMAC), it is somehow implicit. Currently, the CAVP allows labs to test HMAC-SHA will the full/default length message digest, and some truncation.
I would suggest to either remove the message digest size part of both SFRs, or align with the tag lengths per HMAC-SHA that CAVP allows to be tested (see section 6.1, bullet 7 of https://csrc.nist.gov/csrc/media/projects/cryptographic-algorithm-validation-program/documents/mac/hmacvs.pdf).