CODEWITHSUNDEEP
c#hmacfips
hobeau
hobeau

Reputation: 893

FIPS validated application with HMAC function based on SHA512?

I'm building a FIPS validated application and have the FIPS mode turned on on my computer. I need an HMAC function hopefully based on SHA512. I understand that the HMAC SHA1 function is FIPS validated but I have a hash function SHA512CryptoServiceProvider which is FIPS validated and I know that FIPS does in fact allow for SHA512. Is there a similar HMAC function in C# that does FIPS validated HMAC SHA512?

Upvotes: 4

Views: 2633

Answers (2)

J. Ritchie Carroll
J. Ritchie Carroll

Reputation: 31

The following worked for me - I was able to create both an AES and SHA256 FIPS happy HMAC:

    /// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the AES hash function.</summary>
    public class AesHmac : HMAC
    {
        /// <summary>Initializes a new instance of the AesHmac class with the specified key data.</summary>
        /// <param name="key">The secret key for AesHmac encryption.</param>
        public AesHmac(byte[] key)
        {
            HashName = "System.Security.Cryptography.AesCryptoServiceProvider";
            HashSizeValue = 128;
            BlockSizeValue = 128;
            Initialize();
            Key = (byte[])key.Clone();
        }
    }

    /// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the SHA256 hash function.</summary>
    public class ShaHmac : HMAC
    {
        /// <summary>Initializes a new instance of the ShaHmac class with the specified key data.</summary>
        /// <param name="key">The secret key for ShaHmac encryption.</param>
        public ShaHmac(byte[] key)
        {
            HashName = "System.Security.Cryptography.SHA256CryptoServiceProvider";
            HashSizeValue = 256;
            BlockSizeValue = 128;
            Initialize();
            Key = (byte[])key.Clone();
        }
    }

Thanks, Ritchie

Upvotes: 2

dtb
dtb

Reputation: 217313

There is a HMACSHA512 Class, but it uses the SHA512Managed Class internally, which is not FIPS certified.

You could try to create your own HMACSHA512 Class based on the SHA512CryptoServiceProvider Class:

public class MyHMACSHA512 : HMAC
{
    public MyHMACSHA512(byte[] key)
    {
        HashName = "System.Security.Cryptography.SHA512CryptoServiceProvider";
        HashSizeValue = 512;
        BlockSizeValue = 128;
        Key = key;
    }
}

Upvotes: 7

Related Questions