基於SHA512的FIPS驗證應用程序與HMAC功能？

Question

我正在構建FIPS驗證的應用程序，並在我的計算機上啓用了FIPS模式。我需要一個基於SHA512的HMAC函數。據我所知，HMAC SHA1函數經FIPS驗證，但我有一個經過FIPS驗證的散列函數SHA512CryptoServiceProvider，並且我知道FIPS實際上允許SHA512。在FIPS中驗證HMAC SHA512的C＃中是否有類似的HMAC功能？

Answer 1

有一個HMACSHA512 Class，但它在內部使用SHA512Managed Class，這是not FIPS certified。

你可以基於該SHA512CryptoServiceProvider Class嘗試create your own HMACSHA512 Class：

public class MyHMACSHA512 : HMAC 
{ 
    public MyHMACSHA512(byte[] key) 
    { 
     HashName = "System.Security.Cryptography.SHA512CryptoServiceProvider"; 
     HashSizeValue = 512; 
     BlockSizeValue = 128; 
     Key = key; 
    } 
} 

Answer 2

以下爲我工作 - 我可以同時創建AES和SHA256 FIPS快樂HMAC：

/// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the AES hash function.</summary> 
    public class AesHmac : HMAC 
    { 
     /// <summary>Initializes a new instance of the AesHmac class with the specified key data.</summary> 
     /// <param name="key">The secret key for AesHmac encryption.</param> 
     public AesHmac(byte[] key) 
     { 
      HashName = "System.Security.Cryptography.AesCryptoServiceProvider"; 
      HashSizeValue = 128; 
      BlockSizeValue = 128; 
      Initialize(); 
      Key = (byte[])key.Clone(); 
     } 
    } 

    /// <summary>Computes a Hash-based Message Authentication Code (HMAC) using the SHA256 hash function.</summary> 
    public class ShaHmac : HMAC 
    { 
     /// <summary>Initializes a new instance of the ShaHmac class with the specified key data.</summary> 
     /// <param name="key">The secret key for ShaHmac encryption.</param> 
     public ShaHmac(byte[] key) 
     { 
      HashName = "System.Security.Cryptography.SHA256CryptoServiceProvider"; 
      HashSizeValue = 256; 
      BlockSizeValue = 128; 
      Initialize(); 
      Key = (byte[])key.Clone(); 
     } 
    } 

謝謝， Ritchie