Closed Bug 372162 Opened 15 years ago Closed 13 years ago

shlibsign should be a stand-alone program that generates HMAC-SHA-256 .chk files.

Categories

(NSS :: Tools, enhancement)

3.11.1
enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: wtc, Unassigned)

References

Details

(Whiteboard: FIPS)

OpenSSL's FIPS 140-2 validation (Cert# 642 and Cert# 733) showed
that HMAC-SHA-1 with a hardcoded HMAC key is an acceptable
authentication technique for the software/firmware integrity
test of FIPS 140-2.

The biggest advantage of HMAC over DSA is that HMAC does not
require a big num library, so we can create a stand-alone,
self-contained SHA-x and HMAC implementation easily.  For
example, NSS has a stand-alone implementation of SHA-1 in
http://lxr.mozilla.org/security/source/security/nss/lib/freebl/sha.h
http://lxr.mozilla.org/security/source/security/nss/lib/freebl/sha.c

(For the hash function, I suggest that we use SHA-256 rather
than SHA-1.)

This would solve the cross-compilation problem we have with
shlibsign.  (We would compile the stand-alone shlibsign program
for the host platform.)  This would also fix bug 305693 and
bug 347037 as a by-product.  The cost would be that we'll need
to validate the stand-alone SHA-256 and HMAC implementations.
Just wanted to clarify -- the validation of SHA-256 and HMAC that
I referred to is *algorithm* validation, which is much simpler than
*cryptographic module* validation.
Whiteboard: FIPS
Blocks: FIPS2008
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
No longer blocks: FIPS2008
Draft FIPS 140-3 has a new requirement that DSA be used in
the Software Integrity Test at Level 2.  We should not change
shlibsign to use HMAC-SHA-256 because this potential new
requirement.
You need to log in before you can comment on or make changes to this bug.