4

I am creating a keyed SHA256 hash using HMACSHA256 with the following code:

HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey);
byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(data));

string hashResult = string.Empty;
for (int i = 0; i < hash.Length; i++)
{
    hashResult += hash[i].ToString("x2"); // hex format
}

This is working just fine, however, it fails in a FIPS enabled environment because HMACSHA256 uses an underlying SHA256Managed implementation which is itself not FIPS compliant.

Searching through MSDN documentation I find that the only SHA256 implementation of KeyedHashAlgorithm is HMACSHA256.

I am required to sign web service requests with a keyed SHA256 hash (so I can't change the hash type), and I must be able to run in a FIPS enabled environment.

Googling shows that both SHA256CryptoServiceProvider and SHA256Cng are FIPS compliant ways to create SHA256 hashes, but neither seem to support the creation of keyed hashes.

hubiggo
  • 43
  • 1
  • 3

3 Answers3

4

I know this is old but it looks like Microsoft addressed this issue. I'm running .NET 4.5.1 on Windows 8. I can't speak to what version of the BCL this was fixed or OS.

this.m_hash1 = HMAC.GetHashAlgorithmWithFipsFallback((Func<HashAlgorithm>) (() => (HashAlgorithm) new SHA256Managed()), (Func<HashAlgorithm>) (() => HashAlgorithm.Create("System.Security.Cryptography.SHA256CryptoServiceProvider")));
Daniel
  • 1,843
  • 2
  • 18
  • 27
  • I just like to concur with your observation. I enabled FIPS on Both windows 8.1 and Windows7 SP1. HMACSHA512, HMACSHA256 classes seem to work just fine. I ran the following code on both platforms. HMACSHA26 and HMAC512 fails under .NET 3.5 but passes under .Net 4.0 and above. – Ehsan Samani May 04 '15 at 03:21
3

No, there is not. Here is a list of ones that are (scroll down to FIPS.sys Algorithms section).

A work around I've used int he past is here, but I'm not sure if that will work for web services. This solution could work.

Community
  • 1
  • 1
SwDevMan81
  • 48,814
  • 22
  • 151
  • 184
  • As [the Meta discussion](http://meta.stackexchange.com/questions/8231/are-answers-that-just-contain-links-elsewhere-really-good-answers) points out, your answer should be more substantial than just a link. – neontapir Jul 25 '13 at 15:48
  • @neontapir - The answer to the question is no, so anything more is substantial in my opinion :) – SwDevMan81 Jul 25 '13 at 15:49
  • What I was driving at was that I needed to follow the links in your answer to see what workaround and possible solution you were referring to. The danger is that the links become stale and then the answer becomes useless. – neontapir Jul 25 '13 at 15:51
  • 2
    I understand the reasoning, but this answer wont be useless without the links. I add them to give more content than just `No` – SwDevMan81 Jul 25 '13 at 15:55
  • "FIPS.sys" is for kernel components, but this fellow is working in userland with .Net. I think he has more opportunities than it appears. For example the RSA Enhanced Provider (RSAENH) is available on older platforms, and newer platforms have the Bcrypt algorithms and the CNG provider (not sure how CNG is referred to...). – jww Feb 01 '14 at 01:13
0

Officially you may be out of luck, but it should be relatively easy to build a HMAC_SHA256 out of SHA-256. Just take a look at the Wikipedia page to see how easy this is.

Note that it may be the case that HMAC was not approved in FIPS mode because it is vulnerable to side channel attacks. In that case you should make sure that there is some protection against side channel attacks.

It is a bit dangerous to build your own crypto algorithms out of cryptographic primitives. If you yourself will try and claim FIPS level security then this may become an issue. But for most users it is enough if you say that you only use NIST compliant algorithms. It is up to you how far you are willing to go down this line...

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263