WPA3 SAE and FIPS 140-3

achtol achtol at free.fr
Fri Jul 1 09:44:54 PDT 2022


Hi,

I am facing a couple of issues with wpa_supplicant when built with a 
crypto library that aims FIPS 140-3 compliance.

First, SAE. In sae_derive_pwe_ecc and sae_derive_pwe_ffc, an HMAC is 
calculated. The HMAC key is obtained by concatenating two MAC addresses. 
The crypto library's HMAC function called by hmac_sha256_vector returns 
an error code, on the grounds that the 96-bit key is shorter than the 
minimum 112-bit length recommended by NIST SP 800-131A Rev. 2 
<https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final>.

Next, SAE-PK. SAE-PK involves the AES-SIV cipher, which is not 
FIPS-approved.

Does this mean that WPA3 is incompatible with FIPS? That would be 
puzzling, when the arguably less secure WPA2 does not pose such a 
problem (only constraints on the length of SSID/passphrases).

Or, can it be claimed that these operations do not fulfill a security 
function? In which case, I believe, using a non-FIPS-approved algorithm 
is permitted.

Regards.




More information about the Hostap mailing list