TD0696: Removal of 160 bit selection from FCS_COP.1/HASH & FCS_COP.1/KEYHMAC
Support for SHA-1 was removed, but the 160 bit message size remained.
OS PP v4.3 is modified as follows, with strikethroughs denoting deletions:
FCS_COP.1.1/HASH is modified as follows:
The OS shall perform [cryptographic hashing services] in accordance with a
specified cryptographic algorithm [selection:
] and message digest sizes [selection:
· 256 bits
· 384 bits
· 512 bits
] that meet the following: [FIPS Pub 180-4].
FCS_COP.1.1/KEYHMAC is modified as follows:
The OS shall perform [keyed-hash message authentication services] in
accordance with a specified cryptographic algorithm [selection: SHA-256,
SHA-384, SHA-512] with key sizes [assignment: key size (in bits) used in
HMAC] and message digest sizes [selection:
bits] that meet the following: [FIPS Pub 198-1 The Keyed-Hash Message
Authentication Code and FIPS Pub 180-4 Secure Hash Standard].
SHA-1 algorithms from TLS Functional Package v1.1 and SSH Functional Package v1.0 cannot be selected when used with OS PP v4.3. Therefore, the 160 bits selection can be removed.