3.1.5.5 Crypto checksum generation

This section describes the algorithm used to generate a crypto checksum using a Key Derivation Function ([SP800-108]). The algorithm accepts the following inputs:

• Key: An array of bytes.

• Label: An array of bytes.

• Context: An array of bytes.

• Message: An array of bytes.

The checksum generation algorithm is defined as follows:

 K = KDF(Key, Label, Context)
 CryptoChecksum = HMACSHA512(K, Message)

Where:

• KDF is an execution of the algorithm specified in [SP800-108] section 5.1.

• Key, Label, and Context are inputs to the checksum algorithm as specified previously; Key corresponds to the parameter K_I in [SP800-108] section 5.1; Label and Context correspond to the parameters by the same names in [SP800-108] section 5.1.

• Message is an input to the checksum algorithm as specified previously.

• HMACSHA512 is an invocation of the Hash-based Message Authentication Mode (HMAC) function with hash function SHA512 (defined in [FIPS180-3]).

The resulting 512-bit CryptoChecksum value is returned to the caller upon completion.