Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

3.1.5.5 Crypto checksum generation

This section describes the algorithm used to generate a crypto checksum using a Key Derivation Function ([SP800-108]). The algorithm accepts the following inputs:

  • Key: An array of bytes.

  • Label: An array of bytes.

  • Context: An array of bytes.

  • Message: An array of bytes.

The checksum generation algorithm is defined as follows:

K = KDF(Key, Label, Context)
CryptoChecksum = HMACSHA512(K, Message)

Where:

  • KDF is an execution of the algorithm specified in [SP800-108] section 5.1.

  • Key, Label, and Context are inputs to the checksum algorithm as specified previously; Key corresponds to the parameter KI in [SP800-108] section 5.1; Label and Context correspond to the parameters by the same names in [SP800-108] section 5.1.

  • Message is an input to the checksum algorithm as specified previously.

  • HMACSHA512 is an invocation of the Hash-based Message Authentication Mode (HMAC) function with hash function SHA512 (defined in [FIPS180-3]).

The resulting 512-bit CryptoChecksum value is returned to the caller upon completion.

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.