汽车信息安全-加密要求

对称加密的要求，详细见NIST800-131

Two-key TDEA加密	Disallowed
Two-key TDEA解密	Legacy use
Three-key TDEA加密	Deprecated through 2023 Disallowed after 2023
Three-key TDEA解密	Legacy use
SKIPJACK 加密	Disallowed
SKIPJACK解密	Legacy use
AES-128加解密	Acceptable
AES-192加解密	Acceptable
AES-256加解密	Acceptable

数字签名要求，详细见NIST800-131

数字签名生成	< 112 bits of security strength: DSA: (L, N) ≠ (2048, 224), (2048,256) or (3072, 256) ECDSA: len(n) < 224 RSA: len(n) < 2048	Disallowed
	≥ 112 bits of security strength: DSA: (L, N) = (2048, 224), (2048,256) or (3072, 256) ECDSA or EdDSA: len(n) ≥ 224 RSA: len(n) ≥ 2048	Acceptable
数字签名核验	< 112 bits of security strength: DSA: ((512 ≤ L < 2048) or (160 ≤ N < 224)) ECDSA: 160 ≤ len(n) < 224 RSA: 1024 ≤ len(n) < 2048	Legacy use
	≥ 112 bits of security strength: DSA: (L, N) = (2048, 224), (2048,256) or (3072, 256) ECDSA and EdDSA: len(n) ≥ 224 RSA: len(n) ≥ 2048	Acceptable

随机位生成

Hash_DRBG and HMAC_DRBG	Acceptable
CTR_DRBG with three-key TDEA	Deprecated through 2023 Disallowed after 2023
CTR_DRBG with AES-128/192/256	Acceptable
DUAL_EC_DRBG	Disallowed
RNGs in FIPS 186-2,ANS X9.31,ANS X9.62-1998	Disallowed

密钥生成

密钥生成主流有两种：DH和MQV（Menezes-Qu-Vanstone），同时也有有限域和椭圆曲线的DH和MQV；

SP 800-56A DH and MQV schemes using finite fields	< 112 bits of security strength: (len(p), len(q)) = (1024, 160)	Disallowed
	≥ 112 bits of security strength: Using listed safe-prime groups OR FIPS 186-type domain parameters (112-bit security strength only): (len(p), len(q)) = (2048, 224) or (2048, 256)	Acceptable
Non-compliant DH and MQV schemes using finite fields	< 112 bits of security strength: len(p) < 2048 OR len(q) < 224	Disallowed
	Non-conformance to SP 800-56A	Disallowed after 2020
SP 800-56A DH and MQV schemes using elliptic curves	< 112 bits of security strength: len(n) < 224	Disallowed
	≥ 112 bits of security strength: (Using specified curves)	Acceptable
Non-compliant DH and MQV schemes using elliptic curves	< 112 bits of security strength: len(n) < 224	Disallowed
	≥ 112 bits of security strength: Non-conformance to SP800-56A or IG A.2	Disallowed after 2020

基于RSA的密钥交换和密钥传输

SP 800-56B Key Agreement and Key Transport schemes	len(n) < 2048	Disallowed
	len(n) ≥ 2048	Acceptable
Non-SP 800-56Bcompliant Key Agreement and Key Transport schemes	len(n) < 2048	Disallowed
	PKCS1-v1_5 padding	Deprecated through 2023 Disallowed after 2023
	Other non-compliance with SP 800-56B	Deprecated through 2020 Disallowed after 2020

密钥派生函数

KDF Type	Algorithm	Status
HMAC-based KDF	HMAC using any approved hash function	Acceptable
CMAC-based KDF	CMAC using two-key TDEA	Disallowed
	CMAC using three-key TDEA	Deprecated through 2023 Disallowed after 2023
	CMAC using AES	Acceptable

哈希函数

SHA-1	Digital signature generation	Disallowed, except where specifically allowed by NIST protocol-specific guidance.
	Digital signature verification	Legacy use
	Non-digital-signature applications	Acceptable
SHA-2(SHA-224、SHA-256、SHA-384、SHA-512,SHA-512/224,SHA-512/256)	Acceptable for all hash function applications
SHA-3（SHA3-224、SHA3-256、SHA3-384、SHA3-512）	Acceptable for all hash function applications
TupleHash and ParallelHash	Acceptable for the purpose specified in SP 800-185

MAC算法

Key lengths < 112 bits	Disallowed
Key lengths ≥ 112 bits	Acceptable
Key lengths < 112 bits	Legacy use
Key lengths ≥ 112 bits	Acceptable
Two-key TDEA	Disallowed
Three-key TDEA	Deprecated through 2023 Disallowed after 2023
AES	Acceptable
Two-key TDEA	Legacy use
Three-key TDEA	Legacy use
AES	Acceptable
AES	Acceptable
Key lengths < 112 bits	Disallowed
Key lengths ≥ 112 bits	Acceptable