Make the Nigori user salt key 80-bits to be FIPS compliant.

base/crypto/symmetric_key_mac.cc

Index: base/crypto/symmetric_key_mac.cc
diff --git a/base/crypto/symmetric_key_mac.cc b/base/crypto/symmetric_key_mac.cc
index ba033a73a57b9471193b9323f3b9650b30097382..1be5d2dbe1579f344f78a3c39f6f9a88f8bccf89 100644
--- a/base/crypto/symmetric_key_mac.cc
+++ b/base/crypto/symmetric_key_mac.cc
@@ -23,8 +23,11 @@ CSSM_KEY_TYPE CheckKeyParams(base::SymmetricKey::Algorithm algorithm,
         << "Invalid key size " << key_size_in_bits << " bits";
     return CSSM_ALGID_AES;
   } else {
+    // FIPS 198 Section 3 requires the a SHA-1 derived key to be at least

[wtc, 2010/04/27 18:38:06]

Nit: SHA-1 derived key => HMAC-SHA-1 key

+    // (SHA-1 output size / 2) to be compliant. Since the ouput size of SHA-1 is
+    // 160 bits, we require at least 80 bits here.
     CHECK(algorithm == base::SymmetricKey::HMAC_SHA1);
-    CHECK(key_size_in_bits >= 64 && (key_size_in_bits % 8) == 0)
+    CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0)
         << "Invalid key size " << key_size_in_bits << " bits";
     return CSSM_ALGID_SHA1HMAC_LEGACY;
   }