FIPS2009 Section 1: Cryptographic Module Specification: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "''This is a draft document'' {| border="1" cellpadding="2" |+ |- ! Document Description ! DTR Section ! Assessment ! Status |- |'''Approved mode of operation''' || [http://wi...")
 
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
''This is a draft document''
{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
|+
|+
Line 19: Line 17:
||  
||  
[http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy Rule 33] <br>
[http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy Rule 33] <br>
[http://wiki.mozilla.org/FIPS_Module_Specification#Approved_Mode_of_Operation Approved Mode of Operation]
[http://wiki.mozilla.org/FIPS_Module_Specification_2009#Approved_Mode_of_Operation Approved Mode of Operation]
|| Draft
|| Draft
|-
|-
Line 28: Line 26:
|'''Modules Components'''
|'''Modules Components'''
| [http://wiki.mozilla.org/F2009VE_01#VE.01.08.01 VE.01.08.01 ] <br> [http://wiki.mozilla.org/F2009VE_01#VE.01.08.02 VE.01.08.02 ]
| [http://wiki.mozilla.org/F2009VE_01#VE.01.08.01 VE.01.08.01 ] <br> [http://wiki.mozilla.org/F2009VE_01#VE.01.08.02 VE.01.08.02 ]
| [http://wiki.mozilla.org/FIPS_Module_Specification#Module_Components Module Components]|| Draft
| [http://wiki.mozilla.org/FIPS_Module_Specification_2009#Module_Components Module Components]|| Draft
|-
|-
|'''Cryptographic Boundary'''||  
|'''Cryptographic Boundary'''||  
Line 34: Line 32:
[http://wiki.mozilla.org/F2009VE_01#VE.01.08.04 VE.01.08.04 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.08.04 VE.01.08.04 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.08.05 VE.01.08.05 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.08.05 VE.01.08.05 ]
| [http://wiki.mozilla.org/FIPS_Module_Specification#The_Cryptographic_Boundary Cryptographic Boundary]|| Draft
| [http://wiki.mozilla.org/FIPS_Module_Specification_2009#The_Cryptographic_Boundary Cryptographic Boundary]|| Draft
|-
|-
|'''Physical Description'''||
|'''Physical Description'''||
Line 44: Line 42:
[http://wiki.mozilla.org/F2009VE_01#VE.01.09.01 VE.01.09.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.09.01 VE.01.09.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.09.02 VE.01.09.02 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.09.02 VE.01.09.02 ]
| [http://wiki.mozilla.org/FIPS_Module_Specification#Module_Components Module Components]|| Draft
| [http://wiki.mozilla.org/FIPS_Module_Specification_2009#Module_Components Module Components]|| Draft
|-
|-
|'''Algorithm Certificates'''||
|'''Algorithm Certificates'''||
[http://wiki.mozilla.org/F2009VE_01#VE.01.12.01 VE.01.12.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.12.01 VE.01.12.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.12.02 VE.01.12.02 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.12.02 VE.01.12.02 ]
| [http://wiki.mozilla.org/FIPS_Validation#Algorithms Approved Algorithms]
| [http://wiki.mozilla.org/FIPS2009#Algorithms Approved Algorithms]
Non-Approved algorithms may only be used in non-FIPS mode, unless an exception is noted:
Non-Approved algorithms may only be used in non-FIPS mode, unless an exception is noted:
* MD2
* MD2
Line 64: Line 62:
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.02 VE.01.13.02 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.02 VE.01.13.02 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.03 VE.01.13.03 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.03 VE.01.13.03 ]
| [http://wiki.mozilla.org/FIPS_Module_Specification#Hardware_Diagram Hardware Diagram] || Draft
| [http://wiki.mozilla.org/FIPS_Module_Specification_2009#Hardware_Diagram Hardware Diagram] || Draft
|-
|-
|'''Block Diagram'''||
|'''Block Diagram'''||
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.04 VE.01.13.04 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.13.04 VE.01.13.04 ]
| The physical cryptographic boundary of the NSS module surrounds all the components of the general purpose computer. The logical cryptographic boundary is shown in [http://wiki.mozilla.org/FIPS_Module_Specification#The_Cryptographic_Boundary Cryptographic Boundary]
| The physical cryptographic boundary of the NSS module surrounds all the components of the general purpose computer. The logical cryptographic boundary is shown in [http://wiki.mozilla.org/FIPS_Module_Specification_2009#The_Cryptographic_Boundary Cryptographic Boundary]
|| Draft
|| Draft
|-
|-
|'''Design Specification'''||
|'''Design Specification'''||
[http://wiki.mozilla.org/F2009VE_01#VE.01.14.01 VE.01.14.01 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.14.01 VE.01.14.01 ]
|The design of the software contained in the NSS module is specified in [http://wiki.mozilla.org/FIPS_Module_Specification#Design_Specification Design Specification] || Draft
|The design of the software contained in the NSS module is specified in [http://wiki.mozilla.org/FIPS_Module_Specification_2009#Design_Specification Design Specification] || Draft
|-
|-
|'''Security Policy'''||
|'''Security Policy'''||
[http://wiki.mozilla.org/F2009VE_01#VE.01.15.01 VE.01.15.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.15.01 VE.01.15.01 ] <br>
[http://wiki.mozilla.org/F2009VE_01#VE.01.16.01 VE.01.16.01 ]
[http://wiki.mozilla.org/F2009VE_01#VE.01.16.01 VE.01.16.01 ]
| [http://wiki.mozilla.org/FIPS_Module_Specification#Security-Related_Information Security-Related Information] <br> [http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy]
| [http://wiki.mozilla.org/FIPS_Module_Specification_2009#Security-Related_Information Security-Related Information] <br> [http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy]
|| Draft
|| Draft
|}
|}


Return to: [[NSSCryptoModuleSpec]]
Return to: [[NSSCryptoModuleSpec2009]]

Latest revision as of 01:21, 16 November 2011

Document Description

DTR Section

Assessment

Status

Approved mode of operation

VE.01.03.01
VE.01.03.02

Security Policy Rule 33
Approved Mode of Operation

Draft
Processor interfaces VE.01.06.01
VE.01.06.02
(N/A) NSS is a software cryptographic module that runs on a general purpose computer. Draft
Modules Components VE.01.08.01
VE.01.08.02
Module Components Draft
Cryptographic Boundary

VE.01.08.03
VE.01.08.04
VE.01.08.05

Cryptographic Boundary Draft
Physical Description

VE.01.08.06
VE.01.08.07

(N/A) a general purpose computer Draft
Excluded Components

VE.01.09.01
VE.01.09.02

Module Components Draft
Algorithm Certificates

VE.01.12.01
VE.01.12.02

Approved Algorithms

Non-Approved algorithms may only be used in non-FIPS mode, unless an exception is noted:

  • MD2
  • MD5: may be used in the TLS pseudo-random function (PRF) in FIPS mode
  • DES: may be used for interoperation with legacy systems in FIPS mode
  • RC2
  • RC4
  • Camellia
  • SEED
Draft
Hardware Diagrams

VE.01.13.01
VE.01.13.02
VE.01.13.03

Hardware Diagram Draft
Block Diagram

VE.01.13.04

The physical cryptographic boundary of the NSS module surrounds all the components of the general purpose computer. The logical cryptographic boundary is shown in Cryptographic Boundary Draft
Design Specification

VE.01.14.01

The design of the software contained in the NSS module is specified in Design Specification Draft
Security Policy

VE.01.15.01
VE.01.16.01

Security-Related Information
Security Policy
Draft

Return to: NSSCryptoModuleSpec2009