198
edits
FIPS Module Specification: Difference between revisions
Jump to navigation
Jump to search
no edit summary
mNo edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
==Cryptographic Module Specification== | ==Cryptographic Module Specification== | ||
A series of '''security libraries''' represent the cryptographic module which present | A series of '''security libraries''' represent the cryptographic module which present an application programmer interface ('''API''') to client and server applications utilizing NSS. The libraries are compiled and built for specific platforms (see [http://wiki.mozilla.org/Security_Policy#Platform_List Platform List]) and tagged with a release identifier to be published on mozilla.org. The release compliant with FIPS 140-2 is NSS 3.11.5. | ||
The cryptographic module is defined to be a subset of the functions within these libraries. The subset is below the top layer of functions normally called by application programs. Functions that are being certified include TripleDES(KO 1,2,3 56/112/168), AES(128/192/256), SHS (SHA-1, -256, -384 -512), HMAC, DSA (512/1024), RSA (1024/8092). | |||
===Module Components=== | |||
NSS is a software cryptographic implementation. No hardware or firmware components are include. | |||
===The Cryptographic Boundary=== | |||
NSS's PKCS#11 (Cryptoki) implementation forms the cryptographic module. The API itself is considered to define the cryptographic boundary, thus all implementation is considered below the boundary. Also included in this module is the FIPS PKCS#11 token. This is a Cryptoki token designed specifically for FIPS, and allows applications using NSS to operate in a strictly FIPS-mode. The diagram below shows the relationship of the layers. | |||
[[ Image:Fipsmod.png ]] | [[ Image:Fipsmod.png ]] | ||