FIPS Validation: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Note products implementing FIPS mode NSS)
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== NSS FIPS 140 validation ==
== NSS FIPS 140 validation ==


Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in '''NSS 3.11.4''' and '''NSS 3.11.5'''.
Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in '''NSS 3.12.4''' and '''NSS 3.12.5''' and '''NSS 3.12.6'''. Binaries are available [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/ | here].


NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here.   
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here. View the [[FIPS2009]] validation here.   


This page documents our current NSS FIPS 140 validation.
This page documents our current NSS FIPS 140 validation.


==Updates==
== Platforms for 2011 ==
 
 
Summer 2009 FIPS 140 validation will be based on Softoken 3.12.4 and NSS is on the [http://csrc.nist.gov/groups/STM/cmvp/inprocess.html | Module in Process] CMVP list.
 
 
July 10 2009 NSS Softoken 3.12.4 has received all of it's algorithm certificates!
 
== Platforms for 2009 ==
* Level 1
* Level 1
** Windows XP Service Pack 2
** RHEL '''6''' x86 32 bit (no AES-NI)
** Mac OS X 10.5
** RHEL '''6''' x86 64 bit
* Level 2
** RHEL '''5''' x86 32 bit
** RHEL '''5''' x86 64 bit
** Solaris 10 64-bit SPARC v9
** Solaris 10 32-bit SPARC v8+
** Solaris 10 32-bit x86
** Solaris 10 64-bit x86_64
 


== Algorithms ==


== Algorithms ==
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.


Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms. Previous certificates are shown for softoken 3.11.4 and we will update when new certificates are granted.
{| border="1" cellpadding="2" summary="Algorithms"
{| border="1" cellpadding="2" summary="Algorithms"
|-
|-
Line 43: Line 27:
TCBC(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#822 #822 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#823 #823 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#821 #821 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]  
Line 53: Line 35:
CBC(e/d; 128,192,256)
CBC(e/d; 128,192,256)
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1127 #1127 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1128 #1128 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1126 #1126 NSS No ECC Build]
|-
|-
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
Line 65: Line 45:
SHA-512 (BYTE-only)
SHA-512 (BYTE-only)
|| N/A ||  
|| N/A ||  
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1049 #1049 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1050 #1050 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1048 #1048 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
Line 78: Line 56:
KeySize > BlockSize  
KeySize > BlockSize  
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#637 #637 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#638 #638 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#636 #636 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]  
Line 87: Line 63:
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#17 #17 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#18 #18 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#16 #16 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]  
Line 99: Line 73:
SIG(ver)MOD(1024);
SIG(ver)MOD(1024);
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#367 #367 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#368 #368 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#366 #366 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]  
Line 108: Line 80:
SIG(ver);  
SIG(ver);  
||
||
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#534 #534 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#535 #535 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#533 #533 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
Line 120: Line 90:
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#132 #132 NSS Extended ECC Build]<br>
Not In 2011 Validation
 
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
Line 131: Line 100:
SIG(ver): CURVES( P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#133 #133 NSS Basic ECC Build]<br>
Not In 2011 Validation
|}
|}


Line 143: Line 112:


== Testing Lab ==
== Testing Lab ==
[http://www.atlanlabs.com/ Atlan Labs ]
[http://www.saic.com/infosec/testing-accreditation/ SAIC ]


== FIPS 140 Information ==
== FIPS 140 Information ==
Line 160: Line 129:
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]


== Schedule ==


{| border="1" cellpadding="2" summary="schedule table"
== Vendor Information ==
|-
 
! Milestone !! Item !! Deps !! Time !! Who !! Completed
This validation is supported and maintained by the following corporations:
|-
 
| M1 || Initial Setup || || || ||
Red Hat, Inc.: http://www.redhat.com/about/contact/
|-
 
| 1a || Choose validation Lab, approve costs, and sign NDA || all ||  || all ||  [http://www.atlanlabs.com/ Atlan] 
== Products Implementing FIPS 140-2 Validated NSS ==
|-
 
| 1d || Define Algorithms, Key Sizes and modes || || || || 
* [https://www.redhat.com Red Hat Enterprise Linux] ([https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard#enabling-fips-mode Documentation])
|-
| M2 || Complete NSS 3.12 FIPS dependant bugs  || || || ||
|-
| M3  || Update documentation (numbers in parentheses refer to sections in FIPS documentation) || || || || 
|-
| 3a. || (1.0) Security policy, new algorithms || 1d || 2 wks || all ||
|-
| 3b. || Generate annotated source tree (LXR -> HTML) || M2 || || ||
|-
| 3c. || (2.0) Finite State Machine || 3b || 3 wks || ||
|-
| 3d. || (3.0/4.0) Cryptographic Module Definition || 3b ||  2 wks || ||
|-
| 3e. || (6.0) Software Security (rules-to-code map) || 3b || 2 wks || ||
|-  
| 3f. || (8.0) Key Management Generate 20K random #'s || || 1 day || || 
|-
| 3g. || (9.0) Cryptographic Algs || 3a || 3 days || ||
|-
| 3h. || (10.0) Operational Test Plan || || 1 day || || 
|-
| 3i. || Document architectural changes between 3.2 and 3.11 ||  || 5 days || || 
|-
| M4 || Send docs to testing lab  || || || ||
|-
| 4a. || Security Policy || || all ||  ||
|-
| 4b. || Finite State Machine || 3c || || || 
|-
| 4c. || Module Def. / rules-to-code || 3d,3e || || ||
|-
| M5  || Operational validation || || || ||
|-
| 5a. || Algorithm testing || || 1 month || || 
|-
| 5b. || Operational testing || 3h || 1 week || ||
|-
| 5c || set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) || || || ||
|-
| M6 || Internal QA of docs || M2-M5 || 1 week || all ||
|-
| M7 || Communication between NSS team / Lab / NIST about status of validation / algorithm certificates || M1-5 || 3-6 mos || all ||
|}


<BR>
<BR>
[[Category:NSS]]
[[Category:NSS]]

Latest revision as of 20:19, 20 November 2017

NSS FIPS 140 validation

Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.

NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.

This page documents our current NSS FIPS 140 validation.

Platforms for 2011

  • Level 1
    • RHEL 6 x86 32 bit (no AES-NI)
    • RHEL 6 x86 64 bit

Algorithms

Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.

Algorithms Key Size Modes Certificates
TripleDES KO 1,2,3 (56,112,168)

TECB(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)

Pending

AES 128/192/256

ECB(e/d; 128,192,256)
CBC(e/d; 128,192,256)

Pending

SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)

SHS

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

N/A

Pending

HMAC

HMAC-SHA1, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512

KeySize < BlockSize,
KeySize = BlockSize,
KeySize > BlockSize

Pending

DRBG N/A

Hash_DRBG of NIST SP 800-90

Pending

DSA 512-1024

PQG(gen)MOD(1024);
PQG(ver)MOD(1024);
KEYGEN(Y)MOD(1024);
SIG(gen)MOD(1024);
SIG(ver)MOD(1024);

Pending

RSA 1024-8192

ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver);

Pending

ECDSA

(Extended ECC)

163-571

PKG: CURVES( ALL-P ALL-K ALL-B );
PKV: CURVES( ALL-P ALL-K ALL-B );
SIG(gen): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );

Not In 2011 Validation

ECDSA

(Basic ECC)

256-521

PKG: CURVES( ALL-P P-256 P-384 P-521 );
PKV: CURVES( ALL-P P-256 P-384 P-521 );
SIG(gen): CURVES( ALL-P P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );

Not In 2011 Validation

Dependant Bugs

Bug Description Completed

Testing Lab

SAIC

FIPS 140 Information

NIST Cryptographic Module Validation Program

NIST Crypto Toolkit

NSS FIPS 140-2 Validation Docs

NSS FIPS 140-2 Validation Docs

FIPS 140-2 Derived Test Requirements (DTR)

FIPS 140-2 Derived Test Requirements (DTR)


Vendor Information

This validation is supported and maintained by the following corporations:

Red Hat, Inc.: http://www.redhat.com/about/contact/

Products Implementing FIPS 140-2 Validated NSS


Retrieved from "https://wiki.mozilla.org/index.php?title=FIPS_Validation&oldid=1184489"