MozillaWiki

FIPS Validation: Difference between revisions
(Note products implementing FIPS mode NSS)
 
(128 intermediate revisions by 12 users not shown)
Line 1: Line 1:
== NSS FIPS 140-2 validation ==
== NSS FIPS 140 validation ==


Target Release: NSS 3.11
Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in '''NSS 3.12.4''' and '''NSS 3.12.5''' and '''NSS 3.12.6'''. Binaries are available [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/ | here].


=== Platforms ===
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here. View the [[FIPS2009]] validation here. 


This page documents our current NSS FIPS 140 validation.
== Platforms for 2011 ==
* Level 1
* Level 1
** RHEL 4 x86
** RHEL '''6''' x86 32 bit (no AES-NI)
** Windows XP Service Pack 2
** RHEL '''6''' x86 64 bit
** 64-bit Solaris 10 AMD64
** HP-UX B.11.11 PA-RISC
** Mac OS X 10.4
* Level 2
** RHEL 3 or RHEL 4 x86 (see Note).
** 64-bit Trusted Solaris 8 SPARC
 
Note: Level 2 testing must be performed on an operating system that has received Common Criteria certification at level EAL2 or higher. Qualified operating systems today include RHEL 3 (EAL3), Trusted Solaris 8, and Windows 2000 (EAL4). If RHEL 4 achieves Common Criteria certification (at level EAL4) in time, we will perform level 2 testing on RHEL 4; otherwise we will do level 2 testing on RHEL 3.
 
=== Schedule ===


{| border="1" cellpadding="2"
== Algorithms ==
|-
! Milestone !! Item !! Deps !! Time !! Who !! Completed
|-
! M1 !! Initial Setup !! !! !! !!
|-
! 1a !! Choose validation Lab, approve costs, and sign NDA !! all !!  !! all !! [http://www.bkpsecurity.com/ BKP Security ]
|-
! 1b !! [http://csrc.nist.gov/publications/nistpubs/800-29/sp800-29.pdf Review FIPs 140-2 and compare to FIPS 140-1] !! all !! !! !! X
|-
! 1c !! BKP Training course June 21st and June 22nd !!  !! !! glen,jullien,Darren,Wan-Teh,Bob !! X
|-
! 1d !! Define Algorithms, Key Sizes and modes !! !! !! !! X
|-
! M2 !! Complete NSS 3.11 FIPS dependant bugs  !! !! !! !! X
|-
! M3  !! Update documentation (numbers in parentheses refer to sections in FIPS documentation) !! !! !! !! 
|-
! 3a. !! (1.0) Security policy, new algorithms !! 1d !! 2 wks !! all !! ongoing
|-
! 3b. !! Generate annotated source tree (LXR -> HTML) !! M2 !! !! glen !! ongoing
|-
! 3c. !! (2.0) Finite State Machine !! 3b !! 3 wks !! !!
|-
! 3d. !! (3.0/4.0) Cryptographic Module Definition !! 3b !!  2 wks !! !!
|-
! 3e. !! (6.0) Software Security (rules-to-code map) !! 3b !! 2 wks !! !!
|-
! 3f. !! (8.0) Key Management Generate 20K random #'s !! !! 1 day !! !!
|-
! 3g. !! (9.0) Cryptographic Algs !! 3a !! 3 days !! !!
|-
! 3h. !! (10.0) Operational Test Plan !! !! 1 day !! !! 
|-
! 3i. !! Document architectural changes between 3.2 and 3.11 !!  !! 5 days !! !!
|-
! M4 !! Send docs to testing lab  !! !! !! !!
|-
! 4a. !! Security Policy !! !! all !! ongoing !!
|-
! 4b. !! Finite State Machine !! 3c !! !! !! 
|-
! 4c. !! Module Def. / rules-to-code !! 3d,3e !! !! !!
|-
! M5  !! Operational validation !! !! !! !!
|-
! 5a. !! Algorithm testing !! !! 1 month !! !!
|-
! 5b. !! Operational testing !! 3h !! 1 week !! !!
|-
! 5c !! set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them)  !! !! !! !!
|-
! M6 !! Internal QA of docs !! M2-M5 !! 1 week !! all !!
|-
! M7 !! Communication between NSS team / Lab / NIST about status of validation / algorithm certificates !! M1-5 !! 3-6 mos !! all !!
|}


=== Algorithms ===
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.


Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms:
{| border="1" cellpadding="2" summary="Algorithms"
{| border="1" cellpadding="2"
|+
|-
|-
!Algorithms !! Key Size !! Modes !! Testing Completed
!Algorithms !! Key Size !! Modes !! Certificates


|-
|-
!Triple DES
![http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html TripleDES]
| KO 1,2,3 (56,112,168) || ECB,CBC ||  
| KO 1,2,3 (56,112,168)
 
||
TECB(e/d; KO 1,2,3)<br>
TCBC(e/d; KO 1,2,3)
||  
Pending
|-
|-
! AES  
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]
| 128/192/256 || ECB,CBC ||  
| 128/192/256
 
||
ECB(e/d; 128,192,256)<br>
CBC(e/d; 128,192,256)
||  
Pending
|-
|-
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
| N/A || N/A ||  
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm SHS]
 
|
SHA-1  (BYTE-only)<br>
SHA-256 (BYTE-only)<br>
SHA-384 (BYTE-only)<br>
SHA-512 (BYTE-only)
|| N/A ||  
Pending
|-
|-
! HMAC
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
|  
|  
SHA-1, SHA-256,  
HMAC-SHA1, HMAC-SHA256,<br>
SHA-384, SHA-512
HMAC-SHA384, HMAC-SHA512
||  
||  
KeySize < BlockSize,  
KeySize < BlockSize,<br>
KeySize = BlockSize,  
KeySize = BlockSize,<br>
KeySize < BlockSize  
KeySize > BlockSize  
||  
||  
 
Pending
|-
|-
! RNG
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]
| N/A  
| N/A  
||   
||   
FIPS 186-2 General Purpose( x-Change Notice );
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
( SHA-1 )
||  
||  
 
Pending
|-
|-
! DSA  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]
| 512-1024 ||  
| 512-1024 ||
PQG(gen) PQG(ver)  
PQG(gen)MOD(1024);<br>
PRIME SIGN(gen) SIGN(ver)  
PQG(ver)MOD(1024);<br>
KEYGEN(Y)  
KEYGEN(Y)MOD(1024);<br>
SIG(gen)MOD(1024);<br>
SIG(ver)MOD(1024);
||  
||  
 
Pending
|-
|-
! RSA  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]
| 1024-8092 ||   
| 1024-8192 ||   
ALG[RSASSA-PKCS1_V1_5];  SIG(gen);   
ALG[RSASSA-PKCS1_V1_5];  SIG(gen);   
SIG(ver);  
SIG(ver);  
||
||
Pending
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
(Extended ECC)
| 163-571 ||
PKG: CURVES( ALL-P ALL-K ALL-B );<br>
PKV: CURVES( ALL-P ALL-K ALL-B );<br>
SIG(gen): CURVES( ALL-P ALL-K ALL-B );<br>
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
||
Not In 2011 Validation
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
(Basic ECC)
| 256-521 ||
PKG: CURVES( ALL-P P-256 P-384 P-521 );<br>
PKV: CURVES( ALL-P P-256 P-384 P-521 );<br>
SIG(gen): CURVES( ALL-P P-256 P-384 P-521 );<br>
SIG(ver): CURVES( P-256 P-384 P-521 );
||
Not In 2011 Validation
|}
|}


In this validation, we should validate AES and Triple DES first because their
== Dependant Bugs ==
implementations are stable.  When the new SHA-1 implementation for
{| border="1" cellpadding="2" summary="Dependent Bugs"
AMD64/EM64T is checked in, we should test SHS because RNG and DSA depend on
SHA-1.  After SHS is tested, we can test HMAC.  Finally, when the new big num
library code is checked in, we can test the rest of the algorithms (RNG, DSA,
and RSA).
 
=== Dependant Bugs ===
{| border="1" cellpadding="2"
|-
|-
! Bug !! Description !! Completed  
! Bug !! Description !! Completed  
|-  
|-  
|[https://bugzilla.mozilla.org/show_bug.cgi?id=259135 259135] || power-up self-tests needed for SHA-256,384,512 and AES || ?
|||  ||  
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=294106 294106] || Implement the recommended PRNG changes described in FIPS 186-2 Change Notice 1 || ?
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298506 298506 ] || Implement logging for auditable events required by FIPS 140-2 || ?
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298511 298511 ] || Implement ANSI RNG for FIPS 140-2 || ?
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298512 298512 ] || Ensure the seed and seed key input for RNG do not have same value for FIPS 140-2 || ?
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298513 298513 ] || Implement pairwise consistency test for key transport key generation FIPS 140-2 || Completed
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298514 298514 ]|| Implement pairwise consistency for digitial signature key generation for FIPS 140-2 || Completed
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298516 298516 ] || Implement minimum length of PINs for FIPS 140-2 mode || Patch submitted
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298517 298517 ] || Implement minimum time intervals for login attempts failures for FIPS 140-2 || Patch submitted
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298518 298518 ] || Implement FIPS module failure if Non-approved Algorithms are used for FIPS 140-2 || ?
|-
| [https://bugzilla.mozilla.org/show_bug.cgi?id=298520 298520 ] || Implement key establishment must be as secure as the strength of the key being transported for FIPS 140-2 || ?
|-
|[https://bugzilla.mozilla.org/show_bug.cgi?id=298522 298522 ] || Implement more power-up self tests, such as HMAC, RSA for FIPS 140-2 || ?
|}
|}


=== Testing Lab ===  
== Testing Lab ==
[http://www.bkpsecurity.com/ BKP Security ]
[http://www.saic.com/infosec/testing-accreditation/ SAIC ]


=== FIPS Information ===
== FIPS 140 Information ==


[http://csrc.nist.gov/cryptval/ NIST Cryptographic Module Validation Program ]  
[http://csrc.nist.gov/cryptval/ NIST Cryptographic Module Validation Program ]  
Line 186: Line 128:


[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
== Vendor Information ==
This validation is supported and maintained by the following corporations:
Red Hat, Inc.: http://www.redhat.com/about/contact/
== Products Implementing FIPS 140-2 Validated NSS ==
* [https://www.redhat.com Red Hat Enterprise Linux] ([https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard#enabling-fips-mode Documentation])
<BR>
[[Category:NSS]]

Latest revision as of 20:19, 20 November 2017

NSS FIPS 140 validation

Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.

NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.

This page documents our current NSS FIPS 140 validation.

Platforms for 2011

  • Level 1
    • RHEL 6 x86 32 bit (no AES-NI)
    • RHEL 6 x86 64 bit

Algorithms

Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.

Algorithms Key Size Modes Certificates
TripleDES KO 1,2,3 (56,112,168)

TECB(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)

Pending

AES 128/192/256

ECB(e/d; 128,192,256)
CBC(e/d; 128,192,256)

Pending

SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)

SHS

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

N/A

Pending

HMAC

HMAC-SHA1, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512

KeySize < BlockSize,
KeySize = BlockSize,
KeySize > BlockSize

Pending

DRBG N/A

Hash_DRBG of NIST SP 800-90

Pending

DSA 512-1024

PQG(gen)MOD(1024);
PQG(ver)MOD(1024);
KEYGEN(Y)MOD(1024);
SIG(gen)MOD(1024);
SIG(ver)MOD(1024);

Pending

RSA 1024-8192

ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver);

Pending

ECDSA

(Extended ECC)

163-571

PKG: CURVES( ALL-P ALL-K ALL-B );
PKV: CURVES( ALL-P ALL-K ALL-B );
SIG(gen): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );

Not In 2011 Validation

ECDSA

(Basic ECC)

256-521

PKG: CURVES( ALL-P P-256 P-384 P-521 );
PKV: CURVES( ALL-P P-256 P-384 P-521 );
SIG(gen): CURVES( ALL-P P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );

Not In 2011 Validation

Dependant Bugs

Bug Description Completed

Testing Lab

SAIC

FIPS 140 Information

NIST Cryptographic Module Validation Program

NIST Crypto Toolkit

NSS FIPS 140-2 Validation Docs

NSS FIPS 140-2 Validation Docs

FIPS 140-2 Derived Test Requirements (DTR)

FIPS 140-2 Derived Test Requirements (DTR)


Vendor Information

This validation is supported and maintained by the following corporations:

Red Hat, Inc.: http://www.redhat.com/about/contact/

Products Implementing FIPS 140-2 Validated NSS


Retrieved from "https://wiki.mozilla.org/index.php?title=FIPS_Validation&oldid=1184489"