FIPS Validation: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Note products implementing FIPS mode NSS)
 
(17 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== NSS FIPS 140 validation ==
== NSS FIPS 140 validation ==


Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in '''NSS 3.11.4''' and '''NSS 3.11.5'''.
Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in '''NSS 3.12.4''' and '''NSS 3.12.5''' and '''NSS 3.12.6'''. Binaries are available [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/ | here].


NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here.   
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here. View the [[FIPS2009]] validation here.   


This page documents our current NSS FIPS 140 validation.
This page documents our current NSS FIPS 140 validation.


==Updates==
== Platforms for 2011 ==
 
 
Summer 2009 FIPS 140 validation will be based on Softoken 3.12.4 and NSS is on the [http://csrc.nist.gov/groups/STM/cmvp/inprocess.html | Module in Process] CMVP list.
 
 
July 10 2009 NSS Softoken 3.12.4 has received all of it's algorithm certificates!
 
== Platforms for 2009 ==
* Level 1
* Level 1
** Windows XP Service Pack 2
** RHEL '''6''' x86 32 bit (no AES-NI)
** Mac OS X 10.5
** RHEL '''6''' x86 64 bit
* Level 2
** RHEL '''5''' x86 32 bit
** RHEL '''5''' x86 64 bit
** Solaris 10 64-bit SPARC v9
** Solaris 10 32-bit SPARC v8+
** Solaris 10 32-bit x86
** Solaris 10 64-bit x86_64
 
 


== Algorithms ==
== Algorithms ==
Line 44: Line 27:
TCBC(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#822 #822 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#823 #823 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html#821 #821 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]  
Line 54: Line 35:
CBC(e/d; 128,192,256)
CBC(e/d; 128,192,256)
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1127 #1127 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1128 #1128 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1126 #1126 NSS No ECC Build]
|-
|-
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
Line 66: Line 45:
SHA-512 (BYTE-only)
SHA-512 (BYTE-only)
|| N/A ||  
|| N/A ||  
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1049 #1049 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1050 #1050 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm#1048 #1048 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
Line 79: Line 56:
KeySize > BlockSize  
KeySize > BlockSize  
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#637 #637 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#638 #638 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html#636 #636 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]  
Line 88: Line 63:
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#17 #17 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#18 #18 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html#16 #16 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]  
Line 100: Line 73:
SIG(ver)MOD(1024);
SIG(ver)MOD(1024);
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#367 #367 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#368 #368 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm#366 #366 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]  
Line 109: Line 80:
SIG(ver);  
SIG(ver);  
||
||
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#534 #534 NSS Extended ECC Build]<br>
Pending
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#535 #535 NSS Basic ECC Build]<br>
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html#533 #533 NSS No ECC Build]
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
Line 121: Line 90:
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#132 #132 NSS Extended ECC Build]<br>
Not In 2011 Validation
 
|-
|-
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
Line 132: Line 100:
SIG(ver): CURVES( P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );
||  
||  
[http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html#133 #133 NSS Basic ECC Build]<br>
Not In 2011 Validation
|}
|}


Line 144: Line 112:


== Testing Lab ==
== Testing Lab ==
[http://www.atlanlabs.com/ Atlan Labs ]
[http://www.saic.com/infosec/testing-accreditation/ SAIC ]


== FIPS 140 Information ==
== FIPS 140 Information ==
Line 161: Line 129:
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]


== Schedule ==


{| border="1" cellpadding="2" summary="schedule table"
== Vendor Information ==
|-
 
! Milestone !! Item !! Deps !! Time !! Who !! Completed
This validation is supported and maintained by the following corporations:
|-
 
| M1 || Initial Setup || || || ||
Red Hat, Inc.: http://www.redhat.com/about/contact/
|-
 
| 1a || Choose validation Lab, approve costs, and sign NDA || all ||  || all ||  [http://www.atlanlabs.com/ Atlan] 
== Products Implementing FIPS 140-2 Validated NSS ==
|-
 
| 1d || Define Algorithms, Key Sizes and modes || || || || 
* [https://www.redhat.com Red Hat Enterprise Linux] ([https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard#enabling-fips-mode Documentation])
|-
| M2 || Complete NSS 3.12 FIPS dependant bugs  || || || ||
|-
| M3  || Update documentation (numbers in parentheses refer to sections in FIPS documentation) || || || || 
|-
| 3a. || (1.0) Security policy, new algorithms || 1d || 2 wks || all ||
|-
| 3b. || Generate annotated source tree (LXR -> HTML) || M2 || || ||
|-
| 3c. || (2.0) Finite State Machine || 3b || 3 wks || ||
|-
| 3d. || (3.0/4.0) Cryptographic Module Definition || 3b ||  2 wks || ||
|-
| 3e. || (6.0) Software Security (rules-to-code map) || 3b || 2 wks || ||
|-  
| 3f. || (8.0) Key Management Generate 20K random #'s || || 1 day || || 
|-
| 3g. || (9.0) Cryptographic Algs || 3a || 3 days || ||
|-
| 3h. || (10.0) Operational Test Plan || || 1 day || || 
|-
| 3i. || Document architectural changes between 3.2 and 3.11 ||  || 5 days || || 
|-
| M4 || Send docs to testing lab  || || || ||
|-
| 4a. || Security Policy || || all ||  ||
|-
| 4b. || Finite State Machine || 3c || || || 
|-
| 4c. || Module Def. / rules-to-code || 3d,3e || || ||
|-
| M5  || Operational validation || || || ||
|-
| 5a. || Algorithm testing || || 1 month || || 
|-
| 5b. || Operational testing || 3h || 1 week || ||
|-
| 5c || set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) || || || ||
|-
| M6 || Internal QA of docs || M2-M5 || 1 week || all ||
|-
| M7 || Communication between NSS team / Lab / NIST about status of validation / algorithm certificates || M1-5 || 3-6 mos || all ||
|}


<BR>
<BR>
[[Category:NSS]]
[[Category:NSS]]

Latest revision as of 20:19, 20 November 2017

NSS FIPS 140 validation

Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.

NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.

This page documents our current NSS FIPS 140 validation.

Platforms for 2011

  • Level 1
    • RHEL 6 x86 32 bit (no AES-NI)
    • RHEL 6 x86 64 bit

Algorithms

Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.

Algorithms Key Size Modes Certificates
TripleDES KO 1,2,3 (56,112,168)

TECB(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)

Pending

AES 128/192/256

ECB(e/d; 128,192,256)
CBC(e/d; 128,192,256)

Pending

SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)

SHS

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

N/A

Pending

HMAC

HMAC-SHA1, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512

KeySize < BlockSize,
KeySize = BlockSize,
KeySize > BlockSize

Pending

DRBG N/A

Hash_DRBG of NIST SP 800-90

Pending

DSA 512-1024

PQG(gen)MOD(1024);
PQG(ver)MOD(1024);
KEYGEN(Y)MOD(1024);
SIG(gen)MOD(1024);
SIG(ver)MOD(1024);

Pending

RSA 1024-8192

ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver);

Pending

ECDSA

(Extended ECC)

163-571

PKG: CURVES( ALL-P ALL-K ALL-B );
PKV: CURVES( ALL-P ALL-K ALL-B );
SIG(gen): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );

Not In 2011 Validation

ECDSA

(Basic ECC)

256-521

PKG: CURVES( ALL-P P-256 P-384 P-521 );
PKV: CURVES( ALL-P P-256 P-384 P-521 );
SIG(gen): CURVES( ALL-P P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );

Not In 2011 Validation

Dependant Bugs

Bug Description Completed

Testing Lab

SAIC

FIPS 140 Information

NIST Cryptographic Module Validation Program

NIST Crypto Toolkit

NSS FIPS 140-2 Validation Docs

NSS FIPS 140-2 Validation Docs

FIPS 140-2 Derived Test Requirements (DTR)

FIPS 140-2 Derived Test Requirements (DTR)


Vendor Information

This validation is supported and maintained by the following corporations:

Red Hat, Inc.: http://www.redhat.com/about/contact/

Products Implementing FIPS 140-2 Validated NSS


Retrieved from "https://wiki.mozilla.org/index.php?title=FIPS_Validation&oldid=1184489"