FIPS Validation: Difference between revisions
m (→Algorithms) |
|||
| Line 83: | Line 83: | ||
{| border="1" cellpadding="2" summary="Algorithms" | {| border="1" cellpadding="2" summary="Algorithms" | ||
|- | |- | ||
!Algorithms !! Key Size !! Modes !! Certificates | !Algorithms !! Key Size !! Modes !! Certificates | ||
|- | |- | ||
| Line 92: | Line 92: | ||
TCBC(e/d; KO 1,2,3) | TCBC(e/d; KO 1,2,3) | ||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/aes/aesval.html AES] | ! [http://csrc.nist.gov/cryptval/aes/aesval.html AES] | ||
| Line 101: | Line 100: | ||
CBC(e/d; 128,192,256) | CBC(e/d; 128,192,256) | ||
|| | || | ||
|- | |- | ||
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)] | ![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)] | ||
| Line 111: | Line 110: | ||
SHA-512 (BYTE-only) | SHA-512 (BYTE-only) | ||
|| N/A || | || N/A || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/mac/hmacval.html HMAC] | ! [http://csrc.nist.gov/cryptval/mac/hmacval.html HMAC] | ||
| Line 122: | Line 121: | ||
KeySize > BlockSize | KeySize > BlockSize | ||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/rng/rngval.html RNG] | ! [http://csrc.nist.gov/cryptval/rng/rngval.html RNG] | ||
| N/A | | N/A | ||
|| | || | ||
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90] | |||
[ | |||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/dss/dsaval.htm DSA] | ! [http://csrc.nist.gov/cryptval/dss/dsaval.htm DSA] | ||
| Line 144: | Line 138: | ||
SIG(ver)MOD(ALL); | SIG(ver)MOD(ALL); | ||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/dss/rsaval.html RSA] | ! [http://csrc.nist.gov/cryptval/dss/rsaval.html RSA] | ||
| Line 151: | Line 145: | ||
SIG(ver); | SIG(ver); | ||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA] | ! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA] | ||
| Line 161: | Line 155: | ||
SIG(ver): CURVES( ALL-P ALL-K ALL-B ); | SIG(ver): CURVES( ALL-P ALL-K ALL-B ); | ||
|| | || | ||
|- | |- | ||
! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA] | ! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA] | ||
| Line 171: | Line 165: | ||
SIG(ver): CURVES( P-256 P-384 P-521 ); | SIG(ver): CURVES( P-256 P-384 P-521 ); | ||
|| | || | ||
|} | |} | ||
Revision as of 18:07, 14 May 2009
NSS FIPS 140 validation
Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in NSS 3.11.4 and NSS 3.11.5.
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. View [[ http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ]] here. This page documents our recent NSS FIPS 140 validation.
Updates
Spring/Summer 2009 FIPS 140 validation will be based on Softoken 3.12.x
Platforms for 2009
- Level 1
- Windows XP Service Pack 2
- Mac OS X 10.5
- Level 2
- RHEL 5 x86 32 bit
- RHEL 5 x86 64 bit
- Solaris 10 64-bit SPARC v9
- Solaris 10 32-bit SPARC v8+
- Solaris 10 32-bit x86
- Solaris 10 64-bit x86_64
Schedule
| Milestone | Item | Deps | Time | Who | Completed |
|---|---|---|---|---|---|
| M1 | Initial Setup | ||||
| 1a | Choose validation Lab, approve costs, and sign NDA | all | all | Atlan | |
| 1d | Define Algorithms, Key Sizes and modes | ||||
| M2 | Complete NSS 3.12 FIPS dependant bugs | ||||
| M3 | Update documentation (numbers in parentheses refer to sections in FIPS documentation) | ||||
| 3a. | (1.0) Security policy, new algorithms | 1d | 2 wks | all | |
| 3b. | Generate annotated source tree (LXR -> HTML) | M2 | |||
| 3c. | (2.0) Finite State Machine | 3b | 3 wks | ||
| 3d. | (3.0/4.0) Cryptographic Module Definition | 3b | 2 wks | ||
| 3e. | (6.0) Software Security (rules-to-code map) | 3b | 2 wks | ||
| 3f. | (8.0) Key Management Generate 20K random #'s | 1 day | |||
| 3g. | (9.0) Cryptographic Algs | 3a | 3 days | ||
| 3h. | (10.0) Operational Test Plan | 1 day | |||
| 3i. | Document architectural changes between 3.2 and 3.11 | 5 days | |||
| M4 | Send docs to testing lab | ||||
| 4a. | Security Policy | all | |||
| 4b. | Finite State Machine | 3c | |||
| 4c. | Module Def. / rules-to-code | 3d,3e | |||
| M5 | Operational validation | ||||
| 5a. | Algorithm testing | 1 month | |||
| 5b. | Operational testing | 3h | 1 week | ||
| 5c | set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) | ||||
| M6 | Internal QA of docs | M2-M5 | 1 week | all | |
| M7 | Communication between NSS team / Lab / NIST about status of validation / algorithm certificates | M1-5 | 3-6 mos | all |
Algorithms
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms. Previous certificates are shown for softoken 3.11.4 and we will update when new certificates are granted.
| Algorithms | Key Size | Modes | Certificates |
|---|---|---|---|
| TripleDES | KO 1,2,3 (56,112,168) |
TECB(e/d; KO 1,2,3) |
|
| AES | 128/192/256 |
ECB(e/d; 128,192,256) |
|
| SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512) |
SHA-1 (BYTE-only) |
N/A | |
| HMAC |
HMAC-SHA1, HMAC-SHA256, |
KeySize < BlockSize, |
|
| RNG | N/A |
Hash_DRBG of NIST SP 800-90 |
|
| DSA | 512-1024 |
PQG(gen)MOD(ALL); |
|
| RSA | 1024-8192 |
ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); |
|
| ECDSA
(Extended ECC) |
163-571 |
PKG: CURVES( ALL-P ALL-K ALL-B ); |
|
| ECDSA
(Basic ECC) |
256-521 |
PKG: CURVES( ALL-P P-256 P-384 P-521 ); |
Dependant Bugs
| Bug | Description | Completed |
|---|---|---|
Testing Lab
FIPS 140 Information
NIST Cryptographic Module Validation Program
NSS FIPS 140-2 Validation Docs
NSS FIPS 140-2 Validation Docs