FIPS Validation

From MozillaWiki
Revision as of 02:57, 22 September 2005 by Glen (talk | contribs) (→‎Dependant Bugs)
Jump to navigation Jump to search

NSS FIPS 140-2 validation

Target Release: NSS 3.11

Platforms

  • Level 1
    • RHEL 4 x86
    • Windows XP Service Pack 2
    • 64-bit Solaris 10 AMD64
    • HP-UX B.11.11 PA-RISC
    • Mac OS X 10.4
  • Level 2
    • RHEL 3 or RHEL 4 x86 (see Note).
    • 64-bit Trusted Solaris 8 SPARC

Note: Level 2 testing must be performed on an operating system that has received Common Criteria certification at level EAL2 or higher. Qualified operating systems today include RHEL 3 (EAL3), Trusted Solaris 8, and Windows 2000 (EAL4). If RHEL 4 achieves Common Criteria certification (at level EAL4) in time, we will perform level 2 testing on RHEL 4; otherwise we will do level 2 testing on RHEL 3.

Schedule

Milestone Item Deps Time Who Completed
M1 Initial Setup
1a Choose validation Lab, approve costs, and sign NDA all all BKP Security
1b Review FIPs 140-2 and compare to FIPS 140-1 all X
1c BKP Training course June 21st and June 22nd glen,jullien,Darren,Wan-Teh,Bob X
1d Define Algorithms, Key Sizes and modes X
M2 Complete NSS 3.11 FIPS dependant bugs X
M3 Update documentation (numbers in parentheses refer to sections in FIPS documentation)
3a. (1.0) Security policy, new algorithms 1d 2 wks all ongoing
3b. Generate annotated source tree (LXR -> HTML) M2 glen ongoing
3c. (2.0) Finite State Machine 3b 3 wks
3d. (3.0/4.0) Cryptographic Module Definition 3b 2 wks
3e. (6.0) Software Security (rules-to-code map) 3b 2 wks
3f. (8.0) Key Management Generate 20K random #'s 1 day
3g. (9.0) Cryptographic Algs 3a 3 days
3h. (10.0) Operational Test Plan 1 day
3i. Document architectural changes between 3.2 and 3.11 5 days
M4 Send docs to testing lab
4a. Security Policy all ongoing
4b. Finite State Machine 3c
4c. Module Def. / rules-to-code 3d,3e
M5 Operational validation
5a. Algorithm testing 1 month
5b. Operational testing 3h 1 week
5c set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them)
M6 Internal QA of docs M2-M5 1 week all
M7 Communication between NSS team / Lab / NIST about status of validation / algorithm certificates M1-5 3-6 mos all

Algorithms

Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms:

Algorithms Key Size Modes Testing Completed
Triple DES KO 1,2,3 (56,112,168)
TECB(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)
AES 128/192/256
ECB(e/d; 128,192,256)
CBC(e/d; 128,192,256)
SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)
SHA-1   (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
N/A
HMAC
HMAC-SHA1, HMAC-SHA256, 
HMAC-SHA384, HMAC-SHA512 
KeySize < BlockSize, 
KeySize = BlockSize, 
KeySize < BlockSize 
RNG N/A
FIPS 186-2 General Purpose
[( x-Change Notice );
( SHA-1 )]
DSA 512-1024
PRIME;
PQG(gen)MOD(ALL);
PQG(ver)MOD(ALL);
KEYGEN(Y)MOD(ALL);
SIG(gen)MOD(ALL);
SIG(ver)MOD(ALL);
RSA 1024-8092

ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver);

In this validation, we should validate AES and Triple DES first because their implementations are stable. Next we should test SHS because RNG and DSA depend on SHA-1. After SHS is tested, we can test HMAC. Finally, when the new RNG and big num library code is checked in, we can test the rest of the algorithms (RNG, DSA, and RSA).

Dependant Bugs

Bug Description Completed
259135 power-up self-tests needed for SHA-256,384,512 and AES ?
294106 Implement the recommended PRNG changes described in FIPS 186-2 Change Notice 1 ?
298506 Implement logging for auditable events required by FIPS 140-2 ?
298511 Implement ANSI RNG for FIPS 140-2 ?
298512 Ensure the seed and seed key input for RNG do not have same value for FIPS 140-2 ?
298513 Implement pairwise consistency test for key transport key generation FIPS 140-2 Completed
298514 Implement pairwise consistency for digitial signature key generation for FIPS 140-2 Completed
298516 Implement minimum length of PINs for FIPS 140-2 mode Completed
298517 Implement minimum time intervals for login attempts failures for FIPS 140-2 Completed
298520 Implement key establishment must be as secure as the strength of the key being transported for FIPS 140-2 ?
298522 Implement more power-up self tests, such as HMAC, RSA for FIPS 140-2 ?
305984 Update the isFIPS information SSLCipherSuiteInfo table Completed

Testing Lab

BKP Security

FIPS Information

NIST Cryptographic Module Validation Program

NIST Crypto Toolkit

NSS FIPS 140-2 Validation Docs

NSS FIPS 140-2 Validation Docs

FIPS 140-2 Derived Test Requirements (DTR)

FIPS 140-2 Derived Test Requirements (DTR)