MozillaWiki

FIPS Validation: Difference between revisions
(Note products implementing FIPS mode NSS)
 
(32 intermediate revisions by 3 users not shown)
Line 1: Line 1:
== NSS FIPS 140 validation ==
== NSS FIPS 140 validation ==


NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. This page documents our recent NSS FIPS 140 validation.
Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in '''NSS 3.12.4''' and '''NSS 3.12.5''' and '''NSS 3.12.6'''. Binaries are available [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_4_RTM/ | here].


Target Release: Softoken 3.12.2
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View [http://www.mozilla.org/projects/security/pki/nss/fips/ | NSS FIPS validation history ] here. View the [[FIPS2009]] validation here.


Softoken is a component of [[NSS]], and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in '''NSS 3.11.4''' and '''NSS 3.11.5'''.
This page documents our current NSS FIPS 140 validation.
 
==Updates==
 
'''August 27, 2007: Our Level 2 cert has been issued! [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#814 NSS Level 2 Cert]'''
 
 
'''August 8, 2007: Our Level 1 cert has been issued! [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#815 NSS Level 1 Cert]'''
 
August 2, 2007: we advanced to Finalization state according to  [http://csrc.nist.gov/cryptval/140-1/preval.htm FIPS 140-2 Pre-validation List]. This means the certs should be issued soon.
 
March 23, 2007: we advanced to Coordination state according to [http://csrc.nist.gov/cryptval/140-1/preval.htm FIPS 140-2 Pre-validation List]. This means we are in the final stages, answering questions from NIST. One more state to go...
 
January 18, 2007: we advanced to the In Review state on the [http://csrc.nist.gov/cryptval/140-1/preval.htm FIPS 140-2 Pre-validation List]. This means the two-month wait for a NIST reviewer to be assigned to our case is over.
 
November 16, 2006: Aspect Labs submitted the test report to NIST for validation. We advanced to the Review Pending state on the [http://csrc.nist.gov/cryptval/140-1/preval.htm FIPS 140-2 Pre-validation List].
 
June 30, 2006: we have received the remaining four algorithm certificates: RNG ([http://csrc.nist.gov/cryptval/rng/rngval.html#208 certificate #208]), DSA ([http://csrc.nist.gov/cryptval/dss/dsaval.htm#172 certificate #172]), RSA ([http://csrc.nist.gov/cryptval/dss/rsaval.html#152 certificate #152]), and ECDSA ([http://csrc.nist.gov/cryptval/dss/ecdsaval.html#30 certificate #30]).
 
June 23, 2006: we are now on the [http://csrc.nist.gov/cryptval/140-1/preval.htm FIPS 140-2 Pre-validation List].
 
June 15, 2006: we addressed the deficiencies in Chapter 1-4 of the documentation.
 
April 13, 2006 status: we are having RNG, DSA, and RSA validated now. We are updating our [http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf Security Policy] and writing our responses to the vendor requirements in the FIPS 140-2 Derived Test Requirements (DTR).
 
January 20, 2006 status: we have received four algorithm certificates: AES ([http://www.csrc.nist.gov/cryptval/aes/aesval.html#352 certificate #352]), Triple DES ([http://csrc.nist.gov/cryptval/des/tripledesval.html#410 certificate #410]), SHS ([http://csrc.nist.gov/cryptval/shs/shaval.htm#426 certificate #426]), and HMAC ([http://csrc.nist.gov/cryptval/mac/hmacval.html#152 certificate #152]).
 
=== Platforms ===


== Platforms for 2011 ==
* Level 1
* Level 1
** RHEL '''4''' x86 (was: RHEL '''3''' x86)
** RHEL '''6''' x86 32 bit (no AES-NI)
** Windows XP Service Pack 2
** RHEL '''6''' x86 64 bit
** 64-bit Solaris 10 AMD64
** HP-UX B.11.11 PA-RISC
** Mac OS X 10.4
* Level 2
** RHEL 4 '''x86_64''' (was: RHEL 4 '''x86''')
** 64-bit Trusted Solaris 8 SPARC


=== Schedule ===
== Algorithms ==


{| border="1" cellpadding="2" summary="schedule table"
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.  
|-
! Milestone !! Item !! Deps !! Time !! Who !! Completed
|-
| M1 || Initial Setup || || || ||
|-
| 1a || Choose validation Lab, approve costs, and sign NDA || all ||  || all ||  [http://www.atlanlabs.com/ Atlan] 
|-
| 1d || Define Algorithms, Key Sizes and modes || || || || 
|-
| M2 || Complete NSS 3.12 FIPS dependant bugs  || || || ||
|-
| M3  || Update documentation (numbers in parentheses refer to sections in FIPS documentation) || || || || 
|-
| 3a. || (1.0) Security policy, new algorithms || 1d || 2 wks || all ||
|-
| 3b. || Generate annotated source tree (LXR -> HTML) || M2 || || ||
|-
| 3c. || (2.0) Finite State Machine || 3b || 3 wks || ||
|-
| 3d. || (3.0/4.0) Cryptographic Module Definition || 3b ||  2 wks || ||
|-
| 3e. || (6.0) Software Security (rules-to-code map) || 3b || 2 wks || ||
|-
| 3f. || (8.0) Key Management Generate 20K random #'s || || 1 day || || 
|-
| 3g. || (9.0) Cryptographic Algs || 3a || 3 days || ||
|-
| 3h. || (10.0) Operational Test Plan || || 1 day || || 
|-
| 3i. || Document architectural changes between 3.2 and 3.11 ||  || 5 days || || 
|-
| M4 || Send docs to testing lab  || || || ||
|-
| 4a. || Security Policy || || all ||  ||
|-
| 4b. || Finite State Machine || 3c || || || 
|-
| 4c. || Module Def. / rules-to-code || 3d,3e || || ||
|-
| M5  || Operational validation || || || ||
|-
| 5a. || Algorithm testing || || 1 month || || 
|-
| 5b. || Operational testing || 3h || 1 week || ||
|-
| 5c || set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them)  || || || ||
|-
| M6 || Internal QA of docs || M2-M5 || 1 week || all ||
|-
| M7 || Communication between NSS team / Lab / NIST about status of validation / algorithm certificates || M1-5 || 3-6 mos || all ||
|}
 
<BR>


=== Algorithms ===
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms. Previous certificates are shown for softoken 3.11.4 and we will update when new certificates are granted.
{| border="1" cellpadding="2" summary="Algorithms"
{| border="1" cellpadding="2" summary="Algorithms"
|-
|-
!Algorithms !! Key Size !! Modes !! Certificates (for Softoken 3.11.4)
!Algorithms !! Key Size !! Modes !! Certificates


|-
|-
![http://csrc.nist.gov/cryptval/des/tripledesval.html TripleDES]  
![http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledesval.html TripleDES]  
| KO 1,2,3 (56,112,168)
| KO 1,2,3 (56,112,168)
||
||
Line 115: Line 27:
TCBC(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)
||  
||  
[http://csrc.nist.gov/cryptval/des/tripledesval.html#410 Certificate #410] for x86 CPUs<br><br>
Pending
[http://csrc.nist.gov/cryptval/des/tripledesval.html#469 Certificate #469] for non-x86 CPUs
|-
|-
! [http://csrc.nist.gov/cryptval/aes/aesval.html AES]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES]  
| 128/192/256
| 128/192/256
||
||
Line 124: Line 35:
CBC(e/d; 128,192,256)
CBC(e/d; 128,192,256)
||  
||  
[http://csrc.nist.gov/cryptval/aes/aesval.html#352 Certificate #352]
Pending
|-
|-
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
![http://csrc.nist.gov/publications/fips/fips180-2/fips180-2withchangenotice.pdf/ SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)]
[http://csrc.nist.gov/cryptval/shs/shaval.htm SHS]  
[http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.htm SHS]  
|
|
SHA-1  (BYTE-only)<br>
SHA-1  (BYTE-only)<br>
Line 134: Line 45:
SHA-512 (BYTE-only)
SHA-512 (BYTE-only)
|| N/A ||  
|| N/A ||  
[http://csrc.nist.gov/cryptval/shs/shaval.htm#426 Certificate #426]
Pending
|-
|-
! [http://csrc.nist.gov/cryptval/mac/hmacval.html HMAC]
! [http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmacval.html HMAC]
|  
|  
HMAC-SHA1, HMAC-SHA256,<br>
HMAC-SHA1, HMAC-SHA256,<br>
Line 145: Line 56:
KeySize > BlockSize  
KeySize > BlockSize  
||  
||  
[http://csrc.nist.gov/cryptval/mac/hmacval.html#152 Certificate #152]
Pending
|-
|-
! [http://csrc.nist.gov/cryptval/rng/rngval.html RNG]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html DRBG]  
| N/A  
| N/A  
||   
||   
FIPS 186-2
Hash_DRBG of [http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf NIST SP 800-90]
[(x-Change Notice);
(SHA-1)]<br>
FIPS 186-2 General Purpose
[(x-Change Notice);
(SHA-1)]
||  
||  
[http://csrc.nist.gov/cryptval/rng/rngval.html#208 Certificate #208]
Pending
|-
|-
! [http://csrc.nist.gov/cryptval/dss/dsaval.htm DSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/dsaval.htm DSA]  
| 512-1024 ||
| 512-1024 ||
PQG(gen)MOD(ALL);<br>
PQG(gen)MOD(1024);<br>
PQG(ver)MOD(ALL);<br>
PQG(ver)MOD(1024);<br>
KEYGEN(Y)MOD(ALL);<br>
KEYGEN(Y)MOD(1024);<br>
SIG(gen)MOD(ALL);<br>
SIG(gen)MOD(1024);<br>
SIG(ver)MOD(ALL);
SIG(ver)MOD(1024);
||  
||  
[http://csrc.nist.gov/cryptval/dss/dsaval.htm#172 Certificate #172]
Pending
|-
|-
! [http://csrc.nist.gov/cryptval/dss/rsaval.html RSA]  
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/rsaval.html RSA]  
| 1024-8192 ||   
| 1024-8192 ||   
ALG[RSASSA-PKCS1_V1_5];  SIG(gen);   
ALG[RSASSA-PKCS1_V1_5];  SIG(gen);   
SIG(ver);  
SIG(ver);  
||
||
[http://csrc.nist.gov/cryptval/dss/rsaval.html#152 Certificate #152]
Pending
|-
|-
! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
(Extended ECC)
(Extended ECC)
| 163-571 ||
| 163-571 ||
Line 184: Line 90:
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );
||  
||  
[http://csrc.nist.gov/cryptval/dss/ecdsaval.html#30 Certificate #30]
Not In 2011 Validation
|-
|-
! [http://csrc.nist.gov/cryptval/dss/ecdsaval.html ECDSA]
! [http://csrc.nist.gov/groups/STM/cavp/documents/dss/ecdsaval.html ECDSA]
(Basic ECC)
(Basic ECC)
| 256-521 ||
| 256-521 ||
Line 194: Line 100:
SIG(ver): CURVES( P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );
||  
||  
[http://csrc.nist.gov/cryptval/dss/ecdsaval.html#37 Certificate #37]
Not In 2011 Validation
|}
|}


=== Dependant Bugs ===
== Dependant Bugs ==
{| border="1" cellpadding="2" summary="Dependent Bugs"
{| border="1" cellpadding="2" summary="Dependent Bugs"
|-
|-
! Bug !! Description !! Completed  
! Bug !! Description !! Completed  
|-  
|-  
|[https://bugzilla.mozilla.org/show_bug.cgi?id=439115 439115] || DB merge allows nickname conflicts in merged DB ||
|||  ||  
|-
|[https://bugzilla.mozilla.org/show_bug.cgi?id=360426 360426] ||  separate NSS softoken into it's own separately pullable and buildable package ||
|}
|}


=== Testing Lab ===  
== Testing Lab ==
[http://www.atlanlabs.com/ Atlan Labs ]
[http://www.saic.com/infosec/testing-accreditation/ SAIC ]


=== FIPS 140 Information ===
== FIPS 140 Information ==


[http://csrc.nist.gov/cryptval/ NIST Cryptographic Module Validation Program ]  
[http://csrc.nist.gov/cryptval/ NIST Cryptographic Module Validation Program ]  
Line 225: Line 129:
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]
[[ FIPS 140-2 Vendor Requirement Docs | FIPS 140-2 Derived Test Requirements (DTR) ]]


== Vendor Information ==
This validation is supported and maintained by the following corporations:
Red Hat, Inc.: http://www.redhat.com/about/contact/
== Products Implementing FIPS 140-2 Validated NSS ==
* [https://www.redhat.com Red Hat Enterprise Linux] ([https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard#enabling-fips-mode Documentation])
<BR>
[[Category:NSS]]
[[Category:NSS]]

Latest revision as of 20:19, 20 November 2017

NSS FIPS 140 validation

Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.

NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.

This page documents our current NSS FIPS 140 validation.

Platforms for 2011

  • Level 1
    • RHEL 6 x86 32 bit (no AES-NI)
    • RHEL 6 x86 64 bit

Algorithms

Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.

Algorithms Key Size Modes Certificates
TripleDES KO 1,2,3 (56,112,168)

TECB(e/d; KO 1,2,3)
TCBC(e/d; KO 1,2,3)

Pending

AES 128/192/256

ECB(e/d; 128,192,256)
CBC(e/d; 128,192,256)

Pending

SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512)

SHS

SHA-1 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)

N/A

Pending

HMAC

HMAC-SHA1, HMAC-SHA256,
HMAC-SHA384, HMAC-SHA512

KeySize < BlockSize,
KeySize = BlockSize,
KeySize > BlockSize

Pending

DRBG N/A

Hash_DRBG of NIST SP 800-90

Pending

DSA 512-1024

PQG(gen)MOD(1024);
PQG(ver)MOD(1024);
KEYGEN(Y)MOD(1024);
SIG(gen)MOD(1024);
SIG(ver)MOD(1024);

Pending

RSA 1024-8192

ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver);

Pending

ECDSA

(Extended ECC)

163-571

PKG: CURVES( ALL-P ALL-K ALL-B );
PKV: CURVES( ALL-P ALL-K ALL-B );
SIG(gen): CURVES( ALL-P ALL-K ALL-B );
SIG(ver): CURVES( ALL-P ALL-K ALL-B );

Not In 2011 Validation

ECDSA

(Basic ECC)

256-521

PKG: CURVES( ALL-P P-256 P-384 P-521 );
PKV: CURVES( ALL-P P-256 P-384 P-521 );
SIG(gen): CURVES( ALL-P P-256 P-384 P-521 );
SIG(ver): CURVES( P-256 P-384 P-521 );

Not In 2011 Validation

Dependant Bugs

Bug Description Completed

Testing Lab

SAIC

FIPS 140 Information

NIST Cryptographic Module Validation Program

NIST Crypto Toolkit

NSS FIPS 140-2 Validation Docs

NSS FIPS 140-2 Validation Docs

FIPS 140-2 Derived Test Requirements (DTR)

FIPS 140-2 Derived Test Requirements (DTR)


Vendor Information

This validation is supported and maintained by the following corporations:

Red Hat, Inc.: http://www.redhat.com/about/contact/

Products Implementing FIPS 140-2 Validated NSS


Retrieved from "https://wiki.allizom.org/index.php?title=FIPS_Validation&oldid=1184489"