FIPS Validation: Difference between revisions
Jump to navigation
Jump to search
| Line 150: | Line 150: | ||
In this validation, we should validate AES and Triple DES first because their | In this validation, we should validate AES and Triple DES first because their | ||
implementations are stable. | implementations are stable. Next we should test SHS because RNG and DSA depend on SHA-1. After SHS is tested, we can test HMAC. Finally, when the new RNG | ||
and big num library code is checked in, we can test the rest of the algorithms | |||
SHA-1. After SHS is tested, we can test HMAC. Finally, when the new big num | (RNG, DSA, and RSA). | ||
library code is checked in, we can test the rest of the algorithms (RNG, DSA, | |||
and RSA). | |||
=== Dependant Bugs === | === Dependant Bugs === | ||
Revision as of 22:43, 9 September 2005
NSS FIPS 140-2 validation
Target Release: NSS 3.11
Platforms
- Level 1
- RHEL 4 x86
- Windows XP Service Pack 2
- 64-bit Solaris 10 AMD64
- HP-UX B.11.11 PA-RISC
- Mac OS X 10.4
- Level 2
- RHEL 3 or RHEL 4 x86 (see Note).
- 64-bit Trusted Solaris 8 SPARC
Note: Level 2 testing must be performed on an operating system that has received Common Criteria certification at level EAL2 or higher. Qualified operating systems today include RHEL 3 (EAL3), Trusted Solaris 8, and Windows 2000 (EAL4). If RHEL 4 achieves Common Criteria certification (at level EAL4) in time, we will perform level 2 testing on RHEL 4; otherwise we will do level 2 testing on RHEL 3.
Schedule
| Milestone | Item | Deps | Time | Who | Completed |
|---|---|---|---|---|---|
| M1 | Initial Setup | ||||
| 1a | Choose validation Lab, approve costs, and sign NDA | all | all | BKP Security | |
| 1b | Review FIPs 140-2 and compare to FIPS 140-1 | all | X | ||
| 1c | BKP Training course June 21st and June 22nd | glen,jullien,Darren,Wan-Teh,Bob | X | ||
| 1d | Define Algorithms, Key Sizes and modes | X | |||
| M2 | Complete NSS 3.11 FIPS dependant bugs | X | |||
| M3 | Update documentation (numbers in parentheses refer to sections in FIPS documentation) | ||||
| 3a. | (1.0) Security policy, new algorithms | 1d | 2 wks | all | ongoing |
| 3b. | Generate annotated source tree (LXR -> HTML) | M2 | glen | ongoing | |
| 3c. | (2.0) Finite State Machine | 3b | 3 wks | ||
| 3d. | (3.0/4.0) Cryptographic Module Definition | 3b | 2 wks | ||
| 3e. | (6.0) Software Security (rules-to-code map) | 3b | 2 wks | ||
| 3f. | (8.0) Key Management Generate 20K random #'s | 1 day | |||
| 3g. | (9.0) Cryptographic Algs | 3a | 3 days | ||
| 3h. | (10.0) Operational Test Plan | 1 day | |||
| 3i. | Document architectural changes between 3.2 and 3.11 | 5 days | |||
| M4 | Send docs to testing lab | ||||
| 4a. | Security Policy | all | ongoing | ||
| 4b. | Finite State Machine | 3c | |||
| 4c. | Module Def. / rules-to-code | 3d,3e | |||
| M5 | Operational validation | ||||
| 5a. | Algorithm testing | 1 month | |||
| 5b. | Operational testing | 3h | 1 week | ||
| 5c | set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) | ||||
| M6 | Internal QA of docs | M2-M5 | 1 week | all | |
| M7 | Communication between NSS team / Lab / NIST about status of validation / algorithm certificates | M1-5 | 3-6 mos | all |
Algorithms
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms:
| Algorithms | Key Size | Modes | Testing Completed |
|---|---|---|---|
| Triple DES | KO 1,2,3 (56,112,168) |
TECB(e/d; KO 1,2,3) TCBC(e/d; KO 1,2,3) |
|
| AES | 128/192/256 |
ECB(e/d; 128,192,256) CBC(e/d; 128,192,256) |
|
| SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512) |
SHA-1 (BYTE-only) SHA-256 (BYTE-only) SHA-384 (BYTE-only) SHA-512 (BYTE-only) |
N/A | |
| HMAC |
HMAC-SHA1, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512 |
KeySize < BlockSize, KeySize = BlockSize, KeySize < BlockSize |
|
| RNG | N/A |
FIPS 186-2 General Purpose [( x-Change Notice ); ( SHA-1 )] |
|
| DSA | 512-1024 |
PRIME; PQG(gen)MOD(ALL); PQG(ver)MOD(ALL); KEYGEN(Y)MOD(ALL); SIG(gen)MOD(ALL); SIG(ver)MOD(ALL); |
|
| RSA | 1024-8092 |
ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); |
In this validation, we should validate AES and Triple DES first because their implementations are stable. Next we should test SHS because RNG and DSA depend on SHA-1. After SHS is tested, we can test HMAC. Finally, when the new RNG and big num library code is checked in, we can test the rest of the algorithms (RNG, DSA, and RSA).
Dependant Bugs
| Bug | Description | Completed |
|---|---|---|
| 259135 | power-up self-tests needed for SHA-256,384,512 and AES | ? |
| 294106 | Implement the recommended PRNG changes described in FIPS 186-2 Change Notice 1 | ? |
| 298506 | Implement logging for auditable events required by FIPS 140-2 | ? |
| 298511 | Implement ANSI RNG for FIPS 140-2 | ? |
| 298512 | Ensure the seed and seed key input for RNG do not have same value for FIPS 140-2 | ? |
| 298513 | Implement pairwise consistency test for key transport key generation FIPS 140-2 | Completed |
| 298514 | Implement pairwise consistency for digitial signature key generation for FIPS 140-2 | Completed |
| 298516 | Implement minimum length of PINs for FIPS 140-2 mode | Patch submitted |
| 298517 | Implement minimum time intervals for login attempts failures for FIPS 140-2 | Patch submitted |
| 298518 | Implement FIPS module failure if Non-approved Algorithms are used for FIPS 140-2 | ? |
| 298520 | Implement key establishment must be as secure as the strength of the key being transported for FIPS 140-2 | ? |
| 298522 | Implement more power-up self tests, such as HMAC, RSA for FIPS 140-2 | ? |
| 305984 | Update the isFIPS information SSLCipherSuiteInfo table | completed |
Testing Lab
FIPS Information
NIST Cryptographic Module Validation Program
NSS FIPS 140-2 Validation Docs
NSS FIPS 140-2 Validation Docs