FIPS Validation
NSS FIPS 140 validation
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, and 2007. This page documents our recent NSS FIPS 140 validation.
Target Release: Softoken 3.12.2
Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.11.4 and is in NSS 3.11.4 and NSS 3.11.5.
Updates
August 27, 2007: Our Level 2 cert has been issued! NSS Level 2 Cert
August 8, 2007: Our Level 1 cert has been issued! NSS Level 1 Cert
August 2, 2007: we advanced to Finalization state according to FIPS 140-2 Pre-validation List. This means the certs should be issued soon.
March 23, 2007: we advanced to Coordination state according to FIPS 140-2 Pre-validation List. This means we are in the final stages, answering questions from NIST. One more state to go...
January 18, 2007: we advanced to the In Review state on the FIPS 140-2 Pre-validation List. This means the two-month wait for a NIST reviewer to be assigned to our case is over.
November 16, 2006: Aspect Labs submitted the test report to NIST for validation. We advanced to the Review Pending state on the FIPS 140-2 Pre-validation List.
June 30, 2006: we have received the remaining four algorithm certificates: RNG (certificate #208), DSA (certificate #172), RSA (certificate #152), and ECDSA (certificate #30).
June 23, 2006: we are now on the FIPS 140-2 Pre-validation List.
June 15, 2006: we addressed the deficiencies in Chapter 1-4 of the documentation.
April 13, 2006 status: we are having RNG, DSA, and RSA validated now. We are updating our Security Policy and writing our responses to the vendor requirements in the FIPS 140-2 Derived Test Requirements (DTR).
January 20, 2006 status: we have received four algorithm certificates: AES (certificate #352), Triple DES (certificate #410), SHS (certificate #426), and HMAC (certificate #152).
Platforms
- Level 1
- RHEL 4 x86 (was: RHEL 3 x86)
- Windows XP Service Pack 2
- 64-bit Solaris 10 AMD64
- HP-UX B.11.11 PA-RISC
- Mac OS X 10.4
- Level 2
- RHEL 4 x86_64 (was: RHEL 4 x86)
- 64-bit Trusted Solaris 8 SPARC
Schedule
| Milestone | Item | Deps | Time | Who | Completed |
|---|---|---|---|---|---|
| M1 | Initial Setup | ||||
| 1a | Choose validation Lab, approve costs, and sign NDA | all | all | Atlan | |
| 1d | Define Algorithms, Key Sizes and modes | ||||
| M2 | Complete NSS 3.12 FIPS dependant bugs | ||||
| M3 | Update documentation (numbers in parentheses refer to sections in FIPS documentation) | ||||
| 3a. | (1.0) Security policy, new algorithms | 1d | 2 wks | all | |
| 3b. | Generate annotated source tree (LXR -> HTML) | M2 | |||
| 3c. | (2.0) Finite State Machine | 3b | 3 wks | ||
| 3d. | (3.0/4.0) Cryptographic Module Definition | 3b | 2 wks | ||
| 3e. | (6.0) Software Security (rules-to-code map) | 3b | 2 wks | ||
| 3f. | (8.0) Key Management Generate 20K random #'s | 1 day | |||
| 3g. | (9.0) Cryptographic Algs | 3a | 3 days | ||
| 3h. | (10.0) Operational Test Plan | 1 day | |||
| 3i. | Document architectural changes between 3.2 and 3.11 | 5 days | |||
| M4 | Send docs to testing lab | ||||
| 4a. | Security Policy | all | |||
| 4b. | Finite State Machine | 3c | |||
| 4c. | Module Def. / rules-to-code | 3d,3e | |||
| M5 | Operational validation | ||||
| 5a. | Algorithm testing | 1 month | |||
| 5b. | Operational testing | 3h | 1 week | ||
| 5c | set up machines for Lab to run operational tests on, provide Lab tech with access to machines (last time we both sent a box to the lab and set up a temporary account in the intranet for them) | ||||
| M6 | Internal QA of docs | M2-M5 | 1 week | all | |
| M7 | Communication between NSS team / Lab / NIST about status of validation / algorithm certificates | M1-5 | 3-6 mos | all |
Algorithms
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms. Previous certificates are shown for softoken 3.11.4 and we will update when new certificates are granted.
| Algorithms | Key Size | Modes | Certificates (for Softoken 3.11.4) |
|---|---|---|---|
| TripleDES | KO 1,2,3 (56,112,168) |
TECB(e/d; KO 1,2,3) |
Certificate #410 for x86 CPUs |
| AES | 128/192/256 |
ECB(e/d; 128,192,256) |
|
| SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512) |
SHA-1 (BYTE-only) |
N/A | |
| HMAC |
HMAC-SHA1, HMAC-SHA256, |
KeySize < BlockSize, |
|
| RNG | N/A |
FIPS 186-2
[(x-Change Notice);
(SHA-1)] |
|
| DSA | 512-1024 |
PQG(gen)MOD(ALL); |
|
| RSA | 1024-8192 |
ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); |
|
| ECDSA
(Extended ECC) |
163-571 |
PKG: CURVES( ALL-P ALL-K ALL-B ); |
|
| ECDSA
(Basic ECC) |
256-521 |
PKG: CURVES( ALL-P P-256 P-384 P-521 ); |
Dependant Bugs
| Bug | Description | Completed |
|---|---|---|
| 439115 | DB merge allows nickname conflicts in merged DB | |
| 360426 | separate NSS softoken into it's own separately pullable and buildable package |
Testing Lab
FIPS 140 Information
NIST Cryptographic Module Validation Program
NSS FIPS 140-2 Validation Docs
NSS FIPS 140-2 Validation Docs