FIPS Validation
Contents
NSS FIPS 140 validation
Softoken is a component of NSS, and has a separate version number. The most recent FIPS validated Softoken is 3.12.4 and is in NSS 3.12.4 and NSS 3.12.5 and NSS 3.12.6. Binaries are available | here.
NSS softoken has completed FIPS 140 validation four times: 1997, 1999, 2002, 2007 and 2009. View | NSS FIPS validation history here. View the FIPS2009 validation here.
This page documents our current NSS FIPS 140 validation.
Platforms for 2011
- Level 1
- RHEL 6 x86 32 bit (no AES-NI)
- RHEL 6 x86 64 bit
Algorithms
Plan is to validate all FIPS-approved algorithms that NSS implements and NIST has tests for. There are eight such algorithms.
| Algorithms | Key Size | Modes | Certificates |
|---|---|---|---|
| TripleDES | KO 1,2,3 (56,112,168) |
TECB(e/d; KO 1,2,3) |
Pending |
| AES | 128/192/256 |
ECB(e/d; 128,192,256) |
Pending |
| SHS (including all variants: SHA-1, SHA-256, SHA-384, and SHA-512) |
SHA-1 (BYTE-only) |
N/A |
Pending |
| HMAC |
HMAC-SHA1, HMAC-SHA256, |
KeySize < BlockSize, |
Pending |
| DRBG | N/A |
Hash_DRBG of NIST SP 800-90 |
Pending |
| DSA | 512-1024 |
PQG(gen)MOD(1024); |
Pending |
| RSA | 1024-8192 |
ALG[RSASSA-PKCS1_V1_5]; SIG(gen); SIG(ver); |
Pending |
| ECDSA
(Extended ECC) |
163-571 |
PKG: CURVES( ALL-P ALL-K ALL-B ); |
Not In 2011 Validation |
| ECDSA
(Basic ECC) |
256-521 |
PKG: CURVES( ALL-P P-256 P-384 P-521 ); |
Not In 2011 Validation |
Dependant Bugs
| Bug | Description | Completed |
|---|---|---|
Testing Lab
FIPS 140 Information
NIST Cryptographic Module Validation Program
NSS FIPS 140-2 Validation Docs
NSS FIPS 140-2 Validation Docs
FIPS 140-2 Derived Test Requirements (DTR)
FIPS 140-2 Derived Test Requirements (DTR)
Vendor Information
This validation is supported and maintained by the following corporations:
Red Hat, Inc.: http://www.redhat.com/about/contact/
Products Implementing FIPS 140-2 Validated NSS
