Category: wolfCrypt FIPS

This week we are tackling the question: what is the difference between FIPS 140-2 and FIPS 140-3? wolfSSL is currently the leader in embedded FIPS certificates. The wolfCrypt module holds the world’s first SP800-140Br1 FIPS 140-3 validated certificate #4718. We always strive to keep our users up to date on the latest standards!

With various specification updates, the newest standard of FIPS 140-3 will include the hardware module, firmware module, software module, hybrid-software module, and hybrid-firmware module and will have no restriction as to the level at which a hybrid module may be validated in the new standard. This is beneficial to vendors with hybrid modules looking to be validated at a higher level than level 1. FIPS 140-2 standard was originally written with all modules as hardware and only later were additional modules added.

While both FIPS 140-2 and FIPS 140-3 include the four logical interface data input, data output, control input, and status output. FIPS 140-3 introduces a fifth interface, called the control output interface for the use of output of commands including signals and control data to indicate the state of operation. Instead of the use of a “trusted path” used in FIPS 140-2, FIPS 140-3 uses a “trusted channel” which is a secure communications link between the cryptographic module and the end point device which is sending data to and receiving data from the module, with the goal of securing unprotected CSPs. In FIPS 140-3, the Level 4 module using a trusted channel must use multi-factor identity-based authentication for all services using the trusted channel.

Instead of requiring module support for crypto officer and user roles with the maintenance role as optional, FIPS 140-3 only requires the crypto officer role. There is a new capability within FIPS 140-3, called the “Self-Initiated Cryptographic Output Capability” where a module can perform cryptographic operations or other approved security functions without any operator intervention.

Check out our latest blog post on FIPS 140-3 Announcement to the world.

When it comes to wolfSSL, we are ready to offer the first implementation of FIPS 140-3:

• The power-on self-test is changing. It now takes two sets of tests: the Pre-operational Self-Test (POST) and the Conditional Algorithm Self-Test (CAST).
• The old Known Answer Tests used as a part of the old test are not required to run at startup. They are now conditional tests that must be run right before use of an algorithm. If you don’t use an algorithm, you don’t need to test it. The tests will run automatically on calling any API for an algorithm.
• The pre-operational self-test is now purely an integrity test of the executable in memory. The algorithms used for this test must be tested first. In our case, HMAC-SHA-256’s CAST is run automatically, then the POST. The POST will be run automatically as wolfCrypt’s default entry point in the code.
• All the tests may be and should be run periodically during run time. We will provide an API to run tests as desired. In an embedded application, you can run your CAST early before any algorithms are used as some CASTs do take time.

Contact Us

Please contact us at facts@wolfssl.com or +1 425 245 8247 with any questions. For technical support, please contact support@wolfssl.com or view our wolfCrypt FIPS FAQ page.

Download wolfSSL Now

wolfSSL Inc. is very pleased to announce our wolf pack has successfully hunted down and captured the ever elusive FIPS 140-3 certificate! The world’s first automated submission (SP800-140Br1) FIPS 140-3 validated certificate #4718 posted to the NIST website on July 11th 2024, valid through July 10th, 2029!

“wolfSSL remains focused on enhancing our technologies and expanding capabilities. We are dedicated to continuous innovation in security. The advancements in our FIPS 140-3 module highlight our commitment to delivering state-of-the-art cryptographic solutions that meet the rigorous demands of today’s cybersecurity landscape.” Stated wolfSSL CTO, Todd Ouska.

We are thrilled to work with ÆGISOLVE, INC. on this journey. The wolfSSL team is grateful for the ÆGISOLVE staff’s hard-work and dedication in realizing the very first SP800-140Br1 140-3 certificate in the world! A note from the ÆGISOLVE team:

“‘AEGISOLVE is pleased to announce the world’s first SP800-140Br1 compliant FIPS 140-3 Validation Certificate for wolfSSL’s wolfCrypt module’ reported Travis Spann, Founder and President of AEGISOLVE (NVLAP Lab Code: 200802-0).

‘As a first of its kind, this is a tremendous achievement and a huge step forward for the next generation of FIPS 140-3 Validated Cryptographic Modules. Congratulations, wolfSSL!

Highlights

• Boot Times
  • wolfCrypt FIPS 140-2, power-on times could be slower due to mandatory self-tests
  • wolfCrypt FIPS 140-3 requires self-tests only at the first algorithm use or during a slower event cycle
    • faster boot times
    • optimal power and resource consumption with careful planning!
• Design
  • The wolfCrypt FIPS 140-3 validated module is the only commercial FIPS solution tailored for embedded
    • Emphasis on a minimal footprint, low resource use, reduced power consumption, and high performance for standard and real time systems
    • Design leads to superior scalability across devices, from mobile to server
      • 10 times more connections per device at 15-20% better performance than competing solutions.
• OpenSSL Replacement
  • Compatibility
  • Engine
  • Provider
• Embeddability
  • Embedded Systems (Medical, networking, sensors, security systems, etc.)
  • Extended Battery life and high performance
  • Hardware Encryption Support
  • Assembly Acceleration

Changes from the historic wolfCrypt FIPS 140-2 cert #3389 to the active wolfCrypt FIPS 140-3 cert #4718:

• CAST (conditional algo self tests)
• KDF-TLS, TLS v1.2 KDF and TLSv1.3 KDF
• SSH KDF
• AES-OFB mode
• RSA 3072, 4096 and PSS
• New Degraded mode of operation in the event of a CAST failure other algorithm services will remain available.

For more about what FIPS is please checkout these blogs:

• What is FIPS (long version)
• What is FIPS (short version)
• Webinar: Everything You Need To Know About FIPS 140-3

For information on transitioning from 140-2 to 140-3 please checkout our blog: What is the difference between FIPS 140-2 and FIPS 140-3?

Algo cert Link
Security Policy Link
Ref: Section 2.5 Algorithms
Ref: Section 2.2 Table 6 “Tested Operational Environments – Software, Firmware, Hybrid”
Cert #4718 Link

For questions, comments or feedback please contact the wolfSSL team anytime at fips@wolfssl.com.

Download wolfSSL Now

The CAVP (Cryptographic Algorithm Validation Program) now has testing available for ML-KEM (Kyber) and ML-DSA (Dilithium). Initial Draft standards for these algorithms have been released as FIPS-203 and FIPS-204 respectively.

You can find the various .json test cases here:

• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-keyGen-FIPS204
• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-sigGen-FIPS204
• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-DSA-sigVer-FIPS204
• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-keyGen-FIPS203
• https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/ML-KEM-encapDecap-FIPS203

Whenever you’re ready, we’ll be able to do CAVP testing of our implementations of these algorithms. Let us know about your interest in this!

If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

Download wolfSSL Now

We have tested wolfCrypt using the Nvidia A10, A100, and H100 GPU architectures. Using the AesEncrypt_C function from wolfCrypt, we added the CUDA acceleration wrappers to determine the performance of the algorithm running on a GPU. The implementation simply hijacks the calls to AesEncrypt_C and AesEncryptBlock_C and uses the CUDA wrappers to run the function on the hardware. To gain performance, the hardware simultaneously calculates the blocks within the cipher instead of using a ‘for’ loop to iterate through.

The code is available for review as part of this merged PR. You now also have the option of comparing two benchmark results with our new ‘benchmark_compare.sh’ in the wolfSSL ‘scripts’ folder.

AES-GCM, AES-ECB, AES-XTS, and AES-CTR seem to get a 1.6x, 5x, 2.6x and 3x performance boost respectively on the A-series chips, and 2.6x, 10.8x, 3.5x and 5.3x boost on the H100, respectively. When the data to be encrypted is passed to the hardware, it calculates each block simultaneously as opposed to sequentially in the CPU.

Algorithms like AES-CBC, AES-CFB, AES-OFB, AES-CCM, AES-SIV and AES-CMAC grind to a halt because they can’t be independently parallelized. The output of the next block depends on the previous block.

Going forward, we are planning to optimize for even better cryptographic performance on GPUs. It just makes sense for us to add additional algorithmic support as well as full FIPS 140-3 support for Nvidia GPUs such that government consumers can have maximum assurance when encrypting sensitive video and audio with AES-XTS, for example.

If you need FIPS 140-3 encryption for GPUs it can be as simple as adding an operating environment to our certificate. See our contact details at the end of the post.

See some of the test results compared below:

Visit our download page to download the latest release, or clone it from wolfSSL GitHub. If you have questions about any of the above, feel free to email us at facts@wolfSSL.com or call us at +1 425 245 8247.

Share this blog on your favorite social platforms and let’s spark conversations that inspire positive change in AES encryption.

Download wolfSSL Now