System SSL and FIPS 140-2

National Institute of Standards and Technology (NIST) is the US federal technology agency that works with industry to develop and apply technology, measurements, and standards. One of the standards that are published by NIST is the Federal Information Processing Standard Security Requirements for Cryptographic Modules referred to as ‘FIPS 140-2’. FIPS 140-2 provides a standard that can be required by organizations that specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data.

The objective of System SSL is to provide the capability to execute securely in a mode that is designed to meet the NIST FIPS 140-2 Level 1 criteria. System SSL can be executed in either ‘FIPS mode’ or ‘non-FIPS mode’. System SSL by default runs in ‘non-FIPS mode’ mode. Applications wanting to execute in FIPS mode must code to the gsk_fips_state_set() API. For additional information, see Application changes.

To meet the FIPS 140-2 Level 1 criteria, System SSL, when executing in FIPS mode, is more restrictive concerning cryptographic algorithms, protocols, and key sizes that can be supported. Original FIPS mode implementation enforced 80-bit security strength.

NIST Special Publication 800-131A Revision 1 (SP800-131Ar1) details a more secure implementation of FIPS mode support. SP800-131Ar1 increases the algorithm and cryptographic key strength from 80 bit to 112 or higher bit key strength.

To meet SP800-131Ar1 criteria, additional enumeration values have been added to gsk_fips_state_set(). When GSK_FIPS_STATE_LEVEL1 is used to set FIPS mode state, this is equivalent to GSK_FIPS_STATE_ON and enforces 80-bit security strength for all operations. GSK_FIPS_STATE_LEVEL2 uses 112-bit security strength when generating new keys, digital signatures, and RSA encryption. However, GSK_FIPS_STATE_LEVEL2 allows for 80-bit security when performing digital signature verification, RSA decryption, and Triple DES decryption when processing already protected information. GSK_FIPS_STATE_LEVEL3 enforces FIPS mode where 112 bit or higher security strength size is acceptable for all operations and 80-bit strength size is not allowed for any operation.

The meaning of level in the preceding enumerator values do not correspond to the different FIPS 140-2 Validation Levels. Level is being used by System SSL to indicate different security key enforcements that are performed by System for FIPS 140-2 Level 1 (Pre and Post NIST SP800-131Ar1).