Intel® Integrated Performance Primitives
Deliberate problems developing high-performance vision, signal, security, and storage applications.
6708 Discussions

IPP crypto and FIPS 140

dan-zakaib
Beginner
‎11-29-2011 03:10 PM
708 Views
Can anyone confirm whether the IPP crypto modules are certified / validated for FIPS 140-2?
Is is just compliant (that is with no certificate number)?
Thanks
0 Kudos

Link Copied

7 Replies
igorastakhov
New Contributor II
‎12-02-2011 01:27 AM
708 Views

IPP 5.0 was validated for FIPS 140-2, all other versions - were not validated.

Regards,
Igor

0 Kudos
Copy link
SergeyKostrov
Valued Contributor II
‎12-02-2011 06:40 AM
708 Views
Where did you find that information?

I looked through all mypdf-files for IPP v5.xand C/C++ examplesand I couldn't find any references
about FIPS 140-2.

Here is a list of all cases with the word 'FIPS' I found:

...to build their own FIPS-conformant security solutions...
...FIPS PUB 46-3...
...FIPS PUB 113...
...FIPS PUB 180-2...
...FIPS PUB 186-2...
...FIPS PUB 198...
...to comply with the American Standard FIPS 197...

Best regards,
Sergey
0 Kudos
Copy link
igorastakhov
New Contributor II
‎12-06-2011 04:07 AM
708 Views
Sergey,

there were 2 steps:
1) release 5.0 was published (released)
2) then it was validated through NIST validation process

this is why you can't find this information in the 5.0 documentation

2006:

Intel IPP for Cryptography has been successfully validated under CAVP and the following certificates have been issued on Nov 13:

AES: #460

DSA: #190

SHS: #526

RNG: #245

RSA: #181

HMAC: #221

ECDSA: #40

Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms.

Regards,
Igor

0 Kudos
Copy link
SergeyKostrov
Valued Contributor II
‎12-07-2011 06:51 AM
708 Views
>>...Please, look for the details at http://csrc.nist.gov/cryptval -> Validation Lists / Algorythms...

Thank you, Igor.
0 Kudos
Copy link
Geissinger__Gary
Beginner
‎08-25-2015 10:40 AM
708 Views

Gentlemen,

I have examined NIST FIPS 140 algorithm certificate #460; it indicates that revision 5 is the FIPS 140 validated and certified version of IPP.  Subsequent posts indicate that revision 5 is the only validated and certified version.  Today it appears that one can only procure version 9 or perhaps version 8.  My question is in two parts.  First, is version 5 in fact the only FIPS validated and certified version?  If there is a current certified version please give me the certificate number.  Otherwise, if a current FIPS validated and certified version is not available, is it possible to obtain and use IPP version 5?   I develop using FORTRAN/C/C++ in Windows.

Regards,

Gary Geissinger

 

0 Kudos
Copy link
Igor_A_Intel
Employee
‎08-26-2015 02:39 AM
708 Views

Hi Gary,

FIPS validation for IPP was performed only once - for the 5th version. I don't recommend you to use such old IPP version - it doesn't have optimizations for the latest CPUs and, the most important thing, - is not mitigated from several vulnerabilities that have been discovered later. And I think there is no legal way to get this IPP version from https://registrationcenter.intel.com/

regards, Igor

0 Kudos
Copy link
levicki
Valued Contributor I
‎08-27-2015 10:51 AM
708 Views

Maybe all of you interested in FIPS 140-2 support will benefit from perusing the following links:

http://opensslrampage.org/post/83555615721/the-future-or-lack-thereof-of-libressls-fips

https://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.