Will our app be FIPS 140-2 compliant if we use our own AES algorithm implementation?

Question

We are in the processing to understand if our software applications is FIPS 140-2 compliant or not. Currently in our application, we are using our own implementation of AES algorithm. AES is a FIPS 140-2 compliant algorithm.

The question would be whether this would render our app not FIPS 140-2 compliant since we are not using FIPS validated library (Advanced Encryption Standard Algorithm Validation List) even though we are using a FIPS compliant cryptographical algorithm.

Again, we are not try to certify our application for FIPS 140-2, rather we just want to make sure that we are FIPS 140-2 compliant.

Answer 1

If you are using an AES library that has not undergone the FIPS validation process, then you are not FIPS compliant (or, at least, your use of AES is not).

FIPS compliant means more than "we use algorithms that FIPS likes", it means "having passed the FIPS certification process"; that is how NIST defines it.

Sorry, but NIST is quite strict about this; if you haven't undergone the full testing, then NIST is concerned that you haven't implemented AES correctly; there may be subtle bugs that affect the security. And, since NIST makes up the rules for what's "FIPS compliant", well, there's no point in arguing about its likelihood.

In addition, FIPS talks more than what algorithms you use; it also talks about health tests and key zeroization and other such things; the FIPS certification process checks all that as well.

If you need to be FIPS compliant, then your choices are:

• Use a FIPS-certified library to perform all the FIPS-approved crypto operations

• Go through the FIPS-certification process for your application (or, at least, the crypto pieces of your application).

The FIPS certification process is surprisingly complicated; I'd advise you to use a FIPS-certified library.

Answer 2

The CMVP's twin sister program is the CAVP (Cryptographic Algorithm Validation Program).

In order to have your module certified your FIPS Approved algorithms must be tested and validated by a lab and then certified by the CAVP, giving your company a certificate (example: AES #1880).

This is the route most companies go even if they are using another library (95% companies do use another library such as OpenSSL, RSA BSAFE, or Intel Crypto library, etc.).

However, there is another option in which you can claim another validated module's algorithm certificates if that module is validated, and then your module certificate will have a caveat (publicly posted on the NIST website) like this:

This module contains the embedded module [module name] validated to FIPS 140-2 under Cert. #xxxx operating in FIPS mode.

This gets into a bound vs. embedded module and it all depends on the architecture of your module, is it a simple wrapper or does it also perform an Approved algorithm?

Claiming someone else's validated algorithm certificate # is dicey at best and perhaps even impossible if it is not implemented within a validated CMVP module. The best bet is to contact a lab.