Provide FIPS 140-3 Cryptographic Module collateral

[dleach02]

EPIC: Provide FIPS 140-3 Cryptographic Module collateral

Zephyr project should provide the collateral that will allow a user to obtain NIST FIPS 140-3 certification.

• Aligns with ISO/IEC 19790:2012( E )
• CMVP Testing follows ISO/IEC 24759:2017( E )

NIST documents modifying ISO/IEC:

NIST Document	Description	Modifies ISO/IEC 19790:2012( E )	Modifies ISO/IEC 24759:2017( E )
SP 800-140	FIPS 140-3 Derived Test Requirements (DTR)	-	6.1 through 6.12
SP 800-140A	CMVP Documentation Requirements	Annex A	6.13
SP 800-140B	CMVP Security Policy Requirements	Annex B	6.14
SP 800-140C	CMVP Approved Security Functions	Annex C	6.15
SP 800-140D	CMVP Approved Sensitive Security Parameter Generation and establishment methods	Annex D	6.16
SP 800-140E	CMVP Approved Authentication Mechanisms	Annex E	6.17
SP 800-140F	CMVP Approved Non-Invasive Attack Mitigation Test Metrics	Annex F	6.18

ISO/IEC 19790:2012( E )

Annex C lists the approved ISO/IEC standards that specify approved security functions applicable to this standard. They include:

• Block ciphers
  • ISO/IEC 18033-3 Encryption Algorithms-Part 3: Block Ciphers
• Stream ciphers
  • ISO/IEC 18033-4 Encryption Algorithms-Part 4: Stream Ciphers
• C.1.3 Asymmetric algorithms and techniques
  • ISO/IEC 9796-2 Information technology–Security techniques — Digital signatures with message recovery – Part 2: Integer factorisation based techniques.
  • ISO/IEC 9796-3 Information technology–Security techniques — Digital signature with message recovery – Part 3: Discrete logarithm based techniques.
  • ISO/IEC 14888 (all parts) Information technology–Security techniques – Digital Signatures with Appendix.
  • ISO/IEC 15946 (all parts) Information technology–Security techniques — Cryptographic techniques based on elliptic curves.
  • ISO/IEC 18033-2: Information technology–Security techniques — Encryption Algorithms Part 2: Asymmetric cryptographic algorithms.
• Message authentication codes
  • ISO/IEC 9797-2 Information technology–Security techniques — Message Authentication Codes (MACs) - Part 2: Mechanisms using a dedicated hash-function.
• Hash functions
  • ISO/IEC 10118-2 Information technology – Security techniques – Hash functions – Part 2: Hash functions using an n-bit block cipher.
  • ISO/IEC 10118-3 Information technology – Security techniques – Hash functions – Part 3: Dedicated hash functions.
  • ISO/IEC 10118-4 Information technology – Security techniques – Hash functions – Part 4: Hash functions using modular arithmetic.
• Entity authentication
  • ISO/IEC 9798-2 Information technology – Security techniques – Entity authentication – Part 2: Mechanisms using symmetric encipherment algorithms.
  • ISO/IEC 9798-3 Information technology – Security techniques – Entity authentication – Part 3: Mechanisms using digital signature techniques.
  • ISO/IEC 9798-4 Information technology – Security techniques – Entity authentication – Part 4: Mechanisms using a cryptographic check function.
  • ISO/IEC 9798-5 Information technology – Security techniques – Entity authentication – Part 5: Mechanisms using zero-knowledge techniques.
  • ISO/IEC 9798-6 Information technology – Security techniques – Entity authentication – Part 6: Mechanisms using manual data transfer.
• Key management
  • ISO/IEC 11770-2 Information technology – Security techniques – Key management – Part 2: Mechanisms using symmetric techniques.
  • ISO/IEC 11770-3 Information technology – Security techniques – Key management – Part 3: Mechanisms using asymmetric techniques.
  • ISO/IEC 11770-4 Information technology – Security techniques – Key management – Part 4: Key establishment mechanisms based on weak secrets.
• Random bit generation
  • ISO/IEC 18031 Information technology – Security techniques – Random bit generation.

<<steps to get there will be filled in as we review the FIPS/ISO standards and identify tasking>>