What is FIPS certification

When people talk about FIPS certification for cryptographic software, we actually talk about FIPS PUB 140-2.

In order to coordinate the requirements and standards for cryptographic modules, the National Institute of Standards and Technology (NIST) issued the high-level FIPS 140 Publication Series.

The FIPS 140-2 standard is an official security accreditation program for cryptographic modules. As a private party we can have our products certified for use in government departments and regulated industries.

When a software or hardware product has been tested and validated, it receives a FIPS 140-2 certificate that specifies the exact module name and version numbers. This information can then be used by third parties to confirm that software has been validated.

FIPS certification

mbed TLS is not FIPS certified as a library at this moment.

FIPS test vectors

For a FIPS certification, cryptographic modules are normally tested against the requirements found in the FIPS PUB 140-2, Security Requirements for Cryptographic Modules.

These requirements include official NIST validating and test vectors for the algorithms. You can almost be certain that these are included and used in our test suite.

The test suite that is located at tests/ within the mbed TLS source code often contains a subset of the available NIST test vectors. So whenever you run the tests with make check, these tests will be run as well.

Did this help?