Which Algorithms Are FIPS 140-3 Approved?

Graham Steel
January 11, 2021

The new 3rd revision of the FIPS 140 standards for Cryptographic Modules is an effort to align the NIST-managed standard with its ISO counterpart ISO 19790(2012).

However, some parts of the standard remain specific to NIST, and one of these is the list of approved algorithms which is in SP 800-140C – CMVP Approved Security Functions. This overides Annex C of the ISO standard.

SP 800-140C is a list of references to NIST standards describing the approved algorithms and transition guidance. We summarize here the March 2020 version.

Block Ciphers

The March 2020 version of the document approves AES (but only in certain modes), 3DES (but only in three-key mode and only up to 2^20 blocks per triple-length key), and SKIPJACK (only for legacy decryption). The transition guidance gives a handy summary, reproduced below.

Table 1 from Transition Guidelines

Digital Signatures

DSA, ECDSA and RSA are allowed, but only with certain parameters. Table 2 of the transition guide gives a summary.

Table 2 from Transition Guidelines

Hash Functions

The annex references the whole SHA family of functions, including the now broken SHA-1, the SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512, SHA512/224, and SHA-512/256), and the SHA-3 family and variants (SHA3-224, SHA3-256, SHA3-384, SHA3-512 as well as SHAKE128, SHAKE256 and derivatives cSHAKE, KMAC, TupleHash, and ParallelHash).

The transition document summarizes when SHA-1 can be used:

SHA-1 may only be used for digital signature generation where specifically allowed by NIST protocol-specific guidance. For all other applications, SHA-1 is disallowed for digital signature generation.

When used for digital signature verification, SHA-1 is allowed for legacy use.

MAC

HMAC is approved along with CMAC and GMAC modes of operation for approved block ciphers. Guidance is given in Table 9 of the transition document

Table 9 from Transition Guidelines

Checking FIPS 140-3 Compliance

Checking that a cryptographic module is compliant involves a testing process carried out by an approved laboratory. A module may be compliant even though it supports some legacy-only cryptography.

Showing that an application is compliant, for something like FedRAMP, requires showing that all cryptography is carried out by FIPS-approved modules, and use of legacy modes by new products is unlikely to be accepted.

Wading through thousands of line of application code to find all the cryptographic calls, then verifying that they are calling the right algorithms, with the right parameters, and the right providers, is a time-consuming and error-prone business. Fortunately, our Cryptosense Analyzer software can take care of this simply and easily.