FIPS-140 example#
This notebook illustrates basic functionality with the FIPSDataset class that holds FIPS 140 dataset.
Note that there exists a front end to this functionality at sec-certs.org/fips. Before reinventing the wheel, it’s good idea to check our web. Maybe you don’t even need to run the code, but just use our web instead.
For full API documentation of the FIPSDataset class go to the dataset docs.
If you would like to examine the FIPS-140 “Implementations Under Test” or “Modules In Process” queues, check out the FIPS IUT and FIPS MIP example notebooks.
from sec_certs.dataset.fips import FIPSDataset
from sec_certs.sample import FIPSCertificate
Get fresh dataset snapshot from mirror#
dset: FIPSDataset = FIPSDataset.from_web_latest()
print(len(dset))
Do some basic dataset serialization#
# Dump dataset into json and load it back
dset.to_json("./fips_dataset.json")
new_dset = FIPSDataset.from_json("./fips_dataset.json")
assert dset == new_dset
Simple dataset manipulation#
# Get certificates from a single manufacturer
cisco_certs = [cert for cert in dset if "Cisco" in cert.manufacturer]
# Get certificates with some CVE
vulnerable_certs = [cert for cert in dset if cert.heuristics.related_cves]
# Show CVE ids of some vulnerable certificate
print(f"{vulnerable_certs[0].heuristics.related_cves=}")
Dissect a single certificate#
# Select a certificate and print some attributes
cert: FIPSCertificate = dset["542cacae1d41132a"]
print(f"{cert.web_data.module_name=}")
print(f"{cert.heuristics.cpe_matches=}")
print(f"{cert.web_data.level=}")
Serialize single certificate#
cert.to_json("./cert.json")
new_cert: FIPSCertificate = FIPSCertificate.from_json("./cert.json")
assert new_cert == cert
Create new dataset and fully process it#
Warning
It’s not good idea to run this from notebook. It may take several hours to finish. We recommend using from_web_latest() or turning this into a Python script.
dset = FIPSDataset()
dset.get_certs_from_web()
dset.process_auxiliary_datasets()
dset.download_all_artifacts()
dset.convert_all_pdfs()
dset.analyze_certificates()
Advanced usage#
There are more notebooks available showcasing more advanced usage of the tool.
Examine temporal trends in the FIPS-140 ecosystem.
Analyze vulnerabilities of FIPS-140 certified items.
Study references between FIPS-140 certificates.
Analyze the FIPS-140 IUT and MIP queues.