Hitachi Solutions, Ltd. HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy Level 1 Validation Document Version 1.7 02/14/2012 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. INTRODUCTION .............................................................................................................................. 4 1.1. PURPOSE ....................................................................................................................................... 4 1.2. REFERENCES ................................................................................................................................. 4 1.3. PACKAGE ORGANIZATION ............................................................................................................. 4 2. CRYPTOGRAPHIC MODULE SPECIFICATION ....................................................................... 5 2.1. OVERVIEW .................................................................................................................................... 5 2.2. CRYPTOGRAPHIC BOUNDARY ....................................................................................................... 5 2.3. BLOCK DIAGRAM ......................................................................................................................... 6 2.4. MODULE ORGANIZATION .............................................................................................................. 7 2.5. ALGORITHMS ................................................................................................................................ 8 2.6. APPROVED MODE ......................................................................................................................... 9 3. CRYPTOGRAPHIC MODULE PORTS AND INTERFACES...................................................... 9 4. ROLES, SERVICES, AND AUTHENTICATION ........................................................................ 10 4.1. ROLES......................................................................................................................................... 10 4.2. SERVICES .................................................................................................................................... 10 4.3. AUTHENTICATION ....................................................................................................................... 12 5. PHYSICAL SECURITY.................................................................................................................. 12 6. OPERATIONAL ENVIRONMENT ............................................................................................... 12 7. CRYPTOGRAPHIC KEY MANAGEMENT ................................................................................ 13 7.1. RANDOM NUMBER GENERATORS................................................................................................ 15 7.2. CSP ............................................................................................................................................ 15 7.3. KEY ENTRY AND OUTPUT ........................................................................................................... 15 7.4. KEY STORAGE ............................................................................................................................ 15 7.5. ZEROIZATION OF KEY MATERIAL................................................................................................ 15 8. SELF-TESTS .................................................................................................................................... 15 8.1. POWER-UP SELF-TESTS .............................................................................................................. 16 8.2. CONDITIONAL SELF-TESTS ......................................................................................................... 16 9. DESIGN ASSURANCE ................................................................................................................... 17 9.1. CONFIGURATION ......................................................................................................................... 17 9.2. DELIVERY ................................................................................................................................... 17 9.3. GUIDANCE DOCUMENTS ............................................................................................................. 17 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 2 This document may be freely reproduced and distributed whole and intact including this copyright notice. 10. MITIGATION OF OTHER ATTACKS ..................................................................................... 17 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 3 This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. Introduction 1.1. Purpose This document provides the cryptographic library module security policy (SP) for the HIBUN Cryptographic Module for User-Mode from Hitachi Solutions, Ltd. This document describes how the HIBUN Cryptographic Module for User-Mode meets the level 1 security requirements of FIPS 140-2. 1.2. References SP Title: HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy SP Version: 1.7 SP Publisher: Hitachi Solutions, Ltd. SP Published date: 02/14/2012 Cryptographic library module title: HIBUN Cryptographic Module for User-Mode Cryptographic library module version: 1.0 Rev. 2 1.3. Package Organization The HIBUN Cryptographic Module package is comprised of three distinct modules (User-Mode module, Kernel-Mode module, and Pre-boot module). The HIBUN Cryptographic Module package includes the following: (1) SP - HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy (2) Guidance documents - HIBUN Cryptographic Module Guidance - HIBUN Cryptographic Module API specification (3) Cryptographic library module - HIBUN Cryptographic Module for User-Mode - HIBUN Cryptographic Module for Kernel-Mode - HIBUN Cryptographic Module for Pre-boot The executable modules that provide security functions. The document (1) and (2) describes these modules. This document is HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy. The All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 4 This document may be freely reproduced and distributed whole and intact including this copyright notice. cryptographic library module that this SP describes is HIBUN Cryptographic Module for User-Mode. For the purposes of this document, “HIBUN Cryptographic Module” is referred to as “HIBUN Cryptographic Module for User-Mode”. 2. Cryptographic Module Specification 2.1. Overview The HIBUN Cryptographic Module is a software module which resides on a general purpose computer, and is a cryptographic library module which meets the level 1 security requirements of FIPS 140-2. The HIBUN Cryptographic Module meets each of the security requirements as shown in the Table 1. Table 1: Security Level Specification Security Requirements Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A HIBUN Cryptographic Module is classified as a multi-chip standalone module, and provides symmetric key cipher, message digest, message authentication, and pseudo-random number generation of the security functions approved by FIPS 140-2. The security functions are provided via the Application Programming Interface (API) to applications. For the purposes of this document, “cryptographic library module” is referred to as “HIBUN Cryptographic Module”. 2.2. Cryptographic Boundary The physical cryptographic boundary for the cryptographic library module is defined as the enclosure of the computer on which the cryptographic library module runs. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 5 This document may be freely reproduced and distributed whole and intact including this copyright notice. The logical cryptographic boundary for the cryptographic library module is defined as the whole cryptographic library module functions. 2.3. Block Diagram A block diagram of the cryptographic library module is shown in Figure 1. Figure 1 shows the cryptographic boundaries and I/O ports. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 6 This document may be freely reproduced and distributed whole and intact including this copyright notice. Physical Cryptographic Boundary Data Input Storage Memory CPU Logical Cryptographic Boundary HIBUN Cryptographic Module Power Power Supply System call API call Operating Application System Data Input Data Output System call Control Input Status Output I/O Port I/O Port I/O Port Network Monitor Keyboard Mouse The cryptographic library module does not input data from Operating System or output data to Operating System. I/O ports include followings: - Input physical ports: keyboard port, mouse port, network port - Output physical ports: monitor port, network port Figure 1: Block Diagram of the Cryptographic Boundary 2.4. Module Organization Figure 2 shows the module organization of the cryptographic library module. The cryptographic library module provides security functions to applications running on Microsoft 1 Windows 2 1 Microsoft is a registered trademark of Microsoft Corp. in the U.S. and other countries. 2 Windows is a registered trademark of Microsoft Corp. in the U.S. and other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 7 This document may be freely reproduced and distributed whole and intact including this copyright notice. operating system (OS) 32-bit user mode/64-bit user mode, and Linux3 OS 32-bit user mode as in Figure 2. In Figure 2, each arrow indicates the relationship between the cryptographic library module and calling applications. All the security requirements in Table 1 are applied to all the cryptographic library modules above. Windows Windows Windows Application (32 bit) Application (64 bit) Input Output Input Output HIBUN Cryptographic Module HIBUN Cryptographic Module (Windows User-Mode 32 bit) (Windows User-Mode 64 bit) sxdcryfp.dll sxqcryfp.dll Linux Linux Application (32 bit) Input Output HIBUN Cryptographic Module (Linux 32 bit) libsudcryfp.so Figure 2: Relations between the HIBUN Cryptographic Module and OS 2.5. Algorithms The cryptographic library module provides symmetric key cipher, message digest, message authentication, and pseudo-random number generation of the security functions approved by FIPS 140-2. Table 2 shows the FIPS 140-2 approved security functions provided by the cryptographic library module. Table 2: Approved Algorithms Service Algorithm Mode FIPS140-2 Publication Algorithm Approved Certificate Number Symmetric AES ECB, CBC, Yes FIPS 197 1780 Cipher Encrypt/Decrypt CFB 8 bit, (128 bit) CFB 128 bit, OFB 3 Linux is a registered trademark of Linus Torvalds. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 8 This document may be freely reproduced and distributed whole and intact including this copyright notice. AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (192 bit) CFB 128 bit, OFB AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (256 bit) CFB 128 bit, OFB Message Digest SHA-224 N/A Yes FIPS 180-3 1562 SHA-256 N/A Yes FIPS 180-3 SHA-384 N/A Yes FIPS 180-3 SHA-512 N/A Yes FIPS 180-3 Message HMAC-SHA224 N/A Yes FIPS 198 1045 Authentication HMAC-SHA256 N/A Yes FIPS 198 HMAC-SHA384 N/A Yes FIPS 198 HMAC-SHA512 N/A Yes FIPS 198 Deterministic HMAC_DRBG N/A Yes SP 800-90 125 Random Bit Generation 2.6. Approved Mode The cryptographic library module implements only FIPS 140-2 approved security functions. The cryptographic library module for Windows runs in a FIPS 140-2 approved mode by calling LoadLibrary. The cryptographic library module for Linux runs in a FIPS 140-2 approved mode by calling Load_Module service. If the cryptographic library module is running on Windows, the calling application must be designed to call Load_Module service only once before unloading the cryptographic library module from memory. If the calling application is designed to call Load_Module service before unloading the cryptographic library module from memory, the cryptographic library module is assumed not to be a validated module. If the cryptographic library module is running on Linux, the calling application must be designed to call Load_Module service only once before calling Unload_Module. If the calling application is designed to call Load_Module service before calling Unload_Module, the cryptographic library module is assumed not to be a validated module. 3. Cryptographic Module Ports and Interfaces The cryptographic library module provides logical interfaces via APIs. Table 3 shows the mapping All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 9 This document may be freely reproduced and distributed whole and intact including this copyright notice. of the FIPS 140-2 logical interfaces, physical ports, and APIs provided by the cryptographic library module. Table 3: Interfaces FIPS140-2 Logical Physical ports Module Mapping Interfaces Data Input Interface Keyboard port, mouse port, Parameters passed to the module via network port, etc. the API Data Output Interface Monitor port, network port, Data returned by the module via the etc. API Control Input Interface Keyboard port, mouse port, Control input through the API and network port, etc. the API function calls Status Output Interface Monitor port, network port, Information returned via the API etc. 4. Roles, Services, and Authentication 4.1. Roles The cryptographic library module supports crypto officer role and user role. In the crypto officer role, the crypto officer can install the cryptographic library module. In the user role, the user can use the cryptographic library module installed by crypto officer. Table 4 shows description of each role. Table 4: Roles Role Description Crypto officer (CO) The administrator who installs or uninstalls the module (CO can use the same services as the user role) - The crypto officer role is implicitly assumed when the application requests installation or uninstallation of the module. User General user who uses the module - The user role is implicitly assumed when the application requests services implemented by the module. 4.2. Services The cryptographic library module provides the services shown in Table 5. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 10 This document may be freely reproduced and distributed whole and intact including this copyright notice. Table 5: Services Provided by the Cryptographic Library Module Type Algorithm Description Service Exported to Name Description Windows 32/64-bit User Mode and Linux 32 bit Symmetric AES Encrypt/ aes_create Create AES CO/User Cipher decrypt instance data aes_init Initialize CO/User using AES AES algorithm instance aes_encrypt_ Complete CO/User term AES encryption aes_decrypt_ Complete CO/User term AES decryption aes_mode Set AES CO/User mode aes_encrypt AES data CO/User encryption aes_decrypt AES data CO/User decryption aes_destroy Destroy CO/User AES instance Message SHA-2 Generate shs_init Create SHA CO/User Digest message instance digests shs_term Destroy CO/User SHA instance shs_update Get hash CO/User Message HMAC Generate hmac_init Create CO/User Authentication MAC HMAC values instance All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 11 This document may be freely reproduced and distributed whole and intact including this copyright notice. hmac_term Destroy CO/User HMAC instance hmac_ Get HMAC CO/User update value Deterministic DRBG Generate drbg_init Create CO/User Random Bit random DRBG Generation numbers instance drbg_term Destroy CO/User DRBG instance drbg_reseed Reseed CO/User DRBG drbg_ Get random CO/User generate bit Show Status - Get result Get_Status Get status CO/User of status Load Module - Load Load_ Create CO/User module Module module instance Unload - Unload Unload_ Change to CO/User Module module Module unload status 4.3. Authentication The cryptographic library module does not support any authentication for CO or user. The level 1 security requirements of FIPS 140-2 do not require any authentication mechanism for CO or user. 5. Physical Security Since the cryptographic library module is one of the software modules residing on a general purpose computer, the physical security shall be provided by the computer the cryptographic library module is running on. Therefore the physical security requirement of the cryptographic library module is not applicable. 6. Operational Environment The cryptographic library module is tested and validated to the level 1 security requirements of All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 12 This document may be freely reproduced and distributed whole and intact including this copyright notice. FIPS 140-2 using following operational environments: - Windows XP Professional Windows Vista4 Ultimate - - Windows 7 Ultimate - Windows 7 Ultimate 64 bit - Linux Kernel 2.6 (Fedora 12) The cryptographic library module also supports following operational environments (The cryptographic library module is not tested or validated to the level 1 security requirements of FIPS 140-2 using following operational environments. But according to FIPS 140-2 implementation guidance G.5, the module is allowed to be ported to these operational environments and the validation is maintained): - Windows XP 32 bit - Windows Vista 32 bit - Windows 7 32 bit - Windows 7 64 bit Windows Server5 2003 32 bit - - Windows Server 2003 64 bit - Windows Server 2008 32 bit - Windows Server 2008 64 bit - Windows Server 2008 R2 - Linux Kernel 2.6 32 bit The operating system is restricted to a single operator mode of operation. The application that makes calls to the cryptographic library module is the single user of the cryptographic library module, even when the application is serving multiple clients. When the cryptographic library module is used with multithreaded applications, the object of the cryptographic library module should be created once. 7. Cryptographic Key Management Table 6 shows the critical security parameters (CSPs) in each algorithm used by the cryptographic library module. The “Input or Generate” column specifies whether the CSP is provided to the 4 Windows Vista is a registered trademark of Microsoft Corporation in the United States and/or other countries. 5 Windows Server is a registered trademark of Microsoft Corporation in the United States and/or other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 13 This document may be freely reproduced and distributed whole and intact including this copyright notice. cryptographic library module or the cryptographic library module generates the CSP. The “Access Type” column specifies how the cryptographic library module accesses the CSP. Table 6: CSP Type Algorithm Service CSP Input or Generate Access Type Symmetric Cipher AES aes_create Secret Key Input Read aes_init N/A N/A N/A aes_encrypt_ Secret Key Input Read term aes_decrypt_ Secret Key Input Read term aes_mode N/A N/A N/A aes_encrypt Secret Key Input Read aes_decrypt Secret Key Input Read aes_destroy Secret Key Input Write Message Digest SHA-2 shs_init N/A N/A N/A shs_term N/A N/A N/A shs_update N/A N/A N/A Message HMAC hmac_init Secret Key Input Read Authentication hmac_term Secret Key Input Read/Write hmac_ Secret Key Input Read update Deterministic DRBG drbg_init Internal State Generate Read/Write Random Bit Entropy Input Generate Read/Write Generation Nonce Generate Read/Write drbg_term Internal State Input Write drbg_reseed Internal State Generate Read/Write Entropy Input Generate Read/Write drbg_ Internal State Generate Read/Write generate Entropy Input Generate Read/Write Show Status - Get_Status N/A N/A N/A Load Module - Load_ N/A N/A N/A Module Unload Module - Unload_ N/A N/A N/A Module All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 14 This document may be freely reproduced and distributed whole and intact including this copyright notice. 7.1. Random Number Generators The cryptographic library module generates pseudo-random numbers as specified in HMAC-DRBG in the SP 800-90. 7.2. CSP The CSP which cryptographic library module manages is shown in the Table 6. 7.3. Key Entry and Output Cryptographic keys are passed to the cryptographic library module via the APIs (logical interfaces) from a calling application, which is outside of the logical boundary of cryptographic library module. The cryptographic library module passes neither cryptographic keys nor seeds. 7.4. Key Storage The cryptographic library module stores no keys. 7.5. Zeroization of Key Material The cryptographic library module performs zeroization of the CSP when the CSP is no longer used. The cryptographic library module zeroizes the CSP at: - aes_destroy performed (Encryption key) - hmac_term performed (Encryption key) - drbg_init performed (Entropy input and nonce) - drbg_reseed performed (Entropy input) - drbg_term performed (Internal state) - An internal error in the cryptographic library module (Encryption key, Internal state of DRBG) 8. Self-Tests The cryptographic library module implements both power-up self-tests and conditional self-tests as required by FIPS140-2. Table 7 shows the tests that the cryptographic library module performs. Table 7: Self-Tests Type Algorithm Test method Power-Up Conditional Self-Tests Self-Tests Algorithm Testing AES Known Answer Test Yes N/A SHA-2 Known Answer Test Yes N/A All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 15 This document may be freely reproduced and distributed whole and intact including this copyright notice. HMAC Known Answer Test Yes N/A DRBG Known Answer Test Yes N/A Integrity Testing HMAC-SHA256 Known Answer Test Yes N/A SP 800-90 Testing DRBG SP 800-90 Health Testing Yes Yes Entropy Test Yes N/A RBG Testing DRBG Continuous RBG Test N/A Yes Note: The Algorithm Testing of SHA-2 and HMAC are tested as a part of the Algorithm Testing of DRBG. Note: Known Answer Test in Health Testing is specified in Section 11.3.1 of the SP 800-90. 8.1. Power-Up Self-Tests Power-up self-tests are performed automatically when the cryptographic library module is loaded. To perform power-up self tests on demand, unload and load again the cryptographic library module. The result of the power-up self-tests is output via the status output interface. If the power-up self-tests, including integrity testing, failed, the status output interface (Get_Status()) returns state of power-up error. The indicator is SXDCRYFP_STATUS_POWERUPERROR. When the power-up self-tests fail, the cryptographic library module enters an error state where no API calls are permitted except the following: Get_Status(), Load_Module(), Unload_Module(). If the cryptographic library module is running on Windows, to recover the cryptographic library module from the error state, it is required to unload the cryptographic library module from memory and load the cryptographic library module into memory again. If the cryptographic library module is running on Linux, to recover the cryptographic library module from the error state, it is required to perform Unload_module service and Load_Module service again. 8.2. Conditional Self-Tests The cryptographic library module performs SP 800-90 Health Testing and Continuous RBG Test in Table 7 as conditional self-tests. SP 800-90 Health Testing is performed when the module is powered up or reseeding is performed (drbg_reseed()) as required by the Health Testing in SP 800-90. Continuous RBG Test is performed when pseudo-random number is generated (drbg_generate()). The result of the conditional self-tests is output via the status output interface. If the conditional self-tests failed, the status output interface (Get_Status()) returns state of conditional error. The indicator is SXDCRYFP_STATUS_CONDITIONALERROR. When the conditional self-tests fail, the cryptographic library module enters an error state where no API calls are permitted except the following: Get_Status(), Load_Module(), Unload_Module(). If the cryptographic library module is running on Windows, to recover the cryptographic library module from the error state, it is required to unload the cryptographic library module from memory All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 16 This document may be freely reproduced and distributed whole and intact including this copyright notice. and load the cryptographic library module into memory again. If the cryptographic library module is running on Linux, to recover the cryptographic library module from the error state, it is required to perform Unload_module service and Load_Module service again. 9. Design Assurance 9.1. Configuration The items related to the designing and development of the cryptographic library module include the following: - Source code - Cryptographic library module - SP - Guidance documents - Other design documents Microsoft Visual SourceSafe6 (VSS) is used to provide configuration management to all the items above. VSS is a version control system by Microsoft. Each version of the item in VSS database is labeled uniquely. The items in VSS database are access controlled and modification is permitted to authorized developers only. 9.2. Delivery The cryptographic library module and the guidance documents are delivered on a CD-ROM. The SP is also available on the FIPS 140-2 Validation List web site. 9.3. Guidance Documents The crypto officer guidance in the HIBUN Cryptographic Module Guidance describes how to obtain the module, how to verify the integrity of the module, and how to install the module. The user guidance in the HIBUN Cryptographic Module Guidance and the HIBUN Cryptographic Module API specification describe how to use the services provided by the cryptographic library module. 10. Mitigation of Other Attacks The module does not contain security mechanisms to mitigate other attacks. 6 Visual SourceSafe is a registered trademark of Microsoft Corporation in the United States and/or other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 17 This document may be freely reproduced and distributed whole and intact including this copyright notice.