Hitachi Solutions, Ltd. HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy Level 1 Validation Document Version 1.6 01/11/2012 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. INTRODUCTION .............................................................................................................................. 3 1.1. PURPOSE ....................................................................................................................................... 3 1.2. REFERENCES ................................................................................................................................. 3 1.3. PACKAGE ORGANIZATION ............................................................................................................. 3 2. CRYPTOGRAPHIC MODULE SPECIFICATION ....................................................................... 4 2.1. OVERVIEW .................................................................................................................................... 4 2.2. CRYPTOGRAPHIC BOUNDARY ....................................................................................................... 4 2.3. BLOCK DIAGRAM ......................................................................................................................... 5 2.4. MODULE ORGANIZATION .............................................................................................................. 6 2.5. ALGORITHMS ................................................................................................................................ 7 2.6. APPROVED MODE ......................................................................................................................... 7 3. CRYPTOGRAPHIC MODULE PORTS AND INTERFACES...................................................... 8 4. ROLES, SERVICES, AND AUTHENTICATION .......................................................................... 8 4.1. ROLES........................................................................................................................................... 8 4.2. SERVICES ...................................................................................................................................... 9 4.3. AUTHENTICATION ....................................................................................................................... 10 5. PHYSICAL SECURITY.................................................................................................................. 10 6. OPERATIONAL ENVIRONMENT ............................................................................................... 10 7. CRYPTOGRAPHIC KEY MANAGEMENT ................................................................................ 10 7.1. CSP ............................................................................................................................................ 11 7.2. KEY ENTRY AND OUTPUT ........................................................................................................... 11 7.3. KEY STORAGE ............................................................................................................................ 12 7.4. ZEROIZATION OF KEY MATERIAL................................................................................................ 12 8. SELF-TESTS .................................................................................................................................... 12 8.1. POWER-UP SELF-TESTS .............................................................................................................. 12 9. DESIGN ASSURANCE ................................................................................................................... 13 9.1. CONFIGURATION ......................................................................................................................... 13 9.2. DELIVERY ................................................................................................................................... 13 9.3. GUIDANCE DOCUMENTS ............................................................................................................. 13 10. MITIGATION OF OTHER ATTACKS ..................................................................................... 13 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 2 This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. Introduction 1.1. Purpose This document provides the cryptographic library module security policy (SP) for the HIBUN Cryptographic Module for Pre-boot from Hitachi Solutions, Ltd. This document describes how the HIBUN Cryptographic Module for Pre-boot meets the level 1 security requirements of FIPS 140-2. 1.2. References SP Title: HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy SP Version: 1.6 SP Publisher: Hitachi Solutions, Ltd. SP Published date: 01/11/2012 Cryptographic library module title: HIBUN Cryptographic Module for Pre-boot Cryptographic library module version: 1.0 Rev. 2 1.3. Package Organization The HIBUN Cryptographic Module package is comprised of three distinct modules (User-Mode module, Kernel-Mode module, and Pre-boot module). The HIBUN Cryptographic Module package includes the following: (1) SP - HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy (2) Guidance documents - HIBUN Cryptographic Module Guidance - HIBUN Cryptographic Module API specification (3) Cryptographic library module - HIBUN Cryptographic Module for User-Mode - HIBUN Cryptographic Module for Kernel-Mode - HIBUN Cryptographic Module for Pre-boot The executable modules that provide security functions. The document (1) and (2) describes these modules. This document is HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy. The All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 3 This document may be freely reproduced and distributed whole and intact including this copyright notice. cryptographic library module that this SP describes is HIBUN Cryptographic Module for Pre-boot. For the purposes of this document, “HIBUN Cryptographic Module” is referred to as “HIBUN Cryptographic Module for Pre-boot”. 2. Cryptographic Module Specification 2.1. Overview The HIBUN Cryptographic Module is a software module which resides on a general purpose computer, and is a cryptographic library module which meets the level 1 security requirements of FIPS 140-2. The HIBUN Cryptographic Module meets each of the security requirements as shown in the Table 1. Table 1: Security Level Specification Security Requirements Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A HIBUN Cryptographic Module is classified as a multi-chip standalone module, and provides symmetric key cipher, message digest, message authentication of the security functions approved by FIPS 140-2. The security functions are provided via the Application Programming Interface (API) to applications. For the purposes of this document, “cryptographic library module” is referred to as “HIBUN Cryptographic Module”. 2.2. Cryptographic Boundary The physical cryptographic boundary for the cryptographic library module is defined as the enclosure of the computer on which the cryptographic library module runs. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 4 This document may be freely reproduced and distributed whole and intact including this copyright notice. The logical cryptographic boundary for the cryptographic library module is defined as the whole cryptographic library module functions. 2.3. Block Diagram A block diagram of the cryptographic library module is shown in Figure 1. Figure 1 shows the cryptographic boundaries and I/O ports. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 5 This document may be freely reproduced and distributed whole and intact including this copyright notice. Physical Cryptographic Boundary Data Input Storage Memory CPU Logical Cryptographic Boundary HIBUN Cryptographic Module Power Power Supply API call Application Data Input Data Output Control Input Status Output I/O Port I/O Port I/O Port Network Monitor Keyboard Mouse The cryptographic library module does not input data from Operating System or output data to Operating System. I/O ports include followings: - Input physical ports: keyboard port, mouse port, network port - Output physical ports: monitor port, network port Figure 1: Block Diagram of the Cryptographic Boundary 2.4. Module Organization Figure 2 shows the module organization of the cryptographic library module. The cryptographic library module provides security functions to applications running on Pre-boot 16-bit as in Figure 2. In Figure 2, each arrow indicates the relationship between the cryptographic library module and calling applications. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 6 This document may be freely reproduced and distributed whole and intact including this copyright notice. Pre-boot Kernel Input Output HIBUN Cryptographic Module (Pre-boot 16-bit) sxwcryfp.com Figure 2: Relations between the HIBUN Cryptographic Module and OS 2.5. Algorithms The cryptographic library module provides symmetric key cipher, message digest, message authentication of the security functions approved by FIPS 140-2. Table 2 shows the FIPS 140-2 approved security functions provided by the cryptographic library module. Table 2: Approved Algorithms Service Algorithm Mode FIPS140-2 Publication Algorithm Approved Certificate Number Symmetric AES ECB, CBC, Yes FIPS 197 1779 Cipher Encrypt/Decrypt CFB 8 bit, (128 bit) CFB 128 bit, OFB AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (192 bit) CFB 128 bit, OFB AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (256 bit) CFB 128 bit, OFB Message Digest SHA-224 N/A Yes FIPS 180-3 1561 SHA-256 N/A Yes FIPS 180-3 Message HMAC-SHA224 N/A Yes FIPS 198 1044 Authentication HMAC-SHA256 N/A Yes FIPS 198 2.6. Approved Mode The cryptographic library module implements only FIPS 140-2 approved security functions. The All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 7 This document may be freely reproduced and distributed whole and intact including this copyright notice. cryptographic library module runs in a FIPS 140-2 approved mode using following steps: (1) Install the cryptographic library module and the application into the boot sector. (2) The application loads the cryptographic library module into memory. (3) The application calls the Load_Module service at the first address of the module, and gets the addresses of services. The cryptographic library module performs power-up self-tests in the Load_Module service. (4) The application calls services in the cryptographic library module. 3. Cryptographic Module Ports and Interfaces The cryptographic library module provides logical interfaces via APIs. Table 3 shows the mapping of the FIPS 140-2 logical interfaces, physical ports, and APIs provided by the cryptographic library module. Table 3: Interfaces FIPS140-2 Logical Physical ports Module Mapping Interfaces Data Input Interface Keyboard port, mouse port, network Parameters passed to the port, etc. module via the API Data Output Interface Monitor port, network port, etc. Data returned by the module via the API Control Input Interface Keyboard port, mouse port, network Control input through the API port, etc. and the API function calls Status Output Interface Monitor port, network port, etc. Information returned via the API 4. Roles, Services, and Authentication 4.1. Roles The cryptographic library module supports crypto officer role and user role. In the crypto officer role, the crypto officer can install the cryptographic library module. In the user role, the user can use the cryptographic library module installed by crypto officer. Table 4 shows description of each role. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 8 This document may be freely reproduced and distributed whole and intact including this copyright notice. Table 4: Roles Role Description Crypto officer (CO) The administrator who installs or uninstalls the module (CO can use the same services as the user role) - The crypto officer role is implicitly assumed when the application requests installation or uninstallation of the module. User General user who uses the module - The user role is implicitly assumed when the application requests services implemented by the module. 4.2. Services The cryptographic library module provides the services shown in Table 5. Table 5: Services Provided by the Cryptographic Library Module Type Algorithm Description Service Exported to Name Description Pre-boot 16-bit Symmetric AES Encrypt/ aes_create Create AES CO/User Cipher decrypt data instance using AES aes_init Initialize AES CO/User algorithm instance aes_encrypt_ Complete AES CO/User term encryption aes_decrypt_ Complete AES CO/User term decryption aes_mode Set AES mode CO/User aes_encrypt AES data CO/User encryption aes_decrypt AES data CO/User decryption aes_destroy Destroy AES CO/User instance Message SHA-2 Generate shs_init Create SHA CO/User Digest message instance digests All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 9 This document may be freely reproduced and distributed whole and intact including this copyright notice. shs_term Destroy SHA CO/User instance shs_update Get hash CO/User Message HMAC Generate hmac_init Create HMAC CO/User Authentication MAC values instance hmac_term Destroy HMAC CO/User instance hmac_update Get HMAC CO/User value Show Status - Get result Get_Status Get status CO/User of status Load Module - Load Load_Module Create module CO/User module instance Unload - Unload Unload_Module Change to CO/User Module module unload status 4.3. Authentication The cryptographic library module does not support any authentication for CO or user. The level 1 security requirements of FIPS 140-2 do not require any authentication mechanism for CO or user. 5. Physical Security Since the cryptographic library module is one of the software modules residing on a general purpose computer, the physical security shall be provided by the computer the cryptographic library module is running on. Therefore the physical security requirement of the cryptographic library module is not applicable. 6. Operational Environment The cryptographic library module is tested and validated to the level 1 security requirements of FIPS 140-2 using following operational environment: - Pre-boot 16-bit 7. Cryptographic Key Management Table 6 shows the critical security parameters (CSPs) in each algorithm used by the cryptographic library module. The “Input or Generate” column specifies whether the CSP is provided to the cryptographic library module or the cryptographic library module generates the CSP. The “Access All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 10 This document may be freely reproduced and distributed whole and intact including this copyright notice. Type” column specifies how the cryptographic library module accesses the CSP. Table 6: CSP Type Algorithm Service CSP Input or Generate Access Type Symmetric Cipher AES aes_create Secret Key Input Read aes_init N/A N/A N/A aes_encrypt_ Secret Key Input Read term aes_decrypt_ Secret Key Input Read term aes_mode N/A N/A N/A aes_encrypt Secret Key Input Read aes_decrypt Secret Key Input Read aes_destroy Secret Key Input Write Message Digest SHA-2 shs_init N/A N/A N/A shs_term N/A N/A N/A shs_update N/A N/A N/A Message HMAC hmac_init Secret Key Input Read Authentication hmac_term Secret Key Input Read/Write hmac_ Secret Key Input Read update Show Status - Get_Status N/A N/A N/A Load Module - Load_ N/A N/A N/A Module Unload Module - Unload_ N/A N/A N/A Module 7.1. CSP The CSP which cryptographic library module manages is shown in the Table 6. 7.2. Key Entry and Output Cryptographic keys are passed to the cryptographic library module via the APIs (logical interfaces) from a calling application, which is outside of the logical boundary of cryptographic library module. The cryptographic library module passes no cryptographic keys. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 11 This document may be freely reproduced and distributed whole and intact including this copyright notice. 7.3. Key Storage The cryptographic library module stores no keys. 7.4. Zeroization of Key Material The cryptographic library module performs zeroization of the CSP when the CSP is no longer used. The cryptographic library module zeroizes the CSP at: - aes_destroy performed (Encryption key) - hmac_term performed (Encryption key) - An internal error in the cryptographic library module (Encryption key) 8. Self-Tests The cryptographic library module implements both power-up self-tests as required by FIPS140-2. Table 7 shows the tests that the cryptographic library module performs. Table 7: Self-Tests Type Algorithm Test method Power-Up Conditional Self-Tests Self-Tests Algorithm Testing AES Known Answer Test Yes N/A SHA-2 Known Answer Test Yes N/A HMAC Known Answer Test Yes N/A Integrity Testing HMAC-SHA256 Known Answer Test Yes N/A Note: The Algorithm Testing of SHA-2 is tested as a part of the Algorithm Testing of HMAC. 8.1. Power-Up Self-Tests Power-up self-tests are performed automatically when the cryptographic library module is loaded. To perform power-up self tests on demand, unload and load again the cryptographic library module. The result of the power-up self-tests is output via the status output interface. If the power-up self-tests, including integrity testing, failed, the status output interface (Get_Status()) returns state of power-up error. The indicator is SXDCRYFP_STATUS_POWERUPERROR. When the power-up self-tests fail, the cryptographic library module enters an error state where no API calls are permitted except the following: Get_Status(), Load_Module(), Unload_Module(). To recover the cryptographic library module from the error state, it is required to perform Load_Module service again. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 12 This document may be freely reproduced and distributed whole and intact including this copyright notice. 9. Design Assurance 9.1. Configuration The items related to the designing and development of the cryptographic library module include the following: - Source code - Cryptographic library module - SP - Guidance documents - Other design documents Microsoft Visual SourceSafe1 (VSS) is used to provide configuration management to all the items above. VSS is a version control system by Microsoft. Each version of the item in VSS database is labeled uniquely. The items in VSS database are access controlled and modification is permitted to authorized developers only. 9.2. Delivery The cryptographic library module and the guidance documents are delivered on a CD-ROM. The SP is also available on the FIPS 140-2 Validation List web site. 9.3. Guidance Documents The crypto officer guidance in the HIBUN Cryptographic Module Guidance describes how to obtain the module, how to verify the integrity of the module, and how to install the module. The user guidance in the HIBUN Cryptographic Module Guidance and the HIBUN Cryptographic Module API specification describe how to use the services provided by the cryptographic library module. 10. Mitigation of Other Attacks The module does not contain security mechanisms to mitigate other attacks. 1 Visual SourceSafe is a registered trademark of Microsoft Corporation in the United States and/or other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 13 This document may be freely reproduced and distributed whole and intact including this copyright notice.