FIPS 140-2 Security Policy for Nuvoton Cryptographic Module FIPS 140-2 Security Policy for Nuvoton Technology Corporation Nuvoton TPM 1.2 Hardware Version: FD5C37 Firmware version: 4.1.5 Document Version: 1.13 Last Revision: Sep 10 2013 This document may be reproduced only in its original entirety 1 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module Table of Contents Contents 1. General ................................................................................................................................................... 4 2. Cryptographic Functions. ............................................................................................................... 7 3. Ports and Interfaces. ........................................................................................................................ 8 4. Roles, Services and Authentication ............................................................................................ 9 5. Cryptographic Key Management. ............................................................................................. 11 6. Power-On Self Tests. ..................................................................................................................... 15 7. Conditional Self Tests. .................................................................................................................. 16 8. Crypto Officer Guidance............................................................................................................... 16 9. User Guidance. .................................................................................................................................. 16 10. Acronyms. ........................................................................................................................................ 17 This document may be reproduced only in its original entirety 2 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module List of Tables Table 1. Security Levels ........................................................................................................................ 6 Table 2. Cryptographic Functions. ................................................................................................... 7 Table 3 Interfaces and ports ............................................................................................................... 8 Table 4. Roles............................................................................................................................................ 9 Table 5. Services. ................................................................................................................................. 10 Table 6. Cryptographic Keys. ........................................................................................................... 14 Table 7. Self-tests. ................................................................................................................................ 15 This document may be reproduced only in its original entirety 3 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 1. General Nuvoton Trusted Platform Module is a hardware cryptographic module, which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation. The module is a single chip module, which provides cryptographic services utilized by external applications. The module meets commercial-grade specifications for power, temperature, reliability, and shock/vibrations. The module models used for the testing are as follows: • Nuvoton TPM 1.2 Hardware version: FD5C37 Firmware version: 4.1. 5 Note: the model designation above corresponds to one single model of the product. An image depicting the module is provided below. Figure 1: Hardware and Physical Cryptographic Boundary This document may be reproduced only in its original entirety 4 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module The physical security boundary of the module is the outer boundary of the chip packaging. A logical diagram of the module is provided below TPM 1.2 Block Power Non- Diagram RNG Managem Volatile ent Data Host Crypto Proces Interface LPC \ I2C Code Accelerat (TIS sor Bus or Emulatio Volatile Peripher GPIO Data als GPI0 Figure 2: Logical Diagram This document may be reproduced only in its original entirety 5 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module The module was tested to meet overall Security Level 1 of the FIPS 140-2 standard. The Security Level per FIPS 140-2 section is specified below FIPS 140-2 Section Security Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services and Authentication 1 Finite State Model 1 Physical Security 1 Operating Environment N/A Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A Table 1. Security Levels This document may be reproduced only in its original entirety 6 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 2. Cryptographic Functions. The module implements the following Cryptographic Functions. Cryptographic Key Size Use Certificate Function Number Approved Functions AES encrypt 128 bits Encryption #2354 Modes: ECB, CTR RSA sign/verify 1024 bits, 2048 Digital Signatures #1215 bits SHS hash N/A Message Digest #2028 SHA-1 HMAC keyed hash 160 bits Keyed Message Digest #1460 HMAC-SHA-1 FIPS 186-3 2048 Key Pair Generation #1215 Generation of RSA Keys FIPS 186-2 RNG N/A Random number #1174 generation, generation of symmetric keys Approved Services CVL (SP 800-135 #59 rev1) Allowed for use functions RSA Key Wrapping 1024, 2048 bits Wrap/Unwrap N/A symmetric keys Hardware-based N/A Obtain the seed and N/A non-Approved non- the seed key for the deterministic RNG FIPS 186-2 RNG. (entropy source). Table 2. Cryptographic Functions. In the Approved mode of operation the module supports key sizes from 1024 or 2048 bits for RSA key wrapping, which corresponds to the effective key strength from 80 or 112 bits. This document may be reproduced only in its original entirety 7 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 3. Ports and Interfaces. The physical ports of the module are I2C Bus, LPC Bus. The logical interfaces and their mapping to physical ports of the module are described below Logical Interface Description Physical Port(s) Control Input Control Input commands I2C Bus/LPC Bus Interface issued to the chip Status Output Status data output by the chip I2C Bus/LPC Bus Interface Data Input Data provided to the chip as I2C Bus/LPC Bus Interface part of the data processing commands Data Output Data output by the chip a part I2C Bus/LPC Bus Interface of the data processing commands Power Interface Power interface of the chip Power and ground pins Table 3 Interfaces and ports The module does not include a maintenance interface. This document may be reproduced only in its original entirety 8 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 4. Roles, Services and Authentication The services provided by the module do not require authentication. The module always runs in the Approved mode of operation. The module implements the following roles: Role High Level Description Crypto Officer Installs and configures the product, manages users User Executes crypto algorithms and generates keys Table 4. Roles. The module provides a set of services described below. For each service, a description of the service is provided and roles in which the service is available are specified. Service Description Role Get Status The module implements a Get Status Crypto Officer command that returns the status of the module, including success or failure of self- tests Run Self- The module runs power-up self-tests Crypto Officer Tests automatically, when the module is powered on. One can execute self-tests on demand by power-cycling the module Encrypt Encrypt data User Zeroize Zeroize (irreversibly destroy) module's Crypto Officer cryptographic keys and CSPs The keys and CSPs stored in the non-volatile and volatile memory are zeroized by executing the key/entity zeroization commands TPM_FlushSpecific TPM_OwnerClear This document may be reproduced only in its original entirety 9 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module Service Description Role MAC / Calculate/Verify MAC for data User MAC Verify Key Generate symmetric encryption keys or User Generate HMAC keys RSA Sign/Verify data using RSA User Sign/Verify RSA Wrap Wrap/Unwrap cryptographic keys using User /Unwrap RSA RSA Key Generate RSA public-private key pairs User Generate Key Import Import wrapped symmetric keys and User public-private keys pairs TPM Authenticate TPM Identity to other parties User Identity TPM Prove to other parties that TPM is a genuine User Endorseme TPM nt Unbinding Unbind symmetric keys using RSA Private User Binding Key TPM Get Get random data User Random TPM Stir Add entropy to the random bit generator User Random Install Install Module Crypto Officer Module Table 5. Services. This document may be reproduced only in its original entirety 10 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 5. Cryptographic Key Management. The table below specifies each cryptographic key utilized by the module. For each key the table provides a description of its use and derivation or import and storage. Key or CSP Usage Service/Access Origin/Storage AES symmetric Used to encrypt Encrypt: R Generated or encryption data imported by the keys Key Gen : W module, stored in OTP or in non- Key Wrap/Unwrap: volatile Flash in W plaintext Key Import: W Zeroize : W RSA public Used to verify RSA Sign/Verify : R Generated or signing keys signatures on imported by the data RSA Key Gen : W module, stored in volatile RAM or Zeroize : W in non-volatile Flash in plaintext Key Wrap/Unwrap: W Key Import: W RSA private Used to sign data RSA Sign/Verify : R Generated or signing keys imported by the module, stored in RSA Key Gen : W volatile RAM or in non-volatile Key Import: W Flash in plaintext Zeroize : W RSA public Used to wrap RSA Wrap/Unwrap : Generated or storage keys symmetric keys R imported by the module, stored in Key Import: W volatile RAM or in non-volatile RSA Key Gen : W Flash in plaintext Zeroize : W This document may be reproduced only in its original entirety 11 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module RSA private Used to unwrap RSA Wrap/Unwrap: Generated or storage keys symmetric keys R imported by the module, stored in RSA Key Gen : W volatile RAM or in non-volatile Key Import: W Flash in plaintext Zeroize : W RSA public Used to prove TPM Identity: R Generated or identity keys identity of TPM imported by the RSA Key Gen : W module, stored in volatile RAM or Key Import: W in non-volatile Flash in plaintext Zeroize : W RSA private Used to prove TPM Idenity : R Generated or identity keys identity of TPM imported by the RSA Key Gen : W module, stored in volatile RAM or Key Import: W in non-volatile Flash in Zeroize : W plaintext RSA public Used to by an Data Binding : R Generated or binding keys external entity to imported by the bind (wrap) a key RSA Key Gen : W module, stored in volatile RAM or Key Import : W in non-volatile Flash in plaintext Zeroize : W RSA private Used to unbind Data Binding : R Generated or binding keys (unwrap) a key imported by the bound by a RSA Key Gen : W module, stored in external entity volatile RAM or Zeroize : W in non-volatile Flash in plaintext HMAC Keys Used to calculate MAC/MAC Verify : R Generated or and verify MAC imported by the codes for data Key Gen : W module, stored in volatile RAM or Key Import: W in non-volatile Flash in plaintext Zeroize : W This document may be reproduced only in its original entirety 12 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module RNG seed Used to seed the Key Gen : R Generated by the RNG module using the RSA Key Gen : R non-Approved non- deterministic Zeroize : W hardware RNG (entropy source) Generated by the module, stored in volatile RAM in plaintext RNG Seed Key Used to seed the Key Generate : R Generated by the RNG module using the RSA Key Gen : R non-Approved non- Zeroize : W deterministic hardware RNG (entropy source), stored in volatile RAM in plaintext RSA Storage Private Root key Generated by the Root Key for the hierarchy module Private Key of keys associated Zeroize : W with TPM RSA Storage Public Root key Generated by the Root Key for the hierarchy Zeroize : W module Public Key of keys associated with TPM RSA Used to prove to TPM Endorsement : Installed at the Endorsement the external R factory Public Key parties that TPM is a genuine TPM This document may be reproduced only in its original entirety 13 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module RSA Used to prove to TPM Endorsement : Installed at the Endorsement the external R factory Private Key parties that TPM is a genuine TPM. The key signs a challenge provided by an external party. Since the key is only known to the manufacturer, this proves to the external party that the TPM is genuine. HMAC Used for HMAC Key Generate: W Generated by the Authentication authentication of MAC/MAC Verify: R module Key data Table 6. Cryptographic Keys. Note: R is defined as read access, W is defined as write access. This document may be reproduced only in its original entirety 14 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 6. Power-On Self Tests. The module implements a power-up integrity check using a 128-bit error detection code. The module implements the following power-up cryptographic algorithm tests: Cryptographic Function Test Type AES CTR encrypt Known Answer Test (encrypt) RSA sign/verify Known Answer Test (sign/verify) HMAC keyed hash Known Answer Test (keyed hash) RNG random number generation Known Answer Test (generate random block) SHS hash SHA-1 Known Answer Test (generate SHA1 digest) Table 7. Self-tests. This document may be reproduced only in its original entirety 15 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 7. Conditional Self Tests. The module executes continuous RNG test on each execution of the FIPS 186-2 RNG. The module executes continuous RNG test on each execution of the non-Approved hardware non-deterministic RNG (entropy source). The module executes conditional pair-wise consistency check for RSA public-private key pairs each time an RSA key pair is generated using FIPS 186-3 key pair generation algorithm. If any of the conditional or power-on self-tests fail, the module enters an error state where both data output and cryptographic services are disabled. 8. Crypto Officer Guidance. To install the module in the Approved Mode of operation, the following steps must be followed: a) The module must be physically controlled during the installation b) The module must be placed on the PCB as described in the module technical specifications 9. User Guidance. The users shall take security measures to protect tokens used to authenticate the user to the module (Note: authentication is not covered by the FIPS 140-2 Level 1 requirements). This document may be reproduced only in its original entirety 16 FIPS 140-2 Security Policy for Nuvoton Cryptographic Module 10. Acronyms AES Advanced Encryption Algorithm CPU Central Processing Unit EMC Electro Magnetic Compatibility EMI Electro Magnetic Interference FIPS Federal Information Processing Standard HMAC Hash-based Message Authentication Code OTP One Time programming Non-Volatile Memory PCB Printed Circuit Board R Read privilege RAM Random Access Memory RNG Random Number Generator RSA Rivest Shamir Adleman SHS Secure Hash Standard SP Special Publication TCG Trusted Computing Group TPM Trusted Platform Module W Write privilege This document may be reproduced only in its original entirety 17