Copyright © 2014 Northrop Grumman M5 Network Security. All rights reserved.
9 Physical Security
The Kernel Module is comprised of software only and thus does not claim any physical security.
10 Operational Environment
No debugging tools should be used in the operating environment while in FIPS mode.
The Kernel Module requires that the operating system is restricted to a single operator mode and
that the kernel component making the calls to the cryptographic module is the only user of that
module.
11. Cryptographic Key Management
11.1 Key Generation
The module performs no key generation, however it does provide a Cryptographic PRNG that
implements ANSI X9.31 Appendix A.2.4 using AES-128 that users can utilise for key generation.
11.2 Key Storage
Keys are not stored by the Kernel Module. The operating system and memory management features
of the X86 CPUs protect keys in memory from unauthorised access. Setting of keys is a distinct API
call, separate to encrypt/decrypt operations ensuring that keys and data cannot be mixed.
11.3 Key Zeroisation
When cryptographic objects are freed with the API calls, the memory locations are first overwritten
with zeros before returning to the calling function. Note that the integrity check key used to verify
the kernel binary is external to the Kernel Module and stored within the fipscheck binary. It cannot
be zeroised in this fashion.
11.4 Key Usage
Key usage is done by the calling program. There is no manual entry capability as key entry is done
solely by the API.
12. Guidance
12.1 User Guidance
The Kernel Module implements the Triple DES CTR (Non-compliant) and AES GCM (Non-compliant)
algorithms but these should not be used.