FIPS Level 1 Security Policy Version Number: 1.5 Date: February 29, 2016

Transcription

1 Nn-Prprietary Bx JCA Cryptgraphic Mdule 1.0 FIPS Level 1 Security Plicy Versin Number: 1.5 Date: February 29, 2016

2 Table f Cntents 1. MODULE OVERVIEW 3 2. MODES OF OPERATION APPROVED CRYPTOGRAPHIC FUNCTIONS ALL OTHER ALGORITHMS 6 3. PORTS AND INTERFACES 6 4. ROLES AND SERVICES CRYPTO-OFFICER AND USER ROLES APPROVED SERVICES 7 5. CRYPTOGRAPHIC KEYS AND CSPS 8 6. SELF-TESTS 9 2

3 3 1. Mdule Overview The Bx Java Cryptgraphy Architecture (JCA) Cryptgraphic Mdule is a Java Cryptgraphy Architecture prvider that prvides encryptin, hashing and randm number generatin utilizing FIPS apprved algrithms. The JCA is a sftware mdule that executes in a mdifiable peratinal envirnment by a general purpse cmputer. The lgical bundary f the sftware mdule includes f the fllwing cmpnents (Figure 1): bxjca_prvider.jar bx_sunjce_prvider.jar lcal_plicy.jar US_exprt_plicy.jar bxjca_prvider.hmac Figure 1: Bx JCA Cryptgraphic Mdule Blck Diagram Cryptgraphic Bundary Bx JCA Cryptgraphic Mdule Includes: bxjca_prvider.jar, bx_sunjce_prvider.jar, lcal_plicy.jar, US_exprt_plicy.jar, and bxjca_prvider.hmac Java Virtual Machine Operating System FIPS cnfrmance testing was perfrmed at Security Level 1. The cnfiguratin tested by the lab is described in Table 1. 3

4 4 Table 1: Cnfiguratin tested by the lab Sftware Cmpnent Operating System Java Run-Time Envirnment (JRE) bxjca_prvider.jar bx_sunjce_prvider.jar lcal_plicy.jar US_exprt_plicy.jar bxjca_prvider.hmac Scientific Linux 6.4 JRE JRE CPU Dell PwerEdge R610 using Intel(R) Xen(R) X5675 The Bx JCA Cryptgraphic Mdule meets FIPS Level 1 requirements as described in Table 2. Table 2: Mdule Security Level Statement FIPS Security Area Security Level Cryptgraphic Mdule Specificatin 1 Mdule Prts and Interfaces 1 Rles, Services and Authenticatin 1 Finite State Mdel 1 Physical Security Operatinal Envirnment 1 Cryptgraphic Key Management 1 EMI/EMC 1 Self-tests 1 Design Assurance 1 Mitigatin f Other Attacks 4

5 5 2. Mdes f Operatin In the FIPS apprved mde f peratin, the JCA mdule perfrms FIPS apprved security functins as listed in sectin 2.1 Apprved Cryptgraphic Functins. When the Java virtual machine begins executin, it lads the class BxPrvider f the bxjca_prvider and instantiates the prvider if the pwer-up self-tests have been passed successfully. The pwer-up self-tests are called frm the cnstructr f the class BxPrvider. 2.1 Apprved Cryptgraphic Functins The fllwing apprved cryptgraphic algrithms are used in the FIPS apprved mde f peratin. Table 3: Apprved Cryptgraphic Functins Algrithm AES ECB (128, 192, 256) AES CTR (128, 192, 256) CAVP Certificate 2666 SHS (SHA1, SHA256, SHA384 and SHA512) 2239 HMAC (HMAC-SHA1, HMAC-SHA256, HMAC- SHA384, and HMAC-SHA512) 1657 SP A HMAC_DRBG 429 5

6 6 2.2 All Other Algrithms In the nn-fips mde f peratin the mdule perfrms nn-apprved functins listed in this sectin. With the exceptin f NDRNG these functins shall nt be used in FIPS apprved mde f peratin. AES (CBC, PCBC, CTS, CFB, CFB8, CFB128, OFB, OFB8, and OFB128 mdes; nn-cmpliant) Blwfish DES Triple-DES (nn-cmpliant) RC2 Diffie-Hellman (nn-cmpliant) PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndTripleDES PBEWithSHA1AndRC2_40 ARCFOUR RSA (key wrapping; nn-cmpliant) HMAC-MD5 PBKDF2WithHmacSHA1 DSA (nn-cmpliant) MD2 MD5 SHA1PRNG NDRNG 3. Prts and Interfaces The lgical interfaces t the mdule are implemented via an Applicatin Prgramming Interface (API). The fllwing table describes each lgical interface. Table 4: FIPS Lgical Interfaces Lgical Interface Data Input Data Output Cntrl Input Status Output Descriptin Input parameters that are supplied t the API cmmands Output parameters that are returned by the API cmmands API cmmands Exceptins and return status prvided by API cmmands 6

7 4. Rles and Services and rles There are tw rles the mdule supprts: rle and a rle. 4.2 Apprved Services The mdule prvides the fllwing cryptgraphic services. Table 5: Rles and Services Service AES Cipher Encrypt / Decrypt SHA hash cmputatin HMAC hash cmputatin HMAC-SHA256 DRBG Randm utput Perfrm Self-Tests Zerizatin by pwer cycling r rebting the system Shw status Installatin f the mdule Crrespnding Rles Types f Access t Cryptgraphic Keys and Critical Security Parameters (CSPs) R Read W Write r Create Z Zerize AES Key: R Nne HMAC Key: R Entrpy Input: R DRBG seed: R, W AES key: W HMAC key: W All: Z 7

8 8 The mdule prvides the fllwing APIs: Cipher.getInstance Cipher.init Cipher.dFinal MessageDigest.getInstance MessageDigest.digest Mac.getInstance bxprvider.pweronselftest Mac.init Mac.dFinal SecureRandm.getInstance SecureRandm.setSeed SecureRandm.nextBytes The user must call the mdule s APIs with apprpriate parameters t invke the mdule s services. See user guidance fr details. Nn-Apprved cryptgraphic services are implementatins f Nn-Apprved algrithms. They are listed in the Sectin Cryptgraphic Keys and CSPs The table belw describes cryptgraphic keys and CSPs used by the mdule. Table 6: Cryptgraphic keys and CSPs emplyed by the mdule Key Descriptin/Usage Origin Zerizatin AES Key HMAC Key Entrpy Input DRBG Seed Used during AES encryptin and decryptin Used during cmputatin f HMAC Used during cnstructin f the seed Used during instantiatin f the DRBG Generated using HMAC_DRBG Generated using HMAC_DRBG Generated using NDRNG Cnstructed in accrdance with SP A Zerized during pwer cycle r rebt Zerized during pwer cycle r rebt Zerized during pwer cycle r rebt Zerized during pwer cycle r rebt The keys must be generated by using SP A HMAC_DRBG. The Keys and CSPs are stred in plain text within the mdule. 8

9 9 6. Self-tests The mdule perfrms pwer-up and cnditinal self-tests that are listed in the table belw. Upn failure f a pwer-up self-test the mdule thrws an exceptin and fails t lad. Upn failure f a cnditinal self-test the mdule thrws an exceptin and returns n data t the caller. The fllwing table describes self-tests implemented by the mdule. Table 7: Self-Tests Algrithm AES encrypt AES decrypt SHA1 SHA256 SHA384 SHA512 HMAC-SHA1 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512 SP800-90A HMAC_DRBG Native NDRNG Bx entrpy surce NDRNG Sftware integrity test Test Knwn Answer Test [] Cntinuus Randm Number Generatr test DRBG Health test Cntinuus Randm Number Generatr test Cntinuus Randm Number Generatr test using HMAC 9