Symantec Corporation

Similar documents
Juniper Networks Pulse Cryptographic Module. FIPS Level 1 Security Policy Version: 1.0 Last Updated: July 19, 2013

FIPS Security Policy

IOS Common Cryptographic Module (IC2M)

Juniper Network Connect Cryptographic Module Version 2.0 Security Policy Document Version 1.0. Juniper Networks, Inc.

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Silent Circle Mobile Application Cryptographic Module

FIPS Non-Proprietary Security Policy. Cotap Cryptographic Module. Software Version 1.0. Document Version 1.4.

Imprivata FIPS Cryptographic Module Non-Proprietary Security Policy Version: 2.9 Date: August 10, 2016

Samsung FIPS BC for Mobile Phone and Tablet FIPS Security Policy

FIPS Non-Proprietary Security Policy

FIPS Security Policy

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

FIPS Level 1 Validation March 31, 2011 Version 1.12

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

VMware, Inc. VMware Horizon JCE (Java Cryptographic Extension) Module

1 INTRODUCTION CRYPTOGRAPHIC MODULE SPECIFICATION... 9

Apple Inc. Apple OS X CoreCrypto Kernel Module, v5.0 FIPS Non-Proprietary Security Policy

EgoSecure GmbH. EgoSecure Full Disk Encryption (FDE) Cryptographic Module. FIPS Security Policy

ProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

Hitachi Virtual Storage Platform (VSP) Encryption Board. FIPS Non-Proprietary Cryptographic Module Security Policy

FireEye CM Series: CM-4400, CM-7400, CM-9400

Version 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005

Acme Packet VME. FIPS Level 1 Validation. Software Version: E-CZ Date: July 20, 2018

STS Secure for Windows XP, Embedded XP Security Policy Document Version 1.4

Dell SonicWALL. NSA 220, NSA 220W and NSA 240. FIPS Non-Proprietary Security Policy

This Security Policy describes how this module complies with the eleven sections of the Standard:

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

Security Policy Document Version 3.3. Tropos Networks

FireEye NX Series: NX-900, NX1400, NX-2400, NX-4400, NX4420, NX-7400, NX-7420, NX7500, NX-10000, NX-9450, NX10450

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Dolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.

FIPS Non-Proprietary Security Policy. Acme Packet FIPS Level 2 Validation. Hardware Version: Firmware Version: E-CZ8.0.

FIPS Cryptographic Module Security Policy Entrust Authority Security Toolkit for the Java Platform

FIPS Security Policy

Hydra PC FIPS Sector-based Encryption Module Security Policy

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402

Lexmark PrintCryption TM (Firmware Version 1.3.1)

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e, and CAP3502i Wireless LAN Access Points

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Dell Software, Inc. Dell SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA FIPS Non-Proprietary Security Policy

FIPS Security Policy UGS Teamcenter Cryptographic Module

RSA BSAFE Crypto-J JSAFE and JCE Software Module Security Policy Level 2 Roles, Services and Authentication

Sony Security Module. Security Policy

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 1 Roles, Authentication and Services

RSA BSAFE Crypto-C Micro Edition Security Policy

Security Policy: Astro Subscriber Motorola Advanced Crypto Engine (MACE)

Non-Proprietary Security Policy Version 1.1

Dolby IMS-SM FIPS Level 2 Validation. Nonproprietary Security Policy Version: 4

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

WatchKey USB Token Cryptographic Module Model Number: K6 Smart Card Chip: Z32L256D32U PCB: K003010A Firmware Version: 360C6702

Hughes Network Systems, LLC Hughes Crypto Kernel Firmware Version: FIPS Non-Proprietary Security Policy

Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017

Credant CmgCryptoLib Version 1.7 Credant Cryptographic Kernel Version 1.5 FIPS Non-Proprietary Security Policy, Version 1.7 Level 1 Validation

Oracle Linux 7 OpenSSH Server Cryptographic Module

Barco ICMP FIPS Non-Proprietary Security Policy

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module Non-Proprietary Security Policy

Oracle Linux 6 OpenSSH Server Cryptographic Module

Symantec Corporation Symantec Cryptographic Module Software Version: 1.1. FIPS Non-Proprietary Security Policy

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1

RSA BSAFE Crypto-J JSAFE and JCE Software Module 5.0 Security Policy Level 2 Roles, Authentication and Services

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module Non-Proprietary Security Policy

FIPS SECURITY POLICY FOR

WatchKey ProX USB Token Cryptographic Module Hardware Version: K023314A Firmware Version:

NXP Semiconductors JCOP 3 SecID P60 OSA FIPS Cryptographic Module Non Proprietary Security Policy

Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski

Cisco Systems 5760 Wireless LAN Controller

Cryptographic Algorithm Validation Program:

SecureDoc Disk Encryption Cryptographic Engine

SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module version 1.0. FIPS Non-Proprietary Security Policy

FIPS Security Level 2 Policy LX-4000T Series Console Servers

Security Requirements for Crypto Devices

Route1 FIPS Cryptographic Module

Motorola PTP 800 Series CMU Cryptographic Module Security Policy

Bluefly Processor. Security Policy. Bluefly Processor MSW4000. Darren Krahn. Security Policy. Secure Storage Products. 4.0 (Part # R)

Oracle Linux 6 NSS Cryptographic Module

CoSign Hardware version 7.0 Firmware version 5.2

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module Security Policy

IBM System Storage TS1140 Tape Drive Machine Type 3592, Model E07. Security Policy

Secure Cryptographic Module (SCM)

FEITIAN Technologies Company, LTD epass Token Hardware Version: FIPS Non-Proprietary Security Policy

Acme Packet 3820 and Acme Packet 4500

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 0.

SafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY

KEY-UP Cryptographic Module Security Policy Document Version 0.5. Ian Donnelly Systems (IDS)

econet smart grid gateways: econet SL and econet MSA FIPS Security Policy

Axway Inc. Axway Security Kernel (Software Versions: 3.0 and 3.0.1)

Security Policy for FIPS KVL 3000 Plus

1. Introduction FIPS and non-fips Operation... 9

Security Requirements of FIPS PUB 140 & Reconfigurable Hardware. G. Bertoni Politecnico di Milano

Cisco VPN 3002 Hardware Client Security Policy

FIPS Validation Certificate

RFS7000 SERIES Wireless Controller. FIPS Cryptographic Module Security Policy

MultiApp ID V2.1 Platform FIPS Cryptographic Module Security Policy

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Inside the World of Cryptographic Algorithm Validation Testing. Sharon Keller CAVP Program Manager NIST ICMC, May 2016

Transcription:

Symantec Corporation Symantec PGP Cryptographic Engine FIPS 140-2 Non-proprietary Security Policy Document Version 1.0.4 Revision Date 05/01/2015 Symantec Corporation, 2015 May be reproduced only in its entirety (without revision).

Table of Contents 1 INTRODUCTION... 2 2 MODULE SPECIFICATIONS... 3 2.1 SUPPORTED ALGORITHMS... 4 2.2 NON-APPROVED ALGORITHMS... 5 2.3 CRYPTOGRAPHIC BOUNDARY... 5 2.4 PORTS AND INTERFACES... 7 2.5 SECURITY LEVEL... 8 2.6 OPERATIONAL ENVIRONMENT... 9 2.7 APPROVED MODE OF OPERATION... 10 3 SECURITY RULES... 11 4 ROLES AND SERVICES... 12 5 ACCESS CONTROL POLICY... 13 5.1 CRITICAL SECURITY PARAMETERS... 13 5.2 ACCESSES... 13 5.3 SERVICE TO CSP ACCESS RELATIONSHIP... 14 6 PHYSICAL SECURITY POLICY... 16 7 SELF-TESTS... 16 7.1 POWER-UP TESTS... 17 7.2 CONDITIONAL SELF-TESTS... 18 7.3 ON-DEMAND TESTS... 18 8 MITIGATION OF OTHER ATTACKS... 19 Symantec Corporation, 2015 May be reproduced only in its entirety (without revision).

1 Introduction The PGP Cryptographic Engine (SW Version 4.3) (hereafter referred to as the cryptographic module or the module ) is a software only cryptographic module validated to the standards set forth by the FIPS PUB 140-2 Security Requirements for Cryptographic Modules document published by the National Institute of Standards and Technology (NIST). The module is intended to meet the security requirements of FIPS 140-2 Level 1 overall. This document, the Symantec PGP Cryptographic Engine FIPS 140-2 Nonproprietary Security Policy, also referred to as the Security Policy, specifies the security rules under which the module must operate. Page 2

2 Module Specifications The PGP Cryptographic Engine (SW Version 4.3) is a software-only cryptographic module embodied as a shared library binary that executes on general-purpose computer systems and is available on a number of operating systems. The specific operating system and version to be validated is specified in the "Operational Environment" section of this document. The PGP Cryptographic Engine cryptographic module is accessible to client applications through an application-programming interface (API). The module provides a FIPS mode of operation, which is described in the "Approved Mode of Operation" section of this document. For the purposes of FIPS 140-2, the PGP Cryptographic Engine is classified as a multichip standalone module. Page 3

2.1 Supported Algorithms The PGP Cryptographic Engine implements the following Approved algorithms in the FIPS Approved mode of operation. Type Algorithm Certificate Number Symmetric Key Triple-DES (3-Key) TECB, TCBC, TCFB AES (128,192,256) ECB, CBC and CFB128 FIPS 46-3 (cert # 1675, 1676, 1683, 1684, 1711, 1712, 1713, 1714, 1715, 1716) FIPS 197 (cert # 2766, 2786, 2799, 2805, 2866, 2867, 2868, 2869, 2870, 2871) Message Digest SHA-1, 256, 384, 512 FIPS 180-3 (cert # 2342, 2343, 2351, 2353, 2408, 2409, 2410, 2411, 2412, 2413) Message Authentication HMAC SHA-1, 256, 384, 512 FIPS 198 (cert # 1746, 1747, 1755, 1756, 1805, 1806, 1807, 1808, 1809, 1810) Digital Signature RSA (2048, 3072) FIPS 186-4 (cert # 1459, 1465, 1466, 1468, 1503, 1504, 1505, 1508, 1509, 1510) DSA (L = 2048, N = 224; L = 2048, N = 256; L = 3072, N = 256 FIPS 186-4 (cert # 846, 847, 848, 849, 859, 860, 861, 862, 863, 864) ECDSA (P-256, P-384) FIPS 186-4 (cert # 487, 488, 489, 490, 509, 510, 511, 512, 513, 514) Key Establishment DRBG CVL: ECC CDH Primitive (P-256, P-384) AES256_CTR with derivation function SP 800-56A (cert # 240, 241, 248, 249, 302, 303, 304, 305, 306, 307) SP 800-90A (cert # 473, 474, 478, 479, 510, 511, 512, 513, 514, 515) Table 1 - Algorithms supported by the PGP Cryptographic Engine Page 4

The PGP Cryptographic Engine also implements the following non-approved but allowed in the FIPS Approved mode of operation Algorithms: NDRNG RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) 2.2 Non-Approved Algorithms NOTICE: The PGP Cryptographic Engine module provides the following non-fips approved algorithms only in non-fips mode of operation. The services listed in Table 2 are available to the calling application. However the use of any such service is an explicit violation of this Security Policy and is explicitly disallowed by this Security Policy. Non-Approved Service Non-Approved Algorithms Non-Approved Encrypt/Decrypt AES EME2 (non-compliant), AES PlumbCFB (non-compliant), AESMixCBC (noncompliant), RC2, ARC4, IDEA, CAST5, TwoFish, BlowFish, ElGamal Non-Approved Signature generation and verification Non-Approved Hashing Non-Approved Key Derivation RSA and DSA with modulus size 1024(noncompliant), RSA SHA-1(non-compliant), DSA SHA-1(non-compliant), ECDSA SHA-1(noncompliant) MD-5, RIPEMD160, MD-2, KECCEK PBKDF2(non-compliant), KBKDF(non-compliant) OpenPGP S2K Iterated salted Table 2 Non-Approved Algorithms supported by the PGP Cryptographic Engine 2.3 Cryptographic Boundary The physical cryptographic boundary is defined as the computer's case that the PGP Cryptographic Engine is installed in and includes all the accompanying hardware. The module s logical cryptographic boundary is defined to be a subset of the PGP Cryptographic Engine binary software library as defined by the "Roles and Services" section of this document. Page 5

An operator is accessing (or using) the module whenever one of the library calls is executed through the API and thus the module logical interfaces are provided by the API calls. Client Application Programming API Module - TDES - AES - ECC CDH - RSA - DSA - ECDSA - HMAC - SHS - DRBG Figure 1 - Module Cryptographic Boundary Note that the dashed line represents the PGP Cryptographic Engine crypto boundary. Page 6

2.4 Ports and Interfaces The module restricts all access to its Critical Security Parameters (CSPs) through the API calls as enumerated in the "Roles and Services" section of this document. This API acts as the logical interface to the module. Although the computer s physical ports such as keyboards, mouse, displays, hard disks, smart card interfaces, etc. provide a means to access the cryptographic module, the actual interface is via the API itself. For the purpose of FIPS 140-2, the logical interfaces can be modeled as described in the following table. Data Input Data Output Control Input Status Output Parameters passed to the module via API calls. Data returned by the module via API calls. Control Input API function calls. Error and status codes returned by API calls. Table 3 - PGP Cryptographic Engine Logical Ports Input and output data can consist of plain-text, cipher-text, and cryptographic keys as well as other parameters. The module does not support a cryptographic bypass mode. All data output is inhibited during an error state. Data output is also inhibited during the self-test process. Page 7

2.5 Security Level The PGP Cryptographic Engine Module meets the overall security requirements of FIPS 140-2 Level 1. Security Requirements Area Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 3 Mitigation of Other Attacks N/A Table 4 - Module Security Level Specification Page 8

2.6 Operational Environment The following Operating Systems were used to operationally test and validate the PGP Cryptographic Engine to the requirements of FIPS-140-2. Apple Mac OS X 10.7 with AES-NI Apple Mac OS X 10.7 without AES-NI Microsoft Windows 7 32-bit with AES-NI Microsoft Windows 7 32-bit without AES-NI Microsoft Windows 7 64-bit with AES-NI Microsoft Windows 7 64-bit without AES-NI Red Hat Enterprise Linux (RHEL) 6.2 32-bit with AES-NI Red Hat Enterprise Linux (RHEL) 6.2 32-bit without AES-NI Red Hat Enterprise Linux (RHEL) 6.2 64-bit with AES-NI Red Hat Enterprise Linux (RHEL) 6.2 64-bit without AES-NI As per FIPS Implementation Guidance the PGP Cryptographic Engine module will remain compliant with the requirements of FIPS 140-2 when operating on the following compatible Operating Systems: Microsoft Windows 8 32-bit Microsoft Windows 8 64-bit Apple Mac OS X 10.8 Apple Mac OS X 10.9 Virtualized vsphere 5.1 / ESXi 5.1 hypervisor w/ Windows 8.1 update 1 x64 with AES-NI Virtualized vsphere 5.1 / ESXi 5.1 hypervisor w/ Windows Server 2012 R2 x64 with AES-NI The tested operating systems segregate user processes into separate process spaces. Each process space is logically separated from all other processes by the operating system software and hardware. The Module functions entirely within the process space of the calling application, and implicitly satisfies the FIPS 140-2 requirement for a single user mode of operation. Page 9

2.7 Approved Mode of Operation The PGP Cryptographic Engine provides a FIPS 140-2 compliant mode of operation. It is possible to use various non-approved algorithms (see section 2.2) in the non-fips mode of operation; in this case the FIPS 140-2 self-tests are still required to be run and pass validation prior to using the non-approved algorithms. The client application can, at any time, verify the status by performing the PGPceGetSDKErrorState() API call. An application can also check the module error state and run all or any specific self-test through making the proper API calls. Page 10

3 Security Rules Following is a list of security requirements that specify the Approved mode of operation and must be adhered to when complying with FIPS 140-2. 1. PGP Cryptographic Engine must be used as described in this document. 2. Installation of the module is the responsibility of the Crypto Officer. 3. The cryptographic module provides a FIPS 140-2 compliant mode of operation. Before the module can be used, it must be initialized as described in the "Approved Mode of Operation" section of this document. 4. The cryptographic module conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class B ( i.e., for Home use) which vacuously satisfies Class A. 5. Only FIPS approved or allowed cryptographic algorithms as enumerated in the "Supported Algorithms" section of this document are to be used. 6. The cryptographic module inhibits data output during self-tests and error states. The data output interface is logically disconnected from the processes performing zeroization. 7. The zeroization process can be achieved using the appropriate API function: PGPceFreeSymmetricCipherContext, PGPceFreeCBCContext, PGPceFreeCFBContext, PGPceFreeHashContext, PGPceFreeHMACContext or PGPceWipeSymmetricCipher, PGPceFreePKContext. 8. PGP Cryptographic Engine is designed to meet FIPS 140-2, security Level 1, therefore the module does not provide authentication mechanisms. Page 11

4 Roles and Services The module operator is defined as any client application that is linked to the PGP Cryptographic Engine shared library (PGPce.dll on the Windows platforms, libpgpce.dylib on OS X platforms, and libpgpce.so.4.3.0 on Linux platforms) The cryptographic module supports two roles (described below). An operator accesses both roles while using the module and the means of access is the same for both roles. A role is implicitly assumed based on the services that are accessed. The Crypto Officer (CO) is any entity that can install the module library onto the computer system, configure the operating system, and validate the compliance of the module. The Crypto Officer s role is implicitly selected when installing the module, or configuring the operating system. Installation is accomplished by running an installation program. The Crypto Officer must have permission to write the library constituting the PGP Cryptographic Engine into an operating system directory; typically, this requires administrator access to the operating system. The roles are defined as the following: User: Shall be allowed to perform all services provided by the module. Crypto Officer: Shall be allowed to perform all services provided by the module and additionally is responsible for the installation of the module. Page 12

Access Control Policy In the PGP Cryptographic Engine, access to critical security parameters is controlled. A module User or Crypto Officer can only read, modify, or otherwise access the security relevant data through the cryptographic module services provided by the module API interface. This section details the Critical Security Parameters (CSPs) in the cryptographic module that a User or Crypto Officer can access, how the CSPs can be accessed in the cryptographic module, and which services are used for access to the data item. 4.1 Critical Security Parameters The Critical Security Parameters (CSPs) used by the PGP Cryptographic Engine module are protected from unauthorized disclosure, modification, and substitution. Definition of CSPs: TDES Key - used to TDES encrypt/decrypt data. AES Key - used to AES encrypt/decrypt data. RSA Key Pairs - used for signing and verification RSA Key Pairs used for encrypt/decrypt (key wrapping only) DSA Key Pairs - used for signing and verification ECDSA Key Pairs - used for signing and verification ECC CDH Key Pairs used for key pair establishment DRBG entropy and seed used for random bit generation HMAC Key - used for message authentication of data. 4.2 Accesses The types of access to CSPs in the PGP Cryptographic Engine module are listed in the following table. Page 13

Access Description create The item is created. destroy The item is destroyed, in other words the data is cleared (actively overwritten) from any memory in the cryptographic module and then that memory is released. read write The item is accessed for reading and use. The item is modified or changed. Table 5 - CSP Access Types 4.3 Service to CSP Access Relationship The following table shows which CSPs are accessed by each service, the role(s) the operator must be in for access, and how the CSP is accessed on behalf of the operator when the service is performed. Several services provided by the PGP Cryptographic Engine module do not access any CSPs and are included here for completeness. Page 14

Service CO User CSP create destroy read write Encrypt/decrypt data with symmetric key X X TDES Encrypt Key AES Encrypt Key Signature generation and verification X X RSA/DSA/ECDSA key pairs Hash data X X N/A Compute HMAC on data X X HMAC Key ECC CDH key pair establishment X X ECC CDH key pairs Data storage management X X N/A Show status X X N/A Run self-tests X X N/A Zeroize TDES Key AES Key RSA Key Pairs X X DSA Key Pairs ECDSA Key Pairs ECC CDH Key Pairs DRBG entropy and seed HMAC Key Table 6 - Module Services vs Role Access Page 15

5 Physical Security Policy The PGP Cryptographic Engine is implemented as a software module, and as such the physical security section of FIPS 140-2 is not applicable. Physical Security Mechanisms Recommended Frequency of Inspection/Test Inspection/Test Guidance Details N/A N/A N/A Table 7: Inspection/Testing of Physical Security Mechanisms 6 Self-Tests The PGP Cryptographic Engine provides for two forms of self-tests: power-on, and on-demand. Software integrity test is performed using ECDSA P-384 with SHA-256 signature verification. The FIPS integrity check and self-test are a mandatory operation and run automatically without operator intervention. The results of the integrity check and self-tests are reported by PGPceGetSDKErrorState(). All data output is prohibited during the self-test process. If any of these test fail, the module will enter an error state, which can only be cleared by powering down the module. Once in an error state, all further cryptographic operations and data output is disabled. A client application can also ascertain module at anytime by using the PGPceGetSDKErrorState() function. Possible error codes returned by the selftest routines include: kpgperror_noerr self-test was successful. kpgperror_selftestfailed self-test Failed. Page 16

6.1 Power-Up Tests The following self-tests will run and in the following order until all the tests have been completed successfully or until one of the tests fail. Algorithm Software Integrity Test Test Attributes ECDSA signature verification TDES Encrypt, ECB mode, 3 key KAT 1 TDES DSA AES AES RSA RSA RSA Decrypt, ECB mode, 3 key KAT Sign, Verify using 2048-bit with SHA-256 KAT Encrypt, CBC mode, 128-bit, 192-bit, 256-bit KAT Decrypt, CBC mode, 128-bit, 192-bit, 256-bit KAT Sign, Verify using 2048-bit with SHA-256 KAT 2048-bit Encrypt KAT 2048-bit Decrypt KAT SHA SHA-1, 256, 384, 512 from FIPS 180-4 KAT HMAC ECDSA DRBG ECC CDH HMAC SHA-1, 256, 384, 512 KAT Sign, Verify P-256 with SHA-256 KAT CTR_DRBG: AES, 256-bit KAT ECC CDH P-256 Primitive Z computation KAT Table 8 - Power On Self Tests 1 Known Answer Test Page 17

6.2 Conditional self-tests Algorithm ECDSA RSA RSA DSA NDRNG DRBG Test Attributes Sign, Verify (using SHA-256) Pair-wise consistency Sign, Verify (using SHA-256) Pair-wise consistency Encrypt, Decrypt Pair-wise consistency Sign, Verify (using SHA-256) Pair-wise consistency Continuous Random Number Generation test Continuous Random Number Generation test Table 9 - Conditional self-tests 6.3 On-Demand Tests Power-up tests can be initiated on-demand by power cycling the module. The client application can optionally initiate a specific test or all tests on demand by using the PGPceRunSelfTest() or PGPceRunAllSelfTests() functions respectively. Note that if the on-demand tests fail, the module will enter an error state in a manner identical to the power-on self-tests. Page 18

7 Mitigation of Other Attacks The Mitigation of Other attacks security section of FIPS 140-2 is not applicable to the PGP Cryptographic Engine module. The module is not designed to mitigate against attacks outside the scope of FIPS 140-2. Other Attacks Mitigation Mechanism Specific Limitations N/A N/A N/A Table 10 Mitigation of Other Attacks Page 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback