Hitachi Solutions, Ltd. HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy Level 1 Validation Document Version 1.6 01/11/2012 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. INTRODUCTION .............................................................................................................................. 3 1.1. PURPOSE ....................................................................................................................................... 3 1.2. REFERENCES ................................................................................................................................. 3 1.3. PACKAGE ORGANIZATION ............................................................................................................. 3 2. CRYPTOGRAPHIC MODULE SPECIFICATION ....................................................................... 4 2.1. OVERVIEW .................................................................................................................................... 4 2.2. CRYPTOGRAPHIC BOUNDARY ....................................................................................................... 4 2.3. BLOCK DIAGRAM ......................................................................................................................... 5 2.4. MODULE ORGANIZATION .............................................................................................................. 6 2.5. ALGORITHMS ................................................................................................................................ 7 2.6. APPROVED MODE ......................................................................................................................... 8 3. CRYPTOGRAPHIC MODULE PORTS AND INTERFACES...................................................... 8 4. ROLES, SERVICES, AND AUTHENTICATION .......................................................................... 9 4.1. ROLES........................................................................................................................................... 9 4.2. SERVICES ...................................................................................................................................... 9 4.3. AUTHENTICATION ....................................................................................................................... 11 5. PHYSICAL SECURITY.................................................................................................................. 11 6. OPERATIONAL ENVIRONMENT ............................................................................................... 11 7. CRYPTOGRAPHIC KEY MANAGEMENT ................................................................................ 12 7.1. CSP ............................................................................................................................................ 13 7.2. KEY ENTRY AND OUTPUT ........................................................................................................... 13 7.3. KEY STORAGE ............................................................................................................................ 13 7.4. ZEROIZATION OF KEY MATERIAL................................................................................................ 13 8. SELF-TESTS .................................................................................................................................... 13 8.1. POWER-UP SELF-TESTS .............................................................................................................. 13 9. DESIGN ASSURANCE ................................................................................................................... 14 9.1. CONFIGURATION ......................................................................................................................... 14 9.2. DELIVERY ................................................................................................................................... 14 9.3. GUIDANCE DOCUMENTS ............................................................................................................. 14 10. MITIGATION OF OTHER ATTACKS ..................................................................................... 14 All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 2 This document may be freely reproduced and distributed whole and intact including this copyright notice. 1. Introduction 1.1. Purpose This document provides the cryptographic library module security policy (SP) for the HIBUN Cryptographic Module for Kernel-Mode from Hitachi Solutions, Ltd. This document describes how the HIBUN Cryptographic Module for Kernel-Mode meets the level 1 security requirements of FIPS 140-2. 1.2. References SP Title: HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy SP Version: 1.6 SP Publisher: Hitachi Solutions, Ltd. SP Published date: 01/11/2012 Cryptographic library module title: HIBUN Cryptographic Module for Kernel-Mode Cryptographic library module version: 1.0 Rev. 2 1.3. Package Organization The HIBUN Cryptographic Module package is comprised of three distinct modules (User-Mode module, Kernel-Mode module, and Pre-boot module). The HIBUN Cryptographic Module package includes the following: (1) SP - HIBUN Cryptographic Module for User-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy - HIBUN Cryptographic Module for Pre-boot FIPS 140-2 Security Policy (2) Guidance documents - HIBUN Cryptographic Module Guidance - HIBUN Cryptographic Module API specification (3) Cryptographic library module - HIBUN Cryptographic Module for User-Mode - HIBUN Cryptographic Module for Kernel-Mode - HIBUN Cryptographic Module for Pre-boot The executable modules that provide security functions. The document (1) and (2) describes these modules. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 3 This document may be freely reproduced and distributed whole and intact including this copyright notice. This document is HIBUN Cryptographic Module for Kernel-Mode FIPS 140-2 Security Policy. The cryptographic library module that this SP describes is HIBUN Cryptographic Module for Kernel-Mode. For the purposes of this document, “HIBUN Cryptographic Module” is referred to as “HIBUN Cryptographic Module for Kernel-Mode”. 2. Cryptographic Module Specification 2.1. Overview The HIBUN Cryptographic Module is a software module which resides on a general purpose computer, and is a cryptographic library module which meets the level 1 security requirements of FIPS 140-2. The HIBUN Cryptographic Module meets each of the security requirements as shown in the Table 1. Table 1: Security Level Specification Security Requirements Section Level Cryptographic Module Specification 1 Cryptographic Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A HIBUN Cryptographic Module is classified as a multi-chip standalone module, and provides symmetric key cipher, message digest, and message authentication of the security functions approved by FIPS 140-2. The security functions are provided via the Application Programming Interface (API) to applications. For the purposes of this document, “cryptographic library module” is referred to as “HIBUN Cryptographic Module”. 2.2. Cryptographic Boundary The physical cryptographic boundary for the cryptographic library module is defined as the All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 4 This document may be freely reproduced and distributed whole and intact including this copyright notice. enclosure of the computer on which the cryptographic library module runs. The logical cryptographic boundary for the cryptographic library module is defined as the whole cryptographic library module functions. 2.3. Block Diagram A block diagram of the cryptographic library module is shown in Figure 1. Figure 1 shows the cryptographic boundaries and I/O ports. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 5 This document may be freely reproduced and distributed whole and intact including this copyright notice. Physical Cryptographic Boundary Data Input Storage Memory CPU Logical Cryptographic Boundary HIBUN Cryptographic Module Power Power Supply API call Operating Application System Data Input Data Output System call Control Input Status Output I/O Port I/O Port I/O Port Network Monitor Keyboard Mouse The cryptographic library module does not input data from Operating System or output data to Operating System. I/O ports include followings: - Input physical ports: keyboard port, mouse port, network port - Output physical ports: monitor port, network port Figure 1: Block Diagram of the Cryptographic Boundary 2.4. Module Organization Figure 2 shows the module organization of the cryptographic library module. The cryptographic library module provides security functions to applications running on Microsoft 1 Windows 2 1 Microsoft is a registered trademark of Microsoft Corp. in the U.S. and other countries. 2 Windows is a registered trademark of Microsoft Corp. in the U.S. and other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 6 This document may be freely reproduced and distributed whole and intact including this copyright notice. operating system (OS) 32-bit kernel mode/64-bit kernel mode as in Figure 2. In Figure 2, each arrow indicates the relationship between the cryptographic library module and calling applications. All the security requirements in Table 1 are applied to all the cryptographic library modules above. Windows Kernel Windows Kernel Driver (32 bit) Driver (64 bit) Input Output Input Output HIBUN Cryptographic Module HIBUN Cryptographic Module (Windows Kernel-Mode 32 bit) (Windows Kernel-Mode 64 bit) sxdcryfp.dat sxqcryfp.dat Figure 2: Relations between the HIBUN Cryptographic Module and OS 2.5. Algorithms The cryptographic library module provides symmetric key cipher, message digest, and message authentication of the security functions approved by FIPS 140-2. Table 2 shows the FIPS 140-2 approved security functions provided by the cryptographic library module. Table 2: Approved Algorithms Service Algorithm Mode FIPS140-2 Publication Algorithm Approved Certificate Number Symmetric AES ECB, CBC, Yes FIPS 197 1787 Cipher Encrypt/Decrypt CFB 8 bit, (128 bit) CFB 128 bit, OFB AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (192 bit) CFB 128 bit, OFB AES ECB, CBC, Yes FIPS 197 Encrypt/Decrypt CFB 8 bit, (256 bit) CFB 128 bit, OFB All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 7 This document may be freely reproduced and distributed whole and intact including this copyright notice. Message Digest SHA-224 N/A Yes FIPS 180-3 1569 SHA-256 N/A Yes FIPS 180-3 SHA-384 N/A Yes FIPS 180-3 SHA-512 N/A Yes FIPS 180-3 Message HMAC-SHA224 N/A Yes FIPS 198 1052 Authentication HMAC-SHA256 N/A Yes FIPS 198 HMAC-SHA384 N/A Yes FIPS 198 HMAC-SHA512 N/A Yes FIPS 198 2.6. Approved Mode The cryptographic library module implements only FIPS 140-2 approved security functions. The cryptographic library module runs in a FIPS 140-2 approved mode using following steps: (1) If the cryptographic library module is embedded in the Windows kernel driver as a resource, install the Windows kernel driver in the Windows file system. If the cryptographic library module is not embedded in the Windows kernel driver, install the Windows kernel driver and the cryptographic library module in the Windows file system. (2) Windows kernel driver loads the cryptographic library module from resource or file system. (3) Windows kernel driver relocate the cryptographic library module. (4) Windows kernel driver get the address of Load_Module service. (5) Windows kernel driver calls the Load_Module service, and gets the addresses of services. The cryptographic library module performs power-up self-tests in the Load_Module service. (6) Windows kernel driver calls services in the cryptographic library module. 3. Cryptographic Module Ports and Interfaces The cryptographic library module provides logical interfaces via APIs. Table 3 shows the mapping of the FIPS 140-2 logical interfaces, physical ports, and APIs provided by the cryptographic library module. Table 3: Interfaces FIPS140-2 Logical Physical ports Module Mapping Interfaces Data Input Interface Keyboard port, mouse port, Parameters passed to the module network port, etc. via the API Data Output Interface Monitor port, network port, etc. Data returned by the module via the API All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 8 This document may be freely reproduced and distributed whole and intact including this copyright notice. Control Input Interface Keyboard port, mouse port, Control input through the API and network port, etc. the API function calls Status Output Interface Monitor port, network port, etc. Information returned via the API 4. Roles, Services, and Authentication 4.1. Roles The cryptographic library module supports crypto officer role and user role. In the crypto officer role, the crypto officer can install the cryptographic library module. In the user role, the user can use the cryptographic library module installed by crypto officer. Table 4 shows description of each role. Table 4: Roles Role Description Crypto officer (CO) The administrator who installs or uninstalls the module (CO can use the same services as the user role) - The crypto officer role is implicitly assumed when the application requests installation or uninstallation of the module. User General user who uses the module - The user role is implicitly assumed when the application requests services implemented by the module. 4.2. Services The cryptographic library module provides the services shown in Table 5. Table 5: Services Provided by the Cryptographic Library Module Type Algorithm Description Service Exported to Name Description Windows 32/64-bit Kernel Mode Symmetric AES Encrypt/ aes_create Create AES CO/User Cipher decrypt data instance using AES aes_init Initialize CO/User algorithm AES instance All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 9 This document may be freely reproduced and distributed whole and intact including this copyright notice. aes_encrypt_ Complete CO/User term AES encryption aes_decrypt_ Complete CO/User term AES decryption aes_mode Set AES CO/User mode aes_encrypt AES data CO/User encryption aes_decrypt AES data CO/User decryption aes_destroy Destroy AES CO/User instance Message SHA-2 Generate shs_init Create SHA CO/User Digest message digests instance shs_term Destroy SHA CO/User instance shs_update Get hash CO/User Message HMAC Generate MAC hmac_init Create CO/User Authentication values HMAC instance hmac_term Destroy CO/User HMAC instance hmac_update Get HMAC CO/User value Show Status - Get result Get_Status Get status CO/User of status Load Module - Load module Load_Module Create CO/User module instance Unload - Unload module Unload_Module Change to CO/User Module unload status All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 10 This document may be freely reproduced and distributed whole and intact including this copyright notice. 4.3. Authentication The cryptographic library module does not support any authentication for CO or user. The level 1 security requirements of FIPS 140-2 do not require any authentication mechanism for CO or user. 5. Physical Security Since the cryptographic library module is one of the software modules residing on a general purpose computer, the physical security shall be provided by the computer the cryptographic library module is running on. Therefore the physical security requirement of the cryptographic library module is not applicable. 6. Operational Environment The cryptographic library module is tested and validated to the level 1 security requirements of FIPS 140-2 using following operational environments: - Windows XP Professional Windows Vista3 Ultimate - - Windows 7 Ultimate - Windows 7 Ultimate 64 bit The cryptographic library module also supports following operational environments (The cryptographic library module is not tested or validated to the level 1 security requirements of FIPS 140-2 using following operational environments. But according to FIPS 140-2 implementation guidance G.5, the module is allowed to be ported to these operational environments and the validation is maintained): - Windows XP 32 bit - Windows Vista 32 bit - Windows 7 32 bit - Windows 7 64 bit Windows Server4 2003 32 bit - - Windows Server 2003 64 bit - Windows Server 2008 32 bit - Windows Server 2008 64 bit - Windows Server 2008 R2 3 Windows Vista is a registered trademark of Microsoft Corporation in the United States and/or other countries. 4 Windows Server is a registered trademark of Microsoft Corporation in the United States and/or other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 11 This document may be freely reproduced and distributed whole and intact including this copyright notice. The operating system is restricted to a single operator mode of operation. The application that makes calls to the cryptographic library module is the single user of the cryptographic library module, even when the application is serving multiple clients. 7. Cryptographic Key Management Table 6 shows the critical security parameters (CSPs) in each algorithm used by the cryptographic library module. The “Input or Generate” column specifies whether the CSP is provided to the cryptographic library module or the cryptographic library module generates the CSP. The “Access Type” column specifies how the cryptographic library module accesses the CSP. Table 6: CSP Type Algorithm Service CSP Input or Generate Access Type Symmetric Cipher AES aes_create Secret Key Input Read aes_init N/A N/A N/A aes_encrypt_ Secret Key Input Read term aes_decrypt_ Secret Key Input Read term aes_mode N/A N/A N/A aes_encrypt Secret Key Input Read aes_decrypt Secret Key Input Read aes_destroy Secret Key Input Write Message Digest SHA-2 shs_init N/A N/A N/A shs_term N/A N/A N/A shs_update N/A N/A N/A Message HMAC hmac_init Secret Key Input Read Authentication hmac_term Secret Key Input Read/Write hmac_ Secret Key Input Read update Show Status - Get_Status N/A N/A N/A Load Module - Load_ N/A N/A N/A Module Unload Module - Unload_ N/A N/A N/A Module All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 12 This document may be freely reproduced and distributed whole and intact including this copyright notice. 7.1. CSP The CSP which cryptographic library module manages is shown in the Table 6. 7.2. Key Entry and Output Cryptographic keys are passed to the cryptographic library module via the APIs (logical interfaces) from a calling application, which is outside of the logical boundary of cryptographic library module. The cryptographic library module passes no cryptographic keys. 7.3. Key Storage The cryptographic library module stores no keys. 7.4. Zeroization of Key Material The cryptographic library module performs zeroization of the CSP when the CSP is no longer used. The cryptographic library module zeroizes the CSP at: - aes_destroy performed (Encryption key) - hmac_term performed (Encryption key) - An internal error in the cryptographic library module (Encryption key) 8. Self-Tests The cryptographic library module implements both power-up self-tests as required by FIPS140-2. Table 7 shows the tests that the cryptographic library module performs. Table 7: Self-Tests Type Algorithm Test method Power-Up Conditional Self-Tests Self-Tests Algorithm Testing AES Known Answer Test Yes N/A SHA-2 Known Answer Test Yes N/A HMAC Known Answer Test Yes N/A Integrity Testing HMAC-SHA256 Known Answer Test Yes N/A Note: The Algorithm Testing of SHA-2 is tested as a part of the Algorithm Testing of HMAC. 8.1. Power-Up Self-Tests Power-up self-tests are performed automatically when the cryptographic library module is loaded. To perform power-up self tests on demand, unload and load again the cryptographic library module. The result of the power-up self-tests is output via the status output interface. If the power-up All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 13 This document may be freely reproduced and distributed whole and intact including this copyright notice. self-tests, including integrity testing, failed, the status output interface (Get_Status()) returns state of power-up error. The indicator is SXDCRYFP_STATUS_POWERUPERROR. When the power-up self-tests fail, the cryptographic library module enters an error state where no API calls are permitted except the following: Get_Status(), Load_Module(), Unload_Module(). To recover the cryptographic library module from the error state, it is required to perform Load_Module service again. 9. Design Assurance 9.1. Configuration The items related to the designing and development of the cryptographic library module include the following: - Source code - Cryptographic library module - SP - Guidance documents - Other design documents Microsoft Visual SourceSafe5 (VSS) is used to provide configuration management to all the items above. VSS is a version control system by Microsoft. Each version of the item in VSS database is labeled uniquely. The items in VSS database are access controlled and modification is permitted to authorized developers only. 9.2. Delivery The cryptographic library module and the guidance documents are delivered on a CD-ROM. The SP is also available on the FIPS 140-2 Validation List web site. 9.3. Guidance Documents The crypto officer guidance in the HIBUN Cryptographic Module Guidance describes how to obtain the module, how to verify the integrity of the module, and how to install the module. The user guidance in the HIBUN Cryptographic Module Guidance and the HIBUN Cryptographic Module API specification describe how to use the services provided by the cryptographic library module. 10. Mitigation of Other Attacks The module does not contain security mechanisms to mitigate other attacks. 5 Visual SourceSafe is a registered trademark of Microsoft Corporation in the United States and/or other countries. All Rights Reserved. Copyright © 2012, Hitachi Solutions, Ltd. 14 This document may be freely reproduced and distributed whole and intact including this copyright notice.