Oracle StorageTek T10000C Tape Drive Hardware Part #: 7054185 Firmware Version: 1.57.308 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.0 1/21/2014 © Copyright 2013 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table of Contents INTRODUCTION ............................................................................................................................... 5 1.1 PURPOSE ............................................................................................................................. 5 1.2 REFERENCES ....................................................................................................................... 5 1.3 DOCUMENT ORGANIZATION ............................................................................................... 5 2 STORAGETEK T10000C TAPE DRIVE ..................................................................................... 7 2.1 MODULE OVERVIEW........................................................................................................... 7 2.1.1 ORACLE KEY MANAGER............................................................................................... 10 2.1.2 VIRTUAL OPERATOR PANEL ......................................................................................... 10 2.1.3 STORAGETEK T10000C TAPE DRIVE DEPLOYMENT ..................................................... 10 2.2 MODULE SPECIFICATION .................................................................................................. 11 2.2.1 PERMANENT ENCRYPTION APPROVED MODE ............................................................... 12 2.2.2 ENCRYPTION ENABLED APPROVED MODE .................................................................... 12 2.2.3 ENCRYPTION DISABLED APPROVED MODE ................................................................... 13 2.2.4 NON-FIPS-APPROVED MODE ...................................................................................... 13 2.3 MODULE INTERFACES ....................................................................................................... 14 2.3.1 FIPS 140-2 LOGICAL INTERFACE MAPPING................................................................. 14 2.3.2 STORAGETEK T10000C TAPE DRIVE LED STATUS INFORMATION ................................ 17 2.3.3 STORAGETEK T10000C TAPE DRIVE VOP STATUS INFORMATION ................................ 19 2.4 ROLES AND SERVICES ....................................................................................................... 20 2.4.1 CRYPTO-OFFICER ROLE .............................................................................................. 21 2.4.2 USER ROLE ................................................................................................................. 22 2.4.3 ADDITIONAL OPERATOR SERVICES ............................................................................... 24 2.4.4 NON-APPROVED MODE ROLES AND SERVICES.............................................................. 24 2.5 PHYSICAL SECURITY......................................................................................................... 26 2.6 OPERATIONAL ENVIRONMENT .......................................................................................... 26 2.7 CRYPTOGRAPHIC KEY MANAGEMENT .............................................................................. 26 2.7.1 ENCRYPTION ENABLED CRYPTOGRAPHIC ALGORITHM IMPLEMENTATIONS .................... 27 2.7.2 ENCRYPTION DISABLED CRYPTOGRAPHIC ALGORITHMS ............................................... 29 2.7.3 NON-APPROVED MODE SECURITY FUNCTIONS............................................................. 29 2.7.4 ENCRYPTION ENABLED CRYPTOGRAPHIC KEYS AND CRITICAL SECURITY PARAMETERS .. 30 2.7.5 ENCRYPTION DISABLED CRYPTOGRAPHIC KEYS AND CRITICAL SECURITY PARAMETERS . 32 2.8 EMI/EMC ........................................................................................................................ 34 2.9 SELF-TESTS ...................................................................................................................... 34 2.9.1 INTEGRITY TESTS ......................................................................................................... 34 2.9.2 POWER-ON SELF-TESTS .............................................................................................. 34 2.9.3 CONDITIONAL SELF-TESTS .......................................................................................... 35 2.9.4 CRITICAL FUNCTIONS TESTS ........................................................................................ 35 2.10 MITIGATION OF OTHER ATTACKS ..................................................................................... 36 3 SECURE OPERATION .............................................................................................................. 37 3.1 CRYPTOGRAPHIC OFFICER GUIDANCE (FIRST USE) .......................................................... 37 3.1.1 INITIAL SET-UP ........................................................................................................... 37 © Copyright 2013 Oracle Corporation Page 2 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 3.1.2 ENCRYPTION DISABLED APPROVED MODE SET-UP ...................................................... 37 3.1.3 ENCRYPTION ENABLED APPROVED MODE SET-UP ....................................................... 38 3.1.4 PERMANENT ENCRYPTION APPROVED MODE SET-UP................................................... 38 3.2 CRYPTOGRAPHIC OFFICER GUIDANCE (NORMAL OPERATION) ......................................... 39 3.2.1 SWITCHING TO ENCRYPTION DISABLED APPROVED MODE ........................................... 39 3.2.2 SWITCHING TO ENCRYPTION ENABLED APPROVED MODE ............................................ 39 3.2.3 SWITCHING TO PERMANENT ENCRYPTION APPROVED MODE ........................................ 40 3.3 CRYPTOGRAPHIC OFFICER GUIDANCE (NON-APPROVED MODE) ..................................... 40 3.3.1 ENABLE NON-APPROVED MODE (FIRST USE) ............................................................... 40 3.3.2 SWITCHING TO NON-APPROVED MODE ........................................................................ 41 3.4 ZEROIZATION.................................................................................................................... 41 4 ACRONYMS............................................................................................................................. 42 List of Figures FIGURE 1 – STORAGETEK T10000C TAPE DRIVE (FRONT) .............................................................. 8 FIGURE 2 – STORAGETEK T10000C TAPE DRIVE (RIGHT SIDE) ...................................................... 8 FIGURE 3 – STORAGETEK T10000C TAPE DRIVE (LEFT SIDE)......................................................... 8 FIGURE 4 – STORAGETEK T10000C TAPE DRIVE (REAR) ................................................................ 9 FIGURE 5 – STORAGETEK T10000C TAPE DRIVE (TOP) .................................................................. 9 FIGURE 6 – STORAGETEK T10000C TAPE DRIVE (BOTTOM) ........................................................... 9 FIGURE 7 – STORAGETEK T10000C TAPE DRIVE DEPLOYMENT SCENARIO .................................. 11 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .................................................................. 11 TABLE 2 – MAPPING OF FIPS 140-2 LOGICAL INTERFACES TO STORAGETEK T10000C TAPE DRIVE PHYSICAL INTERFACES .................................................................................................................. 15 TABLE 3 – DRIVE STATUS LED DESCRIPTION ............................................................................... 17 TABLE 4 – ENCRYPTION STATUS LED DESCRIPTION ..................................................................... 19 TABLE 5 – VOP STATUS INDICATORS ............................................................................................ 19 TABLE 6 – CRYPTOGRAPHIC OFFICER SERVICES ............................................................................ 21 TABLE 7 – USER SERVICES............................................................................................................. 23 TABLE 8 – ADDITIONAL OPERATOR SERVICES ............................................................................... 24 TABLE 9 – NON-APPROVED SECURITY SERVICES ........................................................................... 25 TABLE 10 – FIPS-APPROVED ALGORITHMS IN STORAGETEK T10000C TAPE DRIVE (PERMANENT ENCRYPTION AND ENCRYPTION ENABLED MODES) ....................................................................... 27 TABLE 11 – FIPS-APPROVED ALGORITHMS IN STORAGETEK T10000C TAPE DRIVE (ENCRYPTION DISABLED MODE) .......................................................................................................................... 29 TABLE 12 – NON-APPROVED MODE SECURITY FUNCTIONS ........................................................... 29 TABLE 13 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS (PERMANENT ENCRYPTION AND ENCRYPTION ENABLED MODES) ................................................. 30 © Copyright 2013 Oracle Corporation Page 3 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. TABLE 14 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS (ENCRYPTION DISABLED MODE) ................................................................................................... 32 © Copyright 2013 Oracle Corporation Page 4 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. INTRODUCTION 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the StorageTek T10000C Tape Drive from Oracle Corporation. This Security Policy describes how the StorageTek T10000C Tape Drive meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The StorageTek T10000C Tape Drive may also be referred to in this document as the Encrypting Tape Drive, the ETD1, the crypto module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Oracle Corporation website (http://www.oracle.com) contains information on the full line of products from Oracle. • The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140- 1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: Vendor Evidence document Finite State Machine Other supporting documentation as additional references 1 ETD – Encrypting Tape Drive © Copyright 2013 Oracle Corporation Page 5 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Oracle. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to Oracle and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Oracle. © Copyright 2013 Oracle Corporation Page 6 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2 STORAGETEK T10000C TAPE DRIVE 2.1 Module Overview The StorageTek T10000C Tape Drive by Oracle Corporation (Hardware Part #: 7054185; Firmware Version: 1.57.308) blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive (“Encrypting Tape Drive” or ETD) delivers the world’s fastest write speeds (252 MB2/sec3) to a native five (5) Terabytes of magnetic tape storage; making it ideal for data center operations with growing data volume. The StorageTek T10000C Tape Drive provides data protection with built-in AES4 hardware encryption. The StorageTek T10000C Tape Drive provides Oracle customers with three different FIPS-Approved modes of operation. Customers can be assured that their data will always be secure, in any of these Approved modes. The ETD drive operates with data encryption services: • permanently enabled • temporarily enabled • temporarily disabled Each encryption mode provides FIPS 140-2 Approved security services and functionality to ETD operators. For added flexibility, a non-FIPS-Approved mode is also available. Views from all sides of the StorageTek T10000C Tape Drive are provided as Figure 1 through Figure 6. 2 MB – Megabytes 3 sec – Second 4 AES – Advanced Encryption Standard © Copyright 2013 Oracle Corporation Page 7 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 1 – StorageTek T10000C Tape Drive (Front) Figure 2 – StorageTek T10000C Tape Drive (Right Side)5 Figure 3 – StorageTek T10000C Tape Drive (Left Side) 6 5 The labels shown in the figure do not provide additional physical security 6 The labels shown in the figure do not provide additional physical security © Copyright 2013 Oracle Corporation Page 8 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 4 – StorageTek T10000C Tape Drive (Rear) Figure 5 – StorageTek T10000C Tape Drive (Top) Figure 6 – StorageTek T10000C Tape Drive (Bottom) 7 7 The label shown in the figure does not provide additional physical security © Copyright 2013 Oracle Corporation Page 9 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.1.1 Oracle Key Manager The ETD is intended to be used in conjunction with the Oracle Key Manager (OKM), which provides centralized key management. The OKM, an external system component, creates, stores, and manages the keys used for encryption and decryption of data stored in the tape cartridge used by the ETD. An Oracle Key Manager (formerly called the Key Management System or KMS) cluster consists of two or more Key Management Appliances (KMAs), providing policy-based Lifecycle Key Management, authentication, access control, and key provisioning services. Connections to the ETD from the OKM are secured through the use of TLS8 1.09. 2.1.2 Virtual Operator Panel The Virtual Operator Panel (VOP) is an external software application running on a General Purpose Computer (GPC) that facilitates operator communication with the StorageTek T10000C Tape Drive through the use of an intuitive and user- friendly Graphical User Interface (GUI). The VOP allows an operator to configure the drive for FIPS-Approved operation, perform operator services, and display drive-related status information. An operator of the StorageTek T10000C Tape Drive will use the VOP, in addition to the OKM, during the initial FIPS configuration and any time the operator chooses to switch between FIPS- Approved modes. Connections to the ETD from the VOP are provided through the Telnet network protocol. 2.1.3 StorageTek T10000C Tape Drive Deployment A sample deployment scenario for the StorageTek T10000C Tape Drive with encryption enabled is provided in Figure 7 below. The ETD is shown with a red, dotted line surrounding it, representing its cryptographic boundary. 8 TLS – Transport Layer Security 9 The TLS 1.0 protocol has not been reviewed or tested by the CAVP and CMVP. © Copyright 2013 Oracle Corporation Page 10 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Figure 7 – StorageTek T10000C Tape Drive Deployment Scenario 2.2 Module Specification The StorageTek T10000C Tape Drive is validated at the FIPS 140-2 section levels shown in Table 1 for all three FIPS-Approved modes of operation. Table 1 – Security Level per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security 1 6 Operational Environment N/A 7 Cryptographic Key Management 1 EMI/EMC10 8 1 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 10 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility © Copyright 2013 Oracle Corporation Page 11 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. The StorageTek T10000C Tape Drive is a hardware cryptographic module with a multi-chip standalone physical embodiment as defined by FIPS 140-2. The primary purpose of this device is to provide FIPS 140-2 Level 1 security to data being stored on magnetic tape. The cryptographic boundary of the StorageTek T10000C Tape Drive is defined by the tape drive’s commercial-grade, metallic enclosure. The module provides three FIPS-Approved modes of operation that each meet overall Level 1 FIPS 140-2 requirements specified in Table 1 above. The module also provides one non-FIPS-Approved, or non-Approved, mode of operation. Each of the Approved modes and the non-Approved mode are described in the sections below. Cryptographic security functions and services available in each of the defined modes are specified in the appropriate sections of this Security Policy. Additional information on each operational mode of the module, including their invocation, is provided in Section 3 (Secure Operation). 2.2.1 Permanent Encryption Approved Mode The Permanent Encryption Approved Mode or Permanent Encryption Mode is the first FIPS-Approved mode of operation provided by the StorageTek T10000C Tape Drive. This mode provides secure encryption and decryption of data stored on magnetic tape, using the 256-bit AES cryptographic algorithm. While operating in the Permanent Encryption Mode, operators of the module do not have the ability to disable encryption services. Placing the module into Permanent Encryption Mode is non-reversible. The ETD will be able to read from unencrypted tape cartridges while operating in this mode, but will be unable to append to them if unencrypted data is already present. To determine that the module is operating in the Permanent Encryption Mode, an operator can use the VOP to view the drive settings and verify that the “Encryption Active” and “Permanently encrypting” labels are both set to “Yes”. The operator can also check that the Encryption Status LED11 on the back of the module is a solid red color. In addition, the operator shall verify that the “Use KMS or DPKM12” label is set to “KMS”. Instructions to place the module into the Permanent Encryption Mode are provided in Section 3.1.4 (Permanent Encryption Approved Mode Set-Up). 2.2.2 Encryption Enabled Approved Mode The second FIPS-Approved mode of operation is the Encryption Enabled Approved Mode or Encryption Enabled Mode. The Encryption Enabled Mode provides operators the ability to encrypt and decrypt data that is stored on a magnetic tape source. Encryption and decryption are performed using the 256-bit 11 LED – Light Emitting Diode 12 DPKM – Data Path Key Management © Copyright 2013 Oracle Corporation Page 12 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. AES cryptographic algorithm. This mode operates in the same way as the Permanent Encryption Mode, but with the ability to switch to the Permanent Encryption, the Encryption Disabled Approved modes and the non-Approved mode. The ETD will be able to read from unencrypted tape cartridges while operating in this mode, but it will be unable to append to them if unencrypted data is already present. An operator of the module can determine if the module is operating in the Encryption Enabled Mode by using the VOP to view the drive settings and verify that the “Encryption Active” label is set to “Yes” and the “Permanently encrypting” label is set to “No”. The operator can also check that the Encryption Status LED on the back of the module is a solid red color. Finally, the operator shall confirm that the “Use KMS or DPKM” label is set to “KMS”. Instructions to place the module into the Encryption Enabled Mode are provided in Section 3.1.3 (Encryption Enabled Approved Mode Set-Up). 2.2.3 Encryption Disabled Approved Mode The Encryption Disabled Approved Mode or Encryption Disabled Mode is the last FIPS-Approved mode. When operating in the Encryption Disabled Mode, only plaintext data is stored on the magnetic tape. This plaintext data is non- security-relevant user data. While operating in this mode, only unencrypted tape cartridges will be supported for read and write operations. An operator will be able to switch to any of the additional FIPS-Approved modes or the non- Approved mode while operating the module in the Encryption Disabled Mode. An operator of the module can determine if the module is operating in the Encryption Disabled Mode by using the VOP to view the drive settings and verify that the “Encryption Active” label is set to “No”. The operator can also confirm that the Encryption Status LED on the back of the module is a solid green color. Finally, the operator shall confirm that the “Use KMS or DPKM” label is set to “UNKN13”. Instructions to place the module into the Encryption Disabled Mode are provided in Section 3.1.2 (Encryption Disabled Approved Mode Set-Up). 2.2.4 non-FIPS-Approved Mode The StorageTek T10000C Tape Drive is capable of operating in a non-FIPS- Approved Mode or non-Approved mode of operation. The module is defined as operating in the non-Approved mode when DPKM is enabled through the VOP. DPKM allows an operator to use the SCSI144 commands SPIN and SPOUT in order to import and export keying material to and from the module in plaintext. While operating in the non-Approved mode, the drive is still capable of operating with encryption services enabled or disabled. The ETD is also capable of 13 UNKN - Unknown 14 SCSI – Small Computer System Interface © Copyright 2013 Oracle Corporation Page 13 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. switching back-and-forth between encryption services15 disabled (non-compliant) and encryption services enabled (non-compliant) at will; without the use of a bypass test. Keys and CSPs established in any of the three Approved modes are zeroized prior to operating in the non-Approved mode. The operator is not able to update the firmware while operating in this mode. An operator of the module can determine if the module is operating in the non-Approved mode by using the VOP to confirm that the “Use KMS or DPKM” label is set to “DPKM”. Instructions to place the module into the non-Approved mode are provided in Section 3.3 (Cryptographic Officer Guidance (Non-Approved Mode)). 2.3 Module Interfaces The following is a list of the FIPS 140-2 logical interfaces supported by the StorageTek T10000C Tape Drive: • Data Input • Data Output • Control Input • Status Output Additionally, the module supports a Power Input interface. 2.3.1 FIPS 140-2 Logical Interface Mapping Figure 1 in Section 2.1 (Module Overview) shows the front of the StorageTek T10000C Tape Drive. The opening provides an entryway for an approved StorageTek T10000C Tape Cartridge. The ETD will not operate if the wrong tape cartridge is inserted. This entryway provides the Tape Head and RFID16 Reader/Writer as physical interfaces to the tape cartridge. The opening at the front of the module is the only opening in the module. It does not provide access to the interior of the module. Figure 4 in Section 2.1 (Module Overview) shows the rear of the StorageTek T10000C Tape Drive. It provides the following physical interfaces: • Tape Transport Interface (TTI) – RS-23217 connection • Power Supply Connector • Host Interfaces – Fibre Channel connection • Recessed Switch • Ethernet Port – RJ4518 connection 15 Non-compliant encryption performed in the non-FIPS-Approved Mode can also be referred to as “obfuscation”. The output from this service is equivalent to plaintext. 16 RFID – Radio Frequency Identification 17 RS-232 – Recommended Standard 232 © Copyright 2013 Oracle Corporation Page 14 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. • Encryption Status LED • Drive Status LED The bottom of the StorageTek T10000C Tape Drive (Section 2.1, Figure 6) provides one additional physical interface; the Operator Panel Port. This port is used to provide general module status as well as additional control input access when the drive is rack-mounted. Table 2 provides a mapping of all of the physical interfaces of the StorageTek T10000C Tape Drive listed above to their respective FIPS 140-2 Logical Interfaces. The functionality and logical interface mappings of these physical interfaces do not change between Approved modes. Table 2 – Mapping of FIPS 140-2 Logical Interfaces to StorageTek T10000C Tape Drive Physical Interfaces FIPS 140-2 Physical Interface Quantity Logical Interfaces Description Supported Provides the interface to the magnetic tape media, where the user data to be encrypted is written to, and where the data to be decrypted is read from. Tape media resides in six possible cartridge types: Data Input Tape Head 2 1) Standard Data Data Output 2) SPORT (reduced length) Data 3) VolSafe (write-once) Data 4) Sport VolSafe Data (reduced length, write-once) 5) Cleaning 6) Diagnostic (used by a service representative) Provides status on the encryption configuration of the Encryption Status LED 1 Status Output ETD. Additional information provided in Table 4. Primarily used for tape library communications. Control Input TTI connector The operator can review the status output to determine if 1 Data Output (RS232/DB15) the module has passed or failed different self-tests. The Status Output status output from this port consists of messages indicating failure and success. Short press: Reset the module’s IP19 address to the default IP address (10.0.0.1) Recessed switch 1 Control Input Long press: Force unencrypted ETD data dump20 18 RJ45 – Registered Jack 45 19 IP – Internet Protocol 20 All unencrypted dumps shall be deleted by the CO after their creation © Copyright 2013 Oracle Corporation Page 15 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. FIPS 140-2 Physical Interface Quantity Logical Interfaces Description Supported 100-240 VAC21 @ 50-60 Hz22 Power supply connector 1 Power This interface is used to transfer user data between the ETD and the host. When the host transfers user data to the ETD through this interface, the ETD encrypts and writes the data to the magnetic media. When the host receives user data from the ETD through this interface, the ETD delivers data read from the magnetic media that has been decrypted by the ETD. Data Input Interface Port (Host Data Output 2 The interface can be configured to support one of two Interface) Control Input protocols: Status Output 1) Fibre Channel, in accordance with the Fibre Channel Protocol-3 (FCP-3), SCSI Primary Commands-3, and SCSI Stream Commands (SSC-3) specifications 2) FICON23, in accordance with the Fibre Channel Single-Byte Command Code Sets-3 Mapping Protocol (FC-SB-3), Revision 1.6 specification The primary uses of this interface is to: Data Input 1) Configure the ETD Ethernet Port Data Output 1 2) Deliver encryption keys to the ETD (RJ45) Control Input 3) Obtain ETD status and diagnostic data Status Output 4) Download firmware to the ETD 5) Deliver status information to an SNMP24 server. Provides status on the overall state of the ETD. The Tape Drive’s user manual includes information Drive Status LED 1 Status Output regarding the different statuses that are provided by the drive through the LEDs. Additional information provided in Table 3. 21 VAC – Volts Alternating Current 22 Hz - Hertz 23 FICON – Fibre connection 24 SNMP – Simple Network Management Protocol © Copyright 2013 Oracle Corporation Page 16 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. FIPS 140-2 Physical Interface Quantity Logical Interfaces Description Supported The Bottom cover of the ETD has an Operator Panel connector carrying the following signals: A. Four signals to provide status output: 1. Power Indicator output signal 2. Activity Indicator output signal 3. Clean Indicator output signal 4. Service Indicator output signal Status Output Operator Panel Port25 1 Control Input B. An LCD26 display output interface. The LCD is used to display ETD status and configuration menu text. C. Four switch signals (input): IPL27 Switch 1. 2. Unload Switch 3. Menu Switch 4. Select Switch Used to obtain information from each tape inserted into the ETD to reduce access times and manage the lifecycle Data Input RFID Reader/Writer 1 of the cartridge. Various statistical data and information Data Output of record locations are written to the RFID located on the tape cartridge 2.3.2 StorageTek T10000C Tape Drive LED Status Information The StorageTek T10000C Tape Drive provides two LEDs at the rear of the module which provide important status information about the module. The first LED is the Drive Status LED, which provides the overall status of the ETD. Table 3 provides a brief description of each LED state of the Drive Status LED. LEDs related to “hardware failure” or “service required” shall be reported to the Oracle StorageTek support team. Table 3 – Drive Status LED Description LED State Description Off Drive is powered off 25 Status and control information provided through Operator Panel Port is provided in Chapter 2 of the StorageTek T10000 Tape Drive Operator’s Guide. 26 LCD – Liquid Crystal Display 27 IPL – Initial Program Load © Copyright 2013 Oracle Corporation Page 17 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. LED State Description Red (Solid28) Hardware failure (processor error) Red (Slow Flash29) Drive is starting up Red (Fast Flash30) Module data dump in progress Amber (Steady) Service required Amber (Slow Flash) Functional code is loading Amber (Fast Flash) Firmware update in progress Green (Solid) Drive is operational Green (Slow Flash) Drive is operational (dump file present) Green (Fast Flash) Firmware update completed Red/Blue Hardware failure (during POST31) (Alternating) Red/Green Continuous module errors; (Alternating) Service required A second LED, which provides the status of the encryption configuration of the module, is the Encryption Status LED. Table 4 provides a brief description each LED state of the Encryption Status LED. 28 LED is illuminated and not flashing 29 Slow flash rate is one cycle per second 30 Fast flash rate is two cycles per second 31 POST – Power-On Self-Test © Copyright 2013 Oracle Corporation Page 18 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Table 4 – Encryption Status LED Description LED State Description Red (Solid) Encryption enabled/active Red (Slow Flash) Encryption or Decryption in progress Amber (Solid) Tape cartridge not present Green (Solid) Encryption disabled Green (Slow Flash) Module Reset Red/Green/Amber Module zeroed (Alternating) 2.3.3 StorageTek T10000C Tape Drive VOP Status Information The module outputs status information via the Ethernet Port to the VOP to provide a more detailed drive status to the operator. Table 5 provides a brief description of the status indicators provided by the VOP. Table 5 – VOP Status Indicators Indicator Color Description All Black No tape drive connection Blue Cartridge Loaded Loaded or Grey Cartridge loaded in slot, not in drive Unloaded Magenta Cartridge loading/unloading Empty Grey Cartridge not present Blue Drive online (Indicator reads Online) Online or Offline Grey Drive offline (Indicator reads Offline) © Copyright 2013 Oracle Corporation Page 19 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Indicator Color Description Magenta Transitioning between Online/Offline Clean Orange Drive needs to be cleaned Dump Orange Dump present Red Encryption enabled (all keys present) (Indicator reads Armed) Encryption Orange Missing encryption key (Indicator reads Enrolled) Green Drive not enrolled with OKM (Indicator reads Unenrolled) Hibernation activated32 Blue Active or Hibernate No color Drive is hibernating 2.4 Roles and Services The StorageTek T10000C Tape Drive cryptographic module provides two roles which operators may assume: • Cryptographic Officer (CO) • User Each role is assumed implicitly by an operator and is determined by the service which the operator is executing. The ETD supports up to six concurrent operators. Each connection to the ETD is logically separated by the module by uniquely encrypted sessions. Each role, and the services available to them in each Approved mode, is detailed in the sections below. Please note that the keys and Critical Security Parameters (CSPs) listed in the tables indicate the type of access required using the following notation: • R – Read: The item is read or referenced by the service. • W – Write: The CSP is established, generated, modified, or zeroized. 32 This is a power-saving mode © Copyright 2013 Oracle Corporation Page 20 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. • X – Execute: The CSP is used within an Approved or Allowed security function. 2.4.1 Crypto-Officer Role The CO is in charge of the initial configuration of the StorageTek T10000C Tape Drive which includes placing the module into one of the three Approved Modes. A list of services available to the CO, and the Approved mode the service is available in, is provided in Table 6. Table 6 – Cryptographic Officer Services CSP and Type of Service Description Approved Mode Access Provide public and private keys in CA_Cert – WX Enable Permanent Encryption Enabled order to connect to OKM; Enable TDPrivKey – W Encryption Mode Encryption Disabled encryption TDPubKey – W Provide public and private keys in CA_Cert – WX Enable Encryption order to connect to OKM; Enable Encryption Disabled TDPrivKey – W Enabled Mode encryption TDPubKey – W CA_Cert – WX Enable Encryption Turn encryption off; OKM Encryption Enabled TDPrivKey – W Disabled Mode services are enabled TDPubKey – W Enable non-FIPS- Bring the module into a non- Encryption Disabled None Approved Mode Approved mode of operation Permanent Encryption Perform routine module Configure Module Encryption Enabled None configuration Encryption Disabled Permanent Encryption Place drive Add or remove Fibre Channel Encryption Enabled None online/offline connectivity to the ETD Encryption Disabled Permanent Encryption FSPubKey – RX Load Firmware Update module firmware Encryption Enabled FSRootCert – X Encryption Disabled Permanent Encryption All Keys and CSPs33 – Reset Zeroization of all keys and CSPs Encryption Enabled W Access Module via Permanent Encryption Log into VOP and manage the Virtual Operator’s Encryption Enabled None module Panel (VOP) Encryption Disabled 33 Excludes DEPubKey, FSPubKey, and FSRootCert © Copyright 2013 Oracle Corporation Page 21 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. CSP and Type of Service Description Approved Mode Access DRBG35 ‘Key’ Value – WRX DRBG ‘V’ Value – Create Dump Create an encrypted dump file and Permanent Encryption WRX 34 (Encrypted) save to EEPROM Encryption Enabled DRBG Seed – WRX DEKey – WX DEPubKey - X Permanent Encryption Create Dump Create an unencrypted dump file Encryption Enabled None (Unencrypted) and save to EEPROM Encryption Disabled Permanent Encryption Initial Program Reinitialize module and run self- Encryption Enabled None Load (IPL) tests Encryption Disabled Permanent Encryption View, download, or delete audit View Audit Log Encryption Enabled None log Encryption Disabled Permanent Encryption View Drive Data Read module configuration data Encryption Enabled None Encryption Disabled Permanent Encryption View, download, or delete error View Error Log Encryption Enabled None log Encryption Disabled Permanent Encryption Delete the currently stored dump Delete Dump Encryption Enabled None file Encryption Disabled Permanent Encryption Deletes currently stored error Delete Perms Encryption Enabled None messages Encryption Disabled Permanent Encryption Load or unload a new tape Tape Management Encryption Enabled None cartridge into the module Encryption Disabled Permanent Encryption Perform a diagnostic test on the Run Diagnostics Encryption Enabled None module Encryption Disabled 2.4.2 User Role The User of the StorageTek T10000C Tape Drive is the everyday user of the module. The User is responsible for importing the encryption and decryption keys when operating in one of the Approved modes with encryption enabled. Once an encryption key has been obtained, the User has the ability to encrypt and 34 EEPROM – Electronically Erasable Programmable Read-Only Memory 35 DRBG – Deterministic Random Bit Generator © Copyright 2013 Oracle Corporation Page 22 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. decrypt data stored on the tape cartridge. A list of services available to the User, and the Approved mode the service is available in, is provided as Table 7. Table 7 – User Services CSP and Type of Service Description Approved Mode Access Encrypt data from the module to Permanent Encryption Encrypt Data MEKey – X the tape cartridge Encryption Enabled Decrypt data read from the tape Permanent Encryption Decrypt Data MEKey – X cartridge Encryption Enabled Write plaintext data from the Write Plaintext Data Encryption Disabled None module to the tape cartridge Permanent Encryption Read plaintext data from the tape Read Plaintext Data Encryption Enabled None cartridge Encryption Disabled DRBG ‘Key’ Value – WRX DRBG ‘V’ Value – WRX DRBG Seed – WRX TLS_PM – W Establish TLS36 Establish connection with OKM Permanent Encryption TLS_MS – W Session cluster Encryption Enabled TLS_EMK – W TLS_DMK – W TLS_ECK – W TLS_DCK – W CA_Cert – X TDPubKey – X TDPrivKey – X DRBG ‘Key’ Value – WRX DRBG ‘V’ Value – WRX Export AES Key Export AKWK to the OKM Permanent Encryption DRBG Seed – WRX Wrap Key (AKWK) cluster Encryption Enabled AKWK – W KWKPublicKey – X TLS_EMK – X TLS_ECK – X KWKPublicKey – W Import Import the KWKPublicKey from Permanent Encryption TLS_DMK – X KWKPublicKey the OKM cluster onto the module Encryption Enabled TLS_DCK – X ME_Key – W Import one or more ME_Keys Permanent Encryption TLS_DMK – X Import ME_Key onto the module from the OKM Encryption Enabled TLS_DCK – X cluster AKWK – X 36 TLS – Transport Layer Security © Copyright 2013 Oracle Corporation Page 23 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.4.3 Additional Operator Services In addition to CO and User services, the module provides services to operators that are not required to assume an authorized role. These services do not modify, disclose, or substitute the keys and CSPs established in one of the Approved modes. The overall security of the module is not affected by these services. Table 8 lists the services available to operators not required to assume an authorized role. These services are available in all three Approved modes of operation. Table 8 – Additional Operator Services CSP and Type of Service Description Approved Mode Access Determine the current status of the None Permanent Encryption module by reading the Encryption Show Status Encryption Enabled and Drive Status LEDs; Read the Encryption Disabled information provided on the VOP Power Cycle the power on the module, Permanent Encryption None Cycle/Perform Self- which will invoke self-tests on Encryption Enabled Tests power-up Encryption Disabled Reset the module’s IP address to Permanent Encryption None Reset Module IP the default IP address using the Encryption Enabled recessed switch Encryption Disabled Manage the module through the Permanent Encryption None Interface Port Interface Port (non-security Encryption Enabled Management relevant) Encryption Disabled Manage the module and retrieve Permanent Encryption None Library status information through the TTI Encryption Enabled Management (non-security relevant) Encryption Disabled Manage the module and retrieve None Permanent Encryption Operator Panel status information through the Encryption Enabled Management Operator Panel port (non-security Encryption Disabled relevant) 2.4.4 Non-Approved Mode Roles and Services While operating in the non-Approved mode, operators are not required to assume an authorized role in order to access and utilize module services. Thus, all module services are available to all operators with access to the module. When operating in the non-Approved Mode, the StorageTek T10000C Tape Drive provides a subset of the services that are available in Encryption Enabled and © Copyright 2013 Oracle Corporation Page 24 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Encryption Disabled Approved Modes. These services shall be considered non- compliant services. The services that are available to an operator of the ETD while it is operating in the non-Approved Mode are listed in Table 9 below. Table 9 – non-Approved Security Services Service Description Enable Encryption Turn encryption off; OKM services are enabled Disabled Mode Configure Module Perform routine module configuration Enable Enable encryption/obfuscation services (without Encryption/Obfuscation37 reboot) Disable Disable encryption/obfuscation (without reboot) Encryption/Obfuscation Access Module via Virtual Log into VOP and manage the module Operator’s Panel (VOP) Create Dump (Non- Create non-encrypted dump file and save to EEPROM Encrypted) Initial Program Load (IPL) Reinitialize module and run self-tests View non-Approved mode View, download, or delete audit log Audit Log View Drive Data Read module configuration data View non-Approved mode View, download, or delete error log Error Log Delete Dump Delete the currently stored dump file Delete Perms Deletes currently stored error messages Tape Management Load or unload a new tape cartridge into the module Run Diagnostics Perform a diagnostic test on the module Encrypt Data Encrypt data from the module to the tape cartridge Decrypt Data Decrypt data read from the tape cartridge Write plaintext data from the module to the tape Write Plaintext Data cartridge Read Plaintext Data Read plaintext data from the tape cartridge Export keys from the module to an external device in Export Keys plaintext Import keys to the module from an external device in Import Keys plaintext 37 Obfuscation of data is equivalent to plaintext output © Copyright 2013 Oracle Corporation Page 25 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Service Description Determine the current status of the module by reading Show Status the Encryption and Drive Status LEDs; Read the information provided on the VOP Power Cycle/Perform Self- Cycle the power on the module, which will invoke self- Tests tests on power-up Reset the module’s IP address to the default IP address Reset Module IP using the recessed switch Manage the module through the Interface Port (non- Interface Port Management security relevant) Manage the module and retrieve status information Library Management through the TTI (non-security relevant) Operator Panel Manage the module and retrieve status information Management through the Operator Panel port (non-security relevant) 2.5 Physical Security The StorageTek T10000C Tape Drive satisfies level 1 physical security requirements by being constructed of a hard, production-grade metal exterior. The module provides an opening, which is required for the insertion of media (tape cartridges). The opening is constructed of hard, production-grade plastic. All internal hardware, firmware, and cryptographic data are protected by the enclosure of the module, which makes up its physical cryptographic boundary. NOTE: The labels pictured in Figure 1 and Figure 2 above do not add any additional security to the module. 2.6 Operational Environment The operational environment for the StorageTek T10000C Tape Drive consists of two ARM 926EJS processors, which are the module’s only general-purpose processors. These processors execute the module’s firmware (Firmware Version: 1.57.308). The module does not employ a general Operating System. 2.7 Cryptographic Key Management The StorageTek T10000C Tape Drive was designed to operate in three FIPS- Approved modes of operation: Permanent Encryption Mode, Encryption Enabled Mode, and Encryption Disabled Mode. The following sections detail which cryptographic algorithms, keys, and CSPs are available for each FIPS-Approved mode. © Copyright 2013 Oracle Corporation Page 26 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.7.1 Encryption Enabled Cryptographic Algorithm Implementations The StorageTek T10000C Tape Drive provides access to the same cryptographic algorithms when operating in either the Permanent Encryption Approved Mode or Encryption Enabled Approved Mode. The cryptographic algorithms available in these Approved modes are listed in Table 10. Table 10 – FIPS-Approved Algorithms in StorageTek T10000C Tape Drive (Permanent Encryption and Encryption Enabled Modes) Certificate Algorithm Implementation Description Number AES38 256-bit ECB39 mode (CCM implementation) AES in ECB mode as used in firmware AES CCM 2404 encryption with Cert # 2412 Unwrap AES Media Keys40 being sent from the AES 256-bit ECB mode (Used with OKM) 2405 OKM AES in ECB mode as used with the SP41 800-90A AES 256-bit ECB mode (DRBG implementation) 2407 CTR42 DRBG with Cert # 322 AES 256-bit CBC43mode (TLS44 1.0 implementation) AES in CBC mode used in a TLS session between 2406 the ETD and OKM AES 256-bit ECB mode (DCCM hardware implementation) AES in ECB mode as used in hardware AES CCM 1568 encryption with Cert # 1570 AES 256-bit CCM mode (DCCM hardware implementation) AES in CCM mode as used with AES in ECB mode 1570 with Cert # 1568 AES 256-bit CCM mode (Firmware implementation) AES in CCM mode as used with AES in ECB mode 2412 with Cert # 2404 SHA45-1 (Firmware implementation) Used for digital signature verification; Used with 2065 HMAC SHA-1 (Cert # 1497); User data hashing SHA-1 (TLS 1.0 implementation) Used as part of the TLS 1.0 TLS Key Derivation 2066 Function; Used with HMAC SHA-1 (Cert # 1498) HMAC46 SHA-1 (Used with OKM) Create challenge responses as part of the certificate 1497 service of OKM; Used with SHA-1 (Cert #: 2065) HMAC SHA-1 (TLS 1.0 implementation) Provides integrity during a TLS session; Used with 1498 SHA-1 (Cert # 2066) 38 AES – Advanced Encryption System 39 ECB – Electronic Code Book 40 Media Keys are a defined CSP. See Table 13 in VE07.03.01 41 SP – Special Publication 42 CTR - Counter 43 CBC – Cipher Block Chaining 44 TLS – Transport Layer Security 45 SHA – Secure Hash Algorithm 46 HMAC – (Keyed-) Message Authentication Code © Copyright 2013 Oracle Corporation Page 27 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Certificate Algorithm Implementation Description Number RSA 2048-bit PKCS47 #1 v1.5 Signature Verification Verifies the signature of a new firmware image to be loaded onto the ETD; Used with SHA-1 (Cert # 1246 2065) TLS 1.0 Key Derivation TLS 1.0 Key Derivation (SP800-135 rev1; Section 82 4.2.1) SP800-90A CTR DRBG Generates random numbers for nonces and keys 322 Caveat: Additional information concerning SHA-1 and specific guidance on transitions to the use of more robust hashing algorithms is contained in NIST Special Publication 800-131A. When operating in the Permanent Encryption and Encryption Enabled Approved Modes, the ETD wraps data it sends to an OKM cluster with AES Key Wrap. AES Key Wrap, as defined in SP 800-38F, is an approved key wrapping, key establishment methodology. AES (Cert #:2405, Key Wrapping provides 256 bits of encryption strength) The following non-Approved methods are allowed for use, as described, in the Permanent Encryption and Encryption Enabled Modes: RSA (Key wrapping; key establishment methodology provides 112 bits of encryption strength) The module provides a Non-Deterministic Random Number Generator (NDRNG) as the entropy source to the FIPS-Approved SP 800-90A CTR DRBG. The module provides MD5 for use with TLS 1.0 protocol. 47 PKCS – Public Key Cryptographic Standard © Copyright 2013 Oracle Corporation Page 28 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.7.2 Encryption Disabled Cryptographic Algorithms The Encryption Disabled Approved Mode utilizes a subset of the cryptographic algorithms listed in Table 10. A list of cryptographic algorithms used by the module while operating in the Encryption Disabled Mode is provided as Table 11. Table 11 – FIPS-Approved Algorithms in StorageTek T10000C Tape Drive (Encryption Disabled Mode) Certificate Algorithm Implementation Description Number AES 256-bit ECB mode (DRBG implementation) AES in ECB mode as used with the SP 800-90A 2407 CTR DRBG with Cert # 322 SHA-1 (Firmware implementation) Used for digital signature verification; User data 2065 hashing RSA 2048-bit PKCS #1 v1.5 Signature Verification Verifies the signature of a new firmware image to be loaded onto the ETD; Used with SHA-1 (Cert # 1246 2065) SP800-90A CTR DRBG Generates random numbers for nonces and keys 322 Caveat: Additional information concerning SHA-1 and specific guidance on transitions to the use of more robust hashing algorithms is contained in NIST Special Publication 800-131A. 2.7.3 Non-Approved Mode Security Functions The cryptographic algorithms listed in Table 12 are available to the StorageTek T10000C Tape Drive while operating in the non-Approved Mode. Table 12 – Non-Approved Mode Security Functions Algorithm AES 256-bit ECB mode (Firmware; non-compliant) AES 256-bit ECB mode (Hardware; non-compliant) AES 256-bit CBC mode (non-compliant) AES 256-bit CCM mode (Firmware; non-compliant) AES 256-bit CCM mode (Hardware; non-compliant) SHA-1 (non-compliant) HMAC SHA-1 (non-compliant) RSA 2048-bit PKCS #1 v1.5 Encrypt/Decrypt (non-compliant) SP 800-90A CTR DRBG (non-compliant) © Copyright 2013 Oracle Corporation Page 29 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.7.4 Encryption Enabled Cryptographic Keys and Critical Security Parameters The cryptographic keys, key components, and other CSPs used by the module while operating in either the Permanent Encryption Approved Mode or Encryption Enabled Approved Mode are shown in Table 13. Table 13 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs (Permanent Encryption and Encryption Enabled Modes) Key Key Type Generation / Input Output Storage Zeroization Use Generated externally; Output encrypted via Plaintext in RAM48 Media Key AES CCM 256-bit “Reset” service; To encrypt and decrypt and FPGA49 (MEKey) Input encrypted via DEKey Switch Approved data to and from AKWK Mode magnetic tape AES Key Wrap Key AES ECB 256-bit Generated internally Output encapsulated Plaintext in RAM “Reset” service; Decrypt MEKey (AKWK) via Approved DRBG via KWKPublicKey Power cycle; Switch Approved Mode Dump Encryption AES CCM 256-bit Generated internally Output encrypted via Plaintext in RAM “Reset” service; Encrypt dump files Key (DEKey) via Approved DRBG DEPubKey Power cycle; Switch Approved Mode Dump Encryption RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Encapsulate DEKey Public Key key Hardcoded into module EEPROM (DEPubKey) module Tape Drive Private RSA 2048-bit private Generated externally; Output encrypted via Plaintext in RAM “Reset” service; Authenticate the Key (TDPrivKey) key Input via TLS_ECK DEKey and EEPROM Switch Approved module to OKM cluster Mode appliance during TLS session Tape Drive Public RSA 2048-bit public Generated externally; Output encrypted via Plaintext in “Reset” service; Authenticate the Key (TDPubKey) key Input via TLS_ECK DEKey; Output in EEPROM Switch Approved module to OKM cluster plaintext Mode appliance during TLS session 48 RAM – Random Access Memory 49 FPGA – Field Programmable Gate Array © Copyright 2013 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key Key Type Generation / Input Output Storage Zeroization Use TLS_PM 48 bytes random data Generated internally Output encapsulated Plaintext in RAM “Reset” service; Premaster secret for via Approved DRBG via CA_Cert Power cycle; TLS 1.0 session Switch Approved Mode TLS_MS 48 bytes pseudo- Generated internally Does not exit the Plaintext in RAM “Reset” service; Master secret for TLS via TLS 1.0 PRF50 random data module Power cycle; 1.0 session Switch Approved Mode TLS_EMK HMAC SHA-1 Generated internally Does not exit the Plaintext in RAM “Reset” service; Authentication key for via TLS 1.0 PRF module Power cycle; data leaving the module Switch Approved (per TLS 1.0) Mode TLS_DMK HMAC SHA-1 Generated internally Does not exit the Plaintext in RAM “Reset” service; Authentication key for via TLS 1.0 PRF module Power cycle; data entering the Switch Approved module (per TLS 1.0) Mode TLS_ECK AES CBC 256-bit Generated internally Does not exit the Plaintext in RAM “Reset” service; Encryption key for data via TLS 1.0 PRF module Power cycle; leaving the module (per Switch Approved TLS 1.0) Mode TLS_DCK AES CBC 256-bit Generated internally Does not exit the Plaintext in RAM “Reset” service; Decryption key for data via TLS 1.0 PRF module Power cycle; entering the module Switch Approved (per TLS 1.0) Mode CA_Cert RSA 2048-bit public Generated externally. Output encrypted via Plaintext in “Reset” service; Authenticate the OKM Key Input in plaintext via DEKey EEPROM Switch Approved cluster appliance to the CA51 Mode module during TLS session Key Wrap Key RSA 2048-bit public Generated externally; Output encrypted via Plaintext in “Reset” service; Wrap AKWK to be Public Key key Input encrypted via DEKey EEPROM Switch Approved sent to OKM cluster (KWKPublicKey) TLS_ECK Mode 50 PRF (Pseudo Random Function) is based on a hash on the TLS_PM and nonces; Utilizes SHA-1 and MD5 (Message Digest 5) 51 CA – Certificate Authority © Copyright 2013 Oracle Corporation Page 31 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key Key Type Generation / Input Output Storage Zeroization Use Firmware Signature RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Validate a new Public Key key Hardcoded into module EEPROM firmware image loaded (FSPubKey) module onto module Firmware Signature RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Verify the chain of Root Certificate Key key Hardcoded into module EEPROM certificates provided by (FSRootCert) module the new firmware image DRBG Seed Random bit value Generated internally Does not exit the Plaintext in RAM “Reset” service; Generate random module Power cycle; values for the Switch Approved CTR_DRBG Mode DRBG ‘V’ Value Internal DRBG state Generated internally Does not exit the Plaintext in RAM “Reset” service; Internal state value for value (integer) module Power cycle; the CTR_DRBG Switch Approved Mode DRBG ‘Key’ Value Internal DRBG state Generated internally Does not exit the Plaintext in RAM “Reset” service; Internal state value for value (integer) module Power cycle; the CTR_DRBG Switch Approved Mode *The vendor makes no conformance claims to any key derivation function specified in SP 800-135rev1. References to the TLS key derivation function addressed in SP 800-135rev1 is only listed to clarify the key types supported by ETD. 2.7.5 Encryption Disabled Cryptographic Keys and Critical Security Parameters The cryptographic keys, key components, and other CSPs used by the module while operating in the Encryption Disabled Approved Mode are shown in Table 14. Table 14 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs (Encryption Disabled Mode) Key Key Type Generation / Input Output Storage Zeroization Use Dump Encryption RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Not used in the Public Key key Hardcoded into module EEPROM Encryption Disabled (DEPubKey) module Mode © Copyright 2013 Oracle Corporation Page 32 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. Key Key Type Generation / Input Output Storage Zeroization Use Firmware Signature RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Validate a new Public Key key Hardcoded into module EEPROM firmware image loaded (FSPubKey) module onto module Firmware Signature RSA 2048-bit public Generated externally; Does not exit the Plaintext in Not Applicable Verify the chain of Root Certificate Key key Hardcoded into module EEPROM certificates provided by (FSRootCert) module the new firmware image © Copyright 2013 Oracle Corporation Page 33 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 2.8 EMI/EMC The StorageTek T10000C Tape Drive conforms to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (business use). 2.9 Self-Tests The StorageTek T10000C Tape Drive performs the required Integrity Test and Power-On Self-Tests (POSTs) during initial power-up. On-demand self-tests can be performed by the “IPL” service available to the CO or by cycling the power of the module. The module executes conditional self-tests during normal operation whenever a new random number is generated or whenever new firmware is loaded. The following sections describe the power-up and conditional self-tests that are run by the module in each Approved mode. 2.9.1 Integrity Tests An integrity test is the first operation performed by the StorageTek T10000C Tape Drive after power has been supplied. The module performs a 32-bit CRC52 on the firmware as its approved integrity technique. Data output is not available while the integrity test is being performed. If the test passes, the module will continue on to perform the required Known Answer Tests (KATs) on its cryptographic algorithms. If the firmware integrity test fails, the module will remain in its initial boot state and create an unencrypted dump file53. The CO will be required to reboot the module in order to resolve the error. 2.9.2 Power-On Self-Tests POSTs are performed by the ETD when power is applied to the module and after the integrity test has passed. Data output is not available while the POSTs are being performed. After the POSTs successfully complete, the module will begin normal operation. Normal operation may be in one of the three Approve modes or in the non-Approved mode. The operational status of the module is determined when the module first boots. If any of the POSTs fail, then the ETD will create an unencrypted dump file and then continue to reboot. The following POSTs are performed by the module during every boot-up, regardless of current operational mode: • AES ECB KAT • AES CBC KAT 52 CRC – Cyclic Redundancy Check 53 When operating in the Permanent Encryption or Encryption Enabled Modes, unencrypted data dumps shall be deleted by the CO after their creation © Copyright 2012 Oracle Corporation This document may be freely reproduced and distributed whole and intact including this Copyright Notice. • AES CCM KAT (Firmware) • AES CCM KAT (Hardware) • AES Key Wrap KAT • RSA Signature Verification KAT with a 2048-bit precomputed signature • RSA Encrypt/Decrypt KAT • SHA-1 KAT • SHA-1 KAT (TLS) • HMAC SHA-1 KAT • HMAC SHA-1 KAT (TLS) • SP 800-90A CTR DRBG KAT 2.9.3 Conditional Self-Tests When operating in the Permanent Encryption and Encryption Enabled Approved Modes, the StorageTek T10000C Tape Drive performs a Continuous Random Number Generator Test (CRNGT) on the output from the DRBG each time a new random number is generated. In addition, a CRNGT is performed on the output from the NDRNG prior to being used as entropy input for the DRBG. If any of the CRNGTs fail, the module will generate a dump file and attempt to perform the CRNGT a second time. If the CRNGT passes on the second attempt, the ETD will encrypt the dump file and then reboot. If the CRNGT fails on the second attempt, the dump file is discarded and the module will then reboot. In each of the Approved Modes, a firmware load test is performed on new firmware being loaded onto the module. Firmware can be loaded onto the module via the Host Interface or via the Tape Head interface. The ETD uses a 2048-bit RSA digital signature verification to confirm the integrity of the firmware prior to being loaded onto the module. If the test passes, the module will reboot and the new firmware will be used. If the test fails, the new firmware image will be discarded and the module will resume normal operation. Firmware is unable to be loaded into the module while operating in the non-Approved Mode. 2.9.4 Critical Functions Tests When operating in the Permanent Encryption and Encryption Enabled Approved Modes, critical function self-tests are required by the module when operating the SP 800-90A CTR DRBG. Critical functions tests are crucial for the proper and secure operation of the DRBG. These tests will ensure the DRBG always produces random information. The StorageTek T10000C Tape Drive performs the following critical function self-tests: SP 800-90A DRBG Instantiate Test © Copyright 2013 Oracle Corporation Page 35 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. SP 800-90A DRBG Reseed Test SP 800-90A DRBG Uninstantiate Test 2.10 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 1 requirements for this validation. © Copyright 2013 Oracle Corporation Page 36 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 3 SECURE OPERATION The Oracle StorageTek T10000C Tape Drive meets Level 1 requirements for FIPS 140-2. This section provides Cryptographic Officer guidance for the proper use and maintenance of the module. Instructions for placing the module into one of the three Approved modes are also provided. Operators of the ETD should read and be familiar with the following Oracle documents prior to configuring and operating the module. StorageTek T10000 Tape Drive Operator’s Guide (Part#: E20714-04; April 2013) StorageTek Virtual Operator Panel: User’s Guide (Customer Version) (Part #: E37053-01; September 2012) Oracle Key Manager: Administration Guide (Part #: E26025-03; January 2011) Prior to setting up the StorageTek T10000C Tape Drive for first use, the CO shall use the instructions provided in these guides to install the latest versions of Oracle Key Manager and the Virtual Operator Panel onto a trusted system. These external software components are required for setting up the ETD for normal operation. 3.1 Cryptographic Officer Guidance (First Use) This section provides instructions on how to place the StorageTek T10000C Tape Drive into each of the three FIPS-Approved modes after first receiving the drive from Oracle Corporation. For first-time use, these operations shall be performed with an Oracle Service Representative present. 3.1.1 Initial Set-Up Prior to placing the module into one of the three Approved modes, the CO shall perform the following steps: 1. Install the StorageTek T10000C Tape Drive following the instruction provided in StorageTek T10000 Tape Drive Installation Guide 2. Examine the hardware part number on the rear label. Confirm it matches the hardware version number on this Security Policy (Hardware Part #: 7054185) 3. Using VOP, the CO shall check the Version Tab (Retrieve View Drive Data) to confirm the current firmware version number matches the firmware version number listed on this Security Policy (Firmware Version: 1.57.308) 4. The CO shall set the drive to an “offline” state (Drive Operations Set Offline) 3.1.2 Encryption Disabled Approved Mode Set-Up The StorageTek T10000C Tape Drive is initially delivered to an Oracle customer with the Encryption Disabled Mode configured. Upon first receiving the ETD, © Copyright 2013 Oracle Corporation Page 37 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. the CO shall perform the following steps to ensure the module is operating in the Encryption Disabled Mode: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2. Using VOP, navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 3. Verify that the “Use KMS or DPKM” Field is set to “UNKN” a. Set the “Use KMS or DPKM” Field to “UNKN” if not previously set 4. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Encryption Disabled Approved Mode. 3.1.3 Encryption Enabled Approved Mode Set-Up To place the StorageTek T10000C Tape Drive into the Encryption Enabled Mode, the CO shall perform the following steps: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2. Using OKM, the CO shall add the ETD to the OKM cluster 3. Using VOP, navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 4. Set the “Use KMS or DPKM” Field to “KMS” 5. Set the “Permanently encrypting” field to “No” 6. Enter a valid Agent ID, Pass Phrase, and OKM IP Address 7. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Encryption Enabled Approved Mode. 3.1.4 Permanent Encryption Approved Mode Set-Up To place the StorageTek T10000C Tape Drive into the Permanent Encryption Mode, the CO shall perform the following steps: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2. Using OKM, the CO shall add the ETD to the OKM cluster 8. Using VOP, navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 3. Set the “Use KMS or DPKM” Field to “KMS” 4. Set the “Permanently encrypting” field to “Yes” 5. Enter a valid Agent ID, Pass Phrase, and OKM IP Address 6. Press the “Commit” button © Copyright 2013 Oracle Corporation Page 38 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Permanent Encryption Approved Mode. Once operating in this mode, the module will be unable to operate in any other Approved or non-Approved modes. 3.2 Cryptographic Officer Guidance (Normal Operation) This section assumes the StorageTek T10000C Tape Drive has been placed into one of the three FIPS-Approved modes or the non-Approved Mode. Instructions on how to place the drive into another mode are provided in this section. The CO is responsible for placing the ETD into one of the three Approved modes of operation. An Oracle Service Representative is not required to be present when switching Approved modes. Switching to one of the defined Approved modes from the non-FIPS-Approved mode will cause keys generated in the non- Approved mode to be zeroized. 3.2.1 Switching To Encryption Disabled Approved Mode The CO can place the module into the Encryption Disabled Mode from the Encryption Enabled Mode or the non-Approved Mode. The CO shall perform the following steps to place the module into the Encryption Disabled Mode: 1. Using the “Drive Operations” menu on VOP, reset the ETD54 2. After reboot, use the “Drive Operations” menu to place the drive offline 3. Navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 4. Set the “Turn encryption off” field to “Yes” 5. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Encryption Disabled Approved Mode. 3.2.2 Switching To Encryption Enabled Approved Mode The CO can place the module into the Encryption Enabled Mode from the Encryption Disabled Mode. The CO shall perform the following steps to place the module into the Encryption Enabled Mode: 1. Using the “Drive Operations” menu on VOP, place the drive offline 2. Navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 3. Set the “Use KMS or DPKM” field to “KMS” 4. Set the “Permanently encrypting” field to “No” 5. Enter a valid Agent ID, Pass Phrase, and OKM IP Address 6. Press the “Commit” button 54 Step 1 is not required if the drive is currently operating in the Non-Approved Mode © Copyright 2013 Oracle Corporation Page 39 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Encryption Enabled Approved Mode. 3.2.3 Switching To Permanent Encryption Approved Mode The CO can place the module into the Permanent Encryption Mode from the Encryption Disabled Mode or the Encryption Enabled Mode. The CO shall perform the following steps to place the module into the Permanent Encryption Mode: 1. Using the “Drive Operations” menu on VOP, reset the ETD55 2. Using “Drive Operations” menu on VOP, place the drive offline 3. Navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 4. Set the “Use KMS or DPKM” field to “KMS” 5. Set the “Permanently encrypting” field to “Yes” 6. Enter a valid Agent ID, Pass Phrase, and OKM IP Address 7. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the Permanent Encryption Approved Mode. Once operating in this mode, the module will be unable to operate in any of the other two Approved modes or the non-Approved Mode. 3.3 Cryptographic Officer Guidance (Non-Approved Mode) The StorageTek T10000C Tape Drive is capable of operating in a non-FIPS- Approved mode of operation. This section provides instructions on how to enable the non-Approved Mode on first use of the ETD as well as from the Encryption Enabled and Encryption Disabled Modes. Switching to the non-FIPS-Approved mode will cause the module to zeroize all CSPs. 3.3.1 Enable non-Approved Mode (First Use) The CO can place the StorageTek T10000C Tape Drive into the non-Approved Mode after initially receiving the ETD. The CO shall perform the following steps: 1. Follow the steps outlined in Section 3.1.1 (Initial Set-Up) 2. Using VOP, navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 3. Set the “Use KMS or DPKM” field to “DPKM” 55 This step is not needed if the drive is currently operating in the Encryption Disabled Mode © Copyright 2013 Oracle Corporation Page 40 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 4. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the non-Approved Mode. 3.3.2 Switching To non-Approved Mode The CO can place the module into the non-Approved Mode from the Encryption Disabled Mode. The CO shall perform the following steps to place the module into the non-Approved Mode: 1. Using “Drive Operations” menu on VOP, reset the ETD 2. After reboot, use the “Drive Operations” menu to place the drive offline 3. Navigate to the “Encrypt” tab in the “Drive Data” window (Configure Drive Data) 4. Set the “Use KMS or DPKM” field to “DPKM” 5. Set the “Permanently encrypting” field to “UNKN” 6. Press the “Commit” button After pressing the “Commit” button, the ETD will reboot to normal operation. From this point forward, the module will be operating in the non-Approved Mode. 3.4 Zeroization Zeroization of the module’s Critical Security Parameters shall be done under direct control of the Cryptographic Officer. Zeroization can be accomplished by the CO performing the Reset service. The module will also perform zeroization automatically when switching between the Approved modes and to and from the non-Approved mode. © Copyright 2013 Oracle Corporation Page 41 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. 4 ACRONYMS Acronyms used within this document are listed below. AES Advanced Encryption Standard AKWK AES Key Wrap Key CA Certificate Authority CBC Cipher-Block Chaining CCM Counter with CBC-MAC CMVP Cryptographic Module Validation Program CO Cryptographic Officer CRC Cyclic Redundancy Check CRNGT Continuous Random Number Generator Test CSEC Communications Security Establishment Canada CSP Critical Security Parameter CTR Counter DPKM Data Path Key Management DRBG Deterministic Random Bit Generator ECB Electronic Codebook EEPROM Electronically Erasable Programmable Read-Only Memory EMC Electromagnetic Compatibility EMI Electromagnetic Interference ETD Encrypting Tape Drive FC-SB-3 Fibre Channel Single-Byte-3 FCP-3 Fibre Channel Protocol-3 FICON Fibre Connection FIPS Federal Information Processing Standard FPGA Field Programmable Gate Array GUI Graphical User Interface HMAC (Keyed-) Hash-based Message Authentication Code Hz Hertz IP Internet Protocol IPL Initial Program Load KAT Known Answer Test KMA Key Management Appliance KMS Key Management System LCD Liquid Crystal Display LED Light Emitting Diode MB Megabytes MD5 Message Digest Algorithm 5 NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology OKM Oracle Key Manager PKCS Public Key Cryptography Standards POST Power-On Self-Test PRF Pseudo-Random Function RAM Random Access Memory RFID Radio Frequency Identification RJ Registered Jack RS Recommended Standard © Copyright 2013 Oracle Corporation Page 42 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice. RSA Rivest, Shamir, Adleman SCSI Small Computer System Interface sec Second SNMP Simple Network Management Protocol SP Special Publication SSC-3 SCSI Stream Commands-3 SHA Secure Hash Algorithm TLS Transport Layer Security TTI Tape Transport Interface UNKN Unknown VAC Volts Alternating Current VOP Virtual Operator Panel © Copyright 2013 Oracle Corporation Page 43 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.