Hewlett Packard Enterprise Development LP HP BladeSystem Onboard Administrator Firmware Firmware Version: 4.40 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.0 Prepared for: Prepared by: Hewlett Packard Enterprise Development Corsec Security, Inc. LP 11445 Compaq Center Dr. W. 13921 Park Center Road, Suite 460 Houston, TX 77070 Herndon, VA 20171 United States of America United States of America Phone: +1 (281) 370-0670 Phone: +1 (703) 267-6050 http://www.hpe.com http://www.corsec.com Security Policy, Version 1.0 February 23, 2016 Table of Contents 1 INTRODUCTION ......................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 HP BLADESYSTEM ONBOARD ADMINISTRATOR FIRMWARE................ 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.2 MODULE SPECIFICATION..................................................................................................................................... 5 2.3 MODULE INTERFACES .......................................................................................................................................... 8 2.4 ROLES AND SERVICES ........................................................................................................................................... 9 2.4.1 Crypto-Officer Role.............................................................................................................................................. 10 2.4.2 User Role ................................................................................................................................................................ 12 2.5 PHYSICAL SECURITY ...........................................................................................................................................13 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................13 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................13 2.8 SELF-TESTS ..........................................................................................................................................................19 2.8.1 Power-Up Self-Tests ............................................................................................................................................ 19 2.8.2 Conditional Self-Tests ......................................................................................................................................... 19 2.8.3 Critical Function Tests ........................................................................................................................................ 19 2.9 MITIGATION OF OTHER ATTACKS ..................................................................................................................19 3 SECURE OPERATION ............................................................................................... 20 3.1 INITIAL SETUP......................................................................................................................................................20 3.2 SECURE MANAGEMENT .....................................................................................................................................20 3.2.1 Management ........................................................................................................................................................ 21 3.2.2 Zeroization ............................................................................................................................................................ 21 3.3 USER GUIDANCE ................................................................................................................................................21 4 ACRONYMS .......................................................................................................................... 22 Table of Figures FIGURE 1 – HP BLADESYSTEM ONBOARD ADMINISTRATOR FIRMWARE CRYPTOGRAPHIC BOUNDARY .....................5 FIGURE 2 – HARDWARE BLOCK DIAGRAM FOR 440EPX PROCESSOR ..............................................................................7 FIGURE 3 – BLADESYSTEM C7000 ONBOARD ADMINISTRATOR WITH KVM ...................................................................8 FIGURE 4 – BLADESYSTEM C3000 TRAY WITH EMBEDDED DDR2 ONBOARD ADMINISTRATOR .................................8 FIGURE 5 – BLADESYSTEM C3000 DUAL DDR2 ONBOARD ADMINISTRATOR................................................................8 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .........................................................................................................4 TABLE 2 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS ......................................................................................................9 TABLE 3 – CRYPTO-OFFICER SERVICES ............................................................................................................................... 10 TABLE 4 – USER SERVICES ..................................................................................................................................................... 12 TABLE 5 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS .......................................................................................... 14 TABLE 6 – LIST OF CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS................................. 16 TABLE 7 – ACRONYMS .......................................................................................................................................................... 22 HP BladeSystem Onboard Administrator Firmware Page 2 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the HP BladeSystem Onboard Administrator Firmware (Firmware Version: 4.40) from Hewlett Packard Enterprise Development LP This Security Policy describes how the HP BladeSystem Onboard Administrator Firmware meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140- 2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. The HP BladeSystem Onboard Administrator Firmware is referred to in this document as the Onboard Administrator, OA1, cryptographic module, or the module, and the Hewlett Packard Enterprise Development LP is referred to as HP. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The HP website (www.hp.com) contains information on the full line of products from HP.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to HP. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to HP and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact HP. OA – Onboard Administrator 1 HP BladeSystem Onboard Administrator Firmware Page 3 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 2 HP BladeSystem Onboard Administrator Firmware 2.1 Overview The HP BladeSystem is a blade server enclosure designed to maximize power while minimizing costs. The enclosure holds the server blades and supplies them with power, cooling, networking, and data storage, resulting in a reduction in power redistribution units, cabling, switches, and other clutter. The HP BladeSystem Onboard Administrator Firmware is the enclosure management and the firmware base used to support the HP BladeSystem c-Class Enclosure and all the managed devices contained within the enclosure. The HP BladeSystem Onboard Administrator Firmware is designed to manage all power flow and access permissions for every blade within the enclosure. This involves IP2 addressing for the server blade’s management interface, power management for the server blades, fans, and other modules, utilizing Integrated Lights-Out (iLO). HP BladeSystem Onboard Administrator Firmware provides a single access point to perform basic management tasks on server blades and switches within the enclosure. HP BladeSystem Onboard Administrator Firmware provides configuration information for the enclosure, enables run-time management and configuration of the enclosure components, and informs administrators of problems within the enclosure through email, or the Insight Display. HP recommends that the administrator read the specific HP BladeSystem Onboard Administrator User Guide for enclosure-specific information before proceeding with Onboard Administrator setup. This user guide provides information on the initial setup and operation of the HP BladeSystem Onboard Administrator. It also covers use of the Onboard Administrator GUI3 and the use of the enclosure Insight Display. The Onboard Administrator Command Line Interface Guide covers the use of the CLI 4. The HP BladeSystem Onboard Administrator Firmware provides several features designed to simplify management of c-Class blades and interconnects. The BladeSystem c7000 and c3000 enclosures can be configured with redundant OA modules to provide uninterrupted manageability of the entire enclosure and blades in the event of a failure of the primary OA module or network outage. The HP BladeSystem Onboard Administrator Firmware is validated at the following FIPS 140-2 Section levels: Table 1 – Security Level Per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 1 2 Cryptographic Module Ports and Interfaces 1 3 Roles, Services, and Authentication 1 4 Finite State Model 1 5 Physical Security 1 N/A5 6 Operational Environment 7 Cryptographic Key Management 1 EMI/EMC6 8 1 IP – Internet Protocol 2 GUI – Graphical User Interface 3 CLI – Command-Line Interface 4 N/A – Not applicable 5 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 6 HP BladeSystem Onboard Administrator Firmware Page 4 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Section Section Title Level 9 Self-tests 1 10 Design Assurance 1 11 Mitigation of Other Attacks N/A 14 Cryptographic Module Security Policy 1 2.2 Module Specification The HP BladeSystem Onboard Administrator Firmware is a firmware module with a multiple-chip standalone embodiment. The overall security level of the module is 1. The cryptographic boundary of the HP BladeSystem Onboard Administrator Firmware is defined by all the firmware that runs on the HP BladeSystem Onboard Administrator blade, operating within the c3000 and c7000 BladeSystem c-Class enclosures. The physical cryptographic boundary of the module is drawn around the hardware blade (red dotted line in Figure 2 below), from this point forward referred to as the ‘host appliance’, that it runs on. The logical cryptographic boundary is drawn around the module code that runs entirely on the host appliance’s Central Processing Unit (CPU), and is depicted in Figure 1 below. The HP BladeSystem Onboard Administrator Firmware module provides many communication pathways for an administration of the BladeSystem enclosure. The module’s cryptographic functions are utilized for securing management traffic being sent and received by the module. Enclosure Enclosure OA User Uplink Downlink LDAP External Enclosure Ethernet Management LAN Ethernet LED Ethernet RESET LCD Management USB VGA Workstation SSH Serial CLI Ethernet Web HTTPS SOAP Security Enclosure Management Manager Administration XML/HTTPS Internal Enclosure Subsysten Insight Display Subsystem Subsystem Subsystem Management LAN HPSIM SMTP Notification Core Subsystem Cryptographic Subsystem Engine Flash Logging Subsystem SDRAM NVRAM Syslog Onboard Administrator Module Legend Internal Interface Cryptographic Cryptographic Status Output Module Module Data Input / Subsystem Boundary Control Input Data Output LAN – Local Area Network HTTPS – Hypertext Transport Protocol Secure LED – Light-Emitting Diode SSH – Secure Shell VGA – Video Graphics Array XML – Extensible Markup Language USB – Universal Serial Bus HPSIM – HP Systems Insight Manager LCD – Liquid Crystal Display SMTP – Simple Mail Transfer Protocol LDAP – Lightweight Directory Authorization Protocol SDRAM – Synchronous Dynamic Random-Access Memory SOAP – Simple Object Access Protocol NVRAM – Non-Volatile Random-Access Memory Figure 1 – HP BladeSystem Onboard Administrator Firmware Cryptographic Boundary HP BladeSystem Onboard Administrator Firmware Page 5 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Figure 1 shows the systems at work within the Onboard Administrator firmware:  Security Manager Subsystem – Performs user authentication and account management, and also provides integration into existing LDAP7 directories.  Administration Subsystem – Exposes logical interfaces accessible via HTTPS8, and SOAP9 that allow management of the OA. This shows an interface with HPSIM 10, over SOAP. HPSIM is a management application that communicates with the OA, iLO, and HP Virtual Connect module in the c-Class enclosure.  Cryptographic Engine – Performs all cryptographic functionality offered by OA, including encryption of management traffic.  Enclosure Management Subsystem – Monitors and controls enclosure components and provides status and information on installed devices.  Insight Display/KVM11 Subsystem – Enables initial configuration through a small LCD 12 interface on the enclosure, as well as provides KVM access to server blade consoles.  Logging Subsystem – Facilitates the generation and storage of system event logs to provide administrators with an audit trail of user activity.  Core Subsystem – Provides a secure, reliable platform on which the other OA subsystems operate, including the operating system, storage, and working memory.  Notification Subsystem – Processes enclosure alerts and enables notification via SMTP13 and SNMPv3. This firmware is designed to run on an HP BladeSystem Onboard Administrator appliance for use in HP BladeSystem c-Class Enclosures. The module will run on the PowerPC (PPC) 440EPX processor. This processor executes the module, which is the OA firmware image, stored in flash memory. There are three forms of Onboard Administrator hardware appliances that support this processor. The cryptographic module was tested and found compliant on the following platforms: PowerPC 440EPx:  c7000 DDR142 Onboard Administrator with KVM  c3000 Tray with Embedded DDR2 Onboard Administrator  c3000 Dual DDR2 Onboard Administrator These will be referred to, collectively, as the “host appliance”. LDAP – Lightweight Directory Authentication Protocol 7 HTTPS – Hypertext Transfer Protocol Secure 8 SOAP – Simple Object Access Protocol 9 HPSIM – HP Systems Insight Manager 10 KVM – Keyboard, Video, Mouse 11 LCD – Liquid Crystal Display 12 SMTP – Simple Mail Transfer Protocol 13 DDR – Double Data Rate 14 HP BladeSystem Onboard Administrator Firmware Page 6 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Legend Control Input Status Output Cryptographic Data Input / Module Boundary Data Output Figure 2 – Hardware Block Diagram for 440EPx Processor HP BladeSystem Onboard Administrator Firmware Page 7 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 2.3 Module Interfaces The OA implements distinct module interfaces in its firmware design. Physically, the module ports and interfaces are considered to be those of the host platform that the firmware runs upon. However, the firmware communicates through a CLI or GUI, which allows it to receive requests and execute function calls for cryptographic and administrative services. The CLI, GUI, and the physical ports/interfaces can be categorized into the following logical interfaces defined by FIPS 140-2:  Data Input Interface  Data Output Interface  Control Input Interface  Status Output Interface These logical interfaces are mapped to the host appliance’s physical interfaces, as described in Table 2. Figure 3 through Figure 5 below show the host appliances and their physical interfaces. Figure 3 – BladeSystem c7000 Onboard Administrator with KVM Figure 4 – BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator Figure 5 – BladeSystem c3000 Dual DDR2 Onboard Administrator All of the physical interfaces of the appliance are separated into logical interfaces defined by FIPS 140-2, as described in the following table: HP BladeSystem Onboard Administrator Firmware Page 8 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Table 2 – FIPS 140-2 Logical Interface Mappings Physical Port/Interface HP BladeSystem Onboard FIPS 140-2 Administrator Firmware Logical Interface Port/Interface   Data Input Ethernet RJ4515 connector TLS17, SSH18, and plaintext sessions (HTTPS, SOAP, LDAP, NTP19)  Serial RS232 DB-9 connector with PC16 standard pinout  Backplane connector   Data Output Ethernet RJ45 TLS, SSH, and plaintext sessions connector (HTTPS, SMTP, LDAP, SOAP)  Serial RS232 DB-9 connector with PC standard pinout  Backplane connector   Control Input Reset button CLI commands   Ethernet RJ45 connector Web GUI interface   Serial RS232 DB-9 connector with Keyboard/Mouse input PC standard pinout  USB 2.0 Type A connector  Insight Display LCD Buttons  Backplane connector   Status Output Ethernet RJ45 connector Video output from VGA/LCD   Serial RS232 DB-9 connector with CLI output  PC standard pinout Web GUI interface   VGA DB-15 connector with PC External Syslog standard pinout*  SMTP  Backplane connector  LED indicators  Insight Display LCD Power Interface Power Interface Not Applicable * Only on the c7000 OA The OA connects to the BladeSystem Enclosure backplane providing connection pathways to all of the enclosure modules and subsystems in order to provide administration. 2.4 Roles and Services The module supports role-based authentication. There are two roles in the module (as required by FIPS 140- 2) that operators may assume: a Crypto-Officer (CO) role and a User role. See the Onboard Administrator User Guide and Command Line Interface User Guide for more information about the roles and services provided by the Onboard Administrator. RJ45 – Registered Jack 45 15 PC – Personal Computer 16 TLS – Transport Layer Security 17 SSH – Secure Shell 18 NTP – Network Time Protocol 19 HP BladeSystem Onboard Administrator Firmware Page 9 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 2.4.1 Crypto-Officer Role The Crypto-Officer role has the ability to create User accounts, define permissions, change passwords, and take the module into or out of a FIPS mode of operation. The Crypto-Officer maps to the “Administrator” and “OA Administrator” account classifications, as defined in the Onboard Administrator Command Line Interface User Guide. Descriptions of the services available to the Crypto-Officer role are provided in Table 3, below. The Crypto-Officer has access to all of the services of the User. Please note that the keys and CSPs20 listed in the table indicate the type of access required using the following notation:  R – Read: The CSP is read.  W – Write: The CSP is established, generated, modified, or zeroized.  X – Execute: The CSP is used within an Approved or Allowed security function or authentication mechanism. Table 3 – Crypto-Officer Services CSP and Type Service Description Input Output of Access Create/modify Create, edit, and Command to User successfully None Users delete users; define create a new user created with user accounts and with established assign permissions credentials/permiss credentials/permissions ions Change CO Change the Crypto- Command to Change CO Password – W credentials Officer password or change password/permissions permissions password/permissi ons Access the GUI Access the GUI via Command to begin Connection Session key – X HTTPS connection HTTPS connection established and Authentication through web browser via web browser administration page key – X RSA21 appears public/private keypair – X DH22 public/private components – X Access the CLI Manage the module Command to begin Session established Crypto-Officer using the CLI SSH session credentials – X accessed via SSH Session key – X protocol over Authentication Ethernet, or directly key – X via Serial interface RSA public/private keypair – X DH public/private components – X CSP – Critical Security Parameter 20 RSA – Rivest, Shamir, and Adleman 21 DH – Diffie-Hellman 22 HP BladeSystem Onboard Administrator Firmware Page 10 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 CSP and Type Service Description Input Output of Access Access the Manage the module None Status output SNMPv3 Privacy SNMPv3 remotely and provide Key – R/W/X non-security relevant SNMPv3 information about the Authentication module’s state and Key – R/W/X statistics Set Factory Unable to be called Command to set Set Factory Defaults All keys – W Defaults directly in FIPS mode. factory default Triggered by entering or leaving FIPS mode. Zeroizes all keys, certificates, and users. Resets Administrator password to factory setting Zeroize Keys Entering the Execute the All keys are zeroized All keys – W GENERATE KEY ALL GENERATE KEY and regenerated command in the ALL command in module’s CLI forces the module’s CLI the module to overwrite existing keys and regenerate all cryptographic keys Set FIPS Mode Enable/disable FIPS CLI command: Set Factory Defaults None mode of operation. SET FIPS MODE service is called. Keys Calls the Set Factory ON/OFF zeroized, OA reboots. Defaults service New TLS and SSH GUI Interface: keys are generated. check or uncheck Module boots in FIPS “FIPS Mode ON” mode checkbox Requires reboot of module hardware Check FIPS Mode Display FIPS status of CLI command: CLI: FIPS Mode is On None Status module SHOW FIPS MODE GUI: Checkbox is checked GUI Interface: If “FIPS Mode ON” checkbox is checked, module is in FIPS mode Perform Self- Run self-tests on None Status All keys – W Tests on demand demand HP BladeSystem Onboard Administrator Firmware Page 11 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 CSP and Type Service Description Input Output of Access Certificate Generate an X.509 Command to Generated certificate RSA Generation Certificate signing generate certificate public/private key request –X 2.4.2 User Role The User role has the ability to perform management operations for the BladeSystem c-Class Enclosure, as defined by their user permissions, via interfaces secured by the cryptographic configuration of the module. The User maps to the “OA operator”, “operator”, “OA user”, and “user” account classifications, as defined in the Onboard Administrator Command Line Interface User Guide. Descriptions of the services available to the User role are provided in the Table 4 below. Table 4 – User Services CSP and Type Service Description Input Output of Access Update Firmware Update the module Command to Firmware is None firmware update firmware updated and the from the web GUI module is out of and the image to FIPS mode use Change User Change the User Command to Change User Password – W Credentials password change password password Access the GUI Access the GUI via Command to Connection Session key – X HTTPS connection begin HTTPS established and Authentication through web connection via administration key – X browser web browser page appears RSA public/private keypair – X DH public/private components – X Access the CLI Manage the module Command to Session Session key – X using the CLI begin session established Authentication accessed via SSH key – X protocol over RSA public/private Ethernet, or keypair – X directly via Serial DH public/private interface components – X Access the SNMPv3 Manage the module None Status output SNMPv3 Privacy remotely and Key – R/W/X provide non- SNMPv3 security relevant Authentication information about Key – R/W/X the module’s state and statistics HP BladeSystem Onboard Administrator Firmware Page 12 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 CSP and Type Service Description Input Output of Access Key Wrapping Perform key Data to encrypt Encrypted data RSA public key – wrapping operation and encryption X key Key Unwrapping Perform key Data to decrypt Decrypted RSA private key – unwrapping and decryption plaintext data X operation key Signature Generation Generate a Data to sign Digitally signed RSA public/private signature data key – WX Signature Verification Verify the digital Data to verify Hash value of data RSA public/private signature attached to be verified key – WX to data Calls the DRBG23 Generate Symmetric DRBG parameters Key of requested Entropy Input Keys to generate size String – RX symmetric keys DRBG Seed – WRX TLS Session key – X SSH Session Encryption key – X Generate Asymmetric Call the DRBG for DRBG parameters Key or prime of RSA keypair –W Keys primes/keying requested size material For more information on the non-security relevant services of the module, please refer to the HP BladeSystem Onboard Administrator User Guide (http://h20628.www2.hp.com/km-ext/kmcsdirect/emr_na- c00705292-43.pdf). 2.5 Physical Security The HP BladeSystem Onboard Administrator Firmware is a multiple-chip standalone cryptographic module. The module consists of production-grade components that include standard passivation techniques. 2.6 Operational Environment As a firmware module, the operational environment requirements of FIPS 140-2 do not apply to the HP BladeSystem Onboard Administrator Firmware. The OS24 included in the firmware does not allow the loading of new applicationgs; therefore, the operational environment of the module is a non-modifiable operational environment. 2.7 Cryptographic Key Management The module implements the FIPS-Approved algorithms listed in Table 5 below. DRBG – Deterministic Random Bit Generator 23 OS – Operating System 24 HP BladeSystem Onboard Administrator Firmware Page 13 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Table 5 – FIPS-Approved Algorithm Implementations Certificate Algorithm Number Symmetric Key Algorithm AES encryption/decryption in CBC25, CTR26, ECB modes (128, 192, 256- 3333 bit key) AES GCM27 encryption/decryption/generation/verification (128, 192, 256- 3333 bit) Triple-DES28 encryption/decryption in CBC, ECB modes (Keying options 1903 1 and 2) Asymmetric Key Algorithm RSA (FIPS 186-4) key generation (2048-bit), signature generation (2048- 1712 bit), signature verification (2048-bits) Secure Hashing Algorithm (SHA) SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 2767 SHA-1 (Integrity Test) 2766 SHA-256 2768 Message Authentication Code (MAC) Function HMAC29 using SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 2124 Deterministic Random Bit Generation (DRBG) SP30 800-90A based CTR_DRBG (AES), no derivation function 780 Component Validation List (CVL)* Section 4.2, TLS – Key Derivation Function (KDF) 487 Section 5.2, SSH – KDF 487 Section 5.4, SNMP31v3 – KDF 487 * The TLS, SSH and SNMP v3 protocols have not been reviewed or tested by the CAVP or the CMVP. Only the Key Derivation Functions, that are being implemented and used by these protocols have been tested by the CAVP. NOTE: The following security functions have been deemed “deprecated” or “restricted” by NIST. Please refer to NIST Special Publication 800-131A for further details.  The use of two-key Triple DES for encryption is restricted after December 31, 2010.  After December 31, 2013, key lengths providing less than 112 bits of security strength shall not be used in the Approved mode of operation to generate keys or digital signatures.  For additional information on the risks associated with the use of a particular algorithm or given key length please consult the transition tables available at the CMVP Web site (http://csrc.nist.gov/groups/STM/cmvp/). Additionally, the module utilizes the following non-Approved algorithm implementations that are allowed to be used in Approved mode of operation: CBC – Cipher-Block Chaining 25 CTR – Counter 26 GCM – Galois/Counter Mode 27 DES – Data Encryption Standard 28 HMAC – (Keyed) Hash Message Authentication Code 29 SP – Special Publication 30 SNMP – Simple Network Management Protocol 31 HP BladeSystem Onboard Administrator Firmware Page 14 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016  Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)  MD532 (for TLS use)  RSA key wrapping (key wrapping; key establishment methodology provides 112 bits of encryption strength)  /dev/urandom – a non-Approved NDRNG33 used for entropy gathering MD5 – Message Digest Algorithm 32 NDRNG – Non-Deterministic Random Number Generator 33 HP BladeSystem Onboard Administrator Firmware Page 15 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 The module supports the critical security parameters (CSPs) listed below in Table 6. Table 6 – List of Cryptographic Keys, Cryptographic Key Components, and CSPs Key Key Type Generation / Input Output Storage Zeroization Use SSH/TLS Session HMAC SHA-1 Internally generated Never output from Plaintext in volatile End session, power Authenticate SSH or Authentication Key module memory cycle, host reboot, TLS session factory reset, leaving FIPS mode, or GENERATE KEY command SSH Session AES 128-, 192-, Internally generated Never output from Plaintext in volatile End session, power Encryption/Decryption Encryption Key 256-bit key module memory cycle, host reboot, for SSH sessions factory reset, Triple-DES 168-bit leaving FIPS mode, key or GENERATE KEY command TLS Session Key AES 128-, 192-, Internally generated Never output from Plaintext in volatile End session, power Encryption/ 256-bit key module memory cycle, host reboot, Decryption forTLS factory reset, sessions Triple-DES 168-bit leaving FIPS mode, key or GENERATE KEY command RSA Private Key RSA 2048-bit Key Internally generated – Never output from Stored in Flash Factory reset, Signature generation, Generated by call module memory leaving FIPS mode, decryption, key during first boot or GENERATE KEY exchange, certificate command generation (TLS sessions), TLS and SSH authentication HP BladeSystem Onboard Administrator Firmware Page 16 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Key Key Type Generation / Input Output Storage Zeroization Use RSA Public Key RSA 2048-bit Key Internally generated – Output from Stored in Flash Factory reset, Signature verification, Generated by call module in plaintext memory leaving FIPS mode, encryption, key during first boot or GENERATE KEY exchange with 2048- command bit only, certificate generation (TLS sessions), TLS and SSH authentication Entropy Input String 256-bit random Gathered from system Never output from Stored in NVRAM Removing NVRAM Generate seed and value entropy (/dev/urandom) module battery, host reboot finally random number using the DRBG DRBG Seed 384-bit random Internally generated Never output from Stored in NVRAM Removing NVRAM Generate random value using entropy input module battery, host reboot number using the string DRBG DH Public Public components Internally generated Output from Plaintext in volatile End session, power Key exchange (TLS, Components of DH protocol module via Data memory cycle, host reboot, SSH sessions) (2048-bit key) Output interface in factory reset, plaintext leaving FIPS mode, or GENERATE KEY command DH Private Private components Internally generated Never output from Plaintext in volatile End session, power Key exchange (TLS, Components of DH protocol module memory cycle, host reboot, SSH sessions) (256-bit key) factory reset, leaving FIPS mode, or GENERATE KEY command SNMPv3 Privacy AES 128-, 192-, Internally generated Never output from Plaintext in volatile End session, power Encrypting SNMPv3 Key 256-bit or Triple- module memory cycle, host reboot, packets. DES 168-bit factory reset, leaving FIPS mode, or GENERATE KEY command HP BladeSystem Onboard Administrator Firmware Page 17 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Key Key Type Generation / Input Output Storage Zeroization Use SNMPv3 HMAC-SHA-1-96 Internally generated Never output from Plaintext in volatile End session, power Authenticating Authentication Key module memory cycle, host reboot, SNMPv3 packets. factory reset, leaving FIPS mode, or GENERATE KEY command Operator password Minimum of eight Initial CO password Initially login Hashed on Flash Zeroized when the Authenticating the characters of hardcoded, password password provided memory and in password is updated Operator alphanumeric string changes entered into to the CO, RAM with a new one module over TLS or changed password SSH never exits the module HP BladeSystem Onboard Administrator Firmware Page 18 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 2.8 Self-Tests 2.8.1 Power-Up Self-Tests The HP BladeSystem Onboard Administrator Firmware performs the following self-tests at power-up:  uBoot CRC Firmware Integrity Test (CRC34-32)  uBoot SHA-1 Firmware Integrity Test (SHA-1)  Cryptographic Library Integrity Tests (HMAC SHA-1 and SHA-256)  Known Answer Tests (KATs) o AES ECB mode encryption KAT o AES ECB mode decryption KAT o AES GCM mode encryption KAT o AES GCM mode decryption KAT o Triple-DES ECB mode encryption KAT o Triple-DES ECB mode decryption KAT o RSA signature generation KAT o RSA signature verification KAT o HMAC SHA-1 KAT o HMAC SHA-224, HMAC SHA-256, HMAC SHA-384, and HMAC SHA-512 KATs o SHA-256 KAT o SP 800-90A based CTR_DRBG KAT 2.8.2 Conditional Self-Tests The HP BladeSystem Onboard Administrator Firmware performs the following conditional self-tests:  Continuous Random Generator Test (CRNGT) for SP 800-90A based CTR_DRBG  CRNGT for the NDRNG  RSA Pairwise Consistency Test 2.8.3 Critical Function Tests The HP BladeSystem Onboard Administrator Firmware implements the SP 800-90A HMAC_DRBG as its random number generator. The SP 800-90A specification requires that certain critical functions be tested conditionally to ensure the security of the DRBG. Therefore, the following critical function tests are implemented by the cryptographic modules:  SP 800-90A CTR_DRBG Instantiate Critical Function Test  SP 800-90A CTR _DRBG Generate Critical Function Test  SP 800-90A CTR _DRBG Reseed Critical Function Test  SP 800-90A CTR _DRBG Uninstantiate Critical Function Test 2.9 Mitigation of Other Attacks The module is not designed to mitigate one or more specific attacks beyond the FIPS 140-2 Level 1 requirements for this validation. CRC – Cyclic Redundancy Check 34 HP BladeSystem Onboard Administrator Firmware Page 19 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 3 Secure Operation The HP BladeSystem Onboard Administrator Firmware meets Level 1 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-approved mode of operation. 3.1 Initial Setup The module must be properly initialized in order to be considered to be in FIPS-Approved mode of operation. Once configured for FIPS mode, the module only operates in FIPS-Approved mode of operation. The FIPS mode requires specific levels of entropy35 in the random number generation functions. In order to ensure that the brand new appliance has the appropriate levels of entropy available, and before performing the initial configuration of the device, the Crypto-Officer should power on the module and allow it to fully boot up. Then on the command line interface, the Crypto-Officer should enter “RESTART OA” which will cause a reboot of the device. The reboot can also be performed using the GUI by navigating to the “Enclosure Information”, then to the “Active Onboard Administrator”, then selecting the “Virtual Buttons” tab, and clicking the “Reset” button. Once the module has completed the boot up cycle for the second time the Crypto- Officer must configure the HP BladeSystem c-Class Enclosure. The Crypto-Officer is responsible for making sure that the module is configured to operate in FIPS mode. In order to do this, a Crypto-Officer must log into either the CLI over SSH or the GUI through an Ethernet interface, with the proper credentials for Crypto-Officer administration. In the GUI, the Crypto-Officer must navigate to “Enclosure Settings” within the “Enclosure Information” collapsible drop-down menu. Within that, the CO must select the “Network Access” page, and then select the “FIPS” tab. If there is a Virtual Connect (VC) module connected to the BladeSystem enclosure and VC domain exists, it may be necessary to clear VC domian, using the “Clear VC Mode” button. This will take the enclosure out of VC mode and clear all VC settings. Once this is complete, the Crypto-Officer must check the radio button labeled “FIPS MODE ON” and input a new OA Administrator password. This new password must contain at least eight characters. There must be at least one character of each of four character types: uppercase, lowercase, numeric, and non-alphanumeric. If setting FIPS mode via the CLI, the Crypto-Officer must first check that the OA is not in Virtual Connect mode, by using the “show vcmode” command. If it returns “Virtual Connect Mode: Enabled”, then the Crypto-Officer must use the “clear vcmode” command. The Crypto-Officer must then input the “SET FIPS MODE ON” command into the CLI, and supply a new OA Administrator password, following the same conventions outlined above. After this is completed, the OA will reboot and initialize self-tests in order to operate in FIPS mode. If a redundant OA is to be used, then it must be properly connected to the enclosure. The Crypto-Officer must first power-on the OA module. If this is the first power-on of the module, or if it has undergone a factory reset, it will begin to generate keys and certificates. The active OA module will pass a hash of the password in an unencrypted form to the redundant OA. 3.2 Secure Management This section provides guidance which ensures that the module is always operated in the FIPS mode of operation. It will generally include services and activities allotted to the Crypto-Officer. An example is provided below. The Crypto-Officer is responsible for making sure the module is running in FIPS-Approved mode of operation. 35 Note: The module comes preloaded with at least 128 bits of entropy from the factory. HP BladeSystem Onboard Administrator Firmware Page 20 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 The Crypto-Officer can check the module’s FIPS mode status in several ways:  CLI - The “show fips mode” command will return “FIPS Mode is On” if the module is currently operating in FIPS mode. Additionally, when in FIPS mode, the CLI prompt will have a “[FIPS]” prefix.  GUI - The FIPS Mode ON radio button will be selected on the “FIPS” tab of the “Network Access” page, discussed above, if the module is operating in FIPS mode. Additionally, after logging in when the module is in FIPS mode, the header of the web page will show an icon which contains the text “FIPS”. Mouse-over text of this icon will display the current FIPS mode of the module: “FIPS Mode ON Enabled”. 3.2.1 Management The module may be managed through a CLI via the Serial or Ethernet interface, utilizing getty, or a Web GUI via Ethernet interface, utilizing HTTPS (TLS). Through these interfaces, a Crypto-Officer can configure and enable the FIPS mode. The Crypto-Officer can also gain access to OA controls over the BladeSystem enclosure via a KVM interface, which connects via the optional KVM Module in the enclosure. Access through these interfaces is controlled by role-based authentication. The KVM and Insight Display LCD are locked, by default, in FIPS mode. However, the Crypto-Officer can unlock these interfaces through the Web GUI. Unlocking these interfaces requires the configuration of a PIN code that must be used to access these management interfaces. This PIN code, set by the Crypto-Officer, must be 1 to 6 characters long. The characters supported are upper and lower-case letters, and numbers. Note that only TLS is supported by the module, when operating in FIPS mode. Other versions of SSL (v3.0 and under) are unsupported. The OA can communicate with HP iLO modules. The iLO modules, to be used with the OA, must be configured to use AES encryption for communication traffic. 3.2.2 Zeroization The Crypto-Officer is able to force zeroization of the module CSPs, both stored and ephemeral, via the management interface. Ephemeral keys can be zeroized by power-cycling the module. Stored keys require the Crypto-Officer to perform a factory reset, to call the GENERATE KEY ALL command from the CLI, or to transition out of FIPS mode. This will overwrite all stored certificates and keys, requiring another set to be generated before the module can resume cryptographic services. 3.3 User Guidance The User is neither authorized nor able to modify the FIPS-Approved configuration of the module. Users may only utilize the services listed in Table 4. Although the User does not have any ability to modify the configuration of the module, they should report to the Crypto-Officer if any irregular activity is observed. HP BladeSystem Onboard Administrator Firmware Page 21 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 4 Acronyms Table 7 in this section defines the acronyms. Table 7 – Acronyms Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute CBC Cipher Block Chaining CLI Command-Line Interface CMVP Cryptographic Module Validation Program CO Crypto-Officer CPU Central Processing Unit CSE Communications Security Establishment CSP Critical Security Parameter CRNGT Continuous Random Number Generator Test CRC Cyclic Redundancy Check CTR Counter CVL Component Validation List DDR Double Data Rate DES Data Encryption Standard DH Diffie-Hellman DRBG Deterministic Random Bit Generator DSA Digital Signature Algorithm EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard GCM Galois/Counter Mode GUI Graphical User Interface HMAC (Keyed-) Hash Message Authentication Code HP Hewlett-Packard HPSIM HP Systems Insight Manager HTTPS Hypertext Transfer Protocol Secure iLO Integrated Lights-Out IP Internet Protocol KAS Key Agreement Scheme KAT Known Answer Test HP BladeSystem Onboard Administrator Firmware Page 22 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Acronym Definition KDF Key Derivation Function KVM Keyboard-Video-Mouse LAN Local Area Network LCD Liquid-Crystal Display LDAP Lightweight Directory Access Protocol LED Light-Emitting Diode MAC Message Authentication Code MD5 Message Digest 5 N/A Not Applicable NDRNG Non-Deterministic Random Number Generator NIST National Institute of Standards and Technology NTP Network Time Protocol NVRAM Non-Volatile Random Access Memory OA Onboard Administrator OFB Output Feedback OS Operating System PC Personal Computer PKCS Public-Key Cryptography Standards PPC PowerPC RJ45 Registered Jack 45 RSA Rivest Shamir and Adleman SDRAM Synchronous Dynamic RandomAccess Memory SHA Secure Hash Algorithm SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol SOAP Simple Object Access Protocol SP Special Publication SSH Secure Shell SSL Secure Socket Layer TCP Transmission Control Protocol TDES Triple-Data Encryption Standard TLS Transport Layer Security Triple-DES Triple- Data Encryption Standard USB Universal Serial Bus VC Virtual Connect HP BladeSystem Onboard Administrator Firmware Page 23 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 1.0 February 23, 2016 Acronym Definition VGA Video Graphics Array XML Extensible Markup Language HP BladeSystem Onboard Administrator Firmware Page 24 of 25 © 2016 Hewlett Packard Enterprise Development LP This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13921 Park Center Road, Suite 460 Herndon, VA 20171 United States of America Phone: +1 (703) 267-6050 Email: info@corsec.com http://www.corsec.com