FIPS 1402 Security Policy Teamcenter Cryptographic Module
Unrestricted © 2016 Siemens PLM Software Inc.
Page 3 of 25
FIPS 1402 NonProprietary Security Policy
1. Introduction
The following describes the security policy for the SIEMENS PLM Software Teamcenter
Cryptographic Module (TCM).
The logical cryptographic boundary of the TCM is the TcCryptoFips library and it
is a shared library.
The TcCryptoFips library provides FIPSvalidated encryption, hashing, digital
signatures, and random number generation.
The TcCryptoFips library provides a Clanguage application program interface
(API) for use by applications that require cryptographic functionality. The library
is classified by FIPS 1402 as a software module, multichip standalone module
embodiment.
The physical cryptographic boundary is the general purpose computer on which
the TCM is installed.
The TcCryptoFips library performs no communications other than with the
calling library namely TcCrypto library, responsible of invoking the TCM services
in FIPS mode.
The software (TcCryptoFips library) version for this validation is 3.0.
The TCM requires an initialization sequence (see IG 9.5):
o
Upon load, the TcCryptoFips library runs the integrity test followed by the
self-tests.
o
When the calling application requests the module to be in FIPS mode,
the TCM invokes FIPS_mode_set()implemented in TcCryptoFips library:
Verifies the user password.
Reruns the algorithms test then returns a "1" for success and "0"
for failure. If FIPS_mode_set() fails then all cryptographic services
in the FIPS module will fail from then on. The module may still be
initialized in domestic mode later. The application can test to see
if FIPS mode has been successfully performed.
The TCM is a cryptographic engine library, which can be used only in conjunction
with additional software. Aside from the use of the NIST defined elliptic curves
as trusted third party domain parameters, all other FIPS 1863 assurances are
outside the scope of the TCM, and are the responsibility of the calling process.