Encryption Plus® Cryptographic Library Security Policy Encryption Plus Cryptographic Library Versions 1.0.1 and 1.0.2 Document Version 20060210 Seth T. Ross GuardianEdge Technologies Inc. 475 Brannan Street, Suite 400 · San Francisco, CA 94107 · USA Phone: (415) 683-2200 · Fax: (415) 683-2349 http://www.guardianedge.com · info@guardianedge.com Encryption Plus Cryptographic Library Security Policy Introduction ______________________________________________________________________ 3 1. EPCL Overview__________________________________________________________________ 3 Cryptographic Boundary _________________________________________________________ 3 Single Operator Only ____________________________________________________________ 4 Approved Algorithms ____________________________________________________________ 5 2. Roles __________________________________________________________________________ 5 3. Services ________________________________________________________________________ 5 4. Key Management ________________________________________________________________ 7 Key Generation _________________________________________________________________ 7 Key Material and Key Storage _____________________________________________________ 7 Key Zeroization _________________________________________________________________ 7 Pseudo-Random Number Generator Seeds___________________________________________ 7 List of Critical Security Parameters ________________________________________________ 8 5. Self-Tests _______________________________________________________________________ 8 Power-On Self-Tests _____________________________________________________________ 8 Known Answer Tests____________________________________________________________ 8 Software Integrity Test __________________________________________________________ 8 Conditional Self-Tests ____________________________________________________________ 8 6. Security Rules ___________________________________________________________________ 9 7. Mitigation of Specific Attacks ______________________________________________________ 9 8. Tabular Summaries _____________________________________________________________ 10 9. Acronyms _____________________________________________________________________ 13 © 2006 GuardianEdge Technologies Inc. Page 2 Encryption Plus Cryptographic Library Security Policy Introduction This is the non-proprietary security policy for the Encryption Plus® Cryptographic Library ("EPCL"), which is part of the Encryption Plus and Encryption Anywhere families of computer security products from GuardianEdge Technologies Inc. This security policy fulfills the requirements given in Federal Information Processing Standards Publication 140-2 (FIPS 140-2) Appendix C, as published by the National Institute of Standards and Technology (NIST) of the United States Department of Commerce. The EPCL is a compact and fast encryption library that provides an Application Programming Interface (API) featuring NIST-approved AES encryption, SHA-1 hashing, HMAC-SHA-1, and pseudo random number generation. This document outlines the functionality provided by the EPCL and provides high-level details on the means by which the EPCL satisfies FIPS 140-2 requirements. It describes the various services offered by the EPCL and the mechanisms provided to ensure that these services meet the FIPS 140-2 level 1 requirements. This security policy is one part of the FIPS 140-2 submission package, which contains additional vendor evidence and source code listings. The entire EPCL submission package is copyright 2006 GuardianEdge Technologies Inc. This document, however, may be freely distributed in an unmodified form. For more information about the Encryption Plus and Encryption Anywhere lines of products, please visit www.guardianedge.com For more information on NIST and the Cryptographic Module Validation Program, please visit http://www.nist.gov/cmvp/ 1. EPCL Overview The EPCL provides cryptographic services to the Encryption Plus and Encryption Anywhere families of computer security products. For the purposes of FIPS 140-2 validation, the library is provided as a 32-bit dynamically linked library (DLL) that runs on Microsoft Windows operating systems (Windows). The EPCL is supported on Windows 95/98/ME/NT 4.0/2000/XP on Intel-compatible platforms and was tested on Windows 2000 (SP 4). EPCL is a software-only module that runs on a multi-chip standalone device. The software library is contained in a single file, EPCL32.DLL. It is intended to meet the requirements of FIPS 140-2 security level 1. For the purposes of this document, the DLL version of the EPCL is referred to as the "EPCL", the "library", or the "module". The operational test platform for the purposes of FIPS 140-2 validation was a General Purpose Computer. Cryptographic Boundary The physical cryptographic boundary for the EPCL is defined as the enclosure of the computer on which the cryptographic module is installed. The logical boundary is defined as the EPCL32.DLL library. © 2006 GuardianEdge Technologies Inc. Page 3 Encryption Plus Cryptographic Library Security Policy The block diagram below shows the cryptographic boundary and the relationship between the EPCL and the client applications that attach to it. EPCL Module Memory for Operation Self-Test Test Status Module Initialization FIPS 140-2 Functions Memory Input Output Allocated for Key Data (Data to (Processed EPCL Process) Data) Contexts Client Application Physical Security As a software only product, the FIPS 140-2 physical security requirements are not applicable. Single Operator Only The EPCL only supports a single operator. Multiple concurrent operators are not supported. © 2006 GuardianEdge Technologies Inc. Page 4 Encryption Plus Cryptographic Library Security Policy Approved Algorithms The EPCL implements only FIPS-approved and FIPS-validated cryptographic algorithms. They are shown in the following table: Service Type Algorithm FIPS Key Size(s) in Modes Certificate Bits Number Symmetric Cipher AES 197 128, 192, 256 CBC, ECB 154 Message Digest SHA-1 180-1 N/A N/A 239 Message HMAC-SHA-1 198 512 N/A 239, vendor Authentication affirmed Random Number RNG 186-2, N/A N/A 45 Generation App. 3.1 The EPCL does not operate in non-FIPS-approved mode. 2. Roles EPCL implements the Cryptographic Officer (CO) and User roles. There is no maintenance role or maintenance interface. The EPCL does not provide any identification or authentication of its own. The User is an entity that can access services provided by the EPCL. The User role is implicitly selected when a process calls an API function that is allocated to the User role in the EPCL. CO is any entity that can install the EPCL onto the computer system, configure the operating system, or access CO services provided by the EPCL. When an entity calls a CO function, it assumes the Cryptographic Officer role. The Cryptographic Officer's role is implicitly selected when installing the EPCL, configuring the operating system, or calling a CO function. Installation is accomplished by running an installation program. The Cryptographic Officer must have permission to write the DLL constituting the EPCL into the Windows system directory; typically, this requires administrator access to the operating system. 3. Services EPCL's services consist entirely of an Application Programming Interface (API), which is a collection of functions that can be called from an operating system process. All services provided by the EPCL are described in this section. The module API provides the logical interfaces for data input, data output, control input, and status output. All functions exported from the EPCL have names starting with the string "Epcl". The functions are implemented using a C language interface, in order to make them available to the greatest number of programming languages. © 2006 GuardianEdge Technologies Inc. Page 5 Encryption Plus Cryptographic Library Security Policy Summary of Cryptographic Functions Function Purpose EpclAesSetup Sets up the use of the AES cipher with the given key and other properties EpclRelease Can release any sort of context that the library can produce. This corresponds to the FIPS 140-2 required "Zeroization" service. EpclEcbSetup Sets up the use of the ECB mode for AES EpclCbcSetup Sets up the use of the CBC mode with for AES EpclEncrypt Encrypts data using specified cipher and mode EpclDecrypt Decrypts data using specified cipher and mode EpclAesInit Brings into a client the data for the AES cipher EpclAesEcbInit Brings into a client the data for AES symmetric encryption in ECB cipher mode EpclAesCbcInit Brings into a client the data for AES symmetric encryption in CBC cipher mode EpclSha1Init Brings into a client the data for the SHA-1 hash EpclSha1Setup Sets up a SHA-1 context EpclHashAdd Passes the message or part of the message for hash (SHA-1) processing EpclHashOut Finalizes hash processing and produces an output message hash EpclSha1HmacInit Brings into a client the code and data for working with HMAC and for testing HMAC with SHA-1 EpclHmacSetup Sets up an HMAC context EpclHmacAdd Passes the message or part of the message for HMAC processing EpclHmacOut Finalizes HMAC processing and produces an output message authentication code EpclRngSetup Sets up an RNG context EpclRngOut Gets a random pattern EpclRngInit Brings into a client the data for the random number generator © 2006 GuardianEdge Technologies Inc. Page 6 Encryption Plus Cryptographic Library Security Policy Function Purpose EpclGetState Returns an indicator of the library's overall state. This corresponds to the FIPS 140-2 required "Show Status" service. EpclGetVersion Returns the EPCL interface version EpclTest Tests all library features that have been initialized EpclInit Initializes all library features Note that the FIPS 140-2 required self-test on demand service can be performed by reloading the library into memory. 4. Key Management EPCL performs limited key management. Because the EPCL is a DLL, each process requesting access is provided its own instance of the EPCL. The EPCL contains only keys or data placed into the EPCL via the services described in this document. No keys or data are persistently maintained by the EPCL, or maintained after a process detaches from the EPCL. Key Generation The EPCL does not provide key generation services. Keys are generated outside the module. All keys must be entered by the operator; keys are electronically entered, but manually established. Key Material and Key Storage The EPCL does not provide any persistent storage of key material. Keys are entered by the operator only via API calls. Key material is stored in the context, which is maintained in a user-supplied data structure passed in each API call. No key material is maintained inside the EPCL between API calls. The only key material used by the EPCL outside of the user-supplied context is that which is stored temporarily in local variables on the stack. The EPCL relies upon the operating system memory protection to prevent processes from accessing each other's key material. To ensure that other processes cannot access keys and data, the caller must not utilize shared memory. In addition, the operating system page file must not be configured to reside on a network drive. Key Zeroization The user must call EpclRelease and power cycle the module when finished, in order to zero a context. Pseudo-Random Number Generator Seeds As noted above, key generation occurs outside of the module. A calling application can request the EPCL's pseudo-random number generator (RNG) whenever it requires random data. If the RNG is used by a calling application in order to perform key generation or other cryptographic operations outside the module, it is important that the generator be seeded with unpredictable values. © 2006 GuardianEdge Technologies Inc. Page 7 Encryption Plus Cryptographic Library Security Policy List of Critical Security Parameters · XKEY -- value input into the module to key the FIPS 186-2 DRNG · XSEED -- value input into the module to see the FIPS 186-2 DRNG · HMAC SHA-1 keys -- key size is 512 bits (64 bytes) · AES keys 5. Self-Tests As required by FIPS 140-2, EPCL automatically performs power-on self-tests continuous self-tests during operation. Power-On Self-Tests For this EPCL, "power-on" is when a process attempts to attach to the EPCL. At this time, EPCL performs the following types of tests. Known Answer Tests EPCL performs known answer tests for AES, SHA-1, HMAC-SHA-1, and FIPS 186-2 random number generation. If the computed result differs from the expected result that is hard-coded into the EPCL, the test fails. The RNG known answer test is performed by entering a fixed seed into the RNG and comparing the resulting pseudo-random number to a known answer. Software Integrity Test EPCL computes a 160-bit HMAC-SHA-1 hash of the DLL and compares it to an embedded hash that was placed into the end of the DLL when the EPCL was produced. If the computed hash differs from the hash that is hard-coded into the EPCL, the test fails. If any of these tests fails, EPCL returns to the error state, and refuses to allow the process to attach to the DLL. Thus, the cryptographic services are not available. Conditional Self-Tests During operation, EPCL performs one type of continuous test. Whenever a block of pseudo-random patterns is generated as a result of a call to EpclRngOut, the block is compared to the previous block. If the two match, the EpclRngOut returns an error. © 2006 GuardianEdge Technologies Inc. Page 8 Encryption Plus Cryptographic Library Security Policy 6. Security Rules 1. The EPCL shall only provide NIST-approved cryptographic algorithms. 2. The EPCL shall support two roles: the Cryptographic Officer and the User role. 3. The EPCL shall not require human intervention to perform power-on self tests. 4. The EPCL shall not support a bypass capability. 5. The EPCL shall not support manual key entry. 6. The EPCL shall not support a maintenance role or maintenance interface. 7. The EPCL shall inhibit all data output during self-tests, zeroization, and error states. 7. Mitigation of Specific Attacks EPCL is not designed to mitigate specific attacks outside the scope of FIPS 140-2 requirements. © 2006 GuardianEdge Technologies Inc. Page 9 Encryption Plus Cryptographic Library Security Policy 8. Tabular Summaries Table 1 - EPCL Security Level Specification The cryptographic module meets the overall requirements applicable to Level 1 security of FIPS 140- 2. Security Requirements Section Level Cryptographic Module Specification 1 Module Ports and Interfaces 1 Roles, Services and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-Tests 1 Design Assurance 1 Mitigation of Other Attacks N/A Table 2 - Roles and Required Identification and Authentication Role Type of Authentication Authentication Data User None N/A Crypto Officer None N/A © 2006 GuardianEdge Technologies Inc. Page 10 Encryption Plus Cryptographic Library Security Policy Table 3 - Strengths of Authentication Mechanisms Authentication Mechanism Strength of Mechanism User None Crypto Officer None Table 4 - Services Authorized for Roles Role Authorized Services User EpclEncrypt EpclDecrypt EpclGetState Crypto Officer EpclAesSetup EpclRelease EpclEcbSetup EpclCbcSetup EpclAesInit EpclAesEcbInit EpclAesCbcInit EpclSha1Init EpclSha1Setup EpclHashAdd EpclHashOut EpclSha1HmacInit EpclHmacSetup EpclHmacAdd EpclHmacOut EpclRngSetup EpclRngOut EpclRngInit EpclGetVersion EpclTest EpclInit © 2006 GuardianEdge Technologies Inc. Page 11 Encryption Plus Cryptographic Library Security Policy Table 5 - Access Rights within Services Service CSP Type of access EpclAesSetup AES keys Write EpclRelease AES keys, HMAC keys, Write to zeroize XKEY or None EpclEcbSetup AES keys Read EpclCbcSetup AES keys Read EpclEncrypt AES keys Execute EpclDecrypt AES keys Execute EpclAesInit None N/A EpclAesEcbInit None N/A EpclAesCbcInit None N/A EpclSha1Init None N/A EpclSha1Setup None N/A EpclHashAdd None N/A EpclHashOut None N/A EpclSha1HmacInit None N/A EpclHmacSetup HMAC keys Write EpclHmacAdd HMAC keys Execute EpclHmacOut HMAC keys Execute EpclRngSetup XKEY Write EpclRngOut XSEED Write and Execute EpclRngInit None N/A EpclGetState None N/A EpclGetVersion None N/A EpclTest None N/A © 2006 GuardianEdge Technologies Inc. Page 12 Encryption Plus Cryptographic Library Security Policy Service CSP Type of access EpclInit None N/A 9. Acronyms API ­ Application Programming Interface CO ­ Cryptographic Officer DLL ­ Dynamically Linked Library EPCL ­ Encryption Plus® Cryptographic Library RNG ­ Random Number Generator © 2006 GuardianEdge Technologies Inc. Page 13