fips 140-2 non-proprietary security policy java crypto module - … · 2018-09-27 · table 3 –...
TRANSCRIPT
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page1of20
FIPS140-2Non-ProprietarySecurityPolicy
JavaCryptoModule
SoftwareVersion1.0
DocumentVersion1.0
December11,2015
PreparedFor:
PreparedBy:
SkyhighNetworks900E.HamiltonAve.Suite400Campbell,CA95008www.skyhighnetworks.com
SafeLogicInc.469HamiltonAvenueSuite306PaloAlto,CA94301www.safelogic.com
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page2of20
Abstract
Thisdocumentprovidesanon-proprietaryFIPS140-2SecurityPolicyforJavaCryptoModule.
TableofContents1 Introduction...................................................................................................................................................4
1.1 AboutFIPS140................................................................................................................................................41.2 AboutthisDocument......................................................................................................................................41.3 ExternalResources..........................................................................................................................................41.4 Notices............................................................................................................................................................41.5 Acronyms........................................................................................................................................................4
2 JavaCryptoModule.......................................................................................................................................62.1 CryptographicModuleSpecification...............................................................................................................6
2.1.1 ValidationLevelDetail.............................................................................................................................62.1.2 ApprovedCryptographicAlgorithms.......................................................................................................72.1.3 Non-ApprovedbutAllowedCryptographicAlgorithms..........................................................................82.1.4 Non-ApprovedCryptographicAlgorithms...............................................................................................8
2.2 ModuleInterfaces.........................................................................................................................................112.3 Roles,Services,andAuthentication..............................................................................................................12
2.3.1 OperatorServicesandDescriptions......................................................................................................122.3.2 OperatorAuthentication.......................................................................................................................14
2.4 PhysicalSecurity...........................................................................................................................................142.5 OperationalEnvironment.............................................................................................................................142.6 CryptographicKeyManagement..................................................................................................................15
2.6.1 RandomNumberGeneration................................................................................................................172.6.2 Key/CSPStorage....................................................................................................................................172.6.3 Key/CSPZeroization..............................................................................................................................17
2.7 Self-Tests.......................................................................................................................................................172.7.1 Power-OnSelf-Tests..............................................................................................................................172.7.2 ConditionalSelf-Tests............................................................................................................................18
2.8 MitigationofOtherAttacks..........................................................................................................................18
3 GuidanceandSecureOperation...................................................................................................................193.1 CryptoOfficerGuidance................................................................................................................................19
3.1.1 SoftwareInstallation.............................................................................................................................193.1.2 AdditionalRulesofOperation...............................................................................................................19
3.2 UserGuidance...............................................................................................................................................193.2.1 GeneralGuidance..................................................................................................................................193.2.2 FIPS-ApprovedModeofOperation.......................................................................................................20
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page3of20
ListofTables
Table1–AcronymsandTerms.....................................................................................................................................5Table2–ValidationLevelbyFIPS140-2Section..........................................................................................................6Table3–FIPS-ApprovedAlgorithmCertificates...........................................................................................................8Table4-NonApprovedAlgorithms...........................................................................................................................10Table5–LogicalInterface/PhysicalInterfaceMapping...........................................................................................12Table6–ModuleServices,Roles,andDescriptions...................................................................................................13Table7–ModuleKeys/CSPs.......................................................................................................................................16Table8–Power-OnSelf-Tests....................................................................................................................................18Table9–ConditionalSelf-Tests..................................................................................................................................18
ListofFigures
Figure1–ModuleBoundaryandInterfacesDiagram................................................................................................11
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page4of20
1 Introduction
1.1 AboutFIPS140
FederalInformationProcessingStandardsPublication140-2—SecurityRequirementsforCryptographicModulesspecifiesrequirementsforcryptographicmodulestobedeployedinaSensitivebutUnclassifiedenvironment.TheNationalInstituteofStandardsandTechnology(NIST)andCommunicationsSecurityEstablishment(CSE)CryptographicModuleValidationProgram(CMVP)runtheFIPS140program.TheNVLAPaccreditsindependenttestinglabstoperformFIPS140-2testing;theCMVPvalidatesmodulesmeetingFIPS140-2validation.ValidatedisthetermgiventoamodulethatisdocumentedandtestedagainsttheFIPS140-2criteria.
MoreinformationisavailableontheCMVPwebsiteathttp://csrc.nist.gov/groups/STM/cmvp/index.html.
1.2 AboutthisDocument
Thisnon-proprietaryCryptographicModuleSecurityPolicyfortheJavaCryptoModulefromSkyhighNetworksprovidesanoverviewoftheproductandahigh-leveldescriptionofhowitmeetsthesecurityrequirementsofFIPS140-2.Thisdocumentcontainsdetailsonthemodule’scryptographickeysandcriticalsecurityparameters.ThisSecurityPolicyconcludeswithinstructionsandguidanceonrunningthemoduleinaFIPS140-2modeofoperation.
JavaCryptoModulemayalsobereferredtoasthe“module”inthisdocument.
1.3 ExternalResources
TheSkyhighNetworkswebsite(http://www.skyhighnetworks.com)containsinformationonSkyhighNetworksservicesandproducts.TheCryptographicModuleValidationProgramwebsitecontainslinkstotheFIPS140-2certificateandSkyhighNetworkscontactinformation.
1.4 Notices
Thisdocumentmaybefreelyreproducedanddistributedinitsentiretywithoutmodification.
1.5 Acronyms
Thefollowingtabledefinesacronymsfoundinthisdocument:
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page5of20
Table1–AcronymsandTerms
Acronym TermAES AdvancedEncryptionStandardANSI AmericanNationalStandardsInstituteAPI ApplicationProgrammingInterfaceCMVP CryptographicModuleValidationProgramCO CryptoOfficerCSE CommunicationsSecurityEstablishmentCSP CriticalSecurityParameterDES DataEncryptionStandardDH Diffie-HellmanDSA DigitalSignatureAlgorithmEC EllipticCurveEMC ElectromagneticCompatibilityEMI ElectromagneticInterferenceFCC FederalCommunicationsCommissionFIPS FederalInformationProcessingStandardGPC GeneralPurposeComputerGUI GraphicalUserInterfaceHMAC (Keyed-)HashMessageAuthenticationCodeKAT KnownAnswerTestMAC MessageAuthenticationCodeNIST NationalInstituteofStandardsandTechnologyOS OperatingSystemPKCS Public-KeyCryptographyStandardsPRNG PseudoRandomNumberGeneratorPSS ProbabilisticSignatureSchemeRNG RandomNumberGeneratorRSA Rivest,Shamir,andAdlemanSHA SecureHashAlgorithmSSL SecureSocketsLayerTriple-DES TripleDataEncryptionAlgorithmTLS TransportLayerSecurityUSB UniversalSerialBus
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page6of20
2 JavaCryptoModule
2.1 CryptographicModuleSpecification
TheJavaCryptoModuleprovidescryptographicfunctionsforSkyhighNetworkscloudvisibilityandenablementproducts.
Themodule'slogicalcryptographicboundaryisthesharedlibraryfilesandtheirintegritycheckHMACfiles.Themoduleisamulti-chipstandaloneembodimentinstalledonaGeneralPurposeDevice.Themoduleisasoftwaremoduleandreliesonthephysicalcharacteristicsofthehostplatform.Themodule’sphysicalcryptographicboundaryisdefinedbytheenclosurearoundthehostplatform.
Alloperationsofthemoduleoccurviacallsfromhostapplicationsandtheirrespectiveinternaldaemons/processes.
2.1.1 ValidationLevelDetail
ThefollowingtableliststhelevelofvalidationforeachareainFIPS140-2:
FIPS140-2SectionTitle ValidationLevelCryptographicModuleSpecification 1CryptographicModulePortsandInterfaces 1Roles,Services,andAuthentication 1FiniteStateModel 1PhysicalSecurity N/AOperationalEnvironment 1CryptographicKeyManagement 1ElectromagneticInterference/ElectromagneticCompatibility 1Self-Tests 1DesignAssurance 1MitigationofOtherAttacks N/ATable2–ValidationLevelbyFIPS140-2Section
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page7of20
2.1.2 ApprovedCryptographicAlgorithms
Themodule’scryptographicalgorithmimplementationshavereceivedthefollowingcertificatenumbersfromtheCryptographicAlgorithmValidationProgram:
Algorithm CAVPCertificateAES(128-,192-,256-bitkeysinECB,CBC,CFB128andOFBmodes) 3192DSA(FIPS186-4)
• Signatureverificationo L=1024,N=160,SHA-1throughSHA-512o L=2048,N=224,256,SHA-1throughSHA-512o L=3072,N=256,SHA-1throughSHA-512
• PQGgeneration(ProbablePrimesPandQ,UnverifiableandCanonicalGenerationG)
o L=2048,N=224,SHA-224throughSHA-512o L=2048,N=256,SHA-256throughSHA-512o L=3072,N=256,SHA-256throughSHA-512
• KeyPairGenerationo L=2048,N=224o L=2048,N=256o L=3072,N=256
• SignatureGenerationo L=2048,N=224,SHA-224throughSHA-512o L=2048,N=256,SHA-256throughSHA-512o L=3072,N=256,SHA-256throughSHA-512
914
ECDSA(FIPS186-4)• SignatureVerification(SHA-1throughSHA-512)
o P–curves192,224,256,384,and521o K–curves163,233,283,409,and571o B–curves163,233,283,409,and571
• SignatureGeneration(SHA-224throughSHA-512)o P–curves224,256,384,and521o K–curves233,283,409,and571o B–curves233,283,409,and571
583
RSA(FIPS186-4)• KeyPairGeneration(X9.31)
o AppendixB.3.3o Mod2048,3072o TableC.3ProbabilisticPrimalityTests(2^-100)
• SignatureGeneration(PKCSv1.5,PSS)o Mod2048,SHA-224throughSHA-512o Mod3072,SHA-224throughSHA-512
1622
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page8of20
Algorithm CAVPCertificate• SignatureVerification(PKCSv1.5,PSS)
o Mod1024,SHA-1throughSHA-512o Mod2048,SHA-1throughSHA-512o Mod3072,SHA-1throughSHA-512
HMACusingSHA-1,SHA-224,SHA-256,SHA-384,SHA-512 2011SHA-1,SHA-224,SHA-256,SHA-384,SHA-512 2637SP800-90AbasedHMAC-DRBG,noreseed 668Triple-DES(two-andthree-keywithECB,CBC,CFB8andOFBmodes)1 1818Table3–FIPS-ApprovedAlgorithmCertificates
2.1.3 Non-ApprovedbutAllowedCryptographicAlgorithms
Themodulesupportsthefollowingnon-FIPS140-2approvedbutallowedalgorithms:
• Diffie-Hellman(keyagreement;keyestablishmentmethodologyprovidesbetween112and219bitsofencryptionstrength)
• ECDiffie-Hellman(keyagreement;keyestablishmentmethodologyprovidesbetween112and256bitsofencryptionstrength)
2.1.4 Non-ApprovedCryptographicAlgorithms
Themodulesupportsthefollowingnon-approvedalgorithmsandmodes:
Algorithm ModesorCipherTypeDSA2 PQGGen,KeyGenandSigGen;non-compliantlessthan112bits
ofencryptionstrength)includingFIPS186-2signaturegenerationandkeygeneration
ECDSA2 KeyGenandSigGen;non-compliantlessthan112bitsofencryptionstrength)includingFIPS186-2signaturegenerationandkeygeneration
RSA2 KeyGenandSigGen;non-compliantlessthan112bitsofencryptionstrength
Diffie-Hellman keyagreement;keyestablishmentmethodologyprovidingbetween80and112bitsofencryptionstrength
ECDiffie-Hellman keyagreement;keyestablishmentmethodologyprovidesbetween80and112bitsofencryptionstrength
AES2 GCM,CFB8,CTR,CMAC,CCM
1Theuseoftwo-keyTripleDESforencryptionisrestricted:thetotalnumberofblocksofdataencryptedwiththesamecryptographickeyshallnotbegreaterthan2^202Non-compliant
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page9of20
Algorithm ModesorCipherTypeANSIX9.31AppendixA.2.4PRNG2 (AES-128)Blowfish SymmetricBlockCipher3Camellia SymmetricBlockCipher3CAST5 SymmetricBlockCipher3CAST6 SymmetricBlockCipher3ChaCha SymmetricStreamCipher4DES SymmetricBlockCipher3TDESKeyWrapping2 SymmetricBlockCipher3ElGamal AsymmetricBlockCipher5GOST28147 SymmetricBlockCipher3GOST3411 DigestGrain128 SymmetricStreamCipher4Grainv1 SymmetricStreamCipher4HC128 SymmetricStreamCipher4HC256 SymmetricStreamCipher4IDEA SymmetricBlockCipher3IES KeyAgreementandStreamCipherbasedonIEEEP1363a
(draft10)ISAAC SymmetricStreamCipher4MD2 DigestMD4 DigestMD5 DigestNaccacheStern AsymmetricBlockCipher5Noekeon SymmetricBlockCipher3Password-Based-Encryption(PBE) • PKCS5S1,anyDigest,anysymmetricCipher,ASCII
• PKCS5S2,SHA1/HMac,anysymmetricCipher,ASCII,UTF8• PKCS12,anyDigest,anysymmetricCipher,Unicode
RC2 SymmetricBlockCipher3RC2KeyWrapping SymmetricStreamCipher4RC4 SymmetricStreamCipher4RC532 SymmetricBlockCipher3RC564 SymmetricBlockCipher3RC6 SymmetricBlockCipher3RFC3211Wrapping SymmetricBlockCipher3
3SymmetricBlockCipherscanbeusedwiththefollowingmodesandpadding:ECB,CBC,CFB,CCM,CTS,GCM,GCF,EAX,OCB,OFB,CTR,OpenPGPCFB,GOSTOFB,AEAD-CCM,AEAD-EAX,AEAD-GCM,AEAD-OCB,PKCS7Padding,ISO10126d2Padding,ISO7816d4Padding,X932Padding,ISO7816d4Padding,ZeroBytePadding,TBCPadding4SymmetricStreamCipherscanonlybeusedwithECBmode.5AsymmetricBlockCipherscanbeusedwithECBmodeandthefollowingencodings:OAEP,PKCS1,ISO9796d1
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page10of20
Algorithm ModesorCipherTypeRFC3394Wrapping SymmetricBlockCipher3Rijndael SymmetricBlockCipher3RipeMD128 DigestRipeMD160 DigestRipeMD256 DigestRipeMD320 DigestRSAEncryption AsymmetricBlockCipher5Salsa20 SymmetricStreamCipher4SEED SymmetricBlockCipher3SEEDWrapping SymmetricBlockCipher3Serpent SymmetricBlockCipher3Shacal2 SymmetricBlockCipher3SHA-32 DigestSHA-512/t2 DigestSkein-256-* DigestSkein-512-* DigestSkein-1024-* DigestSkipjack2 SymmetricBlockCipher3SP800-90ADRBG2 CTR,HashTEA SymmetricBlockCipher3TDES2 CFB64Threefish SymmetricBlockCipher3Tiger DigestTLSv1.0KDF2 KeyDerivationFunctionTwofish SymmetricBlockCipher3VMPC SymmetricStreamCipher4Whirlpool DigestXSalsa20 SymmetricStreamCipher4XTEAEngine SymmetricBlockCipher3Table4-NonApprovedAlgorithms
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page11of20
2.2 ModuleInterfaces
Thefigurebelowshowsthemodule’sphysicalandlogicalblockdiagram:
Figure1–ModuleBoundaryandInterfacesDiagram
Theinterfaces(ports)forthephysicalboundaryincludethecomputerkeyboardport,mouseport,networkport,USBports,displayandpowerplug.Whenoperational,themoduledoesnottransmitanyinformationacrossthesephysicalportsbecauseitisasoftwarecryptographicmodule.Therefore,themodule’sinterfacesarepurelylogicalandareprovidedthroughtheApplicationProgrammingInterface(API)thatacallingdaemoncanoperate.Thelogicalinterfacesexposeservicesthatapplicationsdirectlycall,andtheAPIprovidesfunctionsthatmaybecalledbyareferencingapplication(seeSection2.3–Roles,Services,andAuthenticationforthelistofavailablefunctions).ThemoduledistinguishesbetweenlogicalinterfacesbylogicallyseparatingtheinformationaccordingtothedefinedAPI.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page12of20
TheAPIprovidedbythemoduleismappedontotheFIPS140-2logicalinterfaces:datainput,dataoutput,controlinput,andstatusoutput.EachoftheFIPS140-2logicalinterfacesrelatestothemodule’scallableinterface,asfollows:
FIPS140-2Interface LogicalInterface ModulePhysicalInterfaceDataInput InputparametersofAPIfunction
callsNetworkInterface
DataOutput OutputparametersofAPIfunctioncalls
NetworkInterface
ControlInput APIfunctioncalls KeyboardInterface,MouseInterface
StatusOutput FunctioncallsreturningstatusinformationandreturncodesprovidedbyAPIfunctioncalls.
DisplayController
Power None PowerSupplyTable5–LogicalInterface/PhysicalInterfaceMapping
AsshowninFigure1–ModuleBoundaryandInterfacesDiagramandTable6–ModuleServices,Roles,andDescriptions,theoutputdatapathisprovidedbythedatainterfacesandislogicallydisconnectedfromprocessesperformingkeygenerationorzeroization.Nokeyinformationwillbeoutputthroughthedataoutputinterfacewhenthemodulezeroizeskeys.
2.3 Roles,Services,andAuthentication
ThemodulesupportsaCryptoOfficerandaUserrole.ThemoduledoesnotsupportaMaintenancerole.TheUserandCrypto-OfficerrolesareimplicitlyassumedbytheentityaccessingservicesimplementedbytheModule.
2.3.1 OperatorServicesandDescriptions
Themodulesupportsservicesthatareavailabletousersinthevariousroles.Alloftheservicesaredescribedindetailinthemodule’suserdocumentation.ThefollowingtableshowstheservicesavailabletothevariousrolesandtheaccesstocryptographickeysandCSPsresultingfromservices:
Service Roles CSP/Algorithm PermissionInitializemodule CO None NoneShowstatus CO None NoneRunself-testsondemand CO None
None
Zeroizekey CO AESkeyDHcomponentsDRBGEntropyDRBGSeedDSAprivate/publickey
Write
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page13of20
Service Roles CSP/Algorithm PermissionECDHcomponentsECDSAprivate/publickeyHMACkeyRSAprivate/publickeyTriple-DESkey
Generateasymmetrickeypair User RSAprivate/publickeyDSAprivate/publickey
Write
Generatekeyedhash(HMAC) User HMACkey Read/Execute
Generatemessagedigest(SHS6) User None None
Generaterandomnumberandloadentropy(DRBG)
User DRBGSeedDRBGEntropy
Read/Execute
Keyagreement User DHcomponentsECDHcomponents
Write
SignatureGeneration User RSAprivatekeyDSAprivatekeyECDSAprivate/public
Read/Execute
SignatureVerification User RSApublickeyDSApublickeyECDSAprivate/public
Read/Execute
Symmetricdecryption User AESkeyTriple-DESkey
Read/Execute
Symmetricencryption User AESkeyTriple-DESkey
Read/Execute
Table6–ModuleServices,Roles,andDescriptions
WheninNon-FIPSapprovedmodeofoperation,themoduleallowsaccesstoeachoftheserviceslistedabove,withexceptionofFIPSself-tests.Wheninnon-FIPS-approvedmodeofoperationthemodulealsoprovidesaservice(APIfunctioncall)foreachnon-approvedalgorithmlistedinSection2.1.4.ThesefunctioncallsareassignedtotheUser,andhaveRead/Write/Executepermissiontothemodule'smemorywhileinoperation.
6SHA–SecureHashStandard
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page14of20
2.3.2 OperatorAuthentication
AsrequiredbyFIPS140-2,therearetworoles(aCryptoOfficerroleandUserrole)inthemodulethatoperatorsmayassume.AsallowedbyLevel1,themoduledoesnotsupportauthenticationtoaccessservices.Assuch,therearenoapplicableauthenticationpolicies.AccesscontrolpoliciesareimplicitlydefinedbytheservicesavailabletotherolesasspecifiedinTable6–ModuleServices,Roles,andDescriptions.
2.4 PhysicalSecurity
Thissectionofrequirementsdoesnotapplytothismodule.Themoduleisasoftware-onlymoduleanddoesnotimplementanyphysicalsecuritymechanisms.
2.5 OperationalEnvironment
Themoduleoperatesonageneralpurposecomputer(GPC)runningageneralpurposeoperatingsystem(GPOS).ForFIPSpurposes,themoduleisrunningonthisoperatingsysteminsingleusermodeanddoesnotrequireanyadditionalconfigurationtomeettheFIPSrequirements.
Themodulewastestedonthefollowingplatforms:
• OEMPowerEdgeR420running64-bitWindowsServer2012withJavaRuntimeEnvironment(JRE)v1.7.0_17.
Themoduleisalsosupportedonthefollowingplatformforwhichoperationaltestingwasnotperformed:
• OEMPowerEdgeR420runningCentOS6.7andCentOS7
Complianceismaintainedforotherenvironmentwherethemoduleisunchanged.Noclaimcanbemadeastothecorrectoperationofthemoduleorthesecuritystrengthsofthegeneratedkeyswhenportedtoanoperationalenvironmentwhichisnotlistedonthevalidationcertificate.
TheGPC(s)usedduringtestingmetFederalCommunicationsCommission(FCC)FCCElectromagneticInterference(EMI)andElectromagneticCompatibility(EMC)requirementsforbusinessuseasdefinedby47CodeofFederalRegulations,Part15,SubpartB.FIPS140-2validationcomplianceismaintainedwhenthemoduleisoperatedonotherversionsoftheGPOSrunninginsingleusermode,assumingthattherequirementsoutlinedinNISTIGG.5aremet.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page15of20
2.6 CryptographicKeyManagement
ThetablebelowprovidesacompletelistofCriticalSecurityParametersusedwithinthemodule:
KeysandCSPs StorageLocations
StorageMethod InputMethod Output
Method Zeroization
AESkeyAES128,192,256bitkeyforencryption,decryption
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
Triple-DESkeyTriple-DES112,168bitkeyforencryption,decryption
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
HMACkeyHMACkeyformessageAuthenticationwithSHS
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
RSAprivatekeyRSA2048,3072bitkeyforsignatureandkeygeneration
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
RSApublickeyRSA1024,2048,3072bitkeyforsignatureverificationandkeygeneration
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
DSAprivatekeyDSA2048,3072-bitforsignaturegeneration
RAM Plaintext Inputelectronicallyinplaintext
Never powercycle
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
DSApublickeyDSA1024,2048,3072-bitkeyforsignatureverification
ModuleBinary
Plaintext Inputelectronicallyinplaintext
Never powercycle
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
ECDSAprivatekeyAllNISTdefinedB,K,
RAM Plaintext Inputelectronicallyinplaintext
Neverexitsthemodule
powercycle
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page16of20
KeysandCSPs StorageLocations
StorageMethod InputMethod Output
Method Zeroization
andPCurvesforsignaturegeneration
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
ECDSApublickeyAllNISTdefinedB,K,andPCurvesforsignatureverification
RAM Plaintext Inputelectronicallyinplaintext
Neverexitsthemodule
powercycle
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
DHpubliccomponentsPubliccomponentsofDHprotocol
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
DHprivatecomponentPrivateexponentofDHprotocol
RAM Plaintext Internallygenerated
Never powercycle
ECDHpubliccomponentsPubliccomponentsofECDHprotocol
RAM Plaintext Internallygenerated
Outputelectronicallyinplaintext
powercycle
ECDHprivatecomponentPrivateexponentofECDHprotocol
RAM Plaintext Internallygenerated
Neverexitsthemodule
powercycle
DRBGseedRandomdata440-bitor880-bittogeneraterandomnumberusingtheDRBG
RAM Plaintext InternallygeneratedusingnoncealongwithDRBGentropyinputstring
Neverexitsthemodule
powercycle
DRBGEntropyInputString512-bitvaluetogenerateseedanddeterminerandomnumberusingtheDRBG
RAM Plaintext Externallygenerated;Inputelectronicallyinplaintext
Neverexitsthemodule
powercycle
R=ReadW=WriteD=Delete
Table7–ModuleKeys/CSPs
Theapplicationthatusesthemoduleisresponsibleforappropriatedestructionandzeroizationofthekeymaterial.Themoduleprovidesfunctionsforkeyallocationanddestructionwhichoverwritethememorythatisoccupiedbythekeyinformationwithzerosbeforeitisdeallocated.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page17of20
2.6.1 RandomNumberGeneration
ThemoduleusesSP800-90ADRBGforcreationofasymmetricandsymmetrickeys.
Themoduleacceptsinputfromentropysourcesexternaltothecryptographicboundaryforuseasseedmaterialforthemodule’sApprovedDRBG.Therefore,themodulegeneratescryptographickeyswhosestrengthsaremodifiedbyavailableentropy,andnoassuranceisprovidedforthestrengthofthegeneratedkeys.
ThemoduleperformscontinualtestsontheoutputoftheapprovedRNGtoensurethatconsecutiverandomnumbersdonotrepeat.
2.6.2 Key/CSPStorage
PublicandprivatekeysareprovidedtothemodulebythecallingprocessandaredestroyedwhenreleasedbytheappropriateAPIfunctioncallsorduringpowercycle.Themoduledoesnotperformpersistentstorageofkeys.
2.6.3 Key/CSPZeroization
TheapplicationisresponsibleforcallingtheappropriatedestructionfunctionsfromtheAPI.Thedestructionfunctionsthenoverwritethememoryoccupiedbykeyswithzerosanddeallocatesthememory.Thisoccursduringprocesstermination/powercycle.Keysareimmediatelyzeroizedupondeallocation,whichsufficientlyprotectstheCSPsfromcompromise.
2.7 Self-Tests
FIPS140-2requiresthatthemoduleperformselfteststoensuretheintegrityofthemoduleandthecorrectnessofthecryptographicfunctionalityatstartup.Inadditionsomefunctionsrequirecontinuousverificationoffunction,suchastherandomnumbergenerator.Allofthesetestsarelistedanddescribedinthissection.
Ifanyself-testfails,themodulewillenteracriticalerrorstate,duringwhichcryptographicfunctionalityandalldataoutputisinhibited.Tocleartheerrorstate,theCOmustrebootthehostsystem,reloadthemodule,orrestartthecallingapplication.Nooperatorinterventionisrequiredtoruntheself-tests.
Thefollowingsectionsdiscussthemodule’sself-testsinmoredetail.
2.7.1 Power-OnSelf-Tests
Power-onself-testsareexecutedautomaticallywhenthemoduleisloadedintomemory.ThemoduleverifiestheintegrityoftheruntimeexecutableusingaHMAC-SHA-512digestcomputedatbuildtime.Ifthefingerprintsmatch,thepower-upself-testsarethenperformed.Ifthepower-upself-testsaresuccessful,themoduleisinFIPSmode.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page18of20
TYPE DETAILSoftwareIntegrityCheck • HMAC-SHA512onallmodulecomponentsKnownAnswerTests • AESencryptanddecryptKATs
• Triple-DESencryptanddecryptKATs• HMACSHA1KAT• HMACSHA-256KAT• HMACSHA-512KAT• RSAsignandverifyKATs• SP800-90ADRBGKAT(HMAC)
Pair-wiseConsistencyTests • DSA• ECDSA• Diffie-Hellman• ECDiffie-Hellman
Table8–Power-OnSelf-Tests
Input,output,andcryptographicfunctionscannotbeperformedwhiletheModuleisinaself-testorerrorstatebecausethemoduleissingle-threadedandwillnotreturntothecallingapplicationuntilthepower-upselftestsarecomplete.Ifthepower-upselftestsfail,subsequentcallstothemodulewillalsofail-thusnofurthercryptographicoperationsarepossible.
2.7.2 ConditionalSelf-Tests
Themoduleimplementsthefollowingconditionalself-testsuponkeygeneration,orrandomnumbergeneration(respectively):
TYPE DETAILPair-wiseConsistencyTests • DSA
• ECDSA• Diffie-Hellman• ECDiffie-Hellman
ContinuousRNGTests • SP800-90ADRBG(HMAC)Table9–ConditionalSelf-Tests
2.8 MitigationofOtherAttacks
TheModuledoesnotcontainadditionalsecuritymechanismsbeyondtherequirementsforFIPS140-2Level1cryptographicmodules.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page19of20
3 GuidanceandSecureOperation
3.1 CryptoOfficerGuidance
3.1.1 SoftwareInstallation
Themoduleisprovideddirectlytosolutiondevelopersandisnotavailablefordirectdownloadtothegeneralpublic.ThemoduleanditshostapplicationistobeinstalledonanoperatingsystemspecifiedinSection2.5oronewhereportabilityismaintained.
InordertoremaininFIPS-approvedmode,thefollowingstepsmustbetakenduringtheinstallationprocess:
1. TheJavaCryptographyExtension(JCE)UnlimitedStrengthJurisdictionPolicyFiles7mustbeinstalledintheJRE.Instructionsforinstallationarefoundinthedownloadfilelocatedhere:http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
2. ThemodulemustbeconfiguredastheJRE'sdefaultSecurityProviderbymodifyingthejre/lib/security/java.securityfileandaddingthefollowinglinetothelistofproviders:
security.provider.1=com.safelogic.cryptocomply.jce.provider. Provider
3.1.2 AdditionalRulesofOperation
1. Thewritablememoryareasofthemodule(dataandstacksegments)areaccessibleonlybytheapplicationsothattheoperatingsystemisin"singleuser"mode,i.e.onlytheapplicationhasaccesstothatinstanceofthemodule.
2. Theoperatingsystemisresponsibleformultitaskingoperationssothatotherprocessescannotaccesstheaddressspaceoftheprocesscontainingthemodule.
3.2 UserGuidance
3.2.1 GeneralGuidance
Themoduleisnotdistributedasastandalonelibraryandisonlyusedinconjunctionwiththesolution.
TheenduseroftheoperatingsystemisalsoresponsibleforzeroizingCSPsviawipe/securedeleteprocedures.
Ifthemodulepowerislostandrestored,thecallingapplicationcanresettheIVtothelastvalueused.
FIPS140-2Non-ProprietarySecurityPolicy:JavaCryptoModule
DocumentVersion1.0 ©SkyhighNetworks Page20of20
3.2.2 FIPS-ApprovedModeofOperation
InordertomaintaintheFIPS-approvedmodeofoperation,thefollowingrequirementsmustbeobserved:
1. ThecallingapplicationmustinstantiateandoperatethemodulethroughtheJCEinterfaceprovidedbytheJDK.
2. ThecallingapplicationmaynotshareCSPsbetweennon-FIPS-approved-modeandFIPS-approved-modeofoperation.TheoperatormustresetthemodulebeforeswitchingtoFIPS-approved-modeofoperation.
3. Thecallingapplicationmustrestricttheuseoftwo-keyTripleDESencryption:thetotalnumberofblocksofdataencryptedwiththesamecryptographickeyshallnotbegreaterthan2^20.
4. Themodulerequiresthataminimumof256bitsofentropybeprovidedforeachuseoftheDRBG/loadentropyservice.