FIPS 140-2 Security PolicySafeZone FIPS Cryptographic ModuleRambus Global Inc., Finnish branchSokerilinnantie 11 CFI-02600 EspooFinlandPhone: 358 50 3560966Rambus Inc.1050 Enterprise WaySunnyvaleCA 94089United States2020-03-13Revision CSoftware Version 1.1.0Document Number: FIPS-2020-1022Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 1 of 35
1234567Introduction . 41.1Purpose. 61.2Security level . 61.3Glossary . 7Ports and Interfaces . 8Roles, Services, and Authentication . 93.1Roles and Services . 103.1.1 User Role . 103.1.2 Crypto-officer Role . 103.2Authentication Mechanisms and Strength . 11Secure Operation and Security Rules . 124.1Security Rules . 124.2Physical Security Rules. 134.3Secure Operation Initialization Rules . 13Definition of SRDIs (Security Relevant Data Items) Modes of Access . 145.1FIPS Approved and Allowed algorithms . 145.2Non-FIPS mode of operation . 185.3Cryptographic Keys, CSPs, and SRDIs . 205.4Access Control Policy . 255.5User Guide . 305.5.1 NIST SP 800-108: Key Derivation Functions . 305.5.2 NIST SP 800-132: Password-Based Key Derivation Function . 305.5.3 NIST SP 800-38D: Galois/Counter Mode . 305.5.4 NIST SP 800-90: Deterministic Random Bit Generator. 315.5.4.1 iOS entropy source. 315.5.4.2 t-base-300 OS . 31Self Tests. 336.1Power-Up Self-Tests . 336.2Conditional Self tests . 34Mitigation of Other Attacks . 35Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 2 of 35
Modification 3-03-15Policy revision C: FIPS Lib 1.1.0 policy, added more vendor affirmedplatforms, updated vendor contact informationPolicy revision B: FIPS Lib 1.1.0 policyPolicy revision A: FIPS Lib 1.1.0 policy, based on FIPS Lib 1.0.3 (A)Policy revision D: RevalidationUpdated according to NIST SP 800-131AAdded more vendor affirmed platformsAdded several vendor affirmed platformsAdded validated one platform: Samsung Galaxy Note 3 (ARMv7-a)Updated contact addressesPolicy revision C: The original validationNon-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 3 of 35
FIPS 140-2 Security PolicySafeZone FIPS Cryptographic Module1 IntroductionSafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validatedsoftware cryptographic module from Rambus. This module is a toolkit that providesthe most commonly used cryptographic primitives for a wide range of applications,including primitives needed for VPN (Virtual Private Network), TLS (TransportLayer Security), DAR (Data-At-Rest), and DRM (Digital Rights Management)clients.SafeZone FIPS Cryptographic Module is a software-based product with a custom,small-footprint API (Application Programming Interface). The cryptographic modulehas been designed to provide the necessary cryptographic capabilities for otherRambus products. However, it can also be used stand-alone in custom-developedproducts to provide the required cryptographic functionality.The module is primarily intended for embedded products with a general-purposeoperating system.Figure 1: SafeZone FIPS Cryptographic Module Cryptographic BoundaryPhysical Cryptographic BoundaryLogical Cryptographic BoundaryPersistentStorageROMData OutputRAMData InputSafeZone FIPS LibPeripheralsRemote DevicesCPUControl InputStatus OutputPower SupplyFor FIPS 140-2 purposes, SafeZone FIPS Cryptographic Module is classified as amulti-chip standalone cryptographic module. Within the logical boundary ofSafeZone FIPS Cryptographic Module is the libsafezone-sw-fips.a/so objectcode library, also known as SafeZone FIPS Lib. The physical cryptographic boundaryNon-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 4 of 35
of the module is the enclosure of a general-purpose computing device executing theapplication that embeds the SafeZone FIPS Cryptographic Module.The SafeZone FIPS Cryptographic Module has been tested for validation on thefollowing platforms:Processor / Tested PlatformARMv6 / Raspberry PiARMv7-a / ArndaleARMv7-a / Samsung Galaxy Note 3Intel Atom Z2560 / Samsung Galaxy Tab 3 10.1Apple A7 (64-bit) / iPad Mini with RetinaDisplayApple A7 (32-bit) / iPad Mini with RetinaDisplayIntel Atom Z3740 with AES-NI / ASUSTransformerIntel Atom Z3740 (64-bit) / ASUS TransformerIntel Atom Z3740 (64-bit) with AES-NI / ASUSTransformerOperating SystemLinux1 / kernel 3.10(single-user mode) t-base 300(single-user mode)Android 4.4(single-user mode)Android 4.2(single-user mode)iOS 7.1(single-user mode)iOS 7.1(single-user mode)Linux / kernel 3.13(single-user mode)Linux / kernel 3.13(single-user mode)Linux / kernel 3.13(single-user .01.1.0Compliance is maintained on platforms for which the binary executable remainsunchanged. The module has been confirmed by the vendor to be operational on thefollowing platforms. As allowed by the FIPS 140-2 Implementation Guidance G.5,the validation status of the Cryptographic Module is maintained when operated in thefollowing additional operating environments:Implementation Guidance G.5 RecompilationProcessor / DeviceOperating SystemARMv7-a / Nexus 5Android 5.0-5.1 (single-user mode)ARMv7-a / Nexus 6Android 5.0-5.1 (single-user mode)NVidia Tegra K1 (ARMv8-a; 64-bit) /Android 5.0 (single-user mode)Nexus 9NVidia Tegra K1 (32-bit) / Nexus 9Android 5.0 (single-user mode)ARMv7-a / Fuji Xerox 000T789485Wind River Linux 6.0(single-user mode)ARMv7-a (32-bit)Android 6.0ARMv8-a (64-bit)Android 7.0-7.11Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. All other brands andproduct names are trademarks or registered trademarks of their respective owners.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 5 of 35
ARMv8-a (64-bit)ARMv8-a (64-bit)ARMv8-a (64-bit)ARMv8-a (64-bit)ARMv8-a (64-bit)ARMv8-a (64-bit)ARM926EJ-SIntel Xeon X86-32Intel Xeon X86-32Intel Xeon X86-64Intel Xeon X86-64Intel Core X86-32Intel Core X86-64Intel Core X86-64ARMv7-a (32-bit) / Raspberry Pi 3Android 8.0-8.1Android 9.0Android 10.0Yocto Linux 2.7Linux / kernel 4.9Linux / kernel 4.14Nucleus 3.0PhotonOS 2.0Ubuntu Linux 18.04Ubuntu Linux 18.04Yocto Linux 2.6Ubuntu Linux 18.04Ubuntu Linux 18.04Yocto Linux 2.6Rasbian Linux / kernel 4.19The CMVP makes no statement as to the correct operation of the module or thesecurity strengths of the generated keys when the specific operational environment isnot listed on the validation certificate.1.1 PurposeThe purpose of this document is to describe the secure operation of the SafeZoneFIPS Cryptographic Module including the initialization, roles, and responsibilities ofoperating the product in a secure, in FIPS 140 mode of operation.1.2Security levelThe cryptographic module meets the overall requirements applicable to Level 1security of FIPS 140-2.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 6 of 35
Security LevelSecurity Requirements SpecificationCryptographic Module SpecificationModule Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementEMI/EMCSelf-TestsDesign AssuranceMitigation of Other AttacksLevel1111N/A11111N/A1.3 vanced Encryption StandardApplication Programming InterfaceCryptographic Module Validation Program (FIPS 140)Critical Security ParameterDefault Entry PointDigital Rights ManagementDigital Signature StandardElliptic CurveFederal Information Processing StandardInternet Key ExchangeKey-Encapsulation Mechanism (See NIST SP 800-56B)Key Transport SchemeOptimal Asymmetric Encryption PaddingPseudo-Random FunctionSecure Hash StandardSecurity Relevant Data ItemTransport Layer SecurityTriple Data Encryption StandardVirtual Private NetworkNon-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 7 of 35
2 Ports and InterfacesAs a software-only module, the SafeZone FIPS Cryptographic Module provides anAPI logical interface for invocation of FIPS140-2 approved cryptographic functions.The functions shall be called by the referencing application, which assumes theoperator role during application execution. The API, through the use of inputparameters, output parameters, and function return values, defines the four FIPS 1402 logical interfaces: data input, data output, control input and status output.LogicalInterfacesData InputControl InputData OutputStatus OutputPowerInterfaceAPIThe data read from memory area(s) provided to the invoked functionvia parameters that point to the memory area(s).The API function invoked and function parameters designated ascontrol inputs.The data written to memory area(s) provided to the invoked functionvia parameters that point to the memory area(s).The return value of the invoked API function.Not accessible via the API. The power interface is used as applicableon the physical device.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 8 of 35
3 Roles, Services, and AuthenticationThe SafeZone FIPS Cryptographic Module supports the Crypto Officer and Userroles. The operator of the module will assume one of these two roles. Only one rolemay be active at a time. The Crypto Officer role is assumed implicitly upon moduleinstallation, uninstallation, initialization, zeroization, and power-up self-testing. Ifinitialization and self-testing are successful, a transition to the User role is allowedand the User will be able to use all keys and cryptographic operations provided by themodule, and to create any CSPs (except Trusted Root Key CSPs which may only becreated in the Crypto Officer role).The four unique run-time services given only to the Crypto Officer role are the abilityto initialize the module, to set-up key material for Trusted Root Key CSP(s), tomodify the entropy source, and to switch to the User role to perform any activitiesallowed for the User role. The SafeZone FIPS Cryptographic Module does notsupport concurrent operators.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 9 of 35
3.1 Roles and ServicesThe module does not authenticate the operator role.3.1.1 User RoleThe User role is assumed once the Crypto Officer role is finished with moduleinitialization and explicitly switches the role using the FL LibEnterUserRole APIfunction. The User role is intended for common cryptographic use. The full list ofcryptographic services available to the User role is supplied in chapter 5 of thisdocument.ServiceAll services except installation,initialization, entropy sourcenomination, and creation of TrustedRoot Key CSPs.DescriptionAll standard cryptographic operationsof the module, such as symmetricencryption, message authenticationcodes, and digital signatures. The Userrole may also allocate the key assets andload values for any of thesecryptographic purposes.The SafeZone FIPS CryptographicModule also provides a ‘Show Status’service (API function FL LibStatus)that can be used to query the currentstatus of the cryptographic module. Amacro based on FL LibStatus isprovided(FL IS IN APPROVED MODE), whichreturns true if the module is currently inan approved mode of operation.3.1.2 Crypto-officer RoleThe Crypto Officer role can perform all the services allowed for the User role plus ahandful of additional ones. Separate from the run-time services of the module, thetasks of installing and uninstalling the module to and from the host system imply therole of a Crypto Officer. The four run-time services available only to the CryptoOfficer are initializing the module for use, creating key material for Trusted Root KeyCSPs, modifying the entropy source, and switching to the User role.ServiceAll services allowed for UserroleInitializationTrusted Root Key creationDescriptionSee above.Loading and preparing the module for use.Load key material into the module for localsecurity purposes(FL RootKeyAllocateAndLoadValue).Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 10 of 35
Entropy SourceSelect the provider of the external entropysource. (FL RbgInstallEntropySource,FL RbgRequestSecurityStrength,FL RbgUseNonblockingEntropySource).Switch to the User RoleUses the FL LibEnterUserRole APIfunction to switch to User role.InstallationUninstallationWhen the module is installed to a host system.When the module is removed from a hostsystem.3.2 Authentication Mechanisms and StrengthFIPS 140-2 Security Level 1 does not require role-based or identity-based operatorauthentication. The SafeZone FIPS Cryptographic Module will not authenticate theoperator.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 11 of 35
4 Secure Operation and Security RulesIn order to operate the SafeZone FIPS Cryptographic Module securely, the operatorshould be aware of the security rules enforced by the module and should adhere to therules for physical security and secure operation.4.1 Security RulesTo operate the SafeZone FIPS Cryptographic Module securely, the operator of themodule must follow these instructions:1. The operating environment that executes the SafeZone FIPS CryptographicModule must ensure single operator mode of operation to be compliant with therequirements for the FIPS 140-2 Level 1.2. The correct operation of the module depends on the Default Entry Point. It is notallowed to prevent execution of the Default Entry Point (the functionFL LibInit).3. The operator must not call ptrace or strace functions, or run gdb or otherdebugger when the module is in the FIPS mode.4. If the hardware platform has a connector for an external debugger (for exampleJTAG), that connector must not be used while the module is in FIPS mode.5. The SafeZone FIPS Cryptographic Module keeps all CSPs and other protectedobjects in Random Access Memory (RAM). The operator(s) must only use theseobjects via the handles provided by the SafeZone FIPS Cryptographic Module. Itis not permissible to directly access these objects in the memory.6. The operator must not call functions provided by the SafeZone FIPSCryptographic Module that are not explicitly specified in the appropriate guidancedocument for User or Crypto Officer.7. When using cryptographic services provided by the SafeZone FIPS CryptographicModule, the operator must follow the appropriate guidance for each cryptographicalgorithm. Although the cryptographic algorithms provided by the SafeZone FIPSCryptographic Module are recommended or allowed by NIST, secure operation ofthese algorithms requires thorough understanding of the recommendations andappropriate limitations.8. The SafeZone FIPS Cryptographic Module aims to be flexible and therefore itincludes support for cryptographic algorithms or key lengths that were consideredsecure until 2013 according to NIST SP 800-131A. It is the responsibility of theSafeZone FIPS Cryptographic Module user to ensure that disallowed algorithmsor key lengths are not used.9. Some of the implemented cryptographic algorithms offer key lengths exceedingthe current NIST specifications. Such key lengths must not be used, unlessfollowing newer guidance from NIST.a. RSA Key Pair Generation provided by the module (FIPS 186-3 B.3.6) isonly FIPS-approved for RSA modulus sizes of 2048 bits and 3072 bits. Itis not permissible to generate keys using other RSA modulus sizes.10. The Crypto Officer must ensure that the Trusted Root Key has sufficient entropyto meet all FIPS 140-2 requirements for its usage in the module.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 12 of 35
4.2 Physical Security RulesThe physical device on which the SafeZone FIPS Cryptographic Module is executedmust follow the physical security rules applicable to the purpose of the device. TheSafeZone FIPS Cryptographic Module is software-based and does not providephysical security.4.3 Secure Operation Initialization RulesThe SafeZone FIPS Cryptographic Module must be linked with an application tobecome executable. The software code of the module (the libsafezone-swfips.a object code library or the libsafezone-sw-fips.so dynamicallyloadable library) is linked with an end application producing an executableapplication for the target platform. The application is installed in a platform-specificway, e.g. when purchased from an application store for the platform. In some casesthere is no need for installation, e.g. when a mobile equipment vendor includes theapplication with the equipment.The SafeZone FIPS Cryptographic Module is loaded by loading an application thatlinks the library statically. The SafeZone FIPS Cryptographic Module is initializedautomatically upon loading. On some platforms the module is implemented as adynamically loadable module. In this case, the module is loaded as needed by thedynamic linker.The SafeZone FIPS Cryptographic Module does not support operator authenticationand thus does not require any authentication itself. The SafeZone FIPS CryptographicModule is by default in FIPS-approved mode once initialized. Usually, the moduledoes not require any special set-up or initialization except for installation.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 13 of 35
5 Definition of SRDIs (Security Relevant Data Items) Modesof AccessThis chapter specifies security relevant data items as well as the access control policythat is enforced by the SafeZone FIPS Cryptographic Module.Each SRDI is held in the asset store accompanied by a security usage policy. Thepolicy is set when the asset is allocated withFL RootKeyAllocateAndLoadValue, FL AssetAllocate,FL AssetAllocateBasic, FL AssetAllocateSamePolicy orFL AssetAllocateAndAssociateKeyExtra. When the asset is accessed for usein a cryptographic operation, the policy is tested to ensure that the asset is eligible forthe requested use. A policy typically consists of the allowed algorithm(s), theallowed strength of the algorithm, and the direction of the operation (encryption ordecryption).5.1 FIPS Approved and Allowed algorithmsThe SafeZone FIPS Cryptographic Module implements the following FIPS-approvedalgorithms:AlgorithmRSAFIPS 186-4Signature GenerationKey Pair GenerationRSAFIPS 186-4Signature ValidationDSAFIPS 186-4Signature GenerationDomain ParameterGenerationKey Pair GenerationDSAFIPS 186-4Signature ValidationDomain ParameterValidationECDSAFIPS 186-4Signature GenerationKey Pair GenerationImplementation DetailsAlgorithmCertificate(s)2048, and 3072 bit keys; PKCS #1v1.5 and PSS; SHA-224, SHA-256,SHA-384, SHA-512RSA #15931024, 2048, and 3072 bit keys;PKCS #1 v1.5 and PSSRSA #1593P 2048/N 224, P 2048/N 256,P 3072/N 256; SHA-224, SHA256, SHA-384, SHA-512DSA #905P 1024/N 160, P 2048/N 224,P 2048/N 256, P 3072/N 256DSA #905NIST P-224, P-256, P-384 and P521 curves; SHA-224, SHA-256,SHA-384, SHA-512ECDSA #567Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 14 of 35
AlgorithmECDSAFIPS 186-4Signature ValidationPublic KeyVerificationAESFIPS 197,NIST SP 800-38AAES CCMNIST SP 800-38CAES GCMNIST SP 800-38DXTS-AESNIST SP 800-38ETriple-DESNIST SP 800-67CMACNIST SP 800-38BHMACFIPS 198-1SHSFIPS 180-3DRBGNIST SP 800-90KTS (KEMNIST SP 800-56B)KTS (OAEPNIST SP 800-56B)PBKDFNIST SP 800-132Implementation DetailsAlgorithmCertificate(s)NIST P-192, P-224, P-256, P-384and P-521 curvesECDSA #567128, 192, 256 bit keys; ECB, CBC,CTR modeAES #3123128, 192, 256 bit keysAES #3123128, 192, 256 bit keysAES #3123256, 512 bit keys(128-bit or 256-bit encryptionstrength)192 bit keys; ECB and CBC modeAES #3123128, 192, 256 bit keysTriple-DES#1793AES #3123112-512 bit keys; SHA-1, SHA224, SHA-256, SHA-384, SHA512SHA-1, SHA-224, SHA-256, SHA384, SHA-512; BYTE onlyAES-128-CTR without df or reseedAES-256-CTR with df and reseedHMAC #19802048, 3072 bit keys; RSA-KEMKWS-basic (section 9.3.3); vendoraffirmed; key-wrapping; keyestablishment methodologyprovides 112 bits or 128 bits ofencryption strength2048, 3072 bit keys; RSA-OAEP(section 9.2.3); vendor affirmed;key-wrapping; key establishmentmethodology provides 112 bits or128 bits of encryption strengthwith SHA-1, SHA-256N/A, VendoraffirmedSHS #2599DRBG #634,DRBG #637N/A, VendoraffirmedN/A, VendoraffirmedNon-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 15 of 35
AlgorithmKDFNIST SP 800-108Implementation Details112-512 bit keys; SHA-1, SHA224, SHA-256, SHA-384, SHA512, AES-CMAC; counter,feedback and double pipelinemodesApplication SpecificKey DerivationFunctionsNIST SP 800135rev1FFC Diffie-Hellmanprimitive;A part of NIST SP800-56AIKEv1 Key Derivation FunctionsIKEv2 Key Derivation FunctionsTLS 1.0/1.1 Key DerivationFunctionsTLS 1.2 Key Derivation FunctionsKey Agreement Primitives;2048, 3072 bit modular DiffieHellman groupsECC CDH primitive;A part of NIST SP800-56AKey Agreement Primitives;NIST P-224, P-256, P-384 and P521 curvesAlgorithmCertificate(s)KBKDF #37,KBKDF #38,KBKDF #39,KBKDF #40Key derivationmethodologyprovidesbetween 112 and256 bits ofencryptionstrength.CVL #385CVL #384Keyestablishmentmethodologyprovides 112bits or 128 bitsof encryptionstrength.CVL #384Keyestablishmentmethodologyprovidesbetween 112 and256 bits ofencryptionstrength.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 16 of 35
AlgorithmKTS (NIST SP 80038FKey Wrapping)Implementation DetailsAlgorithmCertificate(s)Key Wrapping function KWCIPH AES; 128, 192, 256 bit keysKey Wrapping function KWPCIPH AES; 128, 192, 256 bit keysKTS (AES een 128 and256 bits ofencryptionstrengthThe cryptographic module supports the following non-approved algorithms in theapproved mode of operation as allowed:AlgorithmRSA Encryption(PKCS #1 v1.5)Algorithm TypeKey Transport;2048, 3072 bit keysUtilization(RSA Cert.#1593)Key establishmentmethodologyprovides 112 bits or128 bits ofencryption strength.MD5/dev/randomMessage Digest;This function is only allowedas a part of an approved keytransport scheme (e.g. TLS 1.0or TLS 1.1).Non-Approved RBG/dev/urandomNon-Approved RBGAn entropy sourcefor NIST SP 800-90DRBG.An entropy sourcefor NIST SP 800-90DRBG.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 17 of 35
t-base-300 RNGNon-Approved RBGAn entropy sourcefor NIST SP 800-90DRBG.The SafeZone FIPS Cryptographic Module is intended for products where FIPS 1402 approved algorithms are used. Rambus also provides solutions for customers thatneed software or hardware based implementations for non-approved cryptographicalgorithms, such as Camellia and C2. However, to ensure that SafeZone FIPSCryptographic Module remains the most convenient solution for products required tobe FIPS 140-2 approved, it does not implement these algorithms.5.2 Non-FIPS mode of operationIn the end of 2013, some of algorithms previously allowed by the NIST weredisallowed. This was because 80-bits of security was considered no longer sufficient.See document NIST SP 800-131A for details. The SafeZone FIPS CryptographicModule implements additional key lengths for some of these algorithms (RSA, DSA,ECDSA) for compatibility with applications previously using these key sizes. Theseno longer approved key sizes shall only be used in non-FIPS mode of operation.The non-FIPS validated algorithms and key sizes supported by the module are:AlgorithmImplementation DetailsReason for algorithmbeing no longerallowed in FIPS mode.RSAFIPS 186-2Signature GenerationRSAFIPS 186-4Signature GenerationKey Pair Generation1024, 1536, 2048, 3072, and4096 bit keys; PKCS #1 v1.5and PSS1024 bit keys; PKCS #1 v1.5and PSSTransition from FIPS186-2 to 186-4.DSAFIPS 186-4Signature GenerationDomain ParameterGenerationKey Pair GenerationECDSAFIPS 186-2/4Signature GenerationKey Pair GenerationP 1024/N 160Key length usedprovides less than 112bits of encryptionstrengthNIST P-192 curveKey length usedprovides less than 112bits of encryptionstrengthKey length usedprovides less than 112bits of encryptionstrengthNon-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 18 of 35
AlgorithmImplementation DetailsReason for algorithmbeing no longerallowed in FIPS mode.ECDSAFIPS 186-2Signature GenerationNIST P-224, P-256, P-384and P-521 curvesTransition from FIPS186-2 to 186-4.HMACFIPS 198-180-104 bit keys; SHA-1,SHA-224, SHA-256, SHA384, SHA-512Key length usedprovides less than 112bits of encryptionstrength.KTS(KEMNIST SP 800-56B)1024, 1536, bit keys; RSAKEM-KWS-basic; keywrappingKey establishmentmethodology providesless than 112 bits ofencryption strengthKTS (OAEPNIST SP 800-56B)1024, 1536 bit keys; RSAOAEP; key-wrappingKey establishmentmethodology providesless than 112 bits ofencryption strengthKDFNIST SP 800-10880-104 bit keys; SHA-1,SHA-224, SHA-256, SHA384, SHA-512, AES-CMAC;counter, feedback and doublepipeline modesKey Agreement Primitives;1024 bit modular DiffieHellman groupsKey derivationmethodology providesless than 112 bits ofencryption strength.ECC CDH primitive;A part of NIST SP800-56AKey Agreement Primitives;NIST P-192 curvesKey establishmentmethodology providesless than 112 bits ofencryption strength.RSA Encryption(PKCS #1 v1.5)Key Transport;1024, 1536 bit keysKey establishmentmethodology providesless than 112 bits ofencryption strength.FFC Diffie-Hellmanprimitive;Key establishmentmethodology providesless than 112 bits ofencryption strength.Non-proprietary security policy. This document may be freely distributed in its entirety without modification.Page 19 of 35
5.3 Cryptographic Keys, CSPs, and SRDIsWhile operating in a FIPS-compliant manner, the asset store within the SafeZoneFIPS Cryptographic Module may contain the following security relevant data items(depending on which keys will be used by the zationMethodGeneral Keys/CSPsAESEncryptionKeyAESincludingmodesECB, CBC,and CTR128, 192, 256bitsKey created for thepurposes ofencrypting and/ordecrypting data usingAES algorithmCrypto Officer,UserPlaintextin RAMPower-off,FL AssetFree,FL LibUnInitAES CCMEncryptionKeyAES CCM128, 192, 256bitsKey created for thepurposes ofauthenticatedencryption and/ordecryption of datausing AES and CCMalgorithmsCrypto Officer,UserPlaintextin RAMPower-off,FL AssetFree,FL LibUnInitAES GCMEncryptionKeyAES GCM128, 192, 256bitsKey created for thepurposes ofauthenticatedencryption and/ordecryption of datausing AES and GCMalgorithmsCrypto Officer,UserPlaintextin RAMPower-off,FL AssetFree,FL LibUnInitXTS-AESEncryptionKeyXTS-AES256, 512 bitsKey created for thepurposes ofencrypting and/ordecrypting data usingAES algorithm inXTS modeCrypto Officer,UserPlaintextin RAMPower-off,FL AssetFree,FL LibUnInitTriple-DESEncryptionKeyTriple-DES192 bitsKey created for theCrypto Officer,purposes ofUserencrypting and/ordecrypting data usingTriple-DES algorithmPlaint
Security Requirements Specification Level Cryptographic Module Specification 1 Module Ports and Interfaces 1 Roles, Services, and Authentication 1 Finite State Model 1 Physical Security N/A Operational Environment 1 Cryptographic Key Management 1 EMI/EMC 1 Self-T
The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic functions for applications in Barracuda security products that use Barracuda OS v2.3.4 and require FIPS 140-2 approved cryptographic functions. The FIPS 140-2 validation of the Barracuda Cryptographic Software
FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by
An “OpenSSL FIPS Object Module” (a.k.a. “FIPS module”) had been previously created. The FIPS module is a specially devised software component that was designed for compatibility with OpenSSL and created so that users can use a version of OpenSSL as a FIPS 140-validated cryptographic module. The FIPS module is about one-sixth the
these applications also support Kerberized connections. For the purposes of FIPS- 140- 2 validation the Module is classified as a multi-chip stand-alone Module. 2.2 Cryptographic Boundary The logical cryptographic boundary for the Module is the library itself. An in-core memory cryptographic digest (HMAC-SHA-1) is computed on the Cryptographic
Data Storage Library Services Manager Certificate Library Services Manager Trust Policy Services Manager Security contexts . The logical cryptographic boundary of Apple FIPS Cryptographic Module, v1.1 (“Module library”) is the shared object library itself. . FireWire, Ethernet, Mini
the terminology contained in the FIPS 140-2 specification. FIPS 140-2, Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CSE Cryptographic Module Validation Program (CMVP .
The Oracle Linux OpenSSL Cryptographic Module (hereafter referred to as the “Module”) is a software module supporting FIPS 140-2 Approved cryptographic algorithms within Oracle Linux. The code base of the Module is formed in a combination of standard OpenSSL shared Library, OpenSSL FIPS Object Module, and development
towards banking products that may suit your needs, but they are not usually Independent Financial Advisers (IFAs) and therefore cannot advise you on what decisions to take or what is available from other banks. 8 British Bankers’ Association An IFA is a professional who provides financial services advice to individuals, businesses and other groups. They can provide investment, insurance and .