VMware's OpenSSL FIPS Object Module - NIST
VMware, Inc.3401 Hillview AvePalo Alto, CA 94304, USATel: 877-486-9273Email: info@vmware.comhttp://www.vmware.comVMware's OpenSSLFIPS Object ModuleSoftware Version: 2.0.20-vmwFIPS 140-2 Non-Proprietary Security PolicyFIPS Security Level: 1Document Version: 0.8
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwTABLE OF CONTENTS1Introduction . 41.1Purpose.41.2Reference .42VMware OpenSSL FIPS Object Module . 52.1Introduction .52.1.1 VMware OpenSSL FIPS Object Module .52.2Module Specification .52.2.1 Physical Cryptographic Boundary .62.2.2 Logical Cryptographic Boundary .62.2.3 Cryptographic Implementation and modes of operation .82.3Module Interfaces .122.4Roles and Services .122.4.1 Crypto Officer and User Roles.132.5Physical Security .142.6Operational Environment .142.7Cryptographic Key Management .172.8Self-Tests .202.8.1 Power-Up Self-Tests.202.8.2 Conditional Self-Tests .212.9Mitigation of Other Attacks .213Secure Operation . 223.1Secure Distribution and Operation .223.1.1 Crypto Officer Guidance .223.1.2 User Guidance.224Acronyms . 23October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 2 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwLIST OF FIGURESFigure 1 – Hardware Block Diagram . 6Figure 2 – Module’s Logical Cryptographic Boundary in Guest OS . 7Figure 3 – Module’s Logical Cryptographic Boundary in Hypervisor . 8LIST OF TABLESTable 1 – Security Level Per FIPS 140-2 Section . 5Table 2 – FIPS-Approved Algorithm Implementations . 8Table 3 – Non FIPS-Approved Algorithm Implementations and services . 11Table 4 – FIPS 140-2 Logical Interface Mapping . 12Table 5 – Crypto Officer and Users Services . 13Table 6 – List of Cryptographic Keys, Key Components, and CSPs . 17Table 7 – List of Public Keys, Key Components, and CSPs . 18Table 8 – Acronyms . 23October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 3 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmw1 INTRODUCTION1.1 PurposeThis is a non-proprietary Cryptographic Module Security Policy for the VMware's OpenSSL FIPS ObjectModule from VMware, Inc. This Security Policy describes how the VMware's OpenSSL FIPS Object Modulemeets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2,which details the U.S. and Canadian Government requirements for cryptographic modules. Moreinformation about the FIPS 140-2 standard and validation program is available on the National Institute ofStandards and Technology (NIST) and the Canadian Centre of Cyber Security (CCCS) CryptographicModule Validation Program (CMVP) website at evalidation-program.This document also describes how to run the module in a secure FIPS-Approved mode of operation. TheVMware's OpenSSL FIPS Object Module is also referred to in this document as “the module”.1.2 ReferenceThis document deals only with operations and capabilities of the composite module in the technical termsof a FIPS 140-2 cryptographic module security policy. More information is available on the module from thefollowing sources: The VMware website (http://www.vmware.com) contains information on the full line of productsfrom d-Modules/Search) contains options to get contact information for individuals toanswer technical or sales-related questions for the module.October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 4 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmw2 VMWARE OPENSSL FIPS OBJECT MODULE2.1 IntroductionVMware, Inc., a global leader in virtualization, cloud infrastructure, and business mobility, deliverscustomer-proven solutions that accelerate Information Technology (IT) by reducing complexity andenabling more flexible, agile service delivery. With VMware solutions, organizations are creatingexceptional experiences by mobilizing everything, responding faster to opportunities with modern data andapps hosted across hybrid clouds, and safeguarding customer trust with a defense-in-depth approach tocybersecurity. VMware enables enterprises to adopt an IT model that addresses their unique businesschallenges. VMware’s approach accelerates the transition to solutional-computing while preserving existinginvestments and improving security and control.2.1.1VMware OpenSSL FIPS Object ModuleThe VMware's OpenSSL FIPS Object Module is a software cryptographic module that is built from theOpenSSL FIPS Object Module source code according to the instructions prescribed in Appendix A. Themodule is a software library that provides cryptographic functions to various VMware applications via a welldefined C-language application program interface (API). The module only performs communications withthe calling application (the process that invokes the module services).The VMware's OpenSSL FIPS Object Module is validated at the FIPS 140-2 Section levels shown in Table1:Table 1 – Security Level Per FIPS 140-2 SectionSection1234567891011Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementEMI/EMC2Self-testsDesign AssuranceMitigation of Other AttacksLevel1121N/A111113N/A2.2 Module SpecificationThe VMware's OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chipstandalone embodiment. The overall security level of the module is 1. The software version of the moduleis 2.0.20-vmw, and it is developed and built from the 2.0.16 version of the OpenSSL FIPS Object Modulesource code.12N/A – Not ApplicableEMI/EMC – Electromagnetic Interference/Electromagnetic CompatibilityOctober 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 5 of 25
Security Policy v0.82.2.1VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwPhysical Cryptographic BoundaryAs a software module, there are no physical protection mechanisms implemented. Therefore, the modulemust rely on the physical characteristics of the host system. The module runs on a General-PurposeComputer (GPC) and the physical boundary of the cryptographic module is defined by the hard enclosurearound the host system on which it runs. The module supports the physical interfaces of the GPC. SeeFigure 1 below for a block diagram of the typical GPC and its physical cryptographic boundary markedwith red dotted line.Figure 1 – Hardware Block Diagram2.2.2Logical Cryptographic BoundaryThe logical cryptographic boundary of the module is the fipscanister object module, a single object modulefile named fipscanister.o (Linux 3 ). Figure 2 and Figure 3 depict the logical cryptographic boundary for themodule which surrounds the VMware's OpenSSL FIPS Object Module. The module’s logical boundary is acontiguous perimeter that surrounds all memory-mapped functionality provided by the module when loadedand stored in the host platform’s memory.3Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 6 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwVMware s OpenSSLFIPS Object ModuleCalling ApplicationUser SpaceKernel SpaceOperating SystemVMware ESXi 6.7Hardware (GPC)API InvocationLogical BoundarySystem CallsFigure 2 – Module’s Logical Cryptographic Boundary in Guest OSOctober 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 7 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwOperating SystemVMware s OpenSSLFIPS Object ModuleCalling ApplicationUser SpaceKernel SpaceVMware ESXi 6.7Hardware (GPC)API InvocationLogical BoundarySystem CallsFigure 3 – Module’s Logical Cryptographic Boundary in Hypervisor2.2.3Cryptographic Implementation and modes of operationThe module implements the FIPS-Approved algorithms listed in Table 2 below.Table 2 – FIPS-Approved Algorithm etric KeyGenerationAlgorithmOptionsCert #Hash DRBG (Prediction resistance supported)[SP 800-90A]DRBG4HMAC DRBG, no reseedC 470CTR DRBG (AES), no derivation function (Predictionresistance supported)4For all DRBGs the “supported security strength” is just the highest supported security strength per [SP 800-90A]and [SP 800-57].October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 8 of 25
Security Policy v0.8Encryption,Decryption andCMACVMware's OpenSSL FIPS Object Module, Version 2.0.20-vmw[SP 800-67][FIPS 197] AES[SP 800-38A] ECB,CBC, CFB, OFB, CTR[SP 800-38B] CMAC[SP 800-38C] CCM3-Key TDES TECB, TCBC, TCFB 1, TCFB 8, TCFB 64, TOFB;CMAC generate and verifyC 470128/ 192/256 ECB, CBC, OFB, CFB 1, CFB 8, CFB 128,CTR; CCM; GCM; CMAC generate and verify; XTS (128and 256 only)C 470[SP 800-38D] GCM[SP 800-38E] XTSMessageDigests[FIPS 180-4]SHA-1, SHA-2 (224, 256, 384, 512)C 470Keyed Hash[FIPS 198] HMACHMAC with SHA-1, SHA-2 (224, 256, 384, 512)C 470DigitalSignature andAsymmetricKeyGenerationSigVer9.31 (1024/1536/2048/3072/4096 with SHA-1,256, 384, 512)[FIPS 186-2] RSASigVerPKCS1.5 (1024/1536/2048/3072/4096 with SHA1, 256, 384, 512)SigVerPSS (1024/1536/2048/3072/4096 with SHA-1,256, 384, 512)GenKey9.31 (2048/3072)SigGen9.31 (2048/3072 with SHA-256, 384, 512)C 470SigGenPSS (2048/3072 with SHA-256, 384, 512)[FIPS 186-4] RSASigGenPKCS1.5 (2048/3072 with SHA-256, 384, 512)SigVer9.31 (2048/3072 with SHA-1, 256, 384, 512)SigVerPSS (2048/3072 with SHA-1, 256, 384, 512)SigVerPKCS1.5 (2048/3072 with SHA-1, 256, 384, 512)PQG Gen (2048, 224 with SHA-224, 256, 384, 512;2048, 256 with SHA-256, 384, 512; 3072, 256 with SHA256, 384, 512)PQG Ver (1024, 160 with SHA-1, 224, 256, 384, 512;2048, 224 with SHA-224, 256, 384, 512; 2048, 256 withSHA-256, 384, 512; 3072,256 with SHA-256, 384, 512)[FIPS 186-4] DSAKeyPairGen (2048, 224; 2048, 256; 3072, 256)C 470SigGen (2048, 224 with SHA-224, 256, 384, 512; 2048,256 with SHA-224, 256, 384, 512; 3072, 256 with SHA224, 256, 384, 512)SigVer (1024/2048/3072 with SHA-1, 224, 256, 384,512)October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 9 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwPKG: CURVES (P-224 P-256 P-384 P-521 K-233 K- 283 K409 K-571 B-233 B-283 B-409 B-571 ExtraRandomBitsTestingCandidates)PKV: CURVES (ALL-P ALL-K ALL-B)[FIPS 186-4] ECDSASigGen: CURVES( P-224: (SHA-224, 256, 384, 512) P256: (SHA-224, 256, 384, 512) P-384: (SHA-224, 256,384, 512) P-521: (SHA-224, 256, 384, 512) K-233: (SHA224, 256, 384, 512) K-283: (SHA-224, 256, 384, 512) K409: (SHA-224, 256, 384, 512) K-571: (SHA-224, 256,384, 512) B-233: (SHA-224, 256, 384, 512) B-283: (SHA224, 256, 384, 512) B-409: (SHA-224, 256, 384, 512) B571: (SHA-224, 256, 384, 512) )C 470SigVer: CURVES( P-192: (SHA-1, 224, 256, 384, 512) P224: (SHA-1, 224, 256, 384, 512) P-256: (SHA-1, 224,256, 384, 512) P-384: (SHA-1, 224, 256, 384, 512) P521: (SHA-1, 224, 256, 384, 512) K-163: (SHA-1, 224,256, 384, 512) K-233: (SHA-1, 224, 256, 384, 512) K283: (SHA-1, 224, 256, 384, 512) K-409: (SHA-1, 224,256, 384, 512) K-571: (SHA-1, 224, 256, 384, 512) B163: (SHA-1, 224, 256, 384, 512) B-233: (SHA-1, 224,256, 384, 512) B-283: (SHA-1, 224, 256, 384, 512) B409: (SHA-1, 224, 256, 384, 512) B-571: (SHA-1, 224,256, 384, 512) )ECC CDH (CVL)[SP 800-56A](§5.7.1.2)All NIST defined B, K and P curves except sizes 163 and192C 470FCC KAS[SP 800-56A]All except KDFParameter Sets/Key sizes: FB (SHA-256), FC (SHA-256)C 470ECC KAS[SP 800-56A]All except KDFParameter Sets/Key sizes: EC (P-256, SHA-256), ED (P384, SHA-512), EE (P-521, SHA-512)C 470Per IG A.5 Scenario 2, the module generates random IVs of 96 bits or higher using the SP 800-90A DRBGand in the event Module power is lost and restored the calling application must ensure that any AES-GCMkeys used for encryption or decryption are re-distributedThe module supports only NIST defined curves for use with ECDSA and ECC CDH. The module supportstwo operational environments configurations for elliptical curves; NIST prime curve only and all NISTdefined PKB curves.The module also employs the following key establishment methodologies, which are allowed or vendoraffirmed to be used in FIPS-Approved mode of operation: RSA (key wrapping5; key establishment methodology provides between 112 and 256 bits ofencryption strength) EC DH (CVL Cert. #C470, key agreement6; key establishment methodology provides between 1125No claim is made for SP 800-56B compliance, and no CSPs are established into or exported out of the module usingthis service.6Vendor Affirmed DH scheme using NIST defined P elliptical curve. Key agreement is a service provided for callingprocess use, but is not used to establish keys into the module. Vendor Affirmed IG D.1- rev2.October 15, 2019 2019 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 10 of 25
Security Policy v0.8VMware's OpenSSL FIPS Object Module, Version 2.0.20-vmwand 256 bits of encryption strength) CKG (vendor affirmed) KAS (SP 800-56Arev2; vendor affirmed) Entropy Input: The Module supports NDRNG as a non-Approved algorithm but allowed in FIPSApproved mode.In accordance with FIPS 140-2 IG D.12, the cryptographic module performs Cryptographic Key Generation(CKG) as per SP800-133 (vendor affirmed). The resulting generated symmetric key and the seed used inthe asymmetric key generation are the unmodified output from SP800-90A DRBGThe module employs non-compliant algorithms and associated services, which are not allowed for use in aFIPS-Approved mode of operation. Their use will result in the module operating in a non-Approved mode.Please refer to Table 3 below for the list of non-Approved algorithms and associated services.Table 3 – Non FIPS-Approved Algorithm Implementations and servicesAlgorithmANSI X9.31 PRNGOptionsAES 128/192/256SP 800-90ADual EC DRBGRSA (FIPS 186-2)Dual EC DRBGDSA (FIPS 186-2)DSA (FIPS 186-4)ECDSA (FIPS 186-2)ECDSA (FIPS 186-4)ECC CDH (KAS,SP800-56A – 5.7.1.2)KeyGen9.31, SigGen9.31, SigGenPKCS1.5,SigGenPSS (1024/1536 with all SHAs,2048/3072/4096 with SHA-1)PQG Gen, Key Pair Gen, SigGen (1024 withall SHAs, 2048/3072 with SHA-1)PQG Gen, Key Pair Gen, SigGen (1024 withall SHAs, 2048/3072 with SHA-1)PKG: Curve (P-192 K-163 B-163)SIG (gen): Curve (P-192 P-224 P-256 P-384P-521 K-163 K-233 K-283 K-409 K-571 B-163B-233 B-283 B-409 B-571)PKG: Curve (P-192 K-163 B-163)SigGen: Curve (P-192: (SHA-1, 224, 256,384, 512) P-224:(SHA-1) P-256:(SHA-1)P-384: (SHA-1) P-521:(SHA-1) K-163:(SHA-1, 224, 256, 384, 512) K-233:(SHA-1)K-283:(SHA-1) K-409:(SHA-1) K-571:(SHA-1)B-163: (SHA-1, 224, 256, 384, 512) B-233:(SHA-1) B-283: (SHA-1) B-409:(SHA-1)B-571:(SHA-1))All NIST recommended P, K, and B withCurves 163 and 192DescriptionRandom Number Generation;Symmetric Key GenerationRandom Number Generation;Symmetric Key GenerationDigital Signature Generation andAsymmetric Key GenerationDigital Signature Generation andAsymmetric Key GenerationDigital Signature Generation andAsymmetric Key GenerationDigital Signature Generation andAsymmetric Key GenerationDigital Signature Generation andAsymmetric Key GenerationKey Agreement SchemeThe Module is a cryptographic engine library, which can be used only in conj
The VMware's OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chip standalone embodiment. The overall security level of the module is 1. The software version of the module is 2.0.20-vmw, and it is developed and built from the 2.0.16 version of the OpenSSL FIPS Object Module source code. 1 N/A – Not Applicable
OpenSSL FIPS Object Module SE Version 2.0.16 By OpenSSL Validation Services OpenSSL FIPS 140-2 Security Policy Version 2.0.16 April 24, 2017. . OpenSSL FIPS 140 2 Security Policy Acknowledgments OpenSSL Validation Services (OVS) serves as the "vendor" for this validation. Project management
This non-proprietary Cryptographic Module Security Policy for the OpenSSL FIPS Provider module from The OpenSSL Project provides an overview and a high-level description of how it meets the overall Level 1 security requirements of FIPS 140-2. The OpenSSL Project may also be referred to as "OpenSSL" in this document.
FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by
918 - OpenSSL FIPS Object Module v1.1.2 - 02/29/2008 140-2 L1 1051 - OpenSSL FIPS Object Module v 1.2 - 11/17/2008 140-2 L1 1111 - OpenSSL FIPS Runtime Module v 1.2 - 4/03/2009 140-2 L1 Note: Windows FIPS algorithms used in this product may have only been tested when the FIPS mode bit was set. While the
ColorTokens OpenSSL FIPS Object Module This document is the non-proprietary security policy for the ColorTokens OpenSSL FIPS Object Module, hereafter referred to as the Module. The Module is a software cryptographic module that is built from the OpenSSL. The module is a
The VMware OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chip standalone embodiment. The overall security level of the module is 1. The software version of the module is 2.0.9, and it is built from the 2.0.9 version of the OpenSSL FIPS Object Module source code. 1 N/A – Not Applicable
An “OpenSSL FIPS Object Module” (a.k.a. “FIPS module”) had been previously created. The FIPS module is a specially devised software component that was designed for compatibility with OpenSSL and created so that users can use a version of OpenSSL as a FIPS 140-validated cryptographic module. The FIPS module is about one-sixth the
ACCOUNTING 0452/22 Paper 2 May/June 2019 1 hour 45 minutes Candidates answer on the Question Paper. No Additional Materials are required. READ THESE INSTRUCTIONS FIRST Write your Centre number, candidate number and name on all the work you hand in. Write in dark blue or black pen. You may use an HB pencil for any diagrams or graphs. Do not use staples, paper clips, glue or correction fluid. DO .
