VMware OpenSSL FIPS Object Module - NIST
VMware, Inc.3401 Hillview AvePalo Alto, CA 94304, USATel: 877-486-9273Email: info@vmware.comhttp://www.vmware.comVMware OpenSSL FIPSObject ModuleSoftware Version: 2.0.9FIPS 140-2 Non-Proprietary Security PolicyFIPS Security Level: 1Document Version: 1.0
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9TABLE OF CONTENTS1Introduction . 41.1Purpose.41.2Reference .42VMware OpenSSL FIPS Object Module . 52.1Introduction .52.1.1 VMware OpenSSL FIPS Object Module .52.2Module Specification .52.2.1 Physical Cryptographic Boundary .82.2.2 Logical Cryptographic Boundary .92.2.3 Cryptographic Implementation and modes of operation .102.3Module Interfaces .132.4Roles and Services .142.4.1 Crypto Officer and User Roles.152.5Physical Security .162.6Operational Environment .162.7Cryptographic Key Management .182.8Self-Tests .212.8.1 Power-Up Self-Tests.212.8.2 Conditional Self-Tests .222.9Mitigation of Other Attacks .223Secure Operation . 233.1Appendix A: Installation and Usage Guidance .233.2Appendix B: Controlled Distribution File Fingerprint .253.3Appendix C: Compilers .274Acronyms . 29October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 2 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9LIST OF FIGURESFigure 1 – Hardware Block Diagram . 9Figure 2 – Module’s Logical Cryptographic Boundary . 10LIST OF TABLESTable 1 – Security Level Per FIPS 140-2 Section . 5Table 2 – Tested Configuration . 6Table 3 – FIPS-Approved Algorithm Implementations . 10Table 4 – Non FIPS-Approved Algorithm Implementations and services . 13Table 5 – FIPS 140-2 Logical Interface Mapping . 14Table 6 – Crypto Officer and Users Services . 15Table 7 – List of Cryptographic Keys, Key Components, and CSPs . 18Table 8 – List of Public Keys, Key Components, and CSPs . 19Table 9 – Compilers . 27Table 10 – Acronyms . 29October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 3 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.91 INTRODUCTION1.1 PurposeThis is a non-proprietary Cryptographic Module Security Policy for the VMware OpenSSL FIPS ObjectModule from VMware, Inc. This Security Policy describes how the VMware OpenSSL FIPS Object Modulemeets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2,which details the U.S. and Canadian Government requirements for cryptographic modules. Moreinformation about the FIPS 140-2 standard and validation program is available on the National Institute ofStandards and Technology (NIST) and the Communications Security Establishment (CSE) CryptographicModule Validation Program (CMVP) website at evalidation-program.This document also describes how to run the module in a secure FIPS-Approved mode of operation. TheVMware OpenSSL FIPS Object Module is also referred to in this document as “the module”.1.2 ReferenceThis document deals only with operations and capabilities of the composite module in the technical termsof a FIPS 140-2 cryptographic module security policy. More information is available on the module from thefollowing sources: The VMware website (http://www.vmware.com) contains information on the full line of productsfrom d-Modules/Search) contains options to get contact information for individuals toanswer technical or sales-related questions for the module.October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 4 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.92 VMWARE OPENSSL FIPS OBJECT MODULE2.1 IntroductionVMware, Inc., a global leader in virtualization, cloud infrastructure, and business mobility, deliverscustomer-proven solutions that accelerate Information Technology (IT) by reducing complexity andenabling more flexible, agile service delivery. With VMware solutions, organizations are creatingexceptional experiences by mobilizing everything, responding faster to opportunities with modern data andapps hosted across hybrid clouds, and safeguarding customer trust with a defense-in-depth approach tocybersecurity. VMware enables enterprises to adopt an IT model that addresses their unique businesschallenges. VMware’s approach accelerates the transition to solutional-computing while preserving existinginvestments and improving security and control.2.1.1VMware OpenSSL FIPS Object ModuleThe VMware OpenSSL FIPS Object Module is a software cryptographic module that is built from theOpenSSL FIPS Object Module source code according to the instructions prescribed in Appendix A. Themodule is a software library that provides cryptographic functions to various VMware applications via a welldefined C-language application program interface (API). The module only performs communications withthe calling application (the process that invokes the module services).The VMware OpenSSL FIPS Object Module is validated at the FIPS 140-2 Section levels shown in Table1:Table 1 – Security Level Per FIPS 140-2 SectionSection1234567891011Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementEMI/EMC2Self-testsDesign AssuranceMitigation of Other AttacksLevel1121N/A111113N/A2.2 Module SpecificationThe VMware OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chipstandalone embodiment. The overall security level of the module is 1. The software version of the moduleis 2.0.9, and it is built from the 2.0.9 version of the OpenSSL FIPS Object Module source code.12N/A – Not ApplicableEMI/EMC – Electromagnetic Interference/Electromagnetic CompatibilityOctober 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 5 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9The module was tested and found to be FIPS 140-2 compliant on the platforms listed in Table 2 below:Table 2 – Tested Configuration#OperationalEnvironment (on ESXi6.0 U2)Processor FamilyOptimizations(Target)ECB1VMware PhotonOS3 1.0Intel Xeon E5AES-NI4PKBU22VMware PhotonOS 1.0Intel Xeon E5NonePKBU13NSX Edge OS 3.14 (aka, NSXEdge 6.3.0 OS)Intel Xeon E5AES-NIPKB4NSX Edge OS 3.14 (aka, NSXEdge 6.3.0 OS)Intel Xeon E5NonePKB5NSX Controller OS 12.04(aka, NSX Controller 6.3.0OS)Intel Xeon E5AES-NIPKBNSX Controller OS 12.04(aka, NSX Controller 6.3.0OS)Intel Xeon E57NSX Manager OS 3.17 (aka,NSX Manager 6.3.0 OS)Intel Xeon E5AES-NIPKB8NSX Manager OS 3.17 (aka,NSX Manager 6.3.0 OS)Intel Xeon E5NonePKB9SLES5 11 SP3Intel Xeon E5AES-NIPKBU210SLES 11 SP3Intel Xeon E5NonePKBU111Windows 2012Intel Xeon E5AES-NIPKBW212Windows 2012Intel Xeon E5NonePKBW113Windows 2012 R2Intel Xeon E5AES-NIPKBW214Windows 2012 R2Intel Xeon E5NonePKBW115Windows 10Core iAES-NIPKBW216Windows 10Core iNonePKBW117Windows 8.1Core iAES-NIPKBW218Windows 8.1Core iNonePKBW119Windows 7 SP1Core iAES-NIPKBW220Windows 7 SP1Core iNonePKBW121Windows Server 2016Intel Xeon E5AES-NIPKBW222Windows Server 2016Intel Xeon E5NonePKBW16U2U1U2NonePKBU1U2U13OS – Operating SystemAES-NI – Advanced Encryption Standard – New Instructions5SLES – SUSE Linux Enterprise Server4October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 6 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.923Ubuntu 16.04Intel Xeon E5AES-NIPKBU224Ubuntu 16.04Intel Xeon E5NonePKBU125Ubuntu 14.04Intel Xeon E5AES-NIPKBU226Ubuntu 14.04Intel Xeon E5NonePKBU127PhotonOS 2.0Intel Xeon E5AES-NIPKBU228PhotonOS 2.0Intel Xeon E5NonePKBU1On ESXI 6.529Windows 10Intel Xeon E5AES-NIPKBW230Windows 10Intel Xeon E5NonePKBW131Windows Server 2008Intel Xeon E5AES-NIPKBW232Windows Server 2008Intel Xeon E5NonePKBW133Windows Server 2012Intel Xeon E5AES-NIPKBW234Windows Server 2012Intel Xeon E5NonePKBW135Windows Server 2016Intel Xeon E5AES-NIPKBW236Windows Server 2016Intel Xeon E5NonePKBW137Ubuntu 16.04 (aka,VMware NSX Controller OS16.04)Intel Xeon E5AES-NIPKBUbuntu 16.04 (aka,VMware NSX Controller OS16.04)Intel Xeon E539Ubuntu 14.04Intel Xeon E5AES-NIPKBU240Ubuntu 14.04Intel Xeon E5NonePKBU141BLUX 4.4 (aka, VMwareNSX Edge OS 4.4)Intel Xeon E5AES-NIPKB42BLUX 4.4 (aka, VMwareNSX Edge OS 4.4)Intel Xeon E5NonePKB43BLUX 4.9Intel Xeon E5AES-NIPKBU244BLUX 4.9Intel Xeon E5NonePKBU145PhotonOS 2.0Intel Xeon E5AES-NIPKBU246PhotonOS 2.0Intel Xeon E5NonePKBU147PhotonOS 1.0Intel Xeon E5AES-NIPKBU248PhotonOS 1.0Intel Xeon E5NonePKBU149SLES 12Intel Xeon E5AES-NIPKBU250SLES 12Intel Xeon E5NonePKBU138U2NonePKBU1U2U1Bare MetalOctober 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 7 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.951Windows 10Intel Core iAES-NIPKBW252Windows 10Intel Core iNonePKBW1On ESXi 6.753PhotonOS 2.0Intel Xeon E5AES-NIPKBU254PhotonOS 2.0Intel Xeon E5NonePKBU155PhotonOS 1.0Intel Xeon E5AES-NIPKBU256PhotonOS 1.0Intel Xeon E5NonePKBU157SLES 11Intel Xeon E5AES-NIPKBU258SLES 11Intel Xeon E5NonePKBU159Windows Server 2016Intel Xeon E5AES-NIPKBW260Windows Server 2016Intel Xeon E5NonePKBW161In ESXi 6.7 (as a host)Intel Xeon E5AES-NIPKBU262In ESXi 6.7 (as a host)Intel Xeon E5NonePKBU163Ubuntu 16.04Intel Xeon E5AES-NIPKBU264Ubuntu 16.04Intel Xeon E5NonePKBU165Ubuntu 16.04Intel Xeon 6126AES-NIPKBU266Ubuntu 16.04Intel Xeon 6126NonePKBU167PhotonOS 2.0Intel Xeon 6126AES-NIPKBU268PhotonOS 2.0Intel Xeon 6126NonePKBU169In ESXi 6.7 (as a host)Intel Xeon 6126AES-NIPKBU270In ESXi 6.7 (as a host)Intel Xeon 6126NonePKBU1Tested Configurations (B Build Method; EC Elliptic Curve Support). The EC column indicates supportfor prime curve only (P), or all NIST defined P, K, and B curves (PKB).See Appendix A for additional information on build method and optimizations. See Appendix C for a list ofthe specific compilers used to generate the Module for the respective operational environments.2.2.1Physical Cryptographic BoundaryAs a software module, there are no physical protection mechanisms implemented. Therefore, the modulemust rely on the physical characteristics of the host system. The module runs on a General-PurposeComputer (GPC) and the physical boundary of the cryptographic module is defined by the hard enclosurearound the host system on which it runs. The module supports the physical interfaces of the GPC. SeeFigure 1 below for a block diagram of the typical GPC and its physical cryptographic boundary markedwith red dotted line.October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 8 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9Figure 1 – Hardware Block Diagram2.2.2Logical Cryptographic BoundaryThe logical cryptographic boundary of the module is the fipscanister object module, a single object modulefile named fipscanister.o (Linux 6 ) or fipscanister.lib (Microsoft Windows 7). Figure 2 depicts the logicalcryptographic boundary for the module which surrounds the VMware OpenSSL FIPS Object Module. Themodule’s logical boundary is a contiguous perimeter that surrounds all memory-mapped functionalityprovided by the module when loaded and stored in the host platform’s memory.67Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.Windows is a registered trademark of Microsoft Corporation in the United States and other countries.October 22, 2018 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 9 of 31
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9VMware OpenSSLFIPS Object ModuleCalling ApplicationUser SpaceKernel SpaceOperating SystemVMware ESXiHardware (GPC)API InvocationLogical BoundarySystem CallsFigure 2 – Module’s Logical Cryptographic Boundary2.2.3Cryptographic Implementation and modes of operationThe module implements the FIPS-Approved algorithms listed in Table 3 below.Table 3 – FIPS-Approved Algorithm etric KeyGenerationAlgorithm[SP 800-90] DRBG8Predictionresistancesupported for allvariationsOptionsCert #Hash DRBGHMAC DRBG, no reseed1254CTR DRBG (AES), no derivation function8For all DRBGs the “supported security strength” is just the highest supported security strength per [SP 800-90] and[SP 800-57].October 22, 2018Page 10 of 31 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Policy v1.0Encryption,Decryption andCMACVMware OpenSSL FIPS Object Module, Version 2.0.9[SP 800-67]3-Key TDES TECB, TCBC, TCFB 1, TCFB 8, TCFB 64, TOFB;CMAC generate and verify2261128/ 192/256 ECB, CBC, OFB, CFB 1, CFB 8, CFB 128,CTR, XTS; CCM; GCM; CMAC generate and verify4137[FIPS 197] AES[SP 800-38B] CMAC[SP 800-38C] CCM[SP 800-38D] GCM[SP 800-38E] XTSMessageDigests[FIPS 180-3]SHA-1, SHA-2 (224, 256, 384, 512)3407Keyed Hash[FIPS 198] HMACHMAC with SHA-1, SHA-2 (224, 256, 384, 512)2710DigitalSignature andAsymmetricKeyGenerationGenKey9.31 (2048/3072/4096)SigGen9.31, SigGenPSS (4096 with SHA-256, 384, 512)SigGenPKCS1.5 (4096 with SHA-224, 256, 384, 512)[FIPS 186-2] RSASigVer9.31 (1024/1536/2048/3072/4096 with SHA-1,256, 384, 512)SigVerPKCS1.5 (1024/1536/2048/3072/4096 with SHA1, 224, 256, 384, 512)SigVerPSS (1024/1536/2048/3072/4096 with SHA-1,224, 256, 384, 512)2251SigGen9.31 (2048/3072 with SHA-224, 256, 384, 512)SigGenPSS (2048/3072 with SHA-224, 256, 384, 512)SigGenPKCS1.5 (2048/3072 with SHA-224, 256, 384,512)[FIPS 186-4] RSASigVer9.31 (2048/3072 with SHA-1, 224, 256, 384, 512)SigVerPSS (2048/3072 with SHA-1, 224, 256, 384, 512)SigVerPKCS1.5 (2048/3072 with SHA-1, 224, 256, 384,512)PQG Gen (2048, 224 with SHA-224, 256, 384, 512;2048, 256 with SHA-256, 384, 512; 3072, 256 with SHA256, 384, 512)PQG Ver (1024, 160 with SHA-1, 224, 256, 384, 512;2048, 224 with SHA-224, 256, 384, 512; 2048, 256 withSHA-256, 384, 512; 3072,256 with SHA-256, 384, 512)[FIPS 186-4] DSA1123KeyPairGen (2048, 224; 2048, 256; 3072, 256)SigGen (2048, 224 with SHA-224, 256, 384, 512; 2048,256 with SHA-224, 256, 384, 512; 3072, 256 with SHA224, 256, 384, 512)SigVer (1024/2048/3072 with SHA-1, 224, 256, 384,512)October 22, 2018Page 11 of 31 2018 VMware, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.
Security Policy v1.0VMware OpenSSL FIPS Object Module, Version 2.0.9PKG: CURVES (P-224 P-256 P-384 P-521 K-233 K- 283 K409 K-571 B-233 B-283 B-409 B-571 ExtraRandomBitsTestingCandidates)PKV: CURVES (ALL-P ALL-K ALL-B)[FIPS 186-4] ECDSASigGen: CURVES( P-224: (SHA-224, 256, 384, 512) P256: (SHA-224, 256, 384, 512) P-384: (SHA-224, 256,384, 512) P-521: (SHA-224, 256, 384, 512) K-233: (SHA224, 256, 384, 512) K-283: (SHA-224, 256, 384, 512) K409: (SHA-224, 256, 384, 512) K-571: (SHA-224, 256,384, 512) B-233: (SHA-224, 256, 384, 512) B-283: (SHA224, 256, 384, 512) B-409: (SHA-224, 256, 384, 512) B571: (SHA-224, 256, 384, 512) )949SigVer: CURVES( P-192: (SHA-1, 224, 256, 384, 512) P224: (SHA-1, 224, 256, 384, 512) P-256: (SHA-1, 224,256, 384, 512) P-384: (SHA-1, 224, 256, 384, 512) P521: (SHA-1, 224, 256, 384, 512) K-163: (SHA-1, 224,256, 384, 512) K-233: (SHA-1, 224, 256, 384, 512) K283: (SHA-1, 224, 256, 384, 512) K-409: (SHA-1, 224,256, 384, 512) K-571: (SHA-1, 224, 256,
The VMware OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chip standalone embodiment. The overall security level of the module is 1. The software version of the module is 2.0.9, and it is built from the 2.0.9 version of the OpenSSL FIPS Object Module source code. 1 N/A – Not Applicable
OpenSSL FIPS Object Module SE Version 2.0.16 By OpenSSL Validation Services OpenSSL FIPS 140-2 Security Policy Version 2.0.16 April 24, 2017. . OpenSSL FIPS 140 2 Security Policy Acknowledgments OpenSSL Validation Services (OVS) serves as the "vendor" for this validation. Project management
This non-proprietary Cryptographic Module Security Policy for the OpenSSL FIPS Provider module from The OpenSSL Project provides an overview and a high-level description of how it meets the overall Level 1 security requirements of FIPS 140-2. The OpenSSL Project may also be referred to as "OpenSSL" in this document.
FIPS 140-2 Security Policy KeyPair FIPS Object Module for OpenSSL Page 4 of 18 1 Introduction This document is the non-proprietary security policy for the KeyPair FIPS Object Module for OpenSSL (FIPS 140-2 Cert. #3503), hereafter referred to as the Module. The Module is a software library providing a C language application program interface (API) for use by
ColorTokens OpenSSL FIPS Object Module This document is the non-proprietary security policy for the ColorTokens OpenSSL FIPS Object Module, hereafter referred to as the Module. The Module is a software cryptographic module that is built from the OpenSSL. The module is a
The VMware's OpenSSL FIPS Object Module is a software cryptographic module with a multiple-chip standalone embodiment. The overall security level of the module is 1. The software version of the module is 2.0.20-vmw, and it is developed and built from the 2.0.16 version of the OpenSSL FIPS Object Module source code. 1 N/A – Not Applicable
An “OpenSSL FIPS Object Module” (a.k.a. “FIPS module”) had been previously created. The FIPS module is a specially devised software component that was designed for compatibility with OpenSSL and created so that users can use a version of OpenSSL as a FIPS 140-validated cryptographic module. The FIPS module is about one-sixth the
Wickr FIPS Object Module for OpenSSL FIPS 140-2 Security Policy 1 Introduction This document is the non-proprietary security policy for the Wickr FIPS Object Module for OpenSSL, hereafter referred to as the Module. The Module is a software library providing a C-language application program interface (API) for
The hooks infrastructure is separatede in two parts, the hook dispatcher, and the actual hooks. The dispatcher is in charge of deciding which hooks to run for each event, and gives the final review on the change. The hooks themselves are the ones that actually do checks (or any other action needed) and where the actual login you
