Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program
Total Page:16
File Type:pdf, Size:1020Kb
Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology Canadian Centre for Cyber Security Initial Release: September 21, 2020 Last Update: August 27, 2021 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology Table of Contents OVERVIEW ....................................................................................................................................................... 4 SECTION 1 – GENERAL ................................................................................................................................. 5 SECTION 2 – CRYPTOGRAPHIC MODULE SPECIFICATION .............................................................. 6 2.3.A BINDING OF CRYPTOGRAPHIC ALGORITHM VALIDATION CERTIFICATES ................................................. 6 2.3.B SUB-CHIP CRYPTOGRAPHIC SUBSYSTEMS ............................................................................................... 7 2.3.C PROCESSOR ALGORITHM ACCELERATORS (PAA) AND PROCESSOR ALGORITHM IMPLEMENTATION (PAI) ........................................................................................................................................................................ 11 2.4.A DEFINITION AND USE OF A NON-APPROVED SECURITY FUNCTION ........................................................ 13 2.4.B TRACKING THE COMPONENT VALIDATION LIST .................................................................................... 17 2.4.C APPROVED SECURITY SERVICE INDICATOR ........................................................................................... 19 SECTION 3 – CRYPTOGRAPHIC MODULE INTERFACES .................................................................. 23 3.4.A TRUSTED CHANNEL ............................................................................................................................... 23 SECTION 4 – ROLES, SERVICES, AND AUTHENTICATION ............................................................... 26 4.1.A AUTHORISED ROLES .............................................................................................................................. 26 4.4.A MULTI-OPERATOR AUTHENTICATION ................................................................................................... 27 SECTION 5 – SOFTWARE/FIRMWARE SECURITY ............................................................................... 30 5.A NON-RECONFIGURABLE MEMORY INTEGRITY TEST ................................................................................. 30 SECTION 6 – OPERATIONAL ENVIRONMENT ...................................................................................... 31 SECTION 7 – PHYSICAL SECURITY ......................................................................................................... 32 7.3.A TESTING TAMPER EVIDENT SEALS ........................................................................................................ 32 7.3.B HARD COATING TEST METHODS (LEVEL 3 AND 4) ................................................................................ 33 SECTION 8 – NON-INVASIVE SECURITY ................................................................................................ 35 SECTION 9 – SENSITIVE SECURITY PARAMETER MANAGEMENT ............................................... 36 9.3.A ENTROPY CAVEATS ............................................................................................................................... 36 9.5.A SSP ESTABLISHMENT AND SSP ENTRY AND OUTPUT ............................................................................ 39 9.6.A ACCEPTABLE ALGORITHMS FOR PROTECTING STORED SSPS ................................................................ 46 9.7.A ZEROIZATION OF ONE TIME PROGRAMMABLE (OTP) MEMORY ............................................................ 48 9.7.B INDICATOR OF ZEROISATION .................................................................................................................. 49 SECTION 10 – SELF-TESTS ......................................................................................................................... 53 10.3.A CRYPTOGRAPHIC ALGORITHM SELF-TEST REQUIREMENTS ................................................................. 53 10.3.B SELF-TEST FOR EMBEDDED CRYPTOGRAPHIC ALGORITHMS ................................................................ 59 10.3.C CONDITIONAL MANUAL ENTRY SELF-TEST REQUIREMENTS ............................................................... 60 10.3.D ERROR LOGGING ................................................................................................................................. 61 10.3.E PERIODIC SELF-TESTING ...................................................................................................................... 63 SECTION 11 – LIFE-CYCLE ASSURANCE ............................................................................................... 66 11.A CVE MANAGEMENT ............................................................................................................................... 66 SECTION 12 – MITIGATION OF OTHER ATTACKS ............................................................................. 69 12.A MITIGATION OF OTHER ATTACKS ........................................................................................................... 69 ANNEX A – DOCUMENTATION REQUIREMENTS ................................................................................ 70 ANNEX B – CRYPTOGRAPHIC MODULE SECURITY POLICY .......................................................... 71 ANNEX C – APPROVED SECURITY FUNCTIONS .................................................................................. 72 CMVP 2 08/27/2021 Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program National Institute of Standards and Technology C.A USE OF NON-APPROVED ELLIPTIC CURVES .............................................................................................. 72 C.B VALIDATION TESTING OF HASH ALGORITHMS AND HIGHER CRYPTOGRAPHIC ALGORITHM USING HASH ALGORITHMS .................................................................................................................................................. 73 C.C THE USE AND THE TESTING REQUIREMENTS FOR THE FAMILY OF FUNCTIONS DEFINED IN FIPS 202 ...... 74 C.D USE OF A TRUNCATED HMAC ................................................................................................................. 75 C.E KEY GENERATION FOR RSA SIGNATURE ALGORITHM ............................................................................. 77 C.F APPROVED MODULUS SIZES FOR RSA DIGITAL SIGNATURE FOR FIPS 186-4 .......................................... 77 C.G SP 800-67REV2 LIMIT ON THE NUMBER OF ENCRYPTIONS WITH THE SAME TRIPLE-DES KEY................ 79 C.H KEY/IV PAIR UNIQUENESS REQUIREMENTS FROM SP 800-38D ............................................................... 81 C.I XTS-AES KEY GENERATION REQUIREMENTS .......................................................................................... 89 C.J REQUIREMENTS FOR TESTING TO SP 800-38G .......................................................................................... 90 ANNEX D – APPROVED SENSITIVE SECURITY PARAMETER GENERATION AND ESTABLISHMENT METHODS .................................................................................................................... 91 D.A ACCEPTABLE SSP ESTABLISHMENT PROTOCOLS ..................................................................................... 91 D.B STRENGTH OF SSP ESTABLISHMENT METHODS ....................................................................................... 92 D.C REFERENCES TO THE SUPPORT OF INDUSTRY PROTOCOLS ....................................................................... 95 D.D ELLIPTIC CURVES AND THE FFC SAFE-PRIME GROUPS IN SUPPORT OF INDUSTRY PROTOCOLS .............. 96 D.E ASSURANCE OF THE VALIDITY OF A PUBLIC KEY FOR SSP ESTABLISHMENT ........................................... 98 D.F KEY AGREEMENT METHODS .................................................................................................................... 99 D.G KEY TRANSPORT METHODS ................................................................................................................... 102 D.H REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-133 ................................................................ 105 D.I THE USE OF POST-PROCESSING IN KEY GENERATION METHODS ............................................................ 107 D.J ENTROPY ESTIMATION AND COMPLIANCE WITH SP 800-90B ................................................................. 109 D.K INTERPRETATION OF SP 800-90B REQUIREMENTS ................................................................................ 111 D.L CRITICAL SECURITY PARAMETERS FOR THE SP 800-90A DRBGS ......................................................... 117 D.M USING THE SP 800-108 KDFS IN AN APPROVED MODE ........................................................................ 118 D.N SP 800-132 PASSWORD-BASED KEY DERIVATION FOR STORAGE APPLICATIONS ................................. 119 D.O COMBINING ENTROPY FROM MULTIPLE SOURCES ................................................................................. 120 ANNEX E – APPROVED AUTHENTICATION MECHANISMS ........................................................... 123 E.A APPLICABILITY OF REQUIREMENTS FROM SP 800-63B