DOCSLIB.ORG

Vmware Java JCE (Java Cryptographic Extension) Module Software Version: 2.0

Vmware Java JCE (Java Cryptographic Extension) Module Software Version: 2.0

VMware, Inc. 3401 Hillview Ave Palo Alto, CA 94304, USA Tel: 877-486-9273 Email: [email protected] http://www. vmware.com VMware Java JCE (Java Cryptographic Extension) Module Software Version: 2.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.5 Security Policy, Version 0.5 VMware Java JCE (Java Cryptographic Extension) Module TABLE OF CONTENTS 1 Introduction .................................................................................................................................................. 4 1.1 Purpose......................................................................................................................................................... 4 1.2 Reference ..................................................................................................................................................... 4 2 VMware Java JCE (Java Cryptographic Extension) Module ............................................................................ 5 2.1 Introduction .................................................................................................................................................. 5 2.1.1 VMware Java JCE (Java Cryptographic Extension) Module ...................................................................... 5 2.2 Module Specification .................................................................................................................................... 5 2.2.1 Physical Cryptographic Boundary ............................................................................................................ 6 2.2.2 Logical Cryptographic Boundary .............................................................................................................. 6 2.2.3 Modes of Operation ................................................................................................................................. 8 2.2.4 Module Configuration .............................................................................................................................. 8 2.3 Module Interfaces ........................................................................................................................................ 9 2.4 Roles, Authentication and Services ............................................................................................................ 10 2.4.1 Assumption of Roles .............................................................................................................................. 10 2.4.2 Services .................................................................................................................................................. 10 2.5 Physical Security ......................................................................................................................................... 13 2.6 Operational Environment ........................................................................................................................... 14 2.6.1 Use of External RNG ............................................................................................................................... 15 2.7 Cryptographic Key Management ............................................................................................................... 15 2.7.1 Critical Security Parameters ................................................................................................................... 19 2.7.2 Public Keys ............................................................................................................................................. 21 2.8 Self-Tests .................................................................................................................................................... 22 3 Secure Operation ........................................................................................................................................ 24 3.1 Mitigation of Other Attacks Policy ............................................................................................................. 24 3.2 Basic Enforcement ...................................................................................................................................... 24 3.3 Additional Enforcement with a Java SecurityManager .............................................................................. 25 3.4 Basic Guidance ........................................................................................................................................... 25 3.5 Enforcement and Guidance for GCM IVs .................................................................................................... 25 3.6 Enforcement and Guidance for use of the Approved PBKDF ...................................................................... 26 4 References and Acronyms ........................................................................................................................... 27 March 15, 2017 Page 2 of 31 © 2017 VMware, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.5 VMware Java JCE (Java Cryptographic Extension) Module LIST OF FIGURES Figure 1 – Hardware Block Diagram ......................................................................................................... 6 Figure 2 – Module’s Logical Cryptographic Boundary ........................................................................... 7 LIST OF TABLES Table 1 – Security Level Per FIPS 140-2 Section ........................................................................................ 5 Table 2 – FIPS 140-2 Logical Interfaces ....................................................................................................... 7 Table 3 – Available Java Permissions .......................................................................................................... 8 Table 4 – FIPS 140-2 Logical Interface Mapping ......................................................................................... 9 Table 5 – Roles Description ........................................................................................................................ 10 Table 6 – Services ...................................................................................................................................... 10 Table 7 – CSP Access Rights within Services ............................................................................................ 12 Table 8 – Tested Configuration ................................................................................................................... 14 Table 9 – Approved and CAVP Validated Cryptographic Functions .......................................................... 15 Table 10 – Approved Cryptographic Functions Tested with Vendor Affirmation ........................................ 18 Table 11 – Non-Approved but Allowed Cryptographic Functions ............................................................... 18 Table 12 – Non-Approved Cryptographic Functions for use in non-FIPS mode only ................................. 18 Table 13 – Critical Security Parameters (CSPs) ......................................................................................... 20 Table 14 – Public Keys ............................................................................................................................... 21 Table 15 – Power Up Self-tests .................................................................................................................. 22 Table 16 – Conditional Self-tests ................................................................................................................ 23 Table 17 – References ................................................................................................................................ 27 Table 18 – Acronyms .................................................................................................................................. 28 March 15, 2017 Page 3 of 31 © 2017 VMware, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.5 VMware Java JCE (Java Cryptographic Extension) Module 1 INTRODUCTION 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the VMware Java JCE (Java Cryptographic Extension) Module from VMware, Inc. This Security Policy describes how the VMware Java JCE (Java Cryptographic Extension) Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment (CSE) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. The VMware Java JCE (Java Cryptographic Extension) Module is also referred to in this document as “the module”. 1.2 Reference This document deals only with operations and capabilities of the composite module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: The VMware website (http://www.vmware.com) contains

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    31 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us