DOCSLIB.ORG

FIPS 140-2 Non-Proprietary Security Policy

FIPS 140-2 Non-Proprietary Security Policy

<p><strong>Kernel Crypto API Cryptographic Module version 1.0 </strong></p><p><strong>FIPS 140-2 Non-Proprietary Security Policy </strong></p><p><strong>Version 1.3 </strong><br><strong>Last update:&nbsp;2020-03-02 </strong></p><p>Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 <a href="/goto?url=http://www.atsec.com" target="_blank">www.atsec.com </a></p><p>© 2020 Canonical Ltd. / atsec information security <br>This document can be reproduced and distributed only whole and intact, including this copyright notice. </p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><strong>Table of Contents </strong></p><p><a href="#5_0"><strong>1. Cryptographic</strong></a><a href="#5_0"><strong>&nbsp;</strong></a><a href="#5_0"><strong>Module Specification .....................................................................................................5 </strong></a></p><p><a href="#5_1">1.1. Module</a><a href="#5_1">&nbsp;</a><a href="#5_1">Overview .....................................................................................................................................5 </a><a href="#9_0">1.2. Modes</a><a href="#9_0">&nbsp;</a><a href="#9_0">of Operation .................................................................................................................................9 </a></p><p><a href="#10_0"><strong>2. Cryptographic</strong></a><a href="#10_0"><strong>&nbsp;</strong></a><a href="#10_0"><strong>Module Ports and Interfaces ........................................................................................10 </strong></a><a href="#11_0"><strong>3. Roles,</strong></a><a href="#11_0"><strong>&nbsp;</strong></a><a href="#11_0"><strong>Services and Authentication .....................................................................................................11 </strong></a></p><p><a href="#11_1">3.1. Roles</a><a href="#11_1">&nbsp;</a><a href="#11_1">.......................................................................................................................................................11 </a><a href="#11_2">3.2. Services...................................................................................................................................................11 </a><a href="#13_0">3.3. Algorithms</a><a href="#13_0">&nbsp;</a><a href="#13_0">..............................................................................................................................................13 </a><br><a href="#13_1">3.3.1. </a><a href="#17_0">3.3.2. </a><a href="#0_0">3.3.3. </a><a href="#0_1">3.3.4. </a><br><a href="#13_1">Ubuntu 16.04 LTS 64-bit Little Endian Running on POWER System...............................................13 </a><a href="#17_0">Ubuntu 16.04 LTS 64-bit Running on Intel® Xeon® Processor .......................................................17 </a><a href="#0_0">Ubuntu 16.04 LTS 64-bit Running on z System...............................................................................24 </a><a href="#0_1">Non-Approved Algorithms..............................................................................................................27 </a><br><a href="#0_2">3.4. Operator</a><a href="#0_2">&nbsp;</a><a href="#0_2">Authentication ........................................................................................................................29 </a></p><p><a href="#0_0"><strong>4. Physical</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>Security ................................................................................................................................30 </strong></a><a href="#0_0"><strong>5. Operational</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>Environmen</strong></a><a href="#0_0"><strong>t</strong></a><a href="#0_0"><strong>...................................................................................................................31 </strong></a></p><p><a href="#0_3">5.1. Applicability</a><a href="#0_3">&nbsp;</a><a href="#0_3">............................................................................................................................................31 </a><a href="#0_4">5.2. Policy.......................................................................................................................................................31 </a></p><p><a href="#0_0"><strong>6. Cryptographic</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>Key Management.........................................................................................................32 </strong></a></p><p><a href="#0_5">6.1. Random</a><a href="#0_5">&nbsp;</a><a href="#0_5">Number Generatio</a><a href="#0_5">n</a><a href="#0_5">.</a><a href="#0_5">................................................................................................................32 </a><a href="#0_0">6.2. Key</a><a href="#0_0">&nbsp;</a><a href="#0_0">Generatio</a><a href="#0_0">n</a><a href="#0_0">.</a><a href="#0_0">......................................................................................................................................33 </a><a href="#0_6">6.3. Key</a><a href="#0_6">&nbsp;</a><a href="#0_6">Agreement / Key Transport / Key Derivation ..................................................................................33 </a><a href="#0_7">6.4. Key</a><a href="#0_7">&nbsp;</a><a href="#0_7">Entry / Output..................................................................................................................................33 </a><a href="#0_8">6.5. Key</a><a href="#0_8">&nbsp;</a><a href="#0_8">/ CSP Storage....................................................................................................................................33 </a><a href="#0_9">6.6. Key</a><a href="#0_9">&nbsp;</a><a href="#0_9">/ CSP Zeroization..............................................................................................................................33 </a></p><p><a href="#0_0"><strong>7. Electromagnetic</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>Interference/Electromagnetic Compatibility (EMI/EMC) ............................................34 </strong></a><a href="#0_0"><strong>8. Self-Test</strong></a><a href="#0_0"><strong>s</strong></a><a href="#0_0"><strong>.</strong></a><a href="#0_0"><strong>..........................................................................................................................................35 </strong></a></p><p><a href="#0_10">8.1. Power-Up</a><a href="#0_10">&nbsp;</a><a href="#0_10">Tests.......................................................................................................................................35 </a><br><a href="#0_11">8.1.1. </a><a href="#0_12">8.1.2. </a><br><a href="#0_11">Integrity Test</a><a href="#0_11">s</a><a href="#0_11">.</a><a href="#0_11">................................................................................................................................35 </a><a href="#0_12">Cryptographic Algorithm Test</a><a href="#0_12">s</a><a href="#0_12">.</a><a href="#0_12">......................................................................................................35 </a><br><a href="#0_13">8.2. On-Demand</a><a href="#0_13">&nbsp;</a><a href="#0_13">Self-Test</a><a href="#0_13">s</a><a href="#0_13">.</a><a href="#0_13">...........................................................................................................................37 </a><a href="#0_14">8.3. Conditional</a><a href="#0_14">&nbsp;</a><a href="#0_14">Tests ....................................................................................................................................37 </a></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">2 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><a href="#0_0"><strong>9. Guidance</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>...........................................................................................................................................38 </strong></a></p><p><a href="#0_15">9.1. Crypto</a><a href="#0_15">&nbsp;</a><a href="#0_15">Officer Guidanc</a><a href="#0_15">e</a><a href="#0_15">.</a><a href="#0_15">........................................................................................................................38 </a><br><a href="#0_16">9.1.1. </a><a href="#0_17">9.1.2. </a><br><a href="#0_16">Module Installation.........................................................................................................................38 </a><a href="#0_17">Operating Environment Configuratio</a><a href="#0_17">n</a><a href="#0_17">.</a><a href="#0_17">..........................................................................................38 </a><br><a href="#0_18">9.2. User</a><a href="#0_18">&nbsp;</a><a href="#0_18">Guidance ........................................................................................................................................39 </a><br><a href="#0_19">9.2.1. </a><a href="#0_0">9.2.2. </a><a href="#0_20">9.2.3. </a><a href="#0_21">9.2.4. </a><br><a href="#0_19">AES GCM IV.....................................................................................................................................39 </a><a href="#0_0">AES XTS ...........................................................................................................................................40 </a><a href="#0_20">Triple-DES encryptio</a><a href="#0_20">n</a><a href="#0_20">.</a><a href="#0_20">....................................................................................................................40 </a><a href="#0_21">Handling FIPS Related Errors ..........................................................................................................40 </a></p><p><a href="#0_0"><strong>10. Mitigation</strong></a><a href="#0_0"><strong>&nbsp;</strong></a><a href="#0_0"><strong>of Other Attack</strong></a><a href="#0_0"><strong>s</strong></a><a href="#0_0"><strong>.</strong></a><a href="#0_0"><strong>...............................................................................................................41 </strong></a></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">3 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><strong>Copyrights and Trademarks </strong></p><p>Ubuntu and Canonical are registered trademarks of Canonical Ltd. Linux is a registered trademark of Linus Torvalds. </p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">4 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><strong>1. Cryptographic Module Specification </strong></p><p>This document is the non-proprietary FIPS 140-2 Security Policy for version 1.0 of the Ubuntu Kernel Crypto API Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-2 (Federal Information Processing Standards Publication 140-2) for a Security Level 1 software module. </p><p>The following sections describe the cryptographic module and how it conforms to the FIPS 140-2 specification in each of the required areas. </p><p><strong>1.1. Module&nbsp;Overview </strong></p><p>The Ubuntu Kernel Crypto API Cryptographic Module (hereafter referred to as “the module”) is a software module running as part of the operating system kernel that provides general purpose cryptographic services. The module provides cryptographic services to kernel applications through a C language Application Program Interface (API) and to applications running in the user space through an AF_ALG socket type interface. The module utilizes processor instructions to optimize and increase the performance of cryptographic algorithms. </p><p>For the purpose of the FIPS 140-2 validation, the module is a software-only, multi-chip standalone cryptographic module validated at overall security level 1. The table below shows the security level claimed for each of the eleven sections that comprise the FIPS 140-2 standard. </p><p></p><ul style="display: flex;"><li style="flex:1"><strong>FIPS 140-2 Section </strong></li><li style="flex:1"><strong>Security </strong></li></ul><p><strong>Level </strong></p><p>123456789<br>Cryptographic Module Specification Cryptographic Module Ports and Interfaces Roles, Services and Authentication Finite State Model <br>1111</p><ul style="display: flex;"><li style="flex:1">Physical Security </li><li style="flex:1">N/A </li></ul><p></p><ul style="display: flex;"><li style="flex:1">1</li><li style="flex:1">Operational Environment </li></ul><p>Cryptographic Key Management EMI/EMC <br>11</p><ul style="display: flex;"><li style="flex:1">Self-Tests </li><li style="flex:1">1</li></ul><p>10 Design&nbsp;Assurance 11 Mitigation&nbsp;of Other Attacks Overall Level <br>1N/A <br>1</p><p><em>Table 1 - Security Levels </em></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">5 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p>The cryptographic logical boundary consists of all kernel objects and the integrity check files used for Integrity Tests. The table below enumerates the components that comprise the module with their location in the target platform. </p><p></p><ul style="display: flex;"><li style="flex:1"><strong>Description </strong></li><li style="flex:1"><strong>Components </strong></li></ul><p></p><p></p><ul style="display: flex;"><li style="flex:1">Integrity test utility </li><li style="flex:1">/usr/bin/sha512hmac </li></ul><p>Integrity check HMAC file for the integrity test utility. <br>/usr/bin/.sha512hmac.hmac </p><ul style="display: flex;"><li style="flex:1">Static kernel binary </li><li style="flex:1">On Power system: </li></ul><p>/boot/vmlinux-4.4.0-1002-fips </p><p>On x86_64 and z system: /boot/vmlinuz-4.4.0-1002-fips </p><p>Integrity check HMAC file for static kernel binary <br>On Power system: /boot/.vmlinux-4.4.0-1002-fips.hmac </p><p>On x86_64 and z system: /boot/.vmlinuz-4.4.0-1002-fips.hmac </p><p>Cryptographic kernel object files <br>On Power system: /lib/modules/4.4.0-1002-fips/kernel/crypto/*.ko /lib/modules/4.4.0-1002-fips/kernel/arch/powerpc/crypto/*.ko /lib/modules/4.4.0-1002-fips/kernel/drivers/crypto/vmx/*.ko </p><p>On x86_64 system: /lib/modules/4.4.0-1002-fips/kernel/crypto/*.ko /lib/modules/4.4.0-1002-fips/kernel/arch/x86/crypto/*.ko </p><p>On z system: /lib/modules/4.4.0-1002-fips/kernel/crypto/*.ko /lib/modules/4.4.0-1002-fips/kernel/arch/s390/crypto/*.ko </p><p><em>Table 2 - Cryptographic Module Components </em></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">6 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p>The software block diagram below shows the module, its interfaces with the operational environment and the delimitation of its logical boundary, comprised of all the components within the <strong>BLUE </strong>box. </p><p><em>Figure 1 - Software Block Diagram </em></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">7 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p>The module is aimed to run on a general purpose computer (GPC); the physical boundary of the module is the tested platforms. Figure 2 shows the major components of a GPC. </p><p><em>Figure 2 - Cryptographic Module Physical Boundary </em></p><p>The module has been tested on the test platforms shown below. </p><p></p><ul style="display: flex;"><li style="flex:1"><strong>Test Platform </strong></li><li style="flex:1"><strong>Processor </strong></li><li style="flex:1"><strong>Processor </strong></li><li style="flex:1"><strong>Test Configuration </strong></li></ul><p><strong>Architecture </strong></p><p>IBM Power System S822L (PowerNV 8247-22L) </p><ul style="display: flex;"><li style="flex:1">POWER8 </li><li style="flex:1">Power system </li></ul><p>Power system Power system <br>Ubuntu 16.04 LTS 64-bit Little Endian with/without Power ISA 2.07 (PAA) </p><p>IBM Power System S822LC (PowerNV 8001-22C) <br>POWER8 POWER8 <br>Ubuntu 16.04 LTS 64-bit Little Endian with/without Power ISA 2.07 (PAA) </p><p>IBM Power System S822LC (PowerNV 8335-GTB) <br>Ubuntu 16.04 LTS 64-bit Little Endian with/without Power ISA 2.07 (PAA) </p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">8 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p></p><ul style="display: flex;"><li style="flex:1"><strong>Test Platform </strong></li><li style="flex:1"><strong>Processor </strong></li><li style="flex:1"><strong>Processor </strong></li><li style="flex:1"><strong>Test Configuration </strong></li></ul><p><strong>Architecture </strong></p><p>Supermicro SYS-5018R-WR IBM z13 <br>Intel® Xeon® CPU&nbsp;x86_64 E5-2620v3 <br>Ubuntu 16.04 LTS 64-bit with/without AES-NI (PAA) </p><p></p><ul style="display: flex;"><li style="flex:1">z13 </li><li style="flex:1">z System </li></ul><p>x86_64 <br>Ubuntu 16.04 LTS 64-bit running on LPAR with/without CPACF (PAI) </p><p>Supermicro A1SAi </p><p>Supermicro SMX11SPL-F </p><ul style="display: flex;"><li style="flex:1">Intel®Atom™ </li><li style="flex:1">Ubuntu 16.04 LTS 64-bit with/without </li></ul><p></p><ul style="display: flex;"><li style="flex:1">AES-NI (PAA) </li><li style="flex:1">C2750 </li></ul><p>Intel® Xeon® Silver 4216 </p><ul style="display: flex;"><li style="flex:1">x86_64 </li><li style="flex:1">Ubuntu 16.04 LTS 64-bit with/without </li></ul><p>AES-NI (PAA) </p><p><em>Table 3 - Tested Platforms </em></p><p><strong>Note: </strong>Per [FIPS 140-2_IG] G.5, the Cryptographic Module Validation Program (CMVP) makes no statement as to the correct operation of the module or the security strengths of the generated keys when this module is ported and executed in an operational environment not listed on the validation certificate. </p><p><strong>1.2. Modes&nbsp;of Operation </strong></p><p>The module supports two modes of operation: </p><p></p><p><strong>FIPS mode </strong>(the Approved mode of operation): only approved or allowed security functions with sufficient security strength can be used. </p><p><strong>non-FIPS mode </strong>(the non-Approved mode of operation): only non-approved security functions can be used. </p><p>The module enters FIPS mode after power-up tests succeed. Once the module is operational, the mode of operation is implicitly assumed depending on the security function invoked and the security strength of the cryptographic keys. </p><p>Critical security parameters used or stored in FIPS mode are not used in non-FIPS mode, and vice versa. </p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">9 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><strong>2. Cryptographic Module Ports and Interfaces </strong></p><p>As a software-only module, the module does not have physical ports. For the purpose of the FIPS 140-2 validation, the physical ports are interpreted to be the physical ports of the hardware platform on which it runs. </p><p>The logical interfaces are the API through which kernel modules request services, and the AF_ALG type socket that allows the applications running in the user space to request cryptographic services from the module. The following table summarizes the four logical interfaces: </p><p><strong>FIPS Interface </strong></p><p>Data Input </p><p></p><ul style="display: flex;"><li style="flex:1"><strong>Physical Port </strong></li><li style="flex:1"><strong>Logical Interface </strong></li></ul><p></p><p>Keyboard Display <br>API input parameters from kernel system calls, AF_ALG type socket. </p><p>Data Output </p><p>Control Input <br>API output parameters from kernel system calls, AF_ALG type socket. </p><p></p><ul style="display: flex;"><li style="flex:1">Keyboard </li><li style="flex:1">API function calls, API input parameters for </li></ul><p>control from kernel system calls, AF_ALG type socket, kernel command line. </p><p>Status Output </p><p>Power Input </p><ul style="display: flex;"><li style="flex:1">Display </li><li style="flex:1">API return codes, AF_ALG type socket, </li></ul><p>kernel logs. </p><p></p><ul style="display: flex;"><li style="flex:1">PC Power Supply Port </li><li style="flex:1">N/A </li></ul><p></p><p><em>Table 4 - Ports and Interfaces </em></p><p>© 2020 Canonical Ltd. / atsec information security </p><ul style="display: flex;"><li style="flex:1">This document can be reproduced and distributed only whole and intact, including this copyright notice. </li><li style="flex:1">10 of 46 </li></ul><p></p><ul style="display: flex;"><li style="flex:1">Kernel Crypto API Cryptographic Module </li><li style="flex:1">FIPS 140-2 Non-Proprietary Security Policy </li></ul><p></p><p><strong>3. Roles,&nbsp;Services and Authentication </strong></p><p><strong>3.1. Roles </strong></p><p>The module supports the following roles: </p><p></p><p><strong>User role</strong>: performs cryptographic services (in both FIPS mode and non-FIPS mode), key zeroization, show status, and on-demand self-test. </p><p></p><p><strong>Crypto Officer role</strong>: performs module installation and initialization. <br>The User and Crypto Officer roles are implicitly assumed by the entity accessing the module services. </p>

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    46 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us