Implementation Guidance for FIPS 140-2 - NIST - 1 or 3 2 0 5 228 228 168 1 1 username and password verizon

Implementation Guidance for FIPS 140-2 and the Cryptographic Module

Validation Program

National Institute of Standards and Technology Canadian Centre for Cyber Security

Initial Release: March 28, 2003 Last Update: March 17, 2023

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology

Table of Contents

OVERVIEW .......................................................................................................................................................6

GENERAL ISSUES............................................................................................................................................7

G.1 REQUEST FOR GUIDANCE FROM THE CMVP AND CAVP............................................................................7 G.2 COMPLETION OF A TEST REPORT: INFORMATION THAT MUST BE PROVIDED TO NIST AND CCCS...............9 G.3 PARTIAL VALIDATIONS AND NOT APPLICABLE AREAS OF FIPS 140-2 ..................................................... 11 G.4 DESIGN AND TESTING OF CRYPTOGRAPHIC MODULES ............................................................................... 12 G.5 MAINTAINING VALIDATION COMPLIANCE OF SOFTWARE OR FIRMWARE CRYPTOGRAPHIC MODULES........ 13 G.6 MODULES WITH BOTH A FIPS MODE AND A NON-FIPS MODE ................................................................... 15 G.7 RELATIONSHIPS AMONG VENDORS, LABORATORIES, AND NIST/CCCS................................................... 16 G.8 REVALIDATION REQUIREMENTS ............................................................................................................... 16 G.9 FSM, SECURITY POLICY, USER GUIDANCE AND CRYPTO OFFICER GUIDANCE DOCUMENTATION ........... 34 G.10 PHYSICAL SECURITY TESTING FOR RE-VALIDATION FROM FIPS 140-1 TO FIPS 140-2 .......................... 35 G.11 TESTING USING EMULATORS AND SIMULATORS ..................................................................................... 36 G.12 POST-VALIDATION INQUIRIES ................................................................................................................ 37 G.13 INSTRUCTIONS FOR VALIDATION INFORMATION FORMATTING...............................................................38 G.14 MOVED TO W.14 ..................................................................................................................................... 52 G.15 MOVED TO W.2 ....................................................................................................................................... 52 G.16 REQUESTING AN INVOICE BEFORE SUBMITTING A REPORT .................................................................... 52 G.17 REMOTE TESTING FOR SOFTWARE MODULES ......................................................................................... 53 G.18 LIMITING THE USE OF FIPS 186-2 .......................................................................................................... 55 G.19 OPERATIONAL EQUIVALENCY TESTING FOR HW MODULES...................................................................57 G.20 TRACKING THE COMPONENT VALIDATION LIST ..................................................................................... 62

SECTION 1 - CRYPTOGRAPHIC MODULE SPECIFICATION ............................................................. 65

1.1 CRYPTOGRAPHIC MODULE NAME ............................................................................................................. 65 1.2 FIPS APPROVED MODE OF OPERATION ..................................................................................................... 66 1.3 FIRMWARE DESIGNATION..........................................................................................................................67 1.4 BINDING OF CRYPTOGRAPHIC ALGORITHM VALIDATION CERTIFICATES...................................................68 1.5 MOVED TO A.1...........................................................................................................................................70 1.6 MOVED TO A.2...........................................................................................................................................70 1.7 MULTIPLE APPROVED MODES OF OPERATION...........................................................................................70 1.8 MOVED TO W.13 ....................................................................................................................................... 72 1.9 DEFINITION AND REQUIREMENTS OF A HYBRID CRYPTOGRAPHIC MODULE..............................................72 1.10 MOVED TO A.3.........................................................................................................................................73 1.11 MOVED TO D.1.........................................................................................................................................74 1.12 MOVED TO C.1 ......................................................................................................................................... 74 1.13 MOVED TO A.4.........................................................................................................................................74 1.14 MOVED TO A.5.........................................................................................................................................74 1.15 MOVED TO A.6.........................................................................................................................................74 1.16 SOFTWARE MODULE ............................................................................................................................... 74 1.17 FIRMWARE MODULE ............................................................................................................................... 76 1.18 PIV REFERENCE ...................................................................................................................................... 79 1.19 NON-APPROVED MODE OF OPERATION.................................................................................................... 80 1.20 SUB-CHIP CRYPTOGRAPHIC SUBSYSTEMS ............................................................................................... 82 1.21 PROCESSOR ALGORITHM ACCELERATORS (PAA) AND PROCESSOR ALGORITHM IMPLEMENTATION (PAI) ........................................................................................................................................................................ 86 1.22 MODULE COUNT DEFINITION .................................................................................................................. 90 1.23 DEFINITION AND USE OF A NON-APPROVED SECURITY FUNCTION .......................................................... 93

SECTION 2 ? CRYPTOGRAPHIC MODULE PORTS AND INTERFACES .......................................... 98

2.1 TRUSTED PATH..........................................................................................................................................98

SECTION 3 ? ROLES, SERVICES, AND AUTHENTICATION ............................................................. 101

CMVP

2

03/17/2023

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology

3.1 AUTHORIZED ROLES................................................................................................................................101 3.2 BYPASS CAPABILITY IN ROUTERS ........................................................................................................... 102 3.3 AUTHENTICATION MECHANISMS FOR SOFTWARE MODULES...................................................................104 3.4 MULTI-OPERATOR AUTHENTICATION ..................................................................................................... 105 3.5 DOCUMENTATION REQUIREMENTS FOR CRYPTOGRAPHIC MODULE SERVICES........................................106

SECTION 4 - FINITE STATE MODEL ...................................................................................................... 109

SECTION 5 - PHYSICAL SECURITY........................................................................................................110

5.1 OPACITY AND PROBING OF CRYPTOGRAPHIC MODULES WITH FANS, VENTILATION HOLES OR SLITS AT LEVEL 2......................................................................................................................................................... 110 5.2 TESTING TAMPER EVIDENT SEALS .......................................................................................................... 111 5.3 PHYSICAL SECURITY ASSUMPTIONS ........................................................................................................ 111 5.4 LEVEL 3: HARD COATING TEST METHODS .............................................................................................. 116 5.5 PHYSICAL SECURITY LEVEL 3 AUGMENTED WITH EFP/EFT ................................................................... 118

SECTION 6 ? OPERATIONAL ENVIRONMENT....................................................................................119

6.1 SINGLE OPERATOR MODE AND CONCURRENT OPERATORS ..................................................................... 119 6.2 APPLICABILITY OF OPERATIONAL ENVIRONMENT REQUIREMENTS TO JAVA SMART CARDS ................. 120 6.3 CORRECTION TO COMMON CRITERIA REQUIREMENTS ON OPERATING SYSTEM ...................................... 121 6.4 APPROVED INTEGRITY TECHNIQUES........................................................................................................122

SECTION 7 ? CRYPTOGRAPHIC KEY MANAGEMENT ..................................................................... 123

7.1 MOVED TO D.2.........................................................................................................................................123 7.2 USE OF IEEE 802.11I KEY DERIVATION PROTOCOLS .............................................................................. 123 7.3 MOVED TO C.2 ......................................................................................................................................... 124 7.4 ZEROIZATION OF POWER-UP TEST KEYS.................................................................................................124 7.5 STRENGTH OF KEY ESTABLISHMENT METHODS ...................................................................................... 124 7.6 MOVED TO W.5 ........................................................................................................................................ 127 7.7 KEY ESTABLISHMENT AND KEY ENTRY AND OUTPUT.............................................................................127 7.8 THE USE OF POST-PROCESSING IN KEY GENERATION METHODS ............................................................ 131 7.9 PROCEDURAL CSP ZEROIZATION ............................................................................................................ 133 7.10 USING THE SP 800-108 KDFS IN FIPS MODE ....................................................................................... 134 7.11 MOVED TO W.6 ..................................................................................................................................... 135 7.12 KEY GENERATION FOR RSA SIGNATURE ALGORITHM .......................................................................... 135 7.13 MOVED TO W.1 ..................................................................................................................................... 136 7.14 ENTROPY CAVEATS ............................................................................................................................... 136 7.15 ENTROPY ASSESSMENT ......................................................................................................................... 140 7.16 ACCEPTABLE ALGORITHMS FOR PROTECTING STORED KEYS AND CSPS .............................................. 145 7.17 ZEROIZATION OF ONE TIME PROGRAMMABLE (OTP) MEMORY ............................................................ 147 7.18 ENTROPY ESTIMATION AND COMPLIANCE WITH SP 800-90B................................................................148 7.19 INTERPRETATION OF SP 800-90B REQUIREMENTS ................................................................................ 151 7.20 COMBINING ENTROPY FROM MULTIPLE SOURCES.................................................................................158

SECTION 8 ? ELECTROMAGNETIC INTERFERENCE/ELECTROMAGNETIC COMPATIBILITY (EMI/EMC) ..................................................................................................................................................... 160

SECTION 9 ? SELF-TESTS ......................................................................................................................... 161

9.1 KNOWN ANSWER TEST FOR KEYED HASHING ALGORITHM.....................................................................161 9.2 KNOWN ANSWER TEST FOR EMBEDDED CRYPTOGRAPHIC ALGORITHMS................................................163 9.3 KAT FOR ALGORITHMS USED IN AN INTEGRITY TEST TECHNIQUE .......................................................... 163 9.4 KNOWN ANSWER TESTS FOR CRYPTOGRAPHIC ALGORITHMS ................................................................. 165 9.5 MODULE INITIALIZATION DURING POWER-UP.........................................................................................171 9.6 SELF-TESTS WHEN IMPLEMENTING THE SP 800-56A SCHEMES..............................................................172 9.7 SOFTWARE/FIRMWARE LOAD TEST ......................................................................................................... 174 9.8 CONTINUOUS RANDOM NUMBER GENERATOR TESTS ............................................................................. 175 9.9 PAIR-WISE CONSISTENCY SELF-TEST WHEN GENERATING A KEY PAIR ................................................. 179

CMVP

3

03/17/2023

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology

9.10 POWER-UP TESTS FOR SOFTWARE MODULE LIBRARIES ........................................................................ 180 9.11 REDUCING THE NUMBER OF KNOWN ANSWER TESTS ........................................................................... 183 9.12 INTEGRITY TEST USING SAMPLING........................................................................................................ 185 9.13 NON-RECONFIGURABLE MEMORY INTEGRITY TEST..............................................................................187

SECTION 10 ? DESIGN ASSURANCE....................................................................................................... 189

SECTION 11 ? MITIGATION OF OTHER ATTACKS ........................................................................... 190

11.1 MITIGATION OF OTHER ATTACKS..........................................................................................................190

SECTION 12 ? APPENDIX A: SUMMARY OF DOCUMENTATION REQUIREMENTS ................. 191

SECTION 13 ? APPENDIX B: RECOMMENDED SOFTWARE DEVELOPMENT PRACTICES ....192

SECTION 14 ? APPENDIX C: CRYPTOGRAPHIC MODULE SECURITY POLICY ........................ 193

14.1 LEVEL OF DETAIL WHEN REPORTING CRYPTOGRAPHIC SERVICES........................................................193 14.2 LEVEL OF DETAIL WHEN REPORTING MITIGATION OF OTHER ATTACKS .............................................. 194 14.3 LOGICAL DIAGRAM FOR SOFTWARE, FIRMWARE AND HYBRID MODULES ............................................ 194 14.4 OPERATOR APPLIED SECURITY APPLIANCES ......................................................................................... 195 14.5 CRITICAL SECURITY PARAMETERS FOR THE SP 800-90 DRBGS ........................................................... 197

FIPS 140-2 ANNEX A ? APPROVED SECURITY FUNCTIONS............................................................... 199

A.1 VALIDATION TESTING OF SHS ALGORITHMS AND HIGHER CRYPTOGRAPHIC ALGORITHM USING SHS ALGORITHMS ................................................................................................................................................ 199 A.2 USE OF NON-NIST-RECOMMENDED ELLIPTIC CURVES .......................................................................... 199 A.3 VENDOR AFFIRMATION OF CRYPTOGRAPHIC SECURITY METHODS ........................................................ 200 A.4 MOVED TO W.7 ....................................................................................................................................... 203 A.5 KEY/IV PAIR UNIQUENESS REQUIREMENTS FROM SP 800-38D ............................................................. 203 A.6 MOVED TO W.8 ....................................................................................................................................... 210 A.7 MOVED TO W.9 ....................................................................................................................................... 210 A.8 USE OF A TRUNCATED HMAC................................................................................................................ 211 A.9 XTS-AES KEY GENERATION REQUIREMENTS ....................................................................................... 212 A.10 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-38G...............................................................213 A.11 THE USE AND THE TESTING REQUIREMENTS FOR THE FAMILY OF FUNCTIONS DEFINED IN FIPS 202 ... 214 A.12 REQUIREMENTS FOR VENDOR AFFIRMATION TO THE ADDENDUM TO SP 800-38A...............................216 A.13 SP 800-67REV1 TRANSITION ................................................................................................................ 218 A.14 APPROVED MODULUS SIZES FOR RSA DIGITAL SIGNATURE AND OTHER APPROVED PUBLIC KEY ALGORITHMS ................................................................................................................................................ 220 A.15 VENDOR AFFIRMATION FOR THE SP 800-185 ALGORITHMS ................................................................. 223

FIPS 140-2 ANNEX B ? APPROVED PROTECTION PROFILES ............................................................ 226

FIPS 140-2 ANNEX C ? APPROVED RANDOM NUMBER GENERATORS...........................................227

C.1 MOVED TO W.3 ....................................................................................................................................... 227 C.2 MOVED TO W.4 ....................................................................................................................................... 227

FIPS 140-2 ANNEX D ? APPROVED KEY ESTABLISHMENT TECHNIQUES ..................................... 228

D.1 MOVED TO W.10 ..................................................................................................................................... 228 D.1-REV2 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56A-REV2 .................................. 228 D.1-REV3 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-56A REV3 AND THE TRANSITION FROM THE VALIDATION TO THE EARLIER VERSIONS OF THIS STANDARD...................................................... 230 D.2 ACCEPTABLE KEY ESTABLISHMENT PROTOCOLS ................................................................................... 232 D.3 MOVED TO W.15. ................................................................................................................................... 233 D.4 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56B.................................................................233 D.5 MOVED TO W.11 ..................................................................................................................................... 235 D.6 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-132 ................................................................. 235 D.7 MOVED TO W.12 ..................................................................................................................................... 237 D.8 KEY AGREEMENT METHODS .................................................................................................................. 237

CMVP

4

03/17/2023

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program National Institute of Standards and Technology

D.9 KEY TRANSPORT METHODS ................................................................................................................... 242 D.10 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56C...............................................................245 D.11 REFERENCES TO THE SUPPORT OF INDUSTRY PROTOCOLS .................................................................... 247 D.12 REQUIREMENTS FOR VENDOR AFFIRMATION TO SP 800-133 ............................................................... 249 D.13 ELLIPTIC CURVES AND THE MODP GROUPS IN SUPPORT OF INDUSTRY PROTOCOLS ........................... 250 D.14 SP 800-56C REV2 ONE-STEP KEY DERIVATION FUNCTION WITHOUT A COUNTER..............................253

WITHDRAWN GUIDANCE........................................................................................................................ 255

W.1 CRYPTOGRAPHIC KEY STRENGTH MODIFIED BY AN ENTROPY ESTIMATE ............................................. 255 W.2 VALIDATING THE TRANSITION FROM FIPS 186-2 TO FIPS 186-4 .......................................................... 256 W.3 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-90 ....................................................... 259 W.4 USE OF OTHER CORE SYMMETRIC ALGORITHMS IN ANSI X9.31 RNG ................................................. 261 W.5 RNGS: SEEDS, SEED KEYS AND DATE/TIME VECTORS..........................................................................261 W.6 DEFINITION OF AN NDRNG...................................................................................................................262 W.7 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-38D .................................................... 263 W.8 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF FIPS 186-3 DIGITAL SIGNATURE STANDARD..265 W.9 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF NIST SP 800-38E ........................................... 269 W.10 CAVP REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-56A .................................................. 270 W.11 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-108...............................................................272 W.12 REQUIREMENTS FOR VENDOR AFFIRMATION OF SP 800-135REV1 ...................................................... 273 W.13 LISTING OF DES IMPLEMENTATIONS ................................................................................................... 274 W.14 VALIDATION OF TRANSITIONING CRYPTOGRAPHIC ALGORITHMS AND KEY LENGTHS ........................ 274 W.15 ASSURANCE OF THE VALIDITY OF A PUBLIC KEY FOR KEY ESTABLISHMENT ...................................... 278

CHANGE SUMMARY .................................................................................................................................. 281

NEW GUIDANCE ........................................................................................................................................... 281 MODIFIED GUIDANCE .................................................................................................................................. 283

END OF DOCUMENT .................................................................................................................................. 296

CMVP

5

03/17/2023

................
................

In order to avoid copyright disputes, this page is only a partial summary.

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Implementation Guidance for FIPS 140-2 - NIST

To fulfill the demand for quickly locating and searching documents.

Related download

Related searches