Transcription

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for JavaFIPS 140-2 Non-Proprietary Security PolicyVeritas Cryptographic Module for JavaSoftware Version 1.0Document Version 1.2June 25, 2020Prepared For:Prepared By:Veritas Technologies LLC2625 Augustine DriveSanta Clara, CA 95054www.veritas.comSafeLogic Inc.530 Lytton Ave, Suite 200Palo Alto, CA 94301www.safelogic.comDocument Version 1.2 VeritasPage 1 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for JavaAbstractThis document provides a non-proprietary FIPS 140-2 Security Policy for the VeritasCryptographic Module for Java.Document Version 1.2 VeritasPage 2 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for JavaTable of Contents1Introduction . 51.1About FIPS 140 . 51.2About this Document . 51.3External Resources . 51.4Notices . 52Veritas Cryptographic Module for Java . 62.1Cryptographic Module Specification . 62.1.1 Validation Level Detail . 62.1.2 Modes of Operation . 62.1.3 Module Configuration. 72.1.4 Approved Cryptographic Algorithms . 92.1.5 Non-Approved Cryptographic Algorithms . 142.1.6 Non-Approved Mode of Operation . 142.2Critical Security Parameters and Public Keys . 152.2.1 Critical Security Parameters . 152.2.2 Public Keys . 182.3Module Interfaces . 192.4Roles, Services, and Authentication . 202.4.1 Assumption of Roles . 202.4.2 Services . 202.5Physical Security . 252.6Operational Environment . 252.6.1 Use of External RNG . 262.7Self-Tests . 262.7.1 Power-Up Self-Tests . 262.7.2 Conditional Self-Tests . 272.8Mitigation of Other Attacks . 283Security Rules and Guidance . 293.1Basic Enforcement. 293.1.1 Additional Enforcement with a Java SecurityManager . 293.1.2 Basic Guidance . 293.1.3 Enforcement and Guidance for GCM IVs . 303.1.4 Enforcement and Guidance for use of the Approved PBKDF . 303.1.5 Software Installation. 304References and Acronyms. 314.1References . 314.2Acronyms . 32Document Version 1.2 VeritasPage 3 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for JavaList of TablesTable 1 – Validation Level by FIPS 140-2 Section . 6Table 2 – Available Java Permissions . 8Table 3 – FIPS-Approved Algorithm Certificates. 12Table 4 – Approved Cryptographic Functions Tested with Vendor Affirmation. 13Table 5 – Non-Approved but Allowed Cryptographic Algorithms . 14Table 6 – Non-Approved Cryptographic Functions for use in non-FIPS mode only. 15Table 7 – Critical Security Parameters . 17Table 8 – Public Keys . 18Table 9 – Logical Interface / Physical Interface Mapping . 20Table 10 – Description of Roles . 20Table 11 – Module Services, Roles, and Descriptions . 22Table 12 – CSP Access Rights within Services . 24Table 13 – Power-Up Self-Tests . 27Table 14 – Conditional Self-Tests . 28Table 15 – References . 32Table 16 – Acronyms and Terms . 33List of FiguresFigure 1 – Module Boundary and Interfaces Diagram . 19Document Version 1.2 VeritasPage 4 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for Java1Introduction1.1About FIPS 140Federal Information Processing Standards Publication 140-2 — Security Requirements forCryptographic Modules specifies requirements for cryptographic modules to be deployed in aSensitive but Unclassified environment. The National Institute of Standards and Technology(NIST) and Communications Security Establishment Canada (CSE) Cryptographic ModuleValidation Program (CMVP) run the FIPS 140 program. The NVLAP accredits independent testinglabs to perform FIPS 140 testing; the CMVP validates modules meeting FIPS 140 validation.Validated is the term given to a module that is documented and tested against the FIPS 140criteria.More information is available on the CMVP website 1.2About this DocumentThis non-proprietary Cryptographic Module Security Policy for Veritas Cryptographic Module forJava from Veritas provides an overview of the product and a high-level description of how itmeets the overall Level 1 security requirements of FIPS 140-2.The Veritas Cryptographic Module for Java may also be referred to as the “module” in thisdocument.1.3External ResourcesThe Veritas website (www.veritas.com) contains information on Veritas services and products.The Cryptographic Module Validation Program website contains links to the FIPS 140-2 certificateand Veritas contact information.1.4NoticesThis document may be freely reproduced and distributed in its entirety without modification.Document Version 1.2 VeritasPage 5 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for Java2Veritas Cryptographic Module for Java2.1Cryptographic Module SpecificationThe Veritas Cryptographic Module for Java is the FIPS validated cryptographic provider for variousproducts from Veritas. The Veritas Cryptographic Module for Java manages functions for securekey management, data integrity, data at rest encryption, and secure communications forthe aforementioned solution.The module's logical cryptographic boundary is the Java Archive (JAR) file (ccj-3.0.1.jar). Themodule is a multi-chip standalone embodiment installed on a General Purpose Device. Themodule is a software module and relies on the physical characteristics of the host platform. Themodule’s physical cryptographic boundary is defined by the enclosure of the host platform.All operations of the module occur via calls from host applications and their respective internaldaemons/processes. As such there are no untrusted services calling the services of the module.2.1.1Validation Level DetailThe following table lists the level of validation for each area in FIPS 140-2:FIPS 140-2 Section TitleCryptographic Module SpecificationCryptographic Module Ports and InterfacesRoles, Services, and AuthenticationFinite State ModelPhysical SecurityOperational EnvironmentCryptographic Key ManagementElectromagnetic Interference / ElectromagneticCompatibilitySelf-TestsDesign AssuranceMitigation of Other AttacksValidation Level1111N/A111111Table 1 – Validation Level by FIPS 140-2 Section2.1.2Modes of OperationThe module supports two modes of operation: Approved and Non-approved. The module will bein FIPS-approved mode when the appropriate transition method is called. To verify that a moduleis in the Approved Mode of operation, the user can call a FIPS-approved mode status e()). If the module is configured to allow approvedand non-approved mode operation, a call to CryptoServicesRegistrar.setApprovedMode(true) willswitch the current thread of user control into approved mode.Document Version 1.2 VeritasPage 6 of 33

FIPS 140-2 Non-Proprietary Security Policy: Veritas Cryptographic Module for JavaIn FIPS-approved mode, the module will not provide non-approved algorithms, therefore,exceptions will be called if the user tries to access non-approved algorithms in the ApprovedMode.2.1.3Module ConfigurationIn default operation, the module will start with both approved and non-approved mode enabled.If the module detects that the system property com.safelogic.cryptocomply.fips.approved only isset to true the module will start in approved mode and non-approved mode functionality will notbe available.If the underlying JVM is running with a Java Security Manager installed, the module will berunning in approved mode with secret and private key export disabled.Use of the module with a Java Security Manager requires the setting of some basic permissions toallow the module HMAC-SHA-256 software integrity test to take place as well as to allow themodule itself to examine secret and private keys. The basic permissions r