F2009VE 02

From MozillaWiki
Jump to: navigation, search

SECTION 2: MODULE PORTS AND INTERFACES

AS.02.01The cryptographic module shall restrict all information flow and

physical access points to physical ports and logical interfaces that define

all entry and exit points to and from the module.


Assessment:

VE.02.01.01

VE.02.01.01Vendor documentation shall specify each of the physical ports and

logical interfaces of the cryptographic module, including the:

1. Physical ports and their pin assignments

2. Physical covers, doors or openings

3. Logical interfaces (e.g., APIs and all other data/control/status

signals) and the signal names and functions

4. Manual controls (e.g., buttons or switches) for applicable physical

control inputs

5. Physical status indicators (e.g., lights or displays) for applicable

physical status outputs

6. Mapping of the logical interfaces to the physical ports, manual

controls, and physical status indicators of the cryptographic module

7. Physical, logical, and electrical characteristics, as applicable, of the

above ports and interfaces

Assessment:

VE.02.01.02

VE.02.01.02Vendor documentation shall specify the information flows and physical

access points of the cryptographic module by highlighting or annotating

copies of the block diagrams, design specifications and/or source code

and schematics provided in Sections 1 and 10. The vendor shall also

provide any other documentation necessary to clearly specify the

relationship of the information flows and physical access points to the

physical ports and logical interfaces.

Assessment:

VE.02.01.03

VE.02.01.03For each physical or logical input to the cryptographic module, or

physical and logical output from the module, vendor documentation

shall specify the logical interface to which the physical input or output

belongs, and the physical entry/exit port. The specifications provided

shall be consistent with the specifications of the cryptographic module

components provided under sections 1 and 10, and the specifications of

the logical interfaces provided in assertions AS02.03 to AS02.09 of this

section.

Assessment:

AS.02.02The cryptographic module interfaces shall be logically distinct from

each other although they may share one physical port (e.g., input data

may enter and output data may exit via the same port) or may be

distributed over one or more physical ports (e.g., input data may enter

via both a serial and a parallel port).

Assessment:

VE.02.02.01

VE.02.02.01The vendor's design shall separate the cryptographic module interfaces

into logically distinct and isolated categories, using the categories listed

in assertion AS02.03, and, if applicable, AS02.09 in this section. This

information shall be consistent with the specification of the logical

interfaces and physical ports provided in AS02.01 in this section.

Assessment:

VE.02.02.02

VE.02.02.02Vendor documentation shall provide a mapping of each category of

logical interface to a physical port of the cryptographic module. A

logical interface may be physically distributed across more than one

physical port, or two or more logical interfaces may share one physical

port as long as the information flows are kept logically separate. If two

or more logical interfaces share the same physical port, vendor

documentation shall specify how the information from the different

interface categories is kept logically separate.

Assessment:

AS.02.03The cryptographic module shall have the following four logical

interfaces ("input" and "output" are indicated from the perspective of

the module):

* Data input interface

* Data output interface

* Control input interface

* Status output interface

Assessment:

VE.02.03.01

VE.02.03.01Vendor documentation shall specify that the following four logical

interfaces have been designed within the cryptographic module ("input"

and "output" are indicated from the perspective of the module):

* data input interface (for the entry of data as specified in AS02.04),

* data output interface (for the output of data as specified in

AS02.05),

* control input interface (for the entry of commands as specified in

AS02.07), and

* status output interface (for the output of status information as

Assessment:

AS.02.04All data (except control data entered via the control input interface) that

is input to and processed by the cryptographic module (including

plaintext data, ciphertext data, cryptographic keys and CSPs,

authentication data, and status information from another module) shall enter via the "data input" interface.

Assessment:

VE.02.04.01

VE.02.04.01The cryptographic module shall have a data input interface. All data

(except control data entered via the control input interface) that is to be

input to and processed by the cryptographic module shall enter via the

data input interface, including:

1. Plaintext data

2. Ciphertext or signed data

3. Cryptographic keys and other key management data (plaintext or

encrypted)

4. Authentication data (plaintext or encrypted)

5. Status information from external sources

6. Any other input data

Assessment:

VE.02.04.02

VE.02.04.02If applicable, vendor documentation shall specify any external input

devices to be used with the cryptographic module for the entry of data

into the data input interface, such as smart cards, tokens, keypads, key

loaders, and/or biometric devices.

Assessment:

AS.02.05All data (except status data output via the status output interface) that is

output from the cryptographic module (including plaintext data,

ciphertext data, cryptographic keys and CSPs, authentication data, and

control information for another module) shall exit via the "data output"

Assessment:

VE.02.05.01

VE.02.05.01The cryptographic module shall have a data output interface. All data

(except status data output via the status output interface) that has been

processed and is to be output by the cryptographic module shall exit via

the data output interface, including:

1. Plaintext data

2. Ciphertext data and digital signatures

3. Cryptographic keys and other key management data (plaintext or

encrypted)

4. Control information to external targets

5. Any other output data

Assessment:

VE.02.05.02

VE.02.05.02If applicable, vendor documentation shall specify any external output

devices to be used with the cryptographic module for the output of data

from the data output interface, such as smart cards, tokens, displays,

and/or other storage devices.

Assessment:

AS.02.06All data output via the data output interface shall be inhibited when an

error state exists and during self-tests.


Assessment:

VE.02.06.01

VE.02.06.01Vendor documentation shall specify how the cryptographic module

ensures that all data output via the data output interface is inhibited

whenever the module is in an error state (error states are covered in

Section 4). Status information may be allowed from the status output

interface to identify the type of error, as long as no CSPs, plaintext

data, or other information that if misused could lead to a compromised.

Assessment:

VE.02.06.02

VE.02.06.02Vendor documentation shall specify how the design of the

cryptographic module ensures that all data output via the data output

interface is inhibited whenever the module is in a self-test condition

(self-tests are covered in Section 9). Status information to display the

results of the self-tests may be allowed from the status output interface,

as long as no CSPs, plaintext data, or other information that if misused

Assessment:

AS.02.07All input commands, signals, and control data (including calls and

manual controls such as switches, buttons, and keyboards) used to

control the operation of the cryptographic module shall enter via the

"control input" interface.

Assessment:

VE.02.07.01

VE.02.07.01The cryptographic module shall have a control input interface. All

commands, signals, and control data (except data entered via the data

input interface) used to control the operation of the cryptographic

module shall enter via the control input interface, including:

1. Commands input logically via an API (e.g., for the software and

firmware components of the cryptographic module)

2. Signals input logically or physically via one or more physical ports

(e.g., for the hardware components of the cryptographic module)

3. Manual control inputs (e.g., using switches, buttons, or a keyboard)


4. Any other input control data

Assessment:

VE.02.07.02

VE.02.07.02If applicable, vendor documentation shall specify any external input

devices to be used with the cryptographic module for the entry of

commands, signals, and control data into the control input interface,

such as smart cards, tokens, or keypads.

Assessment:

AS.02.08All output signals, indicators, and status data (including return codes

and physical indicators such as Light Emitting Diodes and displays)

used to indicate the status of the cryptographic module shall exit via the

"status output" interface.

Assessment:

VE.02.08.01

VE.02.08.01The cryptographic module shall have a status output interface. All

status information, signals, logical indicators, and physical indicators

used to indicate or display the status of the module shall exit via the

status output interface, including:

1. Status information output logically via an API

2. Signals output logically or physically via one or more physical

3. Manual status outputs (e.g., using LEDs, buzzers, or a display)

4. Any other output status information

Assessment:

VE.02.08.02

VE.02.08.02If applicable, vendor documentation shall specify any external output

devices to be used with the cryptographic module for the output of

status information, signals, logical indicators, and physical indicators via

the status output interface, such as smart cards, tokens, displays,

and/or other storage devices.

Assessment:

AS.02.09All external electrical power that is input to the cryptographic module

(including power from an external power source or batteries) shall enter

via a power port.


Assessment:

VE.02.09.01

VE.02.09.01If the cryptographic module requires or provides power to/from other

devices external to the boundary (e.g., a power supply or a external

battery), vendor documentation shall specify a power interface and a

corresponding physical port. All power entering or exiting the

cryptographic module to/from other devices external to the

cryptographic boundary shall pass through the specified power

Assessment:


AS.02.10The cryptographic module shall distinguish between data and control

for input and data and status for output.


Assessment:

VE.02.10.01

VE.02.10.01Vendor documentation shall specify how the cryptographic module

distinguishes between data and control for input and data and status for

output, and how the physical and logical paths followed by the input

data and control information entering the module via the applicable

input interfaces are logically or physically disconnected from the

physical and logical paths followed by the output data and status

information exiting the module via the applicable output interfaces.

Assessment:

AS.02.11All input data entering the cryptographic module via the "data input"

interface shall only pass through the input data path.


Assessment:

VE.02.11.01

VE.02.11.01Vendor documentation shall specify the physical and logical paths used

by all major categories of input data entering the cryptographic module

via the data input interface and the applicable physical ports. The

documentation shall include a specification of the applicable paths (e.g.,

by highlighted or annotated copies of the schematics, block diagrams,

or other information provided under AS01.08, AS01.09, and AS01.13).

All input data entering the cryptographic module via the data input

interface shall only use the specified paths while being processed or

stored by each physical or logical sub-section of the module.

Assessment:

AS.02.12All output data exiting the cryptographic module via the "data output"

interface shall only pass through the output data path.


Assessment:

VE.02.12.01

VE.02.12.01Vendor documentation shall specify the physical and logical paths used

by all major categories of output data exiting the cryptographic module

via the data output interface and the applicable physical ports. The

documentation shall include a specification of the applicable paths (e.g.,

by highlighted or annotated copies of the schematics, block diagrams,

or other information provided under AS01.08, AS01.09, and AS01.13).

All output data exiting the cryptographic module via the data output

interface shall only use the specified paths.

Assessment:


AS.02.13The output data path shall be logically disconnected from the circuitry

and processes while performing key generation, manual key entry, or

key zeroization.


Assessment:

VE.02.13.01

VE.02.13.01Vendor documentation shall specify how the physical and logical paths

used by all major categories of output data exiting the cryptographic

module are logically or physically disconnected from the processes

performing key generation, manual key entry, and zeroization of

cryptographic keys and CSPs. The cryptographic module shall not

allow the specified key processes to pass key/CSP information to the

output data path, and shall not allow output data exiting the module to

interfere with the key processes.

Assessment:

AS.02.14To prevent the inadvertent output of sensitive information, two

independent internal actions shall be required to output data via any

output interface through which plaintext cryptographic keys or CSPs or

sensitive data are output (e.g., two different software flags are set, one

of which may be user initiated; or two hardware gates are set serially

Assessment:

VE.02.14.01

VE.02.14.01If the cryptographic module allows plaintext cryptographic key

components or other unprotected CSPs to be output on one or more

physical ports, two independent internal actions shall be performed by

the module before the plaintext cryptographic key components or other

unprotected CSPs may be output. Vendor documentation shall specify

the two independent internal actions performed and how the two

independent internal actions protect against the inadvertent release of

the plaintext cryptographic key components or other unprotected CSPs.

Assessment:

AS.02.15Documentation shall specify the physical ports and logical interfaces

and all defined input and output data paths.Note: This assertion is not

separately tested. Verification of vendor documentation is performed

under assertions AS02.01 to AS02.14 and AS02.16 to AS02.18.