Security Policy: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
 
(6 intermediate revisions by the same user not shown)
Line 2: Line 2:


[http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy]
[http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf Security Policy]
==Authentication Policy==
===Strength of Authentication Mechanism===
In FIPS mode, the NSS cryptographic module imposes the following requirements on the password.
* The password must be at least '''seven''' characters long.
* The password must consist of characters from '''three or more character classes'''. We define five character classes: digits (0-9), ASCII lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric characters (such as space and punctuation marks), and non-ASCII characters.  If an ASCII uppercase letter is the first character of the password, the uppercase letter is not counted toward its character class.  Similarly, if a digit is the last character of the password, the digit is not counted toward its character class.
To estimate the probability that a random guess of the password will succeed, we assume that
* the characters of the password are '''independent''' with each other, and
* the probability of guessing an individual character of the password is < '''1/10'''.
Since the password is >= 7 characters long, the probability that a random guess of the password will succeed is < (1/10)^7 = 1/10,000,000.
After each failed authentication attempt in FIPS mode, the NSS cryptographic module inserts a one-second delay before returning to the caller, allowing at most 60 authentication attempts during a one-minute period. Therefore, the probability of a successful random guess of the password during a one-minute period is < 60 * 1/10,000,000 = 0.6 * (1/100,000).
==Access Control Policy==
This section identifies the cryptographic keys and CSPs that the user has access to while performing a service, and the type of access the user has to the CSPs.
=== Security-Relevant Information ===
The NSS cryptographic module employs the following cryptographic keys and CSPs in the FIPS Approved mode of operation.
* AES secret keys: The module supports 128-bit, 192-bit, and 256-bit AES keys. The keys may be stored in memory or in the private key database (key3.db).
* Triple DES secret keys: 168-bit. The keys may be stored in memory or in the private key database (key3.db).
* HMAC secret keys: HMAC key size must be greater than or equal to half the size of the hash function output. The keys may be stored in memory or in the private key database (key3.db).
* DSA public keys and private keys: The module supports DSA key sizes of 512-1024 bits. The keys may be stored in memory or in the private key database (key3.db).
* RSA public keys and private keys (used for digital signatures and key transport): The module supports RSA key sizes of 1024-8192 bits. The keys may be stored in memory or in the private key database (key3.db).
* EC public keys and private keys (used for ECDSA digital signatures and EC Diffie-Hellman key agreement): The module supports elliptic curve key sizes of 163-571 bits. (See the section "Non-NIST-Recommended Elliptic Curves" below.) The keys may be stored in memory or in the private key database (key3.db).
* Diffie-Hellman public keys and private keys (used for key agreement): The module supports Diffie-Hellman public key sizes of 1024-2236 bits. The keys may be stored in memory or in the private key database (key3.db).
* TLS premaster secret (used in deriving the TLS master secret): 48-byte. Stored in memory.
* TLS master secret (used in the generation of symmetric cipher keys, IVs, and MAC secrets for TLS): 48-byte. Stored in memory.
* seed key of the Approved random number generator: 256-bit. Stored in memory.
* authentication data (passwords): Stored in the private key database (key3.db).
* audited events and audit data (Security Level 2 only): Stored in the system audit logs.
====Non-NIST-Recommended Elliptic Curves====
The '''basic ECC''' version of the NSS cryptographic module only implements the NIST-Recommended elliptic curves P-256, P-384, and P-521 in FIPS 186-2.
The '''extended ECC''' version of the NSS cryptographic module implements all the NIST-Recommended elliptic curves and the following non-NIST-Recommended curves:
* ANSI X9.62 prime curves
** prime192v2
** prime192v3
** prime239v1
** prime239v2
** prime239v3
* ANSI X9.62-1998 binary curves
** c2pnb163v1
** c2pnb163v2
** c2pnb163v3
** c2pnb176w1 (disallowed in ANSI X9.62-2005). Note: the NSS cryptographic module incorrectly named this curve c2pnb176'''v'''1.
** c2tnb191v1
** c2tnb191v2
** c2tnb191v3
** c2pnb208w1 (disallowed in ANSI X9.62-2005)
** c2tnb239v1
** c2tnb239v2
** c2tnb239v3
** c2pnb272w1 (disallowed in ANSI X9.62-2005)
** c2pnb304w1 (disallowed in ANSI X9.62-2005)
** c2tnb359v1
** c2pnb368w1 (disallowed in ANSI X9.62-2005)
** c2tnb431r1
* SEC 2 prime curves
** secp112r1
** secp112r2
** secp128r1
** secp128r2
** secp160k1
** secp160r1
** secp160r2
** secp192k1
** secp224k1
** secp256k1
* SEC 2 binary curves
** sect113r1
** sect113r2
** sect131r1
** sect131r2
** sect163r1
** sect193r1
** sect193r2
** sect239k1
Although FIPS 140-2 Implementation Guidance IG 1.6 allows the use of non-NIST-Recommended curves in the FIPS Approved mode of operation, we recommend that the non-NIST-Recommended curves not be used in the FIPS mode.
===Specification of Services===
The Crypto Officer role is assumed implicitly during installation or initialization of the module. The NSS User role is assumed explicitly by authenticating, or logging in, to the module. Some services require the user to assume the NSS User role. Other services do not impose any role requirement.
Each service is provided by a PKCS #11 function.  The following table lists the defined services and correlates role, service type and type of access to security-relevant information. Access type is Read/Write/Zeroize.
<table style="height: 2066px;" border="1">
    <tr valign="top">
      <td
style="text-align: center; vertical-align: middle; width: 101px;">
      <p><font face="Palatino"><font size="2"><b>Service
Category</b></font></font></p>
      </td>
      <td
style="text-align: center; font-weight: bold;">
      <p><font face="Palatino"><font size="2"><b>Role</b></font></font></p>
      </td>
      <td
style="text-align: center; vertical-align: middle; width: 155px;">
      <p style="width: 187px;"><font face="Palatino"><font
size="2"><b>Function Name</b></font></font></p>
      </td>
      <td
style="text-align: center; vertical-align: middle; width: 321px;">
      <p><font face="Palatino"><font size="2"><b>Description</b></font></font></p>
      </td>
      <td
style="width: 116px; font-weight: bold; text-align: center; vertical-align: middle;">
      <p><font face="Palatino"><font size="2"><b>CSPs<br>
Accessed</b></font></font></p>
      </td>
      <td style="text-align: center; vertical-align: middle;">
      <p><font face="Palatino"><font size="2"><b>Access
type,<br>
e.g.
RWZ</b></font></font></p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;">
      <p><font face="Palatino"><font size="2">FIPS
140-2 specific</font></font></p>
      </td>
      <td></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetFunctionList</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">return
the list of FIPS 140-2 functions</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="3">
      <p><font face="Palatino"><font size="2">Module Initialization</font></font></p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>Crypto Officer</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_</font></font><font
face="Palatino"><font size="2">InitToken</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes or re-initializes
a token</font></font></p>
      </td>
      <td style="width: 116px;">password and all keys</td>
      <td>
      <p align="center">Z</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>Crypto Officer</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_</font></font><font
face="Palatino"><font size="2">InitPIN</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
the normal user's password</font></font></p>
      </td>
      <td style="width: 116px;">password</td>
      <td>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="3">
      <p><font size="2"><font face="Palatino">General</font></font><br>
      <font size="2"><font face="Palatino">purpose</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Initialize</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes the module library for the FIPS mode of operation. This function provides the power-up self-test service</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Finalize</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finalizes (shuts down) the
module library</font></font></p>
      </td>
      <td style="width: 116px;">all keys</td>
      <td>
      <p align="center">Z</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetInfo</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
general information about the module library</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="7">
      <p><font size="2"><font face="Palatino">Slot
and</font></font><br>
      <font size="2"><font face="Palatino">token</font></font><br>
      <font size="2"><font face="Palatino">management</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetSlotList</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
a list of slots in the system</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetSlotInfo</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
information about a particular slot</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetTokenInfo</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
information about the token. This function provides the Show Status
service.</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetMechansimList</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
a list of mechanisms supported by a token</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetMechanismInfo</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
information about a particular mechanism</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SetPIN</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">changes
the password of the current user</font></font></p>
      </td>
      <td style="width: 116px;">password</td>
      <td>
      <p align="center">RW</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="8">
      <p><font face="Palatino"><font size="2">Session
management</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_OpenSession</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">opens
a connection or "session" between an application and a particular token</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_CloseSession</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">closes
a session</font></font></p>
      </td>
      <td style="width: 116px;">session's keys</td>
      <td>
      <p align="center">Z</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_CloseAllSessions</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">closes
all sessions with a token</font></font></p>
      </td>
      <td style="width: 116px;">all keys</td>
      <td>
      <p align="center">Z</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetSessionInfo</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
information about the session</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetOperationState</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">saves
the state of the cryptographic operation in a session. This function is only implemented for message digest operations.</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SetOperationState</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">restores
the state of the cryptographic operation in a session. This function is only implemented for message digest operations.</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Login</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">logs
into a token</font></font></p>
      </td>
      <td style="width: 116px;">password</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Logout</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">logs
out from a token</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="9">
      <p><font size="2"><font face="Palatino">Object</font></font><br>
      <font size="2"><font face="Palatino">management</font></font></p>
      </td>
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_CreateObject</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">creates
an object</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_CopyObject</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">creates
a copy of an object</font></font></p>
      </td>
      <td style="width: 116px;">original key<br>
new key</td>
      <td style="text-align: center;"> R<br>
W</td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DestroyObject</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">destroys
an object</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">Z</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetObjectSize</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
the size of an object in bytes</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetAttributeValue</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">obtains
an attribute value of an object</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SetAttributeValue</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">modifies
an attribute value of an object</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_FindObjectsInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
an object search operation</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_FindObjects</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
an object search operation</font></font></p>
      </td>
      <td style="width: 116px;">keys matching the search criteria</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_FindObjectsFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
an object search operation</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="8">
      <p><font size="2"><font face="Palatino">Encryption</font></font>
      <font size="2"><font face="Palatino">and</font></font><br>
      <font size="2"><font face="Palatino">decryption</font></font></p>
      </td>
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_EncryptInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
an encryption operation</font></font></p>
      </td>
      <td style="width: 116px;">encryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Encrypt</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">encrypts
single-part data</font></font></p>
      </td>
      <td style="width: 116px;">encryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_EncryptUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part encryption operation</font></font></p>
      </td>
      <td style="width: 116px;">encryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_EncryptFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
a multiple-part encryption operation</font></font></p>
      </td>
      <td style="width: 116px;">encryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DecryptInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a decryption operation</font></font></p>
      </td>
      <td style="width: 116px;">decryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Decrypt</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">decrypts
single-part encrypted data</font></font></p>
      </td>
      <td style="width: 116px;">decryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DecryptUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part decryption operation</font></font></p>
      </td>
      <td style="width: 116px;">decryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DecryptFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
a multiple-part decryption operation</font></font></p>
      </td>
      <td style="width: 116px;">decryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="5">
      <p><font size="2"><font face="Palatino">Message</font></font><br>
      <font size="2"><font face="Palatino">digesting</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DigestInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a message-digesting operation</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Digest</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">digests
single-part data</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DigestUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part digesting operation</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DigestKey</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multi-part message-digesting operation by digesting the value of a
secret key as part of the data already digested</font></font></p>
      </td>
      <td style="width: 116px;"><br>
key</td>
      <td>
      <p align="center"></p>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DigestFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
a multiple-part digesting operation</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="12">
      <p><font size="2"><font face="Palatino">Signature</font></font>
      <font size="2"><font face="Palatino">and</font></font><br>
      <font size="2"><font face="Palatino">verification</font></font></p>
      </td>
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a signature operation</font></font></p>
      </td>
      <td style="width: 116px;">signing/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Sign</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">signs
single-part data</font></font></p>
      </td>
      <td style="width: 116px;">signing/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part signature operation</font></font></p>
      </td>
      <td style="width: 116px;">signing/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
a multiple-part signature operation</font></font></p>
      </td>
      <td style="width: 116px;">signing/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignRecoverInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a signature operation, where the data can be recovered from the
signature</font></font></p>
      </td>
      <td style="width: 116px;">RSA signing key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignRecover</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">signs
single-part data, where the data can be recovered from the signature</font></font></p>
      </td>
      <td style="width: 116px;">RSA signing key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_VerifyInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a verification operation</font></font></p>
      </td>
      <td style="width: 116px;">verification/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_Verify</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">verifies
a signature on single-part data</font></font></p>
      </td>
      <td style="width: 116px;">verification/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_VerifyUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part verification operation</font></font></p>
      </td>
      <td style="width: 116px;">verification/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_VerifyFinal</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">finishes
a multiple-part verification operation</font></font></p>
      </td>
      <td style="width: 116px;">verification/HMAC key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_VerifyRecoverInit</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">initializes
a verification operation where the data is recovered from the signature</font></font></p>
      </td>
      <td style="width: 116px;">RSA verification
key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_VerifyRecover</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">verifies
a signature on single-part data, where the data is recovered from the
signature</font></font></p>
      </td>
      <td style="width: 116px;">RSA verification
key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="4">
      <p><font size="2"><font face="Palatino">Dual-function</font></font><br>
      <font size="2"><font face="Palatino">cryptographic</font></font><br>
      <font size="2"><font face="Palatino">operations</font></font></p>
      </td>
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DigestEncryptUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part digesting and encryption operation </font></font>
      </p>
      </td>
      <td style="width: 116px;">encryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DecryptDigestUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part decryption and digesting operation </font></font>
      </p>
      </td>
      <td style="width: 116px;">decryption key</td>
      <td>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SignEncryptUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part signing and encryption operation </font></font>
      </p>
      </td>
      <td style="width: 116px;">signing/HMAC key<br>
encryption key</td>
      <td>
      <p align="center">R</p>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DecryptVerifyUpdate</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">continues
a multiple-part decryption and verify operation </font></font>
      </p>
      </td>
      <td style="width: 116px;">decryption key<br>
verification/HMAC key</td>
      <td>
      <p align="center">R</p>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="5">
      <p><font size="2"><font face="Palatino">Key</font></font><br>
      <font size="2"><font face="Palatino">management</font></font></p>
      </td>
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GenerateKey</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">generates
a secret key</font></font></p>
      </td>
      <td style="width: 116px;">key</td>
      <td>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GenerateKeyPair</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">generates
a public-key/private-key pair</font></font></p>
      </td>
      <td style="width: 116px;">key pair</td>
      <td>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_WrapKey</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">wraps
(encrypts) a key</font></font></p>
      </td>
      <td style="width: 116px;">wrapping key<br>
key to be wrapped</td>
      <td>
      <p align="center">R</p>
      <p align="center">R</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_UnwrapKey</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">unwraps
(decrypts) a key</font></font></p>
      </td>
      <td style="width: 116px;">unwrapping key<br>
unwrapped key</td>
      <td>
      <p align="center">R</p>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"><small>NSS User</small></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_DeriveKey</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">derives
a key from a base key</font></font></p>
      </td>
      <td style="width: 116px;">base key<br>
derived key</td>
      <td>
      <p align="center">R</p>
      <p align="center">W</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="2">
      <p><font size="2"><font face="Palatino">Random
number</font></font><br>
      <font size="2"><font face="Palatino">generation</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_SeedRandom</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">mixes
in additional seed material to the random number generator</font></font></p>
      </td>
      <td style="width: 116px;">RNG seed key</td>
      <td>
      <p align="center">RW</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GenerateRandom</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">generates
random data. Performs continuous random number generator test</font></font></p>
      </td>
      <td style="width: 116px;">RNG seed key</td>
      <td>
      <p align="center">RW</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 101px;" rowspan="2">
      <p><font face="Palatino"><font size="2">Parallel function management</font></font></p>
      </td>
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_GetFunctionStatus</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">a legacy function, which simply returns the value 0x00000051 (function not parallel)</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
    <tr valign="top">
      <td style="width: 91px;"></td>
      <td style="width: 155px;">
      <p><font face="Palatino"><font size="2">FC_CancelFunction</font></font></p>
      </td>
      <td style="width: 321px;">
      <p><font face="Palatino"><font size="2">a legacy function, which simply returns the value 0x00000051 (function not parallel)</font></font></p>
      </td>
      <td style="width: 116px;">none</td>
      <td>
      <p align="center">-</p>
      </td>
    </tr>
</table>
== Mitigation of Other Attacks ==
The NSS cryptographic module is designed to mitigate the following
attacks.
{| border="1" cellpadding="2"
|+
|-
!
Other Attacks
!
Mitigation Mechanism
!
Specific Limitations
|-
| Timing attacks on RSA
|| '''RSA blinding'''
Timing attack on RSA was first demonstrated by Paul Kocher in 1996[1], who contributed the mitigation code to our module. Most recently Boneh and Brumley[2] showed that RSA blinding is an effective defense against timing attacks on RSA.
|| None.
|-
| Cache-timing attacks on the modular exponentiation operation used in RSA and DSA
|| '''Cache invariant modular exponentiation'''
This is a variant of a modular exponentiation implementation that Colin Percival[3] showed to defend against cache-timing attacks.
|| This mechanism requires intimate knowledge of the cache line sizes of the processor. The mechanism may be ineffective when the module is running on a processor whose cache line sizes are unknown.
|-
| Arithmetical errors in RSA signatures
|| '''Double-checking RSA signatures'''
Arithmetical errors in RSA signatures might leak the private key. Ferguson and Schneier[4] recommend that every RSA signature generation should verify the signature just generated.
|| None.
|-
|}
== Results of FIPS 140-2 Level 2 Validation of NSS Cryptographic Module 3.11.5 ==
<table width="100%" border="1" cellspacing="2" cellpadding="2">
          <tr>
            <td valign="Top" align="Center"><font size="+1"><b>FIPS 140-2<br>Section<br>
            </b></font></td>
            <td valign="Top" align="Center"><font size="+1"><b>Description<br>
            </b></font></td>
            <td valign="Top" align="Center"><font size="+1"><b>Validation<br>      Level <br>Obtained<br>
            </b></font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">1.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Specification<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">2.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Ports and Interfaces<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">3.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Roles, Services, and Authentication<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">4.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Finite State Model<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">5.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Physical Security<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">6.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Operational Enviroment<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">7.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Key Management<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">8.0<br>
            </font></td>
            <td valign="Top"><font size="+1">EMI/EMC<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">9.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Self-Tests<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2</font><br>
            </td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">10.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Design Assurance<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
            <tr>
            <td valign="Top" align="Left"><font size="+1">11.0<br>
            </font></td>
            <td valign="Top"><font size="+1">Mitigation of Other Attacks<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
          <tr>
            <td valign="Top" align="Left"><font size="+1">C<br>
            </font></td>
            <td valign="Top"><font size="+1">Cryptographic Module Security Policy<br>
            </font></td>
            <td valign="Top" align="Center"><font size="+1">2<br>
            </font></td>
          </tr>
</table>
== Platform List ==
* Level 1
** Red Hat Enterprise Linux 4 x86
** Windows XP Service Pack 2
** 64-bit Solaris 10 AMD64
** HP-UX B.11.11 PA-RISC
** Mac OS X 10.4
* Level 2
** Red Hat Enterprise Linux 4 x86_86
** 64-bit Trusted Solaris 8 SPARC
== References ==
[1] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO '96, Lecture Notes In Computer Science, Vol. 1109, pp. 104-113, Springer-Verlag, 1996. (http://www.cryptography.com/timingattack/)
[2] D. Boneh and D. Brumley, "Remote Timing Attacks are Practical," http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html.
[3] C. Percival, "Cache Missing for Fun and Profit," http://www.daemonology.net/papers/htt.pdf.
[4] N. Ferguson and B. Schneier, Practical Cryptography, Sec. 16.1.4 "Checking RSA Signatures", p. 286, Wiley Publishing, Inc., 2003.
[[Category:NSS]]

Latest revision as of 20:55, 23 March 2007

This is a draft document.

Security Policy

Retrieved from "https://wiki.mozilla.org/index.php?title=Security_Policy&oldid=52838"