Security Policy: Difference between revisions

1. RC2-ECB Encrypt/Decrypt,
2. RC2-CBC Encrypt/Decrypt,
3. RC4 Encrypt/Decrypt,
4. DES-ECB Encrypt/Decrypt,
5. DES-CBC Encrypt/Decrypt,
6. Triple DES-ECB Encrypt/Decrypt,
7. Triple DES-CBC Encrypt/Decrypt,
8. AES-ECB Encrypt/Decrypt (128-bit, 192-bit, and 256-bit keys),
9. AES-CBC Encrypt/Decrypt (128-bit, 192-bit, and 256-bit keys),
10. MD2 Hash,
11. MD5 Hash,
12. SHA-1 Hash,
13. SHA-256 Hash,
14. SHA-384 Hash,
15. SHA-512 Hash,
16. HMAC-SHA-1,-SHA-256,-SHA-384,-SHA-512 Hash (296-bit key),
17. RSA Encrypt/Decrypt (1024-bit modulus n),
18. RSA-SHA-1,-SHA-256,-SHA-384,-SHA-512 Signature (1024-bit modulus n),
19. RSA-SHA-1,-SHA-256,-SHA-384,-SHA-512 Signature Verification (1024-bit modulus n),
20. DSA Key Pair Generation (512-bit prime modulus p),
21. DSA Signature (512-bit prime modulus p),
22. DSA Signature Verification (512-bit prime modulus p),
23. ECDSA Signature (Curve P-256),
24. ECDSA Signature Verification (Curve P-256),
25. PRNG, and
26. software/firmware integrity test.

• deriving a Triple-DES key from the password,
• decrypting the stored encrypted password check string with the Triple-DES key, and
• comparing the decrypted string with the known password check string.

• Triple-DES (FIPS PUB 46-3) or AES (FIPS PUB 197) for symmetric key encryption/decryption,
• SHA-1, SHA-256, SHA-384, or SHA-512 (FIPS PUB 180-2) for hashing,
• HMAC (FIPS PUB 198) for keyed hash,
• random number generator (FIPS PUB 186-2 Change Notice 1),
• Diffie-Hellman, EC Diffie-Hellman, or Key Wrapping using RSA keys for key establishment, and
• DSA (FIPS PUB 186-2), RSA (PKCS #1), or ECDSA (ANSI X9.62) for signature generation and verification.

• Windows XP Service Pack 2
  • softokn3.dll
  • softokn3.chk
  • freebl3.dll
  • freebl3.chk
• 32-bit HP-UX B.11.11 PA-RISC
  • libsoftokn3.sl
  • libsoftokn3.chk
  • libfreebl_32int_3.sl
  • libfreebl_32int_3.chk
  • libfreebl_32fpu_3.sl
  • libfreebl_32fpu_3.chk
• 64-bit HP-UX B.11.11 PA-RISC
  • libsoftokn3.sl
  • libsoftokn3.chk
  • libfreebl3.sl
  • libfreebl3.chk
• Mac OS X 10.4
  • libsoftokn3.dylib
  • libsoftokn3.chk
  • libfreebl3.dylib
  • libfreebl3.chk
• 64-bit Trusted Solaris 8 SPARC
  • libsoftokn3.so
  • libsoftokn3.chk
  • libfreebl_64int_3.so
  • libfreebl_64int_3.chk
  • libfreebl_64fpu_3.so
  • libfreebl_64fpu_3.chk
• 32-bit Solaris SPARC
  • libsoftokn3.so
  • libsoftokn3.chk
  • libfreebl_32int_3.so
  • libfreebl_32int_3.chk
  • libfreebl_32int64_3.so
  • libfreebl_32int64_3.chk
  • libfreebl_32fpu_3.so
  • libfreebl_32fpu_3.chk
• 64-bit Solaris 10 AMD64, Red Hat Enterprise Linux 4 x86, Red Hat Enterprise Linux 4 x86_64, and other Unix/Linux platforms not mentioned above
  • libsoftokn3.so
  • libsoftokn3.chk
  • libfreebl3.so
  • libfreebl3.chk

The NSS cryptographic module requires the Netscape Portable Runtime (NSPR), which consists of the following shared libraries/DLLs:

• Windows XP Service Pack 2
  • plc4.dll
  • plds4.dll
  • nspr4.dll
• HP-UX B.11.11 PA-RISC
  • libplc4.sl
  • libplds4.sl
  • libnspr4.sl
• Mac OS X 10.4
  • libplc4.dylib
  • libplds4.dylib
  • libnspr4.dylib
• 32-bit Solaris SPARC
  • libplc4.so
  • libplds4.so
  • libnspr4.so
  • cpu/sparcv8plus/libnspr_flt4.so
• 64-bit Solaris 10 AMD64, 64-bit Trusted Solaris 8 SPARC, Red Hat Enterprise Linux 4 x86, Red Hat Enterprise Linux 4 x86_64, and other Unix/Linux platforms not mentioned above
  • libplc4.so
  • libplds4.so
  • libnspr4.so

Step 1: Install the shared libraries/DLLs and the associated .chk files in a directory on the shared library/DLL search path, which could be a system library directory (/usr/lib on Unix/Linux or C:\WINDOWS\system32 on Windows) or a directory specified in the following environment variable:

• Windows XP Service Pack 2: PATH
• HP-UX B.11.11 PA-RISC: SHLIB_PATH
• Mac OS X 10.4: DYLD_LIBRARY_PATH
• AIX: LIBPATH
• Solaris, Linux, and other Unix/Linux platforms not mentioned above: LD_LIBRARY_PATH

Step 2: Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify (i.e., write, replace, and delete) the files. For example, on most Unix and Linux platforms,

 $ chmod 0755 libsoftokn3.so libfreebl*3.so libplc4.so libplds4.so libnspr4.so

The discretionary access control protects the binaries stored on disk from being tampered with.

Step 3: Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms,

 $ chmod 0644 libsoftokn3.chk libfreebl*3.chk

Step 4: By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. Here is the sample code using NSPR functions (declared in the header file "prlink.h") for dynamic library loading and function symbol lookup:

#include "prlink.h"
#include "cryptoki.h"
#include <assert.h>
#include <stdio.h>

/*
 * An extension of the CK_C_INITIALIZE_ARGS structure for the
 * NSS cryptographic module. The 'LibraryParameters' field is
 * used to pass instance-specific information to the library
 * (like where to find its config files, etc).
 */
typedef struct CK_C_INITIALIZE_ARGS_NSS {
    CK_CREATEMUTEX CreateMutex;
    CK_DESTROYMUTEX DestroyMutex;
    CK_LOCKMUTEX LockMutex;
    CK_UNLOCKMUTEX UnlockMutex;
    CK_FLAGS flags;
    CK_CHAR_PTR *LibraryParameters;
    CK_VOID_PTR pReserved;
} CK_C_INITIALIZE_ARGS_NSS;

int main()
{
    char *libname;
    PRLibrary *lib;
    CK_C_GetFunctionList pC_GetFunctionList;
    CK_FUNCTION_LIST_PTR pFunctionList;
    CK_RV rv;
    CK_C_INITIALIZE_ARGS_NSS initArgs;
    PRStatus status;

    /* Get the platform-dependent library name of the NSS cryptographic module */
    libname = PR_GetLibraryName(NULL, "softokn3");
    assert(libname != NULL);
    lib = PR_LoadLibrary(libname);
    assert(lib != NULL);
    PR_FreeLibraryName(libname);

    pC_GetFunctionList = (CK_C_GetFunctionList) PR_FindFunctionSymbol(lib,
        "FC_GetFunctionList");
    assert(pC_GetFunctionList != NULL);
    rv = (*pC_GetFunctionList)(&pFunctionList);
    assert(rv == CKR_OK);

    /* Call FC_Foo as pFunctionList->C_Foo */

    initArgs.CreateMutex = NULL;
    initArgs.DestroyMutex = NULL;
    initArgs.LockMutex = NULL;
    initArgs.UnlockMutex = NULL;
    initArgs.flags = CKF_OS_LOCKING_OK;
    initArgs.LibraryParameters = (CK_CHAR_PTR *)
        "configdir='.' certPrefix='' keyPrefix='' secmod='secmod.db' flags= ";
    initArgs.pReserved = NULL;
    rv = pFunctionList->C_Initialize(&initArgs);
    assert(rv == CKR_OK);

    /* ... */

    rv = pFunctionList->C_Finalize(NULL);
    assert(rv == CKR_OK);

    status = PR_UnloadLibrary(lib);
    assert(status == PR_SUCCESS);
    return 0;
}

To reiterate, the mode of operation of the NSS cryptographic module is determined by the second argument passed to the PR_FindFunctionSymbol function.

• For the non-FIPS Approved mode of operation, look up the standard PKCS #11 function "C_GetFunctionList".
• For the FIPS Approved mode of operation, look up the alternative function "FC_GetFunctionList".

Service Category

Function Name

Description

CSPs
Accessed

Access type,
e.g. RWZ

FIPS 140-2 specific

FC_GetFunctionList

return the list of FIPS 140-2 functions

-

Installation and
Initialization

FC_InitToken

initializes a token

Z

FC_InitPIN

initializes the normal user's PIN

W

General
purpose

FC_Initialize

initializes Cryptoki. This function provides the Power Up self-test service

R

FC_Finalize

finalizes Cryptoki

Z

FC_GetInfo

obtains general information about Cryptoki

-

Slot and
token
management

FC_GetSlotList

obtains a list of slots in the system

-

FC_GetSlotInfo

obtains information about a particular slot

-

FC_GetTokenInfo

obtains information about the token. This function provides the Show Status service

-

FC_GetMechansimList

obtains a list of mechanisms supported by a token

-

FC_GetMechanismInfo

obtains information about a particular mechanism

-

FC_SetPIN

modifies the PIN of the current user

RW

Session management

FC_OpenSession

opens a connection or "session" between an application and a particular token

-

FC_CloseSession

closes a session

Z

FC_CloseAllSessions

closes all sessions with a token

Z

FC_GetSessionInfo

obtains information about the session

-

FC_GetOperationState

saves the state of the cryptographic operation in a session

-

FC_SetOperationState

restores the state of the cryptographic operation in a session

-

FC_Login

logs into a token

R

FC_Logout

logs out from a token

-

Object
management

FC_CreateObject

creates an object

W

FC_CopyObject

creates a copy of an object

FC_DestroyObject

destroys an object

Z

FC_GetObjectSize

obtains the size of an object in bytes

-

FC_GetAttributeValue

obtains an attribute value of an object

-

FC_SetAttributeValue

modifies an attribute value of an object

-

FC_FindObjectsInit

initializes an object search operation

-

FC_FindObjects

continues an object search operation

-

FC_FindObjectsFinal

finishes an object search operation

-

Encryption and
decryption

FC_EncryptInit

initializes an encryption operation

R

FC_Encrypt

encrypts single-part data

R

FC_EncryptUpdate

continues a multiple-part encryption operation

R

FC_EncryptFinal

finishes a multiple-part encryption operation

R

FC_DecryptInit

initializes a decryption operation

R

FC_Decrypt

decrypts single-part encrypted data

R

FC_DecryptUpdate

continues a multiple-part decryption operation

R

FC_DecryptFinal

finishes a multiple-part decryption operation

R

Message
digesting

FC_DigestInit

initializes a message-digesting operation

R

FC_Digest

digests single-part data

R

FC_DigestUpdate

continues a multiple-part digesting operation

R

FC_DigestKey

continues a multi-part message-digesting operation by digesting the value of a secret key as part of the data already digested

R

FC_DigestFinal

finishes a multiple-part digesting operation

R

Signature and
verification
(private)

FC_SignInit

initializes a signature operation

R

FC_Sign

signs single-part data

R

FC_SignUpdate

continues a multiple-part signature operation

R

FC_SignFinal

finishes a multiple-part signature operation

R

FC_SignRecoverInit

initializes a signature operation, where the data can be recovered from the signature

R

FC_SignRecover

signs single-part data, where the data can be recovered from the signature

R

FC_VerifyInit

initializes a verification operation

or

R

FC_Verify

verifies a signature on single-part data

or

R

FC_VerifyUpdate

continues a multiple-part verification operation

or

R

FC_VerifyFinal

finishes a multiple-part verification operation

or

R

FC_VerifyRecoverInit

initializes a verification operation where the data is recovered from the signature

R

FC_VerifyRecover

verifies a signature on single-part data, where the data is recovered from the signature

R

Dual-function
cryptographic
operations

FC_DigestEncryptUpdate

continues a multiple-part digesting and encryption operation

R

FC_DecryptDigestUpdate

continues a multiple-part decryption and digesting operation

R

FC_SignEncryptUpdate

continues a multiple-part signing and encryption operation

R

FC_DecryptVerifyUpdate

continues a multiple-part decryption and verify operation

R

Key
management
(private)

FC_GenerateKey

generates a secret key

W

FC_GenerateKeyPair

generates a public-key/private-key pair

W

FC_WrapKey

wraps (encrypts) a key

R

W

FC_UnwrapKey

unwraps (decrypts) a key

R

W

FC_DeriveKey

derives a key from a base key

R

W

Random number
generation
(public)

FC_SeedRandom

mixes in additional seed material to the random number generator

RW

FC_GenerateRandom

generates random data. Performs continuous random number generator test

RW

Function

management

FC_GetFunctionStatus

obtains updated status of a function running in parallel with the application