diff options
Diffstat (limited to 'doc/fips140.tex')
| -rw-r--r-- | doc/fips140.tex | 156 |
1 files changed, 0 insertions, 156 deletions
diff --git a/doc/fips140.tex b/doc/fips140.tex deleted file mode 100644 index 8b2004508..000000000 --- a/doc/fips140.tex +++ /dev/null @@ -1,156 +0,0 @@ -\documentclass{article} - -\setlength{\textwidth}{6.5in} -\setlength{\textheight}{9in} - -\setlength{\headheight}{0in} -\setlength{\topmargin}{0in} -\setlength{\headsep}{0in} - -\setlength{\oddsidemargin}{0in} -\setlength{\evensidemargin}{0in} - -\title{\textbf{Botan FIPS 140-2 Security Policy}} -\author{Jack Lloyd \\ - \texttt{[email protected]}} -\date{} - -\newcommand{\filename}[1]{\texttt{#1}} -\newcommand{\module}[1]{\texttt{#1}} - -\newcommand{\type}[1]{\texttt{#1}} -\newcommand{\function}[1]{\textbf{#1}} -\newcommand{\macro}[1]{\texttt{#1}} - -\begin{document} - -\maketitle - -\tableofcontents - -\parskip=5pt -%\baselineskip=15pt - -\pagebreak - -\section{Introduction} - -\emph{Note that this is a draft, and almost certainly does not comply with what -FIPS 140-2 wants (also it's incomplete). In any case, there is no way for me to -afford paying the validation lab, so this is all theoretical.} - -\emph{I would welcome comments from people who are familiar with the FIPS 140 -process. I am currently basing this off a few dozen other security policies and -the FIPS itself.} - -\subsection{Purpose} - -This document is a security policy for the Botan C++ crypto library for use in -a FIPS 140-2 Level 1 validation process. It describes how to configure and use -the library to comply with the requirements of FIPS 140-2. - -This document is non-proprietary, and may be freely reproduced and distributed -in unmodified form. - -\subsection{Product Description} - -The Botan C++ crypto library (hereafter ``Botan'' or ``the library'') is an -open source C++ class library providing a general-purpose interface to a wide -variety of cryptographic algorithms and formats (such as X.509v3 and PKCS -\#10). It runs on most Win32 and POSIX-like systems, including Windows -NT/2000/XP, MacOS X, Linux, Solaris, FreeBSD, and QNX. However, only versions -running on \emph{(goal:)} Windows XP, Linux, and Solaris have been validated by -FIPS 140-2 at this time. - -\subsection{Algorithms} - -The library contains the following FIPS Approved algorithms: RSA, DSA, DES, -TripleDES, Skipjack, AES, SHA-1, HMAC, the X9.19 DES MAC, and the FIPS 186-2 -SHA-1 RNG. Other (non-Approved) algorithms, such as MD5 and Diffie-Hellman, are -also included. - -\section{Initialization} - -Certain tests are only performed if the flag ``fips140'' is passed as part of -the initialization process to the library (the argument to -\type{LibraryInitializer} or \function{Init::initialize}). Known answer tests -and key generation self-checks for RSA and DSA are always performed, regardless -of this setting. This flag must be passed by any application which desires -using the FIPS 140 mode of operation. - -\section{Roles and Services} - -Botan supports two roles, the User and the Crypto Officer. Authentication is -not performed by the module; all authentication is implicitly done by the -operating system. - -\subsection{User Role} - -The user has the ability to access the services of the module. This role is -implicitly selected whenever the module's services are accessed. - -\subsection{Crypto Officer Role} - -The crypto officer has all of the powers of the user, and in addition has the -power to install and uninstall the module and to configure the operating -system. This role is implicitly selected whenever these actions are performed. - -\section{Key Management} - -\subsection{Key Import/Export} - -Symmetric keys can be imported and exported in either unencrypted, encrypted, -or split-knowledge forms, as the application desires. Private keys for -asymmetric algorithms can be imported and exported as either encrypted or -unencrypted PKCS \#8 structures. The library natively supports PKCS \#5 -encryption with TripleDES for encrypting private keys. - -\subsection{Key Storage} - -In no case does the library itself import or export keys from/to an external -storage device; all such operations are done explicitly by the application. It -is the responsibly of the operator to ensure than any such operations comply -with the requirements of FIPS 140-2 Level 1. - -\subsection{Key Generation} - -Keys for symmetric algorithms (such as DES, AES, and HMAC) are generated by an -Approved RNG, by generating a random byte string of the appropriate size, and -using it as a key. - -DSA keys are generated as specified in FIPS 186-2 (or not?). RSA keys are -generated as specified in ANSI X9.31 (\emph{I think...}). Diffie-Hellman keys -are generated in a manner compatible with ANSI X9.42. All newly created DSA and -RSA keys are checked with a pairwise consistency test before being returned to -the caller. A pairwise consistency check can be performed on any RSA, DSA, or -Diffie-Hellman key by calling the \function{check\_key} member function with -an argument of \type{true}. - -\subsection{Key Establishment} - -Botan supports using RSA or Diffie-Hellman to establish keys. RSA can be used -with PKCS \#1 v1.5 or OAEP padding. None of these methods are FIPS Approved, -but Annex D of FIPS 140-2 allows for their use until such time as a FIPS -Approved asymmetric key establishment method is established. - -\subsection{Key Protection / Zeroization} - -Keys are protected against external access by the operating system's memory and -process protection mechanisms. If the library is used by multiple processes at -once, the OS virtual memory mechanisms ensure that each version will have it's -own data space (and thus, keys are not shared among multiple processes). - -All keys and other sensitive materials are zeroed in memory before being -released to the system. - -On Windows systems the \function{VirtualLock} system call is used to notify the -operating system that the memory containing potentially sensitive keying -material is not swapped to disk, preventing an attacker from applying disk -forenistics techniques to recovery data. - -On Unix systems, Botan allocates memory from file-backed memory mappings, which -are thoroughly erased when the memory is freed. - -\section{References} - -\end{document} |