diff options
Diffstat (limited to 'doc/fips140.tex')
-rw-r--r-- | doc/fips140.tex | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/doc/fips140.tex b/doc/fips140.tex new file mode 100644 index 000000000..8b2004508 --- /dev/null +++ b/doc/fips140.tex @@ -0,0 +1,156 @@ +\documentclass{article} + +\setlength{\textwidth}{6.5in} +\setlength{\textheight}{9in} + +\setlength{\headheight}{0in} +\setlength{\topmargin}{0in} +\setlength{\headsep}{0in} + +\setlength{\oddsidemargin}{0in} +\setlength{\evensidemargin}{0in} + +\title{\textbf{Botan FIPS 140-2 Security Policy}} +\author{Jack Lloyd \\ + \texttt{[email protected]}} +\date{} + +\newcommand{\filename}[1]{\texttt{#1}} +\newcommand{\module}[1]{\texttt{#1}} + +\newcommand{\type}[1]{\texttt{#1}} +\newcommand{\function}[1]{\textbf{#1}} +\newcommand{\macro}[1]{\texttt{#1}} + +\begin{document} + +\maketitle + +\tableofcontents + +\parskip=5pt +%\baselineskip=15pt + +\pagebreak + +\section{Introduction} + +\emph{Note that this is a draft, and almost certainly does not comply with what +FIPS 140-2 wants (also it's incomplete). In any case, there is no way for me to +afford paying the validation lab, so this is all theoretical.} + +\emph{I would welcome comments from people who are familiar with the FIPS 140 +process. I am currently basing this off a few dozen other security policies and +the FIPS itself.} + +\subsection{Purpose} + +This document is a security policy for the Botan C++ crypto library for use in +a FIPS 140-2 Level 1 validation process. It describes how to configure and use +the library to comply with the requirements of FIPS 140-2. + +This document is non-proprietary, and may be freely reproduced and distributed +in unmodified form. + +\subsection{Product Description} + +The Botan C++ crypto library (hereafter ``Botan'' or ``the library'') is an +open source C++ class library providing a general-purpose interface to a wide +variety of cryptographic algorithms and formats (such as X.509v3 and PKCS +\#10). It runs on most Win32 and POSIX-like systems, including Windows +NT/2000/XP, MacOS X, Linux, Solaris, FreeBSD, and QNX. However, only versions +running on \emph{(goal:)} Windows XP, Linux, and Solaris have been validated by +FIPS 140-2 at this time. + +\subsection{Algorithms} + +The library contains the following FIPS Approved algorithms: RSA, DSA, DES, +TripleDES, Skipjack, AES, SHA-1, HMAC, the X9.19 DES MAC, and the FIPS 186-2 +SHA-1 RNG. Other (non-Approved) algorithms, such as MD5 and Diffie-Hellman, are +also included. + +\section{Initialization} + +Certain tests are only performed if the flag ``fips140'' is passed as part of +the initialization process to the library (the argument to +\type{LibraryInitializer} or \function{Init::initialize}). Known answer tests +and key generation self-checks for RSA and DSA are always performed, regardless +of this setting. This flag must be passed by any application which desires +using the FIPS 140 mode of operation. + +\section{Roles and Services} + +Botan supports two roles, the User and the Crypto Officer. Authentication is +not performed by the module; all authentication is implicitly done by the +operating system. + +\subsection{User Role} + +The user has the ability to access the services of the module. This role is +implicitly selected whenever the module's services are accessed. + +\subsection{Crypto Officer Role} + +The crypto officer has all of the powers of the user, and in addition has the +power to install and uninstall the module and to configure the operating +system. This role is implicitly selected whenever these actions are performed. + +\section{Key Management} + +\subsection{Key Import/Export} + +Symmetric keys can be imported and exported in either unencrypted, encrypted, +or split-knowledge forms, as the application desires. Private keys for +asymmetric algorithms can be imported and exported as either encrypted or +unencrypted PKCS \#8 structures. The library natively supports PKCS \#5 +encryption with TripleDES for encrypting private keys. + +\subsection{Key Storage} + +In no case does the library itself import or export keys from/to an external +storage device; all such operations are done explicitly by the application. It +is the responsibly of the operator to ensure than any such operations comply +with the requirements of FIPS 140-2 Level 1. + +\subsection{Key Generation} + +Keys for symmetric algorithms (such as DES, AES, and HMAC) are generated by an +Approved RNG, by generating a random byte string of the appropriate size, and +using it as a key. + +DSA keys are generated as specified in FIPS 186-2 (or not?). RSA keys are +generated as specified in ANSI X9.31 (\emph{I think...}). Diffie-Hellman keys +are generated in a manner compatible with ANSI X9.42. All newly created DSA and +RSA keys are checked with a pairwise consistency test before being returned to +the caller. A pairwise consistency check can be performed on any RSA, DSA, or +Diffie-Hellman key by calling the \function{check\_key} member function with +an argument of \type{true}. + +\subsection{Key Establishment} + +Botan supports using RSA or Diffie-Hellman to establish keys. RSA can be used +with PKCS \#1 v1.5 or OAEP padding. None of these methods are FIPS Approved, +but Annex D of FIPS 140-2 allows for their use until such time as a FIPS +Approved asymmetric key establishment method is established. + +\subsection{Key Protection / Zeroization} + +Keys are protected against external access by the operating system's memory and +process protection mechanisms. If the library is used by multiple processes at +once, the OS virtual memory mechanisms ensure that each version will have it's +own data space (and thus, keys are not shared among multiple processes). + +All keys and other sensitive materials are zeroed in memory before being +released to the system. + +On Windows systems the \function{VirtualLock} system call is used to notify the +operating system that the memory containing potentially sensitive keying +material is not swapped to disk, preventing an attacker from applying disk +forenistics techniques to recovery data. + +On Unix systems, Botan allocates memory from file-backed memory mappings, which +are thoroughly erased when the memory is freed. + +\section{References} + +\end{document} |