FIPS PUB 140-1: 1.0 : Security Policy FIPS PUB 140-1 Netscape Security Policy Updated 3/15/99 to reflect NIST / Infogard recommended changes [Updated to reflect Security Module 1.01 Maintenance Validation] 1.1 Specification of Security Policy A security policy includes the precise specification of the security rules under which the Cryptographic module must operate, including rules derived from the security requirements of the FIPS PUB 140-1 standard, and the additional security rules imposed by Netscape. The rules of operation of the cryptographic module that define within which role(s), and under what circumstances (when performing which services), an operator is allowed to maintain or disclose each security relevant data item of the cryptographic module. There are three major reasons for developing and following a precise cryptographic module security policy: To induce the cryptographic module vendor (Netscape) to think carefully and precisely about who they want to access the cryptographic module, the way different system elements can be accessed, and which system elements to protect. To provide a precise specification of the cryptographic security to allow individuals and organizations (e.g., validators) to determine whether the cryptographic module, as implemented, does obey (satisfy) a stated security policy. To describe to the cryptographic module user (organization, or individual operator) the capabilities, protections, and access rights they will have when using the cryptographic module. It should be noted that Netscape utilizes RSA's PKCS #11, version 1.1, to form most of its cryptographic boundary. This, along with some certificate handling mechanisms, comprise the entire cryptographic module boundary. The following table states the various security policy rules which will be adhered to by each Netscape product: Table I. Netscape Security Policy Rules Rule] [ EEE _ Statement of Netscape Security P olicyRule | Netscape's cryptographic module shall consist of a series of binary software libraries 4 compiled for each supported platform and utilized by ALL Netscape client and server |___|[products. nce te se 1 of 20 3/16/99 10:30 AM | EEE EEE SS FIPS PUB 140-1; 1.0 : Security Policy h The cryptographic module shall rely on the underlying operating system to ensure the integrity of the cryptographic module loaded into memory. 3 The cryptographic module shall enforce a single role approach which is a combination of the User Role and the Cryptographic User Role as defined in FIPS PUB 140-1. 14 a eryptographic module user shall have access to ALL the services supplied by the cryptographic module. 5 Cryptographic module services shall consist of public services which require no authentication, and private services which require authentication. 6 Public key certificates shall be stored in plain text form because of their public nature | land internal CA-signing integrity features. | SSL 2.0 and 3.0 shall utilize authentication mechanisms above the cryptographic 7 module which pass-through to utilize PKCS #11 authentication mechanisms which are within the cryptographic module. SSL master secrets (private key data) shall be protected within the boundary of the 8 \cryptographic module (the SSL secure session ID cache shall be considered within the boundary of the cryptographic module). 9 For the FIPS PUB 140-1 mode of operation, the cryptographic module shall enforce rules specific to FIPS PUB 140-1 requirements. The FIPS PUB 140-1 cryptographic module shall use an exception handling mechanism 10 to ensure that critical errors are not allowed to compromise security (i. e. - whenever | a critical error is encountered, the cryptographic module shall be required to be reinitialized). Upon initialization of the FIPS PUB 140-1 cryptographic module, the following | power-up self-tests shall be performed: I (1) RC2-ECB Encrypt / Decrypt, | (2) RC2-CBC Encrypt/Decrypt, | (3) RCA Encrypt/Decrypt, | (4) DES-ECB Encrypt/Decrypt, (5) DES-CBC Encrypt/Decrypt, (6) triple DES-ECB Encrypt/Decrypt, | (7) triple DES-CBC Encrypt/Decrypt, (8) MD2 Hash, (9) MD5 Hash, (10) SHA-1 Hash, (11) RSA Encrypt, (12) RSA Decrypt, | (13) RSA Signature, (14) RSA Signature Verification, (15) DSA Signature, and (16) DSA Signature Verification. 11 Additionally, if the user performs logout services, these same power-up self-tests are | 2 of 20 3/16/99 10:30 AM se FIPS PUB 140-1: 1.0 : Security Policy performed when the user logs back in to the FIPS PUB 140- 1 Cryptographic module. [Subsequent logins to the FIPS PUB 140-1 cryptographic module during the same | 12 established session shall execute the same series of power-up self-tests detailed above | When logging-in under the FIPS PUB 140-1 mode. This allows a user to execute these | Power-up self-tests on demand as defined in section 4.11.1 of FIPS PUB 140-1 . | 43 The FIPS PUB 140-1 cryptographic module shall require the user to establish a password (for the user role) in order for subsequent authentications to be enforced. 14 |All passwords shall be stored in an encrypted form in secondary storage, __| Once a password has been established for the FIPS PUB 140-1 cryptographic module, it | 15 ||shall only allow the user to use security services if and only if the user successfully authenticates to the FIPS PUB 140-1 cryptographic module. In order to verify the user's stored Password, the user shall enter the password, and | 16 ||the verification that the password is correct shall be performed by the cryptographic module via PKCS #5 password-based encryption mechanisms. 17 The user's password shall act as the key material to encrypt/ decrypt private key | material via PKCS #5 using Triple-DES. . | 18 The cryptographic module shall only extract private keys wrapped with a password according to PKCS #12. Private keys, plain text PINs, and other security relevant data items (SRDIs) shall be 19 |Imaintained under the control of the cryptographic module, and shall not be passed to higher level callers. an) 20 |All private keys shall be stored in an encrypted form in secondary storage. | 21 IIntegrity checks shall be applied to the private and public key material retrieved from | the database to ensure genuine data. 22 Once the FIPS PUB 140-1 mode of operation has been selected, the cryptographic | | module shall only allow FIPS PUB 140-1 cipher suite functionality. | The FIPS PUB 140-1 cipher suite shall consist solely of DES (FIPS PUB 46-2) for 23 encryption/decryption, SHA-1 (FIPS PUB 180-1) for hashing, RSA for key distribution, | land DSA (FIPS PUB 186) for generic signature signing and verifying functionality. | [Once the FIPS PUB 140-1 mode of operation has been selected, DES and triple-DES shall| 24 |be limited in its use to perform encryption/decryption using either CBC (TCBC ) or ECB | (TECB) mode. | Once the FIPS PUB 140-1 mode of operation has been selected, SHA-1 shall be the only | 25 . | algorithm used to perform one-way hashes of data. _ (Once the FIPS PUB 140-1 mode of operation has been selected, RSA can be used for | 126 signature functionality to sign and verify key material for key exchange and perform | general purpose signatures. b7 Once the FIPS PUB 140-1 mode of operation has been selected, DSA can be used to | generate signatures and perform verification on them for general purpose signatures. | In the FIPS PUB 140-1 mode of operation, the cryptographic module shall perform a 28 |pairwise consistency test upon each invocation of RSA and DSA key generation as 3 of 20 3/16/99 10:30 AM oo FIPS PUB 140-1: 1.0 : Security Policy (defined in section 4.11.2 of FIPS PUB 140-1. _ 1 and verification via the mechanisms described in Appendix 2 of FIPS PUB 186. 29 The FIPS PUB 140-1 cryptographic module shall ‘employ its prime number generation 30 The FIPS PUR 140-1 cryptographic module shall utilize pseudorandom number (generation as defined via the mechanisms described in Appendix 3 of FIPS PUB 186. The FIPS PUB 140-1 cryptographic module shall seed its pseudorandom number generation via invoking a noise generator specific to the platform on which it was lis not predictable. 31 implemented (e. g. - Macintosh, UNIX, or Windows). Pseudorandom number generator shall be seeded with noise derived from the execution environment such that the noise The FIPS PUB 140-1 cryptographic module's pseudorandom number generator shall 32 D : : : periodically reseed itself with pseudorandom noise. — 33 pseudorandom number generation test upon each invocation of the pseudorandom number generator as defined in section 4.11.2 of FIPS PUB 140-1. 34 |within the cryptographic module which are stored to secondary storage shall be zeroized by having their memory contents rewritten with zeroes. In the FIPS PUB 140-1 mode of operation, the cryptographic module shall perform a ~ | Upon exit from the FIPS PUB 140-1 mode of operation, all security relevant data items | 35 land it shall enforce if one hash is weak the PRF function would remain strong, this accomplished by exclusive-oring the results of the two hashes in computation of security relevant data items -- specifically SSL pre-master secrets. The TLS pseudorandom function (PRF) is contained within the cryptographic module, | | | | is Additionally, a cryptographic module security policy should be expressed in terms of the roles, services, cryptographic keys, and other critical security parameters. It should consist of, at a minimum, an identification and authentication (I&A) policy and an access control Policy. An I&A policy specifies whether a cryptographic module operator is required to identify his or her self to the system, and, if so, what information is required and how it should be presented to the system in order for the operator to prove his or her identity to the system (i.e., authenticate themselves). Information required to be presented to the system might be passwords or individually unique biometric data. Once an operator can perform service(s) using the cryptographic module, an access control policy specifies what mode(s) of access he or she has to each security relevant data item while performing a given service. 1.2 Specification of Roles A series of security libraries represent the cryptographic module which present the same application programmer interface (API) to all Netscape client and server products. There minor variations, listed in the module interfaces description, but these do not break the are following definition of roles. Netscape's Cryptographic module utilizes a single role approach - this role is a combination of both the User Role and the Cryptographic Officer Role, and will be referenced below as Netscape User. A Netscape User utilizes secure services, and is also responsible for making decisions related to retrieval, updating, and deletion of keys from 3/16/99 10:30 AM Es FIPS PUB 140-1: 1.0 : Security Policy their key database. This is true for both client and server Products. For multiple user products, like the HTTP Server (Enterprise Server 3.0), the server still operates in this single role paradigm, under a single identity. 1.2.1 Authentication Policy Netscape's cryptographic module utilizes Role-Based Authentication - An operator who is allowed to use the cryptographic module must perform an authentication sequence using | information unique to that operator (individual password) to perform sensitive services using the cryptographic module. Role-based authentication is utilized to safeguard a users private key information. However, Discretionary Access Controls (DAC) are used to safeguard all other Netscape User information (e.g., the Public Key Certificate database). A Netscape User may use a product (e.g. Netscape Navigator) without establishing a personal private key -- e.g., they may utilize SSL 3.0 Server Authentication without having a private key established. However, to enable SSL on the server products, a private key and public key certificate are required to enable secure services. An individual password is required in order to start the server -- this password is used to decrypt the private key. 1.3 Specification of Maintenance Roles This section is not applicable to Netscape products since they do not have a Maintenance Role. | 1.4 Multiple Concurrent Operator Roles and Services Since Netscape applications always operate under a single role, under a single identity, no separate concurrent processes take place within a Netscape application. In the case of | separate threads of execution within the same process, Netscape's threading model consists of | a shared data segment with separate stack instances, and does not allow threads to leak | insecurity into or out of the given process. Further, since a thread is not a separate process, and all threads of a given process live within the confines of that process, then all threads are subject to the same security imposed on the process itself. | 1.5 Specification of Services The vendor documentation shall fully describe each service including its purpose and function. Possible services may include, but not be limited to, the following: Cryptographic operations such as encryption, decryption, message integrity, digital signature generation, digital signature verification, and other operations that require the use of cryptography. Key management operations such as key and parameter entry, key generation, key output , key archiving, key zeroization, and other key management functions. Cryptographic management functions such as audit parameter entry and setting, alarm handling and resetting, and other cryptographic management functions. 5 of 20 3/16/99 10:46 AM | SSS SSS SSS SSS SS SSS SSS SSS lS SSS FIPS PUB 140-1: 1.0 : Security Policy Performance of operator-selectable self tests, such as cryptographic algorithm tests, software/firmware tests , critical functions tests, statistical random number generator tests, or any additional tests that can be initiated by an operator. The vendor documentation shall specify, for each service, the service inputs, corresponding service outputs, and the authorized role or roles in which the service can be performed. Service inputs shall consist of all data or control inputs to the module that initiate or obtain specific services, operations, or functions. Service outputs shall consist of all data and status outputs that result from services, operations or functions initiated or obtained by service inputs. The vendor may supply a matrix that displays the services that can be performed in each role. In each of the following services, since there is only one role, the user has access to ALL the services mediated by the application (for both client and server products). Routines have been specified for each service and denoted whether or not they are public, meaning that they require no authentication to utilize, or private, meaning that authentication must be provided prior to the routine being utilized. This model allows a type of safety state by allowing a Netscape user to logout (thus disallowing any access to private services) without ending the session, and then log back in to re-authenticate Private services rendered by the Cryptographic module. All public and private services are listed in the following table: Table Il. Services Name of Service | Description of Service in Terms of Routines This private service consists of six routines used to perform certificate Certificate storage and retrieval including SEC_OpenPermCertDB(), Storage and AddCertToPermDB(), SEC_TraversePermCerts(), Retrieval SEC_FindPermCertByKey(), SEC_DeletePermCertificate(), and ICERT_ClosePermCertDB(). This private service consists of the four routines used to perform DSA signature generation including DSA_CreateSignContext(), DSA_PreSign(), | DSA_Sign(), and DSA_DestroySignContext(), and the three routines used | to perform DSA signature verification including DSA_CreateVerifyContext(), DSA_Verify(), and | DSA_DestroyVerifyContext(). Performing public key exchange between | two parties or performing RSA signature generation, consists of the | three routines used for entity association, or performing RSA signature generation, including RSA_Sign(), RSA_CheckSign(), and RSA_CheckSignRecover(), and the three raw routines used for entity association including RSA_SignRaw(), RSA_CheckSignRaw(), and RSA_CheckSignRecoverRaw(). In general, the key generation service \ must be invoked prior to invoking this service. | This private service consists of the five routines used to perform DES or | Digital Signatures 6 of 20 3/16/99 10:49 AM | SS SSS SS SSSA SSS SSS sd SSS FIPS PUB 140-1: 1.0 : Security Policy Encryption/ triple-DES Encryption/Decryption including DES_CreateContext(), Decryption DES_Encrypt(), DES_Decrypt(), DES_PadBuffer(), and DES_DestroyContext(). This public service consists of the eight routines used to perform SHA-1 | hashing including SHA1_NewContext(), SHA1_CloneContext(), | SHA1_Begin(), SHA1_Update(), SHA1_End(), SHA1_HashBuf(), | SHA1_Hash(), and SHA1_DestroyContext(). | |This private service is utilized to perform key generation and consists of the three routines used to perform DSA key generation including DSA_CreateKeyGenContext(), DSA_KeyGen(), and DSA_DestroyKeyGenContext(), and the one routine used for RSA private Key key generation called RSA_NewKey(). When RSA_NewKey() is used in Generation public key exchange between two parties, the Pairwise Consistency Test requires routines to check this symmetric algorithm. These consist | lof two routines which include RSA_EncryptBlock(), and | RSA_DecryptBlock(), and two raw routines which include | RSA_EncryptRaw(), and RSA_DecryptRaw(). | The PKCS #5 API specifies a standard interface based upon the PKCS #5 PKCS #5 standard which allows this private service to be used to perform | Password-Based _|lpassword-based encryption and consists of the three routines including | Encryption SEC_PKCS5GetSalt(), SEC_PKCS5CipherData(), and | SEC_PKCS5CreateAlgorithmiD(). |The PKCS #11 API specifies a standard interface based upon the PKCS #11 standard which allows for the selection of a FIPS PUB 140-1 mode of operation that provides both public and private services as well as a means of authentication into all private services, creates and maintains entry points for all FIPS PUB 140-1 specific routines including pk11_fipsPowerUpSelfTest() at initialization as well as on demand for subsequent logins, and enforces a pairwise consistency check on all key | generation algorithms. Netscape’s FIPS PUB 140-1 PKCS #11 implementation defines the following standard crypto API: Hashing Category [Function [Description FIPS PUB 140-1 ||FC_GetFunctionList Return the list of FIPS PUB 140-1 specific _ functions _ | General FC_Initialize initializes Cryptoki | purpose |FC_Finalize ____|[tinalizes Cryptoki(.1) | IFC_GetInfo obtains general information about Cryptoki Slot and IFC_GetSlotList obtains a list of slots in the system token IFC_GetSlotInfo obtains information about a management _ _ particular slot [FC_GetTokenInfo bins information about a particular token | [-SMrehansimtist obtains a list of mechanisms | hou supportedbyatoken || 7 of 20 3/16/99 10:52 AM j FIPS PUB 140-1: 1.0 : Security Policy 8 of 20 PKCS #11 IFC_GetMechanismInfo obtains information about a particular mechanism |FC_InitToken [initializes a token | [FC_initPIN initializes the normal user's PIN _| |FC_SetPIN Imodifies the PIN of the current juser [Session IFC_OpenSession [opens a connection or "session" [management een an application and a L particular token [FC_CloseSession [closes a session [FC._CloseAllSessions (closes all sessions with a token |FC_GetSessionInfo obtains information about the session IFC_GetOperationState Isaves the state of the cryptographic operation in a session (1.1) IFC_SetOperationState restores the state of the cryptographic operation in a session (1.1) [FC_Login logs into a token [FC_Logout logs out from a token Object [FC_CreateObject creates an object management [FC_CopyObject creates a copy of an object |FC_DestroyObject \destroys an object IFC_GetObjectSize obtains the size of an object in ytes IFC_GetAttributeValue lobtains an attribute value of an jobject IFC_SetAttributeValue Imodifies an attribute value of an jobject IFC_FindObjectsInit initializes an object search _ loperation IFC_FindObjects continues an object search (operation IFC_FindObjectsFinal pures an object search operation a (1.1) _ _ _ Encryption |FC_Encryptlnit initializes an encryption operation and IFC_Encrypt encrypts single-part data decryption IFC_EncryptUpdate continues a multiple-part _ [encryption operation IFC_EncryptFinal finishes a multiple-part encryption loperation FC_Decryptinit initializes a decryption operation ‘| IFC_Decrypt decrypts single-part encrypted _ data _ IFC_DecryptUpdate continues a multiple-part decryption operation |FC_DecryptFinal [finishes a multiple-part decryption 3/16/99 11:08 AM | FIPS PUB 140-1: 1.0 : Security Policy loperation [Message digesting L IFC_Digestlnit initializes a message-digesting operation |FC_Digest [digests single-part data IFC_DigestUpdate continues a multiple-part digesting operation IFC_DigestKey continues a multi-part Imessage-digesting operation by digesting the value of a secret key jas part of the data already digested (1.1) IFC_DigestFinal finishes a multiple-part digesting (operation Signature and verification FC_Signinit [initializes a signature operation [FC_Sign signs single-part data IFC_SignUpdate continues à multiple-part signature | operation IFC_SignFinal finishes a multiple-part signature loperation |FC_SignRecoverlnit initializes a signature operation, where the data can be recovered from the signature IFC_SignRecover signs single-part data, where the data can be recovered from the signature [FC_VerifyInit initializes a verification operation |FC_Verify verifies a signature on single-part _|[data [Fe-ventvUpdte continues a multiple-part [verification operation IFC_VerifyFinal finishes a multiple-part verification operation IFC_VerifyRecoverlnit linitializes a verification operation where the data is recovered from (the signature IFC_VerifyRecover verifies a signature on single-part data, where the data is recovered from the signature Dual-function cryptographic (operations IFC_DigestEncryptUpdate continues a multiple-part digesting and encryption operation (1.1) IFC_DecryptDigestUpdate continues a multiple-part decryption and digesting operation (1.1) |FC_SignEncryptUpdate continues a multiple-part signing land encryption operation (1.1) IFC_DecryptVerifyUpdate continues a multiple-part Idecryption and verify operation (4.1) Key 9 of 20 IFC_GenerateKey [generates asecretkey _ | 3/16/99 11:16 AM Se FIPS PUB 140-1: 1.0 : Security Policy [management IFC_GenerateKeyPair generates a public-key /private-key air |FC_WrapKey [wraps (encrypts) a key [FC_UnwrapKey {unwraps (decrypts) a key |FC_DeriveKey derives a key from a base key [Random number ||FC_SeedRandom mixes in additional seed material | generation [to the random number generator |FC_GenerateRandom [generates random data | Function IFC_GetFunctionStatus obtains updated status of a | management function running in parallel with he application IFC_CancelFunction cancels a function running in L_ parallel with the application ICallbacks lotify [processes notifications from |Cryptoki LL P! — PKCS #12 [The PKCS #12 API will specify a standard interface based upon the Personal forthcoming PKCS #12 standard which allows this private service to be Information used to exchange data such as private keys and certificates between tw ti i i i i Exchange o parties and consists of the two routines including SEC_PKCS12GetPFX() and SEC_PKCS12PutPFX(). | [ Prime be public service consists of the four routines used for generating a pi Number rime number including prm_PrimeFind(), prm_GeneratePrimeRoster(), Generation prm_PseudoPrime(), and prm_RabinTest(). This private service is utilized to perform private key storage and retrieval and consists of the seven routines including SECKEY_OpenKeyDB(), SECKEY_TraverseKeys(), SECKEY_UpdateKeyDBPass1() SECKEY_UpdateKeyDBPass2(), SECKEY_FindKeyByPublicKey(), SECKEY_DeleteKey(), and ISECKEY_CloseKeyDB(). This public service consists of the four routines used for global pseudorandom number generation including RNG_RNGInit(), RNG_GenerateGlobalRandomBytes(), RNG_RandomUpdate(), and RNG_ResetRandom(), the six routines used for pseudorandom number | Pseudorandom |generation on a per object basis including RNG_CreateContext(), Number RNG_Init(), RNG_GenerateRandomBytes(), RNG_Update(), Generation IRNG_Reseed(), and RNG_DestroyContext(), and the three routines used for seeding pseudorandom number generation including RNG_GetNoise(), RNG_SystemInfoForRNG(), and RNG_FileForRNG(). A Continuous pseudorandom number generator test is performed | whenever a new pseudorandom number is generated. _ | Private Key Storage and Retrieval SSL Session ID |This public service consists of the five routines used to Perform session | Cache ID cache management including SSL_ConfigServerSessionIDCache(), (Secret sst_FreeSID(), sst_LookupSID(), ssl_ChooseSessionIDProcs(), and Management) SSL_ClearSessionCache(). 10 of 20 3/16/99 11:19 AM OO E._._._pEZpZ FIPS PUB 140-1: 1.0 : Security Policy LS pseudorandom function (PRF) is utilized by SSL 3.0 protocol to LS pseudorandom produce FIPS 140-1 compliant hashes of security relevant data items unction (PRF) [pre-master secret]. See SSL changes in Security Module 1.01 for full details. 1.6 Bypass Capabilities This section is not applicable to Netscape products since they do not allow for any bypass capability. 1.7 Access Control Policy The access control policy enforced by the cryptographic module must be sufficiently precise, and of sufficient detail to allow the operator and testers to know what security relevant data items the operator has access to while performing a service, and the modes of access he or she has to these data items. Also, the testers and operator must be able to know if and how the kinds of data items accessible changes when the service is invoked from each role in which it can be invoked. 1.7.1 Security Relevant Data Items Security relevant data items consist of data types used for Certificate Storage and Retrieval, Digital Signatures, Encryption/Decryption, Generic Containers, Hashing, Key Generation, PKCS #5 Password-Based Encryption, PKCS #12 Personal Information Exchange, Private Key Storage and Retrieval, Pseudorandom Number Generation, and SSL Session ID Cache (Secret Management). All security relevant data items are identified by category, type, name, and description in the following table: Table Ill. Security Relevant Data Items Category Type of Data Item Name of Data Item [Description of Data Item The structure | typedef struct Le representing an X.509 CERTCertificateStr CERT Certificate certificate object (the [unsigned form). The structure vee typedef struct representing a handle to Certificate |CERTCertDBHandlestr CERTCertDBHandle lan open certificate | Storage and database. Retrieval typedef struct The trust structure CERTCertTrust containing flags for SSL Est end email. | 11 of 20 3/16/99 11:21 AM Sr —EZELp FIPS PUB 140-1: 1.0 : Security Policy typedef struct |_certDBEntryCert icertDBEntryCert The structure for certificate database entries. | Digital Signatures typedef struct DSASignContextStr DSASignContext The structure representing the context of a digital signature containing data associated with the private portion of the DSA key pair. typedef struct DSAVerifyContextStr DSAVerifyContext The structure representing the context | of a digital signature verification containing data associated with the public portion of the DSA key pair. typedef struct RSAPrivateContextStr RSAPrivateContext [The structure representing the context lof an RSA signature generation or decryption mechanism containing | data associated with the | private portion of the RSA key pair. | typedef struct RSAPublicContextStr RSAPublicContext The structure | representing the context | of an RSA signature verification or encryption mechanism containing data associated with the public portion of the RSA key pair. Encryption/ Decryption 12 of 20 typedef struct DESContextStr DESContext The structure representing the context of a DES or triple-DES encryption/decryption containing an encrypt/decrypt flag, space for up to three distinct keys, space for the carry-forward needed for CBC modes of DES, and function 3/16/99 11:24 AM TE. FIPS PUB 140-1: 1.0 : Security Policy pointers to the appropriate encryption land decryption functions associated with that mode of DES. Generic container used typedef struct CMPInt to hold very large | numbers. The structure containing | typedef struct . two SECItems which SECAlgorithmIDStr SECAlgorithmID identify the X.500 algorithm. Generic container used to hold type of data, typedef struct SECItemStr |SECItem actual data content, and L | length of data. Generic container used for low-level private key structures including RSA id DSA private keys. typedef struct SECKEYLowPrivateKey This structure is used ISECKEYLowPrivateKeyStr below the PKCS #11 | service layer and contains the actual L private key. Generic container used for low-level public key | Generic structures including RSA Containers _||typedef struct : and DSA public keys. This SECKEYLowPublicKeyStr SECKEYLowPublickey structure is used below the PKCS #11 service layer and contains the jactual public key. Generic container used jas a high-level pointer to the defined private key structures, and is used above the PKCS #11 service layer. Generic container used las a high-level pointer to the defined public key structures, and is used above the PKCS #11 typedef struct SECKEYPrivatekeystr |PECKEYPrivatekey typedef struct SECKEYPublicKeyStr SECKEYPublickey 13 of 20 3/16/99 11:27 AM SSS SSS nn FIPS PUB 140-1: 1.0 : Security Policy L . _ service layer. — Generic container used typedef enum SECOidTag to identify the supported object IDs. | Generic container used typedef enum _SECStatus ||SECStatus primarily to indicate _| (success or failure. | The structure representing the context typedef struct lof a SHA-1 hash ISHA1ContextStr SHA1Context containing information relevant to performing a | SHA-1 hash. The structure | representing the context | lof a digital signature key | generation containing | multiple items including DSAKeyGenContext |pointers to both | low-level public and | private key structures containing the public and private portions of the DSA key pair. typedef struct The structure containing DSAPrivatekeyStr DSAPrivatekey the private portion of y the DSA key pair. ley edef struct [The structure containing DeAPublicke Str DSAPublickey the public portion of the | y DSA key pair. _ The structure | Key representing the context Generation lof a key generation used for key exchange containing multiple items including a low-level private key structure ReaKeyGencontextStr RSAKeyGenContext |containing the private portion of the RSA key pair (and the public portion of the RSA key pair which is replicated inside of the private | portion of the RSA key | Hashing typedef struct DSAKeyGenContextStr 14 of 20 3/16/99 11:29 AM Se rss SSS nn FIPS PUB 140-1: 1.0 : Security Policy pair). _ | The structure containing typedef struct . : . | : RSAPrivateKey the private portion of | RSAPrivateKeyStr the RSA key pair. | The structure containing typedef struct . . À RSAPublickeystr RSAPublicKey the public portion of the | RSA key pair. PKCS #5 Password-Based [Utitizes this generic container to hold typedef struct SECItemStr |ISECItem bassword-based Encryption lencryption data. PKCS #12 Utilizes this generic | Personal container for data Information typedef struct SECItemStr |SECItem associated with personal Exchange _ _ information exchange. The structure typedef struct representing a handle . ISECKEYKeyDBHandleStr SECKEYKeyDBHandle into the private key Private Key database. | Storage and — = - Retrieval typedef struct putes this generic ypedef struc . container used for ISECKEYLowPrivateKeyStr SECKEYLowPrivateKey low-level private key 1 structures. The structure representing the context Pseudorandom typedef struct lof pseudorandom number Number RNGConte tStr RNGContext generation dependent Generation x upon a SHA1Context and la seed value among | lother data items. | typedef struct ‘|The structure containing sat Securityinfostr SSLSecuritylnfo all information relevant | SSL Session ID sift SSL security, Cache The structure containing | (Secret typedef struct data relevant to the SSL | Management i i i i | gl ) SSLSessionIDStr SSLSession|ID session ID including the | session ID cache and the | master secret. 1.7.2 Service Relationships to Security Relevant Data Items Matrix Table IV. Service Routine to Security Relevant Data Items Matrix 15 of 20 3/16/99 11:31 AM 0 FIPS PUB 140-1: 1.0 : Security Policy Service Service Routine Security Relevant || Read ||Write | | Data Item Access|Access| CERTCertDBHandle x X | CERTCertificatı X X | lAddCertToPermDB() RT | u L [certDBEntryCert Ix - [CERT_ClosePermCertDB() CERTCertDBHandle Xx x ‘| CERTCertDBHandle || x | x Certificate |SEC_FindPermCertByKey() SECItem Lx [x Storage and certDBEntryCert x Retrieval CERTCertDBHandle x x | SEC_OpenPermCertDB() = an = atu: | CERTCertDBHandle x | x SEC_DeletePermCertificate() CERTCertificate [x [x | SECStatus x | - ICERTCertDBHandle x x SEC_TraversePermCerts() Becstatus x = mn) DSA_CreatesignContext() |SECKEYLowPrivatekey | x - | el 0 pow reatesigntontex DSASignContext x . DSASignContext x [x] PSA Presign() SECStatus x | - DSA. Sign( DSASignContext x [x] 1 en SECStatus x | DSA_DestroySigncontext)_ ____|DSASigncontent | - | x | SECKEYLowPublicKey x | DSA_CreateVerifyContext() D SAVerifyContext x DSA Verif ne ~~ [DSAVerifyContext Tx px er == ro Very [SEcstatus x | - | DSA_DestroyVerifyContext() DSAVerifyContext - X | RSA si SECKEYLowPrivateKey x - tend [SEcStatus x | - . SECKEYLowPublickey || X - u RSA_CheckSign() — = u Digital SECStatus [x - Signatures | SECKEYLowPublicKey X - RSA_CheckSignRecover() SECStatus 7 X = 16 of 20 3/16/99 11:34 AM SSS SSS SSS SS rm FIPS PUB 140-1: 1.0 : Security Policy | SECKEYLowPublickey || x - | RSA_EncryptBlock() SECStatus x = RSA_DecryptBlock() teten xl CStatus X - . “I 1 RSA_SignRaw() SECKEYLowPrivateKey x - | [SECStatus x - . SECKEYLowPublicKey x I - ] RSA_CheckSignRaw() SES x = RSA_CheckSignRecoverRaw() BEEN mPub er = an — SECKEYLowPublicKey X Lo RSA_EncryptBlockRaw() BEcStatus =~ 7 Se = RSA_DecryptBlockRaw() [SECKEYLowPrivateKey | X | u SECStatus xX - DES_CreateContext() [DESContext L- x. DES_Encrypt() DESContext x x Encryption/ - u SECStatus x | - | Decryption DES_Decrypt() DESContext X x | = SECStatus x | DES_DestroyContext() DESContext a SHA1_NewContext() SHA1Context - | x] ISHA1Context x - ISHA1_CloneContext() IsHAt Context x SHA1_Begin() _|sHA1Context I- [Tx] Hashing |[SHA1_Update() Isnaicontent [xx | ISHA1_End() ISHA1Context x x SHA1_HashBuf() [SEcStatus X Bu ISHA1_Hash() SECStatus X | ISHA1_DestroyContext() SHA1Context - X DSA_CreateKeyGenContext() [DSAKeyGenContext x. DSAKeyGenContext {xX | xX | DSA_KeyGen() ISECKEYLowPublicKey - X | u SECKEYLowPrivatekey | - | x | Generation ECStatus HE |[DsA_DestroyKeyGenContext() | DSAKeyGenContext I: | xX 17 of 20 3/16/99 11:39 AM Se. nn FIPS PUB 140-1: 1.0 : Security Policy RSA_NewKey() RNGContext x SECItem x LL SECKEYLowPrivateKey PKCS #5 Password-Based Encryption ISEC_PKCS5GetSalt() SECAlgorithmiD >< |) >< |] >< |] >< SECItem SEC_PKCS5CipherData() SECAlgorithmID XXI >xX | [SECItem ISECItem SEC_PKCS5CreateAlgorithmID() ISECOidTag SECItem a | L SECAlgorithmID PKCS #12 Personal Information Exchange Isec_prcsı 2GetPFX() ISECOidTag xl | Psy >s |i ><] > SECItem SEC_PKCS12PutPFX() SECItem SECOidTag SECStatus Prime Number Generation prm_PrimeFind() CMPInt | i L SECStatus prm_GeneratePrimeRoster() SECStatus prm_PseudoPrime() CMPInt P< |] >< 1 >< |] >< |] ><] >< |] >< |] >< [SECStatus [sEcstatus | prm_RabinTest() _[Secstatus [cMPint >< || >< [SEcstatus | I I> | Private Key Storage and Retrieval 18 of 20 " ISECKEY_CloseKeyDB() _ ISECKEYKeyDBHandle ISECKEY_DeleteKey() | | SECKEYKeyDBHandle | xx SECStatus L L ISECKEY_Find() ISECKEYKeyDBHandle SECItem SECKEYLowPrivatekey | 1 Il SECKEY_OpenKeyDB() SECKEYKeyDBHandle SECKEY_TraversePermKeys() SECKEYKeyDBHandle >< ><] ><] ><] >< | >< Ld x Le SECStatus *| 3/16/99 11:45 AM FIPS PUB 140-1: 1.0 : Security Policy SECKEYKeyDBHandlı SECKEY_UpdateKeyDBPass1() Eee SENTE | x | atus - | ISECKEYKeyDBHandle x X | SECKEY_UpdateKeyDBPass2() SECitem x x | L (SECStatus x - | RNGContext I - RNG_RNGInit() an Ir RNGContext x x RNG_GenerateGlobalandomBytes() = x SI atus - L RNGContext x x | RNG_RandomUpdate() = an 2 [x a - L RNGContext X X | RNG_ResetRandom() eee = | x u - Pseudorandom [RNGContext Tx xX | Number RNG_CreateContext() RNGContext | x Generation _ j RNG_Init() RNGContext x) RNG_GenerateRandomB RNGContext x | x _GenerateRandomBytes() _fEcstatus = x LC RNG_Update() RNGContext [x [x ate: IL