Oracle Unbreakable Kernel Security Policy20181207 · The Unbreakable Enterprise Kernel (UEK),...

DocumentVersion1.2 ©OracleCorporation

ThisdocumentmaybereproducedwholeandintactincludingtheCopyrightnotice.

FIPS140-2Non-ProprietarySecurityPolicy

OracleLinuxUnbreakableEnterpriseKernel(UEK)CryptographicModule

FIPS140-2Level1Validation

SoftwareVersions:R6-1.0.0andR7-2.0.0

Date:December7th2018

OracleLinuxUnbreakableEnterpriseKernelCryptographicModuleSecurityPolicy i

Title:OracleLinuxUnbreakableEnterpriseKernelCryptographicModuleSecurityPolicyDate:December7th,2018Author:atsecinformationsecuritycorporationContributingAuthors:

OracleLinuxEngineeringOracleSecurityEvaluations–GlobalProductSecurityOracleCorporationWorldHeadquarters500OracleParkwayRedwoodShores,CA94065U.S.A.WorldwideInquiries:Phone:+1.650.506.7000Fax:+1.650.506.7200oracle.com

Copyright©2018,Oracleand/oritsaffiliates.Allrightsreserved.Thisdocumentisprovidedforinformationpurposesonlyandthecontentshereofaresubjecttochangewithoutnotice.Thisdocumentisnotwarrantedtobeerror-free,norsubjecttoanyotherwarrantiesorconditions,whetherexpressedorallyorimpliedinlaw,includingimpliedwarrantiesandconditionsofmerchantabilityorfitnessforaparticularpurpose.Oraclespecificallydisclaimanyliabilitywithrespecttothisdocumentandnocontractualobligationsareformedeitherdirectlyorindirectlybythisdocument.Thisdocumentmayreproducedordistributedwholeandintactincludingthiscopyrightnotice.

OracleandJavaareregisteredtrademarksofOracleand/oritsaffiliates.Othernamesmaybetrademarksoftheirrespectiveowners.

OracleLinuxUnbreakableEnterpriseKernelCryptographicModuleSecurityPolicy iii

TABLEOFCONTENTSSection Title Page

1. Introduction......................................................................................................................................................11.1 Overview.............................................................................................................................................................11.2 DocumentOrganization......................................................................................................................................12. OracleLinuxUnbreakableEnterpriseKernelCryptographicModule..................................................................22.1 FunctionalOverview............................................................................................................................................22.2 FIPS140-2ValidationScope................................................................................................................................23. CryptographicModuleSpecification..................................................................................................................33.1 DefinitionoftheCryptographicModule.............................................................................................................33.2 DefinitionofthePhysicalCryptographicBoundary............................................................................................43.3 ModesofOperation............................................................................................................................................53.4 ApprovedorAllowedSecurityFunctions............................................................................................................53.5 Non-ApprovedbutAllowedSecurityFunctions..................................................................................................93.6 Non-ApprovedSecurityFunctions......................................................................................................................94. ModulePortsandInterfaces...........................................................................................................................105. PhysicalSecurity.............................................................................................................................................116. OperationalEnvironment................................................................................................................................126.1 TestedEnvironments........................................................................................................................................126.2 VendorAffirmedEnvironments........................................................................................................................126.3 VendorAffirmedEnvironments........................................................................................................................187. Roles,ServicesandAuthentication..................................................................................................................197.1 Roles..................................................................................................................................................................197.2 FIPSApprovedOperatorServicesandDescriptions..........................................................................................197.3 Non-FIPSApprovedServicesandDescriptions.................................................................................................207.4 OperatorAuthentication...................................................................................................................................208. KeyandCSPManagement...............................................................................................................................218.1 RandomNumberGeneration............................................................................................................................218.2 KeyEntry/Output..............................................................................................................................................228.3 Key/CSPStorage................................................................................................................................................228.4 Key/CSPZeroization..........................................................................................................................................229. Self-Tests........................................................................................................................................................239.1 Power-UpSelf-Tests..........................................................................................................................................239.1.1 IntegrityTests....................................................................................................................................................239.2 ConditionalSelf-Tests........................................................................................................................................2410.Crypto-OfficerandUserGuidance...................................................................................................................2510.1 Crypto-OfficerGuidance...................................................................................................................................2510.1.1 SecureInstallationandStartup.........................................................................................................................2510.1.2 FIPS140-2andAESNISupport..........................................................................................................................2610.2 UserGuidance...................................................................................................................................................2610.2.1 AES-XTSUsage...................................................................................................................................................2610.2.2 AES-GCMUsage.................................................................................................................................................2710.2.3 Triple-DESUsage...............................................................................................................................................2710.3 HandlingSelf-TestErrors...................................................................................................................................27


11.MitigationofOtherAttacks.............................................................................................................................28Acronyms,TermsandAbbreviations.....................................................................................................................29References............................................................................................................................................................30


ListofTablesTable1:FIPS140-2SecurityRequirements.............................................................................................................2Table2:FIPSApprovedorAllowedSecurityFunctions............................................................................................9Table3:Non-ApprovedDisallowedFunctions.........................................................................................................9Table4:Non-ApprovedDisallowedFunctions.........................................................................................................9Table5:MappingofFIPS140LogicalInterfacestoLogicalPorts...........................................................................10Table6:TestedOperatingEnvironment................................................................................................................12Table7:VendorAffirmedOperatingEnvironment................................................................................................17Table8:FIPSApprovedOperatorServicesandDescriptions..................................................................................19Table9:Non-FIPSApprovedOperatorServicesandDescriptions...........................................................................20Table10:CSPTable...............................................................................................................................................21Table11:Power-OnSelf-Tests..............................................................................................................................23Table12:ConditionalSelf-Tests............................................................................................................................24Table13:Acronyms..............................................................................................................................................29Table14:References............................................................................................................................................30ListofFiguresFigure1:OracleLinuxUEKLogicalCryptographicBoundary......................................................................................................4Figure2:OracleLinuxUEKHardwareBlockDiagram.................................................................................................................4

OracleLinuxUnbreakableEnterpriseKernelCryptographicModuleSecurityPolicy Page1of30

1. Introduction1.1 Overview

TheUnbreakableEnterpriseKernel(UEK),includedaspartofOracleLinux,providesthelatestopensourceinnovations,keyoptimizationsandsecurityforenterprisecloudworkloads.ThisLinuxkernelpowersOracleCloudandOracleEngineeredSystemssuchasOracleExadataDatabaseMachine.OracletestsUEKintensivelywithdemandingOracleworkloads,andrecommendsUEKforOracledeploymentsandallotherenterprisedeployments.OraclecontributestoupstreamLinuxkerneldevelopmentwithenhancementsthatbenefitOracleDatabase,middleware,applicationsandhardware,aswellasourbroadpartnerecosystem.TheseenhancementsaredistributedtocustomersthroughUEKforOracleLinux.ByselectivelyintegratingthelatestopensourceLinuxcapabilitiesintoUEKwhilestillprovidingapplicationbinarycompatibilitywiththeRedHatCompatibleKernel,Oraclemakesiteasytorunthemostdemandingcloudandenterpriseworkloadswithoutcompromisingstabilityandsecurity.Wetestallouron-premisessoftware,andrunOracleCloudonUEK,ensuringyoucanachievethehighestscalabilityandperformancewithyourcurrentworkloadsandthoseofthefuture.ThisdocumentistheSecurityPolicyfortheOracleLinuxUnbreakableEnterpriseKernel(UEK)CryptographicModulebyOracleCorporation.OracleLinuxUEKCryptographicModuleisalsoreferredtoas“theModuleorModule”.ThisSecurityPolicyspecifiesthesecurityrulesunderwhichthemoduleshalloperatetomeettherequirementsofFIPS140-2Level1.ItalsodescribeshowtheOracleLinuxUEKCryptographicModulefunctionsinordertomeettheFIPSrequirements,andtheactionsthatoperatorsmusttaketomaintainthesecurityofthemodule.

ThisSecurityPolicydescribesthefeaturesanddesignoftheOracleLinuxUEKCryptographicModuleusingtheterminologycontainedintheFIPS140-2specification.FIPS140-2,SecurityRequirementsforCryptographicModulespecifiesthesecurityrequirementsthatwillbesatisfiedbyacryptographicmoduleutilizedwithinasecuritysystemprotectingsensitivebutunclassifiedinformation.TheNIST/CSECryptographicModuleValidationProgram(CMVP)validatescryptographicmoduletoFIPS140-2.ValidatedproductsareacceptedbytheFederalagenciesofboththeUSAandCanadafortheprotectionofsensitiveordesignatedinformation.

1.2 DocumentOrganization

The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to thisdocument,theSubmissionPackagecontains:

• OracleLinuxUnbreakableEnterpriseKernel(UEK)CryptographicModuleNon-ProprietarySecurityPolicy• Othersupportingdocumentationasadditionalreferences

WiththeexceptionofthisNon-ProprietarySecurityPolicy,theFIPS140-2ValidationDocumentationisproprietarytoOracleandisreleasableonlyunderappropriatenon-disclosureagreements.Foraccesstothesedocuments,pleasecontactOracle.


2. OracleLinuxUnbreakableEnterpriseKernelCryptographicModule

2.1 FunctionalOverviewTheOracleLinuxUnbreakableEnterpriseKernelCryptographicModuleisasoftwareonlycryptographicmodulethatprovidesgeneral-purposecryptographicservicestotheremainderoftheLinuxkernel.TheOracleLinuxUEKCryptographicModuleissoftwareonly,securitylevel1cryptographicmodule,runningonamulti-chipstandaloneplatform.

2.2 FIPS140-2ValidationScopeThefollowingtableshowsthesecuritylevelforeachoftheelevensectionsofthevalidation.SeeTable1below.

SecurityRequirementsSection Level

CryptographicModuleSpecification 1CryptographicModulePortsandInterfaces 1RolesandServicesandAuthentication 1FiniteStateMachineModel 1PhysicalSecurity N/AOperationalEnvironment 1CryptographicKeyManagement 1EMI/EMC 1Self-Tests 1DesignAssurance 3MitigationofOtherAttacks N/A

Table1:FIPS140-2SecurityRequirements


3. CryptographicModuleSpecification

3.1 DefinitionoftheCryptographicModule

TheOracleLinuxUEKCryptographicModuleisasoftware-onlymulti-chipstandalonemoduleasdefinedbytherequirementswithinFIPSPUB140-2.ThelogicalcryptographicboundaryofthemoduleconsistsofbinaryfilesandtheirintegritycheckHMACfiles,whicharedeliveredthroughtheOraclePublicYumPackageManager(RPM)aslistedbelow:

ThelistofcomponentsrequiredforthemoduleversionR7-2.0.0runningonOracleLinux7.3tooperatearedefinedbelow:• OracleLinuxUnbreakableEnterpriseKernelCryptographicModulewiththeversionoftheRPMfilekernel-uek-

4.1.12-124.16.4.el7uek.• TheconfigurationoftheFIPSmodeisprovidedbythedracut-fipsanddracut-fips-aesnipackagewiththe

versionoftheRPMfileof033-535.0.2.el7.x86_64.• TheboundmoduleOracleLinuxNSSCryptographicLibrarywithFIPS140-2Certificate#3143(hereafter

referredtoasthe“NSSboundmodule”or“NSSmodule”)• ThecontentsofthehmaccalcRPMpackageversion0.9.13-4.el7.x86_64ThelistofcomponentsrequiredforthemoduleversionR6-1.0.0runningonOracleLinux6.9tooperatearedefinedbelow:• OracleLinuxUnbreakableEnterpriseKernelCryptographicModulewiththeversionoftheRPMfilekernel-uek-

4.1.12-124.16.4.el6uek.• TheconfigurationoftheFIPSmodeisprovidedbythedracut-fipspackagewiththeversionoftheRPMfileof

004-409.0.8.el6_8.2.x86_64.• TheboundmoduleOracleLinuxNSSCryptographicLibrarywithFIPS140-2Certificate#3111(hereafter

referredtoasthe“NSSboundmodule”or“NSSmodule”)• ThecontentsofthehmaccalcRPMpackageversion0.9.12-2.el6.x86_64TheOracleLinuxUEKRPMpackageoftheModuleincludesthebinaryfiles,integritycheckHMACfilesandManPages.Thefilescomprisingthemodulearethefollowing:• kernelloadablecomponents/lib/modules/$(uname-r)/kernel/crypto/*.ko• kernelloadablecomponents/lib/modules/$(uname-r)/kernel/arch/x86/crypto/*.ko• statickernelbinary/boot/vmlinuz-$(uname-r)• statickernelbinaryHMACfile/boot/.vmlinuz-$(uname-r).hmac• sha512hmacbinaryfileforperformingtheintegritychecks/usr/bin/sha512hmac• sha512hmacbinaryHMACfile:/usr/lib64/hmaccalc/sha512hmac.hmacTheNSSboundmoduleprovidestheHMAC-SHA-512algorithmusedbythesha512hmacbinaryfiletoverifytheintegrityofboththesha512hmacfileandthevmlinuz(statickernelbinary).


Figure1showsthelogicalblockdiagramofthemoduleexecutinginmemoryonthehostsystem.Thedottedlineindicatesthelogicalboundaryofthemodule.

Figure1:OracleLinuxUEKLogicalCryptographicBoundary

3.2 DefinitionofthePhysicalCryptographicBoundaryThephysicalcryptographicboundaryisdefinedasthehardenclosureofthehostsystemonwhichitruns.Seethedottedlineinfigure2below.NocomponentsareexcludedfromtherequirementsofFIPSPUB140-2.

Figure2:OracleLinuxUEKHardwareBlockDiagram


3.3 ModesofOperation

Themodulesupportstwomodesofoperation:theFIPSapprovedandnon-approvedmodes.Section10.1.1describestheSecureInstallationandStartuptocorrectlyinstallandconfigurethemodule.ThemoduleturnstoFIPSapprovedmodeaftercorrectinitialization,successfulcompletionofpower-onself-tests.Invokinganon-Approvedalgorithmoranon-ApprovedkeysizewithanApprovedalgorithmaslistedinTable4willresultinthemoduleimplicitlyenteringthenon-FIPSmodeofoperation.TheapprovedservicesavailableinFIPSmodecanbefoundinsection7.2Table8.Thenon-approvedservicesnotavailableinFIPSmodecanbefoundinsection7.3. 3.4 ApprovedorAllowedSecurityFunctionsTheOracleLinuxUEKCryptographicModulecontainsthefollowingFIPSApprovedAlgorithms:

ApprovedorAllowedSecurityFunctions Certificate

SymmetricAlgorithms OL7.3 OL6.9

AES (aesasm):CBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)CCM(KS:128,192,256)(Assoc.DataLenRange:0-0,2^16)(PayloadLengthRange:0-32(IVLength(s):56,64,72,80,88,96,104(bits)(TagLength(s):32,48,64,80,96,112,128(bits)GCM(KS:AES_128,AES_192,AES_256)(d)TagLength(s):128120112104966432)PTLengthsTested:(0,120,128,248,256);AADLengthstested:0,120,128,248,256);96BitIV_SupportedGMAC_SupportedXTS((KS:XTS_128,XTS_256)((e/d)(f))

54005621

56145631

aesasm_iiv:CBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)GCM(KS:AES_128,AES_192,AES_256)TagLength(s):1289664)IVGenerated:(Internally(usingSection8.2.1));PTLengthsTested:(120,128,248,256);AADLengthstested:(64,96);96BitIV_Supported

54235622

56155632

aesni:CBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)CCM(KS:AES_128,AES_192,AES_256)(d)TagLength(s):32,48,64,80,96,112,128)IVLength(56,64,72,80,88,96,104)PTLengthsTested:(0-32);AADLengthstested:(0-65536);GCM(KS:AES_128,AES_192,AES_256)(d)TagLength(s):32,64,96,104,112,120,128)

54025627

56305635



PTLengthsTested:(0,120,128,248,25);AADLengthstested:(0,120,128,248,256);96BitIV_SupportedXTS((KS:XTS_128,XTS_256);((e/d)(f))

aesni_iivCBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)

54255628

56295638

aesni_blkasm:CBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)GCM(KS:AES_128,AES_192,AES_256)(d)TagLength(s):64,96,128)PTLengthsTested:(120,128,248,256);AADLengthstested:(64,96);96BitIV_SupportedXTS((KS:XTS_128,XTS_256);((e/d)(f))

54035626

56205636

aesni_blkasm_iiv:CBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)GCM(KS:AES_128,AES_192,AES_256)TagLength(s):1289664)IVGenerated:(Internally(usingSection8.2.1));PTLengthsTested:(120,128,248,256);AADLengthstested:(64,96);96BitIV_Supported

53985625

56195637

aesgenCBC,ECB(e/d;128,192,256);CTR(ext.only;128,192,256)CCM(KS:AES_128,AES_192,AES_256)(e/d)TagLength(s):32,48,64,80,96,112,128)IVLength(56,64,72,80,88,96,104)PTLengthsTested:(0-32);AADLengthstested:(0-65536);GCM(KS:AES_128,AES_192,AES_256)(d)TagLength(s):32,64,96,104,112,120,128)PTLengthsTested:(0,120,128,248,256);AADLengthstested:(0,120,128,248,256);96BitIV_SupportedXTS((KS:XTS_128,XTS_256);((e/d)(f))

54015624

56175634

aesgen_iiv:CBC,ECB(e/d;128,192,256);CTR(extonly;128,192,256)GCM(KS:AES_128,AES_192,AES_256)TagLength(s):1289664)IVGenerated:(Internally(usingSection8.2.1));PTLengthsTested:(120,128,248,256);AADLengthstested:(64,96);

54245623

56185633



96BitIV_Supported

TripleDES CImplementationTCBC,TECB(KO1e/d);CTR(extonly)

27282828

28262830

BLKASMImplementationTCBC,TECB(KO1e/d);CTR(extonly)

27212829

28272831

SecureHashStandard(SHS)

SHS GenericCImplementation:SHA-1(BYTE-only)SHA-224(BYTE-only)SHA-256(BYTE-only)SHA-384(BYTE-only)SHA-512(BYTE-only)

43364516

45134520

shaavx:SHA-1(BYTE-only)SHA-224(BYTE-only)SHA-256(BYTE-only)SHA-384(BYTE-only)SHA-512(BYTE-only)

43304514

45104518

shaavx2:SHA-1(BYTE-only)SHA-224(BYTE-only)SHA-256(BYTE-only)SHA-384(BYTE-only)SHA-512(BYTE-only)

43314515

45114519

shassse3:SHA-1(BYTE-only)SHA-224(BYTE-only)SHA-256(BYTE-only)SHA-384(BYTE-only)SHA-512(BYTE-only)

43374517

45124521

DataAuthenticationCode

HMAC GenericCImplementation:HMAC-SHA1(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA224(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA256(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA384(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA512(KeySizeRangesTested:KS<BSKS=BSKS>BS)

35773750

37473754

shaavx:HMAC-SHA1(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA224(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA256(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA384(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA512(KeySizeRangesTested:KS<BSKS=BSKS>BS)

35743748

37443752

shaavx2:HMAC-SHA1(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA224(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA256(KeySizeRangesTested:KS<BSKS=BSKS>BS)

35753749

37453753



HMAC-SHA384(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA512(KeySizeRangesTested:KS<BSKS=BSKS>BS)

shassse3:HMAC-SHA1(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA224(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA256(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA384(KeySizeRangesTested:KS<BSKS=BSKS>BS)HMAC-SHA512(KeySizeRangesTested:KS<BSKS=BSKS>BS)

35783751

37463755

AsymmetricAlgorithms

RSA shagen:FIPS186-4:ALG[RSASSA-PKCS1_V1_5]SIG(Ver)(2048SHA(1,224,256,384,512))(3072SHA(1,224,256,384,512))

28883027

30243031

shaavx:FIPS186-4:ALG[RSASSA-PKCS1_V1_5]SIG(Ver)(2048SHA(1,224,256,384,512))(3072SHA(1,224,256,384,512))

28863025

30213029

shaavx2:FIPS186-4:ALG[RSASSA-PKCS1_V1_5]SIG(Ver)(2048SHA(1,224,256,384,512))(3072SHA(1,224,256,384,512))

28873026

30223030

shassse3:FIPS186-4:ALG[RSASSA-PKCS1_V1_5]SIG(Ver)(2048SHA(1,224,256,384,512))(3072SHA(1,224,256,384,512))

28893028

30233032

RandomNumberGeneration

DRBG CTRDRBG:aesasm:CTR_DRBG:[PredictionResistanceTested:EnabledandNotEnabled;BlockCipher_Use_df:(AES-128,AES-192,AES-256)

20992260

22542268

aesni:CTR_DRBG:[PredictionResistanceTested:EnabledandNotEnabled;BlockCipher_Use_df:(AES-128,AES-192,AES-256)

21012262

22672270

aesgen:CTR_DRBG:[PredictionResistanceTested:EnabledandNotEnabled;BlockCipher_Use_df:(AES-128,AES-192,AES-256)

21002261

22552269

HashDRBGandHMACDRBG:shagen:Hash_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)HMAC_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)

20972265

22592273

Shaavx2:Hash_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)HMAC_BasedDRBG:[PredictionResistanceTested:EnabledandNot

20922264

22572272



Enabled(SHA-1,SHA-256,SHA-384,SHA-512)

shassse3:Hash_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)HMAC_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)

20932266

22582274

shaavx:Hash_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)HMAC_BasedDRBG:[PredictionResistanceTested:EnabledandNotEnabled(SHA-1,SHA-256,SHA-384,SHA-512)

20982263

22562271

AlgorithmusedfromtheBoundNSSmodule HMAC HMAC-SHA512(KeySizeRangesTested:KS<BSKS=BSKS>BS) 3077

376731843628

Table2:FIPSApprovedorAllowedSecurityFunctions

3.5 Non-ApprovedbutAllowedSecurityFunctionsThefollowingalgorithmisconsiderednon-ApprovedbutallowedtobeusedinaFIPS-approvedmode:

Algorithm Usage

NDRNGfromLinuxRNG UsedforseedingNISTSP800-90ADRBG

Table3:Non-ApprovedDisallowedFunctions

3.6 Non-ApprovedSecurityFunctionsThefollowingalgorithmsareconsiderednon-ApprovedandmaynotbeusedinaFIPS-approvedmodeofoperation.Theservicesassociatedwiththesealgorithmsarespecifiedinsection7.3.

Algorithm Usage

AES-XTS(192bit) Encrypt/DecryptAESGCM EncryptionwithexternalIVorusingaesniimplementationDES Encrypt/DecryptSHA-1(multiple-buffer) MessageDigestANSIX9.31RNG RandomNumberGenerationJitterRNG Non-DeterministicRandomNumberGeneration

Table4:Non-ApprovedDisallowedFunctions


4. ModulePortsandInterfaces

Themoduleinterfacescanbecategorizedasfollows:

• DataInputInterface• DataOutputInterface• ControlInputinterface• StatusOutputInterfaceThemodulecanbeaccessedbyutilizingtheAPIitexposes.Tablebelow,showsthemappingofportsandinterfacesasperFIPS140-2Standard.

FIPS140Interface ModuleInterfacesDataInput APIinputparametersDataOutput APIoutputparametersControlInput APIfunctioncalls,kernelcommandline

StatusOutput APIreturncodes,kernellogs

Table5:MappingofFIPS140LogicalInterfacestoLogicalPorts


5. PhysicalSecurityTheModuleiscomprisedofsoftwareonlyandthusdoesnotclaimanyphysicalsecurity.


6. OperationalEnvironment

6.1 TestedEnvironments

ThemoduleoperatesinamodifiableoperationalenvironmentperFIPS140-2level1specifications.TheModulewastestedonthefollowingenvironmentswithandwithoutPAAi.e.AES-NI:

ModuleVersion OperatingEnvironment Processor Hardware

R7-2.0.0 OracleLinux7.364bit Intel(R)Xeon(R)E5-2699v4 OracleServerX6-2R6-1.0.0 OracleLinux6.964bit Intel(R)Xeon(R)E5-2699v4 OracleServerX6-2R7-2.0.0 OracleLinux7.364bit Intel(R)Xeon(R)Silver4114 OracleServerX7-2R6-1.0.0 OracleLinux6.964bit Intel(R)Xeon(R)Silver4114 OracleServerX7-2

Table6:TestedOperatingEnvironment

6.2 VendorAffirmedEnvironments

ThefollowingplatformshavenotbeentestedaspartoftheFIPS140-2level1certificationhoweverOracle“vendoraffirms”thattheseplatformsareequivalenttothetestedandvalidatedplatforms.Additionally,Oracleaffirmsthatthemodulewillfunctionthesamewayandprovidethesamesecurityservicesonanyofthesystemslistedbelow.

OperatingEnvironment Processor Hardware

OracleLinux7.364-bit Intel®Xeon®E5-2600/E5-2600v2 CiscoUCSB200M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 CiscoUCSB200M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors CiscoUCSB200M5OracleLinux7.364-bit Intel®Xeon®E5-2400/E5-2400v2 CiscoUCSB22M3OracleLinux7.364-bit Intel®Xeon®E7-2800/E7-8800 CiscoUCSB230M2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-2800/E7-8800v3 CiscoUCSB260M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600/E5-4600v2 CiscoUCSB420M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600v3&v4 CiscoUCSB420M4OracleLinux7.364-bit Intel®Xeon®E7-2800/E7-8800 CiscoUCSB440M2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-2800v2/E7-4800

v2/E7-8800v2/E7-4800v3/E7-8800v3

CiscoUCSB460M4

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors CiscoUCSB480M5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2400/E5-2400v2 CiscoUCSC22M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600/E5-2600v2 CiscoUCSC220M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 CiscoUCSC220M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors CiscoUCSC220M5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2400/E5-2400v2 CiscoUCSC24M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600/E5-2600v2 CiscoUCSC240M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 CiscoUCSC240M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors CiscoUCSC240M5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-2800v2/E7-4800v2,

v3&v4/E7-8800v2&v4CiscoUCSC460M4

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors CiscoUCSC480M5


OperatingEnvironment Processor HardwareOracleLinux7.364-bit Intel®Xeon®D-1500 CiscoUCSE1120D-M3/K9OracleLinux7.364-bit Intel®Xeon®D-1500 CiscoUCSE180D-M3/K9OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeFC630OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600v3 DellPowerEdgeFC830OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeM630BladeOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600v4 DellPowerEdgeM830BladeOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeR630OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeR730OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeR730xdOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v4 DellPowerEdgeR930OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 DellPowerEdgeT630OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2/E7-8800v2 FujitsuPRIMEQUEST2400EOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2400E2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2400E3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2 FujitsuPRIMEQUEST2400LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2400L2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2400L3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2 FujitsuPRIMEQUEST2400SOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2 FujitsuPRIMEQUEST2400SLiteOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2400S2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2400S2LiteOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2400S3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2400S3LiteOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v2 FujitsuPRIMEQUEST2800BOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2800B2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2800B3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v2 FujitsuPRIMEQUEST2800EOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2800E2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQUEST2800E3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v2 FujitsuPRIMEQUEST2800LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 FujitsuPRIMEQUEST2800L2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v4 FujitsuPRIMEQEST2800L3OracleLinux7.364-bit Intel®Xeon®ScalableProcessors FujitsuPRIMEQUEST3800BOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 FujitsuPRIMERGYBX2580M1OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 FujitsuPRIMERGYBX2580M2OracleLinux6.964-bit Intel®Xeon®ScalableProcessors FujitsuPRIMERGYCX2560M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 FujitsuPRIMERGYRX2530M1OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 FujitsuPRIMERGYRX2530M2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors FujitsuPRIMERGYRX2530M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 FujitsuPRIMEGYRX2540M1OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 FujitsuPRIMERGYRX2540M2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors FujitsuPRIMERGYRX2540M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2/E7-8800v2 FujitsuPRIMERGYRX4770M1


OperatingEnvironment Processor HardwareOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v3/E7-8800v3 FujitsuPRIMERGYRX4770M2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 FujitsuPRIMERGYRX4770M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors FujitsuPRIMERGYRX4770M4OracleLinux6.964-bit Intel®Xeon®E5-2600v3 HitachiBladeSymphonyBS2500

HC0A1OracleLinux6.964-bit Intel®Xeon®E5-2600v4 HitachiBladeSymphonyBS2500

HE0A2OracleLinux6.964-bit Intel®Xeon®E7-4800v3/E7-8800v3 HitachiBladeSymphonyBS2500

HE0E2OracleLinux6.964-bit Intel®Xeon®E5-2600v3 HitachiBladeSymphonyBS500

BS520HB3OracleLinux6.964-bit Intel®Xeon®E7-4800v3/E7-8800v3 HitachiBladeSymphonyBS500

BS520XB2OracleLinux6.964-bit Intel®Xeon®E5-2600v3 HitachiComputeBlade2500

CB520HB3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 HitachiComputeBlade2500


CB520XB2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 HitachiComputeBlade2500

CB520XB3OracleLinux6.964-bit Intel®Xeon®E5-2600v3 HitachiComputeBlade500

CB520HB3OracleLinux7.364-bit Intel®Xeon®E5-2600v4 HitachiComputeBlade500


CB520XB2OracleLinux6.964-bit Intel®Xeon®E5-2600v4 HitachiHA8000RS210AN2OracleLinux6.964-bit Intel®Xeon®E5-2600v4 HitachiHA8000RS220AN2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 HitachiQuantaGridD51B-2UOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HitachiQuantaPlexT41S-2UOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HitachiVantaraHitachiAdvanced

ServerDS120OracleLinux7.364-bit Intel®Xeon®ScalableProcessors HitachiVantaraHitachiAdvanced

ServerDS220OracleLinux7.364-bit Intel®Xeon®ScalableProcessors HitachiVantaraHitachiAdvanced

ServerDS240OracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 HPEIntegrityMC990XOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v2 HPEProLiantBL460cGen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 HPEProLiantBL460cGen9OracleLinux6.964-bit AMDOpteron6300-series HPEProLiantBL465cGen8OracleLinux6.964-bit Intel®Xeon®E5-4600v2 HPEProLiantBL660cGen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600v3 HPEProLiantBL660cGen9OracleLinux6.964-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL120Gen9OracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL160Gen9OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL180Gen9OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Pentium®G2120&Intel®

Xeon®E3-1200v2HPEProLiantDL320eGen8


OperatingEnvironment Processor HardwareOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Pentium®G3200-series/G3420,

Corei3-4100-series/Intel®Xeon®E3-12v3

HPEProLiantDL320eGen8v2

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL360Gen9OracleLinux6.964-bit Intel®Xeon®Scalable

8100/6100/5100/4100/3100Processors

HPEProLiantDL360Gen10

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2400/E5-2400v2 HPEProLiantDL360eGen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL360pGen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantDL380Gen9OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2400/E5-2400v2 HPEProLiantDL380eGen8OracleLinux6.964-bit Intel®Xeon®E5-2600/E5-2600v2 HPEProLiantDL380pGen8OracleLinux6.964-bit Intel®Xeon®Scalable

8100/6100/5100/4100/3100Processors

HPEProLiantDL380Gen10

OracleLinux7.364-bit Intel®Xeon®E5-4600/E5-4600v2 HPEProLiantDL560Gen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-4600v3&v4 HPEProLiantDL560Gen9OracleLinux6.964-bit Intel®Xeon®Scalable8170

ProcessorsHPEProLiantDL560Gen10

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v2/E7-8800v2 HPEProLiantDL580Gen8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v3/E7-8800v3 HPEProLiantDL580Gen9OracleLinux6.964-bit Intel®Xeon®X7560,X6550,E6540,

E7520HPEProLiantDL980G7

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HPEProLiantML350Gen9OracleLinux6.964-bit Intel®Xeon®E5-2600v3 HPEProLiantXL450Gen9(Apollo

4500)OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 HPESynergy480Gen9Compute

ModuleOracleLinux6.964-bit Intel®Xeon®Scalable

8100/6100/5100/4100/3100Processors

HPESynergy480Gen10ComputeModule

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 HPESynergy620Gen9ComputeModule

OracleLinux6.964-bit Intel®Xeon®Scalable8100/6100/5100Processors

HPESynergy660Gen10ComputeModule

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 HPESynergy680Gen9ComputeModule

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServer1288HV5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServer2288HV5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServerCH121V5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServerCH121LV5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServerCH242V5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 HuaweiFusionServerRH2288HV3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®ScalableProcessors HuaweiFusionServerXH321V5OracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 InspurYingxinNF5170M4


OperatingEnvironment Processor HardwareOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 InspurYingxinNF5180M4OracleLinux6.964-bit Intel®Xeon®ScalableProcessors InspurYingxinNF5180M5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 InspurYingxinNF5240M4OracleLinux6.964-bit Intel®Xeon®E5-2600v2 InspurYingxinNF5270M3OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 InspurYingxinNF5270M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 InspurYingxinNF5280M4OracleLinux6.964-bit Intel®Xeon®ScalableProcessors InspurYingxinNF5280M5OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 InspurYingxinNF5460M4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800v3&v4/E7-

8800v3&v4InspurYingxinNX8480M4

OracleLinux6.964-bit Intel®Xeon®E5-2600v4 LenovoSystemx3650M5OracleLinux6.964-bit Intel®Xeon®E7-4800v4/E7-8800v4 LenovoSystemx3850X6OracleLinux7.364-bit Intel®Xeon®Scalable

8100/6100/5100/4100/3100Processors

LenovoThinkSystemSD530

OracleLinux7.364-bit Intel®Xeon®Scalable8100/6100/5100/4100/3100Processors

LenovoThinkSystemSN550


LenovoThinkSystemSN850


LenovoThinkSystemSR850





OracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECExpress5800/A1040dOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECExpress5800/A2010dOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECExpress5800/A2020dOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECExpress5800/A2040dOracleLinux6.964-bit Intel®Xeon®E5-4800v4/E7-8800v4 NECExpress5800/R120g-1MOracleLinux6.964-bit Intel®Xeon®E5-2600v4 NECExpress5800/R120g-2MOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECNX7700x/A4010M-4OracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECNX7700x/A4012L-1OracleLinux7.364-bit Intel®Xeon®E7-8800/4800v4 NECNX7700x/A4012L-1D OracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v4 NECNX7700x/A4012L-2OracleLinux7.364-bit Intel®Xeon®E7-8800/4800v4 NECNX7700x/A4012L-2DOracleLinux7.364-bit Intel®Xeon®E7-4800v3/E7-8800v3 NECNX7700x/A4012M-4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 OracleNetraServerX5-2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 OracleServerX5-2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v3 OracleServerX5-2LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 OracleServerX5-4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v3 OracleServerX5-8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 OracleServerX6-2


OperatingEnvironment Processor HardwareOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 OracleServerX6-2LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v4 OracleServerX6-2MOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®Scalable

8100/6100/4100ProcessorsOracleServerX7-2

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®Scalable8100/6100/4100Processors

OracleServerX7-2L

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®Scalable8100/6100Processors

OracleServerX7-8

OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®x7500-series OracleSunFireX4470OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®x7500-series OracleSunFireX4800OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800 OracleSunServerX2-8OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-4800 OracleSunServerX2-4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600 OracleSunServerX3-2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600 OracleSunServerX3-2LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v2 OracleSunServerX4-2OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E5-2600v2 OracleSunServerX4-2LOracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v2 OracleSunServerX4-4OracleLinux6.964-bitandOracleLinux7.364-bit Intel®Xeon®E7-8800v2 OracleSunServerX4-8OracleLinux7.364-bit Intel®Xeon®E7-8800v3&v4 SGIUV300RLOracleLinux7.364-bit Intel®Xeon®E7-4800v4/E7-8800v3

&v4SGIUV300

OracleLinux7.364-bit AMDOpteron™6000 SugonA840-G10OracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 SugonCB50-G20OracleLinux7.364-bit AMDOpteron™6000 SugonCB85-G10OracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 SugonCB85-G10OracleLinux7.364-bit Intel®Xeon®E7-4800v2 SugonCB80-G20OracleLinux7.364-bit IntelXeonE7-8800/4800-v3Series SugonCB80-G25OracleLinux7.364-bit AMDOpteron™6300 SugonCB85-G10OracleLinux7.364-bit Intel®Xeon®6100,5100,4100,3100 SugonI420-G30OracleLinux7.364-bit Intel®Xeon®E5-2600v3 SugonI610-G20OracleLinux7.364-bit Intel®Xeon®E5-2600v3 SugonI620-G20OracleLinux7.364-bit Intel®Xeon®8100 SugonI620-G30OracleLinux7.364-bit Intel®Xeon®E7-4800v3&v4 SugonI840-G20OracleLinux7.364-bit Intel®Xeon®E7-4800v2 SugonI840-G25OracleLinux7.364-bit Intel®Xeon®E7-4800v2&v3/E7-

8800v2&v3SugonI980-G20

OracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 SugonTC4600TOracleLinux7.364-bit Intel®Xeon®E5-2600v3&v4 SupermicroSuperServerSYS-

6018U-TR4T+

Table7:VendorAffirmedOperatingEnvironmentCMVPmakesnostatementastothecorrectoperationofthemoduleorthesecuritystrengthsofthegeneratedkeyswhensoportedifthespecificoperationalenvironmentisnotlistedonthevalidationcertificate.


6.3 VendorAffirmedEnvironmentsTheoperatingsystemisrestrictedtoasingleoperator(concurrentoperatorsareexplicitlyexcluded).Theapplicationthatrequestcryptographicservicesisthesingleuserofthemodule,evenwhentheapplicationisservingmultipleclients.InFIPSApprovedmode,theptrace(2)systemcall,thedebugger(gdb(1)),andstrace(1)shallbenotused.


7. Roles,ServicesandAuthentication7.1 Roles

Therolesareimplicitlyassumedbytheentityaccessingthemoduleservices.Themodulesupportsthefollowingroles:• UserRole:performssymmetricencryption/decryption,keyedhash,messagedigest,randomnumbergeneration,showstatus,zeroization.• CryptoOfficerRole:performsthemoduleinstallationandconfiguration,module'sinitialization,self-tests.

7.2 FIPSApprovedOperatorServicesandDescriptions

ThebelowtableprovidesafulldescriptionofFIPSApprovedservicesprovidedbythemoduleandtherolesallowedtoinvokeeachservice.

U CO ServiceName ServiceDescription KeysandCSP(s) AccessType(s)X Symmetric

Encryption/DecryptionEncryptsordecryptsablockofdatausing3-KeyTriple-DESorAESinFIPSmode

AESor3-KeyTriple-DESKey

R,W,X

X KeyedHash(HMAC) SignandorauthenticatedatausingHMAC-SHA HMACKey R,W,XX Hash(SHS) Hashablockofdata. None N/AX RandomNumberGeneration GeneraterandomnumbersbasedontheNISTSP800-90A

StandardEntropyinputstringandseed

R,W,X

X AuthenticatedEncryption Encrypt-then-MACcipher(authenc)usedforIPsec AESkey,HMACkey R,W,XX ShowStatus Showstatusofthemodulestateviaverbosemode,exitcodes

andkernellogs(dmesg)None N/A

X Self-Test Initiateondemandpower-onself-testsbyrestartingthedevicewhichwillalsocleartheRAMmemory.

None N/A

X Zeroize Zeroizeallcriticalsecurityparameterswhenfreeingthecipherhandler

AllkeysandCSP’s Z

X ModuleInitialization InitializethemoduleintotheFIPSApprovedMode None N/A X InstallationandConfiguration Installandconfigurethemodule. None N/AX Errordetectioncode1 Errordetectioncodeusingcrc32c,crct10dif None N/AX Datacompression1 Performsdatacompressionusingdeflate,lz4,lz4hc,lzo,zlib None N/AR–Read,W–Write,X–Execute,Z–Zeroize

Table8:FIPSApprovedOperatorServicesandDescriptions1Thealgorithmsusedinthisservicedonotprovidecryptographicattribute.


7.3 Non-FIPSApprovedServicesandDescriptions

Thefollowingtableliststhenon-Approvedservicesavailableinnon-FIPSmode.U CO ServiceName ServiceDescription Keys AccessType(s)X Symmetric

Encryption/DecryptionEncryptsordecryptsusingnon-Approvedalgorithms AES-XTS(192-bitkey),DES,AES

GCMencryptionwithexternalIVoraesniimplementation

R,W,X

X RandomNumberGeneration

GenerationofrandomnumbersusingtheANSIX9.31PRNGorJitterRNG.

None N/A

X MessageDigest HashingusinghashfunctionsfromSHA-1mb None N/AX KeyedHash HMACKeys<112bits. HMACkeys<112bits. R,W,X

R–Read,W–Write,X–Execute,Z–Zeroize

Table9:Non-FIPSApprovedOperatorServicesandDescriptions

7.4 OperatorAuthentication

ThemoduleisaLevel1software-onlycryptographicmoduleanddoesnotimplementauthentication.Theroleisimplicitlyassumedbasedontheservicerequested.


8. KeyandCSPManagementThefollowingkeys,cryptographickeycomponentsandothercriticalsecurityparametersarecontainedinthemodule.

CSPName Generation Entry/Output Storage Zeroization

AESKeys(128,192,256bits) N/A TheKeyispassedintothemoduleviaAPIinputparameter

kernelmemory Memoryisautomaticallyoverwrittenbyzeroeswhenfreeingthecipherhandler

Triple-DESKeys(192bits) N/A TheKeyispassedintothemoduleviaAPIinputparameter

kernelmemory Memoryisautomaticallyoverwrittenbyzeroeswhenfreeingthecipherhandler

DRBGEntropyInputString ObtainedfromNDRNG N/A kernelmemory Memoryisautomaticallyoverwrittenbyzeroeswhenfreeingthecipherhandler

DRBGinternalstate(V,keyandCvalues

DerivedfromEntropyinputasdefinedinNISTSP800-90A

N/A kernelmemory Memoryisautomaticallyoverwrittenbyzeroeswhenfreeingthecipherhandler

HMACKey(≥112bits) N/A TheKeyispassedintothemoduleviaAPIinputparameter

kernelmemory Automaticallyzeroizedwhenfreeingthecipherhandle

Table10:CSPTable

8.1 RandomNumberGeneration

ThemoduleemploystheDeterministicRandomBitGenerator(DRBG)basedon[SP800-90A]fortherandomnumbergeneration.TheDRBGsupportstheHash_DRBG,HMAC_DRBGandCTR_DRBGmechanisms.TheDRBGisinitializedduringmoduleinitialization.ThemoduleloadsbydefaulttheDRBGusingHMACDRBGwithSHA-512withoutpredictionresistance.ToseedtheDRBG,themoduleusesaNon-DeterministicRandomNumberGenerator(NDRNG)astheentropysource.TheNDRNGisprovidedbytheLinuxRNGusinggetrandom()systemcall.TheNDRNGprovidesatleast130bitsofentropytotheDRBGduringinitialization(seed)andreseeding(reseed).ThemoduleperformscontinuousrandomnumbergeneratortestontheoutputofNDRNGtoensurethatconsecutiverandomnumbersdonotrepeat,andperformsDRBGhealthtestsasdefinedinsection11.3of[SP800-90A].ThemoduledoesnotprovideanykeygenerationserviceorperformkeygenerationforanyofitsApprovedalgorithms.KeysarepassedinfromcallingapplicationviaAPIparameters.CAVEAT:Themodulegeneratesrandomstringswhosestrengthsaremodifiedbyavailableentropy.


8.2 KeyEntry/OutputThekeysareprovidedtothemoduleviaAPIinputparametersinplaintextform.Thekeysarenottransmittedbeyondthephysicalboundary.Themoduledoesnotsupportmanualkeyentry.

8.3 Key/CSPStorageSymmetrickeysandHAMCkeysareprovidedtothemodulebythecallingprocess,andaredestroyedwhenreleasedbytheappropriateAPIfunctioncalls.Themoduledoesnotperformpersistentstorageofkeys.TheRSApublickeyusedforsignatureverificationisstoredaspartofthemoduleandreliesontheoperatingsystemforitsprotection..

8.4 Key/CSPZeroizationTheapplicationthatusesthemoduleisresponsibleforappropriatedestructionandzeroizationofthekeymaterial.Themoduleprovidesfunctionsforkeyallocationanddestruction.WhenacallingkernelcomponentscallstheappropriateAPIfunctionthatoperationoverwritesmemorywith0’sandthenfreesthatmemory.

OracleLinuxUnbreakableEnterpriseKernelCryptographicModuleSecurityPolicy

Page23of30

9. Self-TestsFIPS140-2requiresthattheModuleperformself-teststoensuretheintegrityoftheModuleandthecorrectness

ofthecryptographicfunctionalityatstartup.Inaddition,themoduleperformsconditionaltestforNDRNG.On

successfulcompletionofthepower-uptests,themoduleisoperationalandthecryptoservicesareavailable.A

failureofanyoftheself-testspanicstheModuleandnocryptooperationsarepossible.Theonlyrecoveryisto

rebootthemodule.Seesection10.3fordetails.

9.1 Power-UpSelf-TestsThemoduleperformspower-upself-testsatmoduleinitializationwithoutoperatorintervention.Whilethe

moduleisperformingthepower-uptests,servicesarenotavailableandinputoroutputisnotpossible.Theon-

demandpowerupself-testscanbeperformedbypowercyclingtheModuleorbyrebootingtheoperating

system.Thetablebelowsummarizesthepower-onself-testsperformedbythemodule.Iftheknownanswer

doesnotmatchthetestfails.ThedifferentimplementationsofthesamealgorithmslistedinTable2aretested

separatelybyperformingtheknown-answertestsusingthesametestvectors.

Algorithm Test

AES KAT,encryptionanddecryptionaretestedseparatelyforthemodesECB,CBC,CTR,

XTS,GCM,CCM

Triple-DES KAT,encryptionanddecryptionaretestedseparatelyforthemodesECB,CBC,CTR

SP800-90ACTR_DRBG KAT

SP800-90AHash_DRBG KAT

SP800-90AHMAC_DRBG KAT

HMAC (SHA-1,SHA-256,SHA-512)KAT

ModuleIntegritytest Performedbysha512hmacapplicationwithHMAC-SHA-512providedbyNSS

RSASignatureVerification2

Partoftheintegritytest(consideredasaKAT)

Table11:Power-OnSelf-Tests

9.1.1 IntegrityTests

Theintegrityofthestatickernelbinaryisperformedbysha512hmacapplicationusingHMAC-SHA-512.Atrun

time,themoduleinvokesthesha512hmacutilitytocalculatetheHMACvalueofthestatickernelbinaryfile

andthencomparesitwiththepre-storedHMACfilein/boot/.vmlinuz-$(uname-r).hmac.

Thesha512hmacapplicationperformsitsownintegritycheckbycalculatingtheHMACvalueofitsbinaryand

comparingittotheHMACvaluestoredinsha512hmac.hmac.TheHMAC-SHA-512algorithmisprovidedbythe

boundNSSmoduleandisKATtestedbeforetheNSSmodulemakesitselfavailabletothesha512hmac

application.

TheOracleLinuxUEKloadablecomponents(*.koreferencedinsection3.1)loadedintotheLinuxkernelduring

boottimearecheckedwiththeRSAsignatureverificationimplementationoftheLinuxkerneltoconfirmtheir

integrity.

2

TheRSAsignatureverificationisonlyusedaspartofintegritytestandisnotavailableasaservicefromthemodule.


Page24of30

IftheHMACvaluesdonotmatchortheRSAsignatureverificationfailsthekernelpanicsindicatingerrorstate.

9.2 ConditionalSelf-TestsThemoduleperformsconditionaltestsonthecryptographicalgorithmsshowninthefollowingtable:

Algorithm TestNDRNG Themoduleperformsconditionalself-testsontheoutputofNDRNG.

Table12:ConditionalSelf-Tests


Page25of30

10. Crypto-OfficerandUserGuidanceThissectionprovidesguidancefortheCryptographicOfficerandtheUsertomaintainproperuseofthemodule

perFIPS140-2requirements.

10.1 Crypto-OfficerGuidance

TooperatetheUEKmodule,theoperatingsystemmustberestrictedtoasingleoperatormodeofoperation.

(Thisshouldnotbeconfusedwithsingleusermodewhichisrunlevel1onOracleLinux.Thisreferstoprocesses

havingaccesstothesamecryptographicinstancewhichOracleLinuxensurescannothappenbythememory

managementhardware.)

10.1.1 SecureInstallationandStartup

CryptoOfficersusetheInstallationinstructionstoinstalltheModuleintheirenvironment.Theversionofthe

RPMcontainingtheFIPSvalidatedmoduleisstatedinsection3.1above.

TheRPMpackageoftheModulecanbeinstalledbystandardtoolsrecommendedfortheinstallationofOracle

packagesonanOracleLinuxsystem(forexample,yum,RPM,andtheRHNremotemanagementtool).The

integrityoftheRPMisautomaticallyverifiedduringtheinstallationoftheModuleandtheCryptoOfficershallnot

installtheRPMfileiftheOracleLinuxYumServerindicatesanintegrityerror.TheRPMfileslistedinsection3are

signedbyOracleandduringinstallation;Yumperformssignatureverificationwhichensuresassecuredeliveryof

thecryptographicmodule.IftheRPMpackagesaredownloadedmanually,thentheCOshouldrun‘rpm–K<rpm-

file-name>’commandafterimportingthebuilder’sGPGkeytoverifythepackagesignature.Inaddition,theCO

canalsoverifythehashoftheRPMpackagetoconfirmaproperdownload.

ToconfiguretheoperatingenvironmenttosupportFIPSperformthefollowingsteps:

1. Installthedracut-fipspackage:#yuminstalldracut-fips

2. RecreatetheINITRAMFSimage:

#dracut-f

Afterregeneratingtheinitramfs,theCryptoOfficerhastoappendthefollowingstringtothekernelcommandline

bychangingthesettinginthebootloader:

fips=1

If/bootor/boot/efiresidesonaseparatepartition,thekernelparameterboot=<partitionof/bootor/boot/efi>

mustbesupplied.Thepartitioncanbeidentifiedwiththecommand"df/boot"or"df/boot/efi"respectively.For

example:

$df/boot

Filesystem 1K-blocks Used Available Use Mountedon

/dev/sda1 233191 30454 190296 14% /boot

Thepartitionof/bootislocatedon/dev/sda1inthisexample.Therefore,thefollowingstringneedstobe

appendedtothekernelcommandline:

boot=/dev/sda1

Reboottoapplythesesettings.


Page26of30

10.1.2 FIPS140-2andAESNISupport

AccordingtotheUEKFIPS140-2SecurityPolicy,theUEKmodulesupportstheAES-NIIntelprocessorinstruction

setasanapprovedcipher.TheAES-NIinstructionsetisusedbytheModule.

IncaseyouconfiguredafulldiskencryptionusingAESXTSmode,youmayusetheAES-NIsupportforahigherperformancecomparedtothesoftware-onlyimplementation.

ToutilizetheAES-NIsupport,thementionedModulemustbeloadedduringboottimebyinstallingaplugin.

Beforeyouinstalltheplugin,youMUSTverifythatyourprocessorofferstheAES-NIinstructionsetbycalling

thefollowingcommand:

cat/proc/cpuinfo|grepaes

Ifthecommandreturnsalistofproperties,includingthe“aes”string,yourCPUprovidestheAES-NIinstruction

set.Ifthecommandreturnsnothing,AES-NIisnotsupported.

YouMUSTNOTinstallthefollowingpluginifyourCPUdoesnotsupportAES-NIbecausethekernelwillpanic

duringboot.

ThesupportfortheAES-NIinstructionsetduringboottimeisenabledbyinstallingthefollowingplugin(make

surethattheversionofthepluginRPMmatchestheversionoftheinstalledRPMs!):

#installthedracut-fips-aesnipackage

yuminstalldracut-fips-aesni-*

#recreatetheinitramfsimage

dracut–f

Thechangescomeintoeffectduringthenextreboot.

10.2 UserGuidance

CTRandRFC3686modemustonlybeusedforIPsec.Itmustnotbeusedotherwise.

TherearethreeimplementationsofAES:aes-generic,aesni-intel,andaes-asmonx86_64machines.The

additionalspecificimplementationsofAESforthex86architecturearedisallowedandnotavailableonthetest

platforms.

WhenusingtheModule,theusershallutilizetheOracleLinuxUEKprovidedmemoryallocationmechanisms.In

addition,theusershallnotusethefunctioncopy_to_user()onanyportionofthedatastructuresusedto

communicatewiththeOracleLinuxUEK.

OnlythecryptographicmechanismsprovidedwiththeOracleLinuxUEKareconsideredforuse.TheNSSbound

module,althoughused,isonlyconsideredtosupporttheintegrityverificationandisnotintendedforgeneral-

purposeusewithrespecttothisModule.

10.2.1 AES-XTSUsage

TheXTSmodemustonlybeusedforthediskencryptionfunctionalityofferedbydm-crypt.


Page27of30

10.2.2 AES-GCMUsage

TheGCMwithinternalIVgenerationinFIPSmodeisincompliancewithRFC4106andshallonlybeusedin

conjunctionwiththeIPsecstackofthekerneltobecompliantwithIGA.5.AnyotherusageofGCMwillbe

considerednon-Approved.Incasethemodule'spowerislostandthenrestored,thekeyusedfortheAESGCM

shallberedistributed.

10.2.3 Triple-DESUsageAccordingtoIGA.13,thesameTriple-DESkeyshallnotbeusedtoencryptmorethan2^1664-bitblocksofdata.

10.3 HandlingSelf-TestErrors

TheModuletransitiontoerrorstatewhenanyofself-testorconditionaltestfails.Inerrorstate,thekernelisin

panicstateandtheoperatingsystemwillnotload.Assuch,theoutputisinhibitedandnocryptooperationsare

availableintheerrorstate.Inordertorecoverfromtheerror,themoduleneedstorebooted.Ifthefailure

continues,themoduleneedstobereinstalled.

Thekerneldumpsself-testsuccessandfailuremessagesintothekernelmessageringbuffer.Postboot,the

messagesaremovedto/var/log/messages.Usedmesgtoreadthecontentsofthekernelringbuffer.Theformat

oftheringbuffer(dmesg)outputis:alg:self-testsfor%s(%s)passed

Typicalmessagesaresimilarto"alg:self-testsforhmac(sha1-generic)(hmac(sha1))passed"foreachalgorithm

type.


Page28of30

11. MitigationofOtherAttacks

Themoduledoesnotclaimtomitigateagainstanyattacks.


Page29of30

Acronyms,TermsandAbbreviations

Term DefinitionAES AdvancedEncryptionStandard

CAVP CryptographicAlgorithmValidationProgram

CMVP CryptographicModuleValidationProgram

CSE CommunicationsSecurityEstablishment

CSP CriticalSecurityParameter

DH Diffie-Hellman

DHE Diffie-HellmanEphemeral

DRBG DeterministicRandomBitGenerator

ECDH EllipticCurveDiffie-Hellman

ECDSA EllipticCurveDigitalSignatureAlgorithm

EDC ErrorDetectionCode

HMAC (Keyed)HashMessageAuthenticationCode

IKE InternetKeyExchange

KAT KnownAnswerTest

KDF KeyDerivationFunction

NIST NationalInstituteofStandardsandTechnology

PAA ProcessorAlgorithmAcceleration

PBKDF PasswordBasedKeyDerivationFunction

POST PowerOnSelfTest

PR PredictionResistance

PSS ProbabilisticSignatureScheme

PUB Publication

SHA SecureHashAlgorithm

Table13:Acronyms


Page30of30

References

TheFIPS140-2standard,andinformationontheCMVP,canbefoundat

http://csrc.nist.gov/groups/STM/cmvp/index.html.Moreinformationdescribingthemodulecanbefoundonthe

Oraclewebsiteathttps://www.oracle.com/technetwork/server-storage/linux/technologies/uek-overview-

2043074.html

ThisSecurityPolicycontainsnon-proprietaryinformation.AllotherdocumentationsubmittedforFIPS140-2

conformancetestingandvalidationis“Oracle-Proprietary”andisreleasableonlyunderappropriatenon-

disclosureagreements.

Document Author TitleFIPSPUB140-2 NIST FIPSPUB140-2:SecurityRequirementsforCryptographicModules

FIPSIG NIST ImplementationGuidanceforFIPSPUB140-2andtheCryptographic

ModuleValidationProgram

FIPSPUB140-2

AnnexA

NIST FIPS140-2AnnexA:ApprovedSecurityFunctions

FIPSPUB140-2

AnnexB

NIST FIPS140-2AnnexB:ApprovedProtectionProfiles

FIPSPUB140-2

AnnexC

NIST FIPS140-2AnnexC:ApprovedRandomNumberGenerators

FIPSPUB140-2

AnnexD

NIST FIPS140-2AnnexD:ApprovedKeyEstablishmentTechniques

DTRforFIPSPUB

140-2

NIST DerivedTestRequirements(DTR)forFIPSPUB140-2,Security

RequirementsforCryptographicModules

NISTSP800-67 NIST RecommendationfortheTripleDataEncryptionAlgorithmTDEABlock

Cypher

FIPSPUB197 NIST AdvancedEncryptionStandard

FIPSPUB198-1 NIST TheKeyedHashMessageAuthenticationCode(HMAC)

FIPSPUB186-4 NIST DigitalSignatureStandard(DSS)

FIPSPUB180-4 NIST SecureHashStandard(SHS)

NISTSP800-131A NIST RecommendationfortheTransitioningofCryptographicAlgorithmsand

KeySizes

PKCS#1 RSALaboratories PKCS#1v2.1:RSACryptographicStandard

Table14:References

Oracle Unbreakable Kernel Security Policy20181207 · The Unbreakable Enterprise Kernel (UEK),...

Documents

Transcript of Oracle Unbreakable Kernel Security Policy20181207 · The Unbreakable Enterprise Kernel (UEK),...