Professional Documents
Culture Documents
TECHNOLOGY
CORPORATION
FIPS - SECURITY POLICY
! HASADNAOT STREET
HERZLIA,
ISRAEL
DOCUMENT VERSION: .
5. Key Management............................................................................... 16
RN G POW E R N ON - VOLATI LE
MAN AGE ME N T DATA
HO ST CRYP TO
LP C\I C \ IN TE R FACE PROC ES SO R ACC E LE - CODE
SPI B U S ( TI S RATOR
E MU LATI ON )
GP I
C RY P TO G R A P H I C M O D U L E S P EC I F I C AT I O N
C RY P TO G R A P H I C M O D U L E P O RT S A N D
I N T E R FAC E S
R O L ES , S E RV I C ES A N D A U T H E N T I C AT I O N
F I N I T E S TAT E M O D E L
P H Y S I C A L S EC U R I T Y
O P E R AT I N G E N V I RO N M E N T N/A
C RY P TO G R A P H I C K E Y M A N A G E M E N T
EMI/EMC
S E L F -T E ST S
D ES I G N A S S U R A N C E
M I T I G AT I O N O F O T H E R A T TA C K S N/A
CERT NUMBER
FUNCTION
KEYSIZE
USE
A P P ROV E D F U N C T I O N S
AES E N C RY P T ! BITS E N C RY P T I O N *
M O D ES : ECB, CTR
RSA V E R I F Y & D I G I TA L !
! BITS S I G N AT U R E
V E R I F I C AT I O N
SHS H A S H N/A M ES S A G E
D I G E ST
A P P ROV E D S E RV I C ES
A L LOW E D F O R U S E F U N C T I O N S
Note: no TPM protocol has been used or tested by the CAVP and
CMVP.
- LPC Bus
- SPI Bus
- I2C Bus
- GPIO Bus
C O N T RO L I N P U T C O N T RO L I N P U T CO M M A N D S LPC B U S
I N T E R FAC E I S S U E D TO T H E C H I P SPI B U S
I C BUS
GPIO B U S
TABLE : ROLES
C RY P TO O F F I C E R I N STA L L S A N D CO N F I G U R E S T H E
P RO D U C T A N D M A N A G E S U S E R S
USER E X EC U T E S C RY P TO A L G O R I T H M S
A N D G E N E R AT ES K E Y S
G E T S TAT U S T H E M O D U L E I M P L E M E N T S A G E T S TAT U S C RY P TO O F F I C E R
CO M M A N D T H AT R E T U R N S T H E STAT U S O F T H E
M O D U L E , I N C LU D I N G S U C C ES S O R FA I LU R E O F
S E L F - T EST S .
R U N S E L F -T E ST S T H E M O D U L E R U N S P OW E R - U P S E L F - T E ST S C RY P TO O F F I C E R
AU TO M AT I C A L LY W H E N P O W E R E D O N .
O N E C A N E X E C U T E S E L F - T E ST S O N D E M A N D BY
P OW E R - C YC L I N G T H E M O D U L E .
E N C RY P T U S E D TO E N C RY P T D ATA USER
Z E RO I Z E U S E D TO Z E RO I Z E ( I R R E V E RS I B LY D E ST ROY ) C RY P TO O F F I C E R
M O D U L E ' S C RY P TO G R A P H I C K E Y S A N D CSP S .
T H E K E Y S A N D CSP S STO R E D I N T H E N O N -
V O L AT I L E A N D V O L AT I L E M E M O RY A R E Z E RO I Z E D
BY E X EC U T I N G T H E CO R R E S P O N D I N G K E Y / E N T I T Y
Z E RO I Z AT I O N CO M M A N D S :
- TPM_F LU S H S P EC I F I C
- TPM_O W N E R C L EA R
K E Y G E N E R AT E U S E D TO G E N E R AT E K E Y S USER
TPM I D E N T I T Y U S E D TO USER
AU T H E N T I C AT E TPM I D E N T I T Y TO OT H E R PA RT I E S
TPM S T I R R A N D O M U S E D TO A D D E N T RO P Y TO T H E R A N D O M B I T USER
G E N E R ATO R
I N STA L L M O D U L E I N STA L L S M O D U L E C RY P TO O F F I C E R
F I R M WA R E U P DAT E U P DAT ES M O D U L E S F I R M WA R E C RY P TO O F F I C E R
AES U S E D TO E N C RY P T E N C RY P T G E N E R AT E D O R
SY M M E T R I C DATA READ I M P O RT E D BY T H E
E N C RY P T I O N M O D U L E , STO R E D I N
KEYS KEY GEN OTP O R I N N O N -
WRITE V O L AT I L E F L A S H I N
PLAINTEXT
KEY
W R A P /U N W R A P
WRITE
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
Z E RO I Z E
WRITE
KEY
W R A P /U N W R A P
WRITE
K E Y I M P O RT
WRITE
RSA P U B L I C U S E D TO W R A P RSA G E N E R AT E D O R
STO R A G E K E Y S SY M M E T R I C K E Y S W R A P /U N W R A P I M P O RT E D BY T H E
READ M O D U L E , STO R E D I N
V O L AT I L E RAM O R I N
N O N - V O L AT I L E F L A S H
K E Y I M P O RT IN PLAINTEXT
WRITE
RSA K E Y G E N
WRITE
Z E RO I Z E
WRITE
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
Z E RO I Z E
WRITE
HMAC K E Y S U S E D TO MAC/MAC G E N E R AT E D O R
C A L C U L AT E A N D VERIFY I M P O RT E D BY T H E
VERIFY M AC READ M O D U L E , STO R E D I N
CO D E S F O R D ATA V O L AT I L E RAM O R I N
N O N - V O L AT I L E F L A S H
KEY GEN IN PLAINTEXT
READ
K E Y I M P O RT
WRITE
Z E RO I Z E
WRITE
Z E RO I Z E
WRITE
HMAC U S E D FO R HMAC K E Y G E N E R AT E G E N E R AT E D BY T H E
A U T H E N T I C AT I AU T H E N T I C AT I O N WRITE MODULE
ON KEY O F D ATA
MAC/MAC
VERIFY
READ
F I R M WA R E U S E D TO V E R I F Y F I R M WA R E I N STA L L E D AT T H E
U P DAT E K E Y S I G N AT U R E O N U P D AT E FAC TO RY
F I R M WA R E READ
U P D AT E S
- TPM_FLUSHSPECIFIC
- TPM_OWNERCLEAR
All keys and CSPs that are subject to the key zeroization
requirements of FIPS 140-2 are zeroized by executing the key
zeroization service.
6 . POWER-
POWER - ON SELF TESTS
TABLE : SELF-TESTS
AES CTR E N C RY P T K N OW N A N SW E R T E ST
( E N C RY P T )
RSA V E R I F Y K N OW N A N SW E R T E ST ( V E R I F Y )
HMAC K E Y E D H A S H K N OW N A N SW E R T E ST
(KEYED HASH)
SHS H A S H K N OW N A N SW E R T E ST ( H A S H )
RNG R A N D O M N U M B E R K N OW N A N SW E R T E ST
9 . USER GUIDANCE
RSA Rivest-Shamir-Adleman
SP Special Publication