Beruflich Dokumente
Kultur Dokumente
SecurityPolicy
forFIPS1402Validation
MicrosoftWindows8
MicrosoftWindowsServer2012
MicrosoftWindowsRT
MicrosoftSurfaceWindowsRT
MicrosoftSurfaceWindows8Pro
MicrosoftWindowsPhone8
MicrosoftWindowsStorageServer2012
VersionNumber 1.2
UpdatedOn December17,2014
2014Microsoft.AllRightsReserved Page1of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
2014Microsoft.AllRightsReserved Page2of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
TABLEOFCONTENTS
1 INTRODUCTION....................................................................................................................6
1.1 LISTOFCRYPTOGRAPHICMODULEBINARYEXECUTABLES...................................................................6
1.2 BRIEFMODULEDESCRIPTION.......................................................................................................6
1.3 VALIDATEDPLATFORMS.............................................................................................................6
1.4 CRYPTOGRAPHICBOUNDARY.......................................................................................................7
2 SECURITYPOLICY..................................................................................................................7
2.1 FIPS1402APPROVEDALGORITHMS............................................................................................9
2.2 NONAPPROVEDALGORITHMS....................................................................................................9
2.3 CRYPTOGRAPHICBYPASS..........................................................................................................10
2.4 MACHINECONFIGURATIONS......................................................................................................10
3 OPERATIONALENVIRONMENT............................................................................................10
4 INTEGRITYCHAINOFTRUST................................................................................................10
5 PORTSANDINTERFACES.....................................................................................................11
5.1 CONTROLINPUTINTERFACE.......................................................................................................11
5.2 STATUSOUTPUTINTERFACE......................................................................................................11
5.3 DATAOUTPUTINTERFACE.........................................................................................................11
5.4 DATAINPUTINTERFACE............................................................................................................11
6 SPECIFICATIONOFROLES....................................................................................................11
6.1 MAINTENANCEROLES..............................................................................................................11
6.2 MULTIPLECONCURRENTINTERACTIVEOPERATORS.........................................................................12
6.3 DATAACCESS.........................................................................................................................12
6.4 SHOWSTATUSSERVICES...........................................................................................................12
6.5 SELFTESTSERVICES.................................................................................................................12
6.6 SERVICEINPUTS/OUTPUTS......................................................................................................12
7 SERVICES.............................................................................................................................12
2014Microsoft.AllRightsReserved Page3of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
7.1 KEYSTORAGESERVICES............................................................................................................12
7.1.1 CRYPTACQUIRECONTEXT..................................................................................................................12
7.1.2 CRYPTGETPROVPARAM....................................................................................................................13
7.1.3 CRYPTSETPROVPARAM....................................................................................................................13
7.1.4 CRYPTRELEASECONTEXT...................................................................................................................13
7.2 KEYGENERATIONANDEXCHANGESERVICES.................................................................................13
7.2.1 CRYPTDERIVEKEY............................................................................................................................13
7.2.2 CRYPTDESTROYKEY..........................................................................................................................14
7.2.3 CRYPTEXPORTKEY............................................................................................................................14
7.2.4 CRYPTGENKEY................................................................................................................................14
7.2.5 CRYPTGENRANDOM........................................................................................................................14
7.2.6 CRYPTGETKEYPARAM......................................................................................................................15
7.2.7 CRYPTGETUSERKEY.........................................................................................................................15
7.2.8 CRYPTIMPORTKEY...........................................................................................................................15
7.2.9 CRYPTSETKEYPARAM.......................................................................................................................15
7.2.10 CRYPTDUPLICATEKEY.......................................................................................................................15
7.3 DATAENCRYPTIONANDDECRYPTIONSERVICES.............................................................................15
7.3.1 CRYPTDECRYPT...............................................................................................................................16
7.3.2 CRYPTENCRYPT...............................................................................................................................16
7.4 HASHINGANDDIGITALSIGNATURESERVICES................................................................................16
7.4.1 CRYPTCREATEHASH.........................................................................................................................16
7.4.2 CRYPTDESTROYHASH.......................................................................................................................16
7.4.3 CRYPTGETHASHPARAM....................................................................................................................17
7.4.4 CRYPTHASHDATA............................................................................................................................17
7.4.5 CRYPTHASHSESSIONKEY...................................................................................................................17
7.4.6 CRYPTSETHASHPARAM....................................................................................................................17
7.4.7 CRYPTSIGNHASH.............................................................................................................................17
7.4.8 CRYPTVERIFYSIGNATURE..................................................................................................................18
7.4.9 CRYPTDUPLICATEHASH.....................................................................................................................18
8 AUTHENTICATION...............................................................................................................18
9 SECURITYRELEVANTDATAITEMS.......................................................................................18
9.1 ACCESSCONTROLPOLICY.........................................................................................................19
9.2 KEYMATERIAL.......................................................................................................................19
9.3 KEYGENERATION....................................................................................................................19
9.4 KEYENTRYANDOUTPUT..........................................................................................................20
9.5 KEYSTORAGE.........................................................................................................................20
9.6 KEYARCHIVAL........................................................................................................................21
9.7 KEYDESTRUCTION...................................................................................................................21
2014Microsoft.AllRightsReserved Page4of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
10 SELFTESTS..........................................................................................................................21
10.1 POWERONSELFTESTS............................................................................................................21
10.2 CONDITIONALSELFTESTS.........................................................................................................21
11 DESIGNASSURANCE............................................................................................................21
12 MISCELLANEOUS.................................................................................................................23
12.1 OPERATORAUTHENTICATION....................................................................................................23
12.2 MODULAREXPOFFLOAD...........................................................................................................23
13 MITIGATIONOFOTHERATTACKS........................................................................................24
14 ADDITIONALDETAILS..........................................................................................................24
15 APPENDIXAHOWTOVERIFYWINDOWSVERSIONSANDDIGITALSIGNATURES...............25
15.1 HOWTOVERIFYWINDOWSVERSIONS.........................................................................................25
15.2 HOWTOVERIFYWINDOWSDIGITALSIGNATURES..........................................................................25
2014Microsoft.AllRightsReserved Page5of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
1 Introduction
TheMicrosoftCorporationsWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8EnhancedCryptographicProviderisaFIPS1402Level1compliant,
softwarebased,cryptographicserviceprovider.Likeothercryptographicprovidersthatshipwith
MicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindows
Phone8,EnhancedCryptographicProviderencapsulatesseveraldifferentcryptographicalgorithmsinan
easytousecryptographicmoduleaccessibleviatheMicrosoftCryptoAPI.Softwaredeveloperscan
dynamicallylinktheMicrosoftEnhancedCryptographicProvidermoduleintotheirapplicationsto
provideFIPS1402compliantcryptographicsupport.
x86MicrosoftWindows8EnterpriseDellDimensionC521(AMDAthlon64X2DualCore)
x64MicrosoftWindows8EnterpriseDellPowerEdgeSC430(IntelPentiumDwithoutAESNI)
x64AESNIMicrosoftWindows8EnterpriseIntelClientDesktop(IntelCorei7withAESNI)
x64MicrosoftWindowsServer2012DellPowerEdgeSC430(IntelPentiumDwithoutAESNI)
x64AESNIMicrosoftWindowsServer2012IntelClientDesktop(IntelCorei7withAESNI)
ARMv7Thumb2MicrosoftWindowsRTNVIDIATegra3Tablet(NVIDIATegra3QuadCore)
ARMv7Thumb2MicrosoftWindowsRTQualcommTablet(QualcommSnapdragonS4)
ARMv7Thumb2MicrosoftWindowsRTMicrosoftSurfaceWindowsRT(NVIDIATegra3Quad
Core)
x64AESNIMicrosoftWindows8ProMicrosoftSurfaceWindows8Pro(Intelx64Processor
withAESNI)
ARMv7Thumb2MicrosoftWindowsPhone8WindowsPhone8(QualcommSnapdragonS4)
x64MicrosoftWindowsStorageServer2012IntelMahoBay(IntelCorei7withoutAESNI)
x64AESNIMicrosoftWindowsStorageServer2012IntelMahoBay(IntelCorei7withAESNI)
TheEnhancedCryptographicProvidermaintainsFIPS1402validationcompliance(accordingtoFIPS
1402PUBImplementationGuidanceG.5)onthefollowingplatforms:
x86MicrosoftWindows8
x86MicrosoftWindows8Pro
x64MicrosoftWindows8
x64MicrosoftWindows8Pro
x64MicrosoftWindowsServer2012Datacenter
2014Microsoft.AllRightsReserved Page6of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
x64AESNIMicrosoftWindows8
x64AESNIMicrosoftWindows8Pro
x64AESNIMicrosoftWindowsServer2012Datacenter
ItshouldbenotedthattheDataProtectionAPIofMicrosoftWindows8,WindowsRT,WindowsServer
2012,WindowsStorageServer2012,andWindowsPhone8isnotpartofthemoduleandshouldbe
consideredtobeoutsidetheboundary.
2 Security Policy
EnhancedCryptographicProvideroperatesunderseveralrulesthatencapsulateitssecuritypolicy.
EnhancedCryptographicProviderissupportedonWindows8,WindowsRT,WindowsServer
2012,WindowsStorageServer2012,andWindowsPhone8(inasingleuserenvironment).
EnhancedCryptographicProvideroperatesinFIPSmodeofoperationonlywhenusedwith
Windows8,WindowsRT,WindowsServer2012,WindowsStorageServer2012,andWindows
Phone8CodeIntegrity(ci.dll)validatedtoFIPS1402underCert.#1897forWindows8
operatinginFIPSmode,MicrosoftWindows8,WindowsRT,WindowsServer2012,Windows
StorageServer2012,andWindowsPhone8CryptographicPrimitivesLibrary
(bcryptprimitives.dll)validatedtoFIPS1402underCert.#1892forWindows8operatinginFIPS
mode,andMicrosoftWindows8,WindowsRT,WindowsServer2012,WindowsStorageServer
2012,andWindowsPhone8KernelModeCryptographicPrimitivesLibrary(cng.sys)validatedto
FIPS1402underCert.#1891forWindows8operatinginFIPSmode.
EnhancedCryptographicProviderprovidesnouserauthentication.Rolesareassumedimplicitly.
TheauthenticationprovidedbytheWindows8,WindowsRT,WindowsServer2012,Windows
StorageServer2012,andWindowsPhone8operatingsystemisnotinthescopeofthe
validation.
EnhancedCryptographicProviderisonlyinitsApprovedmodeofoperationwhenFIPSapproved
securityfunctionsareusedandWindowsisbootednormally,meaningDebugmodeisdisabled
andDriverSigningenforcementisenabled.
EnhancedCryptographicProvideroperatesinitsFIPSmodeofoperationonlywhenoneofthe
followingDWORDregistryvaluesissetto1:
o HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled
o HKLM\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration\SelfT
estAlgorithms
2014Microsoft.AllRightsReserved Page7of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
Theregistrysecuritypolicysettingscanbeobservedwiththeregedittooltodeterminewhether
themoduleisinFIPSmode.
AlltheservicesprovidedbytheEnhancedCryptographicProviderareavailabletotheUserand
Cryptoofficerroles.
KeyscreatedwithinEnhancedCryptographicProviderbyoneuserarenotaccessibletoany
otheruserviaEnhancedCryptographicProvider.
ThefollowingdiagramillustratesthemastercomponentsoftheEnhancedCryptographicProvider
module:
Figure1MastercomponentsofEnhancedCryptographicProvidermodule
2014Microsoft.AllRightsReserved Page8of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
Application
CryptoAPI
CryptoAPIrouter
(cryptsp.dll)
CryptoSPI
1
Two-key Triple-DES is restricted and legacy-use according to NIST SP 800-131A. Users should start
transitioning away from this algorithm to better, stronger choices.
2
According to NIST SP 800-131A, SHA-1 is disallowed after the end of 2013. SHA-1 is currently legacy-
use for digital signature verification. Users should start transitioning away from this algorithm to better,
stronger choices.
2014Microsoft.AllRightsReserved Page9of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
EnhancedCryptographicProvidersupportsthefollowingnonFIPSapprovedalgorithms:
DES
RC4
RC2
MD2
MD4
MD5
ThesealgorithmsmaynotbeusedwhenoperatingthemoduleinaFIPSmode.Tooperatethemodulein
aFIPSmode,applicationsmustonlyuseFIPSapprovedalgorithms.
3 Operational Environment
TheoperationalenvironmentforEnhancedCryptographicProviderisWindows8,WindowsRT,
WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8runningonthehardware
listedinSection1.3ValidatedPlatforms.
TheEnhancedCryptographicProvidercryptomoduleisintendedtorunonWindows8,WindowsRT,
WindowsServer2012,WindowsStorageServer2012,andWindowsPhone8inSingleUserMode,
wherethereisonlyoneinteractiveuserduringalogonsession.Eachoperatingsystemprocesscreatesa
uniqueinstanceofthecryptomodulethatiswhollydedicatedtothatprocess.Thecryptomoduleisnot
sharedbetweenprocesses,andRSAENHreliesontheoperationalenvironmenttomaintainthis
isolation.
Eachprocessrequestingaccessisprovideditsowninstanceofthemodule.Assuch,eachprocesshasfull
accesstoallinformationandkeyswithinthemodule.Notethatnokeysorotherinformationare
maintainedupondetachmentfromtheDLL,thusaninstantiationofthemodulewillonlycontainkeysor
informationthattheprocesshasplacedinthemodule.
2014Microsoft.AllRightsReserved Page10of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
6 Specification of Roles
EnhancedCryptographicProvidersupportsbothUserandCryptographicOfficerroles(asdefinedinFIPS
1402).BothroleshaveaccesstoallservicesimplementedinEnhancedCryptographicProvider.
Whenanapplicationrequeststhecryptomoduletogeneratekeysforauser,thekeysaregenerated,
used,anddeletedasrequestedbyapplications.Therearenoimplicitkeysassociatedwithauser,and
eachusermayhavenumerouskeys,bothsignatureandkeyexchange,andthesekeysareseparatefrom
otheruserskeys.
2014Microsoft.AllRightsReserved Page11of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
Eachinteractiveoperatormayrunanumberofconcurrentprocesses,andmultiplesuchprocessesmay
accessRSAENH.Eachsuchprocessisprovidedaseparateinstanceofthemodule.Eachsuchinstancewill
onlycontainkeysorinformationthattheprocesshasplacedwithinthemodule,andtheprocesswill
havefullaccesstoallkeysandinformationwithinitsmoduleinstance.
7 Services
Thefollowinglistcontainsallservicesavailabletoanoperator.Allservicesareaccessiblebyallroles.
NotethatthefunctionsnamedinthissectionareCryptoAPIfunctions;asmentionedinSection5,these
arecalledbytheapplicationandcorresponddirectlytotheCryptoSPIfunctionsimplementedby
RSAENH.
7.1.1 CryptAcquireContext
TheCryptAcquireContextfunctionisusedtoacquireaprogrammaticcontexthandletoaparticularkey
containerviaaparticularcryptographicserviceprovidermodule(CSPM).Thisreturnedhandlecanthen
beusedtomakecallstotheselectedCSPM.Anysubsequentcallstoacryptographicfunctionneedto
referencetheacquiredcontexthandle.
2014Microsoft.AllRightsReserved Page12of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
Thisfunctionperformstwooperations.ItfirstattemptstofindaCSPMwiththecharacteristicsdescribed
inthedwProvTypeandpszProviderparameters.IftheCSPMisfound,thefunctionattemptstofindakey
containermatchingthenamespecifiedbythepszContainerparameter.
WiththeappropriatesettingofdwFlags,thisfunctioncanalsocreateanddestroykeycontainers.
IfdwFlagsissettoCRYPT_NEWKEYSET,anewkeycontaineriscreatedwiththenamespecifiedby
pszContainer.IfpszContainerisNULL,akeycontainerwiththedefaultnameiscreated.
IfdwFlagsissettoCRYPT_DELETEKEYSET,ThekeycontainerspecifiedbypszContainerisdeleted.If
pszContainerisNULL,thekeycontainerwiththedefaultnameisdeleted.Allkeypairsinthekey
containerarealsodestroyedandmemoryiszeroized.
Whenthisflagisset,thevaluereturnedinphProvisundefined,andthus,theCryptReleaseContext
functionneednotbecalledafterwards.
7.1.2 CryptGetProvParam
TheCryptGetProvParamfunctionretrievesdatathatgovernstheoperationsoftheprovider.This
functionmaybeusedtoenumeratekeycontainers,enumeratesupportedalgorithms,andgenerally
determinecapabilitiesoftheCSPM.
7.1.3 CryptSetProvParam
TheCryptSetProvParamfunctioncustomizesvariousaspectsofaprovidersoperations.Thisfunctionis
maybeusedtosetasecuritydescriptoronakeycontainer.
7.1.4 CryptReleaseContext
TheCryptReleaseContextfunctionreleasesthehandlereferencedbythehProvparameter.Aftera
providerhandlehasbeenreleased,itbecomesinvalidandcannotbeusedagain.Inaddition,keyand
hashhandlesassociatedwiththatproviderhandlemaynotbeusedafterCryptReleaseContexthasbeen
called.
7.2.1 CryptDeriveKey
TheCryptDeriveKeyfunctioncreatescryptographicsessionkeysfromahashvalue.Thisfunction
guaranteesthatwhenthesameCSPMandalgorithmsareused,thekeyscreatedfromthesamehash
valueareidentical.Thehashvalueistypicallyacryptographichashofapasswordorsimilarsecretuser
data.
ThisfunctionisthesameasCryptGenKey,exceptthatthegeneratedsessionkeysarecreatedfromthe
hashvalueinsteadofbeingrandomandCryptDeriveKeycanonlybeusedtocreatesessionkeys.This
functioncannotbeusedtocreatepublic/privatekeypairs.Thisfunctioncanbeusedbyacalling
applicationasthepseudorandomfunction(PRF)ofTLS1.0;however,theuseofthisfunctionasa
standalonekeyderivationfunctionisnotallowedinFIPSmode.
2014Microsoft.AllRightsReserved Page13of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
IfkeysarebeingderivedfromaCALG_SCHANNEL_MASTER_HASH,thentheappropriatekeyderivation
processisusedtoderivethekey.InthiscasetheprocessusedisfromtheSSL2.0,SSL3.0orTLS
specificationofderivingclientandserversideencryptionandMACkeys.Thisfunctionwillcausethekey
blocktobederivedfromthemastersecretandtherequestedkeyisthenderivedfromthekeyblock.
Whichprocessisusedisdeterminedbywhichprotocolisassociatedwiththehashobject.TLSmustbe
usedinFIPSmode.FormoreinformationseetheSSL2.0,SSL3.0andTLSspecifications.
7.2.2 CryptDestroyKey
TheCryptDestroyKeyfunctionreleasesthehandlereferencedbythehKeyparameter.Afterakeyhandle
hasbeenreleased,itbecomesinvalidandcannotbeusedagain.
Ifthehandlereferstoasessionkey,ortoapublickeythathasbeenimportedintotheCSPMthrough
CryptImportKey,thisfunctionzeroizesthekeyinmemoryandfreesthememorythatthekeyoccupied.
Theunderlyingpublic/privatekeypair(whichresidesoutsidethecryptomodule)isnotdestroyedbythis
function.Onlythehandleisdestroyed.
7.2.3 CryptExportKey
TheCryptExportKeyfunctionexportscryptographickeysfromacryptographicserviceprovidermodule
(CSPM)inasecuremannerforkeyarchivalpurposes.
PublicRSAkeysarealsoexportedusingthisfunction.AhandletotheRSApublickeyispassedtothe
functionandthepublickeyisexported,alwaysinplaintextasablob.Thisblobmaythenbeimported
usingtheCryptImportKeyfunction.
SymmetrickeysmayalsobeexportedandwrappedwithanRSAkeyusingtheCryptExportKeyfunction.
AhandletothesymmetrickeyandahandletothepublicRSAkeytowrapwitharepassedtothe
function.Thefunctionreturnsablob(SIMPLEBLOB)whichisthewrappedsymmetrickey.
Symmetrickeysmayalsobeexportedbyencryptingthekeyswithanothersymmetrickey(AESorTriple
DES).TheencryptedkeyisthenexportedasablobandmaybeimportedusingtheCryptImportKey
function.
7.2.4 CryptGenKey
TheCryptGenKeyfunctiongeneratesarandomcryptographickey.Ahandletothekeyisreturnedin
phKey.ThishandlecanthenbeusedasneededwithanyCryptoAPIfunctionrequiringakeyhandle.
Thecallingapplicationmustspecifythealgorithmwhencallingthisfunction.Becausethisalgorithmtype
iskeptbundledwiththekey,theapplicationdoesnotneedtospecifythealgorithmlaterwhenthe
actualcryptographicoperationsareperformed.
7.2.5 CryptGenRandom
TheCryptGenRandomfunctionfillsabufferwithrandombytes.Thisfunctionmerelyforwardsthecallto
aFIPSapprovedRNGfromtheCryptographicPrimitivesLibrary(bcryptprimitives.dll)withDRBG(Cert.
#258).
2014Microsoft.AllRightsReserved Page14of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
7.2.6 CryptGetKeyParam
TheCryptGetKeyParamfunctionretrievesdatathatgovernstheoperationsofakey.
7.2.7 CryptGetUserKey
TheCryptGetUserKeyfunctionretrievesahandleofoneofauser'spublic/privatekeypairs.
7.2.8 CryptImportKey
TheCryptImportKeyfunctiontransfersacryptographickeyfromakeyblobintoacryptographicservice
providermodule(CSPM).
Privatekeysmaybeimportedasblobsandthefunctionwillreturnahandletotheimportedkey.
AsymmetrickeywrappedwithanRSApublickeyisimportedintotheCryptoImportKeyfunction.The
functionusestheRSAprivatekeyexchangekeytounwraptheblobandreturnsahandletothe
symmetrickey.
Symmetrickeysencryptedwithothersymmetrickeys(AESorTripleDES)mayalsobeimportedusing
thisfunction.Theencryptedkeyblobispassedinalongwithahandletoasymmetrickey,whichthe
moduleissupposedtousetodecrypttheblob.Ifthefunctionissuccessfulthenahandletothe
decryptedsymmetrickeyisreturned.
TheCryptImportKeyfunctionrecognizesanewflagCRYPT_IPSEC_HMAC_KEY.Theflagallowsthecaller
tosupplytheHMACkeymaterialofsizegreaterthan16bytes.WithouttheCRYPT_IPSEC_HMAC_KEY
flag,theCryptImportKeyfunctionwouldfailwithNTE_BAD_DATAifthecallersuppliestheHMACkey
materialofsizegreater16bytes.ForimportingaHMACkey,thecallershouldidentifytheimportedkey
blobasthePLAINTEXTKEYBLOBtypeanduseCALG_RC2asthekeyAlgorithmidentifier.
7.2.9 CryptSetKeyParam
TheCryptSetKeyParamfunctioncustomizesvariousaspectsofakey'soperations.Thisfunctionisusedto
setsessionspecificvaluesforsymmetrickeys.
7.2.10 CryptDuplicateKey
TheCryptDuplicateKeyfunctionisusedtoduplicate,makeacopyof,thestateofakeyandreturnsa
handletothisnewkey.TheCryptDestroyKeyfunctionmustbeusedonboththehandletotheoriginal
keyandthenewlyduplicatedkey.
2014Microsoft.AllRightsReserved Page15of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
7.3.1 CryptDecrypt
TheCryptDecryptfunctiondecryptsdatapreviouslyencryptedusingCryptEncryptfunction.
7.3.2 CryptEncrypt
TheCryptEncryptfunctionencryptsdata.Thealgorithmusedtoencryptthedataisdesignatedbythe
keyheldbytheCSPMandisreferencedbythehKeyparameter.
7.4.1 CryptCreateHash
TheCryptCreateHashfunctioninitiatesthehashingofastreamofdata.Itreturnstothecalling
applicationahandletoaCSPMhashobject.ThishandleisusedinsubsequentcallstoCryptHashData
andCryptHashSessionKeyinordertohashstreamsofdataandsessionkeys.SHA1andMD5arethe
cryptographichashingalgorithmssupported.Inaddition,aMACusingasymmetrickeyiscreatedwith
thiscallandmaybeusedwithanyofthesymmetricblockcipherssupportbythemodule(DES,Triple
DES,AES,RC4orRC2).ForcreatingaHMAChashvalue,thecallerspecifiestheCALG_HMACflaginthe
Algidparameter,andtheHMACkeyusingahKeyhandleobtainedfromcallingCryptImportKey.
ACALG_SCHANNEL_MASTER_HASHmaybecreatedwiththiscall.Ifthisisthecasethenahandletoone
ofthefollowingtypesofkeysmustbepassedinthehKeyparameter,CALG_SSL2_MASTER,
CALG_SSL3_MASTER,orCALG_TLS1_MASTER.ThisfunctionwithCALG_SCHANNEL_MASTER_HASHin
theALGIDparameterwillcausethederivationofthemastersecretfromthepremastersecret
associatedwiththepassedinkeyhandle.Thiskeyderivationprocessisdoneinthemethodspecifiedin
theappropriateprotocolspecification,SSL2.0,SSL3.0,orTLS.Themastersecretisthenassociatedwith
theresultinghashhandleandsessionkeysandMACkeysmaybederivedfromthishashhandle.The
mastersecretmaynotbeexportedorimportedfromthemodule.Thekeydataassociatedwiththehash
handleiszeroizedwhenCryptDestroyHashiscalled.
7.4.2 CryptDestroyHash
TheCryptDestroyHashfunctiondestroysthehashobjectreferencedbythehHashparameter.Aftera
hashobjecthasbeendestroyed,itcannolongerbeused.Whenahashobjectisdestroyed,thecrypto
modulezeroizesthememorywithinthemodulewherethehashobjectwasheld.Thememoryisthen
freed.
IfthehashhandlereferencesaCALG_SCHANNEL_MASTER_HASHkeythen,whenCryptDestroyHashis
called,theassociatedkeymaterialiszeroizedalso.
AllhashobjectsshouldbedestroyedwiththeCryptDestroyHashfunctionwhentheapplicationis
finishedwiththem.
2014Microsoft.AllRightsReserved Page16of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
7.4.3 CryptGetHashParam
TheCryptGetHashParamfunctionretrievesdatathatgovernstheoperationsofahashobject.Theactual
hashvaluecanalsoberetrievedbyusingthisfunction.
7.4.4 CryptHashData
TheCryptHashDatafunctionaddsdatatoaspecifiedhashobject.Thisfunctionand
CryptHashSessionKeycanbecalledmultipletimestocomputethehashonlongdatastreamsor
discontinuousdatastreams.Beforecallingthisfunction,theCryptCreateHashfunctionmustbecalledto
createahandleofahashobject.
7.4.5 CryptHashSessionKey
TheCryptHashSessionKeyfunctioncomputesthecryptographichashofakeyobject.Thisfunctioncan
becalledmultipletimeswiththesamehashhandletocomputethehashofmultiplekeys.Callsto
CryptHashSessionKeycanbeinterspersedwithcallstoCryptHashData.Beforecallingthisfunction,the
CryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.
7.4.6 CryptSetHashParam
TheCryptSetHashParamfunctioncustomizestheoperationsofahashobject.ForcreatingaHMAChash
associatedwithahashobjectidentifiedthehHashhandle,thecallerusestheCryptSetHashParam
functionwiththeHP_HMAC_INFOflagtospecifythenecessarySHA1algorithmusingtheCALG_SHA1
flagintheinputHMAC_INFOstructure.ThereisnoneedforthecallertospecifytheHMACinneror
outerstringsastheCSPMisusingtheinnerandouterstringvaluesasdocumentedintheDraftFIPSfor
HMACasitsdefaultvalues.
7.4.7 CryptSignHash
TheCryptSignHashfunctionsignsdata.Becauseallsignaturealgorithmsareasymmetricandthusslow,
theCryptoAPIdoesnotallowdatabesigneddirectly.Instead,dataisfirsthashedandCryptSignHashis
usedtosignthehash.ThecryptomodulesupportssigningwithRSA.TheX9.31formatmaybespecified
byaflag.
Note:thisfunctionacceptsSHA1hashes,whichaccordingtoNISTSP800131Aiscurrentlydeprecated
fordigitalsignaturegenerationandwillbedisallowedaftertheendof2013.SimilarlyforRSAwithkeys
shorterthan2048bits.SHA1andRSAwithkeysshorterthan2048bitsarecurrentlylegacyusefor
digitalsignatureverification.
2014Microsoft.AllRightsReserved Page17of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
7.4.8 CryptVerifySignature
TheCryptVerifySignaturefunctionverifiesthesignatureofahashobject.Beforecallingthisfunction,the
CryptCreateHashfunctionmustbecalledtocreatethehandleofahashobject.CryptHashDataor
CryptHashSessionKeyisthenusedtoadddataorsessionkeystothehashobject.Thecryptomodule
supportsverifyingRSAsignatures.TheX9.31formatmaybespecifiedbyaflag.
Afterthisfunctionhasbeencompleted,onlyCryptDestroyHashcanbecalledusingthehHashhandle.
Note:thisfunctionacceptsSHA1hashes,whichaccordingtoNISTSP800131Aiscurrentlydeprecated
fordigitalsignaturegenerationandwillbedisallowedaftertheendof2013.SimilarlyforRSAwithkeys
shorterthan2048bits.SHA1andRSAwithkeysshorterthan2048bitsarecurrentlylegacyusefor
digitalsignatureverification.
7.4.9 CryptDuplicateHash
TheCryptDuplicateHashfunctionisusedtoduplicate,makeacopyof,thestateofahashandreturnsa
handletothisnewhash.TheCryptDestroyHashfunctionmustbeusedonboththehandletotheoriginal
hashandthenewlyduplicatedhash.
8 Authentication
TheEnhancedCryptographicProvidercryptomoduledoesnotprovideauthentication.Rolesare
implicitlyassumedbasedontheservicesthatareexecuted.
SecurityRelevantDataItem Description
Symmetricencryption/decryptionkeys KeysusedforAESorTDEAencryption/decryption
HMACkeys KeysusedforHMACSHA1,HMACSHA256,
HMACSHA384,andHMACSHA512
RSAPublicKeys KeysusedfortheverificationofRSAdigital
signaturesorkeytransport
RSAPrivateKeys KeysusedforthecalculationofRSAdigital
signaturesorkeytransport
2014Microsoft.AllRightsReserved Page18of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
Symmetricencryption/decryption
EnhancedCryptographicProvidercryptomodule
RSAPrivateKeys
RSAPublicKeys
ServiceAccessPolicy
HMACkeys
keys
KeyStorageServices r/x r/x r/x r/x
KeyGenerationandExchangeServices r/w/ d r/w/d r/w/d r/w/d
DataEncryptionandDecryptionServices x
HashingandDigitalSignatureServices x x X
SeetheMSDNLibraryformoreinformationaboutkeyformatsandstructures.(DevCenterDesktop>
Docs>Desktopappdevelopmentdocumentation>SecurityandIdentity>CryptographyAPI:Next
Generation>CNGReference>CNGStructures)
2014Microsoft.AllRightsReserved Page19of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
SeetheMSDNLibrary.(DevCenterDesktop>Docs>Desktopappdevelopmentdocumentation>
SecurityandIdentity>Cryptography>CryptographyReference>CryptographyFunctions>CSPKey
GenerationandExchangeFunctions)
ExportingtheRSAprivatekeybysupplyingPRIVATEKEYBLOBtotheBlobTypeparameterof
CryptExportKey()isnotallowedinFIPSmode.
See the MSDN Library. (DevCenterDesktop>Docs>Desktopappdevelopmentdocumentation>
SecurityandIdentity>Cryptography>CryptographyReference>CryptographyFunctions>CSPKey
GenerationandExchangeFunctions)e
2014Microsoft.AllRightsReserved Page20of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
10 SelfTests
EnhancedCryptographicProviderprovidesalloftheFIPS1402requiredselftests.Asrequired,the
moduleexecutesitsselftestsuponpoweron(startup)withoutoperatorinterventionandotherself
testsuponencounteringaspecificcondition(keypairorrandomnumbergeneration).Finally,itshould
benotedthatnonFIPSapprovedalgorithmsshouldnotbeusedifoperatingEnhancedCryptographic
ProviderinaFIPSmode.
Iftheselftestfails,themodulewillnotloadandstatuswillbereturned.Ifthestatusisnot
STATUS_SUCCESS,thenthatistheindicatoraselftestfailed.
11 Design Assurance
Thesecureinstallation,generation,andstartupproceduresofthiscryptographicmodulearepartofthe
overallWindows8,WindowsRT,WindowsServer2012,andWindowsStorageServer2012operating
2014Microsoft.AllRightsReserved Page21of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
systemsecureinstallation,configuration,andstartupprocedures.Aftertheoperatingsystemhasbeen
installed,itmustbeconfiguredbyenablingthe"Systemcryptography:UseFIPScompliantalgorithmsfor
encryption,hashing,andsigning"policysettingfollowedbyrestartingthesystem.Thisprocedureisall
thecryptoofficeranduserbehaviornecessaryforthesecureoperationofthiscryptographicmodule.
WindowsPhone8doesnotusethesameinstallation,configuration,andstartupproceduresasthe
Windowsoperatingsystemonacomputer,butrather,issecurelyinstalledandconfiguredbythe
cellulartelephonecarrier.
Theproceduresrequiredformaintainingsecuritywhiledistributinganddeliveringversionsofa
cryptographicmoduletoauthorizedoperatorsare:
1. Thesecuredistributionmethodisviathephysicalmediumforproductinstallationdeliveredby
MicrosoftCorporation,whichisaDVDinthecaseofWindows8andWindowsServer2012.In
thecaseofWindowsRT,SurfaceWindowsRT,SurfaceWindows8Pro,WindowsPhone8,and
WindowsStorageServer2012,thecryptographicmoduleisalreadyinstalledatthefactoryand
isonlydistributedwiththehardware.
2. Aninspectionofauthenticityofthephysicalmediumcanbemadebyfollowingtheguidanceat
thisMicrosoftwebsite:http://www.microsoft.com/enus/howtotell/default.aspx
3. TheinstalledversionofWindows8,WindowsRT,WindowsServer2012,andWindowsStorage
Server2012mustbeverifiedtomatchtheversionthatwasvalidated.SeeAppendixAfordetails
onhowtodothis.
ForWindowsUpdates,theclientonlyacceptsbinariessignedbyMicrosoftcertificates.TheWindows
UpdateclientonlyacceptscontentwhoseSHA2hashmatchestheSHA2hashspecifiedinthe
metadata.AllmetadatacommunicationisdoneoveraSecureSocketsLayer(SSL)port.UsingSSL
ensuresthattheclientiscommunicatingwiththerealserverandsopreventsaspoofserverfrom
sendingtheclientharmfulrequests.Theversionanddigitalsignatureofnewcryptographicmodule
releasesmustbeverifiedtomatchtheversionthatwasvalidated.SeeAppendixAfordetailsonhowto
dothis.
2014Microsoft.AllRightsReserved Page22of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
12 Miscellaneous
Thefollowingitemsaddressrequirementsnotaddressedabove.
12.2 ModularExpOffload
TheModularExpOffloadfunctionoffloadsmodularexponentiationfromaCSPMtoahardware
accelerator.TheCSPMwillcheckintheregistryforthevalue
HKLM\Software\Microsoft\Cryptography\ExpoOffloadthatcanbethenameofaDLL.TheCSPMuses
LoadLibrarytoloadthatDLLandcallsGetProcAddresstogettheOffloadModExpoentrypointintheDLL
specifiedintheregistry.TheCSPMusestheentrypointtoperformallmodularexponentiationsforboth
publicandprivatekeyoperations.Twochecksaremadebeforeaprivatekeyisoffloaded.Notethatto
useEnhancedCryptographicProviderinaFIPScompliantmanner,thisfunctionshouldonlybeusedif
thehardwareacceleratorisFIPSvalidated.
2014Microsoft.AllRightsReserved Page23of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
CacheAttack MemoryAccesspatternis
independentofany
confidentialdata
CacheAttack MemoryAccesspatternis
independentofany
confidentialdata
14 Additional Details
ForthelatestinformationonMicrosoftWindows,checkouttheMicrosoftwebsiteat:
http://windows.microsoft.com
FormoreinformationaboutFIPS140validationsofMicrosoftproducts,pleasesee:
http://technet.microsoft.com/enus/library/cc750357.aspx
2014Microsoft.AllRightsReserved Page24of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).
EnhancedCryptographicProvider
1. Thevercommand
a. FromStart,opentheSearchcharm.
b. Inthesearchfieldtype"cmd"andpresstheEnterkey.
c. Thecommandwindowwillopenwitha"C:\>"prompt.
d. Attheprompt,type"ver"andpresstheEnterkey.
e. Youshouldseetheanswer"Microsoft Windows [Version 6.2.9200]".
2. Thesysteminfocommand
a. FromStart,opentheSearchcharm.
b. Inthesearchfieldtype"cmd"andpresstheEnterkey.
c. Thecommandwindowwillopenwitha"C:\>"prompt.
d. Attheprompt,type"systeminfo"andpresstheEnterkey.
e. Waitfortheinformationtobeloadedbythetool.
f. Nearthetopoftheoutput,youshouldsee:
OS Name: Microsoft Windows 8 Enterprise
OS Version: 6.2.9200 N/A Build 9200
OS Manufacturer: Microsoft Corporation
Iftheversionnumberreportedbytheutilitymatchestheexpectedoutput,thentheinstalledversion
hasbeenvalidatedtobecorrect.
1. OpenanewwindowinWindowsExplorer.
2. TypeC:\Windows\inthefilepathfieldatthetopofthewindow.
3. Typethecryptographicmodulebinaryexecutablefilename(forexample,CNG.SYS)inthe
searchfieldatthetoprightofthewindow,thenpresstheEnterkey.
4. Thefilewillappearinthewindow.
5. Rightclickonthefilesicon.
6. SelectPropertiesfromthemenuandthePropertieswindowopens.
7. SelecttheDetailstab.
8. NotetheFileversionPropertyanditsvalue,whichhasanumberinthisformat:x.x.xxxx.xxxxx.
9. Ifthefileversionnumbermatchesoneoftheversionnumbersthatappearatthestartofthis
securitypolicydocument,thentheversionnumberhasbeenverified.
10. SelecttheDigitalSignaturestab.
11. IntheSignaturelist,selecttheMicrosoftWindowssigner.
12. ClicktheDetailsbutton.
13. UndertheDigitalSignatureInformation,youshouldsee:ThisdigitalsignatureisOK.Ifthat
conditionistruethenthedigitalsignaturehasbeenverified.
2014Microsoft.AllRightsReserved Page25of25
ThisSecurityPolicyisnonproprietaryandmaybereproducedonlyinitsoriginalentirety(withoutrevision).