National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
Groove Cryptographic Services
(GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0)
Report Number: CCEVS-VR-03-0038
Dated: September 17, 2003
Version 2.1
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6740
®
TM
2
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6740
3
ACKNOWLEDGEMENTS
Validator
James E Brosey
Mitretek Systems, Inc.
Falls Church, VA
Common Criteria Testing Laboratory
Nithya Rachamadugu
Kris Rogers
CygnaCom Solutions (an Entrust Company)
McLean, VA
4
Table of Contents
1 Executive Summary ............................................................................................................ 6
1.1 Evaluation Details....................................................................................................................... 7
1.2 Interpretations ............................................................................................................................. 7
1.3 Threats to Security...................................................................................................................... 8
2 Identification....................................................................................................................... 8
2.1 ST and TOE Identification.......................................................................................................... 8
2.2 IT Security Environment............................................................................................................. 9
2.3 Operating System........................................................................................................................ 9
2.4 Hardware Platform.................................................................................................................... 10
3 Security Policy .................................................................................................................. 10
3.1 Key Generation Security Policies ............................................................................................. 10
3.2 Cryptographic Operation Security Policies .............................................................................. 11
3.3 Crypto Module Integrity Test Security Policy.......................................................................... 12
4 Assumptions and Clarification of Scope............................................................................. 12
4.1 Usage Assumptions................................................................................................................... 12
4.2 Environmental Threats.............................................................................................................. 13
4.3 Clarification of Scope ............................................................................................................... 13
5 Architectural Information ................................................................................................. 13
5.1 General TOE Functionality....................................................................................................... 14
5.2 TSF Subsystems........................................................................................................................ 15
5.2.1 TSF-Subset of GrooveMisc.dll Subsystem....................................................................... 15
5.2.1.1 DES — Data Encryption Standard Key Generation..................................................... 15
5.2.1.2 DES-ECB — DES Electronic Code Book Encryption and Decryption ....................... 15
5.2.1.3 DH — Diffie-Hellman Key Generation........................................................................ 15
5.2.1.4 DLIES — Discrete Logarithm Integrated Encryption Scheme Encryption and
Decryption..................................................................................................................................... 15
5.2.1.5 GDSA — Generalized DSA Signature Generation and Verification........................... 16
5.2.1.6 ESIGN — Key Generation ........................................................................................... 16
5.2.1.7 ESIGN — Signature Generation and Verification........................................................ 16
5.2.2 cryptopp.dll Subsystem..................................................................................................... 16
5.2.2.1 AES — Advanced Encryption Standard Key Generation ............................................ 16
5.2.2.2 AES-CTR — AES - Counter Mode Encryption and Decryption ................................. 16
5.2.2.3 DH — Diffie-Hellman Key Agreement........................................................................ 16
5.2.2.4 RSA — Key Generation ............................................................................................... 16
5.2.2.5 RSA — Encryption and Decryption ............................................................................. 16
5.2.2.6 RSA — Signature Generation and Verification............................................................ 16
5.2.2.7 SHA-1 — Secure Hash Algorithm ............................................................................... 16
5.2.2.8 HMAC-SHA1 — Keyed-Hashing for Message Authentication used with SHA-1...... 16
5.2.2.9 DefaultSecureRandom — FIPS-Approved Random Number Generation ................... 16
5
5.2.2.10 Crypto Module Integrity Test ................................................................................... 17
5.3 Relationship Between the Two Subsystems ............................................................................. 17
6 Documentation.................................................................................................................. 17
7 IT Product Testing ............................................................................................................ 18
7.1 Developer Testing..................................................................................................................... 18
7.2 Evaluation Team Independent Testing ..................................................................................... 19
7.3 Evaluation Team Penetration Testing....................................................................................... 19
8 Evaluated Configuration ................................................................................................... 20
9 Results of the Evaluation ................................................................................................... 20
10 Validation Comments/Recommendations ....................................................................... 21
11 Glossary ........................................................................................................................ 21
11.1 List of Terms............................................................................................................................. 21
11.2 List of Acronyms ...................................................................................................................... 22
12 Bibliography.................................................................................................................. 23
6
1 EXECUTIVE SUMMARY
The evaluation of the Groove Networks product Groove Cryptographic Services (GrooveMisc.dll
2.5.0.1774; cryptopp.dll 5.0.4.0) was performed by CygnaCom Solutions (an Entrust Company) in the
United States and was completed on 3 September 2003. The evaluation was conducted in accordance
with the requirements of the Common Criteria, version 2.1, Part 2 and Part 3, Evaluation Assurance
Level (EAL 2 Augmented), and the Common Methodology for IT Security Evaluation (CEM) (Part 2,
Version 1.0).
CygnaCom Solutions is certified by the NIAP validation body for laboratory accreditation. The
conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence
produced. The CygnaCom Security Evaluation Laboratory team concluded that the Common Criteria
requirements for Evaluation Assurance Level (EAL2 Augmented with ADV_SPM.1) have been met.
This Validation Report is not an endorsement of the Groove Networks product by any agency of the
U.S. Government and no warranty of the product is either expressed or implied. The technical
information included in this report was obtained from the Evaluation Technical Report (ETR) produced
by CygnaCom Solutions.
The Target of Evaluation (TOE) is Groove Cryptographic Services, which consists of two dynamically
linked libraries (DLLs). These DLLs are known as GrooveMisc.dll and cryptopp.dll. The TOE is
incorporated into selected versions of several Groove products and provides cryptographic services and
certain non-cryptographic support services. The TOE was evaluated as a subset of Groove Workspace.
The software that comprises the TOE is incorporated into, but was not tested as a subset of, selected
versions of the following Groove products:
· Groove Enterprise Management Server (including Closed Network edition)
· Groove Enterprise Relay Server (including Closed Network edition)
· Groove Enterprise Integration Server (including Closed Network edition)
· Groove Enterprise Backup Service
For this evaluation, the operating system and the hardware platform on which one of the Groove
products that contains the TOE is running are in the IT environment. Therefore, the operating system
and the hardware platform have not been evaluated or tested. The TOE relies on the IT environment to
provide cryptographic key destruction, user data protection through access control, import and export of
user data and keys, user identification and authentication, and security management. The TOE is
designed to function on multiple releases of the Windows Operating System. The TOE was evaluated
with Windows 2000, Windows NT, and Windows XP operating systems acting as the TOE
environment.
7
1.1 EVALUATION DETAILS
Evaluated Product: Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0).
Developer: Groove Networks, Inc., 100 Cummings Center, Suite 535Q, Beverly, MA 01915.
CCTL: CygnaCom Solutions, 7927 Jones Branch Dr., Suite 100 West, McLean, VA 22102-3350.
Validation Team: James E Brosey, Mitretek Systems, Inc., 3150 Fairview Park South, Falls Church,
VA 22042-4519.
EAL: EAL2 Augmented with ADV_SPM.1.
Completion Date: 3 September 2003.
1.2 INTERPRETATIONS
The Evaluation Team performed an analysis of the international and national interpretations regarding
the CC and the CEM and determined that the following NIAP Interpretations were applicable to this
evaluation:
I-0375 Elements Requiring Authentication Mechanism
I-0393 A Completely Evaluated ST Is Not Required When TOE Evaluation Starts
I-0405 American English Is an Acceptable Refinement
I-0407 Empty Selections or Assignments
I-0409 Other Properties in FMT_MSA.3 Should Be Specified By Assignment
I-0411 Guidance Includes AGD_ADM, AGD_USR, ADO, and ALC_FLR
I-0412 Configuration Items in the Absence of Configuration Management
I-0416 Association of Access Control Attributes With Subjects And Objects
I-0418 Evaluation of the TOE Summary Specification: Part 1 Vs Part 3
I-0427 Identification of Standards
I-0429 Selecting One or More
I-0459 CM Systems May Have Varying Degrees of Rigor and Function
The Evaluation Team determined that the following CCIMB interpretations were applicable to this
evaluation:
003 Unique identification of configuration items in the configuration list
006 Virtual machine description
008 Augmented and Conformant overlap
009 Definition of Counter
016 Objective for ADO_DEL
024 COTS product in TOE providing security
025 Level of detail required for hardware descriptions
027 Events and actions
031 Obvious vulnerabilities
032 Strength of Function Analysis in ASE_TSS
037 ACM on Product or TOE?
043 Meaning of “clearly stated” in APE/ASE_OBJ.1
049 Threats met by environment
051 Use of documentation without C & P elements.
8
058 Confusion over refinement
064 Apparent higher standard for explicitly stated requirements
065 No component to call out security function management
067 Application notes missing
069 Informal Security Policy Model
074 Duplicate informative text for ATE_COV.2-3 and ATE_DPT.1-3
075 Duplicate informative text for different work units
084 Aspects of objectives in TOE and environment
098 Limitation of refinement
116 Indistinguishable work units for ADO_DEL
120 Sampling of process expectations unclear
127 Work unit not at the right place
138 Iteration and narrowing of scope
The Validation Team concluded that the Evaluation Team correctly addressed the interpretations that it
identified.
1.3 THREATS TO SECURITY
The Security Target identified the following threats that the evaluated product addresses:
T.HACK_CRYPTO Cryptographic algorithms may be incorrectly implemented or may operate
incorrectly, allowing an unauthorised individual or user to decipher keys or data and thereby gain
unauthorised access to data.
T.MALFUNCTION The TOE may enter an unsecure state at startup due to a malfunction.
2 IDENTIFICATION
2.1 ST AND TOE IDENTIFICATION
ST – Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0)
Common Criteria Security Target Version 3.4, dated August 22, 2003.
TOE Identification – Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll
5.0.4.0).
Groove Cryptographic Services consists of software (binary executable code). It provides cryptographic
services and certain non-cryptographic support services.
The TOE was evaluated as a subset of Groove Workspace (Version 2.5f, Build 2.5.0.1774).
The TOE is also incorporated into, but was not tested as a subset of, selected versions of the following
Groove products:
9
· Groove Enterprise Management Server (including Closed Network edition)
· Groove Enterprise Relay Server (including Closed Network edition)
· Groove Enterprise Integration Server (including Closed Network edition)
· Groove Enterprise Backup Service
CC Identification – Common Criteria for Information Technology Security Evaluation, Version 2.1,
August 1999, ISO/IEC 15408:1999.
CEM Identification – Common Evaluation Methodology for Information Technology Security, Part 1:
Introduction and General Model, Version 0.6, January 1997; Common Methodology for Information
Technology Security Evaluation, Part 2: Evaluation Methodology, Version 1.0, August 1999.
Assurance Level - This ST is Common Criteria Version 2.1, Part 2 extended, and Part 3 conformant, at
Evaluation Assurance Level 2 with Augmentation. EAL2 was augmented with ADV_SPM.1, Informal
TOE security policy model.
Keywords - Cryptographic Module, Dynamic Link Library, Collaboration Software.
2.2 IT SECURITY ENVIRONMENT
The Groove Cryptographic Services ST levies requirements on the TOE as well as the IT Environment.
In the case of this TOE, the IT Environment is the Operating System and the hardware platform on
which one of the Groove products that contains the TOE is running. The TOE relies on the environment
to provide cryptographic key destruction, user data protection through access control, import and export
of user data and keys, user identification and authentication, and security management. The TOE is
designed to function on multiple releases of the Windows Operating System. The TOE was evaluated
with Windows 2000, Windows NT, and Windows XP operating systems acting as the TOE
environment.
2.3 OPERATING SYSTEM
All of the TOE security functions (TSF) and security functional requirements for the IT environment are
provided by the operating system software and the hardware platform on which the TOE executes.
The software (operating system) can be any one of the following:
§ Microsoft Windows NT version 4.0 with Service Pack 6or later
§ Microsoft Windows 2000 with Service Pack 2 or later
§ Microsoft Windows XP with Service Pack 1 or later
10
The TOE was tested on all three platforms. The operating system and their version numbers were as
follows:
§ Microsoft Windows NT 4.0, Service Pack 6
§ Microsoft Windows 2000 operating system 5.00.2195, Service Pack 2
§ Microsoft Windows XP operating system 5.1.2600, Service Pack 1
2.4 HARDWARE PLATFORM
The Groove Workspace product (which is typical of products containing the TOE) requires the
following minimum hardware requirements:
§ Intel® Pentium® II processor, 400 MHz
§ 64 MB RAM (required); 128 MB RAM (recommended).
§ 100 MB free disk space (with additional space for user data)
§ Display resolution 800 x 600 pixels, with 15-bit (32,768) color
3 SECURITY POLICY
The Groove Cryptographic Services TOE provides three security services: key generation, cryptographic
operations, and self test functionality. Each security service is represented by a corresponding security
policy. Their descriptions in the following sections were taken from Groove Cryptographic Services
(GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0), Common Criteria Security Target Version 3.4, dated
August 22, 2003 and Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774;
cryptopp.dll 5.0.4.0), Class ADV: Development Version Number: 1.3, dated: August 8, 2003.
All cryptographic functionality specified as being in the cryptopp.dll subsystem has been FIPS certified.
The FIPS certification provides a third party independent verification that the implementation of the
cryptographic algorithms meet the claimed standards. The implementation of the cryptographic
functions that are part of GrooveMisc.dll subsystem were tested but not independently verified as part of
this evaluation. Potential users of this product should confirm that the cryptographic capabilities
implemented in the GrooveMisc.dll subsystem are suitable to meet the user’s requirements.
3.1 KEY GENERATION SECURITY POLICIES
The TOE generates keys for RSA, AES, Diffie-Hellman, DES, and ESIGN. The key generation
algorithms are implemented according to the standards listed below and are generated using a FIPS-
approved random number generator (specified in ANSI X9.31 – 1998, Appendix A) whenever random
numbers are required for key generation:
11
§ RSA — Key Generation - The TOE generates RSA public and private keys of any valid value
between 512 bits to 64K bits as defined by the referenced standard IEEE 1363-2000.1
Subsystem: cryptopp.dll.
§ AES — Advanced Encryption Standard Key Generation - The TOE generates 128, 192, and
256-bit AES keys as specified in FIPS Publication 197. Subsystem: cryptopp.dll.
§ DH — Diffie-Hellman Key Generation - The TOE generates Diffie-Hellman public and private
keys of any valid value between 512 bits to 64K bits as defined by the referenced standard IEEE
1363-2000. Subsystem: GrooveMisc.dll.
§ DES — Data Encryption Standard Key Generation - The TOE generates 56-bit DES keys
(for backward compatibility purposes) as specified in FIPS Publication 46-3. Subsystem:
GrooveMisc.dll.
§ ESIGN — Key Generation - The TOE generates ESIGN public and private keys of any valid
value between 512 bits to 64K bits as defined by the referenced standard IEEE P1363a/D11.2
Subsystem: GrooveMisc.dll.
3.2 CRYPTOGRAPHIC OPERATION SECURITY POLICIES
The TOE performs the following cryptographic operations:
§ RSA — Encryption and Decryption - The TOE performs RSA encryption and decryption as
specified in IEEE 1363-2000. Subsystem: cryptopp.dll.
§ RSA — Signature Generation and Verification - The TOE performs RSA signature generation
and verification as specified in IEEE 1363-2000. Subsystem: cryptopp.dll.
§ SHA-1 — Secure Hash Algorithm - The TOE performs SHA-1 hash operations as specified in
FIPS Publication 180-1. Subsystem: cryptopp.dll.
§ HMAC-SHA1 — Keyed-Hashing for Message Authentication used with SHA-1 - The TOE
performs HMAC-SHA1 keyed hash operations as specified in FIPS Publication 198. Key lengths
of 0 to 0xffffffff (4294967295) bytes are supported. Subsystem: cryptopp.dll.
§ DH — Diffie-Hellman Key Agreement - The TOE performs Diffie-Hellman key agreement as
specified in IEEE 1363-2000. Subsystem: cryptopp.dll.
§ DES-ECB — DES Electronic Code Book Encryption and Decryption - The TOE performs
DES encryption and decryption (for backward compatibility purposes) as specified in FIPS
Publication 46-3. Subsystem: GrooveMisc.dll.
§ AES-CTR — AES - Counter Mode Encryption and Decryption - The TOE performs AES
encryption and decryption as specified in FIPS Publication 197. Subsystem: cryptopp.dll.
§ GDSA — Generalized DSA Signature Generation and Verification - The TOE performs
GDSA signature generation and verification as specified in the IEEE 1363-2000. GDSA is
exactly like DSA except DSA has restrictions on the lower limit for key lengths where 1024 is
1
IEEE 1363-2000 is the IEEE Standard Specifications for Public Key Cryptography.
2
IEEE P1363a/D11 is Draft 11 the Proposed IEEE Standard Specifications for Public Key Cryptography: Additional
Techniques.
12
the minimum key length. GDSA does not have this restriction. GDSA signature generation and
verification uses Diffie-Hellman keys as specified in IEEE 1363-2000. Valid key lengths of 512
to 64K bits are supported. Subsystem: GrooveMisc.dll.
§ DLIES — Discrete Logarithm Integrated Encryption Scheme Encryption and Decryption -
The TOE performs DLIES encryption and decryption as specified in IEEE P1363a/D11. DLIES
encryption and decryption uses Diffie-Hellman public and private keys, generating them as
specified in IEEE 1363-2000. Key lengths of 512 to 64K bits are supported. Subsystem:
GrooveMisc.dll.
§ ESIGN — Signature Generation and Verification - The TOE performs ESIGN signature
generation and verification as specified IEEE P1363a/D11. Subsystem: GrooveMisc.dll.
§ DefaultSecureRandom — FIPS-Approved Random Number Generation - The TOE
performs random number generation as specified in ANSI X9.31. Subsystem: cryptopp.dll.
3.3 CRYPTO MODULE INTEGRITY TEST SECURITY POLICY
The TOE runs a suite of self-tests during initial start-up to verify the integrity of the cryptopp.dll DLL.
Subsystem: cryptopp.dll.
The explicitly written self-tests consist of tests specified in FIPS Publication 140-2 for level 1
cryptographic modules. These include:
§ Cryptographic algorithm test. A cryptographic algorithm test using a known answer is conducted
for all cryptographic functions (e.g., encryption, decryption, authentication, and random number
generation) of each Approved cryptographic algorithm implemented by a cryptographic module.
A known-answer test involves operating the cryptographic algorithm on data for which the
correct output is already known and comparing the calculated output with the previously
generated output (the known answer). If the calculated output does not equal the known answer,
the known-answer test fails.
§ Software/firmware integrity test. A software/firmware integrity test using an error detection code
(EDC) or Approved authentication technique (e.g., an Approved message authentication code or
digital signature algorithm) is applied to all components within the cryptopp.dll on power up.
4 ASSUMPTIONS AND CLARIFICATION OF SCOPE
4.1 USAGE ASSUMPTIONS
AE.TRUSTED_ADMIN It is assumed that the administrator, who is responsible for configuring
the operating system, is a trusted user and that the administrator will
properly install and configure the TOE.
AE.OS It is assumed that the TOE is installed on a PC running Microsoft
Window 2000, Windows NT or Windows XP.
13
4.2 ENVIRONMENTAL THREATS
TE.ATTACK An undetected compromise of the TOE assets may occur as a result of
an attacker (whether an insider or outsider) attempting to perform
actions that the individual is not authorised to perform.
TE.BYPASS An unauthorised individual or user may tamper with security attributes
or other data in order to bypass OS security functions and gain
unauthorised access to TOE assets.
TE.CRYPTO_DES Incorrect cryptographic key destruction may cause an inadvertent
disclosure of sensitive information.
TE.EXPORT A user or an attacker may export data to an unsecure location or may
export corrupted data, causing the data exported to be added to or
substituted for original data and/or to reveal secrets or causing exported
data to be erroneous and unusable.
TE.IMPERSON An unauthorised individual may impersonate an authorised user of the
OS and thereby gain access to TOE data, keys, and operations.
TE.IMPORT A user or attacker may import data or keys from an unsecure location or
data with errors, causing key/data ownership and authorisation to be
uncertain or erroneous and/or the system to malfunction or operate in an
unsecure manner.
TE.MODIFY An attacker may modify OS or user data, e.g., file permissions, in order
to gain access to the TOE and its assets.
TE.OBJECT_INIT An attacker may gain unauthorised access to an object upon its creation
if the security attributes are not assigned to the object or an
unauthorised individual can assign the security attributes upon object
creation.
TE.ROLE A user may assume a more privileged role than permitted and use the
enhanced privilege to take unauthorised actions.
TE.SECURE_ATT A user may supply unsecure values for the security attributes of an
object and gain unauthorised access to the object.
4.3 CLARIFICATION OF SCOPE
The product that a customer would purchase includes more than the evaluated TOE, Groove Cryptographic
Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0). The additional components of the product in
which Groove Cryptographic Services is delivered are treated in this evaluation as part of the IT Environment.
Some requirements were placed upon the configuration of the IT Environment to support the analysis and
conclusions reached by this evaluation. The Groove Cryptographic Services TOE is also included in products that
were not used in this evaluation. In general, the Groove Cryptographic Services TOE supports configurations that
are outside the scope of this evaluation.
5 ARCHITECTURAL INFORMATION
The Groove TOE consists of software (binary executable code). It provides cryptographic services, and certain
non-cryptographic support services, for use by applications, such as Groove collaborative computing software, in
performing a variety of operations on PCs running the Windows 2000, the Windows NT, or the Windows XP
operating system.
14
5.1 GENERAL TOE FUNCTIONALITY
The Groove software TOE (target of evaluation) consists of software (binary executable code). It
provides cryptographic services, and certain non-cryptographic support services, for use by applications
in performing a variety of operations such as:
§ Generate symmetric keys for use with various cryptographic algorithms and security functions.
§ Generate asymmetric keys for use with various public key cryptographic algorithms.
§ Perform various symmetric and asymmetric encryption, digital signature, and key agreement
operations using the generated symmetric and asymmetric keys.
§ Perform secure hash operations using SHA-1.
§ Generate and verify message authentication codes using the FIPS-approved HMAC algorithm.
A diagram of the Groove TOE and the environment in which it exists is provided in Figure 1 and is
explained in the text following.
Operating System
(Windows)
Apps not
Using TOE
Outside World (Internet)
Applications Using TOE
[e.g., Groove Products (Workspace, EMS, ERS, EIS)]
TOE
TSF-Subset
of GrooveMisc.dll
GrooveMisc.dll
Non-TSF-Subset
of GrooveMisc.dll
cryptopp.dll
Figure 1: The TOE in its Environment
In Figure 1, the boxes indicate software functional components, which provide and consume services
amongst one another. The lower-level components in Figure 1 represent providers of services, and
higher-level components represent consumers of those services. Heavy horizontal lines indicate services
interfaces between producers and consumers. In general, these interfaces can be APIs (Application
Programming Interfaces), or IPCs (Inter-Process Communications).
15
As shown in Figure 1, the TOE consists of two DLLs (dynamically linked libraries). These DLLs are
known as GrooveMisc.dll and cryptopp.dll.
The operational environment in which the TOE exists (Microsoft Windows operating system) must
provide identification, authentication and access control services sufficient to protect the TOE software
from compromise by users.
5.2 TSF SUBSYSTEMS
While the TOE is composed of two complete DLL files, some parts of the TOE do not contain TSF.
GrooveMisc.dll contains functions within the TSF and functions outside of the TSF, while cryptopp.dll is entirely
made up of functions within the TSF. Only the parts of the TOE that contain TSF are broken into subsystems.
The TSF consists of two subsystems, the TSF-subset of GrooveMisc.dll and cryptopp.dll, indicated by the shaded
portion in Figure 1 above.
The TSF provides cryptographic support by performing cryptographic operations through the two TSF
subsystems. Each of the operations listed below is implemented in one and only one of the TSF subsystems
(TSF-subset of GrooveMisc.dll or cryptopp.dll). The operations in the TSF-subset of Groove Misc.dll subsystem
are externally accessible via interfaces to the TSF-subset of Groove Misc.dll subsystem. The operations available
through the cryptopp.dll subsystem are externally accessible via interfaces in both of the subsystems. In the
subsections below, FIPS-approved operations are denoted with relevant FIPS publication numbers, and other
(non-FIPS) operations are denoted by their relevant specification documents.
5.2.1 TSF-Subset of GrooveMisc.dll Subsystem
The implementation of the cryptographic functions that are part of GrooveMisc.dll subsystem were
tested but not independently verified as part of this evaluation. Potential users of this product should
confirm that the cryptographic capabilities implemented in the GrooveMisc.dll subsystem are suitable to
meet the user’s requirements. The following TSFs are implemented in the TSF-Subset of
GrooveMisc.dll subsystem:
5.2.1.1 DES — Data Encryption Standard Key Generation
The TOE generates 56-bit DES keys (for backward compatibility purposes) as specified in FIPS
Publication 46-3.
5.2.1.2 DES-ECB — DES Electronic Code Book Encryption and Decryption
The TOE performs DES encryption and decryption (for backward compatibility purposes) as specified
in FIPS Publication 46-3.
5.2.1.3 DH — Diffie-Hellman Key Generation
The TOE generates Diffie-Hellman public and private keys of any valid value between 512 bits to 64K
bits as defined by the referenced standard IEEE 1363-2000.
5.2.1.4 DLIES — Discrete Logarithm Integrated Encryption Scheme Encryption and Decryption
The TOE performs DLIES encryption and decryption as specified in IEEE P1363a/D11.
DLIES encryption and decryption uses Diffie-Hellman public and private keys, generating them as
specified in IEEE 1363-2000. Key lengths of 512 to 64K bits are supported.
16
5.2.1.5 GDSA — Generalized DSA Signature Generation and Verification
The TOE performs GDSA signature generation and verification as specified in the IEEE 1363-2000.
GDSA is exactly like DSA except DSA has restrictions on the lower limit for key lengths where 1024 is
the minimum key length. GDSA does not have this restriction.
GDSA signature generation and verification uses Diffie-Hellman keys as specified in IEEE 1363-2000.
Valid key lengths of 512 to 64K bits are supported.
5.2.1.6 ESIGN — Key Generation
The TOE generates ESIGN public and private keys of any valid value between 512 bits to 64K bits as
defined by the referenced standard IEEE P1363a/D11.
5.2.1.7 ESIGN — Signature Generation and Verification
The TOE performs ESIGN signature generation and verification as specified IEEE P1363a/D11.
5.2.2 cryptopp.dll Subsystem
All cryptographic functionality specified as being in the cryptopp.dll subsystem has been FIPS certified.
The FIPS certification provides a third party independent verification that the implementation of the
cryptographic algorithms meet the claimed standards. The following TSFs are implemented in
cryptopp.dll subsystem:
5.2.2.1 AES — Advanced Encryption Standard Key Generation
The TOE generates 128, 192, and 256-bit AES keys as specified in FIPS Publication 197.
5.2.2.2 AES-CTR — AES - Counter Mode Encryption and Decryption
The TOE performs AES encryption and decryption as specified in FIPS Publication 197.
5.2.2.3 DH — Diffie-Hellman Key Agreement
The TOE performs Diffie-Hellman key agreement as specified in IEEE 1363-2000.
5.2.2.4 RSA — Key Generation
The TOE generates RSA public and private keys of any valid value between 512 bits to 64K bits as
defined by the referenced standard IEEE 1363-2000.
5.2.2.5 RSA — Encryption and Decryption
The TOE performs RSA encryption and decryption as specified in IEEE 1363-2000.
5.2.2.6 RSA — Signature Generation and Verification
The TOE performs RSA signature generation and verification as specified in IEEE 1363-2000.
5.2.2.7 SHA-1 — Secure Hash Algorithm
The TOE performs SHA-1 hash operations as specified in FIPS Publication 180-1.
5.2.2.8 HMAC-SHA1 — Keyed-Hashing for Message Authentication used with SHA-1
The TOE performs HMAC-SHA1 keyed hash operations as specified in FIPS Publication 198. Key
lengths of 0 to 0xffffffff (4294967295) bytes are supported.
5.2.2.9 DefaultSecureRandom — FIPS-Approved Random Number Generation
The TOE performs random number generation as specified in ANSI X9.31.
17
5.2.2.10 Crypto Module Integrity Test
The TOE runs a suite of self-tests during initial start-up to verify the integrity of the cryptopp.dll file.
Whenever the TOE starts up (as part of a calling application initialization) the TSF performs a suite of
self-tests on cryptopp.dll consisting of all the cryptographic module self-tests specified for FIPS 140-2
Level 1.
5.3 RELATIONSHIP BETWEEN THE TWO SUBSYSTEMS
The cryptopp.dll subsystem is considered to be a minor component of the TSF, subordinate to the major
TSF-subset of GrooveMisc.dll subsystem.
In the Groove programming environment, applications are required (by Groove programming
convention) to access cryptographic services only via the “high-level” COM APIs on the
GrooveMisc.dll TSFI, not via the “low-level” C++ APIs on cryptopp.dll. To implement this convention,
some of the COM APIs of the GrooveMisc.dll TSFI act as “wrappers” for the C++ APIs of cryptopp.dll.
All of the C++ APIs of cryptopp.dll are “wrapped” (i.e., encapsulated) in this manner. The internal
implementation of these high-level “wrapper” COM APIs is to invoke (“wrap”) a corresponding low-
level C++ API on cryptopp.dll. In this manner, COM APIs on the GrooveMisc.dll can be used to
indirectly access services provided by cryptopp.dll. This is indicated in Figure 1 by the dotted arrow.
The wrapping strategy just described is necessary to implement Groove’s programming convention.
Nevertheless, this is only a programming convention. There is no technological enforcement of the
convention. That is, applications can access the C++ APIs of cryptopp.dll if they choose to do so
(thereby disregarding the convention). Therefore the C++ APIs on cryptopp.dll must be considered as
“external” TSF interfaces for the purposes of this CC evaluation.
The code implementing the wrapping strategy does not modify cryptographic data passing between the
COM API TSFI and the underlying C++ API. (Cryptographic data includes cryptographic keys, hash
values, message authentication codes, digital signatures, and encrypted or decrypted data.)
COM APIs on the GrooveMisc.dll TSFI are also used to access certain cryptographic services, which
are implemented directly in GrooveMisc.dll itself. These are “non-wrapper” COM APIs (they do not
invoke services in cryptopp.dll).
6 DOCUMENTATION
Purchasers of a product containing the Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774;
cryptopp.dll 5.0.4.0), TOE receive the following documentation:
· Release Notes.
· Installing Groove Workspace in its NIAP-Validated Configuration, Version Number: 1.2, dated:
August 1, 2003.
· Preview_GrooveVCAPIReference (Compiled HTML Help file), dated: February 21, 2003.
· GrooveVCAPIReference (Compiled HTML Help file), dated: December 6, 2002.
18
7 IT PRODUCT TESTING
The purpose of the Testing activity was to determine whether the TOE behaves as specified in the
design documentation and in accordance with the TOE security functional requirements specified in the
ST. This section describes the testing efforts of the developer and the Evaluation Team.
7.1 DEVELOPER TESTING
The developer designed tests to address the two libraries of the Groove Cryptographic Services TOE
(and the two subsystems of the TSF). These tests had the following goals:
· Test the security-relevant operation of all the TOE’s security functionality.
· Test the security functions through the external interfaces.
The tests for both subsystems involved tests of the interfaces identified in the Functional Specification
and the High-Level Design. Each test is directly mapped to a security function and subsystem in Groove
TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0), Class ATE:
Tests Documents.
The developer performed tests of the following functionality:
· AES key generation.
· AES encryption and decryption.
· DH key generation.
· DH key agreement.
· RSA key generation.
· RSA encryption and decryption.
· RSA signature generation and verification.
· GDSA signature generation and verification.
· ESIGN key generation.
· ESIGN signature generation and verification.
· SHA-1.
· HMAC-SHA1
· Self-test functionality.
The developer’s testing strategy was to run a test harness, which calls the security functions. The test
harness stimulates the security functions with both correct and incorrect inputs. Self-test security
function is performed by the TOE automatically when the TOE is loaded into memory.
In Section 4 of Evaluation Technical Report for a Target of Evaluation Volume 2: Evaluation of the
TOE, Version 1.5, dated September 3, 2003, the Evaluation Team reported that the evaluator examined
the source code of the test harness and verified that the external interfaces listed in the FSP are indeed
called by the test harness and that the test harness correctly outputs the status of the tests.
The developer’s tests completed successfully and the developer archived all test results in the Groove
TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0), Class ATE:
Tests document.
19
The evaluator executed the developer’s entire test procedures due to the small number of tests provided.
The Evaluation Team reported that the actual test results from the developer’s tests matched the
developer’s expected results.
7.2 EVALUATION TEAM INDEPENDENT TESTING
As stated in section 7.1, the Evaluation Team executed the developer’s entire test procedures due to the
small number of tests provided. In addition, the Evaluation Team also tested the installation, generation,
and start-up procedures to determine, in accordance with ADO_IGS.1.2E, that those procedures result in
a secure configuration.
The evaluator examined the test plan and found the following tests missing from the developer’s tests:
DES Key generation, DLIES crypto-operations, and DES crypto-operations.
The evaluator devised a test subset for independent testing. The test subset consisted of the functions not
tested by the developer, security functions with non-default parameters and security functions with
invalid security parameters based on the factors identified in the CEM guidance. The evaluator
produced test documentation for the test subset that was sufficiently detailed to enable the tests to be
reproducible.
The Validation Team observed a subset of the Evaluation Team’s independent testing effort and
concluded that the testing was successful.
7.3 EVALUATION TEAM PENETRATION TESTING
For its penetration tests, the Evaluation Team evaluated the developer’s vulnerability analysis document,
Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0), Class
ACM: Configuration Management, Class ADO: Delivery and Operation, Class AGD: Guidance
Documents, Class AVA: Vulnerability Assessment to identify penetration test cases. Penetration tests
were selected based on the Evaluation Team’s experience with evaluating the developer’s design,
guidance, test, and vulnerability assessment documentation. The penetration test set consisted of
Cryptographic Key Generation and Self-test vulnerabilities from the developer’s vulnerability analysis.
The Evaluation Team used the Groove test harness, previously used in developer testing and
independent testing, to successfully perform its penetration tests. The Validation Team observed the
Evaluation Team’s penetration testing and concluded that the testing was successful.
The Evaluation Team’s TOE ETR, provides a detailed description of the tests, the results, and the
effects, if any, on the information presented in the ST or other evaluation evidence.
20
8 EVALUATED CONFIGURATION
In Section 4 of Evaluation Technical Report for a Target of Evaluation Volume 2: Evaluation of the
TOE, Version 1.5, dated September 3, 2003, the Evaluation Team reported that the test configuration
was consistent with the evaluated configuration in the Security Target.
The TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0), was
evaluated in stand-alone mode of operation as established in the ST. The TOE is available in two forms:
CD and Web Download. The evaluator verified the installation Procedures and Delivery procedures for
both forms of installation.
The TOE was tested on three operating system platforms individually: Windows NT, Windows 2000
and Windows XP. The evaluator modified the test harness supplied by the developer to include
independent and penetration tests as well as the functionality tests delivered. The platforms and their
version numbers were as follows:
§ Windows NT 4.0, Service Pack 6
§ Microsoft Windows 2000 operating system 5.00.2195, Service Pack 2
§ Microsoft Windows XP operating system 5.1.2600, Service Pack 1
The configuration of the hardware platform was as follows:
· Intel Pentium MMX processor
· 64 MB of RAM
· 1.99 GB Hard Disk
· 2.00 GB additional hard disk
· One compact disk (CD) drive
· One 3.5” floppy disk drive
· Ethernet adapter
The software test configuration was as follows:
· TOE version GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0
· GDK v2.5 (used for compiling test programs)
· C++ developer version, SPK 5 was used to compile test programs.
· Groove Crypto Services Test Harness Version 1.2
· Internet Explorer 5 for web download
The testing activity confirmed that the installation, generation, and start-up procedures result in a secure
configuration.
9 RESULTS OF THE EVALUATION
The Evaluation Team conducted the evaluation in accordance with the CC and the CEM
The Evaluation Team assigned a Pass, Fail, or Inconclusive verdict to each work unit of each EAL2
assurance component and for the augmented assurance component ADV_SPM.1. For Fail or
21
Inconclusive work unit verdicts, the Evaluation Team advised the developer of the issue that needed to
be resolved or the clarification that needed to be made to the particular evaluation evidence.
In this way, the Evaluation Team assigned an overall Pass verdict to the assurance component only
when all of the work units for that component had been assigned a Pass verdict. Section 4, Results of
Evaluation, from documents Evaluation Technical Report for a Target of Evaluation Volume 1:
Evaluation of the ST, Version 1.5, dated September 3, 2003 and Evaluation Technical Report for a
Target of Evaluation Volume 2: Evaluation of the TOE, Version 1.5, dated September 3, 2003, contain
the verdicts of “PASS” for all the work units.
The evaluation determined the TOE to be Part 2 extended, and to meet the Part 3 Evaluation Assurance
Level (EAL 2 augmented ADV_SPM.1) requirements. The rationale supporting each CEM work unit
verdict is recorded in the ETR.
Therefore, when configured according to the following guidance documentation:
· Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0),
Class ACM: Configuration Management, Class ADO: Delivery and Operation, Class AGD:
Guidance Documents, Class AVA: Vulnerability Assessment, Version Number: 1.3, dated: August 8,
2003.
· Installing Groove Workspace in its NIAP-Validated Configuration, Version Number: 1.2, dated:
August 1, 2003.
Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0) is CC compliant and
satisfies the Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0) Common
Criteria Security Target, Version 3.4, dated August 22, 2003.
10 VALIDATION COMMENTS/RECOMMENDATIONS
The Validation Team observed that the evaluation and all of its activities were performed in accordance
with the CC, the CEM, and CCEVS practices. The Validation Team agrees that the CCTL presented
appropriate rationales to support the evaluation results presented in Section 4 of the ETR, volume 1, and
the Conclusions presented in Section 5 of the ETR, volume 1. The Validation Team, therefore,
concludes that the evaluation and Pass result for the TOE identified below is complete and correct:
Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0).
11 GLOSSARY
11.1 LIST OF TERMS
Cryptography The art and science of using mathematics to secure information and create a high
degree of trust in the electronic realm. See also public key, secret key, symmetric-
key, and threshold cryptography.
22
Decryption The inverse (reverse) of encryption.
DES Symmetric key encryption using a key size of 56 bits defined by NIST as
FIPS 46-3.
Diffie-Hellman
key exchange
A key exchange protocol allowing the participants to agree on a key over an insecure
channel.
Digest Commonly used to refer to the output of a hash function, e.g. message digest refers to
the hash of a message.
Digital signature The encryption of a message digest with a private key
Encryption The transformation of plaintext into an apparently less readable form (called
ciphertext) through a mathematical process. The ciphertext may be read by anyone
who has the key that decrypts (undoes the encryption) the ciphertext.
Electronic
codebook (ECB)
Block cipher mode that consists of simply applying the cipher to blocks of data in
sequence, one block at a time.
Key (Security) A string of bits used widely in cryptography, allowing people to encrypt and decrypt
data; a key can be used to perform other mathematical operations as well. Given a
cipher, a key determines the mapping of the plaintext to the ciphertext. See also
distributed key, private key, public key, secret key, session key, shared key, sub key,
symmetric key, and weak key.
RSA An (asymmetric) encryption method using two keys: a private key and a public key.
Reference: http://www.rsa.com.
SHA-1 A NIST defined hashing algorithm producing a 160-bit result from an arbitrary sized
source as specified in FIPS 180-1.
Hash function A function that takes a variable sized input and has a fixed size output.
Verification The act of recognizing that a person or entity is who or what it claims to be.
11.2 LIST OF ACRONYMS
CC Common Criteria for Information Technology Security Evaluation
CCEVS Common Criteria Evaluation and Validation Scheme
CEM Common Methodology for Information Technology Security Evaluation
CM Configuration Management
EAL Evaluation Assurance Level
FIPS Federal Information Processing Standard
ID Identification
IT Information Technology
NIAP National Information Assurance Partnership
NIST National Institute of Standards and Technology
NSA National Security Agency
PC Personal Computer
PP Protection Profile
ST Security Target
TOE Target of Evaluation
TSC TSF Scope of Control
TSF TOE Security Functions
TSP TOE Security Policy
23
12 BIBLIOGRAPHY
The Validation Team used the following documents to produce this Validation Report:
· Common Criteria for Information Technology Security Evaluation, version 2.1, August 1999, Part 1.
· Common Criteria for Information Technology Security Evaluation, version 2.1, August 1999, Part 2.
· Common Criteria for Information Technology Security Evaluation, version 2.1, August 1999, Part 2
Annexes.
· Common Criteria for Information Technology Security Evaluation, version 2.1, August 1999, Part 3.
· Common Criteria, Evaluation and Validation Scheme for Information Technology Security,
Guidance to Validators of IT Security Evaluations, Scheme Publication #3, Version 1.0, February
2002.
· Common Evaluation Methodology for Information Technology Security – Part 1: Introduction and
general model, version 0.6, 11 January 1997.
· Common Evaluation Methodology for Information Technology Security – Part 2: Evaluation
Methodology, version 1.0, August 1999.
· Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0) Common Criteria
Security Target, Version 3.4, dated August 22, 2003.
· Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0),
Class ACM: Configuration Management, Class ADO: Delivery and Operation, Class AGD:
Guidance Documents, Class AVA: Vulnerability Assessment, Version Number: 1.3, dated: August 8,
2003.
· Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0),
Class ADV: Development, Version Number: 1.3, dated: August 8, 2003.
· Groove TOE, Groove Cryptographic Services (GrooveMisc.dll 2.5.0.1774; cryptopp.dll 5.0.4.0),
Class ATE: Tests, Version Number: 1.3, dated: August 8, 2003.
· Installing Groove Workspace in its NIAP-Validated Configuration, Version Number: 1.2, dated:
August 1, 2003.
· Evaluation Technical Report for a Target of Evaluation Volume 1: Evaluation of the ST, Version
1.5, dated September 3, 2003.
· Evaluation Technical Report for a Target of Evaluation Volume 2: Evaluation of the TOE, Version
1.5, dated September 3, 2003.