BlackBerry
© 2016
FIP
Sec
BlackBe
Docume
BlackBe
y Cryptograph
BlackBerry Limit
This document
PS 14
curit
erry Crypt
ent versio
erry Secur
hic Java Modu
ted. All rights res
may be freely re
40-2
ty P
ographic
n 1.8
rity Certifi
ule Versions 2
served.
produced and di
2 No
olicy
Java Mod
ications, B
2.8, 2.8.7 and
www.blackb
stributed whole a
on-Pr
y
dule Versio
BlackBerry
d 2.8.8
berry.com
and intact includ
ropr
ons 2.8, 2.
y
ing this Copyrigh
rieta
.8.7 and 2
Version
Page 1 o
Product Security
ht Notice
ary
.8.8
n: 1.8
of 31
y
BlackBerry
© 2016
Table
TABLE OF
LIST OF F
LIST OF T
INTRODUC
1 CRYP
1.1 P
1.2 C
1.3 S
2 CRYP
3 ROLE
3.1 R
3.2 S
3.3 O
4 FINITE
5 PHYS
6 OPER
7 CRYP
7.1 K
7.2 K
7.3 K
7.4 K
7.5 K
8 SELF-
8.1 P
8.2 O
8.3 C
8.4 FA
9 DESIG
9.1 C
9.2 D
9.3 D
9.4 G
10 MITIG
10.1
10.2
y Cryptograph
BlackBerry Limit
This document
of Cont
F CONTENTS
FIGURES......
TABLES........
CTION .........
PTOGRAPHIC
HYSICAL SPEC
COMPUTER HAR
OFTWARE SPE
PTOGRAPHIC
ES, SERVICE
ROLES AND SER
ECURITY FUNC
OPERATOR AUT
E STATE MO
SICAL SECUR
RATIONAL EN
PTOGRAPHIC
EY GENERATIO
EY ESTABLISH
EY ENTRY AND
EY STORAGE .
EY ZEROIZATIO
-TESTS........
OWER-UP TES
ON-DEMAND SE
CONDITIONAL TE
AILURE OF SEL
GN ASSURA
CONFIGURATION
DELIVERY AND O
DEVELOPMENT
GUIDANCE DOC
GATION OF O
TIMING ATTAC
ATTACK ON B
hic Java Modu
ted. All rights res
may be freely re
tents
S...................
.....................
.....................
.....................
C MODULE S
CIFICATIONS....
RDWARE, OS, A
ECIFICATIONS..
C MODULE P
S, AND AUT
RVICES...........
CTION.............
THENTICATION
ODEL ............
RITY .............
NVIRONMEN
C KEY MANA
ON .................
MENT ............
D OUTPUT .......
.....................
ON .................
.....................
TS.................
ELF-TESTS ......
ESTS .............
LF-TESTS .......
NCE.............
N MANAGEMEN
OPERATION....
.....................
UMENTS ........
OTHER ATTA
CK ON RSA....
BIASED PRIVATE
ule Versions 2
served.
produced and di
.....................
.....................
.....................
.....................
SPECIFICATI
.....................
AND JVM.......
.....................
PORTS AND
HENTICATIO
.....................
.....................
.....................
.....................
.....................
NT..................
AGEMENT ....
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
NT ..................
.....................
.....................
.....................
ACKS ............
.....................
E KEY OF DSA
2.8, 2.8.7 and
www.blackb
stributed whole a
......................
......................
......................
......................
ON ...............
......................
......................
......................
INTERFACE
ON.................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
......................
A ....................
d 2.8.8
berry.com
and intact includ
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
S..................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
ing this Copyrigh
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
.....................
Version
Page 2 o
Product Security
ht Notice
......................
......................
......................
......................
......................
.....................
.....................
.....................
......................
......................
.....................
.....................
.....................
......................
......................
......................
......................
.....................
.....................
.....................
.....................
.....................
......................
.....................
.....................
.....................
.....................
......................
.....................
.....................
.....................
.....................
......................
.....................
.....................
n: 1.8
of 31
y
..... 2
..... 4
..... 5
..... 6
..... 8
..... 8
... 10
... 11
... 12
... 13
... 13
... 14
... 17
... 18
... 19
... 20
... 21
... 21
... 21
... 21
... 21
... 22
... 23
... 23
... 23
... 23
... 23
... 24
... 24
... 24
... 24
... 24
... 25
... 25
... 25
BlackBerry
© 2016
DOCUMEN
y Cryptograph
BlackBerry Limit
This document
NT AND CON
hic Java Modu
ted. All rights res
may be freely re
NTACT INFO
ule Versions 2
served.
produced and di
RMATION....
2.8, 2.8.7 and
www.blackb
stributed whole a
......................
d 2.8.8
berry.com
and intact includ
.....................
ing this Copyrigh
.....................
Version
Page 3 o
Product Security
ht Notice
......................
n: 1.8
of 31
y
... 31
BlackBerry
© 2016
List o
Figure 1. B
Figure 2. C
Figure 3: C
y Cryptograph
BlackBerry Limit
This document
of Figure
BlackBerry En
Cryptographic
Cryptographic
hic Java Modu
ted. All rights res
may be freely re
es
nterprise Serv
c module hard
c module softw
ule Versions 2
served.
produced and di
vice 10 archite
dware block d
ware block dia
2.8, 2.8.7 and
www.blackb
stributed whole a
ecture............
iagram..........
agram...........
d 2.8.8
berry.com
and intact includ
.....................
.....................
.....................
ing this Copyrigh
.....................
.....................
.....................
Version
Page 4 o
Product Security
ht Notice
.....................
.....................
.....................
n: 1.8
of 31
y
..... 6
..... 9
... 11
BlackBerry
© 2016
List of
Table 1. Su
Table 2. Im
Table 3. Ro
Table 4. Su
Table 5. Ke
Table 6. M
y Cryptograph
BlackBerry Limit
This document
f Tables
ummary of ac
mplementation
oles and serv
upported cryp
ey and CSP,
odule self-tes
hic Java Modu
ted. All rights res
may be freely re
s
chieved secur
n of FIPS 140
vices .............
ptographic alg
key size, sec
sts ................
ule Versions 2
served.
produced and di
rity levels per
0-2 interfaces
.....................
gorithms........
curity strength
.....................
2.8, 2.8.7 and
www.blackb
stributed whole a
r FIPS 140-2 s
.....................
......................
......................
h, and access
......................
d 2.8.8
berry.com
and intact includ
section.........
.....................
.....................
.....................
....................
.....................
ing this Copyrigh
.....................
.....................
.....................
.....................
.....................
.....................
Version
Page 5 o
Product Security
ht Notice
.....................
.....................
.....................
.....................
.....................
.....................
n: 1.8
of 31
y
..... 7
... 12
... 13
... 14
... 16
... 23
BlackBerry
© 2016
Introd
BlackBerry
application
and organi
advanced
BlackBerry
BlackBerry
BlackBerry
the use of
devices, A
BlackBerry
provides th
Cryptograp
devices run
The BlackB
software m
12 and oth
• Data en
• Messag
• Random
• Elliptic c
• Elliptic c
• Elliptic c
More inform
y Cryptograph
BlackBerry Limit
This document
duction
y® is the lead
ns, including e
zer informatio
BlackBerry w
y® Enterprise
y® smartphon
y Enterprise S
BlackBerry E
Android™ dev
y 10 smartpho
he cryptograp
phic Java Mod
nning operati
Berry Cryptog
module that pr
er BlackBerry
ncryption and
ge digest and
m data genera
curve key pai
curve digital s
curve key agr
mation on the
hic Java Modu
ted. All rights res
may be freely re
ing wireless s
email, phone,
on. BlackBerr
wireless device
Service 12 a
Figure 1. Bla
nes are built o
Service, provid
Enterprise Ser
vices, and Win
ones contain t
phic functiona
dule expands
ng systems o
graphic Java M
rovides the fo
y device man
decryption
authenticatio
ation
ir generation
signature gen
reement
e BlackBerry s
ule Versions 2
served.
produced and di
solution that a
enterprise ap
ry is a totally i
es and wirele
architecture is
ackBerry Ent
on industry-lea
de users with
rvice 12, you c
ndows phone
the BlackBerr
lity required fo
s the secure c
other than the
Module, here
llowing crypto
agement com
on code gene
neration and v
solution is ava
2.8, 2.8.7 and
www.blackb
stributed whole a
allows users t
pplications, th
integrated pa
ss network se
s shown in the
terprise Serv
ading wireles
an industry l
can manage
es® all from a
ry OS Cryptog
or basic oper
capabilities an
BlackBerry O
after referred
ographic serv
mponents:
ration
verification
ailable from h
d 2.8.8
berry.com
and intact includ
to stay conne
he Internet, S
ackage that in
ervice, provid
e following fig
vice 12 archite
ss technology
eading, end t
BlackBerry s
a unified interf
graphic Libra
ration of the d
nd features B
OS.
d to as cryptog
vices to the Bl
http://ca.black
ing this Copyrigh
ected to a full
hort Message
cludes innova
ding a seamle
gure.
ecture
and, combin
to end securit
martphones,
face.
ary, a software
device. The B
lackBerry is k
graphic modu
lackBerry Ent
kberry.com/.
Version
Page 6 o
Product Security
ht Notice
suite of
e Service (SM
ative software
ess solution. T
ed with
ty solution. W
as well as iO
e module that
lackBerry
known for, to
ule or module
terprise Servi
n: 1.8
of 31
y
MS),
e,
The
With
S®
t
, is a
ce
BlackBerry
© 2016
The BlackB
Level 1 as
Table 1. Su
Section
Cryptogra
Cryptogra
Roles, Se
Finite Sta
Physical S
Operation
Cryptogra
EMI/EMC
Self-Tests
Design A
Mitigation
Cryptogra
y Cryptograph
BlackBerry Limit
This document
Berry Cryptog
shown in Tab
ummary of ac
aphic Module
aphic Module
ervices, and A
ate Model
Security
nal Environme
aphic Key Ma
C
s
ssurance
n of Other Atta
aphic Module
hic Java Modu
ted. All rights res
may be freely re
graphic Java M
ble 1.
chieved secur
Specification
Ports and Int
Authentication
ent
anagement
acks
Security Poli
ule Versions 2
served.
produced and di
Module meets
rity levels per
n
terfaces
n
icy
2.8, 2.8.7 and
www.blackb
stributed whole a
s the requirem
r FIPS 140-2 s
Level
1
1
1
1
N/A
1
1
1
1
1
1
1
d 2.8.8
berry.com
and intact includ
ments applica
section
ing this Copyrigh
able to FIPS 1
Version
Page 7 o
Product Security
ht Notice
140-2 Securit
n: 1.8
of 31
y
ty
BlackBerry
© 2016
1 Cryp
The BlackB
that operat
• Comme
• Comme
• A comm
1.1
The genera
• CPU (m
• Working
 In
 P
 C
Note: Key
 Prog
 Hard
 Disp
 Key
 Mou
 Aud
 Netw
 Seri
 Para
 USB
 Pow
Figure 2 ill
y Cryptograph
BlackBerry Limit
This document
ptograp
Berry Cryptog
tes with the fo
ercially availa
ercially availa
mercially avai
Physical
al, computer
microprocesso
g memory loc
nput/Output b
Plaintext/ciphe
Control buffer
y storage is no
gram memory
d disk (or disk
play controller
board interfac
use interface,
io controller
work interface
al port
allel port
B interface
wer supply
ustrates the c
hic Java Modu
ted. All rights res
may be freely re
phic mo
graphic Java M
ollowing comp
ble general-p
ble Operating
lable Java Vir
l specific
hardware com
or)
cated on the R
buffer
ertext buffer
ot deployed in
y is also locat
ks), including
r, including th
ce
including the
e
configuration
ule Versions 2
served.
produced and di
dule sp
Module is a m
ponents:
purpose comp
g System (OS
rtual Machine
cations
mponent cons
RAM and con
n this module
ed on the RA
flash memory
e touch scree
e trackball inte
of this compo
2.8, 2.8.7 and
www.blackb
stributed whole a
pecificat
multiple-chip,
puter hardwar
S) that runs on
e (JVM) that r
sists of the fo
tains the follo
.
AM
y
en controller
erface
onent.
d 2.8.8
berry.com
and intact includ
tion
stand-alone s
re
n the compute
uns on the co
llowing device
owing spaces
ing this Copyrigh
software cryp
er hardware
omputer hardw
es:
s:
Version
Page 8 o
Product Security
ht Notice
ptographic mo
ware and OS
n: 1.8
of 31
y
odule
S
BlackBerry
© 2016
Key:
Phy
Flo
Flo
Flo
y Cryptograph
BlackBerry Limit
This document
ysical Cryptograp
ow of data, contro
ow of control inpu
ow of status outpu
hic Java Modu
ted. All rights res
may be freely re
phic Boundary
ol input, and statu
ut
ut
Figure 2. Cry
ule Versions 2
served.
produced and di
us output
yptographic m
2.8, 2.8.7 and
www.blackb
stributed whole a
module hardw
d 2.8.8
berry.com
and intact includ
ware block di
ing this Copyrigh
iagram
Version
Page 9 o
Product Security
ht Notice
n: 1.8
of 31
y
BlackBerry
© 2016
1.2
The Black
following
Environm
1.
2.
3.
4.
5.
6.
7.
The Black
represent
Environm
1.
The modu
1.
2.
3.
4.
5.
while mai
is applica
y Cryptograph
BlackBerry Limit
This document
Compute
kBerry Crypt
representati
ent (JRE) 1.
Solaris 10, 3
Solaris 10, 6
Red Hat Lin
Red Hat Lin
Windows V
Windows V
Windows 20
kBerry Crypt
ative combin
ent (JRE) 1.
CentOS Li
ule will run o
Any other S
Any other L
Any other W
AIX Platform
HP-UX Plat
ntaining its c
ble to these
hic Java Modu
ted. All rights res
may be freely re
er hardw
tographic Ja
ve combinat
.5.0 and 1.6
32-bit SPAR
64-bit SPAR
nux AS 5.5, 3
nux AS 5.5, 6
ista, 32-bit x
ista, 64-bit x
008 Server,
tographic Ja
nations of co
.8.0 by Orac
nux 7.0 64-b
on the JREs
Solaris Platfo
Linux Platform
Windows Pla
ms, and
tforms,
compliance t
JREs and p
ule Versions 2
served.
produced and di
ware, OS,
va Module v
tions of com
.0 by Sun M
RC (Binary c
RC (Binary c
32-bit x86 (B
64-bit x86 (B
x86 (Binary c
x86 (Binary c
64-bit x86
va Module v
omputer hard
cle:
bit x86
1.3.1, and 1
orms,
ms,
atforms,
to the FIPS
platforms as
2.8, 2.8.7 and
www.blackb
stributed whole a
and JVM
versions 2.8
mputer hardw
icrosystems
ompatible to
ompatible to
Binary comp
Binary comp
compatible to
compatible to
version 2.8.8
dware and O
.4.2, and on
140-2 Level
well.
d 2.8.8
berry.com
and intact includ
M
and 2.8.7 h
ware and OS
s:
o Solaris 9)
o Solaris 9)
patible to AS
patible to AS
o Windows 9
o Windows 6
8 has been t
OS, running
n various har
1 requireme
ing this Copyrigh
ave been te
S, running the
2.1/3.0/4.0/
4.0/5.0)
98/2000/200
64-bit XP).
tested on the
the Java Ru
rdware and
ents. Thus,
Version
Page 10 o
Product Security
ht Notice
ested on the
e Java Runt
/5.0)
03/XP)
e following
untime
OS such as
this validati
n: 1.8
of 31
y
time
,
on
BlackBerry
© 2016
1.3
The BlackB
form of a J
because th
the compu
The interfa
Interface (A
which the p
Key:
Cry
Dat
y Cryptograph
BlackBerry Limit
This document
Software
Berry Cryptog
ava archive (
he JVM under
ter hardware
ace into the B
API) method c
parameters a
yptographic boun
ta flows
hic Java Modu
ted. All rights res
may be freely re
e specifi
graphic Java M
(JAR). The sa
rneath the Bla
and OS.
lackBerry Cry
calls. These m
nd return cod
ndary
Figure 3: Cry
ule Versions 2
served.
produced and di
cations
Module provid
ame binary is
ackBerry Cryp
yptographic Ja
method calls
des provide th
yptographic m
2.8, 2.8.7 and
www.blackb
stributed whole a
des services
used for all id
ptographic Ja
ava Module is
provide the in
he control inpu
module softw
d 2.8.8
berry.com
and intact includ
to the Java c
dentified com
ava Module w
s through App
nterface to the
ut and status
ware block di
ing this Copyrigh
computer lang
mputer hardwa
will absorb the
plication Prog
e cryptograph
output (see F
iagram
Version
Page 11 o
Product Security
ht Notice
guage users in
are and OS
differences o
grammer’s
hic services, f
Figure 3).
n: 1.8
of 31
y
n the
of
for
BlackBerry
© 2016
2 Cryp
The crypto
and the mo
module po
Table 2. Im
FIPS 140
Data Inpu
Data Outp
Control In
Status Ou
Power Inp
Maintena
y Cryptograph
BlackBerry Limit
This document
ptograp
ographic modu
odule interfac
rts and interfa
plementation
0-2 interface
ut
put
nput
utput
put
nce
hic Java Modu
ted. All rights res
may be freely re
phic mo
ule ports corre
ces correspon
aces.
n of FIPS 140-
Module
API
API
API
Return C
Initializa
Not sup
ule Versions 2
served.
produced and di
dule po
espond to the
nd to the mod
-2 interfaces
e ports
Code
ation Function
ported
2.8, 2.8.7 and
www.blackb
stributed whole a
orts and
e physical por
ule’s logical in
n
d 2.8.8
berry.com
and intact includ
d interfa
rts of the GPC
nterfaces. Th
M
E
E
K
D
T
p
N
ing this Copyrigh
aces
C that is exec
he following ta
Module interf
Ethernet Port
Ethernet Port
Keyboard and
Display
The Power Su
power interfac
Not supported
Version
Page 12 o
Product Security
ht Notice
cuting the mod
able describes
faces
d Mouse
upply is the
ce.
d
n: 1.8
of 31
y
dule,
s the
BlackBerry
© 2016
3 Role
3.1
The modul
The modul
operator, th
Table 3. Ro
Service
Initializat
Initializati
Deinitializ
Self-tests
Show sta
Symmetr
Key gene
Encrypt
Decrypt
Key zeroi
Hash Alg
Hashing
Message
Random
Instantiat
Request
CSP/key
Digital Si
Key pair g
y Cryptograph
BlackBerry Limit
This document
es, serv
Roles an
e supports U
e does not su
hus it always
oles and serv
tion, etc.
on
zation
s
tus
ric Ciphers (A
eration (Triple
zation
gorithms and
authenticatio
Number Gen
ion
zeroization
ignature (DS
generation
hic Java Modu
ted. All rights res
may be freely re
vices, a
nd servic
ser and Cryp
upport multipl
operates in a
ices
AES and TRI
-DES only)
d Message A
on
neration (pR
SA, ECDSA, R
ule Versions 2
served.
produced and di
nd auth
ces
to Officer role
e or concurre
a single-user
IPLE-DES)
uthentication
NG)
RSA)
2.8, 2.8.7 and
www.blackb
stributed whole a
henticat
es. The modu
ent operators
mode.
Cryp
n (SHA, HMA
d 2.8.8
berry.com
and intact includ
tion
ule does not s
and is intend
pto Officer








AC)






ing this Copyrigh
support a mai
ded for use by
User
Version
Page 13 o
Product Security
ht Notice
ntenance role
y a single
r














n: 1.8
of 31
y
e.
BlackBerry
© 2016
Service
Sign
Verify
Key Zero
Key Agre
Key pair g
Shared se
Key Zero
KeyWrap
Key pair g
Wrap
Unwrap
Key Zero
To operate
that have b
themselves
3.2
The BlackB
set of crypt
Table 4. Su
Type
Block Cip
y Cryptograph
BlackBerry Limit
This document
ization
eement (Diffi
generation
ecret generat
ization
pping (RSA)
generation
ization
e the module s
been FIPS 14
s to calling FI
Security
Berry Cryptog
tographic algo
upported cryp
Algor
phers DES (
TRIPL
[SP80
DESX
AES (
CTR,
hic Java Modu
ted. All rights res
may be freely re
e-Hellman, E
tion
securely, the
40-2 Approved
PS Approved
y function
graphic Java M
orithms suppo
ptographic alg
rithm
(ECB, CBC, C
LE-DES (TEC
00-67]
X (ECB, CBC
(ECB, CBC, C
CCM, CMAC
ule Versions 2
served.
produced and di
Elliptic Curve
Crypto Office
d. Thus, in the
d algorithms, a
n
Module suppo
orted by the B
gorithms
CFB64, OFB6
CB, TCBC, TC
, CFB64, OFB
CFB128, OFB
C, GCM) [FIPS
2.8, 2.8.7 and
www.blackb
stributed whole a
Cryp
e Diffie-Hellm
er and User a
e Approved m
as shown in T
orts many cry
BlackBerry Cr
64)
CFB64, TOFB
B64)
B128,
S 197]
d 2.8.8
berry.com
and intact includ
pto Officer



man, ECMQV







are responsibl
mode of opera
Table 4.
yptographic a
ryptographic
FIPS
app
allo
B)
ing this Copyrigh
User
V)
le for confinin
ation, all roles
lgorithms. Ta
Java Module
S
proved or
owed



Version
Page 14 o
Product Security
ht Notice
r










ng those meth
s shall confine
able 4 shows t
.
Certificate
number
# 964, # 19
# 1411, # 3
n: 1.8
of 31
y
hods
e
the
954
3465
BlackBerry
© 2016
Type
Stream
Cipher
Hash
Functions
Message
Authentic
pRNG
Digital
Signature
y Cryptograph
BlackBerry Limit
This document
Algor
ARC2
ARC4
s
SHA-
SHA-
SHA-
SHA-
SHA-
MD5
MD4
MD2
cation
HMAC
HMAC
HMAC
HMAC
HMAC
HMAC
ANSI
DRBG
NDRB
e
DSA
ECDS
RSA
RSA
hic Java Modu
ted. All rights res
may be freely re
rithm
2 (ECB, CBC,
4
1 [FIPS 180-4
224 [FIPS 18
256 [FIPS 18
384 [FIPS 18
512 [FIPS 18
[RFC 1321]
[RFC 1115]
C-SHA-1 [FIP
C-SHA-224 [F
C-SHA-256 [F
C-SHA-384 [F
C-SHA-512 [F
C-MD5 [RFC
X9.62 RNG [
G [NIST SP 8
BG (Generate
[FIPS 186-4]
SA [FIPS 186
PKCS1 v1.5 S
PSS [PKCS #
ule Versions 2
served.
produced and di
, CFB64, OFB
4]
80-4]
80-4]
80-4]
80-4]
PS 198-1]
FIPS 198-1]
FIPS 198-1]
FIPS 198-1]
FIPS 198-1]
2104]
[ANSI X9.62]
00-90A Rev.
eSeed())
-4]
Signature[PK
#1 v2.1]
2.8, 2.8.7 and
www.blackb
stributed whole a
B64) [RFC 22
1]
KCS #1 v2.1]
d 2.8.8
berry.com
and intact includ
FIPS
app
allo
268]
ing this Copyrigh
S
proved or
owed

















Version
Page 15 o
Product Security
ht Notice
Certificate
number
# 1281, # 2
# 1281, # 2
# 1281, # 2
# 1281, # 2
# 1281, # 2
# 832, # 22
# 832, # 22
# 832, # 22
# 832, # 22
# 832, # 22
# 52, # 85
# 455, # 9
# 179, # 7
# 687, # 17
# 687, # 17
n: 1.8
of 31
y
2860
2860
2860
2860
2860
210
210
210
210
210
52
978
702
776
776
BlackBerry
© 2016
Type
Key
Agreeme
Key Wrap
The DES,
and HMAC
strength <
FIPS Appro
performed
Note: 2-Ke
considered
for addition
Table 5 su
Table 5. Ke
Algorithm
AES
TRIPLE-D
HMAC
pRNG (D
DSA
ECDSA
RSA
y Cryptograph
BlackBerry Limit
This document
Algor
ECQV
nt
Diffie-
Ellipti
ECMQ
pping RSA
RSA O
ECIES
DESX, AES C
C-MD5, ECQV
112 bits are s
oved mode o
in order to re
ey Triple-DES
d a non FIPS
nal details on
mmarizes the
ey and CSP, k
m Ke
Key
DES Key
Key
RBG) see
Key
Key
Key
hic Java Modu
ted. All rights res
may be freely re
rithm
V
-Hellman [NIS
c Curve Diffie
QV [NIST SP
PKCS1 v1.5
OAEP [NIST
S [ANSI X9.6
CCM* (CCM s
V, ECIES, RS
supported as
f operation th
emain FIPS co
S decryption is
Approved alg
algorithm tra
e keys and CS
key size, secu
y and CSP
y
y
y
ed
y pair
y pair
y pair
ule Versions 2
served.
produced and di
ST SP 800-56
e-Hellman [NI
800-56A]
Encryption [P
SP 800-56B]
63]
star) mode, p
SA PKCS #1 v
non FIPS Ap
hese algorithm
ompliant
s permitted fo
gorithm as of
nsitions.
SPs used in t
urity strength
Key si
128 to
192 bit
160 to
160-51
2048 to
bits
224 to
2048 to
bits
2.8, 2.8.7 and
www.blackb
stributed whole a
6A]
IST SP 800-5
PKCS #1 v2.1
pRNG (ANSI X
v1.5 Encryptio
pproved algor
ms must not b
or legacy purp
January 1st
, 2
he FIPS mod
h, and access
ize
s
256 bits
ts
512 bits
12 bits
o 15360
521 bits
o 15360
d 2.8.8
berry.com
and intact includ
FIPS
app
allo
56A]
]
X9.62), ARC2
on algorithm,
rithms. In orde
be used. GCM
poses. 2-Key
2016. Please
de.
s
Security
strength
128 to 256 bi
112 bits
160-512 bits
160-256 bits
112 to 256 bi
112 to 256 bi
112 to 256 bi
ing this Copyrigh
S
proved or
owed





2, ARC4, MD5
and Diffie-He
er to operate
M encryption
Triple-DES e
consult NIST
Acce
its Use
Creat
Use
Use
its Creat
its Creat
its Creat
Version
Page 16 o
Product Security
ht Notice
Certificate
number
# 8, # 6
# 8, # 62
# 8, # 62
5, MD4, MD2
ellman with
the module in
should not be
encryption is
T SP 800-131
ss
te, Read, Use
te, Read, Use
te, Read, Use
te, Read, Use
n: 1.8
of 31
y
1
2
2
2,
n a
e
A
e
e
e
e
BlackBerry
© 2016
Algorithm
DH
ECDH
ECMQV
RSA key
wrapping
Note:
 D
b
 E
2
 E
e
 R
e
 D
E
 D
Ja
 H
 In
5
 T
se
E
3.3
The BlackB
implicitly se
y Cryptograph
BlackBerry Limit
This document
m Ke
Sta
key
Sta
key
Sta
key
Key
Diffie-Hellman
its of encrypt
EC Diffie-Hellm
56 bits of enc
ECMQV (key a
ncryption stre
RSA (key wra
ncryption stre
Digital signatu
ECDSA) is dis
Digital signatu
anuary 1st, 2
HMAC-SHA-1
n FIPS appro
71, B-233, B-
The BlackBerr
ecp160r1, se
ECDSA, ECDH
Operator
Berry Cryptog
elects the Cry
hic Java Modu
ted. All rights res
may be freely re
y and CSP
atic/ephemera
y pair
atic/ephemera
y pair
atic/ephemera
y pair
y pair
(key agreem
ion strength;
man (key agr
cryption stren
agreement; k
ength; non-co
apping; key e
ength; non-co
ure generatio
allowed begin
re generation
014.
shall have a
oved mode on
-283, B-409 a
ry Cryptograp
ect239k1 and
H, ECMQV an
r authent
graphic Java M
ypto Officer a
ule Versions 2
served.
produced and di
Key si
al 2048 to
bits
al 224 to
al 224 to
2048 to
bits
ment; key esta
non-complian
reement; key
gth; non-com
key establishm
ompliant less t
establishmen
ompliant less t
n that provid
nning January
n using SHA-1
key size of at
nly the curves
and B-571 can
phic Java Mo
d wTLS5 that
nd ECIES alg
tication
Module does
nd User roles
2.8, 2.8.7 and
www.blackb
stributed whole a
ize
s
o 15360
521 bits
521 bits
o 15360
ablishment m
nt less than 1
establishmen
mpliant less tha
ment methodo
than 112-bits
t methodolog
than 112-bits
des less than
y 1st, 2014.
1 as its under
t least 112 bit
s P-224, P-25
n be used.
odule support
t are not FIP
gorithms, but
not deploy an
s.
d 2.8.8
berry.com
and intact includ
Security
strength
112 to 256 bi
112 to 256 bi
112 to 256 bi
112 to 256 bi
methodology p
12-bits of enc
nt methodolo
an 112-bits o
ology provide
of encryption
gy provides b
of encryption
n 112 bits of
rlying hash fu
ts.
56, P-384, P-
ts the elliptic
PS approved
not in FIPS a
n authenticat
ing this Copyrigh
Acce
its Creat
its Creat
its Creat
its Creat
provides betw
cryption stren
ogy provides
of encryption s
es between 11
n strength).
between 112
n strength).
security (usi
unction is disa
-521, K-233,
c curves K-16
. They can b
approved mod
ion mechanis
Version
Page 17 o
Product Security
ht Notice
ss
te, Read, Use
te, Read, Use
te, Read, Use
te, Read, Use
ween 112 and
ngth).
between 112
strength).
12 and 256 b
2 and 256 bi
ing RSA, DS
allowed begin
K-283, K-409
63, B-163, P-
be used with
de.
sm. The opera
n: 1.8
of 31
y
e
e
e
e
d 256
2 and
its of
ts of
SA or
nning
9, K-
-192,
h the
ator
BlackBerry
© 2016
4 Fini
The Finite
 In
 In
 S
 Id
 C
 E
The followi
Whe
1.
Whe
2.
trans
auto
outp
ente
need
From
3.
to th
Whe
4.
If the
5.
to th
Whe
6.
mod
disa
Whe
7.
state
y Cryptograph
BlackBerry Limit
This document
te State
State Model c
nstalled/Unini
nitialized
Self-Test
dle
Crypto Officer/
Error
ing list provid
en the Crypto
en the initializ
sitions to the
omatically run
put interface is
ers the Error s
d to reinstall t
m the Idle sta
he Crypto Offi
en the API fun
e conditional
he Error state
en the on-dem
dule enters the
abled.
en the de-initi
e.
hic Java Modu
ted. All rights res
may be freely re
e Model
contains the f
tialized
/User
es the import
Officer instal
zation comma
Initialized sta
s the power-u
s prohibited. O
state and the
the module to
te, which is e
cer/User stat
nction has co
test (continuo
and the mod
mand self-test
e Idle state; o
alization com
ule Versions 2
served.
produced and di
l
following state
tant features o
lls the module
and is applied
ate. Then, the
up tests. Whil
On success, t
module is dis
o attempt corr
entered only if
e when an AP
mpleted succ
ous RNG test
ule is disable
t is executed,
on failure, the
mmand is exec
2.8, 2.8.7 and
www.blackb
stributed whole a
es:
of the state tr
e, the module
to the modul
e module trans
le in the Self-
the module e
sabled. From
rection.
f the self-test
PI function is
cessfully, the s
t or Pair-wise
ed.
the module e
module ente
cuted, the mo
d 2.8.8
berry.com
and intact includ
ransitions:
e is in the Inst
e, the module
sitions to the
Test state, al
nters the Idle
the Error stat
has succeed
called.
state transitio
consistency T
enters the Se
ers the Error s
odule returns
ing this Copyrigh
talled/Uninitia
e is loaded in
Self-Test sta
l data output
e state; on fail
te, the Crypto
ed, the modu
ons back to th
Test) fails, th
elf-Test state.
state and the
to the Installe
Version
Page 18 o
Product Security
ht Notice
alized state.
to memory an
te and
through the d
lure, the mod
o Officer migh
ule can transit
he Idle state.
e state transi
On success,
module is
ed/Uninitialize
n: 1.8
of 31
y
nd
data
ule
ht
tion
tions
the
ed
BlackBerry
© 2016
5 Phy
The BlackB
circuits and
y Cryptograph
BlackBerry Limit
This document
ysical se
Berry device t
d meets the F
hic Java Modu
ted. All rights res
may be freely re
ecurity
that executes
FIPS 140-2 Le
ule Versions 2
served.
produced and di
s this module
evel 1 physica
2.8, 2.8.7 and
www.blackb
stributed whole a
is manufactu
al security req
d 2.8.8
berry.com
and intact includ
red using ind
quirements.
ing this Copyrigh
ustry standar
Version
Page 19 o
Product Security
ht Notice
rd integrated
n: 1.8
of 31
y
BlackBerry
© 2016
6 Ope
The BlackB
user applic
Note: Mod
environme
y Cryptograph
BlackBerry Limit
This document
erationa
Berry Cryptog
cation runs in
ern operating
nts.
hic Java Modu
ted. All rights res
may be freely re
al enviro
graphic Java M
a virtually se
g systems, suc
ule Versions 2
served.
produced and di
onment
Module runs o
parated, inde
ch as Unix, L
2.8, 2.8.7 and
www.blackb
stributed whole a
on a single-us
ependent spac
inux, and Win
d 2.8.8
berry.com
and intact includ
ser operation
ce.
ndows provid
ing this Copyrigh
nal environme
e such opera
Version
Page 20 o
Product Security
ht Notice
ent where eac
ational
n: 1.8
of 31
y
ch
BlackBerry
© 2016
7 Cryp
The BlackB
Level 1 key
appropriate
responsible
7.1
The BlackB
underlying
The modul
generation
the Approv
plaintext.
7.2
The BlackB
establishm
• Diffie
from
bits
• EC D
impl
256
bits
• RSA
1536
used
It is the
techniq
7.3
Secret (sec
encrypted
7.4
The BlackB
provide key
y Cryptograph
BlackBerry Limit
This document
ptograp
Berry Cryptog
y manageme
e care to build
e for selecting
Key gene
Berry Cryptog
random num
e also suppo
. No keys ge
ved mode. An
Key esta
Berry Cryptog
ment technique
e Hellman (D
m 512 bits to 1
and above m
Diffie-Hellman
ementations
bits of securi
of security in
A OAEP: The
60 bits that pr
d to provide m
responsibility
ues are appli
Key entr
curity sensitiv
form using a
Key stor
Berry Cryptog
y storage.
hic Java Modu
ted. All rights res
may be freely re
phic key
graphic Java M
nt. The user w
d up a system
g FIPS 140-2
eration
graphic Java M
mber generatio
rts Dual_EC
enerated using
ny random ou
ablishme
graphic Java M
es [5]:
H): The DH k
15360 bits tha
must be used t
n (ECDH) & E
support ellipt
ty strength, w
the FIPS mo
RSA OAEP k
rovides betwe
minimum of 11
y of the calling
ed to the app
ry and ou
ve) keys must
FIPS Approv
rage
graphic Java M
ule Versions 2
served.
produced and di
y manag
Module provid
will select FIP
m that complie
validated alg
Module provid
on uses a FIP
DRBG; howe
g this version
utput in Appro
ent
Module provid
key agreemen
at provides be
to provide a m
ECMQV : The
ic curve sizes
where 224 bits
ode.
key wrapping
een 56 and 25
12 bits of sec
g application
propriate keys
utput
t be imported
ed algorithm.
Module is a lo
2.8, 2.8.7 and
www.blackb
stributed whole a
gement
des the unde
PS Approved
es with FIPS
gorithms. For
des FIPS 140
PS Approved
ever, the use o
n of the DRBG
oved mode us
des the follow
nt technique i
etween 56 and
minimum of 11
e ECDH and E
s from 160 bit
s and above m
implementat
56 bits of sec
curity in the FI
to make sure
s.
to and expor
ow-level crypt
d 2.8.8
berry.com
and intact includ
rlying function
algorithms an
140-2. The C
more informa
0-2 compliant
method, DRB
of Dual_EC D
G can be used
sing the DUAL
wing FIPS App
mplementatio
d 256 bits of
12 bits of sec
ECMQV key a
ts to 571 bits
must be used
tion supports
curity, where 2
IPS mode.
e that the app
rted from the
tographic too
ing this Copyrigh
ns to support
nd will handle
Crypto Officer
ation, see Tab
t key generati
BG.
DRBG is non-
d to protect se
L_EC DRBG
proved or Allo
on supports m
security stren
curity in the FI
agreement te
that provide b
d to provide a
modulus size
2048 bits and
propriate key e
cryptographic
lkit; therefore
Version
Page 21 o
Product Security
ht Notice
FIPS 140-2
e keys with
and User are
ble 4.
on. The
-approved for
ensitive data
is equivalent
owed key
modulus sizes
ngth, where 2
IPS mode.
echnique
between 80 a
minimum of
es from 512 b
d above must
establishmen
c boundary in
e, it does not
n: 1.8
of 31
y
e
key
in
to
s
048
and
112
its to
be
t
n
BlackBerry
© 2016
7.5
The BlackB
methods. Z
executes th
y Cryptograph
BlackBerry Limit
This document
Key zero
Berry Cryptog
Zeroization of
he finalizing m
hic Java Modu
ted. All rights res
may be freely re
oization
graphic Java M
f all keys and
methods ever
ule Versions 2
served.
produced and di
Module provid
CSPs are pe
ry time it oper
2.8, 2.8.7 and
www.blackb
stributed whole a
des zeroizabl
erformed in th
rates garbage
d 2.8.8
berry.com
and intact includ
le interfaces w
e finalizing m
e collection.
ing this Copyrigh
which implem
methods of the
Version
Page 22 o
Product Security
ht Notice
ment zeroizatio
e objects; JVM
n: 1.8
of 31
y
on
M
BlackBerry
© 2016
8 Self
8.1
Self-tests a
Table 6. Mo
Test
Known An
Software
DRBG He
8.2
The Crypto
Appendix C
8.3
The contin
requested
constant va
pair is teste
as a Pair-w
key pair is
as a Pair-w
8.4
Self-test fa
can be per
exception t
y Cryptograph
BlackBerry Limit
This document
f-tests
Power-up
are initiated a
odule self-tes
nswer Tests (
integrity test
ealth tests
On-dema
o Officer or Us
C Crypto Offic
Conditio
uous RNG te
random gene
alue. In additi
ed for its corr
wise Consiste
tested of thei
wise Consiste
Failure o
ailure places t
rformed. The
to the caller.
hic Java Modu
ted. All rights res
may be freely re
p tests
automatically b
sts
D
(KATs) KA
H
an
us
Fo
ar
Th
ve
D
in
and self-t
ser can invok
cer and User
onal tests
est is executed
erator for repe
ion, upon eac
rectness by ge
ency Test. Upo
ir correctness
ency Test.
of self-te
he cryptograp
module is dis
ule Versions 2
served.
produced and di
by the module
escription
ATs are perfo
MAC-SHS), H
nd KDF. For D
sed.
or DH, ECDH
re tested usin
he software in
erify the integ
RBG Instantia
stantiate
tests
ke on-demand
Guide in this
s
d on all RNG
etition. This ex
ch generation
enerating a s
on generation
s by checking
ests
phic module i
sabled. Additio
2.8, 2.8.7 and
www.blackb
stributed whole a
e at start-up.
ormed on TRI
HMAC-SHS,
DSA and ECD
H, ECMQV, th
ng DSA and E
ntegrity test d
rity of the mo
ate, DRBG G
d self-tests by
document.
generated da
xamination m
of a DSA, EC
ignature and
n or reception
shared secre
n the Error st
onally, the cry
d 2.8.8
berry.com
and intact includ
The following
IPLE-DES, A
DRBG, RNG
DSA, a Pair-w
he underlying
ECDSA tests.
deploys ECDS
odule.
Generate, DRB
y invoking a fu
ata, examinin
makes sure tha
CDSA, or RSA
verifying the
n of a DH, EC
et matching o
tate, wherein
yptographic m
ing this Copyrigh
g tests are ap
ES, AES GCM
, RSA Signat
wise Consiste
arithmetic im
SA signature
BG Reseed, D
unction, which
ng the first 160
at the RNG is
A key pair, th
signature on
CDH, or ECMQ
of two key agr
no cryptogra
module will th
Version
Page 23 o
Product Security
ht Notice
pplied.
M, SHS (usin
ure Algorithm
ency Test is
mplementation
validation to
DRBG Un-
h is described
0 bits of each
s not stuck at
he generated
a given mess
QV key pair, t
reement partie
phic operatio
row a Java
n: 1.8
of 31
y
ng
m,
ns
d in
h
any
key
sage
the
es
ns
BlackBerry
© 2016
9 Des
9.1
A configura
in docume
(CVS) or S
9.2
Please refe
for the sec
9.3
Detailed de
the testing
testing labo
9.4
The Crypto
ensure the
y Cryptograph
BlackBerry Limit
This document
sign ass
Configur
ation manage
ntation subm
Subversion (S
Delivery
er to Section
ure installatio
Developm
esign informa
laboratory. T
oratory.
Guidanc
o Officer Guid
e security of th
hic Java Modu
ted. All rights res
may be freely re
surance
ration ma
ement system
itted to the te
SVN) to track t
and ope
A.1 of Crypto
on and initializ
ment
ation and proc
The source co
e docum
de and User G
he module.
ule Versions 2
served.
produced and di
anageme
m for the crypto
sting laborato
the configurat
eration
o Officer And
zation of the c
cedures have
ode is fully an
ments
Guide outlines
2.8, 2.8.7 and
www.blackb
stributed whole a
ent
ographic mod
ory. The modu
tions.
User Guide in
cryptographic
been describ
notated with c
s the operatio
d 2.8.8
berry.com
and intact includ
dule is employ
ule uses the C
n Appendix A
c module.
bed in docum
comments, a
ons for the Cry
ing this Copyrigh
yed and has
Concurrent V
A to review the
entation that
nd it was also
ypto Officer a
Version
Page 24 o
Product Security
ht Notice
been describ
Versioning Sys
e steps neces
was submitte
o submitted to
and User to
n: 1.8
of 31
y
ed
stem
ssary
ed to
o the
BlackBerry
© 2016
10 M
The BlackB
 T
 A
10.1
When emp
exponentia
In order to
requires no
Manual v4
Note: Rem
[9].
10.2
The standa
Bleichenba
In order to
attack thre
To mitigate
y Cryptograph
BlackBerry Limit
This document
Mitigatio
Berry Cryptog
Timing attack o
Attack on bias
Timing a
ploying Montg
ation is near t
mitigate this
o inversion to
.2).
mote timing att
Attack o
ards for choos
acher present
mitigate this
shold.
e this attack, N
hic Java Modu
ted. All rights res
may be freely re
on of oth
graphic Java M
on RSA
ed private ke
attack on
gomery compu
he secret mo
attack, the ba
remove (unli
tacks are prac
on biased
sing ephemer
ted the means
attack, this b
NIST publishe
ule Versions 2
served.
produced and di
her atta
Module imple
y of DSA
n RSA
utations, timin
dulus. This at
ases of expon
ke other blind
ctical. For mo
d private
ral values in E
s to exploit th
ias in RNG is
ed Change N
2.8, 2.8.7 and
www.blackb
stributed whole a
acks
ements mitiga
ng effects allo
ttack leaks in
nentiation are
ding methods
ore informatio
key of D
El-Gamal type
hese biases to
s reduced to le
otice 1 of FIP
d 2.8.8
berry.com
and intact includ
ation of the fol
ow an attacke
formation con
e randomized
s, for example
on, see Remo
DSA
e signatures i
o ANSI.
evels that are
PS 186-2.
ing this Copyrigh
llowing attack
er to tell when
ncerning the s
by a novel te
e, see BSAFE
ote Timing Atta
introduce a sl
e far below the
Version
Page 25 o
Product Security
ht Notice
ks:
n the base of
secret modulu
echnique that
E Crypto-C Us
acks are Prac
light bias. Da
e Bleichenba
n: 1.8
of 31
y
us.
ser
ctical
niel
cher
BlackBerry
© 2016
App
Introdu
This appen
Acrony
Acronym
AES
ANSI
ARC
CBC
CCM
CFB
CMAC
CSP
CTR
CVS
DES
DH
DRBG
DSA
EC
ECB
ECC
ECDH
ECDSA
ECIES
ECMQV
y Cryptograph
BlackBerry Limit
This document
endix
uction
ndix lists the a
yms
m
hic Java Modu
ted. All rights res
may be freely re
x A A
acronyms use
Full term
Advanced
American
Alleged Ri
cipher bloc
Counter w
cipher feed
Cipher-bas
critical sec
counter
Concurren
Data Encr
Diffie-Hellm
determinis
Digital Sig
Elliptic Cu
electronic
Elliptic Cu
Elliptic Cu
Elliptic Cu
Elliptic Cu
Elliptic Cu
ule Versions 2
served.
produced and di
crony
ed in this docu
Encryption S
National Stan
ivest’s Cipher
ck chaining
with CBC-MAC
dback
sed MAC
curity parame
nt Versioning
ryption Standa
man
stic random b
nature Algori
rve
codebook
rve Cryptogra
rve Diffie-Hel
rve Digital Sig
rve Integrate
rve Menezes
2.8, 2.8.7 and
www.blackb
stributed whole a
yms
ument.
Standard
ndards Institu
r
C
eter
System
ard
it generator
thm
aphy
lman
gnature Algor
ed Encryption
-Qu-Vanstone
d 2.8.8
berry.com
and intact includ
ute
rithm
Standard
e
ing this Copyrigh
Version
Page 26 o
Product Security
ht Notice
n: 1.8
of 31
y
BlackBerry
© 2016
Acronym
ECNR
ECQV
FIPS
GCM
HMAC
IEEE
KAT
LCD
LED
MD
NIST
OAEP
OFB
PIM
PIN
PKCS
PSS
pRNG
RFC
RNG
RSA
SHA
SHS
SMS
SVN
TRIPLE-D
USB
y Cryptograph
BlackBerry Limit
This document
m
DES
hic Java Modu
ted. All rights res
may be freely re
Full term
Elliptic Cu
Elliptic Cu
Federal In
Galois/Co
Hash-base
Institute of
known ans
liquid crys
light-emitti
Message D
National In
Optimal As
output fee
personal in
personal id
Public-Key
Probabilist
pseudoran
Recursive
random nu
Rivest Sha
Secure Ha
Secure Ha
Short Mes
Subversio
Triple Data
Universal
ule Versions 2
served.
produced and di
rve Nyburg R
rve Qu-Vanst
formation Pro
unter Mode
ed Message A
f Electrical an
swer test
tal display
ing diode
Digest Algorit
nstitute of Sta
symmetric En
dback
nformation m
dentification n
y Cryptograph
tic Signature
ndom number
Flow Classif
umber genera
amir Adleman
ash Algorithm
ash Service
ssage Service
n
a Encryption
Serial Bus
2.8, 2.8.7 and
www.blackb
stributed whole a
Rueppel
tone
ocessing Stan
Authentication
nd Electronics
thm
andards and T
ncryption Pad
anagement
number
hy Standard
Scheme
r generator
ication
ator
n
m
e
Standard
d 2.8.8
berry.com
and intact includ
ndards
n code
s Engineers
Technology
dding
ing this Copyrigh
Version
Page 27 o
Product Security
ht Notice
n: 1.8
of 31
y
BlackBerry
© 2016
App
Introdu
This appen
Referen
NIS
1.
NIS
2.
for F
NIS
3.
for F
NIS
4.
Gen
NIS
5.
Tech
NIS
6.
140-
NIS
7.
Prog
NIS
8.
200
Dav
9.
http:
y Cryptograph
BlackBerry Limit
This document
endix
uction
ndix lists the r
nces
T Security Re
T Security Re
FIPS PUB 140
T Security Re
FIPS PUB 140
T Security Re
nerators for FI
T Security Re
hniques for F
T Security Re
-2, Draft, Jan
T Implementa
gram, July 15
T Frequently
7.
id Brumley, D
://crypto.stanf
hic Java Modu
ted. All rights res
may be freely re
x B R
references tha
equirements F
equirements F
0-2, Draft, Jul
equirements F
0-2, Draft, Au
equirements F
IPS PUB 140
equirements F
FIPS PUB 140
equirements F
uary 4, 2011.
ation Guidanc
5, 2011.
Asked Quest
Dan Boneh, “R
ford.edu/~dab
ule Versions 2
served.
produced and di
efere
at were used
For Cryptogra
For Cryptogra
ly 26, 2011
For Cryptogra
ugust 12, 201
For Cryptogra
-2, Draft, July
For Cryptogra
0-2, Draft, July
For Cryptogra
ce for FIPS PU
tions for the C
Remote Timin
bo/papers/ssl
2.8, 2.8.7 and
www.blackb
stributed whole a
ences
for this projec
aphic Modules
aphic Modules
aphic Modules
1
aphic Modules
y 26, 2011.
aphic Modules
y 26, 2011.
aphic Modules
UB 140-2 and
Cryptographic
ng Attacks are
-timing.pdf
d 2.8.8
berry.com
and intact includ
s
ct.
s, FIPS PUB
s, Annex A: A
s, Annex B: A
s, Annex C: A
s, Annex D: A
s Derived Tes
d the Cryptog
c Module Valid
e Practical”, S
ing this Copyrigh
140-2, Decem
Approved Sec
Approved Pro
Approved Ran
Approved Key
st Requireme
graphic Modul
dation Progra
Stanford Univ
Version
Page 28 o
Product Security
ht Notice
mber 3, 2002
curity Function
tection Profile
ndom Numbe
y Establishme
ents for FIPS P
le Validation
am, Decembe
versity
n: 1.8
of 31
y
ns
es
er
ent
PUB
er 4,
BlackBerry
© 2016
App
Guid
C.1 In
In order to
must follow
C.1.1 In
The Crypto
the Crypto
Note: Plac
C.1.2 U
Remove th
C.2 Co
C.2.1 In
FIPSMana
This metho
object, and
will be ena
C.2.2 D
FIPSMana
This metho
C.2.3 S
FIPSMana
This metho
is thrown. T
cryptograp
describes h
y Cryptograph
BlackBerry Limit
This document
endix
de
nstallatio
carry out a se
w the procedu
nstalling
o Officer is res
Officer is allo
e the cryptog
Uninstalli
he jar file, Ecc
ommand
nitializat
age.getInstanc
od runs a seri
d the correct o
abled.
Deinitializ
age.getInstanc
od de-initialize
Self-tests
age.getInstanc
od runs a seri
These tests e
phic algorithm
how to recove
hic Java Modu
ted. All rights res
may be freely re
x C C
on
ecure installa
ure described
g the cryp
sponsible for
owed to instal
raphic modul
ing the c
cpressoFIPS.j
s
tion
ce().activateF
es of Self-Te
operation of th
zation
ce().deactivat
es the module
s
ce().runSelfTe
es of Self-Te
examine the in
s. If these tes
er from the di
ule Versions 2
served.
produced and di
rypto
ation of the Bla
in this sectio
ptograph
the installatio
ll the product.
e, Eccpresso
cryptogra
jar, from the c
FIPSMode()
sts on the mo
he cryptograp
teFIPSMode(
e.
ests()
sts, and retur
ntegrity of the
sts fail, the mo
sabled state.
2.8, 2.8.7 and
www.blackb
stributed whole a
o Offi
ackBerry Cry
n.
hic modu
on of the Blac
.
oFIPS.jar in C
aphic mo
computer har
odule. These
phic algorithm
)
rns if the tests
e shared objec
odule will be d
d 2.8.8
berry.com
and intact includ
ce an
yptographic Ja
ule
ckBerry Crypt
LASSPATH o
odule
rdware.
tests examin
ms. If these te
s are success
ct, and the co
disabled. Sec
ing this Copyrigh
nd Us
ava Module, t
tographic Jav
or as in instal
e the integrity
sts are succe
sful, otherwise
orrect operatio
ction C.3 of th
Version
Page 29 o
Product Security
ht Notice
ser
the Crypto Of
a Module. On
led extension
y of the share
essful, the mo
e, and except
on of the
his document
n: 1.8
of 31
y
fficer
nly
n.
ed
odule
tion
BlackBerry
© 2016
C.2.4 S
Status can
FIPSMana
Idle state.
C.3 W
When Blac
Installed st
initializatio
uninstall th
recovery is
immediate
y Cryptograph
BlackBerry Limit
This document
Show Sta
be found by
ager.getInstan
When the
ckBerry Crypt
tate by calling
n method. If t
he module and
s successful.
ly.
hic Java Modu
ted. All rights res
may be freely re
atus
calling FIPSM
nce().requestC
cryptogr
ographic Java
g the deinitiali
the initializatio
d re-install it.
If this recover
ule Versions 2
served.
produced and di
Manager.getIn
CryptoOperat
raphic m
a Module bec
zation metho
on is success
If the module
ry attempt fai
2.8, 2.8.7 and
www.blackb
stributed whole a
nstance().isF
tion(). If both
module is
comes disable
od, and then to
sful, the modu
e is initialized
ls, it indicates
d 2.8.8
berry.com
and intact includ
IPSMode() an
methods retu
disabled
ed, attempt to
o initialize the
ule is recovere
successfully
s a fatal error
ing this Copyrigh
nd
urn true, the m
d
o bring the mo
e module usin
ed. If this atte
by this re-ins
.. Contact Bla
Version
Page 30 o
Product Security
ht Notice
module is in th
odule back to
ng the
empt fails,
stallation, the
ackBerry Sup
n: 1.8
of 31
y
he
o the
port
BlackBerry
© 2016
Docum
Contact
Security C
certificatio
(519) 888
Version
1.0
1.1
1.2
1.3
1.4
1.5
1.6
1.7
1.8
y Cryptograph
BlackBerry Limit
This document
ment an
Certifications
ons@blackbe
8-7465 ext. 72
Date
January 0
June 1, 2
June 14,
May 29, 2
July 29, 2
Novembe
Novembe
Decembe
January 1
hic Java Modu
ted. All rights res
may be freely re
nd conta
Team
erry.com
2921
06, 2012
2012
2012
2015
2015
er 12, 2015
er 25, 2015
er 16, 2015
11, 2016
ule Versions 2
served.
produced and di
act info
Author
Randy Ey
Randy Ey
Randy Ey
Randy Ey
Randy Ey
Randy Ey
Randy Ey
Randy Ey
Randy Ey
2.8, 2.8.7 and
www.blackb
stributed whole a
rmation
Corpora
BlackBe
2200 Un
Waterlo
N2K 0A
www.bla
yamie
yamie
yamie
yamie
yamie
yamie
yamie
yamie
yamie
d 2.8.8
berry.com
and intact includ
n
ate office
erry B
niversity Ave.
oo, ON, Canad
A7
ackberry.com
Reas
Docu
Upda
Adde
Adde
Upda
Upda
Upda
Upda
Upda
800-
ing this Copyrigh
. E
da
m
son for revis
ument creatio
ates based on
ed reference
ed reference
ates based on
ates based on
ates based on
ates based on
ates required
-131A transitio
Version
Page 31 o
Product Security
ht Notice
sion
on
n Lab Comme
to version 2.8
to version 2.8
n Lab Comme
n Lab Comme
n Lab Comme
n Lab Comme
for NIST SP
ons
n: 1.8
of 31
y
ents
8.7
8.8
ents
ents
ents
ents