Copyright Mocana Corporation 2016. May be reproduced only in its original entirety [without revision].
Mocana Cryptographic Suite B
Module
Software Version 5.5f and 5.5.1f
Security Policy
Document Version 3.1
Mocana Corporation
May 2, 2016
Copyright Mocana Corporation 2016. May be reproduced only in its original entirety [without revision].
TABLE OF CONTENTS
1. MODULE OVERVIEW..........................................................................................................................................3
2. SECURITY LEVEL................................................................................................................................................5
3. MODES OF OPERATION.....................................................................................................................................6
APPROVED MODE OF OPERATION ...............................................................................................................................6
NON-FIPS APPROVED ALGORITHMS .........................................................................................................................6
NON-FIPS APPROVED MODE: ....................................................................................................................................8
4. PORTS AND INTERFACES..................................................................................................................................9
5. IDENTIFICATION AND AUTHENTICATION POLICY.................................................................................9
ASSUMPTION OF ROLES..............................................................................................................................................9
6. ACCESS CONTROL POLICY............................................................................................................................10
ROLES AND SERVICES..............................................................................................................................................10
OTHER SERVICES.....................................................................................................................................................11
DEFINITION OF CRITICAL SECURITY PARAMETERS (CSPS)......................................................................................11
DEFINITION OF PUBLIC KEYS: .................................................................................................................................14
DEFINITION OF CSPS MODES OF ACCESS ................................................................................................................15
7. OPERATIONAL ENVIRONMENT....................................................................................................................17
8. SECURITY RULES ..............................................................................................................................................17
9. PHYSICAL SECURITY.......................................................................................................................................19
10. MITIGATION OF OTHER ATTACKS POLICY...........................................................................................19
11. CRYPTOGRAPHIC OFFICER GUIDANCE..................................................................................................19
KEY DESTRUCTION SERVICE ...................................................................................................................................19
12. DEFINITIONS AND ACRONYMS...................................................................................................................19
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 3
1. Module Overview
The Mocana Cryptographic Suite B Module (Software Version 5.5f, 5.5.1f) is a software only,
multi-chip standalone cryptographic module that runs on a general purpose computer. The
primary purpose of this module is to provide FIPS Approved cryptographic routines to
consuming applications via an Application Programming Interface. The physical boundary of
the module is the case of the general purpose computer. The logical boundary of the
cryptographic module is the single shared object (SO).
The cryptographic module runs on the following operating environments:
Table 1 – Operational Environments
SW Version Operating System Platform
5.5f Android 2.2 (single-user mode) LG Optimus 3D
5.5f Android 2.3 (single-user mode) LG G2X
5.5f Android 4.0 (single-user mode) Samsung Nexus-S
5.5f Android 4.1 (single-user mode) LG Optimus 3D
5.5f Ubuntu Linux 32 bit (single-user mode) Dell Dimension 9200
5.5f Ubuntu Linux 64 bit (single-user mode) Dell Dimension 9200
5.5.1f Android 4.3 (single-user mode) Asus TF 700 Tablet
5.5.1f Android 4.4 (single-user mode) Nexus 7 Tablet
5.5.1f VxWorks 6.8 (single-user mode) Avaya ERS 4850
5.5.1f Mentor Embedded Linux 4.0 (single-user mode) Avaya VSP 4450
5.5.1f Honeywell Xenon RTOS (single-user mode) Honeywell 1902 Scanner
5.5.1f Android 6.0 32-bit (single-user mode) Nexus 7 Tablet
5.5.1f Android 6.0 64-bit (single-user mode) Galaxy S6
The cryptographic module is also supported on the following operating environments for which
operational testing was not performed:
- Linux Kernel version 3.4.0
- Linux Kernel version 3.1.10
- Linux Kernel version 3.0.31
- Linux Kernel version 2.6.32
- Linux Kernel version 3.0.27
- Linux Kernel version 2.6.32.45
- Linux Kernel version 2.6.35.7
- Android 4.2
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 4
- Android 5.0
- Mentor Embedded Linux 4.0 running on a Freescale P2020
- Linux Kernel version 3.4.76
Note: the CMVP makes no statement as to the correct operation of the module on the operational
environments for which operational testing was not performed.
Figure 1 – Cryptographic Module Interface Diagram
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 5
Figure 2 – Logical Cryptographic Boundary
2. Security Level
The cryptographic module meets the overall requirements applicable to Security Level 1 of
FIPS 140-2.
Table 2 – Module Security Level Specification
Security Requirements Section Level
Cryptographic Module Specification 1
Module Ports and Interfaces 1
Roles, Services and Authentication 1
Finite State Model 1
Physical Security N/A
Operational Environment 1
Cryptographic Key Management 1
EMI/EMC 1
Self-Tests 1
Design Assurance 1
Mitigation of Other Attacks N/A
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 6
3. Modes of Operation
Approved mode of operation
The module supports multiple Approved modes of operation. During module initialization, a
consuming application can configure the module to utilize all, or any subset of the following
FIPS Approved algorithms:
Table 3 – Algorithms and Software Versions
Algorithms Software
Version 5.5f
Software
Version 5.5.1f
AES (ECB, CBC, OFB, CFB, CTR and GCM modes; E/D;
128, 192 and 256)
Certs. #2039
and #2272
Cert. #2741
AES (CCM, CMAC 128, 192 and 256) Certs. #2039
and #2272
Cert. #2741
AES XTS (128 and 256) Certs. #2039
and #2272
Cert. #2741
Triple-DES (3-key and 2-key1
; TCBC mode; E/D) Cert. #1316 Cert. #1650
HMAC-SHA-1; HMAC-SHA-224; HMAC-SHA-256;
HMAC-SHA-384; HMAC-SHA-512
Cert. #1238 Cert. #1718
SHA-1
SHA-2: SHA-224; SHA-256; SHA-384; SHA-512
Cert. #1785 Cert. #2313
FIPS 186-2 RSA:
- ANSI X9.31 key generation: 2048, 3072, and 4096-bit
- PKCS #1 1.5 and PSS signature generation: 2048, 3072,
and 4096-bit using SHA-2
- PKCS #1 1.5 and PSS signature verification: 1024, 1536,
2048, 3072, and 4096-bit using SHA-1 and SHA-2
Cert. #1059 Cert. #1437
FIPS 186-2 DSA:
- PQG Ver: 1024-bit using SHA-1
- Sig Ver: 1024-bit using SHA-1
Cert. #647 Cert. #840
FIPS 186-2 ECDSA:
Key Gen: CURVES P; 224, 256, 384, 521
Sig Ver: CURVES P; 192, 224, 256, 384, 521 using SHA-1
PKV: CURVES P; 192, 224, 256, 384, 521 using SHA-1
Cert. #298 Cert. #479
AES-CTR based DRBG Cert. #201 Cert. #460
Non-FIPS Approved Algorithms
Within the FIPS Approved mode of operation, the module supports the following allowed
algorithms:
1
Per NIST SP 800-131A: Through December 31, 2015, the use of 2-key Triple DES for encryption is restricted: the
total number of blocks of data encrypted with the same cryptographic key shall not be greater than 220
. After
December 31, 2015, 2-key Triple DES shall not be used for encryption. Decryption using 2-key Triple DES is
allowed for legacy-use.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 7
- Diffie-Hellman ( key agreement; key establishment methodology provides 112 bits of
encryption strength)
- RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of
encryption strength)
- EC Diffie Hellman ( key agreement; key establishment methodology provides between 112
and 256 bits of encryption strength)
- NDRNG – Used to seed the Approved DRBGs
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 8
Non-FIPS Approved mode:
In addition to the above algorithms, the following algorithms are available in the non-FIPS
Approved mode of operation:
- DES, Blowfish, ARC2, ARC4, MD2, MD4, MD5, HMAC-MD5, AES EAX, AES XCBC
- RSA PKCS #1 v2.1 RSAES-OAEP encryption/decryption
- FIPS 186-2 RNG, Dual EC DRBG
The following algorithms are Disallowed as of January 1, 2014 per the NIST SP 800-131A
algorithm transitions:
- FIPS 186-2 RSA (Certs. #1059 and #1437)
 ANSI X9.31 key generation: 1024 and 1536-bit
 PKCS #1 1.5 and PSS signature generation: 1024 and 1536-bit using SHA-1 and
SHA-2; 2048, 3072 and 4096-bit using SHA-1
- FIPS 186-2 DSA using SHA-1 (Certs. #647 and 840)
 PQG generation: 1024-bit
 Key generation: 1024-bit
 Signature generation: 1024-bit
- FIPS 186-2 ECDSA using SHA-1 (Certs. #298 and #479)
 Signature generation: P-192, P-224 P-256, P-384, P521 curves
 Key generation: P-192 curve
- Diffie-Hellman ( key agreement; key establishment methodology provides 80 bits of
encryption strength; non-compliant)
- RSA (key wrapping; key establishment methodology provides less than 112 bits of
encryption strength; non-compliant)
- EC Diffie Hellman ( key agreement; key establishment methodology provides less than 112
bits of encryption strength; non-compliant)
During operation, the module can switch service by service between an Approved mode of
operation and a non-Approved mode of operation. The module will transition to the non-
Approved mode of operation when one of the above non-Approved security functions is utilized
in lieu of an Approved one. The module can transition back to the Approved mode of operation
by utilizing an Approved security function.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 9
4. Ports and Interfaces
The physical ports of the module are provided by the general purpose computer on which the
module is installed. The logical interfaces are defined as the API of the cryptographic module.
The module’s API supports the following logical interfaces: data input, data output, control
input, and status output.
5. Identification and Authentication Policy
Assumption of roles
The Mocana Cryptographic Suite B Module shall support two distinct roles (User and
Cryptographic Officer). The cryptographic module does not provide any identification or
authentication methods of its own. The Cryptographic Officer and the User roles are implicitly
assumed based on the service requested.
Table 4 – Roles and Required Identification and Authentication
Role Type of Authentication Authentication Data
User N/A N/A
Cryptographic Officer N/A N/A
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 10
6. Access Control Policy
Roles and Services
Table 5 – Services Authorized for Use in the Approved modes of operation
Role Authorized Services
User  Self-tests
 Show Status
 Read Version
Cryptographic-Officer  DH Key Generation
 DH Key Exchange
 ECDH Key Exchange
 RSA Key Generation
 RSA Signature Generation
 RSA Signature Verification
 RSA Key Wrapping Encryption
 RSA Key Wrapping Decryption
 DSA Key Generation
 DSA Signature Generation
 DSA Signature Verification
 ECDSA Key Generation
 ECDSA Signature Generation
 ECDSA Signature Verification
 AES Encryption
 AES Decryption
 AES Message Authentication Code
 TDES Encryption
 TDES Decryption
 SHA-1
 SHA-224/256
 SHA-384/512
 HMAC-SHA1 Message Authentication Code
 HMAC-SHA224/256 Message Authentication Code
 HMAC-SHA384/512 Message Authentication Code
 AES-CTR DRBG Random Number Generation
 Key Destruction
Note: The module may be configured to support only a subset of the Approved security
functions listed in Section 3 above. In this case, not all of the services listed in Table 3 would be
available.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 11
Other Services
Table 6 – Services Authorized for Use in the non-Approved mode of operation
Role Authorized Services
User  Self-tests
 Show Status
 Read Version
Cryptographic-Officer  DES Encryption
 DES Decryption
 AES Message Authentication Code
 Blowfish Encryption
 Blowfish Decryption
 ARC2, ARC4 Encryption
 ARC2, ARC4 Decryption
 MD2 Hash
 MD4 Hash
 MD5 Hash
 HMAC-MD5 Message Authentication Code
 AES EAX Encryption
 AES EAX Decryption
 AES XCBC Encryption
 AES XCBC Decryption
 RSA PKCS #1 v2.1 RSAES-OAEP Encryption
 RSA PKCS #1 v2.1 RSAES-OAEP Decryption
 FIPS 186-2 Random Number Generation
 Dual EC DRBG Random Number Generation
The cryptographic module supports the following service that does not require an operator to
assume an authorized role:
 Self-tests: This service executes the suite of self-tests required by FIPS 140-2. It is
invoked by reloading the library into executable memory.
Definition of Critical Security Parameters (CSPs)
The following are CSPs that may be contained in the module:
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 12
Table 7 – CSP Information
Key Description/Usage Generation Storage Entry /
Output
Destruction
DH Private
Components
Used to derive the
secret session key
during DH key
agreement protocol
Internally using
the AES-CTR
DRBG
Temporarily in
volatile RAM
N/A An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
ECDH Private
Components
Used to derive the
secret session key
during ECDH key
agreement protocol
Internally using
the AES-CTR
DRBG
Temporarily in
volatile RAM
N/A An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
Seed and Seed
Keys
Used to seed the
DRBG for key
generation
Internally via
NDRNG or
externally
Temporarily in
volatile RAM
Entry:
Plaintext if
generated
externally
Output:
N/A
Automatically after
use
RSA Private Key Used to create RSA
digital signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Entry:
Plaintext if
generated
externally
Output:
Plaintext
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
RSA Key
Wrapping Private
Key
Used for RSA Key
Wrapping decryption
operation
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Entry:
Plaintext if
generated
externally
Output:
Plaintext
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
DSA Private Key Used to create DSA
digital signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Entry:
Plaintext if
generated
externally
Output:
Plaintext
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
ECDSA Private
Key
Used to create DSA
digital signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Entry:
Plaintext if
generated
externally
Output:
Plaintext
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 13
Key Description/Usage Generation Storage Entry /
Output
Destruction
TDES Key Used during TDES
encryption and
decryption
Externally. Temporarily in
volatile RAM
Entry:
Plaintext
Output:
N/A
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
AES Keys Used during AES
encryption,
decryption, and
CMAC operations
Externally. Temporarily in
volatile RAM
Entry:
Plaintext
Output:
N/A
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
HMAC Keys Used during HMAC-
SHA-1, 224, 256, 384,
512 operations
Externally. Temporarily in
volatile RAM
Entry:
Plaintext
Output:
N/A
An application
program which uses
the API may destroy
the key. The Key
Destruction service
zeroizes this CSP.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 14
Definition of Public Keys:
The following are the public keys contained in the module:
Table 8 – Public Key Information
Key Description/Usage Generation Storage Entry/Output
DH Public
Component
Used to derive the secret
session key during DH key
agreement protocol
Internally using
the AES-CTR
DRBG
Temporarily in
volatile RAM
Entry: Receive Client
Public Component
during DH exchange.
Output: Transmit
Host Public
Component during
DH exchange
ECDH Public
Component
Used to derive the secret
session key during ECDH
key agreement protocol
Internally using
the AES-CTR
DRBG
Temporarily in
volatile RAM
Entry: Receive Client
Public Component
during DH exchange.
Output: Transmit
Host Public
Component during
DH exchange
RSA Public
Keys
Used to verify RSA
signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Input: Plaintext if
generated externally t
Output: Plaintext
RSA Key
Wrapping Public
Keys
Used for RSA Key
Wrapping encryption
operation
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Input: Plaintext if
generated externally
Output: Plaintext
DSA Public
Keys
Used to verify DSA
signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Input: Plaintext if
generated externally
Output: Plaintext
ECDSA Public
Keys
Used to verify ECDSA
signatures
May be
generated
internally using
the AES-CTR
DRBG or
generated
externally
Temporarily in
volatile RAM
Input: Plaintext if
generated externally
Output: Plaintext
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 15
Definition of CSPs Modes of Access
Table 6 defines the relationship between access to CSPs and the different module services.
Table 9 – CSP Access Rights within Roles & Services
Role Service Cryptographic Keys and CSPs Access Operation
C.O. User
X DH Key
Generation
Use DH Parameters
Generate DH Key pair
X DH Key Exchange Use DH Private Component
Generate DH shared secret
X ECDH Key
Exchange
Use ECDH Private Component
Generate ECDH shared secret
X RSA Key
Generation
Generate RSA Public/Private Key pair
X RSA Signature
Generation
Use RSA Private Key
Generate RSA Signature
X RSA Signature
Verification
Use RSA Public Key
Verify RSA Signature
X RSA Key
Wrapping
Encryption
Use RSA Public Key
Performs Key Wrapping Encryption
X RSA Key
Wrapping
Decryption
Use RSA Private Key
Performs Key Wrapping Decryption
X DSA Key
Generation
Generate DSA Key Pair for Signature Generation/Verification
X DSA Signature
Generation
Use DSA Private Key
Generate DSA Signature
X DSA Signature
Verification
Use DSA Public Key
Verify DSA Signature
X ECDSA Key
Generation
Generate ECDSA Key Pair for Signature Generation/Verification
X ECDSA Signature
Generation
Use DSA Private Key
Generate ECDSA Signature
X ECDSA Signature
Verification
Use ECDSA Public Key
Verify ECDSA Signature
X AES Encryption Use AES Key
X AES Decryption Use AES Key
X AES Message
Authentication
Use AES Key
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 16
Role Service Cryptographic Keys and CSPs Access Operation
C.O. User
Code
X TDES Encryption Use TDES Key
X TDES Decryption Use TDES Key
X SHA-1 Generate SHA-1 Output; no CSP access
X SHA-224/256 Generate SHA-224/256 Output; no CSP access
X SHA-384/512 Generate SHA-384/512 Output; no CSP access
X HMAC-SHA-1
Message
Authentication
Code
Use HMAC-SHA-1 Key
Generate HMAC-SHA-1 Output
X HMAC-SHA-
224/256 Message
Authentication
Code
Use HMAC-SHA-224/256 Key
Generate HMAC-SHA-224/256 Output
X HMAC-SHA-
384/512 Message
Authentication
Code
Use HMAC-SHA-384/512 Key
Generate HMAC-SHA-384/512 Output
X AES-CTR DRBG
Random Number
Generation
Use Seed Key to generate random number
Destroy Seed Key after use
X Key Destruction Destroy All CSPs
X Show Status N/A
X Self-Tests N/A
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 17
7. Operational Environment
The FIPS 140-2 Area 6 Operational Environment requirements are applicable because the
Mocana Cryptographic Suite B Module operates in a modifiable operational environment.
Please refer to Table 1 for a list of environments for which operational testing of the module was
performed.
8. Security Rules
The Mocana Cryptographic Suite B Module design corresponds to the following security rules.
This section documents the security rules enforced by the cryptographic module to implement
the security requirements of this FIPS 140-2 Level 1 module.
1. The cryptographic module shall provide two distinct roles. These are the User role and the
Cryptographic Officer role.
2. The cryptographic module does not provide any operator authentication.
3. The cryptographic module shall encrypt/decrypt message traffic using the Triple-DES or
AES algorithms.
4. The cryptographic module shall perform the following self-tests:
Power-up Self-Tests:
 Cryptographic Algorithm Tests:
- AES-ECB, CBC, OFB. CFB, CCM, CMAC, CTR, GCM, and XTS Known Answer
Test
- Triple-DES Known Answer Test
- HMAC-SHA-1 Known Answer Test
- HMAC-SHA-224 Known Answer Test
- HMAC-SHA-256 Known Answer Test
- HMAC-SHA-384 Known Answer Test
- HMAC-SHA-512 Known Answer Test
- SHA-1 Known Answer Test
- SHA-224 Known Answer Test
- SHA-256 Known Answer Test
- SHA-384 Known Answer Test
- SHA-512 Known Answer Test
- RSA Encrypt/Decrypt Known Answer Test
- RSA Sign/Verify Known Answer Test
- DSA Pairwise Consistency Test
- ECDSA Pairwise Consistency Test
- ECDH Pairwise Consistency Test
- DH Pairwise Consistency Test
- AES-CTR DRBG Known Answer Test
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 18
 Software Integrity Test: HMAC-SHA-1
 Critical Functions Tests: N/A
Conditional Tests:
 DSA Pairwise Consistency Test
 RSA Pairwise Consistency Test
 ECDSA Pairwise Consistency Test
 FIPS 186-2 RNG Continuous Test
 AES-CTR DRBG Continuous Test
 Dual EC DRBG Continuous Test
 NDRNG Continuous Test
The module can be configured to utilize all or only a subset of the Approved security functions
listed in Section 3 above. Only the self-tests of the algorithms that are to be utilized will be run
at power up. Upon re-configuration from one Approved mode of operation to another, the
module will reinitialize and perform all power-up self-tests associated with the new Approved
mode of operation.
5. At any time, the operator shall be capable of commanding the module to perform the power-
up self-tests by reloading the cryptographic module into memory.
6. The cryptographic module is available to perform services only after successfully completing
the power-up self-tests.
7. Data output shall be inhibited during key generation, self-tests, zeroization, and error states.
8. Status information shall not contain CSPs or sensitive data that if misused could lead to a
compromise of the module.
9. In the event of a self-test failure, the module will enter an error state and a specific error code
will be returned indicating which self-test or conditional test has failed. The module will not
provide any cryptographic services while in this state.
10. The module shall not support concurrent operators.
11. DES, Blowfish, ARC2, ARC4, MD2, MD4, MD5, HMAC-MD5, AES EAX, AES XCBC,
FIPS 186-2 RNG, Dual EC DRBG, and RSA PKCS #1 v2.1 RSAES-OAEP
encryption/decryption are not allowed for use in the FIPS Approved mode of operation.
When these algorithms are used, the module is no longer operating in the FIPS Approved
mode of operation. It is the responsibility of the consuming application to zeroize all keys
and CSPs prior to and after utilizing these non-Approved algorithms. CSPs shall not be
shared between the Approved and non-Approved modes of operation.
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 19
9. Physical Security
The FIPS 140-2 Area 5 Physical Security requirements are not applicable because the Mocana
Cryptographic Suite B Module is software only.
10. Mitigation of Other Attacks Policy
The module has not been designed to mitigate any specific attacks outside the scope of FIPS
140-2 requirements.
11. Cryptographic Officer Guidance
The operating system running the Mocana Cryptographic Suite B Module must be configured in
a single-user mode of operation.
Key Destruction Service
There is a context structure associated with every cryptographic algorithm available in this
module. Context structures hold sensitive information such as cryptographic keys. These context
structures must be destroyed via respective API calls when the application software no longer
needs to use a specific algorithm any more. This API call will zeroize all sensitive information
including cryptographic keys before freeing the dynamically allocated memory. See the Mocana
Cryptographic API Reference for additional information.
12. Definitions and Acronyms
AES Advanced Encryption Standard
API Application Program Interface
CO Cryptographic Officer
CSP Critical Security Parameter
DES Data Encryption Standard
DH Diffie-Hellman
DRBG Deterministic Random Bit Generator
DSA Digital Signature Algorithm
ECDH Elliptic Curve Diffie-Hellman
ECDSA Elliptic Curve Digital Signature Algorithm
EMC Electromagnetic Compatibility
EMI Electromagnetic Interference
FIPS Federal Information Processing Standard
Mocana Corporation Mocana Cryptographic Suite B Module Security Policy
Page 20
HMAC Keyed-Hash Message Authentication Code
RAM Random Access Memory
RNG Random Number Generator
RSA Rivest, Shamir and Adleman Algorithm
TDES Triple-DES
SHA Secure Hash Algorithm
SO Shared Object