| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 12/1/2029 |
| Caveat | Interim Validation; No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. |
| Vendor | FUJIFILM Business Innovation Corp. |
flowchart LR
%% Deterministic review-risk graph for FUJIFILM BI Cryptographic Kernel Module for WRL
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C6 clue;
class I2,I3,I6 infer;
class R2,R3,R6 risk;
class E2,E3,E6 evidence;flowchart LR
%% Deterministic clue tier for FUJIFILM BI Cryptographic Kernel Module for WRL
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test<br/>Status Output<br/>Show Status</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C6 clueLow;Document Version 1.0.0 FUJIFILM BI Cryptographic Kernel Module for WRL Software version: 1.2.L9A57 / 1.1.L6A15
| # | Section | Page |
|---|
| Item | Page |
|---|---|
| Table 1 - Security Levels | 5 |
| Table 2 – Tested Module Identification | 7 |
| Table 3 - Tested Operational Environments | 7 |
| Table 4 - Approved Algorithms | 8 |
| Table 5 – Vendor Affirmed Algorithms | 9 |
| Table 6 – Non-Approved, Allowed Algorithms | 9 |
| Table 7 – Non-Approved, Allowed Algorithms | 9 |
| Table 8 – Non-Approved, Not Allowed Algorithms | 9 |
| Table 9 – Security Function Implementation | 9 |
| Table 10 - Ports and Interfaces | 11 |
| Table 11 - Roles, Service Commands, Input and Output | 12 |
| Table 12 - Roles and Authentication | 12 |
| Table 13 – Approved Service | 13 |
| Table 14 – Non-Approved Services | 14 |
| Table 15 – SSPs | 17 |
| Table 16 - Pre-Operational Self-Tests | 18 |
| Table 17 –Self-Test | 18 |
| Table 18 - Error States | 19 |
| Table 19 – Mitigation of Other Attacks | 21 |
| Table 20 – Definitions and Acronyms | 22 |
2. Cryptographic Module Specification 2.1. Description The FUJIFILM BI Cryptographic Kernel Module for WRL is an object file used to extend the kernel of the WRL. Purpose: The primary purpose of the FUJIFILM BI Cryptographic Kernel Module for WRL is to provide encryption/decryption of data for multifunction devices. Module Type: The module is defined as a software module (refer to ISO/IEC 19790, Section 7.2.2). Embodiment: The module and operating environment (OE) are defined as a multi-chip standalone module. Module Characteristics: The module comprises a single, kernel object file built for WRL6 and WRL9 respectively. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. Cryptographic Boundary: The cryptographic boundary is defined as the FUJIFILM BI Cryptographic Kernel Module for WRL. The boundary encompasses the entire monolithic object file: − wrl6_fips_1403_module.ko on Wind River Linux 6 − wrl9_fips_1403_module.ko on Wind River Linux 9 2.1.1. TOEPP & Cryptographic Boundary The block diagram in Figure 1 depicts the module’s cryptographic boundary and Tested Operational Environment’s Physical Perimeter (TOEPP) and dataflows.
Figure 1 - Cryptographic Boundary 2.2. Tested & Vendor Affirmed Module Version and Identification The FUJIFILM BI Cryptographic Kernel Module for WRL is a software cryptographic module developed to meet the requirements of FIPS 140-3 Security Level 1 (refer to Table 1). The module is built according to its underlying OE (i.e., Wind River Linux 6 or Wind River Linux 9). Table 2
1 Wrl9_fips_1403_module.ko 1.2.L9A57 Wind River Linux 9 on ARM Cortex A57
2 wrl6_fips_1403_module.ko 1.1.L6A15 Wind River Linux 6 on ARM Cortex A15
2.2.1. Tested Operational Environments The module has been tested on the operating environments shown below in Table 3. Table 3 - Tested Operational Environments # Operating System Hardware Platform Processor PAA/Acceleration
1 Wind River Linux 9 FFBI Palacios2 K502 ARM Cortex A57 N/A
2 Wind River Linux 6 FFBI Clipper8 ARM Cortex A15 N/A
N.B. There are no vendor affirmed operating environments.
2.3. Excluded Components The module does not exclude any components from the requirements of FIPS 140-3. 2.4. Modes of Operation The module is designed to continually operate in an approved mode of operation. There are no undefined or ‘non-approved’ modes or services within the module. By default, the approved mode is entered into when successfully powering on the module. If the module does not successfully initialize it transitions to its error state. N.B. The module does not incorporate a degraded mode of operation (refer to ISO/IEC 19790 Section 7.2.4.3). 2.5. Algorithms 2.5.1. Approved Algorithms The FUJIFILM BI Cryptographic Kernel Module for WRL supports the approved cryptographic algorithms shown in Table
2.5.2. Vendor Affirmed Algorithms The module does not implement any Vendor Affirmed algorithms. Table 5
− HMAC per FIPS 198-1 − SHS per FIPS 180-4 2.8. RBG [Random Bit Generator] and Entropy The module does not support a random bit generator (RBG) or an entropy source for the generation of cryptographic keys. 2.9. Key Generation The module does not support the generation of cryptographic keys or key material. 2.10. Key Establishment The module does not support key establishment techniques. 2.11. Industry Protocols The module is not reliant on any specific industry protocols.
3. Cryptographic Module Interfaces 3.1. Ports and Interfaces The physical ports for the module are the same as the multifunction devices on which it is executing. The logical interface is a C-language application program interface (API) through which applications request services. Table 10 summarizes the logical interfaces that the module supports. Table 10 - Ports and Interfaces Physical Port Logical interface Data that Passes over the Port/Interface N/A Control Input Algorithm modes, service opcodes N/A Data Input Plaintext or ciphertext data, cryptographic keys N/A Data Output Plaintext, Ciphertext, Hash Digests, HMAC Values N/A Status Output Module status As a software module, control of the physical ports is outside module scope. However, when the module is performing self-tests, or is in an error state, all output on the data output interface is inhibited. The module is single-threaded and in error scenarios returns only an error value (no data output is returned).
4. Roles, Services, and Authentication 4.1. Authentication Methods The module does not implement any authentication methods. 4.2. Roles The module supports two distinct operator roles: Crypto-Officer (CO) role and User role. The CO and User roles are implicitly assumed by the entity accessing the services implemented by the module. Only one role can be active at a time and the module does not allow concurrent operators. The module does not support a Maintenance role. Table 11 - Roles, Service Commands, Input and Output Role Service Input Output CO Initialization N/A Return code CO/User Zeroization N/A N/A User AES Plaintext, Ciphertext, AES key, Plaintext, Ciphertext, Return IV, Counter, Key Length code User SHS Plaintext Hash value, Return code User HMAC Plaintext, HMAC key, Key Length HMAC value, Return code User Show Status N/A Status User Show Module Info N/A Module name, Module version Table 12 - Roles and Authentication Role Authentication Method Authentication Strength CO N/A N/A User N/A N/A
4.3. Approved Services Table 13 defines the relationship between SSP access modes and module services. The access modes shown in Table 13 are defined as follows: − G: Generate: The module generates or derives the SSP. − R: Read: The SSP is read from the module. − W: Write: The SSP is updated, imported, or written to the module. − E: Execute: The module uses the SSP in performing a cryptographic operation. − Z: Zeroise: The module zeroises the SSP. Table 13
4.4. Non-Approved Services The module does not implement any Non-Approved Services. Table 14
8. Non-invasive Security The module was not designed to mitigate non-invasive attacks. Therefore, this section is not applicable.
9. Sensitive Security Parameters (SSPs) Management 9.1. Storage Areas All SSPs are stored ephemerally in random access memory (RAM). 9.2. SSP Input-Output Methods The module is passed cryptographic keys in plaintext by the calling application. The module does not output any SSPs. 9.3. SSP Zeroization Methods SSPs are not persistently stored. During normal operation, the module explicitly erases copies of SSPs in volatile memory (e.g., RAM) by overwriting with zeros after their use. 9.4. SSPs The following SSPs are included in the FUJIFILM BI Cryptographic Kernel Module for WRL. Keys are not generated, or established, output. Keys are accessed from calling applications’ software within the General-Purpose Computer (GPC) that the module is installed on. Zeroization is performed by the Zeroization service.
Table 15
10. Self-Tests The module performs the self-tests described in Tables 16 & 17 on power-up. All KATs must be completed successfully prior to any use of cryptography by the module. If one of the KATs fails, the module transitions to its error state. 10.1. Pre-Operational Self-Tests The module implements both pre-operational and conditional self-tests. Since the pre-operational self-test for this module comprises the software integrity test utilizing the HMAC-SHA-1 algorithm, the SHA-1 and HMAC-SHA1 KATs for the conditional self-tests are invoked prior to the software integrity test. Table 16 - Pre-Operational Self-Tests Algorithm Implementation Test Test Type Indicator Details Properties Method HMAC-SHA-1 Software 256-bit KAT Software FIPS_STATUS_EINTEGRITY Verifies the HMAC(Integrity Test) Integrity SHA-1 message authentication code for the software binary. 10.2. Conditional Self-Tests The FUJIFILM BI Cryptographic Kernel Module for WRL shall perform the following tests: Table 17 –Self-Test Algorithm Implementation Test Properties Test Method Type Indicator Details AES-ECB Encrypt Software 128-bit KAT CAST FIPS_ALGO_ECB Encrypt KAT AES-ECB Decrypt Software 128-bit KAT CAST FIPS_ALGO_ECB Decrypt KAT AES-CBC Encrypt Software 128-bit KAT CAST FIPS_ALGO_CBC Encrypt KAT AES-CBC Decrypt Software 128-bit KAT CAST FIPS_ALGO_CBC Decrypt KAT AES-CTR Encrypt Software 128-bit KAT CAST FIPS_ALGO_CTR Encrypt KAT AES-CTR Decrypt Software 128-bit KAT CAST FIPS_ALGO_CTR Decrypt KAT AES-XTS Encrypt Software 128-bit KAT CAST FIPS_ALGO_XTS Encrypt KAT AES-XTS Decrypt Software 128-bit KAT CAST FIPS_ALGO_XTS Decrypt KAT HMAC-SHA-1 Software 256-bit KAT CAST FIPS_ALGO_HMAC HMAC Generate KAT HMAC-SHA-224 Software 256-bit KAT CAST FIPS_ALGO_HMAC HMAC Generate KAT
Algorithm Implementation Test Properties Test Method Type Indicator Details HMAC-SHA-256 Software 256-bit KAT CAST FIPS_ALGO_HMAC HMAC Generate KAT HMAC-SHA-384 Software 256-bit KAT CAST FIPS_ALGO_HMAC HMAC Generate KAT HMAC-SHA-512 Software 256-bit KAT CAST FIPS_ALGO_HMAC HMAC Generate KAT SHA-1 Software SHA-1 KAT CAST FIPS_ALGO_SHA1 SHA calculation KAT SHA-224 Software SHA-224 KAT CAST FIPS_ALGO_SHA224 SHA calculation KAT SHA-256 Software SHA-256 KAT CAST FIPS_ALGO_SHA256 SHA calculation KAT SHA-384 Software SHA-384 KAT CAST FIPS_ALGO_SHA384 SHA calculation KAT SHA-512 Software SHA-512 KAT CAST FIPS_ALGO_SHA512 SHA calculation KAT 10.3. Periodic Self-Tests The FUJIFILM BI Cryptographic Kernel Module for WRL performs all self-tests on power-up automatically. The module can be reloaded to perform all the self-tests on demand. 10.4. Error States The module includes a defined error state in which it enters upon the failure of self-tests. Table 18 - Error States State Name Description Conditions Recovery Method Indicator Error State Module’s error state Failure of pre- The module aborts A non-zero value is set operational or service and outputs into the following conditional self- error indicator. parameters and output: tests FIPS_STATUS_EINTEGRITY The module must be FIPS_STATUS_EKAT restarted. 10.5. Operator Initiation of Self-Tests The module allows the operator initiation of self-tests. The module can be reloaded to perform all the self-tests on demand. 11. Life-cycle Assurance 11.1. Installation, Initialization & Startup Procedures This section will describe the configuration management used for the FUJIFILM BI Cryptographic
Kernel Module for WRL. The FUJIFILM BI Cryptographic Kernel Module for WRL is built and installed into the mobile device together with Wind River® Linux operating system by employees of FUJIFILM Business Innovation or subcontractors in a factory. Therefore, the module is delivered to User together with the mobile device and is not done in stand-alone form. 11.2. Administrator Guidance The CO's responsibility for the secure operation of the module is the correct installation of the module into the device. The module shall be installed through the following procedure: i. Reboot target device. ii. Install the module using the ‘insmod’ command. iii. Check the module information is correct and matches the Security Policy. When stopping employing the module, the CO should detach the module. Each buffer where SSPs are stored is zeroized immediately after processing, so CO does not have to perform the zeroization again. 11.3. Non-Administrator Guidance A User is an entity that utilizes the module’s cryptographic services. All the module operations must be performed via the module’s API. The User must pass into the module the necessary SSPs for each security function. The User’s responsibility for the secure operation of the module is to ensure that the module name and version match those indicated in the Security Policy before using the module. 11.4. Design and Rules The following security design and the rules of operation are applicable to the module: − The module shall be installed only on either Wind River Linux 6 with ARM Cortex A15 or Wind River Linux 9 on ARM Cortex A57. − The operator shall verify the correct version of software is installed by using the ‘Show Module Info’ service. − The module shall operate only in an approved mode of operation. − The module shall incorporate only approved algorithms validated under the cryptographic module validation program (CAVP). − The module shall not support concurrent operators. − The module shall not support a bypass mode or bypass capability. − The module shall not support a maintenance mode of operation.
− The module shall not output cryptographic keys or key material. − The module shall not support the generation of cryptographic keys or key material. − The module shall not exclude any components from the requirement of FIPS 140-3 Security Level 1. − The module shall only use AES-XTS for data at rest (i.e. for storage applications). − The module shall not support a self-initiated cryptographic output capability. − No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. 12. Mitigation of Other Attacks The FUJIFILM BI Cryptographic Kernel Module for WRL was not designed to mitigate other attacks outside of the specific scope of FIPS 140-3. Therefore, this section is not applicable. Table 19
13. Definitions and Acronyms Table 20
14. Revision History Date Version Description Nov. 19, 2023 1.0.0 Initial release.