| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 5/29/2029 |
| Entropy | ENT (P) |
| Caveat | When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy |
| Vendor | Marvell Semiconductor, Inc. |
| Hardware versions | HW-1.0 (CNL3510-NFBE-G, CNL3510P-NFBE-G, CNL3530-NFBE-G, CNL3560-NFBE-G, CNL3560P-NFBE-G, CNN3510-NFBE-G, CNN3530-NFBE-G, CNN3560-NFBE-G, CNN3560P-NFBE-G), HW-2.0 (CNL3510-NFBE-2.0-G, CNL3510B-NFBE-2.0-G, CNL3510P-NFBE-2.0-G, CNL3510PB-NFBE-2.0-G, CNL3530-NFBE-2.0-G, CNL3530B-NFBE-2.0-G, CNL3560-NFBE-2.0-G, CNL3560B-NFBE-2.0-G, CNL3560P-NFBE-2.0-G, CNL3560PB-NFBE-2.0-G, CNN3505LP-NFBE-2.0-G, CNN3510-NFBE-2.0-G, CNN3510LP-NFBE-2.0-G, CNN3510LPB-NFBE-2.0-G, CNN3530-NFBE-2.0-G, CNN3560-NFBE-2.0-G, CNN3560P-NFBE-2.0-G), HW-3.0 (CNL3510-NFBE-3.0-G, CNL3510A-NFBE-3.0-G, CNL3510C-NFBE-3.0-G, CNL3510D-NFBE-3.0-G, CNL3510E-NFBE-3.0-G, CNL3510F-NFBE-3.0-G, CNL3510I-NFBE-3.0-G, CNL3510P-NFBE-3.0-G, CNL3530-NFBE-3.0-G, CNL3530A-NFBE-3.0-G, CNL3530B-NFBE-3.0-G, CNL3530C-NFBE-3.0-G, CNL3530D-NFBE-3.0-G, CNL3530E-NFBE-3.0-G, CNL3530F-NFBE-3.0-G, CNL3560-NFBE-3.0-G, CNL3560A-NFBE-3.0-G, CNL3560B-NFBE-3.0-G, CNL3560B-NFBE-3.0-G-FB, CNL3560C-NFBE-3.0-G, CNL3560D-NFBE-3.0-G, CNL3560E-NFBE-3.0-G, CNL3560F-NFBE-3.0-G, CNL3560P-NFBE-3.0-G, CNL3560M-NFBE-3.0-G, CNN3505LP-NFBE-3.0-G, CNN3505LPA-NFBE-3.0-G, CNN3505LPC-NFBE-3.0-G, CNN3505LPD-NFBE-3.0-G, CNN3505LPE-NFBE-3.0-G, CNN3505LPF-NFBE-3.0-G, CNN3510-NFBE-3.0-G, CNN3510A-NFBE-3.0-G, CNN3510C-NFBE-3.0-G, CNN3510D-NFBE-3.0-G, CNN3510E-NFBE-3.0-G, CNN3510F-NFBE-3.0-G, CNN3510LP-NFBE-3.0-G, CNN3510LPA-NFBE-3.0-G, CNN3510LPB-NFBE-3.0-G, CNN3510LPC-NFBE-3.0-G, CNN3510LPD-NFBE-3.0-G, CNN3510LPE-NFBE-3.0-G, CNN3510LPF-NFBE-3.0-G, CNN3530-NFBE-3.0-G, CNN3530A-NFBE-3.0-G, CNN3530C-NFBE-3.0-G, CNN3530D-NFBE-3.0-G, CNN3530E-NFBE-3.0-G, CNN3530F-NFBE-3.0-G, CNN3560-NFBE-3.0-G, CNN3560A-NFBE-3.0-G, CNN3560C-NFBE-3.0-G, CNN3560D-NFBE-3.0-G, CNN3560E-NFBE-3.0-G, CNN3560F-NFBE-3.0-G, CNN3560P-NFBE-3.0-G) |
| Product page | https://www.marvell.com/products/security-solutions/nitrox-iii.html |
|---|---|
| Support page | https://www.marvell.com/support/security-solutions.html closed support |
| Documentation | https://www.marvell.com/support/doc-library.html |
| https://www.marvell.com/support/downloads.html | |
| Assessment | Support page is a contact/lead form; SDK and admin guides sit behind the Customer Portal login. A public document library and driver downloads exist but do not include HSM admin docs. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 3 |
| Software/Firmware Security | 3 |
| Operational Environment | N/A |
| Physical Security | 3 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for NITROXIII CNN35XX-NFBE HSM Family
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>CNN35XX-NFBE-FW-*, CNN35XX-NFBE-FW-*,…</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END<br/>CN_SMAPP_UPDATE_BEGIN</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>PCIe Interface (P1)<br/>USB Port (J2)<br/>Serial Port</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for NITROXIII CNN35XX-NFBE HSM Family
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>CNN35XX-NFBE-FW-*, CNN35XX-NFBE-FW-*,…</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END<br/>CN_SMAPP_UPDATE_BEGIN</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>PCIe Interface (P1)<br/>USB Port (J2)<br/>Serial Port</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;seuthur FIPS 140-3 Level 3 NITROX III CNN35XX-NFBE HSM Family Document number: Document Version: Revision Date: CNN35xx-NFBE-SPD-L3 Version 2.09-0703 03/11/2026 This document may be reproduced only in its original entirety [without revision].
| Revision | Date | Author | Description of Change |
|---|---|---|---|
| 2.08.01 | 04/21/2021 | Girish Kumar Yerra Rajendar Kalwa | FW 2.08 build 09 CMVP Submission. |
| 2.08.02 | 11/11/2021 | Girish Kumar Yerra Rajendar Kalwa | FW 2.08 build 10 CMVP Submission updates. |
| 2.08.03 | 06/02/2022 | Girish Kumar Yerra Rajendar Kalwa | Addressed comments from NIST. Updated FW build with bug fixes to 2.08 build 11. |
| 2.08.04 | 02/10/2023 | Rajendar Kalwa | Addressed comments from NIST. Updated FW build with bug fixes to 2.08 build 12. |
| 2.09.07 | 08/10/2023 | Rajendar Kalwa | Addressed comments from NIST. Updated FW build with changes to address CMVP comments and bug fixes to 2.09 build 07. |
| 2.09.0701 | 12/08/2023 | Rajendar Kalwa Vikash Kumar | Addressed comments from NIST. Updated FW build to exclude Transition algorithms which were allowed as per IG D.G. |
| 2.09.0702 | 05/08/2024 | Rajendar Kalwa Vikash Kumar | Addressed comments from NIST. |
| 2.09.0703 | 03/11/2024 | Vikash Kumar Deepanshu Tyagi | NSRL changes - Added new HW part number, Added new FW version |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Revision History Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Contents 2.5.1 2.5.2 2.10 2.11 2.12 2.13 4.1.1 4.1.2 4.2.1 4.2.2 4.2.3 4.2.4 10.1 11.1 11.2 Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 11.3 11.4 Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy List of Tables Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy List of Figures Marvell Semiconductor, Inc.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 3 |
| 2 | 2 | Cryptographic Module Specification | 3 |
| 3 | 3 | Cryptographic module interfaces | 3 |
| 4 | 4 | Roles, Services and Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 3 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 3 |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive Security parameter management | 3 |
| 10 | 10 | Self-tests | 3 |
| 11 | 11 | Life-cycle assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-3. Table 1
The NITROXIII CNN35XX-NFBE HSM Family module (hereafter referred to as the module or HSM) by Marvell is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload. The module’s functions are accessed over the PCIe interface via opcodes defined by the module. The module is a hardware multi-chip embedded cryptographic module. The module provides cryptographic primitives to accelerate approved and allowed algorithms for TLS 1.0/1.1/1.2 and SSH. The cryptographic functionality includes modular exponentiation, random number generation, and hash processing, along with protocol specific complex instructions to support TLS 1.0/1.1/1.2 security protocols using the embedded NITROXIII chip. The module implements password based single factor perimeter of the PCIe card itself, as depicted in section 2.13. Marvell Semiconductor, Inc.
| Name | Hardware Version | Software Version | Cores Enabled | |||
|---|---|---|---|---|---|---|
| CNL3560P-NFBE-G | CNL3560P-NFBE-G | HW-1.0 | Yes | 64 | 100K | 32 |
| CNL3560-NFBE-G | CNL3560-NFBE-G | HW-1.0 | Yes | 64 | 100K | 32 |
| CNL3530-NFBE-G | CNL3530-NFBE-G | HW-1.0 | Yes | 32 | 25K | 32 |
| CNL3510-NFBE-G | CNL3510-NFBE-G | HW-1.0 | Yes | 24 | 25K | 24 |
| CNL3510P-NFBE-G | CNL3510P-NFBE-G | HW-1.0 | Yes | 32 | 50K | 32 |
| CNL3560P-NFBE-2.0-G | CNL3560P-NFBE-2.0-G | HW-2.0 | Yes | 64 | 100K | 32 |
| CNL3560-NFBE-2.0-G | CNL3560-NFBE-2.0-G | HW-2.0 | Yes | 64 | 100K | 32 |
| CNL3530-NFBE-2.0-G | CNL3530-NFBE-2.0-G | HW-2.0 | Yes | 32 | 25K | 32 |
| CNL3510-NFBE-2.0-G | CNL3510-NFBE-2.0-G | HW-2.0 | Yes | 24 | 25K | 24 |
| CNL3510P-NFBE-2.0-G | CNL3510P-NFBE-2.0-G | HW-2.0 | Yes | 32 | 50K | 32 |
| CNL3560PB-NFBE-2.0-G | CNL3560PB-NFBE-2.0-G | HW-2.0 | Yes | 64 | 100K | 32 |
| CNL3560B-NFBE-2.0-G | CNL3560B-NFBE-2.0-G | HW-2.0 | Yes | 64 | 100K | 32 |
| CNL3530B-NFBE-2.0-G | CNL3530B-NFBE-2.0-G | HW-2.0 | Yes | 32 | 25K | 32 |
| CNL3510B-NFBE-2.0-G | CNL3510B-NFBE-2.0-G | HW-2.0 | Yes | 24 | 25K | 24 |
| CNL3510PB-NFBE-2.0-G | CNL3510PB-NFBE-2.0-G | HW-2.0 | Yes | 32 | 50K | 32 |
| CNL3560P-NFBE-3.0-G | CNL3560P-NFBE-3.0-G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560B-NFBE-3.0-G | CNL3560B-NFBE-3.0-G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560B-NFBE-3.0-G-FB | CNL3560B-NFBE-3.0-G-FB | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560-NFBE-3.0-G | CNL3560-NFBE-3.0-G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560A‐NFBE‐3.0‐G | CNL3560A‐NFBE‐3.0‐G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560C‐NFBE‐3.0‐G | CNL3560C‐NFBE‐3.0‐G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560D‐NFBE‐3.0‐G | CNL3560D‐NFBE‐3.0‐G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560E‐NFBE‐3.0‐G | CNL3560E‐NFBE‐3.0‐G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560F‐NFBE‐3.0‐G | CNL3560F‐NFBE‐3.0‐G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3560M-NFBE-3.0-G | CNL3560M-NFBE-3.0-G | HW-3.0 | Yes | 64 | 100K | 32 |
| CNL3530-NFBE-3.0-G | CNL3530-NFBE-3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530B-NFBE-3.0-G | CNL3530B-NFBE-3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530A‐NFBE‐3.0-G | CNL3530A‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530C‐NFBE‐3.0-G | CNL3530C‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530D‐NFBE‐3.0-G | CNL3530D‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530E‐NFBE‐3.0-G | CNL3530E‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3530F‐NFBE‐3.0-G | CNL3530F‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 25K | 32 |
| CNL3510-NFBE-3.0-G | CNL3510-NFBE-3.0-G | HW-3.0 | Yes | 24 | 25K | 24 |
| CNL3510P-NFBE-3.0-G | CNL3510P-NFBE-3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510A‐NFBE‐3.0-G | CNL3510A‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510C‐NFBE‐3.0-G | CNL3510C‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510D‐NFBE‐3.0-G | CNL3510D‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510E‐NFBE‐3.0-G | CNL3510E‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510F‐NFBE‐3.0-G | CNL3510F‐NFBE‐3.0-G | HW-3.0 | Yes | 32 | 50K | 32 |
| CNL3510I-NFBE-3.0-G | CNL3510I-NFBE-3.0-G | HW-3.0 | Yes | 24 | 25K | 16 |
| CNN3560P-NFBE-G | CNN3560P-NFBE-G | HW-1.0 | No | 64 | 100K | 64 |
| CNN3560-NFBE-G | CNN3560-NFBE-G | HW-1.0 | No | 64 | 100K | 32 |
| CNN3530-NFBE-G | CNN3530-NFBE-G | HW-1.0 | No | 32 | 25K | 32 |
| CNN3510-NFBE-G | CNN3510-NFBE-G | HW-1.0 | No | 24 | 25K | 24 |
| CNN3510LP-NFBE-2.0-G | CNN3510LP-NFBE-2.0-G | HW-2.0 | No | 24 | 25K | 24 |
| CNN3510LPB-NFBE-2.0-G | CNN3510LPB-NFBE-2.0-G | HW-2.0 | No | 24 | 25K | 24 |
| CNN3560P-NFBE-2.0-G | CNN3560P-NFBE-2.0-G | HW-2.0 | No | 64 | 100K | 64 |
| CNN3560-NFBE-2.0-G | CNN3560-NFBE-2.0-G | HW-2.0 | No | 64 | 50K | 32 |
| CNN3530-NFBE-2.0-G | CNN3530-NFBE-2.0-G | HW-2.0 | No | 32 | 25K | 32 |
| CNN3510-NFBE-2.0-G | CNN3510-NFBE-2.0-G | HW-2.0 | No | 24 | 25K | 24 |
| CNN3505LP-NFBE-2.0-G | CNN3505LP-NFBE-2.0-G | HW-2.0 | No | 16 | 10K | 16 |
| CNN3560P-NFBE-3.0-G | CNN3560P-NFBE-3.0-G | HW-3.0 | No | 64 | 100K | 64 |
| CNN3560-NFBE-3.0-G | CNN3560-NFBE-3.0-G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3560A‐NFBE‐3.0‐G | CNN3560A‐NFBE‐3.0‐G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3560C‐NFBE‐3.0‐G | CNN3560C‐NFBE‐3.0‐G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3560D‐NFBE‐3.0‐G | CNN3560D‐NFBE‐3.0‐G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3560E‐NFBE‐3.0‐G | CNN3560E‐NFBE‐3.0‐G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3560F‐NFBE‐3.0‐G | CNN3560F‐NFBE‐3.0‐G | HW-3.0 | No | 64 | 50K | 32 |
| CNN3530-NFBE-3.0-G | CNN3530-NFBE-3.0-G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3530A‐NFBE‐3.0‐G | CNN3530A‐NFBE‐3.0‐G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3530C‐NFBE‐3.0‐G | CNN3530C‐NFBE‐3.0‐G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3530D‐NFBE‐3.0‐G | CNN3530D‐NFBE‐3.0‐G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3530E‐NFBE‐3.0‐G | CNN3530E‐NFBE‐3.0‐G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3530F‐NFBE‐3.0‐G | CNN3530F‐NFBE‐3.0‐G | HW-3.0 | No | 32 | 25K | 32 |
| CNN3510-NFBE-3.0-G | CNN3510-NFBE-3.0-G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510A‐NFBE‐3.0‐G | CNN3510A‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510C‐NFBE‐3.0‐G | CNN3510C‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510D‐NFBE‐3.0‐G | CNN3510D‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510E‐NFBE‐3.0‐G | CNN3510E‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510F‐NFBE‐3.0‐G | CNN3510F‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LP-NFBE-3.0-G | CNN3510LP-NFBE-3.0-G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPB-NFBE-3.0-G | CNN3510LPB-NFBE-3.0-G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPA‐NFBE‐3.0‐G | CNN3510LPA‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPC‐NFBE‐3.0‐G | CNN3510LPC‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPD‐NFBE‐3.0‐G | CNN3510LPD‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPE‐NFBE‐3.0‐G | CNN3510LPE‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3510LPF‐NFBE‐3.0‐G | CNN3510LPF‐NFBE‐3.0‐G | HW-3.0 | No | 24 | 25K | 24 |
| CNN3505LP-NFBE-3.0-G | CNN3505LP-NFBE-3.0-G | HW-3.0 | No | 16 | 10K | 16 |
| CNN3505LPA‐NFBE‐3.0‐G | CNN3505LPA‐NFBE‐3.0‐G | HW-3.0 | No | 16 | 10K | 16 |
| CNN3505LPC‐NFBE‐3.0‐G | CNN3505LPC‐NFBE‐3.0‐G | HW-3.0 | No | 16 | 10K | 16 |
| CNN3505LPD‐NFBE‐3.0‐G | CNN3505LPD‐NFBE‐3.0‐G | HW-3.0 | No | 16 | 10K | 16 |
| CNN3505LPE‐NFBE‐3.0‐G | CNN3505LPE‐NFBE‐3.0‐G | HW-3.0 | No | 16 | 10K | 16 |
| CNN3505LPF‐NFBE‐3.0‐G | CNN3505LPF‐NFBE‐3.0‐G | HW-3.0 | No | 16 | 10K | 16 |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The configuration of hardware and firmware for this validation is: Table 2
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy LP is a low-frequency part, where Nitrox III chip runs at 500MHz; otherwise, it runs at 600MHz. The LiquidSecurity Appliance is a network accessible, remote configurable, multi-tenant server platform to enable private and Hybrid cloud deployments of NITROX III CNN35XX-NFBE HSM. The LiquidSecurity Appliance is outside the module’s cryptographic boundary and therefore out of scope of this validation. CNN35XX-NFBE-G Firmware: CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-NFBE-G Secure Machine: CNN35XX-NFBE-SMW-2.09-0702 CNN35XX-NFBE-G Bootloader: CNN35XX-UBOOT-4.03-03 Note: These binaries do not have extensions. The module is considered to be operating in the approved mode only when it is running the firmware/bootloader versions listed above. Marvell Semiconductor, Inc.
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560P-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510P-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560P-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510-NFBE-G (HW-1.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | No SMBus and no RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560P-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510P-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560PB-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560B-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530B-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510B-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510PB-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LP-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPB-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560P-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LP-NFBE-2.0-G (HW-2.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560P-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560B-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560B-NFBE-3.0-G- FB (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560A‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560C‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560D‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560E‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560F‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3560M-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530B-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530A‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530C‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530D‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530E‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3530F‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510P-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510A‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510C‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510D‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510E‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510F‐NFBE‐3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNL3510I-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560P-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560A‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560C‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560D‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560E‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3560F‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530A‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530C‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530D‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530E‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3530F‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510A‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510C‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510D‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510E‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510F‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LP-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPB-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPA‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPC‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPD‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPE‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3510LPF‐NFBE‐3.0‐G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LP-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LPA-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LPC-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LPD-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LPE-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702 | SMBus and RTC |
| CNN35XX-NFBE | CNN35XX-NFBE | CNN3505LPF-NFBE-3.0-G (HW-3.0) | CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 | SMBus and RTC |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The module supports different performance options as listed above in the hardware identifier. The physical hardware and firmware are identical across all options. The underlying hardware has multiple identical cryptographic engines which are enabled or disabled using an option parameter set at manufacturing time. During Manufacturing, the number of cryptographic cores, Key stores and Partitions are enabled by configuration for different Part number. Please refer to Table 2
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The module supports the following modes of operation:
The indicator of Approved mode is obtained by using the Get Status service. The fipsState field of Get Status service (CN_TOKEN_INFO) indicates the mode. CSPs are not shared between the Approved and non-Approved modes of operation.
The module provides an Approved mode of operation, comprising all services described in Section 2.8 below. In this mode, the module allows only Approved or allowed algorithms. Request for any nonApproved/allowed algorithm is rejected.
The Module supports a Non-Approved mode implementing the non-Approved algorithms listed in Table 7. In this mode, the module also allows Approved or allowed algorithms.
The module is an SR-IOV enabled intelligent PCIe adapter with 1 physical function and 128 virtual functions. In addition to the crypto offloads, this adapter can provide secure key storage with up to 64 partitions, including master partition. Each partition will have its own users to manage the partition and own configuration policies and hence each partition can be treated as a virtual HSM. HSM always has one default partition called HSM Master partition and this contains configuration of the complete HSM and default configuration of any additional partitions that are created. Only one HSM partition can be assigned to one SR-IOV virtual function of HSM adapter and vice-versa. Keys belonging to one partition are not accessible from other partition. This is achieved through a secure binding between partition and the PCIe virtual function. Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
This is the default partition with only one user, called the Master Crypto Officer (MCO). This partition represents the operating state of the whole HSM adapter; i.e., initialization of HSM is nothing but initializing this partition with required configuration and MCO credentials. Zeroizing this partition will erase all HSM partitions in the adapter. The HSM must be initialized and the MCO should already be logged in to create more partitions on the adapter. The MCO can backup and restore complete partition including user data, partition configuration and user keys. All the backup data is encrypted with Backup keys.
Each partition will have a different set of users to manage it and a dedicated key storage and crypto resources associated. A partition will have a default configuration supplied by the master partition and can be changed (within limits) during the partition initialization. When a partition is created by the MCO, it will be in a zeroized state and has to be initialized to do any keystore management or crypto function offloads. Partition initialization will create the Partition Crypto Officer (PCO). The PCO can later create up to 1024 users (PCO or PCU) on demand. Each user will have a unique user name to identify themselves. The User has to login to the partition/vHSM to issue any authorized commands. Users are authenticated using passwords submitted during the user creation.
The End-to-End encryption feature in the module allows an application to initiate an TLS connection with the firmware to ensure the confidentiality of the data communicated over PCIe path. The connection is based on TLS v1.2 with the cipher-suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (known to OpenSSL as AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE_RSA_AES128-GCMSHA256, and ECDHE_RSA_AES256-GCM-SHA384). The module will act as server, and host application will act as client. The server private key will be the partition private key PAK which is generated for each pHSM when the pHSM/partition is created. The server certificate used for the SSL connection is the partition certificate PAC. The complete chain will be validated by the host application (CavClient) before establishing the TLS connection. The End-to-End encryption feature is enabled using the initialization configuration parameters. Once this feature is enabled, all commands except the initialize and open session are encrypted.
This section provides the list of supported cryptographic algorithms segregated based on the operating mode.
The cryptographic module supports the following Approved algorithms. Only the algorithms/modes listed in the table below are used in the module. Note: All symmetric key sizes represent the key strength. Marvell Semiconductor, Inc.
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| AES-CMAC (SP 800-38B) | A1190 | CMAC | AES CMAC for larger payloads Sizes: 128-bit, 192-bit and 256-bit Uses AES-CBC (#C819) as underlying Block cipher | Message authentication code generate/verify. |
| KDF SP 800-108 (KBKDF) | A1191 | KDF SP 800-108 | AES counter KDF 128-bit, 192-bit, and 256- bit Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses AES-CMAC (#A1190) as the underlying PRF | Key derivation |
| KDA HKDF Sp800- 56Cr1 | A1192 | KDA HKDF Sp800-56Cr1 | KDA HKDF Shared Secret length: 224 – 4096, HMAC: SHA2-224, SHA2- 256, SHA2-384, SHA2- 512, Derived Key Length: 2048 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithm | Key derivation and ECDH-AES key wrap |
| KDA OneStep Sp800-56Cr1 | A1192 | KDA OneStep Sp800-56Cr1 | KDA OneStep Auxiliary functions: SHA2-224, SHA2-256, SHA2-384 and SHA2-512, Derived Key Length: 2048 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator | Key derivation and ECDH-AES key wrap |
| KDA TwoStep Sp800-56Cr1 | A1192 | KDA TwoStep Sp800-56Cr1 | KDA TwoStep (HMAC and CMAC) MAC Salting Methods: random, Supported Lengths: 1- 4096, KDF Mode: counter, MAC Modes: CMAC-AES128, CMAC- AES192, CMAC-AES256, HMAC-SHA-1, HMAC- SHA2-224, HMAC-SHA2- 256, HMAC-SHA2-384, HMAC-SHA2-512, Counter Lengths: 8, 16, 24, 32, Derived Key Length: 4096 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithm Uses AES-CBC (#C819) as underlying Block cipher for AES-CMAC | Key derivation and ECDH-AES key wrap |
| KAS-IFC-SSC (SP 800-56Br2) | A1193 | KAS-IFC-SSC | RSA 2048-bit, 3072-bit, 4096-bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively • RSA-based shared secret computation, KAS1 and KAS2 • Uses Counter DRBG (SP 800-90Ar1) (#C821) as | PEK and KLK generation and certificate authentication |
| KTS-IFC (KTS) (SP 800-56Br2) | A1194 | SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G. | 2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strength respectively | Asymmetric key encapsulation and un- encapsulation in hybrid environment |
| KTS-IFC (SP 800- 56Br2) | A1194 | KTS-IFC | RSA key wrap and unwrap of symmetric keys in KTS- OAEP-Basic padding. 2048, 3072, 4096-bit modulus 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively • Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator • Uses HMAC-SHA2-224 (#C822), HMAC-SHA2- 256 (#C822), HMAC- SHA2-384 (#C822) and HMAC-SHA2-512 (#C822) as underlying MAC algorithm • Uses RSA KeyGen (FIPS 186-4) [#C824] as the underlying Key generation algorithm | Asymmetric key encapsulation and un- encapsulation in hybrid environment |
| AES-CMAC (SP 800-38B) | A1195 | AES-CMAC | Key Sizes 128-bit, 192-bit, and 256-bit | Used to compute key checksum value (KCV) |
| PBKDF (SP 800- 132) | A1196 | PBKDF | HMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384 and SHA2-512 Uses HMAC-SHA-1 (#C822 ,HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithm | User credentials storage |
| SHA3-224 (FIPS 202) | A1197 | SHA3-224 | SHA3-224 | Message digests |
| SHA3-256 (FIPS 202) | A1197 | SHA3-256 | SHA3-256 | Message digests |
| SHA3-384 (FIPS 202) | A1197 | SHA3-384 | SHA3-384 | Message digests |
| SHA3-512 (FIPS 202) | A1197 | SHA3-512 | SHA3-512 | Message digests |
| SHAKE-128 (FIPS 202) | A1197 | SHAKE-128 | SHAKE-128 | Message digests |
| SHAKE-256 (FIPS 202) | A1197 | SHAKE-256 | SHAKE-256 | Message digests |
| RSA KeyGen (FIPS 186-4) | A1199 | RSA KeyGen (FIPS 186-4) | Key Generation Mode: B.3.3 Properties: Modulo: 4096 Primality Tests: C.2 Public Exponent Mode: Random Private Key Format: Standard Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator | Key generation |
| RSA SigGen (FIPS 186-4) | A1199 | RSA SigGen (FIPS 186-4) | Signature Type: PKCS 1.5 Modulo: 4096 (SHA2-224 SHA2-256, SHA2-384, SHA2-512) | Sign |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 4
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy B.3.3 Marvell Semiconductor, Inc.
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| RSA SigVer (FIPS 186-4) | A1199 | RSA SigVer (FIPS 186-4) | Signature Type: PKCS 1.5 Modulo: 4096 (SHA2-224 SHA2-256, SHA2-384, SHA2-512) Signature Type: PKCSPSS Modulo: 4096 (SHA2-224 Salt Length: 28, SHA2-256 Salt Length: 32, SHA2-384 Salt Length: 48, SHA2-512 Salt Length: 64) Public Exponent Mode: Random Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm 4096-bit modulus providing 150 bits of encryption strength | Verify |
| RSA Decryption Primitive (CVL) (SP 800-56Br2) | A1200 | RSA decryption primitive | 2048-bit 3072 bit (CAVP testing was not available at the time of module submission) 4096-bit (CAVP testing was not available at the time of module submission) 2048, 3072, and 4096-bit modulus providing 112, | RSA key transport |
| RSA SigVer (FIPS 186-4) | A1201 | RSA SigVer (FIPS 186-4) | RSA PKCS 1.5 2048-bit and SHA2-256 signature verification Uses SHA2-256 (#C820) as underlying digest algorithm 2048-bit modulus providing 112 bits of encryption strength | Firmware integrity verification by bootloader |
| SHA2-256 (FIPS 180-4) | A1202 | SHA2-256 | SHA2-256 | Message Digest for Firmware image integrity verification by bootloader |
| AES-GCM (KTS) (SP 800-38D) | A1203 | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength | Data encryption, decryption, key-wrap, and key-unwrap |
| AES-GCM (SP 800- 38D) | A1203 | AES-GCM | Encrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as the underlying block cipher | Data encryption, decryption |
| KAS-ECC (KAS) Sp800-56Ar3 | A1219 | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-521 curve providing 256 bits of encryption strength | Cloning |
| KAS-ECC Sp800- 56Ar3 | A1219 | KAS-ECC Sp800-56Ar3 | P-521, SHA2-512, and HMAC SHA2-512 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pair P-521 curve providing 256 bits of encryption strength Uses ECDSA KeyVer (FIPS 186-4) (#C825) and ECDSA KeyGen (FIPS 186- 4) (#C825) underlying verification for the key pair | Cloning |
| KAS-ECC-SSC Sp800-56Ar3 | A1220 | KAS-ECC-SSC Sp800-56Ar3 | ECDH: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses ECDSA KeyVer (FIPS 186-4) (#C825) and ECDSA KeyGen (FIPS 186- 4) (#C825 underlying verification for the key pair Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pair Uses SHA2-256 (FIPS 180-4) (#C820), SHA2-384 (FIPS 180-4) (#C820), SHA2-512(FIPS 180-4) (#C820) as the underlying digest algorithm | Shared secret computation |
| KAS-ECC-SSC Sp800-56Ar3 | A2161 | KAS-ECC-SSC Sp800-56Ar3 | ECDH: P-224, P-256, P- 384, P-521 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pair | Shared secret computation |
| TDES-ECB (SP 800- 38A) | C1169 | Triple-DES-ECB | 3-key DES (192 bits) Decrypt • Key size 192 bits • Provides 112-bits of encryption strength * Legacy use only | Used as a pre-requisite for the TKW |
| AES-KW (KTS) (SP 800-38F) | C1263 | SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-CBC (#C819) as underlying Block cipher | Key wrapping/unwrapping |
| AES-KW (SP 800- 38F) | C1263 | AES-KW | KW, 128, 192, and 256-bit Uses AES-CBC (#C819) as underlying Block cipher | Key wrapping/unwrapping |
| AES-KWP (KTS) (SP 800-38F) | C1263 | SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-CBC (#C819) as underlying Block cipher | Key wrapping/unwrapping |
| AES-KWP (SP 800- 38F) | C1263 | AES-KWP | KWP, 128, 192, and 256- bit Uses AES-CBC (#C819) as underlying Block cipher | Key wrapping/unwrapping |
| TDES-KW (SP 800- 38F) | C1263 | Triple-DES-KW | TKW key size 192 bits Uses TDES-ECB (#C1169) as underlying Block cipher * Legacy use only | Key unwrapping |
| Triple-DES-KW (KTS) (SP 800-38F) | C1263 | SP 800-38F. KTS (key unwrapping) per IG D.G. | 192-bit keys providing 112 bits of encryption strength. | Key unwrapping |
| AES-CBC (SP 800- 38A) | C819 | AES-CBC | CBC mode: Encrypt, Decrypt; 128, 192, and 256-bit* *Encrypt only uses 256- bit | Encryption/Decryption |
| AES-ECB (SP 800- 38A) | C819 | AES-ECB | ECB mode: Encrypt, Decrypt; 128, 192, and 256-bit | Encryption/Decryption |
| SHA-1 (FIPS 180-4) | C820 | SHA-1 | SHA-1 | Used in digests, HMAC, signature verification, and KDFs |
| SHA2-224 (FIPS 180-4) | C820 | SHA2-224 | SHA2-224 | Used in digests, HMAC, signature generation/ verification, and KDFs |
| SHA2-256 (FIPS 180-4) | C820 | SHA2-256 | SHA2-256 | Used in digests, HMAC, signature generation/ verification, and KDFs |
| SHA2-384 (FIPS 180-4) | C820 | SHA2-384 | SHA2-384 | Used in digests, HMAC, signature generation/ verification, and KDFs |
| SHA2-512 (FIPS 180-4) | C820 | SHA2-512 | SHA2-512 | Used in digests, HMAC, signature generation/ verification, and KDFs |
| Counter DRBG (SP 800-90Ar1) | C821 | Counter DRBG | AES 256 with df • No prediction resistance • Uses AES-CBC (#C819) as underlying Block cipher | Random number generation for user, internal IVs and salt |
| HMAC-SHA-1 (FIPS 198-1) | C822 | HMAC-SHA-1 | HMAC-SHA-1 Uses SHA-1 (#C820) as underlying digest algorithm Keys size of 160 bits | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-224 (FIPS 198-1) | C822 | HMAC-SHA2-224 | HMAC-SHA2-224 Uses SHA2-224 (#C820) as underlying digest algorithm Key size of 224 bits | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-256 (FIPS 198-1) | C822 | HMAC-SHA2-256 | HMAC-SHA2-256 Uses SHA2-256 (#C820) as underlying digest algorithm Key size of 256 bits | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-384 (FIPS 198-1) | C822 | HMAC-SHA2-384 | HMAC-SHA2-384 Uses SHA2-384 (#C820) as underlying digest algorithm Key size of 384 bits | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-512 (FIPS 198-1) | C822 | HMAC-SHA2-512 | HMAC-SHA2-512 Uses SHA2-512 (#C820) as underlying digest algorithm Key size of 512 bits | MAC generation, verify, KAS and KDF |
| DSA KeyGen (FIPS 186-4) | C823 | DSA KeyGen (FIPS 186-4) | Key Gen: 2048 and 3072- bit Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generation | Key generation |
| DSA PQGGen (FIPS 186-4) | C823 | DSA PQGGen (FIPS 186-4) | PQG Gen: 2048 and 3072- bit Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm Provides the encryption strength of 112 bits and 128 bits for the 2048 bit and 3072 bits key size Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generation | Domain parameter generation |
| DSA PQGVer (FIPS 186-4) | C823 | DSA PQGVer (FIPS 186-4) | PQG Ver: 1024-bit*, 2048 and 3072-bit | Domain parameter verification |
| DSA SigGen (FIPS 186-4) | C823 | DSA SigGen (FIPS 186-4) | Sig Gen: 2048 and 3072- bit (SHA2-224, 256, -384, -512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm Provides the encryption strength of 112 bits and 128 bits for the 2048 bit and 3072 bits key size Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generation | Sign |
| DSA SigVer (FIPS 186-4) | C823 | DSA SigVer (FIPS 186-4) | Sig Ver: 1024*, 2048 and 3072-bit (SHA-1, 224, - 256, -384, -512) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm Provides the encryption strength of 80 bits, 112 bits and 128 bits for the 1024 bits, 2048 bit and 3072 bits key size * Legacy use only | Verify |
| RSA KeyGen (FIPS 186-4) | C824 | RSA KeyGen (FIPS 186-4) | KeyGen: 2048, 3072-bit | Key generation |
| RSA SigGen (FIPS 186-4) | C824 | RSA SigGen (FIPS 186-4) | FIPS 186-4 PKCS #1 1.5 and PSS SigGen: 2048 and 3072-bit (SHA2-224, -256, -384, -512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm 2048 and 3072 modulus providing 112 and 128 bits of encryption strength | Sign |
| RSA SigVer (FIPS 186-4) | C824 | RSA SigVer (FIPS 186-4) | FIPS 186-4 PKCS #1 1.5 and PSS SigVer: 1024, 2048 and 3072-bit (SHA- 1, 224, -256, -384, -512) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm 2048 and 3072 modulus providing 112 and 128 bits of encryption strength | Verify |
| ECDSA KeyGen (FIPS 186-4) | C825 | ECDSA KeyGen (FIPS 186-4) | Key Gen: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator | Key generation |
| ECDSA KeyVer (FIPS 186-4) | C825 | ECDSA KeyVer (FIPS 186-4) | Key Ver; All P, K and B curves | Key verification |
| ECDSA SigGen (FIPS 186-4) | C825 | ECDSA SigGen (FIPS 186-4) | Sig Gen: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 (SHA2-224, -256, -384, - 512) Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectively | Signature generation |
| ECDSA SigGen (FIPS 186-4) (CVL) | C825 | ECDSA SigGen (FIPS 186-4) | Sig Gen Component: P- 224, P-256, P-384, P-521, K-233, K-283, K-409, K- 571, B-233, B-283, B-409, and B-571 (SHA2-224, - 256, -384, -512) Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectively | Signature generation |
| ECDSA SigVer (FIPS 186-4) | C825 | ECDSA SigVer (FIPS 186-4) | SigVer: All P, K and B curves (SHA-1, 224, 256, - 384, -512 ) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm | Signature verification |
| KDF ANS 9.63 (CVL) (SP 800- 135r1) | C825 | KDF ANS 9.63 | (SHA2-224, SHA2-256, SHA2-384, SHA2-512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm | Key derivation and key agreement schemes |
| KDF SP 800-108 (KBKDF) | C826 | KDF SP 800-108 | HMAC-SHA-1, HMAC- SHA2-224, HMAC-SHA 2- 256, HMAC-SHA 2-384, HMAC-SHA 2-512 KDF Uses HMAC-SHA-1 (#C822), HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithm | Key derivation |
| ECDSA SigGen (FIPS 186-4) (CVL) | C829 | ECDSA SigGen (FIPS 186-4) | Sig Gen Component: P- 224, P-256, P-384, P-521 (SHA2-224, -256, -384, - 512) Uses Hash DRBG (SP 800- 90Ar1) (#C830) as underlying Random Generator P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectively | Signature generation |
| ECDSA SigVer (FIPS 186-4) | C829 | ECDSA SigVer (FIPS 186-4) | SigVer: P-192, P-224, P- 256, P-384, P-521 (SHA-1, 224, -256, 384, -512) | Signature verification |
| KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) | C829 | KAS-ECC CDH-Component | P‐224, P‐256, P‐384 and P‐521 P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectively | ECDH key derivation and SSL suite B key exchange |
| Hash DRBG (SP 800-90Ar1) | C830 | Hash DRBG | SHA2-512 based with security strength of 256- bit. No prediction resistance Uses SHA2-512 (# SHS 1780) as underlying digest algorithm | Random number generation for user, internal Ivs and salt |
| AES-CBC (SP 800- 38A) | C839 | AES-CBC | Encrypt/Decrypt; 128, 192 and 256-bit | Data encryption and decryption |
| AES-CCM (SP 800- 38C) | C839 | AES-CCM | Authenticated encryption and decryption; 128-bit, 192-bit, and 256-bit Uses AES-CBC (#C839) as underlying Block cipher | Data encryption and decryption |
| AES-CMAC (SP 800-38B) | C839 | AES-CMAC | MAC generate and verify; 128-bit, 192-bit, and 256- bit Uses AES-CBC (#C839) as underlying Block cipher | Message authentication code generation and verification |
| AES-CTR (SP 800- 38A) | C839 | AES-CTR | Encrypt/Decrypt 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipher | Data encryption and decryption |
| AES-ECB (SP 800- 38A) | C839 | AES-ECB | Encrypt/Decrypt; 128, 192, and 256-bit | Data encryption and decryption |
| AES-GCM (KTS) (SP 800-38D) | C839 | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-ECB (#C839) as underlying Block cipher | Data encryption, decryption, key-wrap, and key-unwrap |
| AES-GCM (SP 800- 38D) | C839 | AES-GCM | Encrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipher | Data encryption, decryption, key-wrap, and key-unwrap |
| AES-GMAC (SP 800-38D) | C839 | AES-GMAC | Encrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipher | Message Authentication |
| HMAC-SHA-1 (FIPS 198-1) | C839 | HMAC-SHA-1 | HMAC-SHA-1 Uses SHA-1 (# SHS 1780) as underlying digest algorithm | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-224 (FIPS 198-1) | C839 | HMAC-SHA2-224 | HMAC-SHA2-224 Uses SHA2-224 (# SHS 1780) as underlying digest algorithm | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-256 (FIPS 198-1) | C839 | HMAC-SHA2-256 | HMAC-SHA2-256 Uses SHA2-256 (# SHS 1780) as underlying digest algorithm | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-384 (FIPS 198-1) | C839 | HMAC-SHA2-384 | HMAC-SHA2-384 Uses SHA2-384 (# SHS 1780) as underlying digest algorithm | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-512 (FIPS 198-1) | C839 | HMAC-SHA2-512 | HMAC-SHA2-512 Uses SHA2-512 (# SHS 1780) as underlying digest algorithm | MAC generation, verify, KAS and KDF |
| KDF SP 800-108 (KBKDF) | C839 | KDF SP 800-108 | HMAC-Counter mode (HMAC-SHA2-256, HMAC- SHA2-384, HMAC-SHA2- 512) | Key derivation |
| RSA Decryption Primitive (CVL) (SP 800-56Br2) | C839 | RSA Decryption Primitive | 2048-bit 3072-bit 4096-bit Note: CAVP testing was only available for 2048-bit at the time of the module submission SP 800-56B RSADP component validation is equivalent with SP 800- 56Br2 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength | Decryption primitive |
| RSA Signature Primitive (CVL) (FIPS 186-4) | C839 | RSA Signature Primitive | 2048-bit 3072-bit 4096-bit Note: CAVP testing was only available for 2048-bit at the time of the module submission 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength. | Signature primitive |
| KDF TLS (CVL) (SP 800-135r1) | C840 | KDF TLS | TLS-KDF (v1.0/1.1, v1.2) v1.2: SHA2-256, SHA2- 384, SHA2-512 | TLS handshake |
| KAS KDA HKDF (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA HKDF SP 800- 56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS KDA ONESTEP (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA OneStep SP 800-56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS KDA TWOSTEP (SP 800- 56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA TwoStep SP 800- 56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS-KDF-HKDF (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA HKDF Sp800- 56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS-KDF- OneStep(SP 800- 56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA OneStep Sp800- 56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS-KDF-TwoStep (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA TwoStep Sp800- 56Cr1 (#A1192) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS-KDF-ANS9.63 (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDF ANS 9.63 (#C825) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS ANS 9.63 (SP 800-56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#C825) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS TLS (SP 800- 56Ar3) | KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDF TLS (CVL) (#C840) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength | TLS |
| KAS-IFC HKDF (SP 800-56Br2) | KAS-IFC- SSC (#A1193) KDA HKDF Sp800- 56Cr1 (#A1192) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| KAS-IFC OneStep (SP 800-56Br2) | KAS-IFC- SSC (#A1193) KDA OneStep Sp800- 56Cr1 (#A1192) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| KAS-IFC TwoStep (SP 800-56Br2) | KAS-IFC- SSC (#A1193) KDA TwoStep Sp800- 56Cr1 (#A1193) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| ENT (P) SP 800-90B | N/A | N/A | OCTEON HW RBG | System Entropy |
| SHA-1 (FIPS 180-4) | SHS 1780 | SHA-1 | SHA-1 | Message digests |
| SHA2-224 (FIPS 180-4) | SHS 1780 | SHA2-224 | SHA2-224 | Message digests |
| SHA2-256 (FIPS 180-4) | SHS 1780 | SHA2-256 | SHA2-256 | Message digests |
| SHA2-384 (FIPS 180-4) | SHS 1780 | SHA2-384 | SHA2-384 | Message digests |
| SHA2-512 (FIPS 180-4) | SHS 1780 | SHA2-512 | SHA2-512 | Message digests |
| TDES-CBC (SP 800- 38A) | TDES 1311 | Triple-DES-CBC | TCBC mode; 3-key (192 bits) Decrypt * Legacy use only | Data decryption |
| TDES-ECB (SP 800- 38A) | TDES 1311 | Triple-DES-ECB | TECB mode; 3-key (192 bits) Decrypt * Legacy use only | Data decryption |
| CKG SP 800- 133Rev2 | Vendor affirmed | Please refer to section 2.9 Algorithm-Specific Information CKG | Please refer to section 2.9 Algorithm-Specific Information | Cryptographic Key Generation; SP 800-133Rev2 and IG D.H |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 SP 80056Cr1 Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 KAS-KDFOneStep(SP 80056Ar3) KAS-ECCSSC Sp80056Ar3 SP 80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 (SP 800135r1) KAS-ECCSSC Sp80056Ar3 KAS-IFCSSC Sp80056Cr1 KAS-IFCSSC Sp80056Cr1 KAS-IFCSSC Sp80056Cr1 Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N/A N/A
| Name | Use Function | |
|---|---|---|
| AES | Cert. #C819, key unwrapping. Provides 128, 192 or 256 bits of encryption strength. Per IG D.G. | Key unwrap only N3FIPS-OpenSSL-1.1.1-AES ECB mode: Decrypt; 128, 192 and 256 bits CBC mode: Decrypt: 128, 192 and 256 bits *Legacy use only |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
| Name | Use Function | |
|---|---|---|
| EC Diffie-Hellman with non-NIST recommended curves | Cert. #C829, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A. | EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2- 384, SHA2-512) |
| ECDSA with non-NIST recommended curves | Cert. #C825, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A. | EC Key generation, sign, verify Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2- 384, SHA2-512) |
| MD5 | Only allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.A | Message digest used in TLSv1.0 / v1.1 KDF only. |
| Triple-DES SP 800-38B | No security claimed per IG 2.4.A | TDES-CMAC Cert# A1198 |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The support of TLS 1.0/1.1, v1.2 protocol by the module is restricted to the TLS Key Derivation Function and the crypto operation. This functionality of the module is used by the user of the module as part of TLS protocol negotiation. No parts of the TLS protocol, other than the KDF, have been reviewed or tested by the CAVP or the CMVP.
| Algorithm/Function | Usage | |
|---|---|---|
| AES (non-compliant) | • Key wrap (TR31/TR34/AES-CBC/AES-GCM wrap/unwrap), DecimalTable/Data/PIN encryption/decryption. • FF1/FF3-1 Data encryption/decryption • In Non-Approved mode AES GCM supports the IV length from 1 byte to 16 bytes | |
| DES | • Derive unique key per transaction (DUKPT), • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and Verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. • Import/Export using TR34. • Import Decimal Table • EMV script. • EMV ARQC/ARPC • Data/PIN encryption/decryption | |
| DES MAC | MAC generation and Verification |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The cryptographic module supports the following non-Approved algorithms available only in nonApproved mode. Marvell Semiconductor, Inc.
| Name | Key Size |
|---|---|
| Double-DES | • Derive unique key per transaction (DUKPT) • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping • Import/Export using TR34 • Import Decimal Table • EMV script. • EMV ARQC/ARPC • Data/PIN encryption/decryption |
| EC-AES | EC-AES wrap/unwrap (EC BYOK) |
| ECDH KDF | Key derivation using ECDH followed by HMAC/CMAC counter KDF |
| ECDSA (non-compliant) | Key generation, Sign, Verify P192, Secp192k1, brainpoolP160r1, brainpool192r1, K- 163 and B-163 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512) |
| EDDSA (non-compliant) | Key generation, Sign, Verify |
| KAS-ECC (non-compliant) | EC Key generation and ECDH Curve25519 (128 bits), Curve448 (224 bits) |
| PBE | Key generation |
| RSA (non-compliant) | • TR34 Import • TR34 Export • PIN block decryption • BYOK • Encrypt/Decrypt • Asymmetric key encapsulation and un-encapsulation using PKCS#1-v1.5 padding with modulus size 2048, 3072, and 4096 bits • Key generation, Sign, Verify (1024-bit) |
| Shamir’s Key Share | • Key share |
| Triple-DES (non-compliant) | • Derive unique key per transaction (DUKPT) • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and Verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping • Import/Export using TR34 • Import Decimal Table • EMV script • EMV ARQC/ARPC • Data/PIN encryption/decryption |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The module supports the algorithms for the following cipher suites using Approved and allowed algorithms and key sizes:
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
Figure 1
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Figure 2
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Figure 3
| Name | Physical Port | Logical Interface | Data That Passes | Data that passes over port/ interface |
|---|---|---|---|---|
| PCIe Interface (P1) | PCIe Interface (P1) | Data Input and Data Output, Control Input, Status Output and Power. PCIE x8 Interface Lane 0 Transmit Side B (14, 15) Receive Side A (16, 17) Lane 1 Transmit Side B (19, 20) Receive Side A (21, 22) Lane 2 Transmit Side B (23, 24) Receive Side A (25, 26) Lane 3 Transmit Side B (27, 28) Receive Side A (29, 30) Lane 4 Transmit Side B (33, 34) Receive Side A (35, 36) Lane 5 Transmit Side B (37, 38) Receive Side A (39, 40) Lane 6 Transmit Side B (41, 42) Receive Side A (43, 44) Lane 7 Transmit Side B (45, 46) Receive Side A (47, 48) | Primary interface to communicate with the module Provides Services for the software on the host to communicate with the module | |
| LED indicators | LED indicators | Status Output: LED interface (7 LEDs, 13 pins) | Visual status indicator | |
| Tamper PIN | Tamper PIN | Control Input: Tamper pin GPIO over I2C | No data, only a signal from high to low | |
| Power connector | Power connector | Power: 6 PIN power connector | External power connector | |
| USB Port (J2) | USB Port (J2) | Data Input | Interface for vendor zeroize and Firmware Update (non-approved) service | |
| Serial Port | Serial Port | Control Input and Status Output | Interface for vendor zeroize | |
| LED/Port Location | LED/Port Location | Description | ||
| D6 – Red | D6 – Red | Power Fail indication | ||
| D6 – Green | D6 – Green | Power OK – All voltages rails are at nominal | ||
| D13 – Red | D13 – Red | See Table 20 | ||
| D13 – Green | D13 – Green | See Table 20 | ||
| D10 –Multicolor | D10 –Multicolor | See Table 20 | ||
| D12 –Multicolor | D12 –Multicolor | See Table 20 | ||
| D14 –Multicolor | D14 –Multicolor | See Table 20 | ||
| GND | GND | Ground PIN | ||
| P1 | P1 | PCIE Interface see Table 8 | ||
| J2 | J2 | USB Port. To be used for vendor zeroize as an alternative to Tamper Pin zeroization (Under Vendor supervision). | ||
| J3 | J3 | 6 PIN Power Connector | ||
| Serial Port | Serial Port | To be used for vendor zeroize as an alternative to Tamper Pin zeroization (Under Vendor supervision). This will become read-only beyond bootloader. |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Cryptographic Module Interfaces Table 8 describes the module ports and interfaces: Table 8
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Roles, Services, and Authentication Note: Service interface documentation details specific service inputs and outputs: Document name: LiquidSecurity-2.09-0702-Driver-APIs-html.zip Version: 2.09-0702 Release date: 04/26/2024 To access the document, complete the below steps.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 3. This pops up a window to accept the “MARVELL LIMITED USE LICENSE AGREEMENT”. Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Click I Accept to accept the terms and Conditions; the Service Interface document will be downloaded.
| Name | Roles | Input | Output |
|---|---|---|---|
| CN_ZEROIZE | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_VENDOR_ZEROIZE | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_APP_INITIALIZE | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_APP_FINALIZE | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_OPEN_SESSION | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_SESSION | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_SESSION_INFO | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_ALL_SESSIONS | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_PARTITION_SESSIONS | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_AUTHORIZE_SESSION | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_LOGIN | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_LOGOUT | MCO/PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_UPDATE_USER_DETAILS | MCO/PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_TOKEN_INFO | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_PARTITION_INFO | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_HSM_LABEL | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_ALL_PARTITION_INFO | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_POLICY_SET | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_M_VALUE | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_VERSION | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_CORE_DUMP | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_DELETE_CORE_DUMP | MCO/PCO/PCU/MFG/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_MASTER_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_CERT_REQ | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_STORE_CERT | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SET_KBK_PRIMARY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_KBK_SLOT_INFO | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SHUTDOWN | MCO | Opcode inputs | Opcode outputs |
| CN_GET_LOGIN_FAILURE_CNT | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_OPEN_SESSION_V2 | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION_V2 | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_INIT_TOKEN | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GEN_PSWD_ENC_KEY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_UNLOCK_CO | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_CHALLENGE_CO | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_INIT_DONE | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_CERT | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_SECURE_BOOT | MCO/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END | MCO | Opcode inputs | Opcode outputs |
| CN_SLAVE_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_INVOKE_FIPS | MCO | Opcode inputs | Opcode outputs |
| CN_GET_RSA_CACHE_SIZE | MCO | Opcode inputs | Opcode outputs |
| CN_SET_HSM_CONFIG | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_HSM_DIAG_INFO | MCO | Opcode inputs | Opcode outputs |
| CN_GET_HSM_WT_PARAM | MCO | Opcode inputs | Opcode outputs |
| CN_SET_HSM_WT_PARAM | MCO | Opcode inputs | Opcode outputs |
| CN_GET_SERVER_PARAMS | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_DIAG_GET_HSM_STATS | MCO | Opcode inputs | Opcode outputs |
| CN_DIAG_GET_PARTITION_STATS | MCO | Opcode inputs | Opcode outputs |
| CN_STORE_FW_SIGNING_KEY | MCO | Opcode inputs | Opcode outputs |
| CN_ALLOW_FW_UPDATE | MCO | Opcode inputs | Opcode outputs |
| CN_GET_BOOT_DATA | MCO | Opcode inputs | Opcode outputs |
| CN_SET_CFG_PREGEN_CACHE_SZ | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_CFG_PREGEN_CACHE_SZ | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_CFG_PREGEN_CACHE_VAL | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SET_INIT_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_SET_VENDOR_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_GET_TIME | MCO/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_SYNC_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_PARTN_STORAGE_GET | MCO | Opcode inputs | Opcode outputs |
| CN_PARTN_STORAGE_UPDATE | MCO | Opcode inputs | Opcode outputs |
| CN_PARTN_STORAGE_DELETE | MCO | Opcode inputs | Opcode outputs |
| CN_CREATE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_RESIZE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_DELETE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_GET_PARTITION_COUNT | MCO/UN-AUTHMCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_BEGIN | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_CONFIG | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_USERS | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_KEY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_END | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_BEGIN | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_CONFIG | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_USERS | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_KEY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_END | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_OBJECT | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK_WRAP_WITH_RSA) | PCO | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK_WRAP_WITH_RSA) | PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_OBJECT | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SET_M_VALUE | PCO | Opcode inputs | Opcode outputs |
| CN_SET_NODEID | PCO/AU | Opcode inputs | Opcode outputs |
| CN_SET_POLICY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_CREATE_USER, CN_CREATE_PRE_OFFICER, CN_CREATE_CO, CN_CREATE_APPLIANCE_USER | PCO | Opcode inputs | Opcode outputs |
| CN_DELETE_USER | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_LIST_USERS | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_USER_INFO | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_UNLOCK_USER | PCO/MCO | Opcode inputs | Opcode outputs |
| CN_ALWAYS_AUTHORIZE_USER | PCU | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_SOURCE_RANDOM | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_VALIDATE_PEER_CERTS | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_SOURCE_KEY_EXCHANGE | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_SOURCE_INIT | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_SOURCE_STAGE1 | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_TARGET_INIT | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_TARGET_STAGE1 | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_TARGET_KEY_EXCHANGE | PCO | Opcode inputs | Opcode outputs |
| CN_CREATE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_GEN_KEY_ENC_KEY | PCO/MCO | Opcode inputs | Opcode outputs |
| CN_EXTRACT_MASKED_OBJECT | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_INSERT_MASKED_OBJECT | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_DESTROY_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ATTRIBUTE_VALUE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ATTRIBUTE_SIZE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ALL_ATTRIBUTE_SIZE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ALL_ATTRIBUTE_VALUE | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_MODIFY_OBJECT | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_FIND_OBJECTS_USING_COUNT/CN_FIND_ALL_ OBJECTS_IN_RANGE/CN_FIND_ALL_OBJECTS/CN_FI ND_ALL_OBJECTS_USING_COUNT/CN_FIND_OBJEC TS/CN_FIND_OBJECTS_FROM_INDEX | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_SPLIT_SECRET_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY_PAIR | PCU | Opcode inputs | Opcode outputs |
| CN_EXPORT_PUB_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_SHARE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_GET_OBJECT_INFO | PCU | Opcode inputs | Opcode outputs |
| CN_TOMBSTONE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_DELETE_TOMBSTONED_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KEY/CN_UNWRAP_KEY2 | PCU | Opcode inputs | Opcode outputs |
| CN_WRAP_KEY/CN_WRAP_KEY2 | PCU | Opcode inputs | Opcode outputs |
| CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2 | PCU | Opcode inputs | Opcode outputs |
| CN_GET_RSA_CACHE_SIZE | MCO | Opcode inputs | Opcode outputs |
| CN_DERIVE_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_MODIFY_KEY_OWNER | PCO | Opcode inputs | Opcode outputs |
| CN_ADMIN_GET_PARTN_KEYHANDLES_HASH | MCO/PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_GET_PARTN_SINGLE_KEYHANDLE_HASH | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARK_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_UNPARK_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_SET_USER_ATTR | PCO | Opcode inputs | Opcode outputs |
| CN_LIST_AUTH_PUB_KEYS | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_REMOVE_CERT | PCO | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_DETAILS | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_LOGS | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_SIGN | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_ACK_AUDIT_SIGN | PCO/AU | Opcode inputs | Opcode outputs |
| CN_FINALIZE_LOGS | MCO | Opcode inputs | Opcode outputs |
| CN_SIGN | PCU | Opcode inputs | Opcode outputs |
| CN_VERIFY | PCU | Opcode inputs | Opcode outputs |
| CN_ECC_DH | PCU | Opcode inputs | Opcode outputs |
| CN_NIST_AES_WRAP | PCU | Opcode inputs | Opcode outputs |
| CN_ALLOC_SSL_CTX | PCU | Opcode inputs | Opcode outputs |
| CN_FREE_SSL_CTX | PCU | Opcode inputs | Opcode outputs |
| CN_GEN_PMK | PCU | Opcode inputs | Opcode outputs |
| CN_FIPS_RAND | PCU | Opcode inputs | Opcode outputs |
| CN_ME_PKCS_LARGE | PCU | Opcode inputs | Opcode outputs |
| CN_ME_PKCS | PCU | Opcode inputs | Opcode outputs |
| CN_FECC | PCU | Opcode inputs | Opcode outputs |
| CN_HASH | PCU | Opcode inputs | Opcode outputs |
| CN_HMAC | PCU | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_DECRYPT | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_OTHER | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_FINISHED | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_RESUME | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_ENCRYPT_DECRYPT_RECORD | PCU | Opcode inputs | Opcode outputs |
| CN_SHA3 | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_DECRYPT_AND_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| CN_GET_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_APPROVE_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_LIST_TOKENS | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_TOKEN_TIMEOUT | PCO | Opcode inputs | Opcode outputs |
| CN_DELETE_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_SM_IMAGE_DELETE | MCO | Opcode inputs | Opcode outputs |
| CN_SME_DIAG_INFO | MCO | Opcode inputs | Opcode outputs |
| CN_SET_SM_APP_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_GET_SM_APP_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_SET_SM_CAPABILITY | MCO | Opcode inputs | Opcode outputs |
| CN_GET_SM_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_DIAG_INFO | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_UPDATE_BEGIN | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_UPDATE | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_UPDATE_END | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_CTRL | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_DELETE | PCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_WRITE_DATA | PCU | Opcode inputs | Opcode outputs |
| CN_SMAPP_READ_DATA | PCU | Opcode inputs | Opcode outputs |
| CN_SMAPP_DELETE_FILE | PCU | Opcode inputs | Opcode outputs |
| CN_SET_SM_CONFIG | MCO | Opcode inputs | Opcode outputs |
| CN_SMAPP_WRITE_SFRAM | PCU | Opcode inputs | Opcode outputs |
| CN_SMAPP_READ_SFRAM | PCU | Opcode inputs | Opcode outputs |
| CN_LIST_UNLINKED_OBJECTS | PCO | Opcode inputs | Opcode outputs |
| CN_GENERATE_PBE_KEY | PCO/PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_ASYMM_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_SYMM_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_VALIDATE_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_KPK | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_KPK | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_TR34_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_TR34_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_TRANSLATE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_CERT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_DECIMAL_TABLE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_CSR | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DECRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DECRYPT_THEN_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MAC_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MAC_VERIFY | PCU | Opcode inputs | Opcode outputs* |
| LSPAY_MAC_TRANSLATE | PCU | Opcode inputs | Opcode outputs* |
| LSPAY_FPE_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_FPE_DECRYPT | PCU | Opcode inputs | Opcode inputs |
| LSPAY_SIGN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_SIGN_VERIFY | PCU | Opcode inputs | Opcode inputs |
| LSPAY_PIN_BLOCK_TRANSLATE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_PIN_FROM_OFFSET | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_OFFSET_FROM_PIN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_VERIFY_PIN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_PVV_GENERATION | PCU | Opcode inputs | Opcode outputs |
| LSPAY_PVV_VERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EMV_GENVERIFY_AC | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EMV_SECURE_MSG_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_CVV_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_CVV_VERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_CREATE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_EXPORT_KEY_COMPONENT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_COMBINE_INIT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_IMPORT_COMPONENT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_COMBINE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_ZEROIZE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MFK_GENERATE | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_GET_INFO | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_DELETE | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_SET_PRIMARY | PCO | Opcode inputs | Opcode outputs |
| MAJOR_OP_RSASERVER_LARGE | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_RSASERVER | PCU | Opcode inputs | Opcode outputs |
| Firmware Update | UN-AUTH | Serial inputs: run boot_usb | RED LED BLINK |
| CN_GENERATE_KEY_PAIR (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_CREATE_OBJECT (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_WRAP_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_EXTRACT_MASKED_OBJECT (non-compliant) | PCU/PCO/AU | Opcode inputs | Opcode outputs |
| CN_STORE_FW_SIGNING_KEY (non-compliant) | MCO | Opcode inputs | Opcode outputs |
| CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant) | Manufacturer | Opcode inputs | Opcode outputs |
| CN_INSERT_MASKED_OBJECT (non-compliant) | PCU/PCO/AU | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION (non-compliant) | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_DERIVE_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| This role sets the identity, serial number, performance settings and max operating temperature | MFG | Manufacturer License certificate-based authentication | RSA signature [single factor crypto software] |
| This role has access to administrative services offered by the module or HSM | MCO | Identity-based operator authentication | Username and password [Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software] |
| This role is an optional role with limited functionality, eventually transition into PCO | Pre-CO | Identity-based operator authentication | Username and password [Memorized-Secret] |
| This role has access to administrative services of the partition | PCO | Identity-based operator authentication | Username and password [Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software] |
| This role has access to all crypto services offered by the partition | PCU | Identity-based operator authentication | Username and password Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software] |
| This role has access to partition audit logs and Appliance secure channel key | AU | Identity-based operator authentication | Username and password Memorized-Secret] |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 6. Click the Recommended API for each opcode (services) for the input and output details. Table 10
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The module supports the following roles. One identity is allowed for each role, per partition.
During the manufacturing stage, each HSM goes through the following process:
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The master partition supports only the Master Crypto Officer role (MCO). This role is used to configure non-master partitions (create, provision, resize, delete) but cannot access their resources (e.g., cannot manage or use non-master partition keys). This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor). Refer to Section 4.3 for details.
Each Non-Master Partition supports four (4) distinct operator roles as described below. The module enforces the separation of roles using identity-based authentication. Re-authentication is required to change roles. Except for Pre-CO, concurrent operators are allowed; however, only one operator is allowed per login session.
During partition initialization, default credentials are used to create a Pre-CO or a PCO. The Pre-CO is a restricted role primarily for configuring certificates and setting up a PCO. Once a PCO is set up for a partition, the Pre-CO role is no longer accessible. Because the Pre-CO is essentially a restricted PCO, it does not have its own column in Table 12. Instead, PCO capabilities in Table 12 are marked with an asterisk (*) to indicate Pre-CO can run these services. This role is authenticated with username and password (one-factor) only.
This role has access to administrative services of the partition and can configure PCU and AU identities. This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor).
This role has access to all cryptographic services offered by the partition; its purpose is operational use of the module. This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor).
This role has access to partition audit logs and can create end-to-end encrypted channels. It is to set up and synchronize clusters. This role is authenticated with username and password (one-factor) only. Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The module enforces identity-based authentication. A role is explicitly selected at authentication. If a given identity is not allocated with the role, then the authentication will fail with appropriate error. The partitions (see Sections 4.41 and 4.2 for details). If the given user identity is not allocated for a role, then authentication will be failed with appropriate error. The module allows one identity per role, per All the user roles should be authenticated with Level 3 based authentication mechanisms. MCO, Pre-CO, Table 11
| Name | Key Size | |
|---|---|---|
| Username and password | The password is a minimum of 8 characters, case-sensitive alpha-numeric. As such there are (26*2+10) ^8 = 62^8 possible minimum-length passwords, and the false acceptance rate is 1 in 62^8. A maximum of 20 password attempts are possible before permanent lockout. Therefore, the probability of false authentication over any timeframe is 20 in 62^8. (The number of allowed login attempts prior to lockout is configured during module initialization but cannot exceed 20.) Lockout of MCO automatically zeroizes the module. In all other cases, lockout can be unset by destroying the partition. | MCO/Pre- CO/PCO/PCU/AU |
| RSA Signature | Authentication is performed using SHA2-256 based RSA 2048-bit PKCS#1-v1.5 signatures (provides 112 bits of strength). Corresponding public key is associated with the identity (for Manufacturing role, it is part of FW image). The probability that a random attempt will succeed, or a false acceptance will occur, is approximately 1 in 2^112, which is less than 1 in 1,000,000. For each failed signature verification, the module will block for 2 seconds. Based on this maximum rate, the probability that a random attempt will succeed in a one-minute period is approximately 30 in 2^112, which is less than 1 in 100,000. | MCO/PCO/PCU MFG |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 12
G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP metadata is updated. The module writes the SSP. The write access is typically performed after a SSP is imported into the module, or the module generates an SSP, or the module overwrites an existing SSP. E = Execute: The module uses the SSP in performing a cryptographic operation. Marvell Semiconductor, Inc.
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| CN_ZEROIZE | • Zeroize the HSM Master/user partition. Can be configured to be allowed by CO only • Master zeroize will zeroize and delete all user partitions • With factory_reset option, all the SSPs of the partition will be zeroized. • Regular zeroize will zeroize all the user(s) generated SSPs of the partition • Please refer to Table 18 for the list of SSPs and corresponding zeroization service types that erase them. | MCO/PCO/ PCU/MFG/A U/UN-AUTH | User keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POAC | None | Z | Success with fips_state = 2 or 3 |
| CN_VENDOR_ZEROIZE | Zeroizes HSM Master partition. • Vendor zeroize (MCO only) zeroizes vendor programmed certificates and SSPs. factory reset will zeroize all the SSPs of the partition. Please refer to Table 18 for the list of SSPs which can be zeroized using the current zeroization method. | MCO/PCO | User keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POAC AOTAC OKBK AOAC SecureBootAuth Public Key On vendor zeroize: MFDEK FMAK MFKBK | None | Z | Success with fips_state = 2 or 3 |
| CN_APP_INITIALIZE | Registers an application with HSM. | MCO/PCO/P CU/MFG/AU /UN-AUTH | DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] | E R | Success with fips_state = 2 or 3 |
| CN_APP_FINALIZE | Unregisters an application from HSM. | MCO/PCO/P CU/MFG/AU /UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_OPEN_SESSION | Opens a session in HSM and returns the session handle. | MCO/PCO/P CU/MFG/AU /UN-AUTH | DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] | None | Success with fips_state = 2 or 3 |
| CN_CLOSE_SESSION | Closes the session. | MCO/PCO/P CU/MFG/AU /UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_GET_SESSION_INFO | Gets the session information. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_CLOSE_ALL_SESSIONS | Management services for closing all sessions of an application. | MCO/PCO/ PCU/MFG/A U/UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_CLOSE_PARTITION_SESSIONS | Close sessions of all Applications tied to a Partition. | PCO/MCO | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_ENCRYPT_SESSION | Enables encrypted communication channel. | UN-AUTH | POAC PAK TLS ECDH Session Key TLS Session Symmetric Key Set TLS Session HMAC Key DRBG Entropy/HASH_DR BGInternal State | Hash DRBG (SP 800- 90Ar1) [#C830] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDF TLS (CVL) (SP 800- 135r1) [#C840] KAS-ECC-SSC Sp800- 56Ar3 [#A2161] | R E E G G E | Success with fips_state = 2 or 3 |
| CN_AUTHORIZE_SESSION | Authorizes the sessions to be used under E2E and do login. | UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_LOGIN | Allows login to a session. Public key is used to verify user signatures, optionally in 2-factor authentication. | UN-AUTH | PEK Login passwords 2FAMofNPubK CAPubK DRBG Entropy/CTR_DRBG Internal State | AES [#C819], allowed per IG D.G RSA SigVer (FIPS 186- 4) [#C824] PBKDF (SP 800-132) [#A1196] Counter DRBG (SP 800-90Ar1) [#C821] | E W E E | Success with fips_state = 2 or 3 |
| CN_LOGOUT | Allows logout of a session. | MCO/PCO/P CU/AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_UPDATE_USER_DETAILS | Requires user to be logged in. Updates Passwords and Public key for 2-factor authentication or updates the username of PCO. | MCO/PCO/P CU/AU | 2FAMofNPubK PEK Login passwords DRBG ENTROPY/CTR_DRB G Internal State | RSA SigVer (FIPS 186- 4) [#C824] AES-CBC (SP 800-38A) [#C839] Counter DRBG (SP 800-90Ar1) [#C821] PBKDF (SP 800-132) [#A1196] | W R W E | Success with fips_state = 2 or 3 |
| CN_TOKEN_INFO | Get token information. | MCO/PCO/P CU/MFG/AU /UN-AUTH | MFKBK OKBK | None | R R | Success with fips_state = 2 or 3 |
| CN_PARTITION_INFO | Returns Partition Information. | MCO/PCO/P CU/MFG/AU /UN-AUTH | Partition Owner KBK (POKBK) | None | E | Success with fips_state = 2 or 3 |
| CN_GET_HSM_LABEL | Returns HSM label. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_ALL_PARTITION_INFO | Get information for all Partitions. | MCO/PCO/P CU/MFG/AU /UN-AUTH | Partition Owner KBK (POKBK) | None | E | Success with fips_state = 2 or 3 |
| CN_GET_POLICY_SET | Get the current policy settings. This operation does not need authentication. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_M_VALUE | Get the current M Value of a CO Service. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_VERSION | Obtain Firmware Version. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CORE_DUMP | Retrieves core dump files from HSM and saves as dump_file. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_DELETE_CORE_DUMP | Delete core dump file if it exists. | MCO/PCO/P CU/MFG/AU /UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_MASTER_CONFIG | Perform a master configuration. | MCO | MLVK MARC FMAK FMAC | RSA SigVer (FIPS 186- 4) [#C824] | R W G G | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_GET_CERT_REQ | Get the partition or HSM Certificate Signing Request (CSR). | MCO/PCO/P CU/AU/UN- AUTH | AOAC POAC | None | R R | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_STORE_CERT | Store the partition owner certificate or the partition certificate signed by the partition owner or HSM certificate signed by vendor, HSM owner certificate and HSM certificate signed by HSM owner. | MCO/PCO | AOTAC POTAC AOAC POAC | RSA SigVer (FIPS 186- 4) [#C824] | W W W W | Success with fips_state = 2 or 3 |
| CN_STORE_VENDOR_PRE_SHARE D_KEY (CN_STORE_KBK_SHARE) | Store Fixed Keys (KBK) for backup. | MCO/PCO | MARC AOTAC, POTAC, MFKBK, OKBK, POKBK, FMAK, PAK | RSA SigVer (FIPS 186- 4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194], AES-KWP (KTS) (SP 800- 38F) [#C1263] | E E E W W W E E | Success with fips_state = 2 or 3 |
| CN_SET_KBK_PRIMARY | Set the latest stored fixed (KBK) key as the primary key for backup. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_KBK_SLOT_INFO | Get the stored fixed (KBK) keys ekcv information. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SHUTDOWN | Set HSM state to shutdown. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_LOGIN_FAILURE_CNT | Get the login failure count of a particular user. | MCO/PCO/P CU/AU/UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_OPEN_SESSION_V2 | Opens a session in HSM and returns the session handle. | PCO/PCU/ AU/UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_ENCRYPT_SESSION_V2 | Establishes E2E connection with/without client- authentication, between HSM and the Host applications. | PCO/PCU/ AU/UN- AUTH | E2E Client Authentication Public key PAK POAC E2E TLS ECDH Session Key E2E TLS Session Symmetric Key Set E2E TLS Session HMAC Keys DRBG Entropy/HASH_DR BG Internal State | Hash DRBG (SP 800- 90Ar1) [#C830] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KAS TLS (SP 800- 56Ar3) KAS-ECC-SSC Sp800-56Ar3 [#A2161] RSA SigVer (FIPS 186- 4) [#C824] | E E R G G G E | Success with fips_state = 2 or 3 |
| CN_INIT_TOKEN | Initializes the HSM and sets its policies and boundaries to the values specified in config_file. | MCO/PCO | MMEK PMEK DRBG ENTROPY/CTR_DRB G Internal State | AES-CBC (SP 800-38A) [#C839] RSA SigGen (FIPS 186- 4) [#C824] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] | G G E | Success with fips_state = 2 or 3 |
| CN_GEN_PSWD_ENC_KEY | Generates a Password Encryption Key (PEK), which is used to wrap the user password while sending it over the FIPS boundary. | MCO/PCO | PEK Host PswdEncKeyPublic Key DRBG ENTROPY/CTR_DRB G Internal State | KAS-IFC HKDF (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)Counter DRBG (SP 800-90Ar1) [#C821] | G E E | Success with fips_state = 2 or 3 |
| CN_UNLOCK_CO | On providing response(signature) over the challenge thrown by HSM/Partition during CN_GET_CHALLENGE_CO (CfmGetChallengeCO), session will be marked with "unlock" privileges, allowing the user to generate PEK, zeroizeHSM and change the CO's self password. Session will remain in unlocked state only for 120 seconds. | UN-AUTH | POAC/AOAC | RSA SigVer (FIPS 186- 4) [#C824] | E | Success with fips_state = 2 or 3 |
| CN_GET_CHALLENGE_CO | Gets a challenge to be signed by either HSM/Partition's owner to move the session to "unlocked" state using "unlockco” command. | UN-AUTH | POAC AOAC PAK FMAC | Counter DRBG (SP 800-90Ar1) [#C821] RSA SigGen (FIPS 186- 4) [#C824] | R R E R | Success with fips_state = 2 or 3 |
| FMAK DRBG ENTROPY/CTR_DRB G Internal State | FMAK DRBG ENTROPY/CTR_DRB G Internal State | E E | ||||
| CN_INIT_DONE | Completes initialization of HSM/partition. Successful initialization of HSM will reboot the HSM. | MCO/PCO | KBK Partition masking key DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] | G G E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_GET_CERT | Fetches certificates stored on the HSM. Certificates like: VENDOR_CERT HSM_CERT PARTITION_OWNER_CERT PARTITION_CERT PARTITION_CERT_ISSUED_BY_HS M. HSM_OWNER_CERT HSM_CERT_ISSUED_BY_HO | MCO/PCO/P CU/AU/UN- AUTH | MARC FMAC POAC POTAC PAC AOAC AOTAC | None | R R R R R R R | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_SECURE_BOOT | Performs cert auth based secure boot. | MCO/UN- AUTH | User Public Keys | RSA SigVer (FIPS 186- 4) [#C824] | E | Success with fips_state = 2 or 3 |
| CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END | Begins and performs firmware, bootloader, SMW update. Updated FW version is reflected after reboot and can be obtained from the getHSMInfo. | MCO | MFUVK AOAPubK | RSA SigVer (FIPS 186- 4) [#C824] | E E | Success with fips_state = 2 or 3 |
| CN_SLAVE_CONFIG | Perform a slave configuration. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_INVOKE_FIPS | Perform Self tests. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_RSA_CACHE_SIZE | Gets the number of RSA pre generated keys available in the RSA key cache. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_HSM_CONFIG | Sets the HSM configuration parameters. | MCO/ PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_HSM_DIAG_INFO | Get HSM diagnostics information. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_HSM_WT_PARAM | Gets the DoS parameter. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_HSM_WT_PARAM | Sets the DoS parameter. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_SERVER_PARAMS | Gets the server parameters used in Cav-server for the server handshake messages. | PCO/PCU/A U/UN-AUTH | TLS Session ECDH Key POAC PAK DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] ECDSA SigVer (FIPS 186-4) [#C825], ECDSA SigVer (FIPS 186-4) [#C829] | G E E E | Success with fips_state = 2 or 3 |
| CN_DIAG_GET_HSM_STATS | Retrieve HSM statistics over fast path. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_DIAG_GET_PARTITION_STATS | Retrieve Partition statistics over fast path. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_STORE_FW_SIGNING_KEY | Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072 and 4096 or a supported EC curve. | MCO | AOAPubK, AOAC | RSA SigVer (FIPS 186- 4) [#C824] | W E | Success with fips_state = 2 or 3 |
| CN_ALLOW_FW_UPDATE | Configure a lower version of FW to be allowed to be updated for certain time period and on certain HSMs. | MCO | AOAPubK | RSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825] | E | Success with fips_state = 2 or 3 |
| CN_GET_BOOT_DATA | Retrieves error logs from HSM. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_CFG_PREGEN_CACHE_SZ | Set pre generated keys cache size. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CFG_PREGEN_CACHE_SZ | Set configured pre generated keys cache size. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CFG_PREGEN_CACHE_VA L | Returns the key count in pre generated key cache. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_INIT_TIME | Sets the user's initial time upon receiving the HSM. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_VENDOR_TIME | Sets the vendor time on the HSM. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_TIME | Gets the RTC and System time from HSM. | MCO/ UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_SYNC_TIME | Sets the user's time on the HSM. Also used for drift calculation and configuration. Returns useful information such as the drift between previous configured time and new time configured and the lifetime average drift observed. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTN_STORAGE_GET | Gets the partition private data from the per partition store. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTN_STORAGE_UPDATE | Updates partition private data into the partition store. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTN_STORAGE_DELETE | Deletes the partition private data from the partition store. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_PARTITION | Create a partition with the given name and size. | MCO | PAK FMAC FMAK MARC PAC | RSA KeyGen (FIPS 186-4) [#C824] RSA SigGen (FIPS 186- 4) [#C824] | G E E E G | Success with fips_state = 2 or 3 |
| CN_RESIZE_PARTITION | Resize an existing partition of the specified name. | MCO | N/A | None | None | Success with fips_state = 2 or 3 |
| CN_DELETE_PARTITION | Delete a Partition & all associated keys. | MCO | User Keys PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK Login Passwords PEK KBK POTAC POKBK | None | Z | Success with fips_state = 2 or 3 |
| CN_GET_PARTITION_COUNT | Return partition count. | MCO/UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_BACKUP_BEGIN | Initiate backup of partition configuration, users, and keys. | MCO/PCO | MFKBK OKBK POKBK Backup session Key DRBG ENTROPY/CTR_DRB G Internal State | KDF SP 800-108 (KBKDF) [#C826] Counter DRBG (SP 800-90Ar1) [#C821] HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E E E G E | Success with fips_state = 2 or 3 |
| CN_BACKUP_CONFIG | Back up the partition configuration. | MCO/PCO | Backup session Key | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E | Success with fips_state = 2 or 3 |
| CN_BACKUP_USERS | Back up the partition users. | MCO/PCO | Backup session Key | AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E | Success with fips_state = 2 or 3 |
| CN_BACKUP_KEY | Back up the keys. | MCO/PCO | Backup session Key Partition masking key PEK KLK KBK User keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E R R R R R | Success with fips_state = 2 or 3 |
| CN_BACKUP_END | Ends the backup of the partition configuration, keys, and user details. | MCO/PCO | PAK KBK Backup session Key | SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] RSA SigGen (FIPS 186- 4) [#C824] | E G Z | Success with fips_state = 2 or 3 |
| CN_RESTORE_BEGIN | Initiate restoration of partition configuration, users, and keys. | MCO/PCO | MFKBK OKBK POKBK Backup session Key | KDF SP 800-108 (KBKDF) [#C826] SHA- 1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E E E G | Success with fips_state = 2 or 3 |
| CN_RESTORE_CONFIG | Restore a backed-up partition configuration. | MCO/PCO | Backup session Key | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] | E | Success with fips_state = 2 or 3 |
| CN_RESTORE_USERS | Restore the partition users. | MCO/PCO | Backup session Key | AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E | Success with fips_state = 2 or 3 |
| CN_RESTORE_KEY | Restore the backed-up keys. | MCO/PCO | Backup session Key User keys Partition masking key PEK KLK KBK | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E W W W W W | Success with fips_state = 2 or 3 |
| CN_RESTORE_END | Ends the restoration of backed up partition configuration, keys and user details. | MCO/PCO | KBK Backup session Key | SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | G Z | Success with fips_state = 2 or 3 |
| CN_BACKUP_OBJECT | Backup partition key, partition CSR, PO cert, partition cert signed by PO, user auth keys. | MCO/PCO | Backup session Key PAK PAC POAC POTAC CAPubK | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E R R R R R | Success with fips_state = 2 or 3 |
| CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_D ERIVED_KEY, KBK_WRAP_WITH_RSA) | Wrap KBK out of the HSM. | PCO | KBK, User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KTS-IFC (KTS) (SP 800-56Br2) [#A1194], | R | Success with fips_state = 2 or 3 |
| CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_D ERIVED_KEY, KBK_WRAP_WITH_RSA) | Unwraps KBK into the HSM. | PCO | KBK, User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KTS-IFC (KTS) (SP 800-56Br2) [#A1194], | W | Success with fips_state = 2 or 3 |
| CN_RESTORE_OBJECT | Restore the backed-up object and object details. | MCO/PCO | Backup session Key PAK PAC POAC POTAC CAPubK | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | E W W W W W | Success with fips_state = 2 or 3 |
| CN_SET_M_VALUE | Set the current M value for a CO service. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_NODEID | Sets the cluster node ID for a partition. | PCO/ AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_POLICY | Set an HSM policy. | MCO/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_USER, CN_CREATE_PRE_OFFICER, CN_CREATE_CO, CN_CREATE_APPLIANCE_USER | Create a new CU, CO, Pre-CO or AU user with the provided name and password. | MCO/PCO | PMEK 2FAMofNPubK PEK | AES [#C819], allowed per IG D.G, AES-CBC (SP 800-38A) [#C819] PBKDF (SP 800-132) [#A1196] RSA SigVer (FIPS 186- 4) [#C824] | E W E | Success with fips_state = 2 or 3 |
| CN_DELETE_USER | Delete the user with the given name. | PCO/MCO | User Keys | None | Z | Success with fips_state = 2 or 3 |
| CN_LIST_USERS | List all users of the current partition. | PCO/PCU/A U/UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_USER_INFO | Get user info and user attributes of a user. | PCO/ PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_UNLOCK_USER | Unlock CU or AU user which got locked up due to invalid login attempts. | PCO/MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_ALWAYS_AUTHORIZE_USER | Context specific explicit user authorization service for CKA_ALWAYS_AUTHENTICATE keys. | PCU | PEK CAPubK Login passwords 2FAMofNPubK | AES-CBC (SP 800-38A) [#C839] RSA SigVer (FIPS 186- 4) [#C824] PBKDF (SP 800-132) [#A1196] | E E E E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_GET_SOURCE_RA NDOM | Gets the source random number required for mutual trust protocol. | PCO | DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] | R E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_VALIDATE_PEER_ CERTS | Validates the peer certificates as part of the mutual trust protocol. | PCO | DRBG ENTROPY/CTR_DRB G Internal State MARC FMAC PAC AOTAC AOAC POTAC POAC | Counter DRBG (SP 800-90Ar1) [#C821] RSA SigVer (FIPS 186- 4) [#C824] | E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_SOURCE_KEY_EX CHANGE | Generate source key exchange message from the HSM. | PCO | SAZ PAK DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] RSA SigVer (FIPS 186- 4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | G R E | Success with fips_state = 2 or 3 |
| CN_CLONE_SOURCE_INIT | Fetch the value for the clone target initialization. | PCO | PCPK DRBG ENTROPY/CTR_DRB G Internal State Partition Cloning Initiator Public Key | Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825] | G E G | Success with fips_state = 2 or 3 |
| CN_CLONE_SOURCE_STAGE1 | Push clone target output into clone source. | PCO | CSSZ PCSK PCSMK Partition masking key | KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | G G G R E | Success with fips_state = 2 or 3 |
| HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | Partition Cloning Responder Public Key | HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | ||||
| CN_CLONE_TARGET_INIT | Push clone source output into clone target. | PCO | PCPK DRBG ENTROPY/CTR_DRB G Internal State Partition Cloning Responder Public Key Partition Cloning Initiator Public Key | Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825] | G E G E | Success with fips_state = 2 or 3 |
| CN_CLONE_TARGET_STAGE1 | Fetch the value for clone target end. | PCO | CSSZ PCSK PCSMK Partition Masking Key | KAS-ECC (KAS) Sp800-56Ar3 [#A1219] HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | G G G W | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_TARGET_KEY_EX CHANGE | Validate key exchange message from peer. Used in cert-based cloning. | PCO | PAK SAZ | KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | E G | Success with fips_state = 2 or 3 |
| CN_CREATE_OBJECT | Import a public key into the HSM. | PCU | User Public Keys | None | W | Success with fips_state = 2 or 3 |
| CN_GEN_KEY_ENC_KEY | Generates KLK. Generate the key encryption key The type of key is determined by the kek_method parameter in the hsm_config file. The KLK is always a global key. | MCO/PCO | KLK Partition KeyLoading Private Key KLSZ | ECDSA KeyGen (FIPS 186-4) [#C825] KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | G,W G, E G | Success with fips_state = 2 or 3 |
| CN_EXTRACT_MASKED_OBJECT | Extracts a masked object. i.e. retrieves an object by wrapping it with a masking key shared by the process of cloning. | PCU/ PCO/AU CO | User Keys, PEK, KLK, Partition Masking Key | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | R E | Success with fips_state = 2 or 3 |
| CN_INSERT_MASKED_OBJECT | Inserts a masked object into an HSM which Is extracted from another HSM. | PCU/ PCO/AU | User Keys, PEK, KLK, Partition Masking Key | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP 800- 38B) [#A1195] | W E | Success with fips_state = 2 or 3 |
| CN_DESTROY_OBJECT | Destroys Key Object. | PCU | User Keys | None | Z | Success with fips_state = 2 or 3 |
| CN_GET_ATTRIBUTE_VALUE | Retrieve single key attribute/metadata. | PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_GET_ATTRIBUTE_SIZE | Retrieves the size of an attribute of an object. | PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_GET_ALL_ATTRIBUTE_SIZE | Retrieves the size of all attributes of an object. | PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_GET_ALL_ATTRIBUTE_VALUE | Retrieves all attributes/metadata of an object. | PCO/PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_MODIFY_OBJECT | Use the setAttribute command to modify object attributes. | PCO/PCU | User Keys | None | W | Success with fips_state = 2 or 3 |
| CN_FIND_OBJECTS_USING_COUN T/CN_FIND_ALL_OBJECTS_IN_RAN GE/CN_FIND_ALL_OBJECTS/CN_FI ND_ALL_OBJECTS_USING_COUNT /CN_FIND_OBJECTS/CN_FIND_OBJ ECTS_FROM_INDEX | Finds all key(s) in the partition based on input criteria. An array of key handles will be returned for the keys that match the input criteria specified, key class, key label, etc. Search can be requested from an index. | MCO/PCO/P CU/AU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_GENERATE_KEY | Generates a symmetric key of given key type and length. | PCU | Symmetric User Keys DRBG Entropy/CTR_DRBG Internal State | Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP 800- 38B) [#A1195] | G E | Success with fips_state = 2 or 3 |
| CN_SPLIT_SECRET_KEY | Split a symmetric key into multiple keys based on the attributes given by the user. The resulting key handles are stored as output in splitKeyArgs structure. | PCU | Symmetric User Keys | None | G | Success with fips_state = 2 or 3 |
| CN_GENERATE_KEY_PAIR | Generate asymmetric keys (RSA/DSA/ECC). Updates the public and private key handles in the output on return. | PCU | Asymmetric User Keys | RSA KeyGen (FIPS 186-4) [#A1199], RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825] ECDSA KeyVer (FIPS 186-4) [#C825] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] | G | Success with fips_state = 2 or 3 |
| CN_EXPORT_PUB_KEY | Export a public key in PEM- encoded format. | PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_SHARE_OBJECT | Share an object between users. | PCU | User Keys | None | W | Success with fips_state = 2 or 3 |
| CN_GET_OBJECT_INFO | Obtains Key details like shared sessions, shared users and m_values of USE_KEY, MANAGE_KEY services. | PCU | User Keys | None | R | Success with fips_state = 2 or 3 |
| CN_TOMBSTONE_OBJECT | Marks the specified object stored on the HSM invalid. | PCU | User Keys | None | W | Success with fips_state = 2 or 3 |
| CN_DELETE_TOMBSTONED_OBJEC T | Used to delete the Tombstone object, Regular Delete will fail if the object is tomb stoned. | PCU | User Keys | None | Z | Success with fips_state = 2 or 3 |
| CN_UNWRAP_KEY/CN_UNWRAP_ KEY2 | Unwraps a key with an AES/Triple- DES/RSA-Private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. | PCU | User Keys, KLK | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] TDES-KW (SP 800-38F) [#C1263] Triple-DES- KW (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#C839] AES [#C819], allowed per IG D.G AES [#C819], allowed per IG D.G ECDSA KeyVer (FIPS 186-4) [#C825] DSA PQGVer (FIPS 186-4) [#C823] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP800- 38B) [#A1195] | E | Success with fips_state = 2 or 3 |
| CN_WRAP_KEY/CN_WRAP_KEY2 | Wrap sensitive (private and symmetric) keys from the HSM to the host. | PCU | User Keys, KLK | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800- 56Br2) [#A1194] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-KDF-HKDF (SP 800-56Ar3) | E | Success with fips_state = 2 or 3 |
| CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2 | Wrap/unwrap data with a specified AES key. | PCU | Symmetric User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | E | Success with fips_state = 2 or 3 |
| CN_GET_RSA_CACHE_SIZE | Get the number of available RSA keys. | MCO | Asymmetric User Keys | N/A | N/A | Success with fips_state = 2 or 3 |
| CN_DERIVE_KEY | Derives a key using a supported KDF mechanism with the params given from the user. | PCU | User Keys | KDF SP 800-108 (KBKDF) [#C826], KDF SP 800-108 (KBKDF) [#C839], KDF SP 800- 108 (KBKDF) [#A1191] KDF ANS 9.63 (CVL) (SP 800-135r1) [#C825] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) | G E | Success with fips_state = 2 or 3 |
| CN_MODIFY_KEY_OWNER | Modify the owner user of a key. | PCO | User keys | None | W | Success with fips_state = 2 or 3 |
| CN_ADMIN_GET_PARTN_KEYHAN DLES_HASH | Gets Hash of all keys for a partition. | MCO/MCU/ PCU/AU | User Keys | SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | R E | Success with fips_state = 2 or 3 |
| CN_GET_PARTN_SINGLE_KEYHAN DLE_HASH | Gets Hash of single key for a partition. | PCO/AU | User Keys | SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] | R | Success with fips_state = 2 or 3 |
| CN_PARK_OBJECT | Park a key using the given parking key. Only parkable keys can be parked. Keys with parkable attribute not set cannot be parked. | PCU | User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | R E | Success with fips_state = 2 or 3 |
| CN_UNPARK_OBJECT | Unpark given parked object using the given parking key. | PCU | User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | W E | Success with fips_state = 2 or 3 |
| CN_SET_USER_ATTR | Set User attributes which control the functionality of a crypto user. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_LIST_AUTH_PUB_KEYS | List all registered user auth pub keys. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_REMOVE_CERT | Stores or removes the Partition TA cert. | PCO | None | None | W Z | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_DETAILS | Gets Audit Logs Details. | AU/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_LOGS | Gets Audit Logs. | AU/PCO | None | SHA2-256 (FIPS 180-4) [SHS #1780] | None | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_SIGN | Gets Audit Logs Hash or RSA signature. | AU/PCO | PAK | SHA2-256 (FIPS 180-4) [SHS #1780] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839] | E (PAK) | Success with fips_state = 2 or 3 |
| CN_PARTN_ACK_AUDIT_SIGN | Acks previously retrieved signature. Either hash or signature needs to match with the values stored by HSM for firmware to accept the signature acknowledgement. | AU/PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_FINALIZE_LOGS | Finalize logs by inserting end marker. No more loggable commands are allowed on the partition after this command is run. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SIGN | Generate a signature on the given data with the specified private key. | PCU | Asymmetric User Keys | RSA SigGen (FIPS 186- 4) [#A1199], RSA SigGen (FIPS 186-4) [#C824] ECDSA SigGen (FIPS 186-4) [#C825] ECDSA SigGen (FIPS 186-4) (CVL) [#C825] DSA SigGen (FIPS 186- 4) [#C823] SHA2-224 (FIPS 180- 4) [#C820], SHA2-256 (FIPS 180-4) [#C820], | E | Success with fips_state = 2 or 3 |
| CN_VERIFY | Verify the signature on the given data with specified public key. | PCU | User Public Keys | RSA SigVer (FIPS 186- 4) [#A1199], RSA SigVer (FIPS 186-4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825] DSA SigVer (FIPS 186- 4) [#C823] | E | Success with fips_state = 2 or 3 |
| CN_ECC_DH | Computes the shared secret (Z). | PCU | Asymmetric User Keys | KAS-ECC-SSC Sp800- 56Ar3 [#A1220] | E | Success with fips_state = 2 or 3 |
| CN_NIST_AES_WRAP | Wrap data with a specified AES key. | PCU | KLK Symmetric User Keys | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | E R | Success with fips_state = 2 or 3 |
| CN_ALLOC_SSL_CTX | Allocates a context segment in the HSM memory and returns a reference to the application for the same. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_FREE_SSL_CTX | Free a context segment for use by another SSL connection. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_GEN_PMK | Generate random premaster secret data and writes it into given ctx pointer. | PCU | DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] | E | Success with fips_state = 2 or 3 |
| CN_FIPS_RAND | Generates FIPS random number of given length. | PCU | DRBG Entropy/HASH_DR BG Internal State | Hash DRBG (SP 800- 90Ar1) [#C830] | E | Success with fips_state = 2 or 3 |
| CN_ME_PKCS_LARGE | ModExp and PKCS#1, v2.2 encryption and decryption. | PCU | Asymmetric User Keys | RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839] KTS- IFC (KTS) (SP 800- 56Br2) [#A1194] RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] | E | Success with fips_state = 2 or 3 |
| CN_ME_PKCS | ModExp and PKCS#1, v2.2 encryption, decryption, sign and verify. | PCU | Asymmetric User Keys | RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839] KTS-IFC (KTS) (SP 800- 56Br2) [#A1194] RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] | E | Success with fips_state = 2 or 3 |
| CN_FECC | ECDSA Sign/verify and Point add/double/mul operation. | PCU | Asymmetric User Keys | ECDSA SigVer (FIPS 186-4) [#C829] ECDSA SigGen (FIPS 186-4) (CVL) [#C829] | E | Success with fips_state = 2 or 3 |
| CN_HASH | Computes SHA Hash. | PCU | None | SHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] | None | Success with fips_state = 2 or 3 |
| CN_HMAC | Compute/Verify the MAC of a complete message. HMAC max message length supported will vary based on Hash type. | PCU | Symmetric and HMAC User Keys | HMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839] AES-CMAC (SP 800- 38B) [#C839] AES- CMAC (SP 800-38B) [#A1190] | E | Success with fips_state = 2 or 3 |
| CN_ENCRYPT_DECRYPT | AES encryption and decryption, Triple-DES decryption. | PCU | Symmetric User Keys | AES-CBC (SP 800-38A) [#C839], AES-CTR (SP 800-38A) [#C839], AES-ECB (SP 800-38A) [#C839] AES-CCM (SP 800- 38C) [#C839] AES-GCM (SP 800- 38D) [#A1203] AES- GCM (SP 800-38D) [#C839] AES-GMAC (SP 800-38D) [#C839] TDES-CBC (SP 800- 38A) [TDES #1311] *legacy use only TDES-ECB (SP 800- 38A) [TDES #1311] *legacy use only | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_OTHER | When not (RSA <= 4096), do a full handshake. The pre-master secret is read from the context or input and the rest of the handshake is completed. This is used by both the server and the client. | PCU | User Keys | KDF TLS (CVL) (SP 800- 135r1) [#C840] KAS-ECC-SSC Sp800- 56Ar3 [#A2161] SHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839] | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_FINISHED | Finish off the handshake hash and generate the finished messages for a full handshake. This is used in a full handshake with client authentication on either the client or the server. | PCU | User Keys | SHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839] | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_RESUME | Completes a resume on either the client or the server. The handshake message data for this request should include all handshake message data from (and including) the most-recent client hello message up until (but not including) the first finished message. | PCU | User Keys | SHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839] | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_ENCRYPT_DECRYPT_R ECORD | Encrypt/decrypt records. Send encrypted E2E request to the FW. | PCU | DRBG Entropy/HASH_DR BG Internal State Symmetric User Keys | Hash DRBG (SP 800- 90Ar1) [#C830] AES-GCM (SP 800- 38D) [#C839] | E | Success with fips_state = 2 or 3 |
| CN_SHA3 | Computes SHA3 Hash. | PCU | None | SHA3-224 (FIPS 202) [#A1197], SHA3-256 (FIPS 202) [#A1197], SHA3-384 (FIPS 202) [#A1197], SHA3-512 (FIPS 202) [#A1197], SHAKE-128 (FIPS 202) [#A1197], SHAKE-256 (FIPS 202) [#A1197] | None | Success with fips_state = 2 or 3 |
| MAJOR_OP_DECRYPT_AND_ENCR YPT | Performs decryption with one cipher and re-encrypts the decrypted data with another cipher. | PCU | Symmetric User Keys | AES-CBC (SP 800-38A) [#C839], AES-CTR (SP 800-38A) [#C839], AES-ECB (SP 800-38A) [#C839] AES-CCM (SP 800- 38C) [#C839] AES-GCM (SP 800- 38D) [#A1203] AES- GCM (SP 800-38D) [#C839] AES-GMAC (SP 800-38D) [#C839] TDES-CBC (SP 800- 38A) [TDES #1311] TDES-ECB (SP 800- 38A) [TDES #1311] | E | Success with fips_state = 2 or 3 |
| CN_GET_TOKEN | Gets a token or token info from the partition for a given service. | PCO/PCU | DRBG ENTROPY/CTR_DRB G Internal State | Counter DRBG (SP 800-90Ar1) [#C821] | E | Success with fips_state = 2 or 3 |
| CN_APPROVE_TOKEN | Submit approvals on token, approval could be on a single or multiple blobs. | PCO/PCU | 2FAMofNPubK | RSA SigVer (FIPS 186- 4) [#C824] | E | Success with fips_state = 2 or 3 |
| CN_LIST_TOKENS | List all MofN tokens in the current partition. | PCO/PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_TOKEN_TIMEOUT | Get or set the timeout values of the tokens in the partition. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_DELETE_TOKEN | Deletes the existing MxN tokens based on the token-delete options. | PCO/PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SM_IMAGE_DELETE | Delete Secure Machine images from the partition. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SME_DIAG_INFO | To get the SME diagnostic information about SM Linux and SM Manager. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_SM_APP_CONFIG | Set Secure Machine App Configuration. It is used to allocate resources for SMApp. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_SM_APP_CONFIG | To get the resources allocated to an SMApp. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_SM_CAPABILITY | Set Secure Machine Capability It is used to enable or disable the Capability. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_SM_CONFIG | To get the existing configuration and other information. Total SMApp resources used resources information is available. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_DIAG_INFO | To get the SMApp diagnostic information such as CPU, memory, statistics, etc. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_UPDATE_BEGIN | Initiates the SM App firmware update on a partition. This requires CO to be logged in. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_UPDATE | Loading/Updating an SMApp on. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_UPDATE_END | Completion of SMApp firmware update on a partition. This requires CO to be logged in. | PCO | POTAC | RSA SigVer (FIPS 186- 4) [#C824] | E (POTAC) | Success with fips_state = 2 or 3 |
| CN_SMAPP_CTRL | Does SM app start/stop/status on a partition. Requires PCO to be logged in. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_DELETE | Performs SMApp delete. This requires CO to be logged in. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_WRITE_DATA | Store SMApp data into SMApp private storage. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_READ_DATA | Read SMApp data from SMApp private storage. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_DELETE_FILE | Read SMApp data from SMApp private storage. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_SM_CONFIG | To configure resources for the SM.. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_WRITE_SFRAM | Write SMApp data into SMApp private SFRAM memory. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_SMAPP_READ_SFRAM | Read SMApp data from SMApp private SFRAM memory. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_LIST_UNLINKED_OBJECTS | Return the total tombstone sessions, keys and contexts. | PCO | None | None | None | Success with fips_state = 2 or 3 |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 13
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy G G Z R E E G G E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 E W E E R W E G Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 R W G G Security Policy W W W W E E E W W W E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy AU/UNAUTH AU/UNAUTH E E R G G G E G G E G E E E R Marvell Semiconductor, Inc. R E R
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 M. E E G E R R R R R G Security Policy MCO/UNAUTH E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E W E E L Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy MCO/ UNAUTH G E E E G N/A Z Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy MCO/UNAUTH E E E G G E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E R E R R R R G Z E E E E G Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E G E W W W W W Z R R R R R R Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 W E W W W W W E W E Marvell Semiconductor, Inc. Z
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E G R E E G G R E Marvell Semiconductor, Inc. G G E G G G R G E
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy G G E G E G G G W E G Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy W G,W G, E G R E W E Z R R R Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy R W G E G G R Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy W R W Z E T Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E N/A N/A G E Marvell Semiconductor, Inc. W
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E R R W Marvell Semiconductor, Inc. E W E Z
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 E E Security Policy E E R Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 G Security Policy E E E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 G Security Policy E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
| Name | Description | Roles | Approved Functions | Indicator |
|---|---|---|---|---|
| CN_GENERATE_PBE_KEY | Generate PBE Triple-DES key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file. | PCU | COUNTER DRBG Allowed Per IG 2.4.A/ PBE | SUCCESS with fips_state = 0 |
| LSPAY_GENERATE_ASYMM_KEY | (Generates RSA KEY Pair (mod_len>= 2048bit)) Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP256v1) | PCU | RSA (non-compliant) ECDSA (non- compliant)/ KAS-ECC (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_GENERATE_SYMM_KEY | Generates symmetric key AES/TDEA Keys used for LSPay operations. | PCU | COUNTER DRBG Allowed Per IG 2.4.A | SUCCESS with fips_state = 0 |
| LSPAY_EXPORT_PUBLIC_KEY | Exports Public key for RSA BYOK. | PCU | N/A | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_PUBLIC_KEY | Imports RSA public Key for RSA BYOK | PCU | N/A | SUCCESS with fips_state = 0 |
| LSPAY_VALIDATE_PUBLIC_KEY | Validates RSA public Key. | PCU | RSA (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_KPK | Imports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key. | PCU | RSA (non-compliant), EC-AES / ECDH KDF | SUCCESS with fips_state = 0 |
| LSPAY_EXPORT_KPK | Exports OAEP wrapped symmetric Key from HSM. | PCU | RSA (non-compliant), EC-AES/ ECDH KDF | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_KEY | Import symmetric or asymmetric keys. Wrap mech: TR31, AES_CBC, AES_CBC_PAD. | PCU | AES (non-compliant) Triple-DES (non- compliant). | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_TR34_KEY | Import symmetric keys using TR-34 unwrap. | PCU | RSA (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_EXPORT_KEY | Exports Symmetric key Wrapped with TR31/AES_CBC/AES_CBC_PAD. | PCU | AES (non-compliant) Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_EXPORT_TR34_KEY | Exports symmetric keys wrapped with TR34 mechanism. | PCU | RSA (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_TRANSLATE_KEY | Translates wrapped Key from on KPK to other KPK. | PCU | AES (non-compliant) Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_CERT | Imports peer’s certificate to read public key required in TR34. Import X901 Certificate into HSM. | PCU | N/A | SUCCESS with fips_state = 0 |
| LSPAY_IMPORT_DECIMAL_TABLE | Imports encrypted decimal table to be used in PIN APIs to decimalize native PIN. | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_GENERATE_CSR | CREATE CSR with given Key Pair. | PCU | RSA (non-compliant) /ECDSA (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_DERIVE_KEY | Derives DUKPT working key from the BDK. | PCU | AES (non- compliant)/DES/ Triple-DES (non- compliant)) | SUCCESS with fips_state = 0 |
| LSPAY_ENCRYPT | Encrypts input data or PIN. | PCU | AES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DES | SUCCESS with fips_state = 0 |
| LSPAY_DECRYPT | Decrypts input data or PIN. | PCU | AES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DES | SUCCESS with fips_state = 0 |
| LSPAY_DECRYPT_THEN_ENCRYPT | Decrypts the input cipher text with one key and encrypts with another key. | PCU | AES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DES | SUCCESS with fips_state = 0 |
| LSPAY_MAC_GEN | Computes MAC on input data. Algorithm used: DES/Triple-DES | PCU | DES MAC / Triple-DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_MAC_VERIFY | Verifies MAC with calculated AMC on input data. | PCU | DES MAC / Triple-DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_MAC_TRANSLATE | Translates MAC by using new Key on input data. | PCU | DES MAC / Triple-DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_FPE_ENCRYPT | Performs FPE FF1/FF3-1 Encrypt operation on input data. | PCU | AES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_FPE_DECRYPT | Performs FPE FF1/FF3-1 Decrypt operation on input data. | PCU | AES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_SIGN | Performs Sign and Verify on input data. | PCU | RSA (non-compliant), EDDSA (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_SIGN_VERIFY | Verifies sign on input data. | PCU | RSA (non-compliant), EDDSA (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_PIN_BLOCK_TRANSLATE | Decrypts the input PIN using decryption key, translates to given PIN format and encrypts with another key. | PCU | AES (non- compliant)/Triple- DES (non-compliant) RSA (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_DERIVE_PIN_FROM_OFFSET | Derive PIN from given offset. Encrypts validation data with DES EDE. Derives native PIN, then offset will be added to derive IBM PIN. PIN will be encoded in given ISO format. Encrypt encoded PIN with PIN encryption key. | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_DERIVE_OFFSET_FROM_PIN | Generates IBM offset from given PIN. Decrypt and decode received PIN. Generate native from given validation data. Subtract decoded PIN from native PIN t to get PIN offset. | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_VERIFY_PIN | Verifies given PIN. Decrypt and decode received PIN. Generate native from given validation data. Add offset to native PIN. Compare resultant PIN with received PIN. | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_PVV_GENERATION | Perform PVV generation on PIN and PAN data. | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_PVV_VERIFY | Verifies given PVV. | PCU | AES (non-compliant)/ Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_EMV_GENVERIFY_AC | Perform EMV crypto operations. Generate ARPC. Generate or Verify ARQC. | PCU | AES (non-compliant) Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_EMV_SECURE_MSG_GEN | Generates MAC over secure message. | PCU | AES (non-compliant) Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_CVV_GEN | Generates CVV, CVV2, iCVV on given card details | PCU | AES (non- compliant)/Triple- DES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_CVV_VERIFY | Verifies CVV with given card details. | PCU | Triple-DES (non- compliant) | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_CREATE | Creates components of key. | PCU | Shamir’s Key share | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_EXPORT_KEY_COMP ONENT | Exports created components in encrypted format. | PCU | AES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_COMBINE_INIT | Starts combine key init. | PCU | N/A | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_IMPORT_COMPONE NT | Import component of the key. | PCU | AES (non-compliant) | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_COMBINE_KEY | Combines all components of the key. | PCU | Shamir’s key share | SUCCESS with fips_state = 0 |
| LSPAY_KEY_SHARE_ZEROIZE | Erases all components of the key. | PCU | N/A | SUCCESS with fips_state = 0 |
| LSPAY_MFK_GENERATE | Generates MFK key. | PCO | COUNTER DRBG Allowed Per IG 2.4.A | SUCCESS with fips_state = 0 |
| LSPAY_MFK_GET_INFO | Returns MFK information for partition. | PCO | N/A | SUCCESS with fips_state = 0 |
| LSPAY_MFK_DELETE | Deletes MFK. | PCO | N/A | SUCCESS with fips_state = 0 |
| LSPAY_MFK_SET_PRIMARY | Set MFK as primary. | PCO | N/A | SUCCESS with fips_state = 0 |
| MAJOR_OP_RSASERVER_LARGE | Does a full handshake on the server with RSA > 1024 and <= 4096. This is used in a full handshake on the server. | PCU | RSA (non-compliant) | SUCCESS with fips_state = 0 |
| MAJOR_OP_RSASERVER | Does a full handshake on the server with RSA >=512 and <= 1024. This is used in a full handshake on the server. | PCU | RSA (non-compliant) | SUCCESS with fips_state = 0 |
| Firmware Update | Vendor zeroizes the HSM and updates the bootloader. | UN-AUTH | N/A | RED LED BLINK |
| CN_GENERATE_KEY_PAIR (non- compliant) | Generates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return. Caveats in Non Approved apart from approved mode: RSA 1024 bits allowed along with all odd public exponent; i.e., even lesser than 65537. • NID_X9_62_prime192v 1/NID_sect163k1/NID_ED25519/ • NID_sect163r2 /NID_secp192k1/NID_brainpoolP16 0r1/ • NID_brainpoolP192r1 /NID_X25519/ • NID_X448 | PCU | RSA (non-compliant) ECDSA (non- compliant) KAS-ECC (non- compliant) | Success with fips_state = 0 |
| CN_GENERATE_KEY (non-compliant) | Generates a symmetric key of given key type and length. Caveats in Non-Approved apart from approved mode: DES token key is allowed | PCU | COUNTER DRBG Allowed Per IG 2.4.A | Success with fips_state = 0 |
| CN_CREATE_OBJECT (non-compliant) | Imports a public key into HSM. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed • NID_ED25519/ NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1/ NID_X25519/NID_X448 | PCU | None | Success with fips_state = 0 |
| CN_UNWRAP_KEY (non-compliant) | Unwraps a key with an AES/ Triple- DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. Caveats in Non Approved apart from approved mode: • RSA 1024 bit • RSA PKCS1V1.5 Unwrap • NID_X9_62_prime192v1/ NID_sect163k1/ NID_ED25519/ • NID_sect163r2 / NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1 / NID_X25519/ • NID_X448 • Triple-DES | PCU | RSA (non-compliant), EC-AES / ECDH KDF AES (non-compliant) Triple-DES (non- compliant). | Success with fips_state = 0 |
| CN_WRAP_KEY (non-compliant) | Wraps sensitive (private and symmetric) keys from the HSM to the host. Caveats in Non Approved apart from approved mode: • AES-ECB mode • AES-CBC mode • AES-CBC-PAD mode • Triple-DES ECB mode • Triple-DES CBC mode | PCU | AES (non-compliant) Triple-DES (non- compliant) RSA (non-compliant) | Success with fips_state = 0 |
| CN_EXTRACT_MASKED_OBJECT (non- compliant) | Extracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning. | PCU PCO AU | AES (non-compliant) | Success with fips_state = 0 |
| CN_STORE_FW_SIGNING_KEY (non- compliant) | Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported 256 bits, 384 bits or 521 bits EC curve . Caveats in Non Approved is 192 bit curves supported | MCO | RSA (non-compliant) ECDSA (non- compliant) | Success with fips_state = 0 |
| CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant) | ModExp and PKCS#1v1.5 and PKCS#1v2.2 Sign and verify. PKCS#1v1.5 and PKCS#1v2.2 encrypt and decrypt | PCU | RSA (non-compliant) | Success with fips_state = 0 |
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non- compliant) | Stores fixed keys (KBK) for backup. Including PKCS#1v1.5 | Manufacturer | RSA (non-compliant | Success with fips_state = 0 |
| CN_INSERT_MASKED_OBJECT (non- compliant) | Inserts a masked object into an HSM that Is extracted from another HSM. | PCU PCO AU | AES (non-compliant) Triple-DES (non- compliant) | Success with fips_state = 0 |
| CN_ENCRYPT_SESSION (non-compliant) | Enables encrypted communication channel. Caveat is Non Approved mode allow the additional Cipher suite E2E_RSA_AES128_GCM_SHA256 and E2E_RSA_AES128_GCM_SHA384 | UN-AUTH | RSA (non-compliant), EC-AES / ECDH KDF | Success with fips_state = 0 |
| CN_DERIVE_KEY (non-compliant) | Derives a key using a supported KDF mechanism with the params given by the user. | PCU | AES (non-compliant) Triple-DES (non- compliant) RSA (non-compliant) EC-AES / ECDH KDF | Success with fips_state = 0 |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy All Approved services can be executed in the Non-Approved services mode with indicator of “success with fips_state=0”. Approved services that also support the use of non-approved security functions are enumerated in the Non-Approved Services table below with their supported non-approved security functions. The indicator is success for all approved services when the partition is operated in the Approved mode. Table 14
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy /ECDSA (noncompliant) EDDSA (noncompliant) EDDSA (noncompliant) Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N/A N/A N/A N/A N/A N/A Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy ECDSA (noncompliant)
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 • • Security Policy ECDSA (noncompliant) The indicator is success for all Non-Approved services only when the partition is operated in the nonapproved mode. The Non-Approved services will fail with RET_POLICY_MISMATCH when the partition is Software/Firmware Security During the bootup, the following integrity tests are run:
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy a. Firmware (FW): CNN35XX-NFBE-FW-2.09-0702 b. Secure Machine World : CNN35XX-NFBE-SMW-2.09-0702
The module’s cryptographic boundary is defined to be the outer perimeter of the hard epoxy enclosure containing the hardware and firmware components. The module is opaque and completely conceals the internal components of the cryptographic module. The epoxy enclosure of the module prevents physical access to any of the internal components without having to destroy the module. There are no operatorrequired actions. Marvell Semiconductor, Inc.
| Physical Security Mechanism | Recommended Frequency of | Inspection/Test Guidance Details | |
|---|---|---|---|
| Inspection/Test | |||
| Epoxy Coating | 12 Months | Examine surface of module for scratched or damaged epoxy, especially if circuitry shows. |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
The module is coated in hard epoxy, such that any physical breach attempt leaves behind evidence of tamper. This is shown in the figure below. Figure 4
| Temperature or voltage measurement | Specify EFP or EFT | Specify if this condition | ||
|---|---|---|---|---|
| results in a shutdown or | ||||
| zeroization | ||||
| Low Temperature | -5C | EFP | Shutdown | |
| High Temperature | 90C | EFP | Shutdown | |
| Low Voltage | 2.9V | EFT | Shutdown | |
| High Voltage | 18.8V | EFT | Shutdown |
| Hardness tested temperature measurement | ||
|---|---|---|
| Low Temperature | -35C | |
| High Temperature | 100C |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 16
The Manufacturer FIPS Data Encryption Key (MFDEK) and HSM Master Partition Master Encryption Key are stored in plaintext form in the EEPROM. The Partition Master Encryption Key (PMEK) is stored encrypted under the HSM Master Partition Master Encryption Key. All other keys and CSPs stored in the persistent memory are encrypted by the MFDEK, HSM Master Partition Master Encryption Key, or PMEK. All general-purpose user CSPs are generated/created by the PCU and these CSPs can be shared between multiple PCUs. The module itself enforces that the SSPs cannot be shared between the approved and non-approved modes. Note:
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Use | Import Export |
|---|---|---|---|---|---|---|---|---|
| DRBG Entropy (OCTEON HW RBG) | 256-bit | ENT (P) SP 800-90B | ENT (P) SP 800- 90B | SSP generation | In Memory | MFZ, VZ | The entropy input string and seed for the Approved DRBG. Each version of the DRBG has its own DRBG Entropy CSP. | N/A |
| CTR_DRBG Internal State | 256-bit | Counter DRBG (SP 800-90Ar1) [#C821] | Derived Entropy from OCTEON HW RBG | SSP generation | In Memory | PD, PZ, MZ, PFZ, MFZ, VZ | The internal state (V, Key) for the Approved DRBG. | N/A |
| HASH_DRBG Internal State | 256-bit | Hash DRBG (SP 800- 90Ar1) [#C830] | Derived Entropy from Counter DRBG (SP 800- 90Ar1) [#C821]) | SSP generation | In Memory | PD, PZ, MZ, PFZ, MFZ, VZ | The internal state (V, C) for the Approved SHA DRBG. | N/A |
| Manufacturer FIPS Data Encryption Key (MFDEK) | 256-bit | AES-CBC (SP 800-38A) [#C819] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP 800-90Ar1) [#C821] | SSP generation | EEPROM (Plaintext) | VZ | Use: AES 256-bit key used to encrypt manufacturer keys stored in persistent storage of the HSM. Related Keys: FMAK, PAK, MFKBK, OKBK, POKBK | No |
| HSM Master Partition Master Encryption Key (MMEK) | 256-Bit | AES-CBC (SP 800-38A) [#C819] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP 800-90AR1) [#C821] | SSP generation | EEPROM (Plaintext) | MZ | Use: AES 256-bit key used to encrypt Master Partition CSPs and authentication data stored in persistent storage of the HSM. Related Keys: PMEK | No |
| Partition Master Encryption Key (PMEK) | 256-bit | AES-CBC (SP 800-38A) [#C819] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output) (SP 800-90AR1) [#C821] | SSP generation | eMMC flash (Encrypted by MMEK , AES-CBC #C819) | PZ | AES 256-bit key used to encrypt partition CSPs and authentication data stored in persistent storage of the HSM. Related Keys: MMEK | No |
| HSM FIPS Master Authentication Key (FMAK) | 112-Bit | RSA SigGen (FIPS 186- 4) [#C824] RSA SigVer (FIPS 186-4) [#C824], KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output) Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] | SSP generation | eMMC flash (Encrypted by MMEK, AES-CBC #C819) | VZ | Use: A unique 2048-bit RSA private key. Used to identify the HSM when in the operating in approved mode. Related Keys: PAC, FMAC | No |
| Partition Authentication Key (PAK) | 112-Bit | RSA SigGen (FIPS 186- 4) [#C824] RSA SigVer (FIPS 186-4) [#C824], KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output) Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] | SSP generation | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | PD | A unique 2048-bit RSA private key used to identify the HSM Partition. | No |
| SecureAuth Shared Secret (SAZ) | 112-Bit | KDF SP 800-108 (KBKDF)[# C839] | KAS (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) | Key agreement | In Memory (Plaintext) | E | Shared secret Z for SP 800- 56Br2 KAS2, using PAK and POAC | No |
| PswdEncKey (PEK) | 256-Bit | AES CBC [#C819], allowed per IG D.G AES-CBC (SP 800-38A) [#C819] | KAS (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) | Key agreement | In Memory (Encrypted by PMEK, AES-CBC #C819) | PZ | AES-256 key, for encrypting User passwords during user creation and authentication. | No |
| Login Passwords | 8 character s | PBKDF (SP 800-132) [#A1196] | N/A | Key transport | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | D | String of 8 to 32 alphanumeric characters. | Yes (Import) (Encrypted by PEK, AES-CBC #C819) |
| Partition KeyLoading Private Key | 256-Bit | KAS-IFC HKDF (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | SSP generation | In memory (Plaintext) | E | ECC 521-bit or RSA 2048- bit key used in SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 to agree on Z during key loading. | No |
| Partition KeyLoading Shared Secret (KLSZ) | 256-Bit | KDF SP 800-108 (KBKDF)[#C826] | KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) | Key agreement | In memory (Plaintext) | E | Shared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2. | No |
| Partition Key Loading Key (KLK) | 256-Bit | AES-CBC (SP 800-38A) [#C819], AES-KW (KTS) (SP 800- 38F) [#C1263], AES-KWP (KTS) (SP 800-38F) [#C1263], AES-GCM (SP 800- 38D) [#A1203], AES-GCM (SP 800- 38D) [#C839] | KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF- OneStep(SP 800-56Ar3) KAS-KDF- TwoStep (SP 800-56Ar3) [KAS-ECC-SSC Cert. #A1220 and KDA Cert. #A1192] | Key agreement | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | PZ | 256-bit AES key derived from Z, used to decrypt the imported CSPs. | No |
| Manufacturer FIPS Key Backup Key (MFKBK) | 256-Bit | KDF SP 800-108 (KBKDF) [#C826] | No | Key transport | eMMC flash (Encrypted by MMEK AES-KW #C1263) | VZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194] |
| HSM Owner KBK (OKBK) | 256-Bit | KDF SP 800-108 (KBKDF) [#C826] | No | Key transport | eMMC flash (Encrypted by MMEK AES-KW #C1263) | MFZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194] |
| Partition Owner KBK (POKBK) | 256-Bit | KDF SP 800-108 (KBKDF) [#C826] | No | Key transport | eMMC flash (Encrypted by MMEK AES-KW #C1263) | PFZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194] |
| HSM Key Backup Key (KBK) | 256-Bit | AES-CBC (SP 800-38A) [#C819] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | KDF SP 800-108 (KBKDF) [#C826] | Key derivation/ SSP generation | eMMC flash (Encrypted by MMEK AES-KW #C1263) | MZ | Key used to encrypt/decrypt the Backup Session Key. | No |
| Backup Session Key | 256-Bit | AES-CBC (SP 800-38A) [#C819] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | SSP generation | In memory (Plaintext) | E | Key used to backup and restore partition data. | No |
| Partition Cloning Private Key (PCPK) | 256-Bit | KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | SSP generation | In memory (Plaintext) | E | ECC 521-bit or RSA 2048- bit ephemeral Private Key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800 - 56B KAS2 -bilateral - confirmation key agreement to generate shared secret Z. At HSM Partition level, used to establish secure channel for cloning process (to export Partition Masking Key). | No |
| Partition Cloning Shared Secret (CSSZ) | 256-Bit | KDF SP 800-108 (KBKDF)[#C826] | KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | Key agreement | In memory (Plaintext) | E | Shared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 - bilateral -confirmation scheme. | No |
| Partition Cloning Session Key (PCSK) | 256-Bit | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | Key agreement | In Memory (Plaintext) | E | AES 256 key for encryption and decryption of Partition Masking Key. | No |
| Partition Cloning Session MAC Key (PCSMK) | 256-Bit | HMAC-SHA2-256 (FIPS 198-1) [#C822] | KAS-ECC (KAS) Sp800-56Ar3 [#A1219] | Key agreement | In Memory (Plaintext) | E | HMAC SHA2-256 key used for key confirmation during SP 800-56Ar3 key agreement. | No |
| Partition Masking Key | 256-bit | AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | SSP generation | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | PZ | AES-256 key, for key wrapping. Used to import/export CSPs and masked objects. | No |
| Asymmetric Private Keys (user keys) | 112-256 Bit | ECDSA KeyVer (FIPS 186-4) [#C825] ECDSA SIGGEN (FIPS 186-4) (CVL) [#C825] ECDSA SIGGEN (FIPS 186-4) [#C825] ECDSA SigVer (FIPS 186-4) [#C825] KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF-OneStep(SP 800-56Ar3) KAS-KDF-TwoStep (SP 800-56Ar3) KAS (SP 800-56Ar3) [#A1220 and C825] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | SSP generation/ Key transport | In Memory/ eMMC flash (Plaintext/ Encrypted by PMEK, AES- CBC #C819) | D, S | RSA/DSA/ECDSA/ECDH general purpose keys. | Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] |
| RSA KeyGen (FIPS 186- 4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186-4) [#C824] RSA SIGVER (FIPS 186- 4) [#A1199] RSA SIGVER (FIPS 186-4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | RSA KeyGen (FIPS 186- 4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186-4) [#C824] RSA SIGVER (FIPS 186- 4) [#A1199] RSA SIGVER (FIPS 186-4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | ||||||
| Asymmetric Private Session Keys (user keys) | 112-256 Bit | ECDSA KeyGen (FIPS 186-4) [#C825] ECDSA KeyVer (FIPS 186-4) [#C825] ECDSA SIGGEN (FIPS 186-4) (CVL) [#C825] ECDSA SIGGEN (FIPS 186-4) [#C825] ECDSA SigVer (FIPS 186-4) [#C825] KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF-OneStep(SP 800-56Ar3) | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] | SSP generation/ Key transport | In Memory Plaintext | D, S | RSA/DSA/ECDSA/ECDH general purpose session keys. | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] |
| KAS-KDF-TwoStep (SP 800-56Ar3) SP 800 KAS-KDF-ANS9.63 (SP 800-56Ar3) KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] RSA KeyGen (FIPS 186- 4) [#A1199] RSA KeyGen (FIPS 186-4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186- 4) [#C824] RSA SIGVER (FIPS 186-4) [#A1199] RSA SIGVER (FIPS 186- 4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | KAS-KDF-TwoStep (SP 800-56Ar3) SP 800 KAS-KDF-ANS9.63 (SP 800-56Ar3) KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] RSA KeyGen (FIPS 186- 4) [#A1199] RSA KeyGen (FIPS 186-4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186- 4) [#C824] RSA SIGVER (FIPS 186-4) [#A1199] RSA SIGVER (FIPS 186- 4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D)) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | |||||
| Symmetric Keys (user keys) | 112-256 Bit | TDES-TKW (#C1263) TDES-ECB (#1311) TDES-CBC (#1311) TDES-CBC (#C1169) TDES-ECB (#C1169) SP 800 KDF SP 800- 108 [#C826] KDF SP 800-108 (#C839) KDF SP 800-108 (#A1191) AES [#C819] CBC/ECB [#C819], allowed per IG D.G AES KW (#C1263) AES- KWP (#C1263) AES-CMAC (SP 800- 38B)(#C839) AES-CMAC (SP 800- 38B)(#A1195) AES-CTR (SP 800-38A) [#C839] AES-GMAC (SP 800- 38D) [#C839] AES-CCM (SP 800-38C) [#C839] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | SSP generation/ Key transport | In Memory/ eMMC flash (Plaintext/ Encrypted by PMEK, AES-CBC #C819) | D, S | Triple-DES or AES general purpose keys. | Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] |
| Symmetric Session Keys (user keys) | 112-256 Bit | TDES-TKW (#C1263) TDES-ECB (#1311) TDES-CBC (#1311) TDES-CBC (#C1169) TDES-ECB (#C1169) SP 800 KDF SP 800- 108 [#C826] KDF SP 800-108 (#C839) KDF SP 800-108 (#A1191) AES[#C819] CBC/ECB [#C819], allowed per IG D.G AES KW (#C1263) AES- KWP (#C1263) AES-CMAC (SP 800- 38B)(#C839) AES-CMAC (SP 800- 38B)(#A1195) AES-CMAC (SP 800- 38B)(#A1190) AES-CTR (SP 800-38A) [#C839] AES-GMAC (SP 800- 38D) [#C839] AES-CCM (SP 800-38C) [#C839] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | SSP generation/ Key transport | In Memory Plaintext | D, S | Triple-DES or AES general purpose session keys. | Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] |
| HMAC Keys (user keys) | 112-256 Bit | HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | Key transport/ SSP generation | In Memory/eM MC flash (Plaintext/En crypted by PMEK, AES-CBC #C819) | D, S | HMAC general purpose keys (minimum key size of 160 bits). | Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] |
| HMAC Session Keys (user keys) | 112-256 Bit | HMAC-SHA2-256 (FIPS 198-1) [#C822] HMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] | CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821] | Key transport/ SSP generation | In Memory (Plaintext) | D, S | HMAC session general purpose keys (minimum key size of 160 bits). | Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] |
| E2E TLS Session ECDH Key | 112-256 Bit | KAS TLS (SP 800- 56Ar3) | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825] | SSP generation | In Memory (Plaintext) | E | Used for key agreement as part of E2E handshake protocol. | No |
| TLS Session Symmetric Key Set | 112-256 Bit | SP 800 AES-CBC (SP 800-38A) [#C839] AES-GCM (SP 800- 38D) [#C839] | KDF TLS (CVL) (SP 800-135r1) [#C840] | Key derivation | In Memory (Plaintext) | E | AES 128, 192, 256 or Triple-DES keys used for encrypting TLS sessions. | No |
| TLS Session HMAC key | 112-256 Bit | HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], | KDF TLS (CVL) (SP 800-135r1) [#C840] | Key derivation | In Memory (Plaintext) | E | HMAC key used in SSL session (minimum key size of 160 bits). | No |
| E2E TLS Session Symmetric Key Set | 112-256 Bit | AES-GCM (SP 800- 38D) [#C839] | KDF TLS (CVL) (SP 800-135r1) [#C840] | Key derivation | In Memory (Plaintext) | E | AES 128/256-bit Key used for encrypting/decrypting E2E session data. | No |
| E2E TLS Session HMAC keys | 112-256 Bit | HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], | KDF TLS (CVL) (SP 800-135r1) [#C840] | Key derivation | In Memory (Plaintext) | E | HMAC keys used in E2E session. | No |
| Manufacturer Firmware Integrity Check Keys | 112-Bit | RSA SigVer (FIPS 186- 4) [#A1201] | No | Pre-loading of a key | eMMC flash (Plaintext) | VZ | RSA 2048-bit public keys used to check the integrity of the SW images booted. The SW image is signed by the manufacturer using a RSA private key. Note: This is not an SSP but is included for completeness of the parameters used by the module. | No |
| Manufacturer Firmware Update Validation Key (MFUVK) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | Pre-loading of a key | eMMC flash (Plaintext ) | N/A | RSA 2048-bit public key used to authenticate new SW images uploaded into the module. The SW image is signed by the manufacturer using an RSA private key and the signature is verified before upgrading to the new image using the public key. Note: This PSP is considered protected, because it cannot be modified by a user of the module. It is delivered as part of the existing firmware image, which can only be replaced by vendor-signed images. | No |
| Manufacturer License Validation Key (MLVK) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | Pre-loading of a key | eMMC flash (Plaintext ) | N/A | RSA 2048-bit public key used to authenticate the manufacturer role. Note: This PSP is considered protected, because it cannot be modified by a user of the module. It is factory loaded in the module. | No |
| Manufacturer Authentication Root Cert. (MARC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | Pre-loading of a key | eMMC flash (Plaintext ) | VZ | RSA 2048-bit public key certificate, used to issue FMAC certificates. | No |
| HSM FIPS Master Authentication Certificate (FMAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | Pre-loading of a key | eMMC flash (Plaintext ) | VZ | RSA 2048-bit public key certificate of FMAK. Used to identify the HSM FIPS operating mode. | No |
| SecureBootAuth Public Key | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | Pre-loading of a key | eMMC flash (Plaintext ) | MFZ | RSA 2048-bit public key used to verify authenticity of the host system. | No |
| HSM/Adapter Owner Trust Anchor Certificate (AOTAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | SSP Entry | eMMC flash (Plaintext ) | MFZ | RSA 2048-bit public key certificate used as trust anchor of MCO. | No |
| HSM/Adapter Owner Authentication Certificate (AOAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | SSP Entry | eMMC flash Plaintext ) | MFZ | RSA 2048-bit public key certificate of FMAK. Used to identify the HSM owner. | No |
| Partition Authentication Certificate (PAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output RSA KeyGen (FIPS 186-4) [#C824] | SSP Entry/ SSP generation | eMMC flash (Plaintext ) | PD | RSA 2048-bit public key certificate of PAK. Used to identify the Partition. | No |
| Partition Owner Trust Anchor Certificate (POTAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | SSP Entry | eMMC flash (Plaintext ) | PFZ | RSA 2048-bit public key certificate used as trust anchor of PCO. | No |
| Partition Owner Authentication Certificate (POAC) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | SSP Entry | eMMC flash (Plaintext ) | PFZ | RSA 2048-bit public key certificate of PAK. Used to identify the Partition owner. | No |
| Partition Cloning Initiator Public Key | 256-Bit | ECDSA SigVer (FIPS 186-4) [#C825] KAS- ECC (KAS) Sp800-56Ar3 [#A1219] | No | SSP Entry | In memory (Plaintext) | E | ECC 521-bit ephemeral public key used in SP 800- 56Ar3 C (2,0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 -bilateral -confirmation key agreement to generate shared secret Z. | No |
| Partition Cloning Responder Public Key | 256-Bit | ECDSA SigVer (FIPS 186-4) [#C825] KAS- ECC (KAS) Sp800-56Ar3 [#A1219] | No | SSP Entry | In memory (Plaintext) | E | ECC 521-bit ephemeral public key used in SP 800- 56Ar3 C (2, 0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 -bilateral -confirmation key agreement to generate shared secret Z. | No |
| Host PswdEncKeyPublicK ey | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) | No | SSP entry | In Memory (Plaintext) | E | RSA 2048-bit public key loaded by the host to be used SP 800-56Br2 key agreement to generate PswdEncKey. | No |
| Two-Factor Authentication Public Key or MofN Authentication Key (2FAMofNPubK) | 112-Bit | RSA SigVer (FIPS 186- 4) [#C824] | No | SSP Entry | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | PZ | RSA 2048-bit public key used to verify signature on encrypted passwords during user creation and login and/or to verify signatures on MofN authentication tokens. | No |
| E2E Client Authentication Public key (CAPubK) | 112-256 Bit | RSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825] | No | SSP Entry | eMMC flash (Plaintext) | PZ | RSA or EC public key of approved modulus or curveId to allow E2E/TLS client authentication in E2E/TLS handshake | No |
| Adapter Owner Attestation Public key (AOAPubK) | 112-256 Bit | RSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825] | No | SSP Entry | eMMC flash (Plaintext) | PZ | RSA or EC public key of approved modulus or curveId to allow HSM/Adapter Owner to authenticated with signature verification with this public key and perform FW image update | No |
| User Public Keys (user keys) | 112-256 Bit | ECDSA SigVer (FIPS 186-4) [#C825] RSA SigVer (FIPS 186-4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4) [#C823] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigVer (FIPS 186-4) [#C829] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | SSP entry/ SSP generation | eMMC flash (Encrypted by PMEK, AES-CBC #C819) | D | RSA/DSA/ECDSA/ECDH public keys. | Yes (Import Plaintext) |
| User Public Session Keys (user keys) | 112-256 Bit | ECDSA SigVer (FIPS 186-4) [#C825] RSA SigVer (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigVer (FIPS 186-4) [#C829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] | CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824] | SSP entry/ SSP generation | In Memory (Plaintext) | D, S | RSA/DSA/ECDSA/ECDH public session keys. | No |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy S: Zeroized on session close (Session close via CN_CLOSE_SESSION, CN_APP_FINALIZE, and CN_CLOSE_PARTITION_SESSIONS services. Please see Table 13 for further details.) Zeroize all SSPs in the Partition and then delete the User Partition (via CN_DELETE_PARTITION service). Zeroize all User SSPs in the Partition (User Partition Regular zeroize via CN_ZEROIZE service) MZ: Zeroize all Partitions’ SSPs, except vendor programmed ones ( Master Partition Regular CN_ZEROIZE) PFZ: Zeroize all SSPs in the Partition (Factory reset via CN_ZEROIZE service with factory-reset as argument with PCO credentials) MFZ: Zeroize all Partitions’ SSPs, including the HSM adapter owner programmed ones (Brings HSM to factory state. Factory reset via CN_ZEROIZE service with factory-reset as argument with MCO credentials.) Vendor zeroize (via CN_VENDOR_ZEROIZE service. Zeroizes all SSPs including vendor programmed configuration and CSPs. Makes the module unusable; the module must be sent back to the vendor for re-programming.) Table 18
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E s N/A E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E [#C1263] AESunmodified Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy D, S Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy AESEncrypted by Marvell Semiconductor, Inc. D, S
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy [#C1263] AESusing D, S [#C1263] AESusing D, S Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy D, S Table 19
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
This section documents the security rules enforced by the cryptographic module to implement the selftest requirements of this FIPS 140-3 Level-3 module. The module always executes the self-tests without operator intervention regardless of approved or nonapproved mode or any other configuration. Failure of any of these tests causes the module to go into an error state and all future commands received are rejected by the module. The module needs to be reset to recover from the situation. Data output except for status log messages is inhibited during self-tests, zeroization, and error states. Status information does not contain CSPs or sensitive data. The conditional cryptographic algorithm self-tests (CAST) run periodically. The periodicity is configurable by the MCO and by default runs for every 8 hours. These self-tests can be triggered by the operator via MCO role. Please refer to Section 11.3 for guidance on how to initiate these tests. The execution of CASTs causes a momentary (less than a second) service interruption. The operator is capable of commanding the module to perform the pre-operational and conditional selftests by cycling power or resetting the module. The voltage and temperature monitoring is performed continuously by the module every 30 seconds. The cryptographic module performs the following pre-operational and conditional self-tests:
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 − − −
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy SP 800-38B Triple-DES CMAC KAT (#A1198, 192bit Key) SP 800-56Br2 RSA Decryption Primitive KAT (#A1200, 2048bit) SP 800-56Br2 RSA Encryption Primitive KAT (2048bit) SP 800-90Ar1 Counter DRBG (instantiate/generate/reseed) KAT (#C821, AES-256bit Key) c. Others - FIPS 186-4 RSA SigVer KAT (#A1201, RSA 2048-bit SHA2-256 signature verification) - SP 800-108 KDF CMAC (counter) KAT (#A1191, AES-128bit Key) - SP 800-108 KDF CMAC (counter) KAT (#A1191, Triple-DES 192bit Key)* - SP 800-38B AES-CMAC (hybrid) KAT (#A1190, 128bit Key) - SP 800-38F AES-KW Key Unwrap KAT (#C1263, LiquidSecurity Keywrap, 256-bit Key) - SP 800-38F AES-KW Key Wrap KAT (#C1263, LiquidSecurity Keywrap, 256-bit Key) - SP 800-38F Triple-DES-KW Key Unwrap KAT (#C1263, LiquidSecurity Keywrap, TripleDES CBC #C1169, 192bit Key) - SP 800-38F Triple-DES-KW Key Wrap KAT (#C1263, LiquidSecurity Keywrap, TripleDES CBC #C1169, 192bit Key)* - SP 800-38G AES-FF1 encrypt KAT (#A1189, 128bit Key)* - SP 800-56Ar3 KAS-ECC KAT (#A1219, P521 and HMAC-SHA2-512) - SP 800-56Ar3 KAS-ECC-SSC KAT (#A1220, P521) - SP 800-56Ar3 required assurances** - SP 800-56Br2 KAS-IFC-SSC KAT (#A1193, 3072bit Key
| FIPS Test | LED Pattern | |||||
|---|---|---|---|---|---|---|
| LED No. | Color | Red | Green | Blue | Blinks | |
| N3 AES-CBC Encrypt/Decrypt | D12 | Red | Y | N | N | 2 |
| N3 AES-GCM Encrypt | D12 | Red | Y | N | N | 2 |
| N3 AES-GCM Decrypt | D12 | Red | Y | N | N | 2 |
| N3 AES-CCM Encrypt | D12 | Red | Y | N | N | 2 |
| N3 AES-CCM Decrypt | D12 | Red | Y | N | N | 2 |
| N3 AES-CMAC KDF | D12 | Red | Y | N | N | 3 |
| N3 HMAC KDF | D12 | Red | Y | N | N | 3 |
| N3 TLS KDF | D12 | Red | Y | N | N | 3 |
| N3 Triple-DES-CBC Encrypt/Decrypt | D12 | Red | Y | N | N | 4 |
| N3 RSASP1 | D12 | Red | Y | N | N | 5 |
| N3 RSA Enc and Dec | D12 | Red | Y | N | N | 5 |
| RSA OAEP KTS (FW + NITROX) | D12 | Red | Y | N | N | 5 |
| AES CMAC (FW + NITROX) | D12 | Red | Y | N | N | 6 |
| N3 HMAC | D12 | Red | Y | N | N | 7 |
| N3 ECC CDH | D12 | Green | N | Y | N | 2 |
| N3 ECDSA Sig Verify | D12 | Red | N | N | Y | 5 |
| N3 DRBG SHA | D12 | Green | N | Y | N | 3 |
| N3 SHA1 | D12 | Green | N | Y | N | 4 |
| N3 SHA-256 and SHA-512 | D12 | Green | N | Y | N | 4 |
| OpenSSL AESCBC Encrypt/Decrypt | D12 | Blue | N | N | Y | 2 |
| OpenSSL DSA Sign/Verify | D12 | Green | N | N | Y | 3 |
| OpenSSL DRBG CTR | D12 | Blue | N | N | Y | 7 |
| OpenSSL ECDSA PKV | D12 | Blue | N | N | Y | 4 |
| OpenSSL ECDSA Sign/Verify KAT | D12 | Blue | N | N | Y | 4 |
| OpenSSL RSA Sign/Verify KAT | D12 | Blue | N | N | Y | 5 |
| OpenSSL RSA Encrypt/Decrypt | D12 | Blue | N | N | Y | 5 |
| OpenSSL HMAC KDF | D12 | Blue | N | N | Y | 6 |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
On successful completion of the self tests, the D10 Green LED remains in the “ON” state. Blinking indicates failures on the HSM. If the LED remains in the permanent glow, the card’s state is fine. All blinks are 200ms ON and 200ms OFF. Blink delay time gap is 1000ms. These tests map to the tests listed in section 10 Self-Tests. Table 20
| FIPS Test | LED Pattern | |||||
|---|---|---|---|---|---|---|
| LED No. | Color | Red | Green | Blue | Blinks | |
| OpenSSL X963 KDF | D12 | Blue | N | N | Y | 6 |
| OpenSSL CMAC KDF | D12 | Blue | N | N | Y | 6 |
| AES KeyWrap | D12 | Blue | N | N | Y | 2 |
| AES KeyUnwrap | D12 | Blue | N | N | Y | 2 |
| Triple-DES KeyWrap | D12 | Blue | N | N | Y | 8 |
| SP 800-56Ar3 KAS | D12 | Blue | N | N | Y | 2 |
| OpenSSL SHA-1 | D12 | Green | N | Y | N | 5 |
| OpenSSL SHA-256 and SHA-512 | D12 | Green | N | Y | N | 5 |
| PBKDF (SP 800-132) [#A1196] | D12 | Green | N | Y | N | 6 |
| AES FF1 | D12 | Green | N | Y | N | 7 |
| OpenSSL HMAC | D12 | Green | N | Y | N | 8 |
| SP 800-56Cr2 KDFs (OneStep and Two-step) | D12 | Blue | N | N | Y | 6 |
| SP 800-56Ar3 ECDH + SSC | D12 | Blue | N | N | Y | 9 |
| SP 800-56Ar3 SSC | D12 | Blue | N | N | Y | 9 |
| OpenSSL Triple-DES CMAC | D12 | Blue | N | N | Y | 8 |
| ECDSA pair wise consistency test | D12 | Blue | N | N | Y | 4 |
| RSA pair wise consistency test | D12 | Blue | N | N | Y | 5 |
| DSA pair wise consistency test | D12 | Green | N | Y | N | 1 |
| Firmware Power-on Tests | ||||||
| NITROX device file creation | D14 | Red | Y | N | N | 1 |
| NITROX driver load fails | D14 | Red | Y | N | N | 2 |
| NITROX micro code load fails | D14 | Red | Y | N | N | 3 |
| NITROX pot test failures | D14 | Red | Y | N | N | 4 |
| Database creation fails | D14 | Red | Y | N | N | 5 |
| Mgmt daemon has not started successfully | D14 | Red | Y | N | N | 6 |
| HW RBG for firmware | D12 | Blue | N | N | Y | 3 |
| Other Firmware States | ||||||
| HSM Boot stage 1 | D10 | Red | Y | N | N | No blink |
| FW integrity Failure state | D10/D12/D14 | Red | R | N | N | 30 sec on and reboot |
| HSM Boot stage 2 | D10 | Red | Y | N | N | Blink (definite) |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N N Y N N Y N N Y N N Y N N Y N N Y N Y N N Y N N Y N N Y N N Y N N N Y N N Y N N Y N N Y N N Y N N Y N Y N Y N N Y N N Y N N Y N N Y N N Y N N N N Y Y N N R N N Y N N Marvell Semiconductor, Inc.
| FIPS Test | LED Pattern | |||||
|---|---|---|---|---|---|---|
| LED No. | Color | Red | Green | Blue | Blinks | |
| HSM Boot stage 3(SE-APP initialized Linux handshake not done) | D10 | Violet | Y | N | Y | No blink |
| HSM Linux handshake done, host driver handshake not done | D10 | Violet | Y | N | Y | Infinite |
| HSM PF driver handshake complete | D10 | Green | N | Y | N | No blink |
| HSM admin driver handshake done | D10 | Blue | N | N | Y | No blink |
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Y N Y Y N Y N Y N N N Y
Before installing the HSM, the customer verifies the following: • The ESD bag in which the HSM is placed in the shipping container is sealed and has not been tampered with. • The part number and other information included in the label on the HSM matches the label on the shipping bag. • There is no evidence of physical tampering on the HSM itself. After this is verified, the customer can physically insert the HSM into the PCIe on the host server. The host must meet the following minimum requirements: • x86 • Low-profile PCIe Gen 4x8 • SR-IOV support enabled After the HSM is physically installed, the LiquidSecurity driver and utilities that communicate with the HSM are installed on the host using the Linux make utility. The user must be logged in as root to perform the installation. The HSM owner then completes the following steps to claim ownership of the HSM and sets the “fips_state” flag:
10 for a description of this role, authentication requirements, and service access).
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy As a final step, the HSM owner ensures that only they can be authenticated for backup/restore and cloning operations on the HSM by loading the adapter owner certificates (AOTAC and AOAC) on the HSM and generating the HSM owner fixed backup key (OKBK). These steps are taken by the MCO using Cfm2MasterUtil with below given commands. Command syntax for AOTAC, AOAC, and OKBK storage, there by HSM owner claiming the HSM ownership: Command: storeCert -s <cert-type> -f <Adapter Owner Trust Anchor Cert>.crt Command: storeCert -s <cert-type> -f <Adapter Owner Auth Cert>.crt Command: storeMCOFixedKey -f <path>/<OKBK-file> -k <path>/HSMOwner.key
The specific tasks that can be performed by users on the HSM are strictly limited by their user role (see Table 10 for details). A user of the module can query the module’s device information, operational parameters, operating mode by invoking the command getHSMInfo from the Cfm2MasterUtil. “FIPS state” member of the output will indicate the module to be in one of the following modes:
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy
AES GCM IV Restoration upon Power Cycle of Module: In case the module’s power is lost and then restored, the module will establish new sessions which will generate new IVs. For an E2E (TLS) session, this will result in fresh handshake and so new AES-GCM Keys and IVs will be established for the new session.
No mitigation of other attacks is implemented by the module.
MCO
NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAT