All modules
CMVP Validated Module · FIPS 140-3 Security Policy

NITROXIII CNN35XX-NFBE HSM Family

Certificate#4700StandardFIPS 140-3Level3TypeHardwareEmbodimentMulti-Chip EmbeddedStatusActiveVendorMarvell Semiconductor, Inc.
Medium review priority  ·  exposes boot-chain verification, firmware-update authentication, debug/recovery interface, HSM/SE firmware trust anchor  ·  U-Boot upstream has published 10 CVEs since this module's initial validation  ·  last validated 1 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level3
Module typeHardware
EmbodimentMulti-Chip Embedded
StatusActive
Sunset date5/29/2029
EntropyENT (P)
CaveatWhen operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy
VendorMarvell Semiconductor, Inc.
Hardware versionsHW-1.0 (CNL3510-NFBE-G, CNL3510P-NFBE-G, CNL3530-NFBE-G, CNL3560-NFBE-G, CNL3560P-NFBE-G, CNN3510-NFBE-G, CNN3530-NFBE-G, CNN3560-NFBE-G, CNN3560P-NFBE-G), HW-2.0 (CNL3510-NFBE-2.0-G, CNL3510B-NFBE-2.0-G, CNL3510P-NFBE-2.0-G, CNL3510PB-NFBE-2.0-G, CNL3530-NFBE-2.0-G, CNL3530B-NFBE-2.0-G, CNL3560-NFBE-2.0-G, CNL3560B-NFBE-2.0-G, CNL3560P-NFBE-2.0-G, CNL3560PB-NFBE-2.0-G, CNN3505LP-NFBE-2.0-G, CNN3510-NFBE-2.0-G, CNN3510LP-NFBE-2.0-G, CNN3510LPB-NFBE-2.0-G, CNN3530-NFBE-2.0-G, CNN3560-NFBE-2.0-G, CNN3560P-NFBE-2.0-G), HW-3.0 (CNL3510-NFBE-3.0-G, CNL3510A-NFBE-3.0-G, CNL3510C-NFBE-3.0-G, CNL3510D-NFBE-3.0-G, CNL3510E-NFBE-3.0-G, CNL3510F-NFBE-3.0-G, CNL3510I-NFBE-3.0-G, CNL3510P-NFBE-3.0-G, CNL3530-NFBE-3.0-G, CNL3530A-NFBE-3.0-G, CNL3530B-NFBE-3.0-G, CNL3530C-NFBE-3.0-G, CNL3530D-NFBE-3.0-G, CNL3530E-NFBE-3.0-G, CNL3530F-NFBE-3.0-G, CNL3560-NFBE-3.0-G, CNL3560A-NFBE-3.0-G, CNL3560B-NFBE-3.0-G, CNL3560B-NFBE-3.0-G-FB, CNL3560C-NFBE-3.0-G, CNL3560D-NFBE-3.0-G, CNL3560E-NFBE-3.0-G, CNL3560F-NFBE-3.0-G, CNL3560P-NFBE-3.0-G, CNL3560M-NFBE-3.0-G, CNN3505LP-NFBE-3.0-G, CNN3505LPA-NFBE-3.0-G, CNN3505LPC-NFBE-3.0-G, CNN3505LPD-NFBE-3.0-G, CNN3505LPE-NFBE-3.0-G, CNN3505LPF-NFBE-3.0-G, CNN3510-NFBE-3.0-G, CNN3510A-NFBE-3.0-G, CNN3510C-NFBE-3.0-G, CNN3510D-NFBE-3.0-G, CNN3510E-NFBE-3.0-G, CNN3510F-NFBE-3.0-G, CNN3510LP-NFBE-3.0-G, CNN3510LPA-NFBE-3.0-G, CNN3510LPB-NFBE-3.0-G, CNN3510LPC-NFBE-3.0-G, CNN3510LPD-NFBE-3.0-G, CNN3510LPE-NFBE-3.0-G, CNN3510LPF-NFBE-3.0-G, CNN3530-NFBE-3.0-G, CNN3530A-NFBE-3.0-G, CNN3530C-NFBE-3.0-G, CNN3530D-NFBE-3.0-G, CNN3530E-NFBE-3.0-G, CNN3530F-NFBE-3.0-G, CNN3560-NFBE-3.0-G, CNN3560A-NFBE-3.0-G, CNN3560C-NFBE-3.0-G, CNN3560D-NFBE-3.0-G, CNN3560E-NFBE-3.0-G, CNN3560F-NFBE-3.0-G, CNN3560P-NFBE-3.0-G)

Vendor resources (verify with the vendor)

Product pagehttps://www.marvell.com/products/security-solutions/nitrox-iii.html
Support pagehttps://www.marvell.com/support/security-solutions.html closed support
Documentationhttps://www.marvell.com/support/doc-library.html
https://www.marvell.com/support/downloads.html
AssessmentSupport page is a contact/lead form; SDK and admin guides sit behind the Customer Portal login. A public document library and driver downloads exist but do not include HSM admin docs.

Approved Algorithms (83)

AlgorithmACVP Cert
AES-CBCC819
AES-CBCC839
AES-CCMC839
AES-CMACA1190
AES-CMACA1195
AES-CMACC839
AES-CTRC839
AES-ECBC819
AES-ECBC839
AES-GCMA1203
AES-GCMC839
AES-GMACC839
AES-KWC1263
AES-KWPC1263
Counter DRBGC821
DSA KeyGen (FIPS186-4)C823
DSA PQGGen (FIPS186-4)C823
DSA PQGVer (FIPS186-4)C823
DSA SigGen (FIPS186-4)C823
DSA SigVer (FIPS186-4)C823
ECDSA KeyGen (FIPS186-4)C825
ECDSA KeyVer (FIPS186-4)C825
ECDSA SigGen (FIPS186-4)C825
ECDSA SigGen (FIPS186-4)C825
ECDSA SigGen (FIPS186-4)C829
ECDSA SigVer (FIPS186-4)C825
ECDSA SigVer (FIPS186-4)C829
Hash DRBGC830
HMAC-SHA-1C822
HMAC-SHA-1C839
HMAC-SHA2-224C822
HMAC-SHA2-224C839
HMAC-SHA2-256C822
HMAC-SHA2-256C839
HMAC-SHA2-384C822
HMAC-SHA2-384C839
HMAC-SHA2-512C822
HMAC-SHA2-512C839
KAS-ECC CDH-ComponentC829
KAS-ECC Sp800-56Ar3A1219
KAS-ECC-SSC Sp800-56Ar3A1220
KAS-ECC-SSC Sp800-56Ar3A2161
KAS-IFC-SSCA1193
KDA HKDF Sp800-56Cr1A1192
KDA OneStep Sp800-56Cr1A1192
KDA TwoStep Sp800-56Cr1A1192
KDF ANS 9.63C825
KDF SP800-108A1191
KDF SP800-108C826
KDF SP800-108C839
KDF TLSC840
KTS-IFCA1194
PBKDFA1196
RSA Decryption PrimitiveA1200
RSA Decryption PrimitiveC839
RSA KeyGen (FIPS186-4)A1199
RSA KeyGen (FIPS186-4)C824
RSA SigGen (FIPS186-2)C824
RSA SigGen (FIPS186-4)A1199
RSA Signature PrimitiveC839
RSA SigVer (FIPS186-4)A1199
RSA SigVer (FIPS186-4)A1201
RSA SigVer (FIPS186-4)C824
SHA-1C820
SHA-1SHS 1780
SHA2-224C820
SHA2-224SHS 1780
SHA2-256A1202
SHA2-256C820
SHA2-256SHS 1780
SHA2-384C820
SHA2-384SHS 1780
SHA2-512C820
SHA2-512SHS 1780
SHA3-224A1197
SHA3-256A1197
SHA3-512A1197
SHAKE-128A1197
SHAKE-256A1197
TDES-CBCTDES 1311
TDES-ECBC1169
TDES-ECBTDES 1311
TDES-KWC1263

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification3
Software/Firmware Security3
Operational EnvironmentN/A
Physical Security3
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for NITROXIII CNN35XX-NFBE HSM Family
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>CNN35XX-NFBE-FW-*, CNN35XX-NFBE-FW-*,…</i>"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Firmware Update<br/>CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END<br/>CN_SMAPP_UPDATE_BEGIN</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i>"]
    C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>PCIe Interface (P1)<br/>USB Port (J2)<br/>Serial Port</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i>"]
  end
  subgraph Inference["Derived inference"]
    I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C1 --> I1 --> R1 --> E1
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C4 --> I4 --> R4 --> E4
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C1,C2,C3,C4,C5,C6 clue;
  class I1,I2,I3,I4,I5,I6 infer;
  class R1,R2,R3,R4,R5,R6 risk;
  class E1,E2,E3,E4,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for NITROXIII CNN35XX-NFBE HSM Family
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>CNN35XX-NFBE-FW-*, CNN35XX-NFBE-FW-*,…</i><br/>src: certificate.firmwareVersions"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Firmware Update<br/>CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_END<br/>CN_SMAPP_UPDATE_BEGIN</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i><br/>src: securityPolicy.services"]
    C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>PCIe Interface (P1)<br/>USB Port (J2)<br/>Serial Port</i><br/>src: securityPolicy.portsAndInterfaces"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C1,C2,C3,C4 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

seuthur FIPS 140-3 Level 3 NITROX III CNN35XX-NFBE HSM Family Document number: Document Version: Revision Date: CNN35xx-NFBE-SPD-L3 Version 2.09-0703 03/11/2026 This document may be reproduced only in its original entirety [without revision].

Page 2
RevisionDateAuthorDescription of Change
2.08.0104/21/2021Girish Kumar Yerra Rajendar KalwaFW 2.08 build 09 CMVP Submission.
2.08.0211/11/2021Girish Kumar Yerra Rajendar KalwaFW 2.08 build 10 CMVP Submission updates.
2.08.0306/02/2022Girish Kumar Yerra Rajendar KalwaAddressed comments from NIST. Updated FW build with bug fixes to 2.08 build 11.
2.08.0402/10/2023Rajendar KalwaAddressed comments from NIST. Updated FW build with bug fixes to 2.08 build 12.
2.09.0708/10/2023Rajendar KalwaAddressed comments from NIST. Updated FW build with changes to address CMVP comments and bug fixes to 2.09 build 07.
2.09.070112/08/2023Rajendar Kalwa Vikash KumarAddressed comments from NIST. Updated FW build to exclude Transition algorithms which were allowed as per IG D.G.
2.09.070205/08/2024Rajendar Kalwa Vikash KumarAddressed comments from NIST.
2.09.070303/11/2024Vikash Kumar Deepanshu TyagiNSRL changes - Added new HW part number, Added new FW version

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Revision History Marvell Semiconductor, Inc.

Page 3

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Contents 2.5.1 2.5.2 2.10 2.11 2.12 2.13 4.1.1 4.1.2 4.2.1 4.2.2 4.2.3 4.2.4 10.1 11.1 11.2 Marvell Semiconductor, Inc.

Page 4

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 11.3 11.4 Marvell Semiconductor, Inc.

Page 5

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy List of Tables Marvell Semiconductor, Inc.

Page 6

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy List of Figures Marvell Semiconductor, Inc.

Page 7
Security level
NameISO SectionRequirementLevel
11General3
22Cryptographic Module Specification3
33Cryptographic module interfaces3
44Roles, Services and Authentication3
55Software/Firmware Security3
66Operational EnvironmentN/A
77Physical Security3
88Non-invasive securityN/A
99Sensitive Security parameter management3
1010Self-tests3
1111Life-cycle assurance3
1212Mitigation of Other AttacksN/A

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-3. Table 1

2.1 Module Overview

The NITROXIII CNN35XX-NFBE HSM Family module (hereafter referred to as the module or HSM) by Marvell is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload. The module’s functions are accessed over the PCIe interface via opcodes defined by the module. The module is a hardware multi-chip embedded cryptographic module. The module provides cryptographic primitives to accelerate approved and allowed algorithms for TLS 1.0/1.1/1.2 and SSH. The cryptographic functionality includes modular exponentiation, random number generation, and hash processing, along with protocol specific complex instructions to support TLS 1.0/1.1/1.2 security protocols using the embedded NITROXIII chip. The module implements password based single factor perimeter of the PCIe card itself, as depicted in section 2.13. Marvell Semiconductor, Inc.

Page 8
Module configuration
NameHardware VersionSoftware VersionCores Enabled
CNL3560P-NFBE-GCNL3560P-NFBE-GHW-1.0Yes64100K32
CNL3560-NFBE-GCNL3560-NFBE-GHW-1.0Yes64100K32
CNL3530-NFBE-GCNL3530-NFBE-GHW-1.0Yes3225K32
CNL3510-NFBE-GCNL3510-NFBE-GHW-1.0Yes2425K24
CNL3510P-NFBE-GCNL3510P-NFBE-GHW-1.0Yes3250K32
CNL3560P-NFBE-2.0-GCNL3560P-NFBE-2.0-GHW-2.0Yes64100K32
CNL3560-NFBE-2.0-GCNL3560-NFBE-2.0-GHW-2.0Yes64100K32
CNL3530-NFBE-2.0-GCNL3530-NFBE-2.0-GHW-2.0Yes3225K32
CNL3510-NFBE-2.0-GCNL3510-NFBE-2.0-GHW-2.0Yes2425K24
CNL3510P-NFBE-2.0-GCNL3510P-NFBE-2.0-GHW-2.0Yes3250K32
CNL3560PB-NFBE-2.0-GCNL3560PB-NFBE-2.0-GHW-2.0Yes64100K32
CNL3560B-NFBE-2.0-GCNL3560B-NFBE-2.0-GHW-2.0Yes64100K32
CNL3530B-NFBE-2.0-GCNL3530B-NFBE-2.0-GHW-2.0Yes3225K32
CNL3510B-NFBE-2.0-GCNL3510B-NFBE-2.0-GHW-2.0Yes2425K24
CNL3510PB-NFBE-2.0-GCNL3510PB-NFBE-2.0-GHW-2.0Yes3250K32
CNL3560P-NFBE-3.0-GCNL3560P-NFBE-3.0-GHW-3.0Yes64100K32
CNL3560B-NFBE-3.0-GCNL3560B-NFBE-3.0-GHW-3.0Yes64100K32
CNL3560B-NFBE-3.0-G-FBCNL3560B-NFBE-3.0-G-FBHW-3.0Yes64100K32
CNL3560-NFBE-3.0-GCNL3560-NFBE-3.0-GHW-3.0Yes64100K32
CNL3560A‐NFBE‐3.0‐GCNL3560A‐NFBE‐3.0‐GHW-3.0Yes64100K32
CNL3560C‐NFBE‐3.0‐GCNL3560C‐NFBE‐3.0‐GHW-3.0Yes64100K32
CNL3560D‐NFBE‐3.0‐GCNL3560D‐NFBE‐3.0‐GHW-3.0Yes64100K32
CNL3560E‐NFBE‐3.0‐GCNL3560E‐NFBE‐3.0‐GHW-3.0Yes64100K32
CNL3560F‐NFBE‐3.0‐GCNL3560F‐NFBE‐3.0‐GHW-3.0Yes64100K32
CNL3560M-NFBE-3.0-GCNL3560M-NFBE-3.0-GHW-3.0Yes64100K32
CNL3530-NFBE-3.0-GCNL3530-NFBE-3.0-GHW-3.0Yes3225K32
CNL3530B-NFBE-3.0-GCNL3530B-NFBE-3.0-GHW-3.0Yes3225K32
CNL3530A‐NFBE‐3.0-GCNL3530A‐NFBE‐3.0-GHW-3.0Yes3225K32
CNL3530C‐NFBE‐3.0-GCNL3530C‐NFBE‐3.0-GHW-3.0Yes3225K32
CNL3530D‐NFBE‐3.0-GCNL3530D‐NFBE‐3.0-GHW-3.0Yes3225K32
CNL3530E‐NFBE‐3.0-GCNL3530E‐NFBE‐3.0-GHW-3.0Yes3225K32
CNL3530F‐NFBE‐3.0-GCNL3530F‐NFBE‐3.0-GHW-3.0Yes3225K32
CNL3510-NFBE-3.0-GCNL3510-NFBE-3.0-GHW-3.0Yes2425K24
CNL3510P-NFBE-3.0-GCNL3510P-NFBE-3.0-GHW-3.0Yes3250K32
CNL3510A‐NFBE‐3.0-GCNL3510A‐NFBE‐3.0-GHW-3.0Yes3250K32
CNL3510C‐NFBE‐3.0-GCNL3510C‐NFBE‐3.0-GHW-3.0Yes3250K32
CNL3510D‐NFBE‐3.0-GCNL3510D‐NFBE‐3.0-GHW-3.0Yes3250K32
CNL3510E‐NFBE‐3.0-GCNL3510E‐NFBE‐3.0-GHW-3.0Yes3250K32
CNL3510F‐NFBE‐3.0-GCNL3510F‐NFBE‐3.0-GHW-3.0Yes3250K32
CNL3510I-NFBE-3.0-GCNL3510I-NFBE-3.0-GHW-3.0Yes2425K16
CNN3560P-NFBE-GCNN3560P-NFBE-GHW-1.0No64100K64
CNN3560-NFBE-GCNN3560-NFBE-GHW-1.0No64100K32
CNN3530-NFBE-GCNN3530-NFBE-GHW-1.0No3225K32
CNN3510-NFBE-GCNN3510-NFBE-GHW-1.0No2425K24
CNN3510LP-NFBE-2.0-GCNN3510LP-NFBE-2.0-GHW-2.0No2425K24
CNN3510LPB-NFBE-2.0-GCNN3510LPB-NFBE-2.0-GHW-2.0No2425K24
CNN3560P-NFBE-2.0-GCNN3560P-NFBE-2.0-GHW-2.0No64100K64
CNN3560-NFBE-2.0-GCNN3560-NFBE-2.0-GHW-2.0No6450K32
CNN3530-NFBE-2.0-GCNN3530-NFBE-2.0-GHW-2.0No3225K32
CNN3510-NFBE-2.0-GCNN3510-NFBE-2.0-GHW-2.0No2425K24
CNN3505LP-NFBE-2.0-GCNN3505LP-NFBE-2.0-GHW-2.0No1610K16
CNN3560P-NFBE-3.0-GCNN3560P-NFBE-3.0-GHW-3.0No64100K64
CNN3560-NFBE-3.0-GCNN3560-NFBE-3.0-GHW-3.0No6450K32
CNN3560A‐NFBE‐3.0‐GCNN3560A‐NFBE‐3.0‐GHW-3.0No6450K32
CNN3560C‐NFBE‐3.0‐GCNN3560C‐NFBE‐3.0‐GHW-3.0No6450K32
CNN3560D‐NFBE‐3.0‐GCNN3560D‐NFBE‐3.0‐GHW-3.0No6450K32
CNN3560E‐NFBE‐3.0‐GCNN3560E‐NFBE‐3.0‐GHW-3.0No6450K32
CNN3560F‐NFBE‐3.0‐GCNN3560F‐NFBE‐3.0‐GHW-3.0No6450K32
CNN3530-NFBE-3.0-GCNN3530-NFBE-3.0-GHW-3.0No3225K32
CNN3530A‐NFBE‐3.0‐GCNN3530A‐NFBE‐3.0‐GHW-3.0No3225K32
CNN3530C‐NFBE‐3.0‐GCNN3530C‐NFBE‐3.0‐GHW-3.0No3225K32
CNN3530D‐NFBE‐3.0‐GCNN3530D‐NFBE‐3.0‐GHW-3.0No3225K32
CNN3530E‐NFBE‐3.0‐GCNN3530E‐NFBE‐3.0‐GHW-3.0No3225K32
CNN3530F‐NFBE‐3.0‐GCNN3530F‐NFBE‐3.0‐GHW-3.0No3225K32
CNN3510-NFBE-3.0-GCNN3510-NFBE-3.0-GHW-3.0No2425K24
CNN3510A‐NFBE‐3.0‐GCNN3510A‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510C‐NFBE‐3.0‐GCNN3510C‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510D‐NFBE‐3.0‐GCNN3510D‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510E‐NFBE‐3.0‐GCNN3510E‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510F‐NFBE‐3.0‐GCNN3510F‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510LP-NFBE-3.0-GCNN3510LP-NFBE-3.0-GHW-3.0No2425K24
CNN3510LPB-NFBE-3.0-GCNN3510LPB-NFBE-3.0-GHW-3.0No2425K24
CNN3510LPA‐NFBE‐3.0‐GCNN3510LPA‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510LPC‐NFBE‐3.0‐GCNN3510LPC‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510LPD‐NFBE‐3.0‐GCNN3510LPD‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510LPE‐NFBE‐3.0‐GCNN3510LPE‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3510LPF‐NFBE‐3.0‐GCNN3510LPF‐NFBE‐3.0‐GHW-3.0No2425K24
CNN3505LP-NFBE-3.0-GCNN3505LP-NFBE-3.0-GHW-3.0No1610K16
CNN3505LPA‐NFBE‐3.0‐GCNN3505LPA‐NFBE‐3.0‐GHW-3.0No1610K16
CNN3505LPC‐NFBE‐3.0‐GCNN3505LPC‐NFBE‐3.0‐GHW-3.0No1610K16
CNN3505LPD‐NFBE‐3.0‐GCNN3505LPD‐NFBE‐3.0‐GHW-3.0No1610K16
CNN3505LPE‐NFBE‐3.0‐GCNN3505LPE‐NFBE‐3.0‐GHW-3.0No1610K16
CNN3505LPF‐NFBE‐3.0‐GCNN3505LPF‐NFBE‐3.0‐GHW-3.0No1610K16

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The configuration of hardware and firmware for this validation is: Table 2

Page 9

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 10

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy LP is a low-frequency part, where Nitrox III chip runs at 500MHz; otherwise, it runs at 600MHz. The LiquidSecurity Appliance is a network accessible, remote configurable, multi-tenant server platform to enable private and Hybrid cloud deployments of NITROX III CNN35XX-NFBE HSM. The LiquidSecurity Appliance is outside the module’s cryptographic boundary and therefore out of scope of this validation. CNN35XX-NFBE-G Firmware: CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-NFBE-G Secure Machine: CNN35XX-NFBE-SMW-2.09-0702 CNN35XX-NFBE-G Bootloader: CNN35XX-UBOOT-4.03-03 Note: These binaries do not have extensions. The module is considered to be operating in the approved mode only when it is running the firmware/bootloader versions listed above. Marvell Semiconductor, Inc.

Page 11
Module configuration
NameModelHardware VersionFirmware VersionFeatures
CNN35XX-NFBECNN35XX-NFBECNL3560P-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNL3560-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNL3530-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNL3510-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNL3510P-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNN3560P-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNN3560-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNN3530-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNN3510-NFBE-G (HW-1.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702No SMBus and no RTC
CNN35XX-NFBECNN35XX-NFBECNL3560P-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510P-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560PB-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560B-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530B-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510B-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510PB-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LP-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPB-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560P-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LP-NFBE-2.0-G (HW-2.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560P-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560B-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560B-NFBE-3.0-G- FB (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560A‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560C‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560D‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560E‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560F‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3560M-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530B-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530A‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530C‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530D‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530E‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3530F‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510P-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510A‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510C‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510D‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510E‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510F‐NFBE‐3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNL3510I-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560P-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560A‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560C‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560D‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560E‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3560F‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530A‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530C‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530D‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530E‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3530F‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510A‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510C‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510D‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510E‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510F‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LP-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPB-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPA‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPC‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPD‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPE‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3510LPF‐NFBE‐3.0‐G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LP-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LPA-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LPC-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LPD-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LPE-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703 CNN35XX-UBOOT-4.03-03 CNN35XX-NFBE-SMW-2.09-0702SMBus and RTC
CNN35XX-NFBECNN35XX-NFBECNN3505LPF-NFBE-3.0-G (HW-3.0)CNN35XX-NFBE-FW-2.09-0702 CNN35XX-NFBE-FW-2.09-0703SMBus and RTC

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The module supports different performance options as listed above in the hardware identifier. The physical hardware and firmware are identical across all options. The underlying hardware has multiple identical cryptographic engines which are enabled or disabled using an option parameter set at manufacturing time. During Manufacturing, the number of cryptographic cores, Key stores and Partitions are enabled by configuration for different Part number. Please refer to Table 2

Page 12

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 13

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 14

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 15

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 16

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 17

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 18

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 19

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 20

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

2.2 Modes of Operation

The module supports the following modes of operation:

  1. Non-Approved mode of operation
  2. Approved Level 3 mode of operation The module is initialized into one of the modes specified above during the module initialization period (see section 11 Life-Cycle Assurance for initialization procedure). The value of the parameter fipsState passed into the call specifies the mode. The following are the allowed values for fipsState parameters:
0 – Non-Approved mode
2 – Approved mode with single-factor authentication mechanism
3 – Approved mode with certificate based dual-factor authentication mechanism

The indicator of Approved mode is obtained by using the Get Status service. The fipsState field of Get Status service (CN_TOKEN_INFO) indicates the mode. CSPs are not shared between the Approved and non-Approved modes of operation.

2.3 Approved Mode of Operation

The module provides an Approved mode of operation, comprising all services described in Section 2.8 below. In this mode, the module allows only Approved or allowed algorithms. Request for any nonApproved/allowed algorithm is rejected.

2.4 Non-Approved Mode of Operation

The Module supports a Non-Approved mode implementing the non-Approved algorithms listed in Table 7. In this mode, the module also allows Approved or allowed algorithms.

2.5 Partitions

The module is an SR-IOV enabled intelligent PCIe adapter with 1 physical function and 128 virtual functions. In addition to the crypto offloads, this adapter can provide secure key storage with up to 64 partitions, including master partition. Each partition will have its own users to manage the partition and own configuration policies and hence each partition can be treated as a virtual HSM. HSM always has one default partition called HSM Master partition and this contains configuration of the complete HSM and default configuration of any additional partitions that are created. Only one HSM partition can be assigned to one SR-IOV virtual function of HSM adapter and vice-versa. Keys belonging to one partition are not accessible from other partition. This is achieved through a secure binding between partition and the PCIe virtual function. Marvell Semiconductor, Inc.

Page 21

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

2.5.1 HSM Master Partition

This is the default partition with only one user, called the Master Crypto Officer (MCO). This partition represents the operating state of the whole HSM adapter; i.e., initialization of HSM is nothing but initializing this partition with required configuration and MCO credentials. Zeroizing this partition will erase all HSM partitions in the adapter. The HSM must be initialized and the MCO should already be logged in to create more partitions on the adapter. The MCO can backup and restore complete partition including user data, partition configuration and user keys. All the backup data is encrypted with Backup keys.

2.5.2 HSM Partition

Each partition will have a different set of users to manage it and a dedicated key storage and crypto resources associated. A partition will have a default configuration supplied by the master partition and can be changed (within limits) during the partition initialization. When a partition is created by the MCO, it will be in a zeroized state and has to be initialized to do any keystore management or crypto function offloads. Partition initialization will create the Partition Crypto Officer (PCO). The PCO can later create up to 1024 users (PCO or PCU) on demand. Each user will have a unique user name to identify themselves. The User has to login to the partition/vHSM to issue any authorized commands. Users are authenticated using passwords submitted during the user creation.

2.6 Encrypted Communication Channels

The End-to-End encryption feature in the module allows an application to initiate an TLS connection with the firmware to ensure the confidentiality of the data communicated over PCIe path. The connection is based on TLS v1.2 with the cipher-suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (known to OpenSSL as AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE_RSA_AES128-GCMSHA256, and ECDHE_RSA_AES256-GCM-SHA384). The module will act as server, and host application will act as client. The server private key will be the partition private key PAK which is generated for each pHSM when the pHSM/partition is created. The server certificate used for the SSL connection is the partition certificate PAC. The complete chain will be validated by the host application (CavClient) before establishing the TLS connection. The End-to-End encryption feature is enabled using the initialization configuration parameters. Once this feature is enabled, all commands except the initialize and open session are encrypted.

2.7 Supported Cryptographic Algorithms

This section provides the list of supported cryptographic algorithms segregated based on the operating mode.

2.8 Approved Algorithms

The cryptographic module supports the following Approved algorithms. Only the algorithms/modes listed in the table below are used in the module. Note: All symmetric key sizes represent the key strength. Marvell Semiconductor, Inc.

Page 22
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AES-CMAC (SP 800-38B)A1190CMACAES CMAC for larger payloads Sizes: 128-bit, 192-bit and 256-bit Uses AES-CBC (#C819) as underlying Block cipherMessage authentication code generate/verify.
KDF SP 800-108 (KBKDF)A1191KDF SP 800-108AES counter KDF 128-bit, 192-bit, and 256- bit Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses AES-CMAC (#A1190) as the underlying PRFKey derivation
KDA HKDF Sp800- 56Cr1A1192KDA HKDF Sp800-56Cr1KDA HKDF Shared Secret length: 224 – 4096, HMAC: SHA2-224, SHA2- 256, SHA2-384, SHA2- 512, Derived Key Length: 2048 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithmKey derivation and ECDH-AES key wrap
KDA OneStep Sp800-56Cr1A1192KDA OneStep Sp800-56Cr1KDA OneStep Auxiliary functions: SHA2-224, SHA2-256, SHA2-384 and SHA2-512, Derived Key Length: 2048 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random GeneratorKey derivation and ECDH-AES key wrap
KDA TwoStep Sp800-56Cr1A1192KDA TwoStep Sp800-56Cr1KDA TwoStep (HMAC and CMAC) MAC Salting Methods: random, Supported Lengths: 1- 4096, KDF Mode: counter, MAC Modes: CMAC-AES128, CMAC- AES192, CMAC-AES256, HMAC-SHA-1, HMAC- SHA2-224, HMAC-SHA2- 256, HMAC-SHA2-384, HMAC-SHA2-512, Counter Lengths: 8, 16, 24, 32, Derived Key Length: 4096 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithm Uses AES-CBC (#C819) as underlying Block cipher for AES-CMACKey derivation and ECDH-AES key wrap
KAS-IFC-SSC (SP 800-56Br2)A1193KAS-IFC-SSCRSA 2048-bit, 3072-bit, 4096-bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively • RSA-based shared secret computation, KAS1 and KAS2 • Uses Counter DRBG (SP 800-90Ar1) (#C821) asPEK and KLK generation and certificate authentication
KTS-IFC (KTS) (SP 800-56Br2)A1194SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G.2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strength respectivelyAsymmetric key encapsulation and un- encapsulation in hybrid environment
KTS-IFC (SP 800- 56Br2)A1194KTS-IFCRSA key wrap and unwrap of symmetric keys in KTS- OAEP-Basic padding. 2048, 3072, 4096-bit modulus 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively • Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator • Uses HMAC-SHA2-224 (#C822), HMAC-SHA2- 256 (#C822), HMAC- SHA2-384 (#C822) and HMAC-SHA2-512 (#C822) as underlying MAC algorithm • Uses RSA KeyGen (FIPS 186-4) [#C824] as the underlying Key generation algorithmAsymmetric key encapsulation and un- encapsulation in hybrid environment
AES-CMAC (SP 800-38B)A1195AES-CMACKey Sizes 128-bit, 192-bit, and 256-bitUsed to compute key checksum value (KCV)
PBKDF (SP 800- 132)A1196PBKDFHMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384 and SHA2-512 Uses HMAC-SHA-1 (#C822 ,HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithmUser credentials storage
SHA3-224 (FIPS 202)A1197SHA3-224SHA3-224Message digests
SHA3-256 (FIPS 202)A1197SHA3-256SHA3-256Message digests
SHA3-384 (FIPS 202)A1197SHA3-384SHA3-384Message digests
SHA3-512 (FIPS 202)A1197SHA3-512SHA3-512Message digests
SHAKE-128 (FIPS 202)A1197SHAKE-128SHAKE-128Message digests
SHAKE-256 (FIPS 202)A1197SHAKE-256SHAKE-256Message digests
RSA KeyGen (FIPS 186-4)A1199RSA KeyGen (FIPS 186-4)Key Generation Mode: B.3.3 Properties: Modulo: 4096 Primality Tests: C.2 Public Exponent Mode: Random Private Key Format: Standard Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random GeneratorKey generation
RSA SigGen (FIPS 186-4)A1199RSA SigGen (FIPS 186-4)Signature Type: PKCS 1.5 Modulo: 4096 (SHA2-224 SHA2-256, SHA2-384, SHA2-512)Sign

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 4

Page 23

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 24

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 25

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy B.3.3 Marvell Semiconductor, Inc.

Page 26
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
RSA SigVer (FIPS 186-4)A1199RSA SigVer (FIPS 186-4)Signature Type: PKCS 1.5 Modulo: 4096 (SHA2-224 SHA2-256, SHA2-384, SHA2-512) Signature Type: PKCSPSS Modulo: 4096 (SHA2-224 Salt Length: 28, SHA2-256 Salt Length: 32, SHA2-384 Salt Length: 48, SHA2-512 Salt Length: 64) Public Exponent Mode: Random Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm 4096-bit modulus providing 150 bits of encryption strengthVerify
RSA Decryption Primitive (CVL) (SP 800-56Br2)A1200RSA decryption primitive2048-bit 3072 bit (CAVP testing was not available at the time of module submission) 4096-bit (CAVP testing was not available at the time of module submission) 2048, 3072, and 4096-bit modulus providing 112,RSA key transport
RSA SigVer (FIPS 186-4)A1201RSA SigVer (FIPS 186-4)RSA PKCS 1.5 2048-bit and SHA2-256 signature verification Uses SHA2-256 (#C820) as underlying digest algorithm 2048-bit modulus providing 112 bits of encryption strengthFirmware integrity verification by bootloader
SHA2-256 (FIPS 180-4)A1202SHA2-256SHA2-256Message Digest for Firmware image integrity verification by bootloader
AES-GCM (KTS) (SP 800-38D)A1203SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strengthData encryption, decryption, key-wrap, and key-unwrap
AES-GCM (SP 800- 38D)A1203AES-GCMEncrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as the underlying block cipherData encryption, decryption
KAS-ECC (KAS) Sp800-56Ar3A1219SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-521 curve providing 256 bits of encryption strengthCloning
KAS-ECC Sp800- 56Ar3A1219KAS-ECC Sp800-56Ar3P-521, SHA2-512, and HMAC SHA2-512 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pair P-521 curve providing 256 bits of encryption strength Uses ECDSA KeyVer (FIPS 186-4) (#C825) and ECDSA KeyGen (FIPS 186- 4) (#C825) underlying verification for the key pairCloning
KAS-ECC-SSC Sp800-56Ar3A1220KAS-ECC-SSC Sp800-56Ar3ECDH: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses ECDSA KeyVer (FIPS 186-4) (#C825) and ECDSA KeyGen (FIPS 186- 4) (#C825 underlying verification for the key pair Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pair Uses SHA2-256 (FIPS 180-4) (#C820), SHA2-384 (FIPS 180-4) (#C820), SHA2-512(FIPS 180-4) (#C820) as the underlying digest algorithmShared secret computation
KAS-ECC-SSC Sp800-56Ar3A2161KAS-ECC-SSC Sp800-56Ar3ECDH: P-224, P-256, P- 384, P-521 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the ECDSA KeyGen key pairShared secret computation
TDES-ECB (SP 800- 38A)C1169Triple-DES-ECB3-key DES (192 bits) Decrypt • Key size 192 bits • Provides 112-bits of encryption strength * Legacy use onlyUsed as a pre-requisite for the TKW
AES-KW (KTS) (SP 800-38F)C1263SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-CBC (#C819) as underlying Block cipherKey wrapping/unwrapping
AES-KW (SP 800- 38F)C1263AES-KWKW, 128, 192, and 256-bit Uses AES-CBC (#C819) as underlying Block cipherKey wrapping/unwrapping
AES-KWP (KTS) (SP 800-38F)C1263SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-CBC (#C819) as underlying Block cipherKey wrapping/unwrapping
AES-KWP (SP 800- 38F)C1263AES-KWPKWP, 128, 192, and 256- bit Uses AES-CBC (#C819) as underlying Block cipherKey wrapping/unwrapping
TDES-KW (SP 800- 38F)C1263Triple-DES-KWTKW key size 192 bits Uses TDES-ECB (#C1169) as underlying Block cipher * Legacy use onlyKey unwrapping
Triple-DES-KW (KTS) (SP 800-38F)C1263SP 800-38F. KTS (key unwrapping) per IG D.G.192-bit keys providing 112 bits of encryption strength.Key unwrapping
AES-CBC (SP 800- 38A)C819AES-CBCCBC mode: Encrypt, Decrypt; 128, 192, and 256-bit* *Encrypt only uses 256- bitEncryption/Decryption
AES-ECB (SP 800- 38A)C819AES-ECBECB mode: Encrypt, Decrypt; 128, 192, and 256-bitEncryption/Decryption
SHA-1 (FIPS 180-4)C820SHA-1SHA-1Used in digests, HMAC, signature verification, and KDFs
SHA2-224 (FIPS 180-4)C820SHA2-224SHA2-224Used in digests, HMAC, signature generation/ verification, and KDFs
SHA2-256 (FIPS 180-4)C820SHA2-256SHA2-256Used in digests, HMAC, signature generation/ verification, and KDFs
SHA2-384 (FIPS 180-4)C820SHA2-384SHA2-384Used in digests, HMAC, signature generation/ verification, and KDFs
SHA2-512 (FIPS 180-4)C820SHA2-512SHA2-512Used in digests, HMAC, signature generation/ verification, and KDFs
Counter DRBG (SP 800-90Ar1)C821Counter DRBGAES 256 with df • No prediction resistance • Uses AES-CBC (#C819) as underlying Block cipherRandom number generation for user, internal IVs and salt
HMAC-SHA-1 (FIPS 198-1)C822HMAC-SHA-1HMAC-SHA-1 Uses SHA-1 (#C820) as underlying digest algorithm Keys size of 160 bitsMAC generation, verify, KAS and KDF
HMAC-SHA2-224 (FIPS 198-1)C822HMAC-SHA2-224HMAC-SHA2-224 Uses SHA2-224 (#C820) as underlying digest algorithm Key size of 224 bitsMAC generation, verify, KAS and KDF
HMAC-SHA2-256 (FIPS 198-1)C822HMAC-SHA2-256HMAC-SHA2-256 Uses SHA2-256 (#C820) as underlying digest algorithm Key size of 256 bitsMAC generation, verify, KAS and KDF
HMAC-SHA2-384 (FIPS 198-1)C822HMAC-SHA2-384HMAC-SHA2-384 Uses SHA2-384 (#C820) as underlying digest algorithm Key size of 384 bitsMAC generation, verify, KAS and KDF
HMAC-SHA2-512 (FIPS 198-1)C822HMAC-SHA2-512HMAC-SHA2-512 Uses SHA2-512 (#C820) as underlying digest algorithm Key size of 512 bitsMAC generation, verify, KAS and KDF
DSA KeyGen (FIPS 186-4)C823DSA KeyGen (FIPS 186-4)Key Gen: 2048 and 3072- bit Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generationKey generation
DSA PQGGen (FIPS 186-4)C823DSA PQGGen (FIPS 186-4)PQG Gen: 2048 and 3072- bit Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm Provides the encryption strength of 112 bits and 128 bits for the 2048 bit and 3072 bits key size Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generationDomain parameter generation
DSA PQGVer (FIPS 186-4)C823DSA PQGVer (FIPS 186-4)PQG Ver: 1024-bit*, 2048 and 3072-bitDomain parameter verification
DSA SigGen (FIPS 186-4)C823DSA SigGen (FIPS 186-4)Sig Gen: 2048 and 3072- bit (SHA2-224, 256, -384, -512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm Provides the encryption strength of 112 bits and 128 bits for the 2048 bit and 3072 bits key size Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator for the key generationSign
DSA SigVer (FIPS 186-4)C823DSA SigVer (FIPS 186-4)Sig Ver: 1024*, 2048 and 3072-bit (SHA-1, 224, - 256, -384, -512) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm Provides the encryption strength of 80 bits, 112 bits and 128 bits for the 1024 bits, 2048 bit and 3072 bits key size * Legacy use onlyVerify
RSA KeyGen (FIPS 186-4)C824RSA KeyGen (FIPS 186-4)KeyGen: 2048, 3072-bitKey generation
RSA SigGen (FIPS 186-4)C824RSA SigGen (FIPS 186-4)FIPS 186-4 PKCS #1 1.5 and PSS SigGen: 2048 and 3072-bit (SHA2-224, -256, -384, -512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm 2048 and 3072 modulus providing 112 and 128 bits of encryption strengthSign
RSA SigVer (FIPS 186-4)C824RSA SigVer (FIPS 186-4)FIPS 186-4 PKCS #1 1.5 and PSS SigVer: 1024, 2048 and 3072-bit (SHA- 1, 224, -256, -384, -512) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithm 2048 and 3072 modulus providing 112 and 128 bits of encryption strengthVerify
ECDSA KeyGen (FIPS 186-4)C825ECDSA KeyGen (FIPS 186-4)Key Gen: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random GeneratorKey generation
ECDSA KeyVer (FIPS 186-4)C825ECDSA KeyVer (FIPS 186-4)Key Ver; All P, K and B curvesKey verification
ECDSA SigGen (FIPS 186-4)C825ECDSA SigGen (FIPS 186-4)Sig Gen: P-224, P-256, P- 384, P-521, K-233, K-283, K-409, K-571, B-233, B- 283, B-409, and B-571 (SHA2-224, -256, -384, - 512) Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithm P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectivelySignature generation
ECDSA SigGen (FIPS 186-4) (CVL)C825ECDSA SigGen (FIPS 186-4)Sig Gen Component: P- 224, P-256, P-384, P-521, K-233, K-283, K-409, K- 571, B-233, B-283, B-409, and B-571 (SHA2-224, - 256, -384, -512) Uses Counter DRBG (SP 800-90Ar1) (#C821) as underlying Random Generator P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectivelySignature generation
ECDSA SigVer (FIPS 186-4)C825ECDSA SigVer (FIPS 186-4)SigVer: All P, K and B curves (SHA-1, 224, 256, - 384, -512 ) Uses SHA-1 (#C820), SHA2-224 (#C820), SHA2- 256 (#C820), SHA2-384 (#C820) and SHA2-512 (#C820) as underlying digest algorithmSignature verification
KDF ANS 9.63 (CVL) (SP 800- 135r1)C825KDF ANS 9.63(SHA2-224, SHA2-256, SHA2-384, SHA2-512) Uses SHA2-224 (#C820), SHA2-256 (#C820), SHA2- 384 (#C820) and SHA2- 512 (#C820) as underlying digest algorithmKey derivation and key agreement schemes
KDF SP 800-108 (KBKDF)C826KDF SP 800-108HMAC-SHA-1, HMAC- SHA2-224, HMAC-SHA 2- 256, HMAC-SHA 2-384, HMAC-SHA 2-512 KDF Uses HMAC-SHA-1 (#C822), HMAC-SHA2-224 (#C822), HMAC-SHA2-256 (#C822), HMAC-SHA2-384 (#C822) and HMAC-SHA2- 512 (#C822) as underlying MAC algorithmKey derivation
ECDSA SigGen (FIPS 186-4) (CVL)C829ECDSA SigGen (FIPS 186-4)Sig Gen Component: P- 224, P-256, P-384, P-521 (SHA2-224, -256, -384, - 512) Uses Hash DRBG (SP 800- 90Ar1) (#C830) as underlying Random Generator P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectivelySignature generation
ECDSA SigVer (FIPS 186-4)C829ECDSA SigVer (FIPS 186-4)SigVer: P-192, P-224, P- 256, P-384, P-521 (SHA-1, 224, -256, 384, -512)Signature verification
KAS-ECC CDH- Component (CVL) (SP 800-56Ar3)C829KAS-ECC CDH-ComponentP‐224, P‐256, P‐384 and P‐521 P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strength respectivelyECDH key derivation and SSL suite B key exchange
Hash DRBG (SP 800-90Ar1)C830Hash DRBGSHA2-512 based with security strength of 256- bit. No prediction resistance Uses SHA2-512 (# SHS 1780) as underlying digest algorithmRandom number generation for user, internal Ivs and salt
AES-CBC (SP 800- 38A)C839AES-CBCEncrypt/Decrypt; 128, 192 and 256-bitData encryption and decryption
AES-CCM (SP 800- 38C)C839AES-CCMAuthenticated encryption and decryption; 128-bit, 192-bit, and 256-bit Uses AES-CBC (#C839) as underlying Block cipherData encryption and decryption
AES-CMAC (SP 800-38B)C839AES-CMACMAC generate and verify; 128-bit, 192-bit, and 256- bit Uses AES-CBC (#C839) as underlying Block cipherMessage authentication code generation and verification
AES-CTR (SP 800- 38A)C839AES-CTREncrypt/Decrypt 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipherData encryption and decryption
AES-ECB (SP 800- 38A)C839AES-ECBEncrypt/Decrypt; 128, 192, and 256-bitData encryption and decryption
AES-GCM (KTS) (SP 800-38D)C839SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G.128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength Uses AES-ECB (#C839) as underlying Block cipherData encryption, decryption, key-wrap, and key-unwrap
AES-GCM (SP 800- 38D)C839AES-GCMEncrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipherData encryption, decryption, key-wrap, and key-unwrap
AES-GMAC (SP 800-38D)C839AES-GMACEncrypt/Decrypt; 128, 192, and 256-bit Uses AES-ECB (#C839) as underlying Block cipherMessage Authentication
HMAC-SHA-1 (FIPS 198-1)C839HMAC-SHA-1HMAC-SHA-1 Uses SHA-1 (# SHS 1780) as underlying digest algorithmMAC generation, verify, KAS and KDF
HMAC-SHA2-224 (FIPS 198-1)C839HMAC-SHA2-224HMAC-SHA2-224 Uses SHA2-224 (# SHS 1780) as underlying digest algorithmMAC generation, verify, KAS and KDF
HMAC-SHA2-256 (FIPS 198-1)C839HMAC-SHA2-256HMAC-SHA2-256 Uses SHA2-256 (# SHS 1780) as underlying digest algorithmMAC generation, verify, KAS and KDF
HMAC-SHA2-384 (FIPS 198-1)C839HMAC-SHA2-384HMAC-SHA2-384 Uses SHA2-384 (# SHS 1780) as underlying digest algorithmMAC generation, verify, KAS and KDF
HMAC-SHA2-512 (FIPS 198-1)C839HMAC-SHA2-512HMAC-SHA2-512 Uses SHA2-512 (# SHS 1780) as underlying digest algorithmMAC generation, verify, KAS and KDF
KDF SP 800-108 (KBKDF)C839KDF SP 800-108HMAC-Counter mode (HMAC-SHA2-256, HMAC- SHA2-384, HMAC-SHA2- 512)Key derivation
RSA Decryption Primitive (CVL) (SP 800-56Br2)C839RSA Decryption Primitive2048-bit 3072-bit 4096-bit Note: CAVP testing was only available for 2048-bit at the time of the module submission SP 800-56B RSADP component validation is equivalent with SP 800- 56Br2 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strengthDecryption primitive
RSA Signature Primitive (CVL) (FIPS 186-4)C839RSA Signature Primitive2048-bit 3072-bit 4096-bit Note: CAVP testing was only available for 2048-bit at the time of the module submission 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength.Signature primitive
KDF TLS (CVL) (SP 800-135r1)C840KDF TLSTLS-KDF (v1.0/1.1, v1.2) v1.2: SHA2-256, SHA2- 384, SHA2-512TLS handshake
KAS KDA HKDF (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA HKDF SP 800- 56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS KDA ONESTEP (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA OneStep SP 800-56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS KDA TWOSTEP (SP 800- 56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDA TwoStep SP 800- 56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS-KDF-HKDF (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA HKDF Sp800- 56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS-KDF- OneStep(SP 800- 56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA OneStep Sp800- 56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS-KDF-TwoStep (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDA TwoStep Sp800- 56Cr1 (#A1192)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS-KDF-ANS9.63 (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A1220) KDF ANS 9.63 (#C825)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P- 521, K-233, K-283, K-409, K-571, B-233, B-283, B- 409, and B-571 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS ANS 9.63 (SP 800-56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#C825)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2).P-224, P-256, P-384, and P-521 curves providing 112, 128, 192, or 256 bits of encryption strengthECDH key derivation and ECDH-AES key wrap
KAS TLS (SP 800- 56Ar3)KAS-ECC- SSC Sp800- 56Ar3 (#A2161) KDF TLS (CVL) (#C840)SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2)P-224, P-256, P-384, P- 521 curves providing 112, 128, 192, or 256 bits of encryption strengthTLS
KAS-IFC HKDF (SP 800-56Br2)KAS-IFC- SSC (#A1193) KDA HKDF Sp800- 56Cr1 (#A1192)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strengthPEK and KLK generation and certificate authentication
KAS-IFC OneStep (SP 800-56Br2)KAS-IFC- SSC (#A1193) KDA OneStep Sp800- 56Cr1 (#A1192)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strengthPEK and KLK generation and certificate authentication
KAS-IFC TwoStep (SP 800-56Br2)KAS-IFC- SSC (#A1193) KDA TwoStep Sp800- 56Cr1 (#A1193)SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2).2048-bit, 3072-bit and 4096-bit modulus providing 112, 128, or 150 bits of encryption strengthPEK and KLK generation and certificate authentication
ENT (P) SP 800-90BN/AN/AOCTEON HW RBGSystem Entropy
SHA-1 (FIPS 180-4)SHS 1780SHA-1SHA-1Message digests
SHA2-224 (FIPS 180-4)SHS 1780SHA2-224SHA2-224Message digests
SHA2-256 (FIPS 180-4)SHS 1780SHA2-256SHA2-256Message digests
SHA2-384 (FIPS 180-4)SHS 1780SHA2-384SHA2-384Message digests
SHA2-512 (FIPS 180-4)SHS 1780SHA2-512SHA2-512Message digests
TDES-CBC (SP 800- 38A)TDES 1311Triple-DES-CBCTCBC mode; 3-key (192 bits) Decrypt * Legacy use onlyData decryption
TDES-ECB (SP 800- 38A)TDES 1311Triple-DES-ECBTECB mode; 3-key (192 bits) Decrypt * Legacy use onlyData decryption
CKG SP 800- 133Rev2Vendor affirmedPlease refer to section 2.9 Algorithm-Specific Information CKGPlease refer to section 2.9 Algorithm-Specific InformationCryptographic Key Generation; SP 800-133Rev2 and IG D.H

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 27

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 28

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 29

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 30

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 31

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 32

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 33

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 34

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 35

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 36

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 37

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 38

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 SP 80056Cr1 Marvell Semiconductor, Inc.

Page 39

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 KAS-KDFOneStep(SP 80056Ar3) KAS-ECCSSC Sp80056Ar3 SP 80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 KAS-ECCSSC Sp80056Ar3 Sp80056Cr1 Marvell Semiconductor, Inc.

Page 40

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 (SP 800135r1) KAS-ECCSSC Sp80056Ar3 KAS-IFCSSC Sp80056Cr1 KAS-IFCSSC Sp80056Cr1 KAS-IFCSSC Sp80056Cr1 Marvell Semiconductor, Inc.

Page 41

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N/A N/A

Page 42
Approved algorithm
NameUse Function
AESCert. #C819, key unwrapping. Provides 128, 192 or 256 bits of encryption strength. Per IG D.G.Key unwrap only N3FIPS-OpenSSL-1.1.1-AES ECB mode: Decrypt; 128, 192 and 256 bits CBC mode: Decrypt: 128, 192 and 256 bits *Legacy use only

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

Page 43
Approved algorithm
NameUse Function
EC Diffie-Hellman with non-NIST recommended curvesCert. #C829, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A.EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2- 384, SHA2-512)
ECDSA with non-NIST recommended curvesCert. #C825, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A.EC Key generation, sign, verify Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2- 384, SHA2-512)
MD5Only allowed as the PRF in TLSv1.0 and v1.1 per IG 2.4.AMessage digest used in TLSv1.0 / v1.1 KDF only.
Triple-DES SP 800-38BNo security claimed per IG 2.4.ATDES-CMAC Cert# A1198

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The support of TLS 1.0/1.1, v1.2 protocol by the module is restricted to the TLS Key Derivation Function and the crypto operation. This functionality of the module is used by the user of the module as part of TLS protocol negotiation. No parts of the TLS protocol, other than the KDF, have been reviewed or tested by the CAVP or the CMVP.

2.10 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No
Page 44
Algorithm/FunctionUsage
AES (non-compliant)• Key wrap (TR31/TR34/AES-CBC/AES-GCM wrap/unwrap), DecimalTable/Data/PIN encryption/decryption. • FF1/FF3-1 Data encryption/decryption • In Non-Approved mode AES GCM supports the IV length from 1 byte to 16 bytes
DES• Derive unique key per transaction (DUKPT), • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and Verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. • Import/Export using TR34. • Import Decimal Table • EMV script. • EMV ARQC/ARPC • Data/PIN encryption/decryption
DES MACMAC generation and Verification

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

2.11 Non-Approved, Non-Allowed Algorithms

The cryptographic module supports the following non-Approved algorithms available only in nonApproved mode. Marvell Semiconductor, Inc.

Page 45
Approved algorithm
NameKey Size
Double-DES• Derive unique key per transaction (DUKPT) • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping • Import/Export using TR34 • Import Decimal Table • EMV script. • EMV ARQC/ARPC • Data/PIN encryption/decryption
EC-AESEC-AES wrap/unwrap (EC BYOK)
ECDH KDFKey derivation using ECDH followed by HMAC/CMAC counter KDF
ECDSA (non-compliant)Key generation, Sign, Verify P192, Secp192k1, brainpoolP160r1, brainpool192r1, K- 163 and B-163 (SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512)
EDDSA (non-compliant)Key generation, Sign, Verify
KAS-ECC (non-compliant)EC Key generation and ECDH Curve25519 (128 bits), Curve448 (224 bits)
PBEKey generation
RSA (non-compliant)• TR34 Import • TR34 Export • PIN block decryption • BYOK • Encrypt/Decrypt • Asymmetric key encapsulation and un-encapsulation using PKCS#1-v1.5 padding with modulus size 2048, 3072, and 4096 bits • Key generation, Sign, Verify (1024-bit)
Shamir’s Key Share• Key share
Triple-DES (non-compliant)• Derive unique key per transaction (DUKPT) • EMV key derivation • Derive PIN from Offset • Derive Offset from PIN • PIN Verification • PVV generation and Verification • CVV generation and verification • Export Symmetric key/Export Asymmetric key pair using TR31 wrapping • Import/Export using TR34 • Import Decimal Table • EMV script • EMV ARQC/ARPC • Data/PIN encryption/decryption

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 46

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

2.12 TLS 1.0/1.1/1.2 Cipher Suites

The module supports the algorithms for the following cipher suites using Approved and allowed algorithms and key sizes:

Page 47

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

2.13 Module Photographs

Figure 1

Page 48

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Figure 2

Page 49

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Figure 3

Page 50
Ports and interfaces
NamePhysical PortLogical InterfaceData That PassesData that passes over port/ interface
PCIe Interface (P1)PCIe Interface (P1)Data Input and Data Output, Control Input, Status Output and Power. PCIE x8 Interface Lane 0 Transmit Side B (14, 15) Receive Side A (16, 17) Lane 1 Transmit Side B (19, 20) Receive Side A (21, 22) Lane 2 Transmit Side B (23, 24) Receive Side A (25, 26) Lane 3 Transmit Side B (27, 28) Receive Side A (29, 30) Lane 4 Transmit Side B (33, 34) Receive Side A (35, 36) Lane 5 Transmit Side B (37, 38) Receive Side A (39, 40) Lane 6 Transmit Side B (41, 42) Receive Side A (43, 44) Lane 7 Transmit Side B (45, 46) Receive Side A (47, 48)Primary interface to communicate with the module Provides Services for the software on the host to communicate with the module
LED indicatorsLED indicatorsStatus Output: LED interface (7 LEDs, 13 pins)Visual status indicator
Tamper PINTamper PINControl Input: Tamper pin GPIO over I2CNo data, only a signal from high to low
Power connectorPower connectorPower: 6 PIN power connectorExternal power connector
USB Port (J2)USB Port (J2)Data InputInterface for vendor zeroize and Firmware Update (non-approved) service
Serial PortSerial PortControl Input and Status OutputInterface for vendor zeroize
LED/Port LocationLED/Port LocationDescription
D6 – RedD6 – RedPower Fail indication
D6 – GreenD6 – GreenPower OK – All voltages rails are at nominal
D13 – RedD13 – RedSee Table 20
D13 – GreenD13 – GreenSee Table 20
D10 –MulticolorD10 –MulticolorSee Table 20
D12 –MulticolorD12 –MulticolorSee Table 20
D14 –MulticolorD14 –MulticolorSee Table 20
GNDGNDGround PIN
P1P1PCIE Interface see Table 8
J2J2USB Port. To be used for vendor zeroize as an alternative to Tamper Pin zeroization (Under Vendor supervision).
J3J36 PIN Power Connector
Serial PortSerial PortTo be used for vendor zeroize as an alternative to Tamper Pin zeroization (Under Vendor supervision). This will become read-only beyond bootloader.

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Cryptographic Module Interfaces Table 8 describes the module ports and interfaces: Table 8

Page 51

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Roles, Services, and Authentication Note: Service interface documentation details specific service inputs and outputs: Document name: LiquidSecurity-2.09-0702-Driver-APIs-html.zip Version: 2.09-0702 Release date: 04/26/2024 To access the document, complete the below steps.

  1. Open the following link to open the Marvell Public Driver Downloads page: https://www.marvell.com/support/downloads.html#
  2. Choose CATEGORY, PLATFORM, and PART NUMBER as shown in the following screenshot; then click the APPLY button. Two results will display; select “LiquidSecurity-2.09-0702-Driver-APIs-html" to download. Marvell Semiconductor, Inc.
Page 52

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 3. This pops up a window to accept the “MARVELL LIMITED USE LICENSE AGREEMENT”. Marvell Semiconductor, Inc.

Page 53

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Click I Accept to accept the terms and Conditions; the Service Interface document will be downloaded.

  1. After the Interface document is downloaded, extract the archive with the Password “LS-FIPS140-3”.
  2. To access the Services, open the index.html file; then select LiquidSecurity Opcodes > Recommended APIs from the left pane. The page depicted in the following snapshot displays: Marvell Semiconductor, Inc.
Page 54
Service
NameRolesInputOutput
CN_ZEROIZEMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_VENDOR_ZEROIZEMCO/PCOOpcode inputsOpcode outputs
CN_APP_INITIALIZEMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_APP_FINALIZEMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_OPEN_SESSIONMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_SESSIONMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_SESSION_INFOMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_ALL_SESSIONSMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CLOSE_PARTITION_SESSIONSMCO/PCOOpcode inputsOpcode outputs
CN_ENCRYPT_SESSIONUN-AUTHOpcode inputsOpcode outputs
CN_AUTHORIZE_SESSIONUN-AUTHOpcode inputsOpcode outputs
CN_LOGINUN-AUTHOpcode inputsOpcode outputs
CN_LOGOUTMCO/PCO/PCU/AUOpcode inputsOpcode outputs
CN_UPDATE_USER_DETAILSMCO/PCO/PCU/AUOpcode inputsOpcode outputs
CN_TOKEN_INFOMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_PARTITION_INFOMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_HSM_LABELMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_ALL_PARTITION_INFOMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_POLICY_SETMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_M_VALUEMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_VERSIONMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_CORE_DUMPMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_DELETE_CORE_DUMPMCO/PCO/PCU/MFG/AU/UN-AUTHOpcode inputsOpcode outputs
CN_MASTER_CONFIGMCOOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_CERT_REQMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CERT_AUTH_STORE_CERTMCO/PCOOpcode inputsOpcode outputs
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE)MCO/PCOOpcode inputsOpcode outputs
CN_SET_KBK_PRIMARYMCO/PCOOpcode inputsOpcode outputs
CN_GET_KBK_SLOT_INFOMCO/PCOOpcode inputsOpcode outputs
CN_SHUTDOWNMCOOpcode inputsOpcode outputs
CN_GET_LOGIN_FAILURE_CNTMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_OPEN_SESSION_V2PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_ENCRYPT_SESSION_V2PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_INIT_TOKENMCO/PCOOpcode inputsOpcode outputs
CN_GEN_PSWD_ENC_KEYMCO/PCOOpcode inputsOpcode outputs
CN_UNLOCK_COUN-AUTHOpcode inputsOpcode outputs
CN_GET_CHALLENGE_COUN-AUTHOpcode inputsOpcode outputs
CN_INIT_DONEMCO/PCOOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_CERTMCO/PCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_CERT_AUTH_SECURE_BOOTMCO/UN-AUTHOpcode inputsOpcode outputs
CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_ENDMCOOpcode inputsOpcode outputs
CN_SLAVE_CONFIGMCOOpcode inputsOpcode outputs
CN_INVOKE_FIPSMCOOpcode inputsOpcode outputs
CN_GET_RSA_CACHE_SIZEMCOOpcode inputsOpcode outputs
CN_SET_HSM_CONFIGMCO/PCOOpcode inputsOpcode outputs
CN_GET_HSM_DIAG_INFOMCOOpcode inputsOpcode outputs
CN_GET_HSM_WT_PARAMMCOOpcode inputsOpcode outputs
CN_SET_HSM_WT_PARAMMCOOpcode inputsOpcode outputs
CN_GET_SERVER_PARAMSPCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_DIAG_GET_HSM_STATSMCOOpcode inputsOpcode outputs
CN_DIAG_GET_PARTITION_STATSMCOOpcode inputsOpcode outputs
CN_STORE_FW_SIGNING_KEYMCOOpcode inputsOpcode outputs
CN_ALLOW_FW_UPDATEMCOOpcode inputsOpcode outputs
CN_GET_BOOT_DATAMCOOpcode inputsOpcode outputs
CN_SET_CFG_PREGEN_CACHE_SZMCO/PCOOpcode inputsOpcode outputs
CN_GET_CFG_PREGEN_CACHE_SZMCO/PCOOpcode inputsOpcode outputs
CN_GET_CFG_PREGEN_CACHE_VALMCO/PCOOpcode inputsOpcode outputs
CN_SET_INIT_TIMEMCOOpcode inputsOpcode outputs
CN_SET_VENDOR_TIMEMCOOpcode inputsOpcode outputs
CN_GET_TIMEMCO/UN-AUTHOpcode inputsOpcode outputs
CN_SYNC_TIMEMCOOpcode inputsOpcode outputs
CN_PARTN_STORAGE_GETMCOOpcode inputsOpcode outputs
CN_PARTN_STORAGE_UPDATEMCOOpcode inputsOpcode outputs
CN_PARTN_STORAGE_DELETEMCOOpcode inputsOpcode outputs
CN_CREATE_PARTITIONMCOOpcode inputsOpcode outputs
CN_RESIZE_PARTITIONMCOOpcode inputsOpcode outputs
CN_DELETE_PARTITIONMCOOpcode inputsOpcode outputs
CN_GET_PARTITION_COUNTMCO/UN-AUTHMCOOpcode inputsOpcode outputs
CN_BACKUP_BEGINMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_CONFIGMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_USERSMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_KEYMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_ENDMCO/PCOOpcode inputsOpcode outputs
CN_RESTORE_BEGINMCO/PCOOpcode inputsOpcode outputs
CN_RESTORE_CONFIGMCO/PCOOpcode inputsOpcode outputs
CN_RESTORE_USERSMCO/PCOOpcode inputsOpcode outputs
CN_RESTORE_KEYMCO/PCOOpcode inputsOpcode outputs
CN_RESTORE_ENDMCO/PCOOpcode inputsOpcode outputs
CN_BACKUP_OBJECTMCO/PCOOpcode inputsOpcode outputs
CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK_WRAP_WITH_RSA)PCOOpcode inputsOpcode outputs
CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK_WRAP_WITH_RSA)PCOOpcode inputsOpcode outputs
CN_RESTORE_OBJECTMCO/PCOOpcode inputsOpcode outputs
CN_SET_M_VALUEPCOOpcode inputsOpcode outputs
CN_SET_NODEIDPCO/AUOpcode inputsOpcode outputs
CN_SET_POLICYMCO/PCOOpcode inputsOpcode outputs
CN_CREATE_USER, CN_CREATE_PRE_OFFICER, CN_CREATE_CO, CN_CREATE_APPLIANCE_USERPCOOpcode inputsOpcode outputs
CN_DELETE_USERMCO/PCOOpcode inputsOpcode outputs
CN_LIST_USERSPCO/PCU/AU/UN-AUTHOpcode inputsOpcode outputs
CN_GET_USER_INFOPCO/PCUOpcode inputsOpcode outputs
CN_UNLOCK_USERPCO/MCOOpcode inputsOpcode outputs
CN_ALWAYS_AUTHORIZE_USERPCUOpcode inputsOpcode outputs
CN_CERT_AUTH_GET_SOURCE_RANDOMPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_VALIDATE_PEER_CERTSPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_SOURCE_KEY_EXCHANGEPCOOpcode inputsOpcode outputs
CN_CLONE_SOURCE_INITPCOOpcode inputsOpcode outputs
CN_CLONE_SOURCE_STAGE1PCOOpcode inputsOpcode outputs
CN_CLONE_TARGET_INITPCOOpcode inputsOpcode outputs
CN_CLONE_TARGET_STAGE1PCOOpcode inputsOpcode outputs
CN_CERT_AUTH_TARGET_KEY_EXCHANGEPCOOpcode inputsOpcode outputs
CN_CREATE_OBJECTPCUOpcode inputsOpcode outputs
CN_GEN_KEY_ENC_KEYPCO/MCOOpcode inputsOpcode outputs
CN_EXTRACT_MASKED_OBJECTPCO/PCU/AUOpcode inputsOpcode outputs
CN_INSERT_MASKED_OBJECTPCO/PCU/AUOpcode inputsOpcode outputs
CN_DESTROY_OBJECTPCUOpcode inputsOpcode outputs
CN_GET_ATTRIBUTE_VALUEPCUOpcode inputsOpcode outputs
CN_GET_ATTRIBUTE_SIZEPCUOpcode inputsOpcode outputs
CN_GET_ALL_ATTRIBUTE_SIZEPCUOpcode inputsOpcode outputs
CN_GET_ALL_ATTRIBUTE_VALUEPCO/PCUOpcode inputsOpcode outputs
CN_MODIFY_OBJECTPCO/PCUOpcode inputsOpcode outputs
CN_FIND_OBJECTS_USING_COUNT/CN_FIND_ALL_ OBJECTS_IN_RANGE/CN_FIND_ALL_OBJECTS/CN_FI ND_ALL_OBJECTS_USING_COUNT/CN_FIND_OBJEC TS/CN_FIND_OBJECTS_FROM_INDEXPCO/PCU/AUOpcode inputsOpcode outputs
CN_GENERATE_KEYPCUOpcode inputsOpcode outputs
CN_SPLIT_SECRET_KEYPCUOpcode inputsOpcode outputs
CN_GENERATE_KEY_PAIRPCUOpcode inputsOpcode outputs
CN_EXPORT_PUB_KEYPCUOpcode inputsOpcode outputs
CN_SHARE_OBJECTPCUOpcode inputsOpcode outputs
CN_GET_OBJECT_INFOPCUOpcode inputsOpcode outputs
CN_TOMBSTONE_OBJECTPCUOpcode inputsOpcode outputs
CN_DELETE_TOMBSTONED_OBJECTPCUOpcode inputsOpcode outputs
CN_UNWRAP_KEY/CN_UNWRAP_KEY2PCUOpcode inputsOpcode outputs
CN_WRAP_KEY/CN_WRAP_KEY2PCUOpcode inputsOpcode outputs
CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2PCUOpcode inputsOpcode outputs
CN_GET_RSA_CACHE_SIZEMCOOpcode inputsOpcode outputs
CN_DERIVE_KEYPCUOpcode inputsOpcode outputs
CN_MODIFY_KEY_OWNERPCOOpcode inputsOpcode outputs
CN_ADMIN_GET_PARTN_KEYHANDLES_HASHMCO/PCO/PCU/AUOpcode inputsOpcode outputs
CN_GET_PARTN_SINGLE_KEYHANDLE_HASHPCO/AUOpcode inputsOpcode outputs
CN_PARK_OBJECTPCUOpcode inputsOpcode outputs
CN_UNPARK_OBJECTPCUOpcode inputsOpcode outputs
CN_SET_USER_ATTRPCOOpcode inputsOpcode outputs
CN_LIST_AUTH_PUB_KEYSPCOOpcode inputsOpcode outputs
CN_CERT_AUTH_REMOVE_CERTPCOOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_DETAILSPCO/AUOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_LOGSPCO/AUOpcode inputsOpcode outputs
CN_PARTN_GET_AUDIT_SIGNPCO/AUOpcode inputsOpcode outputs
CN_PARTN_ACK_AUDIT_SIGNPCO/AUOpcode inputsOpcode outputs
CN_FINALIZE_LOGSMCOOpcode inputsOpcode outputs
CN_SIGNPCUOpcode inputsOpcode outputs
CN_VERIFYPCUOpcode inputsOpcode outputs
CN_ECC_DHPCUOpcode inputsOpcode outputs
CN_NIST_AES_WRAPPCUOpcode inputsOpcode outputs
CN_ALLOC_SSL_CTXPCUOpcode inputsOpcode outputs
CN_FREE_SSL_CTXPCUOpcode inputsOpcode outputs
CN_GEN_PMKPCUOpcode inputsOpcode outputs
CN_FIPS_RANDPCUOpcode inputsOpcode outputs
CN_ME_PKCS_LARGEPCUOpcode inputsOpcode outputs
CN_ME_PKCSPCUOpcode inputsOpcode outputs
CN_FECCPCUOpcode inputsOpcode outputs
CN_HASHPCUOpcode inputsOpcode outputs
CN_HMACPCUOpcode inputsOpcode outputs
CN_ENCRYPT_DECRYPTPCUOpcode inputsOpcode outputs
MAJOR_OP_OTHERPCUOpcode inputsOpcode outputs
MAJOR_OP_FINISHEDPCUOpcode inputsOpcode outputs
MAJOR_OP_RESUMEPCUOpcode inputsOpcode outputs
MAJOR_OP_ENCRYPT_DECRYPT_RECORDPCUOpcode inputsOpcode outputs
CN_SHA3PCUOpcode inputsOpcode outputs
MAJOR_OP_DECRYPT_AND_ENCRYPTPCUOpcode inputsOpcode outputs
CN_GET_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_APPROVE_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_LIST_TOKENSPCO/PCUOpcode inputsOpcode outputs
CN_TOKEN_TIMEOUTPCOOpcode inputsOpcode outputs
CN_DELETE_TOKENPCO/PCUOpcode inputsOpcode outputs
CN_SM_IMAGE_DELETEMCOOpcode inputsOpcode outputs
CN_SME_DIAG_INFOMCOOpcode inputsOpcode outputs
CN_SET_SM_APP_CONFIGMCOOpcode inputsOpcode outputs
CN_GET_SM_APP_CONFIGMCOOpcode inputsOpcode outputs
CN_SET_SM_CAPABILITYMCOOpcode inputsOpcode outputs
CN_GET_SM_CONFIGMCOOpcode inputsOpcode outputs
CN_SMAPP_DIAG_INFOPCOOpcode inputsOpcode outputs
CN_SMAPP_UPDATE_BEGINPCOOpcode inputsOpcode outputs
CN_SMAPP_UPDATEPCOOpcode inputsOpcode outputs
CN_SMAPP_UPDATE_ENDPCOOpcode inputsOpcode outputs
CN_SMAPP_CTRLPCOOpcode inputsOpcode outputs
CN_SMAPP_DELETEPCOOpcode inputsOpcode outputs
CN_SMAPP_WRITE_DATAPCUOpcode inputsOpcode outputs
CN_SMAPP_READ_DATAPCUOpcode inputsOpcode outputs
CN_SMAPP_DELETE_FILEPCUOpcode inputsOpcode outputs
CN_SET_SM_CONFIGMCOOpcode inputsOpcode outputs
CN_SMAPP_WRITE_SFRAMPCUOpcode inputsOpcode outputs
CN_SMAPP_READ_SFRAMPCUOpcode inputsOpcode outputs
CN_LIST_UNLINKED_OBJECTSPCOOpcode inputsOpcode outputs
CN_GENERATE_PBE_KEYPCO/PCUOpcode inputsOpcode outputs
LSPAY_GENERATE_ASYMM_KEYPCUOpcode inputsOpcode outputs
LSPAY_GENERATE_SYMM_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_PUBLIC_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_PUBLIC_KEYPCUOpcode inputsOpcode outputs
LSPAY_VALIDATE_PUBLIC_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_KPKPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_KPKPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_TR34_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_KEYPCUOpcode inputsOpcode outputs
LSPAY_EXPORT_TR34_KEYPCUOpcode inputsOpcode outputs
LSPAY_TRANSLATE_KEYPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_CERTPCUOpcode inputsOpcode outputs
LSPAY_IMPORT_DECIMAL_TABLEPCUOpcode inputsOpcode outputs
LSPAY_GENERATE_CSRPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_KEYPCUOpcode inputsOpcode outputs
LSPAY_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_DECRYPTPCUOpcode inputsOpcode outputs
LSPAY_DECRYPT_THEN_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_MAC_GENPCUOpcode inputsOpcode outputs
LSPAY_MAC_VERIFYPCUOpcode inputsOpcode outputs*
LSPAY_MAC_TRANSLATEPCUOpcode inputsOpcode outputs*
LSPAY_FPE_ENCRYPTPCUOpcode inputsOpcode outputs
LSPAY_FPE_DECRYPTPCUOpcode inputsOpcode inputs
LSPAY_SIGNPCUOpcode inputsOpcode outputs
LSPAY_SIGN_VERIFYPCUOpcode inputsOpcode inputs
LSPAY_PIN_BLOCK_TRANSLATEPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_PIN_FROM_OFFSETPCUOpcode inputsOpcode outputs
LSPAY_DERIVE_OFFSET_FROM_PINPCUOpcode inputsOpcode outputs
LSPAY_VERIFY_PINPCUOpcode inputsOpcode outputs
LSPAY_PVV_GENERATIONPCUOpcode inputsOpcode outputs
LSPAY_PVV_VERIFYPCUOpcode inputsOpcode outputs
LSPAY_EMV_GENVERIFY_ACPCUOpcode inputsOpcode outputs
LSPAY_EMV_SECURE_MSG_GENPCUOpcode inputsOpcode outputs
LSPAY_CVV_GENPCUOpcode inputsOpcode outputs
LSPAY_CVV_VERIFYPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_CREATEPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_EXPORT_KEY_COMPONENTPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_COMBINE_INITPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_IMPORT_COMPONENTPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_COMBINE_KEYPCUOpcode inputsOpcode outputs
LSPAY_KEY_SHARE_ZEROIZEPCUOpcode inputsOpcode outputs
LSPAY_MFK_GENERATEPCOOpcode inputsOpcode outputs
LSPAY_MFK_GET_INFOPCOOpcode inputsOpcode outputs
LSPAY_MFK_DELETEPCOOpcode inputsOpcode outputs
LSPAY_MFK_SET_PRIMARYPCOOpcode inputsOpcode outputs
MAJOR_OP_RSASERVER_LARGEPCUOpcode inputsOpcode outputs
MAJOR_OP_RSASERVERPCUOpcode inputsOpcode outputs
Firmware UpdateUN-AUTHSerial inputs: run boot_usbRED LED BLINK
CN_GENERATE_KEY_PAIR (non-compliant)PCUOpcode inputsOpcode outputs
CN_GENERATE_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_CREATE_OBJECT (non-compliant)PCUOpcode inputsOpcode outputs
CN_UNWRAP_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_WRAP_KEY (non-compliant)PCUOpcode inputsOpcode outputs
CN_EXTRACT_MASKED_OBJECT (non-compliant)PCU/PCO/AUOpcode inputsOpcode outputs
CN_STORE_FW_SIGNING_KEY (non-compliant)MCOOpcode inputsOpcode outputs
CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant)PCUOpcode inputsOpcode outputs
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant)ManufacturerOpcode inputsOpcode outputs
CN_INSERT_MASKED_OBJECT (non-compliant)PCU/PCO/AUOpcode inputsOpcode outputs
CN_ENCRYPT_SESSION (non-compliant)UN-AUTHOpcode inputsOpcode outputs
CN_DERIVE_KEY (non-compliant)PCUOpcode inputsOpcode outputs
This role sets the identity, serial number, performance settings and max operating temperatureMFGManufacturer License certificate-based authenticationRSA signature [single factor crypto software]
This role has access to administrative services offered by the module or HSMMCOIdentity-based operator authenticationUsername and password [Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software]
This role is an optional role with limited functionality, eventually transition into PCOPre-COIdentity-based operator authenticationUsername and password [Memorized-Secret]
This role has access to administrative services of the partitionPCOIdentity-based operator authenticationUsername and password [Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software]
This role has access to all crypto services offered by the partitionPCUIdentity-based operator authenticationUsername and password Memorized-Secret]; optional RSA signature (2FA) [single factor crypto software]
This role has access to partition audit logs and Appliance secure channel keyAUIdentity-based operator authenticationUsername and password Memorized-Secret]

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy 6. Click the Recommended API for each opcode (services) for the input and output details. Table 10

Page 55

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 56

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 57

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 58

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 59

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 60

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 61

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

4.1 Assumption of Roles, Master Partition

The module supports the following roles. One identity is allowed for each role, per partition.

4.1.1 Manufacturer (MFG)

During the manufacturing stage, each HSM goes through the following process:

Page 62

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

4.1.2 Master Crypto Officer (MCO)

The master partition supports only the Master Crypto Officer role (MCO). This role is used to configure non-master partitions (create, provision, resize, delete) but cannot access their resources (e.g., cannot manage or use non-master partition keys). This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor). Refer to Section 4.3 for details.

4.2 Assumption of Roles, Non-Master Partition Roles

Each Non-Master Partition supports four (4) distinct operator roles as described below. The module enforces the separation of roles using identity-based authentication. Re-authentication is required to change roles. Except for Pre-CO, concurrent operators are allowed; however, only one operator is allowed per login session.

4.2.1 Pre-Crypto Officer (Pre-CO)

During partition initialization, default credentials are used to create a Pre-CO or a PCO. The Pre-CO is a restricted role primarily for configuring certificates and setting up a PCO. Once a PCO is set up for a partition, the Pre-CO role is no longer accessible. Because the Pre-CO is essentially a restricted PCO, it does not have its own column in Table 12. Instead, PCO capabilities in Table 12 are marked with an asterisk (*) to indicate Pre-CO can run these services. This role is authenticated with username and password (one-factor) only.

4.2.2 Partition Crypto Officer (PCO)

This role has access to administrative services of the partition and can configure PCU and AU identities. This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor).

4.2.3 Partition Crypto User (PCU)

This role has access to all cryptographic services offered by the partition; its purpose is operational use of the module. This role is authenticated with username and password (one-factor) and optionally with signature as well (two-factor).

4.2.4 Appliance User (AU)

This role has access to partition audit logs and can create end-to-end encrypted channels. It is to set up and synchronize clusters. This role is authenticated with username and password (one-factor) only. Marvell Semiconductor, Inc.

Page 63

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy The module enforces identity-based authentication. A role is explicitly selected at authentication. If a given identity is not allocated with the role, then the authentication will fail with appropriate error. The partitions (see Sections 4.41 and 4.2 for details). If the given user identity is not allocated for a role, then authentication will be failed with appropriate error. The module allows one identity per role, per All the user roles should be authenticated with Level 3 based authentication mechanisms. MCO, Pre-CO, Table 11

Page 64
Approved algorithm
NameKey Size
Username and passwordThe password is a minimum of 8 characters, case-sensitive alpha-numeric. As such there are (26*2+10) ^8 = 62^8 possible minimum-length passwords, and the false acceptance rate is 1 in 62^8. A maximum of 20 password attempts are possible before permanent lockout. Therefore, the probability of false authentication over any timeframe is 20 in 62^8. (The number of allowed login attempts prior to lockout is configured during module initialization but cannot exceed 20.) Lockout of MCO automatically zeroizes the module. In all other cases, lockout can be unset by destroying the partition.MCO/Pre- CO/PCO/PCU/AU
RSA SignatureAuthentication is performed using SHA2-256 based RSA 2048-bit PKCS#1-v1.5 signatures (provides 112 bits of strength). Corresponding public key is associated with the identity (for Manufacturing role, it is part of FW image). The probability that a random attempt will succeed, or a false acceptance will occur, is approximately 1 in 2^112, which is less than 1 in 1,000,000. For each failed signature verification, the module will block for 2 seconds. Based on this maximum rate, the probability that a random attempt will succeed in a one-minute period is approximately 30 in 2^112, which is less than 1 in 100,000.MCO/PCO/PCU MFG

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 12

4.4 Roles, Services, and CSP Access

G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP metadata is updated. The module writes the SSP. The write access is typically performed after a SSP is imported into the module, or the module generates an SSP, or the module overwrites an existing SSP. E = Execute: The module uses the SSP in performing a cryptographic operation. Marvell Semiconductor, Inc.

Page 65
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
CN_ZEROIZE• Zeroize the HSM Master/user partition. Can be configured to be allowed by CO only • Master zeroize will zeroize and delete all user partitions • With factory_reset option, all the SSPs of the partition will be zeroized. • Regular zeroize will zeroize all the user(s) generated SSPs of the partition • Please refer to Table 18 for the list of SSPs and corresponding zeroization service types that erase them.MCO/PCO/ PCU/MFG/A U/UN-AUTHUser keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POACNoneZSuccess with fips_state = 2 or 3
CN_VENDOR_ZEROIZEZeroizes HSM Master partition. • Vendor zeroize (MCO only) zeroizes vendor programmed certificates and SSPs. factory reset will zeroize all the SSPs of the partition. Please refer to Table 18 for the list of SSPs which can be zeroized using the current zeroization method.MCO/PCOUser keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POAC AOTAC OKBK AOAC SecureBootAuth Public Key On vendor zeroize: MFDEK FMAK MFKBKNoneZSuccess with fips_state = 2 or 3
CN_APP_INITIALIZERegisters an application with HSM.MCO/PCO/P CU/MFG/AU /UN-AUTHDRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821]E RSuccess with fips_state = 2 or 3
CN_APP_FINALIZEUnregisters an application from HSM.MCO/PCO/P CU/MFG/AU /UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_OPEN_SESSIONOpens a session in HSM and returns the session handle.MCO/PCO/P CU/MFG/AU /UN-AUTHDRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821]NoneSuccess with fips_state = 2 or 3
CN_CLOSE_SESSIONCloses the session.MCO/PCO/P CU/MFG/AU /UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_GET_SESSION_INFOGets the session information.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_CLOSE_ALL_SESSIONSManagement services for closing all sessions of an application.MCO/PCO/ PCU/MFG/A U/UN-AUTHUser keysNoneZSuccess with fips_state = 2 or 3
CN_CLOSE_PARTITION_SESSIONSClose sessions of all Applications tied to a Partition.PCO/MCOUser keysNoneZSuccess with fips_state = 2 or 3
CN_ENCRYPT_SESSIONEnables encrypted communication channel.UN-AUTHPOAC PAK TLS ECDH Session Key TLS Session Symmetric Key Set TLS Session HMAC Key DRBG Entropy/HASH_DR BGInternal StateHash DRBG (SP 800- 90Ar1) [#C830] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDF TLS (CVL) (SP 800- 135r1) [#C840] KAS-ECC-SSC Sp800- 56Ar3 [#A2161]R E E G G ESuccess with fips_state = 2 or 3
CN_AUTHORIZE_SESSIONAuthorizes the sessions to be used under E2E and do login.UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_LOGINAllows login to a session. Public key is used to verify user signatures, optionally in 2-factor authentication.UN-AUTHPEK Login passwords 2FAMofNPubK CAPubK DRBG Entropy/CTR_DRBG Internal StateAES [#C819], allowed per IG D.G RSA SigVer (FIPS 186- 4) [#C824] PBKDF (SP 800-132) [#A1196] Counter DRBG (SP 800-90Ar1) [#C821]E W E ESuccess with fips_state = 2 or 3
CN_LOGOUTAllows logout of a session.MCO/PCO/P CU/AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_UPDATE_USER_DETAILSRequires user to be logged in. Updates Passwords and Public key for 2-factor authentication or updates the username of PCO.MCO/PCO/P CU/AU2FAMofNPubK PEK Login passwords DRBG ENTROPY/CTR_DRB G Internal StateRSA SigVer (FIPS 186- 4) [#C824] AES-CBC (SP 800-38A) [#C839] Counter DRBG (SP 800-90Ar1) [#C821] PBKDF (SP 800-132) [#A1196]W R W ESuccess with fips_state = 2 or 3
CN_TOKEN_INFOGet token information.MCO/PCO/P CU/MFG/AU /UN-AUTHMFKBK OKBKNoneR RSuccess with fips_state = 2 or 3
CN_PARTITION_INFOReturns Partition Information.MCO/PCO/P CU/MFG/AU /UN-AUTHPartition Owner KBK (POKBK)NoneESuccess with fips_state = 2 or 3
CN_GET_HSM_LABELReturns HSM label.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ALL_PARTITION_INFOGet information for all Partitions.MCO/PCO/P CU/MFG/AU /UN-AUTHPartition Owner KBK (POKBK)NoneESuccess with fips_state = 2 or 3
CN_GET_POLICY_SETGet the current policy settings. This operation does not need authentication.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_M_VALUEGet the current M Value of a CO Service.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_VERSIONObtain Firmware Version.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CORE_DUMPRetrieves core dump files from HSM and saves as dump_file.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_DELETE_CORE_DUMPDelete core dump file if it exists.MCO/PCO/P CU/MFG/AU /UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_MASTER_CONFIGPerform a master configuration.MCOMLVK MARC FMAK FMACRSA SigVer (FIPS 186- 4) [#C824]R W G GSuccess with fips_state = 2 or 3
CN_CERT_AUTH_GET_CERT_REQGet the partition or HSM Certificate Signing Request (CSR).MCO/PCO/P CU/AU/UN- AUTHAOAC POACNoneR RSuccess with fips_state = 2 or 3
CN_CERT_AUTH_STORE_CERTStore the partition owner certificate or the partition certificate signed by the partition owner or HSM certificate signed by vendor, HSM owner certificate and HSM certificate signed by HSM owner.MCO/PCOAOTAC POTAC AOAC POACRSA SigVer (FIPS 186- 4) [#C824]W W W WSuccess with fips_state = 2 or 3
CN_STORE_VENDOR_PRE_SHARE D_KEY (CN_STORE_KBK_SHARE)Store Fixed Keys (KBK) for backup.MCO/PCOMARC AOTAC, POTAC, MFKBK, OKBK, POKBK, FMAK, PAKRSA SigVer (FIPS 186- 4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194], AES-KWP (KTS) (SP 800- 38F) [#C1263]E E E W W W E ESuccess with fips_state = 2 or 3
CN_SET_KBK_PRIMARYSet the latest stored fixed (KBK) key as the primary key for backup.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_KBK_SLOT_INFOGet the stored fixed (KBK) keys ekcv information.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SHUTDOWNSet HSM state to shutdown.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_LOGIN_FAILURE_CNTGet the login failure count of a particular user.MCO/PCO/P CU/AU/UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_OPEN_SESSION_V2Opens a session in HSM and returns the session handle.PCO/PCU/ AU/UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_ENCRYPT_SESSION_V2Establishes E2E connection with/without client- authentication, between HSM and the Host applications.PCO/PCU/ AU/UN- AUTHE2E Client Authentication Public key PAK POAC E2E TLS ECDH Session Key E2E TLS Session Symmetric Key Set E2E TLS Session HMAC Keys DRBG Entropy/HASH_DR BG Internal StateHash DRBG (SP 800- 90Ar1) [#C830] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KAS TLS (SP 800- 56Ar3) KAS-ECC-SSC Sp800-56Ar3 [#A2161] RSA SigVer (FIPS 186- 4) [#C824]E E R G G G ESuccess with fips_state = 2 or 3
CN_INIT_TOKENInitializes the HSM and sets its policies and boundaries to the values specified in config_file.MCO/PCOMMEK PMEK DRBG ENTROPY/CTR_DRB G Internal StateAES-CBC (SP 800-38A) [#C839] RSA SigGen (FIPS 186- 4) [#C824] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed]G G ESuccess with fips_state = 2 or 3
CN_GEN_PSWD_ENC_KEYGenerates a Password Encryption Key (PEK), which is used to wrap the user password while sending it over the FIPS boundary.MCO/PCOPEK Host PswdEncKeyPublic Key DRBG ENTROPY/CTR_DRB G Internal StateKAS-IFC HKDF (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)Counter DRBG (SP 800-90Ar1) [#C821]G E ESuccess with fips_state = 2 or 3
CN_UNLOCK_COOn providing response(signature) over the challenge thrown by HSM/Partition during CN_GET_CHALLENGE_CO (CfmGetChallengeCO), session will be marked with "unlock" privileges, allowing the user to generate PEK, zeroizeHSM and change the CO's self password. Session will remain in unlocked state only for 120 seconds.UN-AUTHPOAC/AOACRSA SigVer (FIPS 186- 4) [#C824]ESuccess with fips_state = 2 or 3
CN_GET_CHALLENGE_COGets a challenge to be signed by either HSM/Partition's owner to move the session to "unlocked" state using "unlockco” command.UN-AUTHPOAC AOAC PAK FMACCounter DRBG (SP 800-90Ar1) [#C821] RSA SigGen (FIPS 186- 4) [#C824]R R E RSuccess with fips_state = 2 or 3
FMAK DRBG ENTROPY/CTR_DRB G Internal StateFMAK DRBG ENTROPY/CTR_DRB G Internal StateE E
CN_INIT_DONECompletes initialization of HSM/partition. Successful initialization of HSM will reboot the HSM.MCO/PCOKBK Partition masking key DRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed]G G ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_GET_CERTFetches certificates stored on the HSM. Certificates like: VENDOR_CERT HSM_CERT PARTITION_OWNER_CERT PARTITION_CERT PARTITION_CERT_ISSUED_BY_HS M. HSM_OWNER_CERT HSM_CERT_ISSUED_BY_HOMCO/PCO/P CU/AU/UN- AUTHMARC FMAC POAC POTAC PAC AOAC AOTACNoneR R R R R R RSuccess with fips_state = 2 or 3
CN_CERT_AUTH_SECURE_BOOTPerforms cert auth based secure boot.MCO/UN- AUTHUser Public KeysRSA SigVer (FIPS 186- 4) [#C824]ESuccess with fips_state = 2 or 3
CN_FW_UPDATE_BEGIN CN_FW_UPDATE CN_FW_UPDATE_ENDBegins and performs firmware, bootloader, SMW update. Updated FW version is reflected after reboot and can be obtained from the getHSMInfo.MCOMFUVK AOAPubKRSA SigVer (FIPS 186- 4) [#C824]E ESuccess with fips_state = 2 or 3
CN_SLAVE_CONFIGPerform a slave configuration.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_INVOKE_FIPSPerform Self tests.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_RSA_CACHE_SIZEGets the number of RSA pre generated keys available in the RSA key cache.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_HSM_CONFIGSets the HSM configuration parameters.MCO/ PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_HSM_DIAG_INFOGet HSM diagnostics information.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_HSM_WT_PARAMGets the DoS parameter.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_HSM_WT_PARAMSets the DoS parameter.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_SERVER_PARAMSGets the server parameters used in Cav-server for the server handshake messages.PCO/PCU/A U/UN-AUTHTLS Session ECDH Key POAC PAK DRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821] ECDSA SigVer (FIPS 186-4) [#C825], ECDSA SigVer (FIPS 186-4) [#C829]G E E ESuccess with fips_state = 2 or 3
CN_DIAG_GET_HSM_STATSRetrieve HSM statistics over fast path.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_DIAG_GET_PARTITION_STATSRetrieve Partition statistics over fast path.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_STORE_FW_SIGNING_KEYConfigure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072 and 4096 or a supported EC curve.MCOAOAPubK, AOACRSA SigVer (FIPS 186- 4) [#C824]W ESuccess with fips_state = 2 or 3
CN_ALLOW_FW_UPDATEConfigure a lower version of FW to be allowed to be updated for certain time period and on certain HSMs.MCOAOAPubKRSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825]ESuccess with fips_state = 2 or 3
CN_GET_BOOT_DATARetrieves error logs from HSM.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_CFG_PREGEN_CACHE_SZSet pre generated keys cache size.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CFG_PREGEN_CACHE_SZSet configured pre generated keys cache size.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_CFG_PREGEN_CACHE_VA LReturns the key count in pre generated key cache.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_INIT_TIMESets the user's initial time upon receiving the HSM.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_VENDOR_TIMESets the vendor time on the HSM.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_TIMEGets the RTC and System time from HSM.MCO/ UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SYNC_TIMESets the user's time on the HSM. Also used for drift calculation and configuration. Returns useful information such as the drift between previous configured time and new time configured and the lifetime average drift observed.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTN_STORAGE_GETGets the partition private data from the per partition store.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTN_STORAGE_UPDATEUpdates partition private data into the partition store.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTN_STORAGE_DELETEDeletes the partition private data from the partition store.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_PARTITIONCreate a partition with the given name and size.MCOPAK FMAC FMAK MARC PACRSA KeyGen (FIPS 186-4) [#C824] RSA SigGen (FIPS 186- 4) [#C824]G E E E GSuccess with fips_state = 2 or 3
CN_RESIZE_PARTITIONResize an existing partition of the specified name.MCON/ANoneNoneSuccess with fips_state = 2 or 3
CN_DELETE_PARTITIONDelete a Partition & all associated keys.MCOUser Keys PMEK PAK KLK Partition Masking Key PAC 2FAMofNPubK CAPubK Login Passwords PEK KBK POTAC POKBKNoneZSuccess with fips_state = 2 or 3
CN_GET_PARTITION_COUNTReturn partition count.MCO/UN- AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_BACKUP_BEGINInitiate backup of partition configuration, users, and keys.MCO/PCOMFKBK OKBK POKBK Backup session Key DRBG ENTROPY/CTR_DRB G Internal StateKDF SP 800-108 (KBKDF) [#C826] Counter DRBG (SP 800-90Ar1) [#C821] HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E E E G ESuccess with fips_state = 2 or 3
CN_BACKUP_CONFIGBack up the partition configuration.MCO/PCOBackup session KeyAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]ESuccess with fips_state = 2 or 3
CN_BACKUP_USERSBack up the partition users.MCO/PCOBackup session KeyAES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]ESuccess with fips_state = 2 or 3
CN_BACKUP_KEYBack up the keys.MCO/PCOBackup session Key Partition masking key PEK KLK KBK User keysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E R R R R RSuccess with fips_state = 2 or 3
CN_BACKUP_ENDEnds the backup of the partition configuration, keys, and user details.MCO/PCOPAK KBK Backup session KeySHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] RSA SigGen (FIPS 186- 4) [#C824]E G ZSuccess with fips_state = 2 or 3
CN_RESTORE_BEGINInitiate restoration of partition configuration, users, and keys.MCO/PCOMFKBK OKBK POKBK Backup session KeyKDF SP 800-108 (KBKDF) [#C826] SHA- 1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E E E GSuccess with fips_state = 2 or 3
CN_RESTORE_CONFIGRestore a backed-up partition configuration.MCO/PCOBackup session KeyAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] AES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed]ESuccess with fips_state = 2 or 3
CN_RESTORE_USERSRestore the partition users.MCO/PCOBackup session KeyAES-CBC (SP 800-38A) [#C839] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]ESuccess with fips_state = 2 or 3
CN_RESTORE_KEYRestore the backed-up keys.MCO/PCOBackup session Key User keys Partition masking key PEK KLK KBKAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E W W W W WSuccess with fips_state = 2 or 3
CN_RESTORE_ENDEnds the restoration of backed up partition configuration, keys and user details.MCO/PCOKBK Backup session KeySHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]G ZSuccess with fips_state = 2 or 3
CN_BACKUP_OBJECTBackup partition key, partition CSR, PO cert, partition cert signed by PO, user auth keys.MCO/PCOBackup session Key PAK PAC POAC POTAC CAPubKAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E R R R R RSuccess with fips_state = 2 or 3
CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_D ERIVED_KEY, KBK_WRAP_WITH_RSA)Wrap KBK out of the HSM.PCOKBK, User KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KTS-IFC (KTS) (SP 800-56Br2) [#A1194],RSuccess with fips_state = 2 or 3
CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_D ERIVED_KEY, KBK_WRAP_WITH_RSA)Unwraps KBK into the HSM.PCOKBK, User KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KTS-IFC (KTS) (SP 800-56Br2) [#A1194],WSuccess with fips_state = 2 or 3
CN_RESTORE_OBJECTRestore the backed-up object and object details.MCO/PCOBackup session Key PAK PAC POAC POTAC CAPubKAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] SHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]E W W W W WSuccess with fips_state = 2 or 3
CN_SET_M_VALUESet the current M value for a CO service.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_NODEIDSets the cluster node ID for a partition.PCO/ AUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_POLICYSet an HSM policy.MCO/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CREATE_USER, CN_CREATE_PRE_OFFICER, CN_CREATE_CO, CN_CREATE_APPLIANCE_USERCreate a new CU, CO, Pre-CO or AU user with the provided name and password.MCO/PCOPMEK 2FAMofNPubK PEKAES [#C819], allowed per IG D.G, AES-CBC (SP 800-38A) [#C819] PBKDF (SP 800-132) [#A1196] RSA SigVer (FIPS 186- 4) [#C824]E W ESuccess with fips_state = 2 or 3
CN_DELETE_USERDelete the user with the given name.PCO/MCOUser KeysNoneZSuccess with fips_state = 2 or 3
CN_LIST_USERSList all users of the current partition.PCO/PCU/A U/UN-AUTHNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_USER_INFOGet user info and user attributes of a user.PCO/ PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_UNLOCK_USERUnlock CU or AU user which got locked up due to invalid login attempts.PCO/MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_ALWAYS_AUTHORIZE_USERContext specific explicit user authorization service for CKA_ALWAYS_AUTHENTICATE keys.PCUPEK CAPubK Login passwords 2FAMofNPubKAES-CBC (SP 800-38A) [#C839] RSA SigVer (FIPS 186- 4) [#C824] PBKDF (SP 800-132) [#A1196]E E E ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_GET_SOURCE_RA NDOMGets the source random number required for mutual trust protocol.PCODRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821]R ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_VALIDATE_PEER_ CERTSValidates the peer certificates as part of the mutual trust protocol.PCODRBG ENTROPY/CTR_DRB G Internal State MARC FMAC PAC AOTAC AOAC POTAC POACCounter DRBG (SP 800-90Ar1) [#C821] RSA SigVer (FIPS 186- 4) [#C824]ESuccess with fips_state = 2 or 3
CN_CERT_AUTH_SOURCE_KEY_EX CHANGEGenerate source key exchange message from the HSM.PCOSAZ PAK DRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821] RSA SigVer (FIPS 186- 4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]G R ESuccess with fips_state = 2 or 3
CN_CLONE_SOURCE_INITFetch the value for the clone target initialization.PCOPCPK DRBG ENTROPY/CTR_DRB G Internal State Partition Cloning Initiator Public KeyCounter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825]G E GSuccess with fips_state = 2 or 3
CN_CLONE_SOURCE_STAGE1Push clone target output into clone source.PCOCSSZ PCSK PCSMK Partition masking keyKAS-ECC (KAS) Sp800-56Ar3 [#A1219]G G G R ESuccess with fips_state = 2 or 3
HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]Partition Cloning Responder Public KeyHMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]
CN_CLONE_TARGET_INITPush clone source output into clone target.PCOPCPK DRBG ENTROPY/CTR_DRB G Internal State Partition Cloning Responder Public Key Partition Cloning Initiator Public KeyCounter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825]G E G ESuccess with fips_state = 2 or 3
CN_CLONE_TARGET_STAGE1Fetch the value for clone target end.PCOCSSZ PCSK PCSMK Partition Masking KeyKAS-ECC (KAS) Sp800-56Ar3 [#A1219] HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]G G G WSuccess with fips_state = 2 or 3
CN_CERT_AUTH_TARGET_KEY_EX CHANGEValidate key exchange message from peer. Used in cert-based cloning.PCOPAK SAZKAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KTS-IFC (KTS) (SP 800-56Br2) [#A1194]E GSuccess with fips_state = 2 or 3
CN_CREATE_OBJECTImport a public key into the HSM.PCUUser Public KeysNoneWSuccess with fips_state = 2 or 3
CN_GEN_KEY_ENC_KEYGenerates KLK. Generate the key encryption key The type of key is determined by the kek_method parameter in the hsm_config file. The KLK is always a global key.MCO/PCOKLK Partition KeyLoading Private Key KLSZECDSA KeyGen (FIPS 186-4) [#C825] KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219]G,W G, E GSuccess with fips_state = 2 or 3
CN_EXTRACT_MASKED_OBJECTExtracts a masked object. i.e. retrieves an object by wrapping it with a masking key shared by the process of cloning.PCU/ PCO/AU COUser Keys, PEK, KLK, Partition Masking KeyAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]R ESuccess with fips_state = 2 or 3
CN_INSERT_MASKED_OBJECTInserts a masked object into an HSM which Is extracted from another HSM.PCU/ PCO/AUUser Keys, PEK, KLK, Partition Masking KeyAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP 800- 38B) [#A1195]W ESuccess with fips_state = 2 or 3
CN_DESTROY_OBJECTDestroys Key Object.PCUUser KeysNoneZSuccess with fips_state = 2 or 3
CN_GET_ATTRIBUTE_VALUERetrieve single key attribute/metadata.PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_GET_ATTRIBUTE_SIZERetrieves the size of an attribute of an object.PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_GET_ALL_ATTRIBUTE_SIZERetrieves the size of all attributes of an object.PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_GET_ALL_ATTRIBUTE_VALUERetrieves all attributes/metadata of an object.PCO/PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_MODIFY_OBJECTUse the setAttribute command to modify object attributes.PCO/PCUUser KeysNoneWSuccess with fips_state = 2 or 3
CN_FIND_OBJECTS_USING_COUN T/CN_FIND_ALL_OBJECTS_IN_RAN GE/CN_FIND_ALL_OBJECTS/CN_FI ND_ALL_OBJECTS_USING_COUNT /CN_FIND_OBJECTS/CN_FIND_OBJ ECTS_FROM_INDEXFinds all key(s) in the partition based on input criteria. An array of key handles will be returned for the keys that match the input criteria specified, key class, key label, etc. Search can be requested from an index.MCO/PCO/P CU/AUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_GENERATE_KEYGenerates a symmetric key of given key type and length.PCUSymmetric User Keys DRBG Entropy/CTR_DRBG Internal StateCounter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP 800- 38B) [#A1195]G ESuccess with fips_state = 2 or 3
CN_SPLIT_SECRET_KEYSplit a symmetric key into multiple keys based on the attributes given by the user. The resulting key handles are stored as output in splitKeyArgs structure.PCUSymmetric User KeysNoneGSuccess with fips_state = 2 or 3
CN_GENERATE_KEY_PAIRGenerate asymmetric keys (RSA/DSA/ECC). Updates the public and private key handles in the output on return.PCUAsymmetric User KeysRSA KeyGen (FIPS 186-4) [#A1199], RSA KeyGen (FIPS 186-4) [#C824] ECDSA KeyGen (FIPS 186-4) [#C825] ECDSA KeyVer (FIPS 186-4) [#C825] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823]GSuccess with fips_state = 2 or 3
CN_EXPORT_PUB_KEYExport a public key in PEM- encoded format.PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_SHARE_OBJECTShare an object between users.PCUUser KeysNoneWSuccess with fips_state = 2 or 3
CN_GET_OBJECT_INFOObtains Key details like shared sessions, shared users and m_values of USE_KEY, MANAGE_KEY services.PCUUser KeysNoneRSuccess with fips_state = 2 or 3
CN_TOMBSTONE_OBJECTMarks the specified object stored on the HSM invalid.PCUUser KeysNoneWSuccess with fips_state = 2 or 3
CN_DELETE_TOMBSTONED_OBJEC TUsed to delete the Tombstone object, Regular Delete will fail if the object is tomb stoned.PCUUser KeysNoneZSuccess with fips_state = 2 or 3
CN_UNWRAP_KEY/CN_UNWRAP_ KEY2Unwraps a key with an AES/Triple- DES/RSA-Private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command.PCUUser Keys, KLKAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] TDES-KW (SP 800-38F) [#C1263] Triple-DES- KW (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#C839] AES [#C819], allowed per IG D.G AES [#C819], allowed per IG D.G ECDSA KeyVer (FIPS 186-4) [#C825] DSA PQGVer (FIPS 186-4) [#C823] TRIPLE-DES SP 800- 38B [#A1198], NO SECURITY CLAIMED PER IG 2.4.A AES-CMAC (SP800- 38B) [#A1195]ESuccess with fips_state = 2 or 3
CN_WRAP_KEY/CN_WRAP_KEY2Wrap sensitive (private and symmetric) keys from the HSM to the host.PCUUser Keys, KLKAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] Counter DRBG (SP 800-90Ar1) [#C821] CKG SP 800-133r2 [Vendor affirmed] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800- 56Br2) [#A1194] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-KDF-HKDF (SP 800-56Ar3)ESuccess with fips_state = 2 or 3
CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2Wrap/unwrap data with a specified AES key.PCUSymmetric User KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]ESuccess with fips_state = 2 or 3
CN_GET_RSA_CACHE_SIZEGet the number of available RSA keys.MCOAsymmetric User KeysN/AN/ASuccess with fips_state = 2 or 3
CN_DERIVE_KEYDerives a key using a supported KDF mechanism with the params given from the user.PCUUser KeysKDF SP 800-108 (KBKDF) [#C826], KDF SP 800-108 (KBKDF) [#C839], KDF SP 800- 108 (KBKDF) [#A1191] KDF ANS 9.63 (CVL) (SP 800-135r1) [#C825] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] KDA HKDF Sp800- 56Cr1 [#A1192] KDA OneStep Sp800-56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3)G ESuccess with fips_state = 2 or 3
CN_MODIFY_KEY_OWNERModify the owner user of a key.PCOUser keysNoneWSuccess with fips_state = 2 or 3
CN_ADMIN_GET_PARTN_KEYHAN DLES_HASHGets Hash of all keys for a partition.MCO/MCU/ PCU/AUUser KeysSHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]R ESuccess with fips_state = 2 or 3
CN_GET_PARTN_SINGLE_KEYHAN DLE_HASHGets Hash of single key for a partition.PCO/AUUser KeysSHA-1 (FIPS 180-4) [#C820], SHA2-224 (FIPS 180-4) [#C820], SHA2-256 (FIPS 180-4) [#C820], SHA2-384 (FIPS 180-4) [#C820], SHA2-512 (FIPS 180-4) [#C820]RSuccess with fips_state = 2 or 3
CN_PARK_OBJECTPark a key using the given parking key. Only parkable keys can be parked. Keys with parkable attribute not set cannot be parked.PCUUser KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]R ESuccess with fips_state = 2 or 3
CN_UNPARK_OBJECTUnpark given parked object using the given parking key.PCUUser KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]W ESuccess with fips_state = 2 or 3
CN_SET_USER_ATTRSet User attributes which control the functionality of a crypto user.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_LIST_AUTH_PUB_KEYSList all registered user auth pub keys.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_CERT_AUTH_REMOVE_CERTStores or removes the Partition TA cert.PCONoneNoneW ZSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_DETAILSGets Audit Logs Details.AU/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_LOGSGets Audit Logs.AU/PCONoneSHA2-256 (FIPS 180-4) [SHS #1780]NoneSuccess with fips_state = 2 or 3
CN_PARTN_GET_AUDIT_SIGNGets Audit Logs Hash or RSA signature.AU/PCOPAKSHA2-256 (FIPS 180-4) [SHS #1780] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839]E (PAK)Success with fips_state = 2 or 3
CN_PARTN_ACK_AUDIT_SIGNAcks previously retrieved signature. Either hash or signature needs to match with the values stored by HSM for firmware to accept the signature acknowledgement.AU/PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_FINALIZE_LOGSFinalize logs by inserting end marker. No more loggable commands are allowed on the partition after this command is run.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SIGNGenerate a signature on the given data with the specified private key.PCUAsymmetric User KeysRSA SigGen (FIPS 186- 4) [#A1199], RSA SigGen (FIPS 186-4) [#C824] ECDSA SigGen (FIPS 186-4) [#C825] ECDSA SigGen (FIPS 186-4) (CVL) [#C825] DSA SigGen (FIPS 186- 4) [#C823] SHA2-224 (FIPS 180- 4) [#C820], SHA2-256 (FIPS 180-4) [#C820],ESuccess with fips_state = 2 or 3
CN_VERIFYVerify the signature on the given data with specified public key.PCUUser Public KeysRSA SigVer (FIPS 186- 4) [#A1199], RSA SigVer (FIPS 186-4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825] DSA SigVer (FIPS 186- 4) [#C823]ESuccess with fips_state = 2 or 3
CN_ECC_DHComputes the shared secret (Z).PCUAsymmetric User KeysKAS-ECC-SSC Sp800- 56Ar3 [#A1220]ESuccess with fips_state = 2 or 3
CN_NIST_AES_WRAPWrap data with a specified AES key.PCUKLK Symmetric User KeysAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]E RSuccess with fips_state = 2 or 3
CN_ALLOC_SSL_CTXAllocates a context segment in the HSM memory and returns a reference to the application for the same.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_FREE_SSL_CTXFree a context segment for use by another SSL connection.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_GEN_PMKGenerate random premaster secret data and writes it into given ctx pointer.PCUDRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821]ESuccess with fips_state = 2 or 3
CN_FIPS_RANDGenerates FIPS random number of given length.PCUDRBG Entropy/HASH_DR BG Internal StateHash DRBG (SP 800- 90Ar1) [#C830]ESuccess with fips_state = 2 or 3
CN_ME_PKCS_LARGEModExp and PKCS#1, v2.2 encryption and decryption.PCUAsymmetric User KeysRSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839] KTS- IFC (KTS) (SP 800- 56Br2) [#A1194] RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200]ESuccess with fips_state = 2 or 3
CN_ME_PKCSModExp and PKCS#1, v2.2 encryption, decryption, sign and verify.PCUAsymmetric User KeysRSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839] RSA Signature Primitive (CVL) (FIPS 186-4) [#C839] KTS-IFC (KTS) (SP 800- 56Br2) [#A1194] RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200]ESuccess with fips_state = 2 or 3
CN_FECCECDSA Sign/verify and Point add/double/mul operation.PCUAsymmetric User KeysECDSA SigVer (FIPS 186-4) [#C829] ECDSA SigGen (FIPS 186-4) (CVL) [#C829]ESuccess with fips_state = 2 or 3
CN_HASHComputes SHA Hash.PCUNoneSHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780]NoneSuccess with fips_state = 2 or 3
CN_HMACCompute/Verify the MAC of a complete message. HMAC max message length supported will vary based on Hash type.PCUSymmetric and HMAC User KeysHMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839] AES-CMAC (SP 800- 38B) [#C839] AES- CMAC (SP 800-38B) [#A1190]ESuccess with fips_state = 2 or 3
CN_ENCRYPT_DECRYPTAES encryption and decryption, Triple-DES decryption.PCUSymmetric User KeysAES-CBC (SP 800-38A) [#C839], AES-CTR (SP 800-38A) [#C839], AES-ECB (SP 800-38A) [#C839] AES-CCM (SP 800- 38C) [#C839] AES-GCM (SP 800- 38D) [#A1203] AES- GCM (SP 800-38D) [#C839] AES-GMAC (SP 800-38D) [#C839] TDES-CBC (SP 800- 38A) [TDES #1311] *legacy use only TDES-ECB (SP 800- 38A) [TDES #1311] *legacy use onlyESuccess with fips_state = 2 or 3
MAJOR_OP_OTHERWhen not (RSA <= 4096), do a full handshake. The pre-master secret is read from the context or input and the rest of the handshake is completed. This is used by both the server and the client.PCUUser KeysKDF TLS (CVL) (SP 800- 135r1) [#C840] KAS-ECC-SSC Sp800- 56Ar3 [#A2161] SHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839]ESuccess with fips_state = 2 or 3
MAJOR_OP_FINISHEDFinish off the handshake hash and generate the finished messages for a full handshake. This is used in a full handshake with client authentication on either the client or the server.PCUUser KeysSHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839]ESuccess with fips_state = 2 or 3
MAJOR_OP_RESUMECompletes a resume on either the client or the server. The handshake message data for this request should include all handshake message data from (and including) the most-recent client hello message up until (but not including) the first finished message.PCUUser KeysSHA-1 (FIPS 180-4) [SHS #1780], SHA2- 224 (FIPS 180-4) [SHS #1780], SHA2-256 (FIPS 180-4) [SHS #1780], SHA2-384 (FIPS 180-4) [SHS #1780], SHA2-512 (FIPS 180-4) [SHS #1780] AES-GCM (SP 800- 38D) [#C839]ESuccess with fips_state = 2 or 3
MAJOR_OP_ENCRYPT_DECRYPT_R ECORDEncrypt/decrypt records. Send encrypted E2E request to the FW.PCUDRBG Entropy/HASH_DR BG Internal State Symmetric User KeysHash DRBG (SP 800- 90Ar1) [#C830] AES-GCM (SP 800- 38D) [#C839]ESuccess with fips_state = 2 or 3
CN_SHA3Computes SHA3 Hash.PCUNoneSHA3-224 (FIPS 202) [#A1197], SHA3-256 (FIPS 202) [#A1197], SHA3-384 (FIPS 202) [#A1197], SHA3-512 (FIPS 202) [#A1197], SHAKE-128 (FIPS 202) [#A1197], SHAKE-256 (FIPS 202) [#A1197]NoneSuccess with fips_state = 2 or 3
MAJOR_OP_DECRYPT_AND_ENCR YPTPerforms decryption with one cipher and re-encrypts the decrypted data with another cipher.PCUSymmetric User KeysAES-CBC (SP 800-38A) [#C839], AES-CTR (SP 800-38A) [#C839], AES-ECB (SP 800-38A) [#C839] AES-CCM (SP 800- 38C) [#C839] AES-GCM (SP 800- 38D) [#A1203] AES- GCM (SP 800-38D) [#C839] AES-GMAC (SP 800-38D) [#C839] TDES-CBC (SP 800- 38A) [TDES #1311] TDES-ECB (SP 800- 38A) [TDES #1311]ESuccess with fips_state = 2 or 3
CN_GET_TOKENGets a token or token info from the partition for a given service.PCO/PCUDRBG ENTROPY/CTR_DRB G Internal StateCounter DRBG (SP 800-90Ar1) [#C821]ESuccess with fips_state = 2 or 3
CN_APPROVE_TOKENSubmit approvals on token, approval could be on a single or multiple blobs.PCO/PCU2FAMofNPubKRSA SigVer (FIPS 186- 4) [#C824]ESuccess with fips_state = 2 or 3
CN_LIST_TOKENSList all MofN tokens in the current partition.PCO/PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_TOKEN_TIMEOUTGet or set the timeout values of the tokens in the partition.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_DELETE_TOKENDeletes the existing MxN tokens based on the token-delete options.PCO/PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SM_IMAGE_DELETEDelete Secure Machine images from the partition.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SME_DIAG_INFOTo get the SME diagnostic information about SM Linux and SM Manager.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_SM_APP_CONFIGSet Secure Machine App Configuration. It is used to allocate resources for SMApp.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_SM_APP_CONFIGTo get the resources allocated to an SMApp.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_SM_CAPABILITYSet Secure Machine Capability It is used to enable or disable the Capability.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_GET_SM_CONFIGTo get the existing configuration and other information. Total SMApp resources used resources information is available.MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_DIAG_INFOTo get the SMApp diagnostic information such as CPU, memory, statistics, etc.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_UPDATE_BEGINInitiates the SM App firmware update on a partition. This requires CO to be logged in.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_UPDATELoading/Updating an SMApp on.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_UPDATE_ENDCompletion of SMApp firmware update on a partition. This requires CO to be logged in.PCOPOTACRSA SigVer (FIPS 186- 4) [#C824]E (POTAC)Success with fips_state = 2 or 3
CN_SMAPP_CTRLDoes SM app start/stop/status on a partition. Requires PCO to be logged in.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_DELETEPerforms SMApp delete. This requires CO to be logged in.PCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_WRITE_DATAStore SMApp data into SMApp private storage.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_READ_DATARead SMApp data from SMApp private storage.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_DELETE_FILERead SMApp data from SMApp private storage.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SET_SM_CONFIGTo configure resources for the SM..MCONoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_WRITE_SFRAMWrite SMApp data into SMApp private SFRAM memory.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_SMAPP_READ_SFRAMRead SMApp data from SMApp private SFRAM memory.PCUNoneNoneNoneSuccess with fips_state = 2 or 3
CN_LIST_UNLINKED_OBJECTSReturn the total tombstone sessions, keys and contexts.PCONoneNoneNoneSuccess with fips_state = 2 or 3

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 13

Page 66

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy G G Z R E E G G E Marvell Semiconductor, Inc.

Page 67

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 E W E E R W E G Marvell Semiconductor, Inc.

Page 68

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 R W G G Security Policy W W W W E E E W W W E E Marvell Semiconductor, Inc.

Page 69

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy AU/UNAUTH AU/UNAUTH E E R G G G E G G E G E E E R Marvell Semiconductor, Inc. R E R

Page 70

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 M. E E G E R R R R R G Security Policy MCO/UNAUTH E E E Marvell Semiconductor, Inc.

Page 71

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E W E E L Marvell Semiconductor, Inc.

Page 72

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy MCO/ UNAUTH G E E E G N/A Z Marvell Semiconductor, Inc.

Page 73

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy MCO/UNAUTH E E E G G E E E Marvell Semiconductor, Inc.

Page 74

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E R E R R R R G Z E E E E G Marvell Semiconductor, Inc.

Page 75

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E G E W W W W W Z R R R R R R Marvell Semiconductor, Inc.

Page 76

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 W E W W W W W E W E Marvell Semiconductor, Inc. Z

Page 77

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E G R E E G G R E Marvell Semiconductor, Inc. G G E G G G R G E

Page 78

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy G G E G E G G G W E G Marvell Semiconductor, Inc.

Page 79

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy W G,W G, E G R E W E Z R R R Marvell Semiconductor, Inc.

Page 80

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy R W G E G G R Marvell Semiconductor, Inc.

Page 81

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy W R W Z E T Marvell Semiconductor, Inc.

Page 82

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E Marvell Semiconductor, Inc.

Page 83

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E N/A N/A G E Marvell Semiconductor, Inc. W

Page 84

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E R R W Marvell Semiconductor, Inc. E W E Z

Page 85

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 E E Security Policy E E R Marvell Semiconductor, Inc.

Page 86

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 G Security Policy E E E E E Marvell Semiconductor, Inc.

Page 87

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E Marvell Semiconductor, Inc.

Page 88

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E Marvell Semiconductor, Inc.

Page 89

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 G Security Policy E E Marvell Semiconductor, Inc.

Page 90

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 91
Service
NameDescriptionRolesApproved FunctionsIndicator
CN_GENERATE_PBE_KEYGenerate PBE Triple-DES key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file.PCUCOUNTER DRBG Allowed Per IG 2.4.A/ PBESUCCESS with fips_state = 0
LSPAY_GENERATE_ASYMM_KEY(Generates RSA KEY Pair (mod_len>= 2048bit)) Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP256v1)PCURSA (non-compliant) ECDSA (non- compliant)/ KAS-ECC (non-compliant)SUCCESS with fips_state = 0
LSPAY_GENERATE_SYMM_KEYGenerates symmetric key AES/TDEA Keys used for LSPay operations.PCUCOUNTER DRBG Allowed Per IG 2.4.ASUCCESS with fips_state = 0
LSPAY_EXPORT_PUBLIC_KEYExports Public key for RSA BYOK.PCUN/ASUCCESS with fips_state = 0
LSPAY_IMPORT_PUBLIC_KEYImports RSA public Key for RSA BYOKPCUN/ASUCCESS with fips_state = 0
LSPAY_VALIDATE_PUBLIC_KEYValidates RSA public Key.PCURSA (non-compliant)SUCCESS with fips_state = 0
LSPAY_IMPORT_KPKImports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key.PCURSA (non-compliant), EC-AES / ECDH KDFSUCCESS with fips_state = 0
LSPAY_EXPORT_KPKExports OAEP wrapped symmetric Key from HSM.PCURSA (non-compliant), EC-AES/ ECDH KDFSUCCESS with fips_state = 0
LSPAY_IMPORT_KEYImport symmetric or asymmetric keys. Wrap mech: TR31, AES_CBC, AES_CBC_PAD.PCUAES (non-compliant) Triple-DES (non- compliant).SUCCESS with fips_state = 0
LSPAY_IMPORT_TR34_KEYImport symmetric keys using TR-34 unwrap.PCURSA (non-compliant)SUCCESS with fips_state = 0
LSPAY_EXPORT_KEYExports Symmetric key Wrapped with TR31/AES_CBC/AES_CBC_PAD.PCUAES (non-compliant) Triple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_EXPORT_TR34_KEYExports symmetric keys wrapped with TR34 mechanism.PCURSA (non-compliant)SUCCESS with fips_state = 0
LSPAY_TRANSLATE_KEYTranslates wrapped Key from on KPK to other KPK.PCUAES (non-compliant) Triple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_IMPORT_CERTImports peer’s certificate to read public key required in TR34. Import X901 Certificate into HSM.PCUN/ASUCCESS with fips_state = 0
LSPAY_IMPORT_DECIMAL_TABLEImports encrypted decimal table to be used in PIN APIs to decimalize native PIN.PCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_GENERATE_CSRCREATE CSR with given Key Pair.PCURSA (non-compliant) /ECDSA (non- compliant)SUCCESS with fips_state = 0
LSPAY_DERIVE_KEYDerives DUKPT working key from the BDK.PCUAES (non- compliant)/DES/ Triple-DES (non- compliant))SUCCESS with fips_state = 0
LSPAY_ENCRYPTEncrypts input data or PIN.PCUAES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DESSUCCESS with fips_state = 0
LSPAY_DECRYPTDecrypts input data or PIN.PCUAES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DESSUCCESS with fips_state = 0
LSPAY_DECRYPT_THEN_ENCRYPTDecrypts the input cipher text with one key and encrypts with another key.PCUAES (non- compliant)/Triple- DES (non-compliant) /DES/ Double-DESSUCCESS with fips_state = 0
LSPAY_MAC_GENComputes MAC on input data. Algorithm used: DES/Triple-DESPCUDES MAC / Triple-DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_MAC_VERIFYVerifies MAC with calculated AMC on input data.PCUDES MAC / Triple-DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_MAC_TRANSLATETranslates MAC by using new Key on input data.PCUDES MAC / Triple-DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_FPE_ENCRYPTPerforms FPE FF1/FF3-1 Encrypt operation on input data.PCUAES (non-compliant)SUCCESS with fips_state = 0
LSPAY_FPE_DECRYPTPerforms FPE FF1/FF3-1 Decrypt operation on input data.PCUAES (non-compliant)SUCCESS with fips_state = 0
LSPAY_SIGNPerforms Sign and Verify on input data.PCURSA (non-compliant), EDDSA (non- compliant)SUCCESS with fips_state = 0
LSPAY_SIGN_VERIFYVerifies sign on input data.PCURSA (non-compliant), EDDSA (non- compliant)SUCCESS with fips_state = 0
LSPAY_PIN_BLOCK_TRANSLATEDecrypts the input PIN using decryption key, translates to given PIN format and encrypts with another key.PCUAES (non- compliant)/Triple- DES (non-compliant) RSA (non-compliant)SUCCESS with fips_state = 0
LSPAY_DERIVE_PIN_FROM_OFFSETDerive PIN from given offset. Encrypts validation data with DES EDE. Derives native PIN, then offset will be added to derive IBM PIN. PIN will be encoded in given ISO format. Encrypt encoded PIN with PIN encryption key.PCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_DERIVE_OFFSET_FROM_PINGenerates IBM offset from given PIN. Decrypt and decode received PIN. Generate native from given validation data. Subtract decoded PIN from native PIN t to get PIN offset.PCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_VERIFY_PINVerifies given PIN. Decrypt and decode received PIN. Generate native from given validation data. Add offset to native PIN. Compare resultant PIN with received PIN.PCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_PVV_GENERATIONPerform PVV generation on PIN and PAN data.PCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_PVV_VERIFYVerifies given PVV.PCUAES (non-compliant)/ Triple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_EMV_GENVERIFY_ACPerform EMV crypto operations. Generate ARPC. Generate or Verify ARQC.PCUAES (non-compliant) Triple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_EMV_SECURE_MSG_GENGenerates MAC over secure message.PCUAES (non-compliant) Triple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_CVV_GENGenerates CVV, CVV2, iCVV on given card detailsPCUAES (non- compliant)/Triple- DES (non-compliant)SUCCESS with fips_state = 0
LSPAY_CVV_VERIFYVerifies CVV with given card details.PCUTriple-DES (non- compliant)SUCCESS with fips_state = 0
LSPAY_KEY_SHARE_CREATECreates components of key.PCUShamir’s Key shareSUCCESS with fips_state = 0
LSPAY_KEY_SHARE_EXPORT_KEY_COMP ONENTExports created components in encrypted format.PCUAES (non-compliant)SUCCESS with fips_state = 0
LSPAY_KEY_SHARE_COMBINE_INITStarts combine key init.PCUN/ASUCCESS with fips_state = 0
LSPAY_KEY_SHARE_IMPORT_COMPONE NTImport component of the key.PCUAES (non-compliant)SUCCESS with fips_state = 0
LSPAY_KEY_SHARE_COMBINE_KEYCombines all components of the key.PCUShamir’s key shareSUCCESS with fips_state = 0
LSPAY_KEY_SHARE_ZEROIZEErases all components of the key.PCUN/ASUCCESS with fips_state = 0
LSPAY_MFK_GENERATEGenerates MFK key.PCOCOUNTER DRBG Allowed Per IG 2.4.ASUCCESS with fips_state = 0
LSPAY_MFK_GET_INFOReturns MFK information for partition.PCON/ASUCCESS with fips_state = 0
LSPAY_MFK_DELETEDeletes MFK.PCON/ASUCCESS with fips_state = 0
LSPAY_MFK_SET_PRIMARYSet MFK as primary.PCON/ASUCCESS with fips_state = 0
MAJOR_OP_RSASERVER_LARGEDoes a full handshake on the server with RSA > 1024 and <= 4096. This is used in a full handshake on the server.PCURSA (non-compliant)SUCCESS with fips_state = 0
MAJOR_OP_RSASERVERDoes a full handshake on the server with RSA >=512 and <= 1024. This is used in a full handshake on the server.PCURSA (non-compliant)SUCCESS with fips_state = 0
Firmware UpdateVendor zeroizes the HSM and updates the bootloader.UN-AUTHN/ARED LED BLINK
CN_GENERATE_KEY_PAIR (non- compliant)Generates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return. Caveats in Non Approved apart from approved mode: RSA 1024 bits allowed along with all odd public exponent; i.e., even lesser than 65537. • NID_X9_62_prime192v 1/NID_sect163k1/NID_ED25519/ • NID_sect163r2 /NID_secp192k1/NID_brainpoolP16 0r1/ • NID_brainpoolP192r1 /NID_X25519/ • NID_X448PCURSA (non-compliant) ECDSA (non- compliant) KAS-ECC (non- compliant)Success with fips_state = 0
CN_GENERATE_KEY (non-compliant)Generates a symmetric key of given key type and length. Caveats in Non-Approved apart from approved mode: DES token key is allowedPCUCOUNTER DRBG Allowed Per IG 2.4.ASuccess with fips_state = 0
CN_CREATE_OBJECT (non-compliant)Imports a public key into HSM. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed • NID_ED25519/ NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1/ NID_X25519/NID_X448PCUNoneSuccess with fips_state = 0
CN_UNWRAP_KEY (non-compliant)Unwraps a key with an AES/ Triple- DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. Caveats in Non Approved apart from approved mode: • RSA 1024 bit • RSA PKCS1V1.5 Unwrap • NID_X9_62_prime192v1/ NID_sect163k1/ NID_ED25519/ • NID_sect163r2 / NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1 / NID_X25519/ • NID_X448 • Triple-DESPCURSA (non-compliant), EC-AES / ECDH KDF AES (non-compliant) Triple-DES (non- compliant).Success with fips_state = 0
CN_WRAP_KEY (non-compliant)Wraps sensitive (private and symmetric) keys from the HSM to the host. Caveats in Non Approved apart from approved mode: • AES-ECB mode • AES-CBC mode • AES-CBC-PAD mode • Triple-DES ECB mode • Triple-DES CBC modePCUAES (non-compliant) Triple-DES (non- compliant) RSA (non-compliant)Success with fips_state = 0
CN_EXTRACT_MASKED_OBJECT (non- compliant)Extracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning.PCU PCO AUAES (non-compliant)Success with fips_state = 0
CN_STORE_FW_SIGNING_KEY (non- compliant)Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported 256 bits, 384 bits or 521 bits EC curve . Caveats in Non Approved is 192 bit curves supportedMCORSA (non-compliant) ECDSA (non- compliant)Success with fips_state = 0
CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant)ModExp and PKCS#1v1.5 and PKCS#1v2.2 Sign and verify. PKCS#1v1.5 and PKCS#1v2.2 encrypt and decryptPCURSA (non-compliant)Success with fips_state = 0
CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non- compliant)Stores fixed keys (KBK) for backup. Including PKCS#1v1.5ManufacturerRSA (non-compliantSuccess with fips_state = 0
CN_INSERT_MASKED_OBJECT (non- compliant)Inserts a masked object into an HSM that Is extracted from another HSM.PCU PCO AUAES (non-compliant) Triple-DES (non- compliant)Success with fips_state = 0
CN_ENCRYPT_SESSION (non-compliant)Enables encrypted communication channel. Caveat is Non Approved mode allow the additional Cipher suite E2E_RSA_AES128_GCM_SHA256 and E2E_RSA_AES128_GCM_SHA384UN-AUTHRSA (non-compliant), EC-AES / ECDH KDFSuccess with fips_state = 0
CN_DERIVE_KEY (non-compliant)Derives a key using a supported KDF mechanism with the params given by the user.PCUAES (non-compliant) Triple-DES (non- compliant) RSA (non-compliant) EC-AES / ECDH KDFSuccess with fips_state = 0

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy All Approved services can be executed in the Non-Approved services mode with indicator of “success with fips_state=0”. Approved services that also support the use of non-approved security functions are enumerated in the Non-Approved Services table below with their supported non-approved security functions. The indicator is success for all approved services when the partition is operated in the Approved mode. Table 14

Page 92

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy /ECDSA (noncompliant) EDDSA (noncompliant) EDDSA (noncompliant) Marvell Semiconductor, Inc.

Page 93

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N/A N/A N/A N/A N/A N/A Marvell Semiconductor, Inc.

Page 94

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy ECDSA (noncompliant)

Page 95

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 • • Security Policy ECDSA (noncompliant) The indicator is success for all Non-Approved services only when the partition is operated in the nonapproved mode. The Non-Approved services will fail with RET_POLICY_MISMATCH when the partition is Software/Firmware Security During the bootup, the following integrity tests are run:

  1. Bootloader runs a 32-bit CRC verification algorithm to validate the bootloader image itself.
  2. Then, bootloader runs the firmware Integrity tests based on RSA 2048-bit SHA2-256 signature.
  3. Integrity tests are part of POST and can be triggered by MCO through the CN_INVOKE_FIPS
  4. Module Firmware has two components, Firmware (FW) and Secure Machine World (SMW) as listed in Section 2.1. The two components are as follows: Marvell Semiconductor, Inc.
Page 96

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy a. Firmware (FW): CNN35XX-NFBE-FW-2.09-0702 b. Secure Machine World : CNN35XX-NFBE-SMW-2.09-0702

  1. Module Firmware is binary executable and is not open source. Operational Environment The module implements a limited operational environment. Area 6 modifiable Operational Environment requirements do not apply to the module in this validation. The module runs SMP Linux 4.9 which is part of the firmware image CNN35XX-NFBE-FW-2.09-0702.
  2. The image does not run arbitrary applications or create new application flows. All the execution flows are pre-defined for each service in the module.
  3. The image runs a monolithic application and manages the cryptographic software solely through intended services. Physical Security
7.1 Physical Security Mechanisms

The module’s cryptographic boundary is defined to be the outer perimeter of the hard epoxy enclosure containing the hardware and firmware components. The module is opaque and completely conceals the internal components of the cryptographic module. The epoxy enclosure of the module prevents physical access to any of the internal components without having to destroy the module. There are no operatorrequired actions. Marvell Semiconductor, Inc.

Page 97
Physical Security MechanismRecommended Frequency ofInspection/Test Guidance Details
Inspection/Test
Epoxy Coating12 MonthsExamine surface of module for scratched or damaged epoxy, especially if circuitry shows.

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

7.2 Tamper Evidence

The module is coated in hard epoxy, such that any physical breach attempt leaves behind evidence of tamper. This is shown in the figure below. Figure 4

Figure 4 – Cryptographic Module Showing Tamper Evidence
Figure 4 – Cryptographic Module Showing Tamper Evidence
Page 98
Temperature or voltage measurementSpecify EFP or EFTSpecify if this condition
results in a shutdown or
zeroization
Low Temperature-5CEFPShutdown
High Temperature90CEFPShutdown
Low Voltage2.9VEFTShutdown
High Voltage18.8VEFTShutdown
Hardness tested temperature measurement
Low Temperature-35C
High Temperature100C

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Table 16

9.1 Definition of Critical Security Parameters (CSPs)

The Manufacturer FIPS Data Encryption Key (MFDEK) and HSM Master Partition Master Encryption Key are stored in plaintext form in the EEPROM. The Partition Master Encryption Key (PMEK) is stored encrypted under the HSM Master Partition Master Encryption Key. All other keys and CSPs stored in the persistent memory are encrypted by the MFDEK, HSM Master Partition Master Encryption Key, or PMEK. All general-purpose user CSPs are generated/created by the PCU and these CSPs can be shared between multiple PCUs. The module itself enforces that the SSPs cannot be shared between the approved and non-approved modes. Note:

Page 99
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationUseImport Export
DRBG Entropy (OCTEON HW RBG)256-bitENT (P) SP 800-90BENT (P) SP 800- 90BSSP generationIn MemoryMFZ, VZThe entropy input string and seed for the Approved DRBG. Each version of the DRBG has its own DRBG Entropy CSP.N/A
CTR_DRBG Internal State256-bitCounter DRBG (SP 800-90Ar1) [#C821]Derived Entropy from OCTEON HW RBGSSP generationIn MemoryPD, PZ, MZ, PFZ, MFZ, VZThe internal state (V, Key) for the Approved DRBG.N/A
HASH_DRBG Internal State256-bitHash DRBG (SP 800- 90Ar1) [#C830]Derived Entropy from Counter DRBG (SP 800- 90Ar1) [#C821])SSP generationIn MemoryPD, PZ, MZ, PFZ, MFZ, VZThe internal state (V, C) for the Approved SHA DRBG.N/A
Manufacturer FIPS Data Encryption Key (MFDEK)256-bitAES-CBC (SP 800-38A) [#C819]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP 800-90Ar1) [#C821]SSP generationEEPROM (Plaintext)VZUse: AES 256-bit key used to encrypt manufacturer keys stored in persistent storage of the HSM. Related Keys: FMAK, PAK, MFKBK, OKBK, POKBKNo
HSM Master Partition Master Encryption Key (MMEK)256-BitAES-CBC (SP 800-38A) [#C819]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP 800-90AR1) [#C821]SSP generationEEPROM (Plaintext)MZUse: AES 256-bit key used to encrypt Master Partition CSPs and authentication data stored in persistent storage of the HSM. Related Keys: PMEKNo
Partition Master Encryption Key (PMEK)256-bitAES-CBC (SP 800-38A) [#C819]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output) (SP 800-90AR1) [#C821]SSP generationeMMC flash (Encrypted by MMEK , AES-CBC #C819)PZAES 256-bit key used to encrypt partition CSPs and authentication data stored in persistent storage of the HSM. Related Keys: MMEKNo
HSM FIPS Master Authentication Key (FMAK)112-BitRSA SigGen (FIPS 186- 4) [#C824] RSA SigVer (FIPS 186-4) [#C824], KTS-IFC (KTS) (SP 800-56Br2) [#A1194]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output) Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824]SSP generationeMMC flash (Encrypted by MMEK, AES-CBC #C819)VZUse: A unique 2048-bit RSA private key. Used to identify the HSM when in the operating in approved mode. Related Keys: PAC, FMACNo
Partition Authentication Key (PAK)112-BitRSA SigGen (FIPS 186- 4) [#C824] RSA SigVer (FIPS 186-4) [#C824], KTS-IFC (KTS) (SP 800-56Br2) [#A1194]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output) Counter DRBG (SP 800-90Ar1) [#C821] RSA KeyGen (FIPS 186-4) [#C824]SSP generationeMMC flash (Encrypted by PMEK, AES-CBC #C819)PDA unique 2048-bit RSA private key used to identify the HSM Partition.No
SecureAuth Shared Secret (SAZ)112-BitKDF SP 800-108 (KBKDF)[# C839]KAS (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)Key agreementIn Memory (Plaintext)EShared secret Z for SP 800- 56Br2 KAS2, using PAK and POACNo
PswdEncKey (PEK)256-BitAES CBC [#C819], allowed per IG D.G AES-CBC (SP 800-38A) [#C819]KAS (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)Key agreementIn Memory (Encrypted by PMEK, AES-CBC #C819)PZAES-256 key, for encrypting User passwords during user creation and authentication.No
Login Passwords8 character sPBKDF (SP 800-132) [#A1196]N/AKey transporteMMC flash (Encrypted by PMEK, AES-CBC #C819)DString of 8 to 32 alphanumeric characters.Yes (Import) (Encrypted by PEK, AES-CBC #C819)
Partition KeyLoading Private Key256-BitKAS-IFC HKDF (SP 800- 56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]SSP generationIn memory (Plaintext)EECC 521-bit or RSA 2048- bit key used in SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 to agree on Z during key loading.No
Partition KeyLoading Shared Secret (KLSZ)256-BitKDF SP 800-108 (KBKDF)[#C826]KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)Key agreementIn memory (Plaintext)EShared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2.No
Partition Key Loading Key (KLK)256-BitAES-CBC (SP 800-38A) [#C819], AES-KW (KTS) (SP 800- 38F) [#C1263], AES-KWP (KTS) (SP 800-38F) [#C1263], AES-GCM (SP 800- 38D) [#A1203], AES-GCM (SP 800- 38D) [#C839]KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF- OneStep(SP 800-56Ar3) KAS-KDF- TwoStep (SP 800-56Ar3) [KAS-ECC-SSC Cert. #A1220 and KDA Cert. #A1192]Key agreementeMMC flash (Encrypted by PMEK, AES-CBC #C819)PZ256-bit AES key derived from Z, used to decrypt the imported CSPs.No
Manufacturer FIPS Key Backup Key (MFKBK)256-BitKDF SP 800-108 (KBKDF) [#C826]NoKey transporteMMC flash (Encrypted by MMEK AES-KW #C1263)VZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
HSM Owner KBK (OKBK)256-BitKDF SP 800-108 (KBKDF) [#C826]NoKey transporteMMC flash (Encrypted by MMEK AES-KW #C1263)MFZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
Partition Owner KBK (POKBK)256-BitKDF SP 800-108 (KBKDF) [#C826]NoKey transporteMMC flash (Encrypted by MMEK AES-KW #C1263)PFZAES 256-bit key used to derive KBK.Yes (Import) KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
HSM Key Backup Key (KBK)256-BitAES-CBC (SP 800-38A) [#C819] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]KDF SP 800-108 (KBKDF) [#C826]Key derivation/ SSP generationeMMC flash (Encrypted by MMEK AES-KW #C1263)MZKey used to encrypt/decrypt the Backup Session Key.No
Backup Session Key256-BitAES-CBC (SP 800-38A) [#C819] AES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]SSP generationIn memory (Plaintext)EKey used to backup and restore partition data.No
Partition Cloning Private Key (PCPK)256-BitKAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2) KAS-ECC (KAS) Sp800-56Ar3 [#A1219]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]SSP generationIn memory (Plaintext)EECC 521-bit or RSA 2048- bit ephemeral Private Key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800 - 56B KAS2 -bilateral - confirmation key agreement to generate shared secret Z. At HSM Partition level, used to establish secure channel for cloning process (to export Partition Masking Key).No
Partition Cloning Shared Secret (CSSZ)256-BitKDF SP 800-108 (KBKDF)[#C826]KAS-ECC (KAS) Sp800-56Ar3 [#A1219]Key agreementIn memory (Plaintext)EShared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 - bilateral -confirmation scheme.No
Partition Cloning Session Key (PCSK)256-BitAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]KAS-ECC (KAS) Sp800-56Ar3 [#A1219]Key agreementIn Memory (Plaintext)EAES 256 key for encryption and decryption of Partition Masking Key.No
Partition Cloning Session MAC Key (PCSMK)256-BitHMAC-SHA2-256 (FIPS 198-1) [#C822]KAS-ECC (KAS) Sp800-56Ar3 [#A1219]Key agreementIn Memory (Plaintext)EHMAC SHA2-256 key used for key confirmation during SP 800-56Ar3 key agreement.No
Partition Masking Key256-bitAES-KW (KTS) (SP 800- 38F) [#C1263] AES- KWP (KTS) (SP 800- 38F) [#C1263]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]SSP generationeMMC flash (Encrypted by PMEK, AES-CBC #C819)PZAES-256 key, for key wrapping. Used to import/export CSPs and masked objects.No
Asymmetric Private Keys (user keys)112-256 BitECDSA KeyVer (FIPS 186-4) [#C825] ECDSA SIGGEN (FIPS 186-4) (CVL) [#C825] ECDSA SIGGEN (FIPS 186-4) [#C825] ECDSA SigVer (FIPS 186-4) [#C825] KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF-OneStep(SP 800-56Ar3) KAS-KDF-TwoStep (SP 800-56Ar3) KAS (SP 800-56Ar3) [#A1220 and C825] KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]SSP generation/ Key transportIn Memory/ eMMC flash (Plaintext/ Encrypted by PMEK, AES- CBC #C819)D, SRSA/DSA/ECDSA/ECDH general purpose keys.Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829]
RSA KeyGen (FIPS 186- 4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186-4) [#C824] RSA SIGVER (FIPS 186- 4) [#A1199] RSA SIGVER (FIPS 186-4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]RSA KeyGen (FIPS 186- 4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186-4) [#C824] RSA SIGVER (FIPS 186- 4) [#A1199] RSA SIGVER (FIPS 186-4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
Asymmetric Private Session Keys (user keys)112-256 BitECDSA KeyGen (FIPS 186-4) [#C825] ECDSA KeyVer (FIPS 186-4) [#C825] ECDSA SIGGEN (FIPS 186-4) (CVL) [#C825] ECDSA SIGGEN (FIPS 186-4) [#C825] ECDSA SigVer (FIPS 186-4) [#C825] KAS-KDF-HKDF (SP 800-56Ar3) KAS-KDF-OneStep(SP 800-56Ar3)CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823]SSP generation/ Key transportIn Memory PlaintextD, SRSA/DSA/ECDSA/ECDH general purpose session keys.Yes (Import/Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829]
KAS-KDF-TwoStep (SP 800-56Ar3) SP 800 KAS-KDF-ANS9.63 (SP 800-56Ar3) KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] RSA KeyGen (FIPS 186- 4) [#A1199] RSA KeyGen (FIPS 186-4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186- 4) [#C824] RSA SIGVER (FIPS 186-4) [#A1199] RSA SIGVER (FIPS 186- 4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]KAS-KDF-TwoStep (SP 800-56Ar3) SP 800 KAS-KDF-ANS9.63 (SP 800-56Ar3) KAS-ECC CDH- Component (CVL) (SP 800-56Ar3) [#C829] RSA KeyGen (FIPS 186- 4) [#A1199] RSA KeyGen (FIPS 186-4) [#C824] RSA SIGGEN (FIPS 186-4) [#A1199] RSA SIGGEN (FIPS 186- 4) [#C824] RSA SIGVER (FIPS 186-4) [#A1199] RSA SIGVER (FIPS 186- 4) [#A1201] RSA SIGVER (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4)) [#C823], RSA Decryption Primitive (CVL) (SP 800-56Br2) [#C839], RSA Signature Primitive (CVL) (FIPS 186-4) [#C839], RSA Decryption Primitive (CVL) (SP 800-56Br2)[#A1200] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigGen (FIPS 186-4) (CVL) [#c829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D)) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
Symmetric Keys (user keys)112-256 BitTDES-TKW (#C1263) TDES-ECB (#1311) TDES-CBC (#1311) TDES-CBC (#C1169) TDES-ECB (#C1169) SP 800 KDF SP 800- 108 [#C826] KDF SP 800-108 (#C839) KDF SP 800-108 (#A1191) AES [#C819] CBC/ECB [#C819], allowed per IG D.G AES KW (#C1263) AES- KWP (#C1263) AES-CMAC (SP 800- 38B)(#C839) AES-CMAC (SP 800- 38B)(#A1195) AES-CTR (SP 800-38A) [#C839] AES-GMAC (SP 800- 38D) [#C839] AES-CCM (SP 800-38C) [#C839]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]SSP generation/ Key transportIn Memory/ eMMC flash (Plaintext/ Encrypted by PMEK, AES-CBC #C819)D, STriple-DES or AES general purpose keys.Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
Symmetric Session Keys (user keys)112-256 BitTDES-TKW (#C1263) TDES-ECB (#1311) TDES-CBC (#1311) TDES-CBC (#C1169) TDES-ECB (#C1169) SP 800 KDF SP 800- 108 [#C826] KDF SP 800-108 (#C839) KDF SP 800-108 (#A1191) AES[#C819] CBC/ECB [#C819], allowed per IG D.G AES KW (#C1263) AES- KWP (#C1263) AES-CMAC (SP 800- 38B)(#C839) AES-CMAC (SP 800- 38B)(#A1195) AES-CMAC (SP 800- 38B)(#A1190) AES-CTR (SP 800-38A) [#C839] AES-GMAC (SP 800- 38D) [#C839] AES-CCM (SP 800-38C) [#C839]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]SSP generation/ Key transportIn Memory PlaintextD, STriple-DES or AES general purpose session keys.Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839]
HMAC Keys (user keys)112-256 BitHMAC-SHA2-256 (FIPS 198-1) [#C822], HMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]Key transport/ SSP generationIn Memory/eM MC flash (Plaintext/En crypted by PMEK, AES-CBC #C819)D, SHMAC general purpose keys (minimum key size of 160 bits).Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203] AES-GCM (KTS) (SP 800-38D) [#C839] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]
HMAC Session Keys (user keys)112-256 BitHMAC-SHA2-256 (FIPS 198-1) [#C822] HMAC-SHA-1 (FIPS 198-1) [#C839], HMAC-SHA2-224 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839], HMAC-SHA2-512 (FIPS 198-1) [#C839], HMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA-1 (FIPS 198-1) [#C822], HMAC-SHA2-224 (FIPS 198-1) [#C822], HMAC-SHA2-384 (FIPS 198-1) [#C822], HMAC-SHA2-512 (FIPS 198-1) [#C822]CKG SP 800- 133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP 800-90Ar1) [#C821]Key transport/ SSP generationIn Memory (Plaintext)D, SHMAC session general purpose keys (minimum key size of 160 bits).Yes (Import/ Export) AES-KW (KTS) (SP 800-38F) [#C1263] AES- KWP (KTS) (SP 800-38F) [#C1263] KAS-ECC CDH- Component (CVL) (SP 800- 56Ar3) [#C829] KDA HKDF Sp800-56Cr1 [#A1192] KDA OneStep Sp800- 56Cr1 [#A1192] KDA TwoStep Sp800-56Cr1 [#A1192] AES-GCM (KTS) (SP 800-38D) [#A1203]
E2E TLS Session ECDH Key112-256 BitKAS TLS (SP 800- 56Ar3)CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output ECDSA KeyGen (FIPS 186-4) [#C825]SSP generationIn Memory (Plaintext)EUsed for key agreement as part of E2E handshake protocol.No
TLS Session Symmetric Key Set112-256 BitSP 800 AES-CBC (SP 800-38A) [#C839] AES-GCM (SP 800- 38D) [#C839]KDF TLS (CVL) (SP 800-135r1) [#C840]Key derivationIn Memory (Plaintext)EAES 128, 192, 256 or Triple-DES keys used for encrypting TLS sessions.No
TLS Session HMAC key112-256 BitHMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839],KDF TLS (CVL) (SP 800-135r1) [#C840]Key derivationIn Memory (Plaintext)EHMAC key used in SSL session (minimum key size of 160 bits).No
E2E TLS Session Symmetric Key Set112-256 BitAES-GCM (SP 800- 38D) [#C839]KDF TLS (CVL) (SP 800-135r1) [#C840]Key derivationIn Memory (Plaintext)EAES 128/256-bit Key used for encrypting/decrypting E2E session data.No
E2E TLS Session HMAC keys112-256 BitHMAC-SHA2-256 (FIPS 198-1) [#C839], HMAC-SHA2-384 (FIPS 198-1) [#C839],KDF TLS (CVL) (SP 800-135r1) [#C840]Key derivationIn Memory (Plaintext)EHMAC keys used in E2E session.No
Manufacturer Firmware Integrity Check Keys112-BitRSA SigVer (FIPS 186- 4) [#A1201]NoPre-loading of a keyeMMC flash (Plaintext)VZRSA 2048-bit public keys used to check the integrity of the SW images booted. The SW image is signed by the manufacturer using a RSA private key. Note: This is not an SSP but is included for completeness of the parameters used by the module.No
Manufacturer Firmware Update Validation Key (MFUVK)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoPre-loading of a keyeMMC flash (Plaintext )N/ARSA 2048-bit public key used to authenticate new SW images uploaded into the module. The SW image is signed by the manufacturer using an RSA private key and the signature is verified before upgrading to the new image using the public key. Note: This PSP is considered protected, because it cannot be modified by a user of the module. It is delivered as part of the existing firmware image, which can only be replaced by vendor-signed images.No
Manufacturer License Validation Key (MLVK)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoPre-loading of a keyeMMC flash (Plaintext )N/ARSA 2048-bit public key used to authenticate the manufacturer role. Note: This PSP is considered protected, because it cannot be modified by a user of the module. It is factory loaded in the module.No
Manufacturer Authentication Root Cert. (MARC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoPre-loading of a keyeMMC flash (Plaintext )VZRSA 2048-bit public key certificate, used to issue FMAC certificates.No
HSM FIPS Master Authentication Certificate (FMAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoPre-loading of a keyeMMC flash (Plaintext )VZRSA 2048-bit public key certificate of FMAK. Used to identify the HSM FIPS operating mode.No
SecureBootAuth Public Key112-BitRSA SigVer (FIPS 186- 4) [#C824]NoPre-loading of a keyeMMC flash (Plaintext )MFZRSA 2048-bit public key used to verify authenticity of the host system.No
HSM/Adapter Owner Trust Anchor Certificate (AOTAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoSSP EntryeMMC flash (Plaintext )MFZRSA 2048-bit public key certificate used as trust anchor of MCO.No
HSM/Adapter Owner Authentication Certificate (AOAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoSSP EntryeMMC flash Plaintext )MFZRSA 2048-bit public key certificate of FMAK. Used to identify the HSM owner.No
Partition Authentication Certificate (PAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output RSA KeyGen (FIPS 186-4) [#C824]SSP Entry/ SSP generationeMMC flash (Plaintext )PDRSA 2048-bit public key certificate of PAK. Used to identify the Partition.No
Partition Owner Trust Anchor Certificate (POTAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoSSP EntryeMMC flash (Plaintext )PFZRSA 2048-bit public key certificate used as trust anchor of PCO.No
Partition Owner Authentication Certificate (POAC)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoSSP EntryeMMC flash (Plaintext )PFZRSA 2048-bit public key certificate of PAK. Used to identify the Partition owner.No
Partition Cloning Initiator Public Key256-BitECDSA SigVer (FIPS 186-4) [#C825] KAS- ECC (KAS) Sp800-56Ar3 [#A1219]NoSSP EntryIn memory (Plaintext)EECC 521-bit ephemeral public key used in SP 800- 56Ar3 C (2,0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 -bilateral -confirmation key agreement to generate shared secret Z.No
Partition Cloning Responder Public Key256-BitECDSA SigVer (FIPS 186-4) [#C825] KAS- ECC (KAS) Sp800-56Ar3 [#A1219]NoSSP EntryIn memory (Plaintext)EECC 521-bit ephemeral public key used in SP 800- 56Ar3 C (2, 0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 -bilateral -confirmation key agreement to generate shared secret Z.No
Host PswdEncKeyPublicK ey112-BitRSA SigVer (FIPS 186- 4) [#C824] KAS-IFC HKDF (SP 800-56Br2) KAS-IFC OneStep (SP 800-56Br2) KAS-IFC TwoStep (SP 800-56Br2)NoSSP entryIn Memory (Plaintext)ERSA 2048-bit public key loaded by the host to be used SP 800-56Br2 key agreement to generate PswdEncKey.No
Two-Factor Authentication Public Key or MofN Authentication Key (2FAMofNPubK)112-BitRSA SigVer (FIPS 186- 4) [#C824]NoSSP EntryeMMC flash (Encrypted by PMEK, AES-CBC #C819)PZRSA 2048-bit public key used to verify signature on encrypted passwords during user creation and login and/or to verify signatures on MofN authentication tokens.No
E2E Client Authentication Public key (CAPubK)112-256 BitRSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825]NoSSP EntryeMMC flash (Plaintext)PZRSA or EC public key of approved modulus or curveId to allow E2E/TLS client authentication in E2E/TLS handshakeNo
Adapter Owner Attestation Public key (AOAPubK)112-256 BitRSA SigVer (FIPS 186- 4) [#C824] ECDSA SigVer (FIPS 186-4) [#C825]NoSSP EntryeMMC flash (Plaintext)PZRSA or EC public key of approved modulus or curveId to allow HSM/Adapter Owner to authenticated with signature verification with this public key and perform FW image updateNo
User Public Keys (user keys)112-256 BitECDSA SigVer (FIPS 186-4) [#C825] RSA SigVer (FIPS 186-4) [#C824] KTS-IFC (KTS) (SP 800-56Br2) [#A1194] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] DSA SigVer (FIPS 186-4) [#C823] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigVer (FIPS 186-4) [#C829]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]SSP entry/ SSP generationeMMC flash (Encrypted by PMEK, AES-CBC #C819)DRSA/DSA/ECDSA/ECDH public keys.Yes (Import Plaintext)
User Public Session Keys (user keys)112-256 BitECDSA SigVer (FIPS 186-4) [#C825] RSA SigVer (FIPS 186-4) [#C824] DSA KeyGen (FIPS 186-4) [#C823] DSA PQGGen (FIPS 186-4) [#C823] DSA PQGVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186-4) [#C823] DSA SigVer (FIPS 186- 4) [#C823] KAS-ECC-SSC Sp800- 56Ar3 [#A1220] KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) KAS-ECC-SSC Sp800- 56Ar3 [#A2161] ECDSA SigVer (FIPS 186-4) [#C829] KTS-IFC (KTS) (SP 800-56Br2) [#A1194]CKG SP 800- 133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output DSA KeyGen (FIPS 186-4) [#C823] ECDSA KeyGen (FIPS 186-4) [#C825] RSA KeyGen (FIPS 186-4) [#C824]SSP entry/ SSP generationIn Memory (Plaintext)D, SRSA/DSA/ECDSA/ECDH public session keys.No

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy S: Zeroized on session close (Session close via CN_CLOSE_SESSION, CN_APP_FINALIZE, and CN_CLOSE_PARTITION_SESSIONS services. Please see Table 13 for further details.) Zeroize all SSPs in the Partition and then delete the User Partition (via CN_DELETE_PARTITION service). Zeroize all User SSPs in the Partition (User Partition Regular zeroize via CN_ZEROIZE service) MZ: Zeroize all Partitions’ SSPs, except vendor programmed ones ( Master Partition Regular CN_ZEROIZE) PFZ: Zeroize all SSPs in the Partition (Factory reset via CN_ZEROIZE service with factory-reset as argument with PCO credentials) MFZ: Zeroize all Partitions’ SSPs, including the HSM adapter owner programmed ones (Brings HSM to factory state. Factory reset via CN_ZEROIZE service with factory-reset as argument with MCO credentials.) Vendor zeroize (via CN_VENDOR_ZEROIZE service. Zeroizes all SSPs including vendor programmed configuration and CSPs. Makes the module unusable; the module must be sent back to the vendor for re-programming.) Table 18

Page 100

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 101

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E s N/A E E Marvell Semiconductor, Inc.

Page 102

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy E Marvell Semiconductor, Inc.

Page 103

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E [#C1263] AESunmodified Marvell Semiconductor, Inc.

Page 104

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy D, S Marvell Semiconductor, Inc.

Page 105

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy Marvell Semiconductor, Inc.

Page 106

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy AESEncrypted by Marvell Semiconductor, Inc. D, S

Page 107

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy [#C1263] AESusing D, S [#C1263] AESusing D, S Marvell Semiconductor, Inc.

Page 108

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E E E Marvell Semiconductor, Inc.

Page 109

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Establishment Security Policy Marvell Semiconductor, Inc.

Page 110

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy E E E Marvell Semiconductor, Inc.

Page 111

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Marvell Semiconductor, Inc.

Page 112

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy D, S Table 19

Page 113

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

10 Self-Tests

This section documents the security rules enforced by the cryptographic module to implement the selftest requirements of this FIPS 140-3 Level-3 module. The module always executes the self-tests without operator intervention regardless of approved or nonapproved mode or any other configuration. Failure of any of these tests causes the module to go into an error state and all future commands received are rejected by the module. The module needs to be reset to recover from the situation. Data output except for status log messages is inhibited during self-tests, zeroization, and error states. Status information does not contain CSPs or sensitive data. The conditional cryptographic algorithm self-tests (CAST) run periodically. The periodicity is configurable by the MCO and by default runs for every 8 hours. These self-tests can be triggered by the operator via MCO role. Please refer to Section 11.3 for guidance on how to initiate these tests. The execution of CASTs causes a momentary (less than a second) service interruption. The operator is capable of commanding the module to perform the pre-operational and conditional selftests by cycling power or resetting the module. The voltage and temperature monitoring is performed continuously by the module every 30 seconds. The cryptographic module performs the following pre-operational and conditional self-tests:

Page 114

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 − − −

Page 115

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy SP 800-38B Triple-DES CMAC KAT (#A1198, 192bit Key) SP 800-56Br2 RSA Decryption Primitive KAT (#A1200, 2048bit) SP 800-56Br2 RSA Encryption Primitive KAT (2048bit) SP 800-90Ar1 Counter DRBG (instantiate/generate/reseed) KAT (#C821, AES-256bit Key) c. Others - FIPS 186-4 RSA SigVer KAT (#A1201, RSA 2048-bit SHA2-256 signature verification) - SP 800-108 KDF CMAC (counter) KAT (#A1191, AES-128bit Key) - SP 800-108 KDF CMAC (counter) KAT (#A1191, Triple-DES 192bit Key)* - SP 800-38B AES-CMAC (hybrid) KAT (#A1190, 128bit Key) - SP 800-38F AES-KW Key Unwrap KAT (#C1263, LiquidSecurity Keywrap, 256-bit Key) - SP 800-38F AES-KW Key Wrap KAT (#C1263, LiquidSecurity Keywrap, 256-bit Key) - SP 800-38F Triple-DES-KW Key Unwrap KAT (#C1263, LiquidSecurity Keywrap, TripleDES CBC #C1169, 192bit Key) - SP 800-38F Triple-DES-KW Key Wrap KAT (#C1263, LiquidSecurity Keywrap, TripleDES CBC #C1169, 192bit Key)* - SP 800-38G AES-FF1 encrypt KAT (#A1189, 128bit Key)* - SP 800-56Ar3 KAS-ECC KAT (#A1219, P521 and HMAC-SHA2-512) - SP 800-56Ar3 KAS-ECC-SSC KAT (#A1220, P521) - SP 800-56Ar3 required assurances** - SP 800-56Br2 KAS-IFC-SSC KAT (#A1193, 3072bit Key

Page 116
FIPS TestLED Pattern
LED No.ColorRedGreenBlueBlinks
N3 AES-CBC Encrypt/DecryptD12RedYNN2
N3 AES-GCM EncryptD12RedYNN2
N3 AES-GCM DecryptD12RedYNN2
N3 AES-CCM EncryptD12RedYNN2
N3 AES-CCM DecryptD12RedYNN2
N3 AES-CMAC KDFD12RedYNN3
N3 HMAC KDFD12RedYNN3
N3 TLS KDFD12RedYNN3
N3 Triple-DES-CBC Encrypt/DecryptD12RedYNN4
N3 RSASP1D12RedYNN5
N3 RSA Enc and DecD12RedYNN5
RSA OAEP KTS (FW + NITROX)D12RedYNN5
AES CMAC (FW + NITROX)D12RedYNN6
N3 HMACD12RedYNN7
N3 ECC CDHD12GreenNYN2
N3 ECDSA Sig VerifyD12RedNNY5
N3 DRBG SHAD12GreenNYN3
N3 SHA1D12GreenNYN4
N3 SHA-256 and SHA-512D12GreenNYN4
OpenSSL AESCBC Encrypt/DecryptD12BlueNNY2
OpenSSL DSA Sign/VerifyD12GreenNNY3
OpenSSL DRBG CTRD12BlueNNY7
OpenSSL ECDSA PKVD12BlueNNY4
OpenSSL ECDSA Sign/Verify KATD12BlueNNY4
OpenSSL RSA Sign/Verify KATD12BlueNNY5
OpenSSL RSA Encrypt/DecryptD12BlueNNY5
OpenSSL HMAC KDFD12BlueNNY6

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

10.1 LED Error Pattern for Self-Test Failure

On successful completion of the self tests, the D10 Green LED remains in the “ON” state. Blinking indicates failures on the HSM. If the LED remains in the permanent glow, the card’s state is fine. All blinks are 200ms ON and 200ms OFF. Blink delay time gap is 1000ms. These tests map to the tests listed in section 10 Self-Tests. Table 20

Page 117
FIPS TestLED Pattern
LED No.ColorRedGreenBlueBlinks
OpenSSL X963 KDFD12BlueNNY6
OpenSSL CMAC KDFD12BlueNNY6
AES KeyWrapD12BlueNNY2
AES KeyUnwrapD12BlueNNY2
Triple-DES KeyWrapD12BlueNNY8
SP 800-56Ar3 KASD12BlueNNY2
OpenSSL SHA-1D12GreenNYN5
OpenSSL SHA-256 and SHA-512D12GreenNYN5
PBKDF (SP 800-132) [#A1196]D12GreenNYN6
AES FF1D12GreenNYN7
OpenSSL HMACD12GreenNYN8
SP 800-56Cr2 KDFs (OneStep and Two-step)D12BlueNNY6
SP 800-56Ar3 ECDH + SSCD12BlueNNY9
SP 800-56Ar3 SSCD12BlueNNY9
OpenSSL Triple-DES CMACD12BlueNNY8
ECDSA pair wise consistency testD12BlueNNY4
RSA pair wise consistency testD12BlueNNY5
DSA pair wise consistency testD12GreenNYN1
Firmware Power-on Tests
NITROX device file creationD14RedYNN1
NITROX driver load failsD14RedYNN2
NITROX micro code load failsD14RedYNN3
NITROX pot test failuresD14RedYNN4
Database creation failsD14RedYNN5
Mgmt daemon has not started successfullyD14RedYNN6
HW RBG for firmwareD12BlueNNY3
Other Firmware States
HSM Boot stage 1D10RedYNNNo blink
FW integrity Failure stateD10/D12/D14RedRNN30 sec on and reboot
HSM Boot stage 2D10RedYNNBlink (definite)

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy N N Y N N Y N N Y N N Y N N Y N N Y N Y N N Y N N Y N N Y N N Y N N N Y N N Y N N Y N N Y N N Y N N Y N Y N Y N N Y N N Y N N Y N N Y N N Y N N N N Y Y N N R N N Y N N Marvell Semiconductor, Inc.

Page 118
FIPS TestLED Pattern
LED No.ColorRedGreenBlueBlinks
HSM Boot stage 3(SE-APP initialized Linux handshake not done)D10VioletYNYNo blink
HSM Linux handshake done, host driver handshake not doneD10VioletYNYInfinite
HSM PF driver handshake completeD10GreenNYNNo blink
HSM admin driver handshake doneD10BlueNNYNo blink

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy Y N Y Y N Y N Y N N N Y

11 Life-Cycle Assurance
11.1 Secure Installation, Initialization, Startup, and Operation of the Module

Before installing the HSM, the customer verifies the following: • The ESD bag in which the HSM is placed in the shipping container is sealed and has not been tampered with. • The part number and other information included in the label on the HSM matches the label on the shipping bag. • There is no evidence of physical tampering on the HSM itself. After this is verified, the customer can physically insert the HSM into the PCIe on the host server. The host must meet the following minimum requirements: • x86 • Low-profile PCIe Gen 4x8 • SR-IOV support enabled After the HSM is physically installed, the LiquidSecurity driver and utilities that communicate with the HSM are installed on the host using the Linux make utility. The user must be logged in as root to perform the installation. The HSM owner then completes the following steps to claim ownership of the HSM and sets the “fips_state” flag:

  1. Loads the driver (command: insmod <driver.ko>).
  2. Invokes Cfm2Master Utility and logs in as default crypto officer (CO) and initializes the HSM. For example: Command: initHSM -p <CO password> -sO <CO user name> -fips_state 2 As part of initializing the HSM: • The Master Crypto Officer is created with username/password (see Table 11, Table 12, and Table

10 for a description of this role, authentication requirements, and service access).

Page 119

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy As a final step, the HSM owner ensures that only they can be authenticated for backup/restore and cloning operations on the HSM by loading the adapter owner certificates (AOTAC and AOAC) on the HSM and generating the HSM owner fixed backup key (OKBK). These steps are taken by the MCO using Cfm2MasterUtil with below given commands. Command syntax for AOTAC, AOAC, and OKBK storage, there by HSM owner claiming the HSM ownership: Command: storeCert -s <cert-type> -f <Adapter Owner Trust Anchor Cert>.crt Command: storeCert -s <cert-type> -f <Adapter Owner Auth Cert>.crt Command: storeMCOFixedKey -f <path>/<OKBK-file> -k <path>/HSMOwner.key

11.2 Maintenance Requirements
11.3 Administrator and Non-Administrator Guidance

The specific tasks that can be performed by users on the HSM are strictly limited by their user role (see Table 10 for details). A user of the module can query the module’s device information, operational parameters, operating mode by invoking the command getHSMInfo from the Cfm2MasterUtil. “FIPS state” member of the output will indicate the module to be in one of the following modes:

Page 120

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703

Page 121

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy

11.4 User Guidance

AES GCM IV Restoration upon Power Cycle of Module: In case the module’s power is lost and then restored, the module will establish new sessions which will generate new IVs. For an E2E (TLS) session, this will result in fresh handshake and so new AES-GCM Keys and IVs will be established for the new session.

12 Mitigation of Other Attacks

No mitigation of other attacks is implemented by the module.

13 References
  1. NIST Key Wrap Specification SP 800-38F, December 2012.
  2. NIST Special Publication 800-38D November 2007.
  3. NIST Special Publication 800-56A rev3, April 2018.
  4. NIST Special Publication 800-56B rev2, March 2019.
  5. NIST Special Publication 800-56C rev2, August 2020.
  6. NIST Special Publication 800-57 Part-1 rev5, May 2020.
  7. FIPS PUB 186-4, Digital Signature Standard (DSS), July 2013.
  8. FIPS PUB 140-3, FIPS Publication 140-3 Security Requirements for Cryptographic Modules.
  9. NIST Special Publication 800-90A rev1, June 2015
  10. NIST Special Publication 800-90B, January 2018
  11. Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program
  12. NIST Special Publication 800-131Ar2, March 2019.
  13. NIST Special Publication 800-133 rev2, June 2020
  14. NIST Special Publication 800-108, October 2009
  15. NIST Special Publication 800-135 Revision 1, December 2011
  16. CNL35xx-NFBE-Driver-SDK_UserGuide-2.08-01-Rev3
  17. NIST Special Publication 800-52 rev2, August 2019.
14 Definitions and Acronyms

MCO

Page 122

NITROX III CNN35XX-NFBE HSM Family Version 2.09-0703 Security Policy KAT

Referenced URLs