| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 6/5/2029 |
| Entropy | ENT (P) |
| Caveat | When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy |
| Vendor | Marvell Semiconductor, Inc. |
| Hardware versions | LS2-G-A050-B0, LS2-G-A100-B0, LS2-G-A200-B0, LS2-G-A300-B0, LS2-G-A400-B0 |
| Product page | https://www.marvell.com/products/security-solutions/liquidsecurity2.html |
|---|---|
| Support page | https://www.marvell.com/support/security-solutions.html closed support |
| Documentation | https://www.marvell.com/content/dam/marvell/en/public-collateral/security-solutions/marvell-liquidsecurity2-hsm-adapters-product-brief.pdf |
| https://www.marvell.com/support/doc-library.html | |
| Assessment | Public product brief is available; the LS2 admin/SDK documentation is behind the Marvell Customer Portal login. Support page is a contact form. |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 3 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 3 |
| Software/Firmware Security | 3 |
| Operational Environment | N/A |
| Physical Security | 3 |
| Non-Invasive Security | N/A |
| Sensitive Security Parameter Management | 3 |
| Self-Tests | 3 |
| Life-Cycle Assurance | 3 |
| Mitigation of Other Attacks | N/A |
flowchart LR
%% Deterministic review-risk graph for Marvell LS2 HSM Family
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C1["[high] Firmware / bootloader<br/>versions disclosed<br/>(identity, not provenance)<br/><i>MARVELL-LS2-FW-*, MARVELL-LS2-UBOOT-*</i>"]
C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FI…<br/>CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END<br/>CN_UPDATE_LICENSE</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i>"]
C4["[high] Physical/logical<br/>interfaces (some 'blocked<br/>in firmware')<br/><i>USB FTDI USB to Multi-Channel Serial SPI/I2C…<br/>PCIe<br/>PCIe SMBus</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>arm trusted firmware</i>"]
end
subgraph Inference["Derived inference"]
I1["Component identity is<br/>disclosed, but provenance<br/>and patch lineage are not."]
I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I4["Interface reachability may<br/>vary by boot stage and<br/>lifecycle state."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R1["Do the vendor version<br/>strings obscure the<br/>upstream baseline, fork<br/>lineage, or known-CVE<br/>exposure?"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R4["Are interfaces blocked<br/>before the bootloader<br/>runs, or only after<br/>approved mode starts?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E1["SBOM / component baselines<br/>· patch and backport<br/>manifest · CVE disposition"]
E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E4["lifecycle reachability<br/>matrix · boot-stage<br/>interface timing ·<br/>factory/recovery/error-state<br/>access controls"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C1 --> I1 --> R1 --> E1
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C4 --> I4 --> R4 --> E4
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C1,C2,C3,C4,C5,C6 clue;
class I1,I2,I3,I4,I5,I6 infer;
class R1,R2,R3,R4,R5,R6 risk;
class E1,E2,E3,E4,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Marvell LS2 HSM Family
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C1["[high] Firmware / bootloader versions disclosed (identity, not provenance)<br/><i>MARVELL-LS2-FW-*, MARVELL-LS2-UBOOT-*</i><br/>src: certificate.firmwareVersions"]
C2["[high] Firmware update / recovery / rollback services<br/><i>CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FI…<br/>CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END<br/>CN_UPDATE_LICENSE</i><br/>src: securityPolicy.services"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>CN_ZEROIZE<br/>CN_APP_INITIALIZE<br/>CN_APP_FINALIZE</i><br/>src: securityPolicy.services"]
C4["[high] Physical/logical interfaces (some 'blocked in firmware')<br/><i>USB FTDI USB to Multi-Channel Serial SPI/I2C…<br/>PCIe<br/>PCIe SMBus</i><br/>src: securityPolicy.portsAndInterfaces"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>arm trusted firmware</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C1,C2,C3,C4 clueHigh;
class C5,C6 clueLow;Marvell LS2 HSM Family January 29, 2026
| Revision | Date | Author | Change Description |
|---|---|---|---|
| 1.0 | October 18, 2021 | Phanikumar Kancharla | FW v1.0 build 01 CMVP initial submission. |
| 1.0.1 | April 6, 2022 | Phanikumar Kancharla and Girish Kumar Yerra | FW 10.0 build 03 update. |
| 1.0.1a | January 12, 2023 | Girish Kumar Yerra | Addressing CMVP comments and adding bug fixes. |
| 1.0.1b | August 16, 2023 | Rajendar Kalwa | Addressed comments from NIST. Updated FW build with changes to address CMVP comments and bug fixes to 10.01-07 |
| 1.0.1c | December 27, 2023 | Rajendar Kalwa | Addressed comments from NIST. Updated FW build with changes to address algorithm transitions and bug fixes to 10.02-1101 |
| 1.0.1d | May 13, 2024 | Rajendar Kalwa Vikash Kumar | Addressed comments from NIST |
| 1.0.1e | June 4, 2024 | Rajendar Kalwa | Addressed final comments from NIST |
| 1.0.2 | March 7, 2025 | Vikash Kumar Deepanshu Tyagi | NSRL submission changes |
| 1.0.3 | October 29, 2025 | Vikash Kumar Deepanshu Tyagi | NSRL submission changes |
| 1.0.4 | January 29, 2026 | Vikash Kumar Deepanshu Tyagi | NSRL submission changes |
Revision History 1.0 1.0.1 1.0.2 1.0.3 1.0.4 Notice This document may be reproduced only in its entirety (without revision).
| # | Section | Page |
|---|---|---|
| 1 | General | 6 |
| 1.1 | Module Overview | 6 |
| 1.2 | Security Level | 6 |
| 2 | Cryptographic Module Specification | 7 |
| 2.1 | Partitions | 10 |
| 2.2 | Modes of Operation | 11 |
| 2.3 | Supported Cryptographic Algorithms | 11 |
| 2.4 | TLS 1.2 Cipher Suites | 24 |
| 2.5 | Module Photograph | 24 |
| 3 | Cryptographic Module Interfaces | 26 |
| 3.1 | PCIe Data Interface | 26 |
| 3.2 | Other Interfaces | 26 |
| 4 | Roles, Services, and Authentication | 27 |
| 4.1 | Roles, Services, and CSP Access | 27 |
| 5 | Firmware Security | 67 |
| 6 | Operational Environment | 67 |
| 7 | Physical Security | 67 |
| 7.1 | Physical Security Mechanisms | 67 |
| 7.2 | Tamper Evidence | 67 |
| 8 | Non-Invasive Security | 68 |
| 9 | Sensitive Security Parameter Management | 68 |
| 9.1 | Definition of Critical Security Parameters (CSPs) | 68 |
| 9.2 | Definition of Session Keys | 81 |
| 10 | Self-Tests | 81 |
| 11 | Life-Cycle Assurance | 83 |
| 11.1 | Secure Installation, Initialization, Startup, and Operation of the Module | 83 |
| 11.2 | Maintenance Requirements | 84 |
| 11.3 | Administrative and Non-Administrative Guidance | 84 |
| 11.4 | LED Error Pattern for FIPS Failure | 86 |
| 11.5 | User Guidance | 86 |
| 12 | Mitigation of Other Attacks | 87 |
| 13 | References | 87 |
| 14 | Definitions and Acronyms | 87 |
| Item | Page |
|---|---|
| Table 1 Security Levels | 6 |
| Table 2 Cryptographic Module Tested Configuration | 7 |
| Table 3 Approved Algorithms | 11 |
| Table 4 Non-Approved Algorithms Allowed in the Approved Mode of Operation | 21 |
| Table 5 Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed | 22 |
| Table 6 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation | 22 |
| Table 7 Ports and Interfaces | 26 |
| Table 8 Roles, Service Commands, Input and Output | 30 |
| Table 9 Roles and Authentication | 36 |
| Table 10 Approved Services | 36 |
| Table 11 Non-Approved Services | 61 |
| Table 12 Physical Security Inspection Guidelines | 67 |
| Table 13 EFP/EFT | 68 |
| Table 14 Hardness Testing Temperature Ranges | 68 |
| Table 15 SSPs | 69 |
| Table 16 Non-Deterministic Random Number Generation Specification | 80 |
| Table 17 LED Flash Pattern for Errors | 86 |
| Item | Page |
|---|---|
| Figure 1 Top View of Cryptographic Module | 24 |
| Figure 2 Bottom View of Cryptographic Module | 25 |
| Figure 3 Cryptographic Module Showing Tamper Evidence | 67 |
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 3 |
| 2 | 2 | Cryptographic Module Specification | 3 |
| 3 | 3 | Cryptographic Module Interfaces | 3 |
| 4 | 4 | Roles, Services, and Authentication | 3 |
| 5 | 5 | Software/Firmware Security | 3 |
| 6 | 6 | Operational Environment | N/A |
| 7 | 7 | Physical Security | 3 |
| 8 | 8 | Non-Invasive Security | N/A |
| 9 | 9 | Sensitive Security Parameter Management | 3 |
| 10 | 10 | Self-Tests | 3 |
| 11 | 11 | Life-Cycle Assurance | 3 |
| 12 | 12 | Mitigation of Other Attacks | N/A |
1.1 Module Overview The LS2 HSM Family module (hereafter referred to as the module or HSM) by Marvell is a high-performance purpose-built security solution for key management and crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and protocol acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload for the keys stored on the HSM. The module’s functions are accessed over the PCIe interface via opcode defined by the module. The HSM is a hardware multi-chip embedded cryptographic module with firmware programmed on the HSM. The module provides cryptographic primitives to accelerate approved, allowed and non-approved, allowed (only in non-approved mode of operation) algorithms to support use cases including PKI, code signing, document signing, Root Of Trust, and TLS. The cryptographic functionality includes asymmetric (RSA/EC) and symmetric (AES and Triple-DES) ciphers, signatures, and random number generation, along with protocol-specific complex instructions to support TLS 1.2. The module implements password-based singlefactor authentication at FIPS 140-3 Level 3 security and an optional public-key-based authentication. The physical boundary of the module is the outer perimeter of the PCIe card itself as depicted in section 2.5 . 1.2 The cryptographic module meets the overall requirements applicable to Level 3 security of FIPS 140-3. Table 1 Security Levels [Number Below] N/A N/A N/A
| Name | Model | Hardware Version | Firmware Version | Features |
|---|---|---|---|---|
| LiquidSecurity 2 (LS2) | LiquidSecurity 2 (LS2) | LS2-G-A050-B0 | FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1202 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 | HW Version B0 |
| LiquidSecurity 2 (LS2) | LiquidSecurity 2 (LS2) | LS2-G-A100-B0 | FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10 | HW Version B0 |
| LiquidSecurity 2 (LS2) | LiquidSecurity 2 (LS2) | LS2-G-A200-B0 | FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 | HW Version B0 |
| LiquidSecurity 2 (LS2) | LiquidSecurity 2 (LS2) | LS2-G-A300-B0 | FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1150 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 FW: MARVELL-LS2-FW-10.23-1202 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB HPS APP: PIN-App:10.23-1107 | HW Version B0 |
| LiquidSecurity 2 (LS2) | LiquidSecurity 2 (LS2) | LS2-G-A400-B0 | FW: MARVELL-LS2-FW-10.02-1102 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB | HW Version B0 |
Cryptographic Module Specification The configuration of hardware and firmware for this validation is as described in the following table: Table 2 Cryptographic Module Tested Configuration
Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R02-SB FW: MARVELL-LS2-FW-10.23-1107 Bootloader: MARVELL-LS2-UBOOT-10.01-10 Bootloader: MARVELL-LS2-UBOOT-10.02-1200 Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB Bootloader: MARVELL-LS2-UBOOT-10.23-1107 -R01-SB HPS APP: PIN-App:10.23-1107 The part number printed on the product label will have additional information to optionally identify a manufacturing process such as key ceremony, packaging, and shipping per customer requirements. For example, the part number shown on the product label is in the format “LS2-G-A300-XX-Y-B0”. Here XX represents the key ceremony process and “Y” represents the size of the bracket (short or full) fitted to the module (PCIe adapter). LS2-HSM-G Firmware MARVELL-LS2-FW-10.02-1102 MARVELL-LS2-UBOOT-10.01-10 MARVELL-LS2-UBOOT-10.02-1200 MARVELL-LS2-FW-10.23-1107 MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 MARVELL-LS2-FW-10.23-1150 MARVELL-LS2-UBOOT-10.01-10 MARVELL-LS2-UBOOT-10.02-1200-SB MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 MARVELL-LS2-FW-10.23-1202 MARVELL-LS2-UBOOT-10.23-1107 -R01-SB MARVELL-LS2-UBOOT-10.23-1107 -R02-SB PIN-App:10.23-1107 Note: These binaries do not have extensions. The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module. Important hardware components of the module are: general purpose, ARM-based control processor, ARM-based microcontroller, RAM memory, NOR and eMMC flash for persistent storage, USB interfaces, and RJ45 and PCIe gen-4 x8 with SMBus interfaces. The following components are excluded from the cryptographic boundary as they do not belong to either data/control interface.
2.1 Partitions The LS2 HSM adapter is an SR-IOV enabled intelligent PCIe adapter with one physical function and 64 virtual functions. The physical device is referred to as Physical Function (PF) while the virtual devices are referred to as Virtual Functions (VF). Allocation of the VF can be dynamically controlled by the PF via registers encapsulated in the capability. Each VF's PCI configuration space can be accessed by its own Bus, Device and Function Number (Routing ID). And each VF also has PCI Memory Space, which is used to map its register set. VF device driver operates on the register set so it can be functional and appear as a real existing PCI device. In addition to crypto offloads, this adapter can provide secure key storage with up to 64 logical partitions, including a master partition. Each partition will have dedicated resources that are logically and securely isolated from other partitions. A partition will have its own specific policies and controls, and its own user accounts to manage what can be done with a partition and by a user of a partition. Consequently, each partition is treated as a virtual HSM and referred as a pHSM (or HSM Partition). An LS2 HSM always has one default partition called the master partition, which exposes the interfaces to create, delete, and update the remaining partitions. LS2 HSM can either be in host virtualization mode or non-virtualization mode. One or more applications on a host/virtual machine/container can make use of different partitions available on the HSM. Each partition will have dedicated communication channels; these channels are linked to the PCIe devices. In virtualization mode, channels will be linked to PCIe VFs, otherwise linked to PCIe PF. Communication channels have basic checks to identify that an application is communicating with an intended partition on the HSM. HSM FW provides the following mechanisms to ensure only an authorized user or application of a specific partition can communicate with it. It is optional to use either mechanism based on the deployment scenarios and risk assessment.
These channels depend on the Host OS security for device binding and application isolation. In this case, HSM does basic session validation.
The end-to-end encryption feature in the module allows an application to initiate a TLS connection with the firmware to ensure the confidentiality of the data communicated to the HSM. The connection is based on TLS v1.2 with the cipher-suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(known to OpenSSL as ECDHE_RSA_AES128-GCM-SHA256 and ECDHE_RSA_AES256-GCM-SHA384). The module will act as server, and the host application will act as client. The server private key will be the partition private key (PAK), which is generated for each pHSM when it is created. The server certificate used for the SSL connection is the partition certificate (PAC). The complete chain will be validated by host applications before establishing the TLS connection. The end-to-end encryption feature is enabled using the initialization configuration parameters. Once this feature is enabled, all commands except initialize and open session are encrypted.
This is the default partition with only one user, called the Master Crypto Officer (MCO). This partition will expose authorized services to manage (create, delete, update, backup/restore) other partitions and set policies or conditions for them to operate. Additionally, it exposes anonymous services like fetching module information, etc. Refer to section 4.3 Roles, Services, and CSP Access for details about the services supported by the master partition. The master partition must be initialized and the MCO logged in to execute any authorized service.
Each partition will have a different set of users to manage it and a dedicated key storage and crypto resources associated with it. A partition will have default configuration or policies supplied by the master partition. Some policies can be changed by the partition
| Name | CAVP Cert | Mode Method | Key Size | Use Function |
|---|---|---|---|---|
| RSA SigVer (FIPS186- 4) | A1946 | RSA SigVer (FIPS186-4) | RSA 2048 with SHA2-256 Uses SHA2-256 (FIPS 180-4) (#A1946) as the underlying digest algorithm | Firmware integrity verification by U-boot |
| SHA2-256 (FIPS 180- 4) | A1946 | SHA2 | SHA 256 | Firmware integrity verification by U-boot |
| AES-CBC (SP 800- 38A) | A1947 | AES | Encrypt/Decrypt: 128, 192, and 256-bit | Data encryption, decryption, key-wrap and key-unwrap |
| AES-CCM (SP 800- 38C) | A1947 | AES | Encrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipher | Authenticated Data encryption, decryption |
| AES-CMAC (SP 800- 38B) | A1947 | AES | CMAC generate and verify: 128, 192, and 256-bit Uses AES-CBC (SP 800-38A) (#A1947) as the underlying block cipher | Message authentication code generation and verification |
| AES-CTR (SP 800- 38A) | A1947 | AES | Encrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipher | Data encryption, decryption |
| AES-ECB (SP 800- 38A) | A1947 | AES | Encrypt/Decrypt: 128, 192, and 256-bit | Data encryption, decryption, key-wrap and key-unwrap |
| AES-GCM (SP 800- 38D) | A1947 | AES | Encrypt/Decrypt: 128, 192, and 256-bit Uses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipher | Authenticated Data encryption, decryption, key wrap, and key unwrap |
| AES-GMAC (SP 800- 38D) | A1947 | AES | GMAC generation: 128, 192, and 256-bitUses AES-ECB (SP 800-38A) (#A1947) as the underlying block cipher | Message Authentication |
| ECDSA SigGen (FIPS186-4) (CVL) | A1947 | ECDSA SigGen (FIPS186-4) | SigGen Component: P-224, P-256, P-384, P-521 (SHA-256, 384, and 512) Uses Hash DRBG (SP 800- 90Ar1) (#A1947) as underlying Random Generator P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength respectively | Signature generation |
| Hash DRBG (SP 800- 90Ar1) | A1947 | Hash DRBG | SHA-512 based with security strength of 256-bit. No prediction resistance Uses SHA2-512 (#A1947) as the underlying digest algorithm | Random number generation for user, internal IVs, and salt |
| HMAC-SHA2-256 (FIPS 198-1) | A1947 | HMAC | HMAC-SHA2-256 Uses SHA2-256 (#A1947) as the underlying digest algorithm | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-384 (FIPS 198-1) | A1947 | HMAC | HMAC-SHA2-384 Uses SHA2-384 (#A1947) as | MAC generation, verify, KAS and KDF |
| HMAC-SHA2-512 (FIPS 198-1) | A1947 | HMAC | HMAC-SHA2-512 Uses SHA2-512 (#A1947) as the underlying digest algorithm | MAC generation, verify, KAS and KDF |
| KAS-ECC-SSC SP800-56Ar3 | A1947 | KAS | ECC CDH staticUnified: P- 224, P-256, P-384, P-521, P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the ECDSA KeyGen key pair Uses ECDSA KeyVer (FIPS 186-4) (#A1948) and ECDSA KeyGen (FIPS 186-4) (#A2393) underlying verification for the key pair Uses SHA2-256 (FIPS 180-4) (#A1947), SHA2-384 (FIPS 180-4) (#A1947) and SHA2- 512 (FIPS 180-4) (#A1947) as underlying digest algorithm | Shared secret computation |
| KDF TLS (CVL) (SP 800-135r1) | A1947 | KDF TLS | TLS-KDF ( v1.2) v1.2: SHA2-256, SHA2-384, SHA2-512 Uses HMAC-SHA2-256 (FIPS 180-4) (#A1947), HMAC- SHA2-384 (FIPS 180-4) (#A1947) and HMAC-SHA2- 512 (FIPS 180-4) (#A1947) as underlying MAC algorithm | TLS handshake |
| RSA Decryption Primitive (SP 800- 56Br2) (CVL) | A1947 | RSA Decryption Primitive | 2048 bit, 3072 bit and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively. | Decryption primitive |
| RSA Signature Primitive (CVL) (FIPS 186-4) | A1947 | RSA Signature Primitive | 2048 bit, 3072 bit and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively. | Signature primitive |
| SHA-1 (FIPS 180-4) | A1947 | SHA-1 | SHA-1 | Message digest |
| SHA2-256 (FIPS 180- 4) | A1947 | SHA2 | SHA2256 | Message digest |
| SHA2-384 (FIPS 180- 4) | A1947 | SHA2 | SHA2-384 | Message digest |
| SHA2-512 (FIPS 180- 4) | A1947 | SHA2 | SHA2-512 | Message digest |
| SHA3-224 (FIPS 202) | A1947 | SHA3 | SHA3-224 | Message digest |
| SHA3-256 (FIPS 202) | A1947 | SHA3 | SHA3-256 | Message digest |
| SHA3-384 (FIPS 202) | A1947 | SHA3 | SHA3-384 | Message digest |
| SHA3-512 (FIPS 202) | A1947 | SHA3 | SHA3-512 | Message digest |
| SHAKE-128 (FIPS 202) | A1947 | SHAKE-128 | SHAKE-128 | Message digest |
| SHAKE-256 (FIPS 202) | A1947 | SHAKE-256 | SHAKE-256 | Message digest |
| TDES-CBC (SP 800- 38A) | A1947 | TDES | 3-key Triple-DES decrypt (supports only 192-bit size) | Data decryption * Legacy use only |
| TDES-ECB (SP 800- 38A) | A1947 | TDES | 3-key Triple-DES decrypt (supports only 192-bit size) | Data decryption * Legacy use only |
| AES-CBC (SP 800- 38A) | A1948 | AES | Encrypt/Decrypt, 128 and 256-bit | Data encryption, decryption, and key unwrap |
| AES-CMAC (SP 800- 38B) | A1948 | AES | CMAC generate and verify: 128, 192, and 256-bit Uses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipher | MAC generation and verification |
| AES-GCM (KTS) (SP800-38D) | A1948 | SP 800-38D and SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192, and 256- bit keys providing 128, 192, or 256 bits of encryption strength | Data encryption, decryption, key-wrap, and key-unwrap |
| AES-GCM (SP 800- 38D) | A1948 | AES | GCM mode: Authenticated encrypt/decrypt; 128, 192, and 256-bitUses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipher | Authenticated data encryption and decryption, key unwrap |
| AES-KW (KTS) (SP 800-38F) | A1948 | SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192 and 256-bit keys providing 128-bit, 192-bit, or 256 bits of encryption strength | Key wrapping/unwrapping |
| AES-KW (SP 800- 38F) | A1948 | AES | KW, 128, 192, and 256-bit Uses AES-CBC (#A1948) as underlying block cipher | Key wrapping/unwrapping |
| AES-KWP (KTS) (SP 800-38F) | A1948 | SP 800-38F. KTS (key wrapping and unwrapping) per IG D.G. | 128, 192 and 256-bit keys providing 128-bit, 192-bit, or 256 bits of encryption strength | Key wrapping/unwrapping |
| AES-KWP (SP 800- 38F) | A1948 | AES | KWP, 128, 192, and 256-bit Uses AES-CBC (#A1948) as underlying block cipher | Key wrapping/unwrapping |
| Counter DRBG (SP 800-90Ar1) | A1948 | Counter DRBG | AES 256 with df No prediction resistance Uses AES-CBC (SP 800-38A) (#A1948) as the underlying block cipher | Random number generation for user, internal IVs, and salt |
| ECDSA KeyGen (FIPS186-4) | A1948 | Key Gen | Key Gen: P-224, P-256, P- 384, P-521 Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random Generator | Key generation |
| ECDSA KeyVer (FIPS186-4) | A1948 | ECDSA KeyVer (FIPS186-4) | Key Ver; P-224, P-256, P-384 and P-521 | Key Verification |
| ECDSA SigGen (FIPS186-4) | A1948 | ECDSA SigGen (FIPS186-4) | Signature generation: P-224, P-256, P-384, P-521 (SHA2- 256, SHA2-384, SHA2-512) Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random generator Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948) and SHA2- 512 (FIPS 180-4) (#A1948) as underlying digest algorithm | Signature Generation |
| ECDSA SigVer (FIPS186-4) | A1948 | ECDSA SigVer(FIPS186-4) | Signature verify: P-224, P- 256, P-384, P-521 (SHA- 1, SHA2-256, SHA2-384, and SHA2-512) Uses SHA-1 (FIPS 180-4) (#A1948), SHA2-256 (FIPS 180-4) (#A1948) and SHA2- 384 (FIPS 180-4) (#A1948) and SHA2-512 (FIPS 180-4) (#A1948) as underlying digest algorithm | Signature Verification |
| HMAC-SHA-1 (FIPS 198-1) | A1948 | HMAC | HMAC-SHA-1 Uses SHA-1 (FIPS 180-4) (#A1948) as underlying digest algorithm | MAC generation, Verify and KDF |
| HMAC-SHA2-256 (FIPS 198-1) | A1948 | HMAC | HMAC-SHA2-256 Uses SHA2-256 (FIPS 180-4) (#A1948) as underlying digest algorithm | MAC generation, verify, KAS, and KDF |
| HMAC-SHA2-384 (FIPS 198-1) | A1948 | HMAC | HMAC-SHA2-384 Uses SHA2-384 (FIPS 180-4) (#A1948) as underlying digest algorithm | MAC generation, verify, KAS, and KDF |
| HMAC-SHA2-512 (FIPS 198-1) | A1948 | HMAC | HMAC-SHA2-512 Uses SHA2-512((FIPS 180-4) (#A1948) as underlying digest algorithm | MAC generation, verify, KAS, and KDF |
| KAS-ECC (KAS) (SP 800-56Ar3) | A1948 | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-521 curve providing 256 bits of encryption strength | Cloning protocol |
| KAS-ECC SP800- 56Ar3 | A1948 | KAS | ECC CDH Ephemeral Unified P-521 with OneStep KDF (HMAC-SHA2-512) Uses Counter DRBG (#A1948) as underlying Random number Uses ECDSA KeyGen (FIPS186-4) (#A1948) as underlying ECC KeyGen and ECDSA KeyVer (#A1948) as underlying ECDSA Key Verification algorithm.\ Uses SHA2-512) (FIPS 180- 4) as underlying digest algorithm | Cloning protocol |
| KAS-ECC-SSC SP800-56Ar3 | A1948 | KAS | ECC CDH Static Unified: P- 224, P-256, P384, P-521, B- 233, B-283, B-409, B-571, K- 233, K-283, K-409, K-571 P-224, P-256, P384 and P- 521 providing 112 bits,128 bits. 192 bits and 256 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator for the ECDSA KeyGen key pair Uses ECDSA KeyVer (FIPS 186-4) (#A1948) and ECDSA KeyGen (FIPS 186-4) (#A1948) underlying verification and generation for the key pair Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (FIPS 180-4) (#A1948) as the underlying digest algorithm | Shared secret computation |
| KAS-IFC-SSC (SP 800-56Br2) | A1948 | KAS | RSA-based key exchange scheme KAS1 and KAS2 RSA 2048, 3072, and 4096- bit 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator for the RSA Key Pair Generation Uses SHA2-256 (#A1948), SHA2-384 (#A1948) and SHA2-512 (#A1948) as underlying hash algorithm Uses RSA KeyGen (FIPS 186-4) [#A1948] as underlying RSA key generation algorithm | PEK and KLK generation and certificate authentication |
| KDA HKDF SP800- 56Cr1 | A1948 | KDA HKDF SP800-56Cr1 | HKDF Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator | ECDH key derivation and ECDH key wrap |
| KDA OneStep SP800- 56Cr1 | A1948 | KDA OneStep SP800-56Cr1 | Hash-based KDF Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2- 512 (#A1948) as underlying MAC algorithm | ECDH key derivation and ECDH key wrap |
| KDA TwoStep SP800- 56Cr1 | A1948 | KDA TwoStep SP800-56Cr1 | HMAC/CMAC-based extract- expand KDFs Uses Counter DRBG (SP 800-90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2- 256 (#A1948), HMAC-SHA2- 384 (#A1948) and HMAC-SHA2-512 (#A1948) as underlying MAC algorithm Uses AES-CBC (#A1948) as underlying Block cipher for AES-CMAC | ECDH key derivation and ECDH key wrap |
| KDF ANS 9.63 (CVL) (SP 800-135r1) | A1948 | KDF ANS 9.63 | SHA-2 224, 256, 384, and 512 Uses SHA2-256 (#A1948), SHA2-384 (#A1948) and SHA2-512 (#A1948) as underlying digest algorithm | Key derivation and key agreement schemes |
| KDF SP800-108 | A1948 | KDF SP800-108 | HMAC-SHA-1, SHA2-224, SHA2-256, 384, and 512 KDF Uses HMAC-SHA-1 (#A1948), HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2-512 (#A1948) as underlying MAC algorithm | Key derivation |
| KTS-IFC (KTS) (SP 800-56Br2) | A1948 | SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G. | 2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strength | Asymmetric key encapsulation and un- encapsulation |
| KTS-IFC (SP 800- 56Br2) | A1948 | KTS | KTS-OAEP-basic RSA 2048, 3072, and 4096-bit Uses counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random | Asymmetric key encapsulation and un- encapsulation |
| PBKDF (SP 800-132) | A1948 | PBKDF | HMAC with SHA-1, SHA-2 256, 384, and 512 Uses HMAC-SHA-1 (#A1948), HMAC-SHA2-256 (#A1948), HMAC-SHA2-384 (#A1948) and HMAC-SHA2- 512 (#A1948) as underlying MAC algorithm | User credentials storage. Master key derived from PBKDF is not used for deriving keys for data encryption/protection, but instead used only for storing passwords as hashes. |
| RSA Decryption Primitive (SP 800- 56Br2) (CVL) | A1948 | RSA Decryption Primitive | Modulus sizes: 2048, 3072, and 4096-bit | RSA key transport |
| RSA KeyGen (FIPS186-4) | A1948 | RSA KeyGen (FIPS186-4) | Key generation: 2048, 3072, and 4096-bit Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random Generator | RSA key generation |
| RSA SigGen (FIPS186-4) | A1948 | RSA SigGen (FIPS186-4) | FIPS 186-4 PKCS #1 1.5 and PSS Sig Gen: 2048, 3096, and 4096-bit (SHA-2 256, 384, and 512) Uses SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (#A1948) as underlying digest algorithm 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively. | Signature generation |
| RSA SigVer (FIPS186- 4) | A1948 | RSA SigVer (FIPS186-4) | FIPS 186-4 PKCS #1 1.5 and PSS SigVer: 1024, 2048, 3072, and 4096-bit (SHA-1, SHA-2 256, 384, and 512) Uses SHA-1 (FIPS 180- 4)(#A1947) SHA2-256 (FIPS 180-4) (#A1948), SHA2-384 (FIPS 180-4) (#A1948), SHA2-512 (#A1948) as underlying digest algorithm 2048, 3072, and 4096-bit modulus providing 112, 128, and 150 bits of encryption strength respectively. | Signature verification User authentication Firmware update verification |
| SHA-1 (FIPS 180-4) | A1948 | SHA-1 | SHA-1 | Digests, HMAC, and KDFs |
| SHA2-256 (FIPS 180- 4) | A1948 | SHA2 | SHA2-256 | Digests, HMAC, signature generation, and KDFs |
| SHA2-384 (FIPS 180- 4) | A1948 | SHA2 | SHA2-384 | Digests, HMAC, signature generation, and KDFs |
| SHA2-512 (FIPS 180- 4) | A1948 | SHA2 | SHA2-512 | Digests, HMAC, signature generation, and KDFs |
| TDES-ECB | A1948 | TDES | Triple-DES 3-key decrypt. | Prerequisite for TDES-KW. * Legacy use only |
| TDES-KW (KTS) (SP 800-38F) | A1948 | SP 800-38F. KTS (key unwrapping) per IG D.G | 192-bit key providing 112-bit encryption strength | Key unwrapping * Legacy use only |
| TDES-KW (SP 800- 38F) | A1948 | TDES | TKW 3-key DES decrypt Uses TDES-ECB (#A1948) as underlying block cipher | Key unwrapping * Legacy use only |
| ECDSA KeyGen (FIPS186-4) | A2393 | ECDSA KeyGen (FIPS186-4) | Key Gen: P-224, P-256, P- 384, P-521 Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the ECDSA KeyGen key pair | Key Generation |
| KTS-IFC (KTS) (SP 800-56Br2) | A2393 | SP 800-56Brev2. KTS-IFC (key encapsulation and un- encapsulation) per IG D.G. | 2048, 3072, or 4096-bit modulus providing 112, 128, or 150 bits of encryption strength | Asymmetric key encapsulation and un- encapsulation in hybrid environment |
| KTS-IFC (SP 800- 56Br2) | A2393 | KTS | RSA key wrap and unwrap of symmetric keys in KTS- OAEP-Basic padding. 2048, 3072, 4096-bit modulus Uses Counter DRBG (SP800- 90Ar1) (#A1948) as underlying Random Generator Uses HMAC-SHA2-256 (FIPS 180-4) (#A1947), HMAC- SHA2-384 (FIPS 180-4) (#A1947), HMAC-SHA2-512 (FIPS 180-4) (#A1947) as underlying digest algorithm Uses RSA KeyGen (FIPS 186-4) (#A2393) as underlying key generation algorithm | Asymmetric key encapsulation and un- encapsulation in hybrid environment |
| RSA KeyGen (FIPS186-4) | A2393 | RSA KeyGen (FIPS186-4) | Key generation: 2048, 3072, and 4096-bit Uses Hash DRBG (SP800- 90Ar1) (#A1947) as underlying Random Generator for the RSA KeyGen key pair | RSA key generation in hybrid environment |
| KAS TLS (SP 800- 56Ar3) | KAS-ECC-SSC SP800-56Ar3 (#A1947) and KDF TLS (CVL) (#A1947) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2) | P-224, P-256, P-384, P-521 curves providing 112, 128, 192, or 256 bits of encryption strength | TLS |
| KAS ANS 9.63 (SP 800-56Ar3) | KAS-ECC-SSC SP800-56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#A1948) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS KDA HKDF (SP 800-56Ar3) | KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA HKDF SP800- 56Cr1 (#A1948) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS KDA ONESTEP (SP 800-56Ar3) | KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA OneStep SP800- 56Cr1 (#A1948) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS KDA TWOSTEP (SP 800-56Ar3) | KAS-ECC-SSC SP800-56Ar3 (#A1948), KDA TwoStep SP800- 56Cr1 (#A1948) | SP 800-56Arev3. KAS-ECC per IG D.F Scenario 2 path (2). | P-224, P-256, P-384, and P- 521 curves providing 112, 128, 192, or 256 bits of encryption strength | ECDH key derivation and ECDH-AES key wrap |
| KAS-IFC HKDF (SP800-56Br2) | KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA HKDF SP800- 56Cr1 (#A1948) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| KAS-IFC OneStep (SP800-56Br2) | KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA OneStep SP800-56Cr1 (#A1948) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| KAS-IFC TwoStep (SP800-56Br2) | KAS-IFC-SSC (SP 800-56Br2) (#A1948) KDA TwoStep SP800-56Cr1 (#A1948) | SP 800-56Brev2. KAS-IFC per IG D.F Scenario 1 path (2). | 2048-bit, 3072-bit and 4096- bit modulus providing between 112 and 150 bits of encryption strength | PEK and KLK generation and certificate authentication |
| ENT (P) (SP 800-90B) | N/A | N/A | SP 800-90B entropy source | Entropy Source |
| CKG SP 800-133Rev2 | Vendor Affirmed | CKG | Please refer to section 2.3.2 Algorithm Specific Information | Cryptographic Key Generation; SP 800- 133Rev2 and IG D.H |
administrator or PCO. When a partition is created by the MCO, it will be in a zeroized state and must be initialized to do any key management or crypto operations. Partition initialization will create the Partition Crypto Officer (PCO). The PCO can later create up to
1024 users (PCO or PCU) on demand. Each user will have a unique username to identify themselves. The user has to log in to the
partition/vHSM to issue any authorized commands. Users are authenticated using passwords submitted during the user creation. 2.2 Modes of Operation The module supports the following modes of operation:
The indicator of Approved mode is obtained by using the Get Status service. The fipsState field of the Get Status service indicates the mode. CSPs are not shared between the approved and non-approved modes of operation.
When received by the end user, the module is not configured or initialized; this state is called uninitialized/zeroized mode. In this mode, the user can query for basic information about the module, such as version details and vendor information, using an unauthenticated role.
The module provides an Approved mode of operation, comprising all services described in Table 10. In this mode, the module allows only Approved or allowed algorithms. Request for any non-approved/allowed algorithm is rejected.
The module supports a non-Approved mode implementing the non-Approved algorithms listed in Table 6. In this mode, the module also allows Approved or allowed algorithms. 2.3 Supported Cryptographic Algorithms This section provides the list of supported cryptographic algorithms segregated based on the operating mode.
The cryptographic module supports the following Approved algorithms. There are algorithms, modes, and key/moduli sizes that have been CAVP-tested but are not used by any approved service of the module. Only the algorithms, modes/methods, and key lengths/curves/moduli used by the module in approved mode are listed in the following table. Note: All symmetric key sizes represent the key strength. Table 3 Approved Algorithms 4)
N/A
| Name | Use Function | Use/Function |
|---|---|---|
| AES | Cert A1947, Key unwrapping. Per IG D.G. | Legacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit |
| AES | Cert A1948, Key unwrapping. Per IG D.G | Legacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit |
| EC Diffie-Hellman with non-NIST recommended curves | Cert A1947, Provides between 112 and 256 bits of encryption strength. Per IGs D.F and C.A. | EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512) |
| ECDSA with non- NIST recommended curves | Cert A1947, Provides between 112 and 256 bits of encryption strength. Per IG C.A. | EC Key generation, sign Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512) |
| SHA-1 | No security claimed per IG 2.4.A | Fingerprints |
| Triple-DES SP 800-38B | No security claimed per IG 2.4.A | Fingerprints Key Sizes • 192-bit (Generation, Verify) |
The cryptographic module supports the following non-Approved algorithms, which are allowed for use in Approved mode. Table 4 Non-Approved Algorithms Allowed in the Approved Mode of Operation
The cryptographic module supports the following non-Approved algorithms available only in non-Approved mode of operation. Table 6 Non-Approved Algorithms Not Allowed in the Approved Mode of Operation
| Algorithm | Use/Function |
|---|---|
| DES | Derive unique key per transaction (DUKPT) EMV key derivation. Derive PIN from Offset Derive Offset from PIN PIN Verification PVV generation and Verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. Import/Export using TR34. Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption |
| DES MAC | MAC generation and Verification |
| Double-DES | Derive unique key per transaction (DUKPT), EMV key derivation. Derive PIN from Offset Derive Offset from PIN PIN Verification PVV generation and Verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping. Import/Export using TR34 Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption |
| EC-AES | EC-AES wrap/unwrap (EC BYOK) |
| ECDH KDF | Key derivation using ECDH followed by HMAC/CMAC counter KDF |
| ECDSA (non-compliant) | Key generation, Sign, Verify P192, Secp192k1, brainpoolP160r1, brainpool192r1, K-163 and B-163 (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) |
| EDDSA (non-compliant) | Key generation, Sign, Verify |
| KAS-ECC (non-compliant) | EC Key generation and ECDH Curve25519 (128 bits), Curve448 (224 bits) |
| ML-DSA (non-compliant) | Key generation, sign, verify |
| ML-KEM (non-compliant) | Key generation, Asymmetric key encapsulation and un-encapsulation |
| PBE | Key generation |
| RSA (non-compliant) | TR34 Import TR34 Export PIN block decryption BYOK Encrypt/Decrypt Asymmetric key encapsulation and un-encapsulation using PKCS#1-v1.5 padding with modulus size 2048, 3072, 4096 and 8192 bits Key generation, Sign, Verify (1024-bit) |
| Shamir’s Key Share | Key share |
| Triple-DES (non-compliant) | Derive unique key per transaction (DUKPT) EMV key derivation. Derive PIN from Offset |
| Algorithm | Use/Function |
|---|---|
| Derive Offset from PIN PIN Verification PVV generation and verification CVV generation and verification Export Symmetric key/Export Asymmetric key pair using TR31 wrapping Import/Export using TR34 Import Decimal Table EMV script. EMV ARQC/ARPC Data/PIN encryption/decryption |
2.4 TLS 1.2 Cipher Suites The module supports the algorithms for the following cipher suites using Approved and allowed algorithms and key sizes:
Figure 2 Bottom View of Cryptographic Module
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| USB FTDI USB to Multi-Channel Serial SPI/I2C bridge FTDI dual port USB endpoint Channel A: OCTEON UART0 Channel B: MCU UART2 OR FTDI quad port USB end point Channel A: OCTEON UART0 Channel B: not connected Channel C: MCU UART2 Channel D: not connected | USB FTDI USB to Multi-Channel Serial SPI/I2C bridge FTDI dual port USB endpoint Channel A: OCTEON UART0 Channel B: MCU UART2 OR FTDI quad port USB end point Channel A: OCTEON UART0 Channel B: not connected Channel C: MCU UART2 Channel D: not connected | Status output | OCTEON UART • Log messages MCU UART, SMBus • Diagnostics • Log messages |
| PCIe | PCIe | Control input | PCIe configuration is read and written; no other. |
| Data input, data output, and status output | Data input, data output, and status output | Primary interface to communicate with the module. Provides APIs for the software on the host to communicate with the module. | |
| Power | Power | N/A | |
| PCIe SMBus | PCIe SMBus | Status output | Diagnostics, log messages System management and log reading |
| UART | UART | Status output | Log messages |
| LED | LED | Status output | Status output |
| Tamper PIN | Tamper PIN | Control input | No data; only a signal from high to low |
| Zeroize push button | Zeroize push button | Control input | No data; |
| Power connector | Power connector | Power | No data; external power connector |
| Battery interfaces | Battery interfaces | Power | No data; external power connector (only to MCU) |
The module ports and interfaces are described in the below table. Table 7 Ports and Interfaces N/A * The RJ45 Connector depicted in Figure 1 is disabled in firmware. 3.1 self-tests are run and firmware is loaded. After the module is zeroized, the firmware enforces that the PCIe data interface only provides basic versioning and informational When the module enters the error state, the PCIe data interface will report the error state and no other data. 3.2 Other interfaces are all meant for informational services to read temperature, logs, and diagnostic information but no other data.
Roles, Services, and Authentication The module supports different operator roles. One identity is allowed for each role, per partition. Username is used as the identity of a user. This means for a given partition, each username needs to be unique per predefined roles. Master Partition Roles: • Master Crypto Officer (MCO) - The Master Crypto Officer role (MCO) is allowed only on the master partition, which is mandatory to use the HSM. This role has access to administrative services offered by the module or HSM. This role is used to configure non-master partitions (create, provision, resize, and delete) but cannot access their resources (e.g., cannot manage or use non-master partition keys). Master partition supports only MCO role in addition to UN-AUTH operator roles as described in Table
Select “LiquidSecurity2-10.23-1150-Driver-APIs-html" to download. 3. This pops up a window to accept the “MARVELL LIMITED USE LICENSE AGREEMENT”.
Click I ACCEPT to accept the terms and conditions; the Service Interface document will be downloaded.
| Name | Roles | Input | Output |
|---|---|---|---|
| CN_ZEROIZE | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_VENDOR_ZEROIZE | MCO | Opcode inputs | Opcode outputs |
| CN_APP_INITIALIZE | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_APP_FINALIZE | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_OPEN_SESSION | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_SESSION | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_SESSION_INFO | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_ALL_SESSIONS | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CLOSE_PARTITION_SESSIONS | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_AUTHORIZE_SESSION | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_LOGIN | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_LOGOUT | MCO/PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_ALWAYS_AUTHORIZE_USER | PCU | Opcode inputs | Opcode outputs |
| CN_UPDATE_USER_DETAILS | PCO/Pre-CO | Opcode inputs | Opcode outputs |
| CN_SET_USER_ATTR | PCO | Opcode inputs | Opcode outputs |
| CN_TOKEN_INFO | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_PARTITION_INFO | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_HSM_LABEL | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_ALL_PARTITION_INFO | MCO | Opcode inputs | Opcode outputs |
| CN_GET_POLICY_SET | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_VERSION | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) | Manufacturer | Opcode inputs | Opcode outputs |
| CN_LOAD_RECOVERY_KEY_INIT CN_LOAD_RECOVERY_KEY_FINISH | MCO | Opcode inputs | Opcode outputs |
| CN_SHUTDOWN | MCO | Opcode inputs | Opcode outputs |
| CN_SET_INIT_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_SET_VENDOR_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_GET_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_SYNC_TIME | MCO | Opcode inputs | Opcode outputs |
| CN_UCD_CMD | MCO | Opcode inputs | Opcode outputs |
| CN_GET_HSM_LOGGER_INFO | MCO | Opcode inputs | Opcode outputs |
| CN_INIT_TOKEN | MCO/PCO/Pre-CO | Opcode inputs | Opcode outputs |
| CN_GEN_PSWD_ENC_KEY | MCO/PCO/Pre-CO | Opcode inputs | Opcode outputs |
| CN_CREATE_CO | MCO/PCO/Pre-CO | Opcode inputs | Opcode outputs |
| CN_INIT_DONE | MCO/PCO/Pre-CO | Opcode inputs | Opcode outputs |
| CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END | MCO | Opcode inputs | Opcode outputs |
| CN_STORE_FW_SIGNING_KEY | MCO | Opcode inputs | Opcode outputs |
| CN_ALLOW_FW_UPDATE | MCO | Opcode inputs | Opcode outputs |
| CN_INVOKE_FIPS | MCO | Opcode inputs | Opcode outputs |
| CN_SET_HSM_CONFIG | PCO | Opcode inputs | Opcode outputs |
| CN_CREATE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_DELETE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_BACKUP | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_RESTORE | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_BACKUP_OBJECT | MCO | Opcode inputs | Opcode outputs |
| CN_RESTORE_OBJECT | MCO | Opcode inputs | Opcode outputs |
| CN_SET_NODEID | PCO | Opcode inputs | Opcode outputs |
| CN_CREATE_USER | PCO | Opcode inputs | Opcode outputs |
| CN_DELETE_USER | PCO | Opcode inputs | Opcode outputs |
| CN_LIST_USERS | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_GET_LOGIN_FAILURE_CNT | PCO | Opcode inputs | Opcode outputs |
| CN_CREATE_PRE_OFFICER | Pre-CO | Opcode inputs | Opcode outputs |
| CN_CREATE_APPLIANCE_USER | PCO | Opcode inputs | Opcode outputs |
| CN_OPEN_SESSION_V2 | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION_V2 | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_SERVER_PARAMS | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_USER_INFO | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_CREATE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_GEN_KEY_ENC_KEY | PCO | Opcode inputs | Opcode outputs |
| CN_EXTRACT_MASKED_OBJECT | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_INSERT_MASKED_OBJECT | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_DESTROY_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_TOMBSTONE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_DELETE_TOMBSTONED_OBJECT | PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_GET_ATTRIBUTE_VALUE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ATTRIBUTE_SIZE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ALL_ATTRIBUTE_SIZE | PCU | Opcode inputs | Opcode outputs |
| CN_GET_ALL_ATTRIBUTE_VALUE | PCU | Opcode inputs | Opcode outputs |
| CN_MODIFY_OBJECT | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_MODIFY_KEY_OWNER | PCO | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY_PAIR | PCU | Opcode inputs | Opcode outputs |
| CN_EXPORT_PUB_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_GET_OBJECT_INFO | PCU | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KEY/CN_UNWRAP_KEY2 | PCU | Opcode inputs | Opcode outputs |
| CN_WRAP_KEY/CN_WRAP_KEY2 | PCU | Opcode inputs | Opcode outputs |
| CN_NIST_AES_WRAP_UNWRAP/ CN_NIST_AES_WRAP_UNWRAP2 | PCU | Opcode inputs | Opcode outputs |
| CN_DERIVE_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_FIND_OBJECTS_USING_COUNT/ CN_FIND_ALL_OBJECTS_IN_RANGE/ CN_FIND_ALL_OBJECTS/ CN_FIND_ALL_OBJECTS_USING_COUNT/ CN_FIND_OBJECTS/ CN_FIND_OBJECTS_FROM_INDEX | MCO/PCO/PCU/AU | Opcode inputs | Opcode outputs |
| CN_ADMIN_GET_PARTN_KEYHANDLES_HASH | PCO/AU | Opcode inputs | Opcode outputs |
| CN_GET_PARTN_SINGLE_KEYHANDLE_HASH | PCO/AU/PCU | Opcode inputs | Opcode outputs |
| CN_ DESTROY _OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_DETAILS | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_LOGS | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_GET_AUDIT_SIGN | PCO/AU | Opcode inputs | Opcode outputs |
| CN_PARTN_ACK_AUDIT_SIGN | PCO/AU | Opcode inputs | Opcode outputs |
| CN_FINALIZE_LOGS | MCO | Opcode inputs | Opcode outputs |
| CN_SET_POLICY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_NIST_AES_WRAP | PCU | Opcode inputs | Opcode outputs |
| CN_ALLOC_SSL_CTX | PCU | Opcode inputs | Opcode outputs |
| CN_FREE_SSL_CTX | PCU | Opcode inputs | Opcode outputs |
| CN_FIPS_RAND | PCU | Opcode inputs | Opcode outputs |
| CN_ME_PKCS_LARGE | PCU | Opcode inputs | Opcode outputs |
| CN_ME_PKCS | PCU | Opcode inputs | Opcode outputs |
| CN_FECC | PCU | Opcode inputs | Opcode outputs |
| CN_HASH | PCU | Opcode inputs | Opcode outputs |
| CN_SHA3 | PCU | Opcode inputs | Opcode outputs |
| CN_HMAC | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_AES_CMAC | PCU | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_DECRYPT | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_DECRYPT_AND_ENCRYPT_COMMAND | PCU | Opcode inputs | Opcode outputs |
| MAJOR_OP_ENCRYPT_DECRYPT_RECORD | PCU | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_SOURCE_RANDOM | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_VALIDATE_PEER_CERTS/ CN_CERT_AUTH_VALIDATE_TARGET_CERTS | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_SOURCE_KEY_EXCHANGE | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_TARGET_KEY_EXCHANGE | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_SOURCE_INIT | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_SOURCE_STAGE1 | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_TARGET_INIT | PCO | Opcode inputs | Opcode outputs |
| CN_CLONE_TARGET_STAGE1 | PCO | Opcode inputs | Opcode outputs |
| CN_LIST_AUTH_PUB_KEYS | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_M_VALUE | PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_APPROVE_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_LIST_TOKENS | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_TOKEN_TIMEOUT | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_DELETE_TOKEN | PCO/PCU | Opcode inputs | Opcode outputs |
| CN_FRAMLOG_CMD | UN-AUTH | None | Opcode outputs |
| CN_GET_CFG_PREGEN_CACHE_SZ | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_CFG_PREGEN_CACHE_VAL | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_LIST_UNLINKED_OBJECTS | PCO | Opcode inputs | Opcode outputs |
| CN_GET_PARTN_FINGERPRINT | MCO/PCU | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_CERT | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_STORE_CERT | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_KBK_SLOT_INFO | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SET_KBK_PRIMARY | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_SHARE_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_UNLOCK_CO | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_UNLOCK_USER | MCO/PCO | Opcode inputs | Opcode outputs |
| CN_GET_CORE_DUMP | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_MODULE_INFO | MCO | Opcode inputs | Opcode outputs |
| CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY, KBK) | PCO | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH_DERIVED_KEY) | PCO | Opcode inputs | Opcode outputs |
| CN_GET_CHALLENGE_CO | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_SET_M_VALUE | PCO | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_GET_CERT_REQ | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_CERT_AUTH_REMOVE_CERT | PCO | Opcode inputs | Opcode outputs |
| CN_UPDATE_LICENSE | MCO | Opcode inputs | Opcode outputs |
| CN_GET_LICENSE_INFO | MCO/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_DIAGLOG | MCO/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_NOR_HUK_OP | MCO/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_APP_CLEANUP | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_APP_CLEANUP_V2 | MCO/PCO/PCU/AU/UN-AUTH | Opcode inputs | Opcode outputs |
| CN_SAFE_REBOOT | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_GET_ALL_PARTITION_INFO | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_PARK_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_UNPARK_OBJECT | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_PBE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_ASYMM_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_SYMM_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_KPK | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_TR34_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_TR34_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_TRANSLATE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_CERTIFICATE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_DECIMAL_TABLE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_GENERATE_CSR | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DECRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DECRYPT_THEN_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MAC_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MAC_VERIFY | PCU | Opcode inputs | Opcode outputs* |
| LSPAY_MAC_TRANSLATE | PCU | Opcode inputs | Opcode outputs* |
| LSPAY_FPE_ENCRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_FPE_DECRYPT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_SIGN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_SIGN_VERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_PINBLK_TRANSLATE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_PIN_FROM_OFFSET | PCU | Opcode inputs | Opcode outputs |
| LSPAY_DERIVE_OFFSET_FROM_PIN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_VERIFY_PIN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_PVV_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_PVV_VERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EMV_GENVERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_EMV_SECURE_MSG_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_CVV_GEN | PCU | Opcode inputs | Opcode outputs |
| LSPAY_CVV_VERIFY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_CREATE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_EXPORT_COMPONENT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_IMPORT_COMPONENT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_COMBINE_INIT | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_COMBINE_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_KEY_SHARE_ZEROIZE | PCU | Opcode inputs | Opcode outputs |
| LSPAY_MFK_GENERATE | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_GET_INFO | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_SET_PRIMARY | PCO | Opcode inputs | Opcode outputs |
| LSPAY_MFK_DELETE | PCO | Opcode inputs | Opcode outputs |
| LSPAY_FUNCTIONALITY_GET | PCO | Opcode inputs | Opcode outputs |
| LSPAY_FUNCTIONALITY_SET | PCO | Opcode inputs | Opcode outputs |
| LSPAY_EXPORT_KPK | PCU | Opcode inputs | Opcode outputs |
| LSPAY_IMPORT_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| LSPAY_VALIDATE_PUBLIC_KEY | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY_PAIR (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_GENERATE_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_CREATE_OBJECT (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_UNWRAP_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_WRAP_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_EXTRACT_MASKED_OBJECT (non-compliant) | PCU/PCO/AU | Opcode inputs | Opcode outputs |
| CN_STORE_FW_SIGNING_KEY (non-compliant) | MCO | Opcode inputs | Opcode outputs |
| CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant) | Manufacturer | Opcode inputs | Opcode outputs |
| CN_INSERT_MASKED_OBJECT (non-compliant) | PCU/PCO/AU | Opcode inputs | Opcode outputs |
| CN_ENCRYPT_SESSION (non-compliant) | UN-AUTH | Opcode inputs | Opcode outputs |
| CN_DERIVE_KEY (non-compliant) | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_GENERATE_KEY_PAIR | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_SIG_GEN | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_SIG_VERIFY | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_MULTICALL_SIG_GEN | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_MULTICALL_SIG_VERIFY | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_HYBRID_SIG_GEN | PCU | Opcode inputs | Opcode outputs |
| CN_PQC_CRYPTO_HYBRID_SIG_VERIFY | PCU | Opcode inputs | Opcode outputs |
| HPS_CREATE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| HPS_PART_FW_UPDATE_BEGIN HPS_PART_FW_UPDATE HPS_PART_FW_UPDATE_END | MCO | Opcode inputs | Opcode outputs |
| HPS_PARTITION_MGMT | MCO | Opcode inputs | Opcode outputs |
| HPS_PARTITION_INFO | MCO | Opcode inputs | Opcode outputs |
| HPS_DELETE_PARTITION | MCO | Opcode inputs | Opcode outputs |
| CN_UPDATE_LICENSE (non-compliant) | MCO | Opcode inputs | Opcode outputs |
| CN_GET_LICENSE_INFO (non-compliant) | UN-AUTH | Opcode inputs | Opcode outputs |
The host API is called, which packetizes services and calls the PCIe host driver to send the request from the host to the HSM. The HSM processes the service requests and passes the response from HSM to the host through PCIe host Driver and API. NOTE: The new API documentation 10.23-1150 also covers the API documentation version 10.02-1102, 10.23-1107 and 10.231202. Table 8 Roles, Service Commands, Input and Output
* Please refer to the API documentation for specific Opcode inputs and Opcode outputs. * The below generic services represent a set of related services:
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| CN_ZEROIZE | Zeroize all master partition and user partitions. Can be configured to be allowed by CO only, Factory-reset the master partition. zeroizes all the data except vendor- programmed certificates and SSPs. (Perform zeroization) | MCO PCO PCU AU UN-AUTH | User keys MMEK PMEK PAK KLK Partition Masking Key PAC 2FAMofNP ubK CAPubK AOAPubK Login Passwords PEK KBK POTAC POKBK POAC | None | Z | Success with fips_state = 2 or 3 |
| CN_VENDOR_ZEROIZE | Zeroize all master and user partitions. Zeroizes vendor- programmed certificates and SSPs. Zeroize types: Vendor/factory reset (Perform zeroization) | MCO | User keys FMAK FMAEK MARC MARECFM AEC MMEK MFDEK PAK PAC AOTAC POTAC POKBK POAC AOTAC OKBK AOAC SecureBo otAuth Public Key | None | Z | Success with fips_state = 2 or 3 |
| CN_APP_INITIALIZE | Registers an application with HSM. | UN-AUTH | DRBG Entropy/H ASH_DR BG Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) | E R | Success with fips_state = 2 or 3 |
| CN_APP_FINALIZE | Unregisters an application from HSM. | MCO PCO PCU AU UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_OPEN_SESSION | Management services for open, status of sessions. | MCO PCO PCU AU UN-AUTH | DRBG Entropy/H ASH_DRB G Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) | None | Success with fips_state = 2 or 3 |
| CN_CLOSE_SESSION | Closes the session. | MCO PCO PCU AU UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_GET_SESSION_INFO | Gets the session information. | MCO PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_CLOSE_ALL_SESSIONS | Management services for closing all sessions. | MCO PCO PCU AU UN-AUTH | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_CLOSE_PARTITION_SESSI ONS | Closes sessions of all applications tied to a partition. | PCO MCO | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_ENCRYPT_SESSION | Enables encrypted communication channel. | UN-AUTH | POAC PAK TLS pre- master secret TLS master secret | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) KDF TLS (CVL) (SP 800-135r1) (#A1947) ECDSA SigVer (FIPS186-4) | R E G, E G, E | Success with fips_state = 2 or 3 |
| (#A1948) | TLS session symmetric key set DRBG Entropy/H ASH_DRB G Internal State | (#A1948) | G E | |||
| CN_AUTHORIZE_SESSION | Authorizes the sessions to be used under E2E and do login. | UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_LOGIN | Allows login to a session. Public key is used to verify user signatures, optionally in 2-factor authentication. | UN-AUTH | PEK Login passwords 2FAMofNP ubK CAPubK DRBG Entropy/H ASH_DRB G Internal State | AES-CBC (SP 800-38A) (#A1947) RSA SigVer (FIPS186-4) (#A1948) PBKDF (SP 800-132) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) | E W E E E | Success with fips_state = 2 or 3 |
| CN_LOGOUT | Allows logout of a session. | MCO PCO PCU AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_ALWAYS_AUTHORIZE_USE R | Context specific explicit user authorization service for CKA_ALWAYS_AUTHENTICATE keys | PCU | PEK 2FAMofNP ubK CAPubK Login passwords | AES-CBC (SP 800-38A) (#A1947) RSA SigVer (FIPS186-4) (#A1948) PBKDF (SP 800-132) (#A1948) | E E E E | Success with fips_state = 2 or 3 |
| CN_UPDATE_USER_DETAILS | Requires user to be logged in. Updates passwords and public key for 2-factor authentication. | PCO Pre-CO | PMEK 2FAMofNP ubK PEK Login passwords DRBG Entropy/H ASH_DRB G Internal State | RSA SigVer (FIPS186-4) (#A1948) AES-CBC (SP 800-38A) (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) PBKDF (SP 800-132) (#A1948) | E W E W E | Success with fips_state = 2 or 3 |
| CN_SET_USER_ATTR | Set user attributes that control the functionality of a crypto user. | PCO | None | None | None | Success with fips_state = |
| CN_TOKEN_INFO | Gets token/module information. (Show module’s versioning information, Show status) | MCO PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTITION_INFO | Returns partition Information. (Show module’s versioning information, Show status) | MCO PCO PCU AU UN-AUTH | Partition Owner KBK (POKBK) | None | E | Success with fips_state = 2 or 3 |
| CN_GET_HSM_LABEL | Returns HSM label. | MCO PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_ALL_PARTITION_INFO | Gets information for all Partitions. (Show module’s versioning information, Show status) | MCO | Partition Owner KBK (POKBK) | None | E | Success with fips_state = 2 or 3 |
| CN_GET_POLICY_SET | Gets the current policy settings. This operation does not need authentication. | MCO PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_VERSION | Obtains firmware version. (Show module’s versioning information) | MCO PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_STORE_VENDOR_PRE_SH ARED_KEY (CN_STORE_KBK_SHARE) | Stores fixed keys (KBK) for backup. | Manufacture r PCO | MFKBK PDEK MARC MAREC AOTAC, POTAC, OKBK, POKBK, FMAK, PAK | RSA SigVer (FIPS186-4) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A1948) AES-KWP (SP 800-38F) (#A1948) | W E E E E E W W E E | Success with fips_state = 2 or 3 |
| CN_LOAD_RECOVERY_KEY_INI T CN_LOAD_RECOVERY_KEY_FI NISH | Manages loading recovery key into HSM | MCO | MCO_RK HSMEK HSMEKC | KAS-ECC- SSC SP800- 56Ar3 (#A1948) KAS-ECC SP800-56Ar3 (#A1948) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF | W E E | Success with fips_state = 2 or 3 |
| CN_SHUTDOWN | Closes and cleans the Cfm library and driver. Unregisters an application from HSM. Deletes all the sessions created within this application. Closes the device file. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_INIT_TIME | Sets the user's initial time upon receiving the HSM | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_VENDOR_TIME | Sets the vendor time on the HSM | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_TIME | Gets the RTC and System time from HSM (Show status) | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SYNC_TIME | Sets the user's time on the HSM. Also used for drift calculation and configuration. Returns useful information such as the drift between previous configured time and new time configured and the lifetime average drift observed. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_UCD_CMD | Gets the logs from UCD related to voltage rail monitoring and faults in the system. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_HSM_LOGGER_INFO | Gets the pending logs of FRAM from the HSM. (Show status) | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_INIT_TOKEN | Initializes the HSM and sets its policies and boundaries to the values specified in config_file | MCO PCO Pre-CO | MMEK PMEK DRBG Entropy/H ASH_DRB G Internal | Hash DRBG (SP 800- 90Ar1) (#A1947) | G G E | Success with fips_state = 2 or 3 |
| CN_GEN_PSWD_ENC_KEY | Generates a Password Encryption Key (PEK), which is used to wrap the user password while sending it over the FIPS boundary. | MCO PCO Pre-CO | PEK DRBG Entropy/H ASH_DRB G Internal State Host PswdEncK eyPublic Key | KAS-IFC-SSC (SP 800- 56Br2) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1 (#A1948) KDA TwoStep SP800-56Cr1 (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | G E E | Success with fips_state = 2 or 3 |
| CN_CREATE_CO | Creates Crypto Officer | MCO PCO Pre-CO | PMEK 2FAMofNP ubK PEK Login passwords DRBG Entropy/H ASH_DRB G Internal State | RSA SigVer (FIPS186-4) (#A1948) AES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948) | E W E W E | Success with fips_state = 2 or 3 |
| CN_INIT_DONE | Completes initialization of HSM/ partition. Successful initialization of HSM will reboot the HSM. | MCO PCO Pre-CO | None | None | None | Success with fips_state = 2 or 3 |
| CN_FW_UPDATE_BEGIN, CN_FW_UPDATE, CN_FW_UPDATE_END | Performs firmware update: uploads the signed firmware to the module. | MCO | Manufactu rer firmware update validation key MFUVK | RSA SigVer (FIPS186-4) (#A1948) | E E | Success with fips_state = 2 or 3 |
| CN_STORE_FW_SIGNING_KEY | Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported EC curve. | MCO | AOAPubK AOAC | RSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) | W E | Success with fips_state = 2 or 3 |
| CN_ALLOW_FW_UPDATE | Configure a lower version of FW to be allowed to be updated for certain time period and on certain HSMs | MCO | AOAPubK | RSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_INVOKE_FIPS | Performs Self tests. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_HSM_CONFIG | Sets the HSM configuration parameters | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_PARTITION | Creates a partition with the given name and size. | MCO | PAK FMAC FMAK MARC PAC | RSA KeyGen (FIPS186-4) (#A2393) RSA SigGen (FIPS186-4) (#A1948) | G E E E G | Success with fips_state = 2 or 3 |
| CN_DELETE_PARTITION | Deletes a partition and all associated keys. | MCO | None | None | Z | Success with fips_state = 2 or 3 |
| CN_BACKUP | Backs up config, users, keys, and data objects. | MCO PCO | Backup session key 2FAMofNP ubK PEK CAPubK User Keys DRBG Entropy/H ASH_DRB G Internal State | KDF SP800- 108 (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) HMAC-SHA2- 256 (FIPS 198- 1) (#A1947) SHA2-512 (FIPS 180-4) (#A1948) | G, E R R R R E | Success with fips_state = 2 or 3 |
| CN_RESTORE | Restores partition configuration, users, and keys. | MCO PCO | Backup session key 2FAMofNP ubK | AES-KW (KTS) (SP 800-38F) (#A1948) AES-CBC (SP 800-38A) (#A1948) | W, E W | Success with fips_state = 2 or 3 |
| SHA2-512 (FIPS 180-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed) | PEK Login Passwords CAPubK User Keys DRBG Entropy/H ASH_DRB G Internal State | SHA2-512 (FIPS 180-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed) | W W W W E | |||
| CN_BACKUP_OBJECT | Backs up partition key, partition CSR, PO cert, partition cert signed by PO. | MCO | Backup PAK PAC Partition masking key | AES-KW (KTS) (SP 800-38F) (#A1948) | E R R R | Success with fips_state = 2 or 3 |
| CN_RESTORE_OBJECT | Restores the backed-up object and object details. | MCO | Backup session key PAK PAC Partition masking key | AES-KW (KTS) (SP 800-38F) (#A1948) | E W W W | Success with fips_state = 2 or 3 |
| CN_SET_NODEID | Sets the cluster node ID for a partition. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_USER | Creates a new CU, CO, or AU user with the provided name and password. | PCO | PMEK 2FAMofNP ubK PEK Login passwords DRBG internal states | AES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948) RSA SigVer (FIPS186-4) (#A1948) | E W E W E | Success with fips_state = 2 or 3 |
| CN_DELETE_USER | Deletes the user with the given name. | PCO | None | None | Z | Success with |
| CN_LIST_USERS | Lists all users of the current partition. | PCO/ PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_LOGIN_FAILURE_CNT | Gets login failure count. (Show status) | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_PRE_OFFICER | Creates a pre-officer. | Pre-CO | PMEK | AES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_CREATE_APPLIANCE_USE R | Creates an Appliance User. | PCO | PMEK | AES-CBC (SP 800-38A) (#A1947) PBKDF (SP 800-132) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_OPEN_SESSION_V2 | Opens a session in HSM and returns the session handle. | UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_ENCRYPT_SESSION_V2 | Establishes E2E connection with/without client- authentication, between HSM and the CavClient/CavMgmt Util. | UN-AUTH | CAPubK POAC TLS pre- master secret TLS master secret TLS session symmetric key set DRBG Entropy/H ASH_DRB G Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDF TLS (CVL) (SP 800-135r1) (#A1947) ECDSA SigVer (FIPS186-4) (#A1948) KAS TLS (SP 800-56Ar3) | E E G, E G, E G E | Success with fips_state = 2 or 3 |
| CN_GET_SERVER_PARAMS | Gets the server parameters used in Cav-server for the server handshake messages | UN-AUTH | TLS session (E2E) ECDH key | Hash DRBG (SP 800- 90Ar1) (#A1947) ECDSA KeyGen | G E | Success with fips_state = 2 or 3 |
| (FIPS186-4) (#A2393) | POAC PAK DRBG Entropy/H ASH_DRB G Internal State | (FIPS186-4) (#A2393) | E E | |||
| CN_GET_USER_INFO | Gets user info and user attributes in TLV format for a crypto user. Memory should be allocated for user attribute template by the application calling this opcode. | PCO PCU AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_CREATE_OBJECT | Imports a public key into HSM. | PCU | User Public Keys | None | W | Success with fips_state = 2 or 3 |
| CN_GEN_KEY_ENC_KEY | Generates KLK or key encryption key. The type of key is determined by the kek_method parameter in the hsm_config file. The KLK is always a global key; | PCO | KLK Partition key loading private key KLSZ DRBG Entropy/H ASH_DRB G Internal State | ECDSA KeyGen (FIPS186-4) (#A2393) KAS-IFC-SSC (SP 800- 56Br2) (#A1948) KAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) Hash DRBG (SP 800- 90Ar1) (#A1947) CKG SP 800- 133Rev2 (Vendor affirmed) | G,E G, E G, E | Success with fips_state = 2 or 3 |
| CN_EXTRACT_MASKED_OBJEC T | Extracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning. | PCO PCU AU | User keys PEK KLK | AES-KW (KTS) (SP 800-38F) (#A1948) | R R R | Success with fips_state = 2 or 3 |
| Partition masking key | Partition masking key | E | ||||
| CN_INSERT_MASKED_OBJECT | Inserts a masked object into an HSM that Is extracted from another HSM. | PCU PCO AU | User keys PEK KLK Partition masking key | AES-KW (KTS) (SP 800-38F) (#A1948) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.A | R R R E | Success with fips_state = 2 or 3 |
| CN_DESTROY_OBJECT | Destroys key object. | PCU | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_TOMBSTONE_OBJECT | Marks the key to be deleted and makes it unusable. | PCU | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_DELETE_TOMBSTONED_O BJECT | Destroys tombstoned keys. | PCO PCU AU | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_GET_ATTRIBUTE_VALUE | Retrieves single key attribute/ metadata. | PCU | User keys | None | E | Success with fips_state = 2 or 3 |
| CN_GET_ATTRIBUTE_SIZE | Retrieves an attribute or its size from an object. | PCU | User keys | None | E | Success with fips_state = 2 or 3 |
| CN_GET_ALL_ATTRIBUTE_SIZE | Retrieves an attribute or its size from an object. | PCU | User keys | None | E | Success with fips_state = 2 or 3 |
| CN_GET_ALL_ATTRIBUTE_VAL UE | Retrieves all attributes or their size from an object. | PCU | User keys | None | E | Success with fips_state = 2 or 3 |
| CN_MODIFY_OBJECT | Uses the setAttribute command to modify object attributes. | PCO PCU | User keys | None | W | Success with fips_state = 2 or 3 |
| CN_MODIFY_KEY_OWNER | Modifies object attributes. | PCO | User keys | None | W | Success with fips_state = 2 or 3 |
| CN_GENERATE_KEY | Generates a symmetric key of given key type and length. | PCU | Symmetric User Keys | Hash DRBG (SP 800- 90Ar1) (#A1947) | G E | Success with fips_state = 2 or 3 |
| CKG SP 800- 133Rev2 (Vendor affirmed) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.A | DRBG Entropy/H ASH_DRB G Internal State | CKG SP 800- 133Rev2 (Vendor affirmed) Triple-DES SP 800-38B, no security claimed per IG 2.4.A AES-CMAC (SP 800-38B) (#A1948) SHA-1, no security claimed per IG 2.4.A | ||||
| CN_GENERATE_KEY_PAIR | Generates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return. | PCU | Asymmetri c User Keys DRBG Entropy/H ASH_DRB G Internal State | RSA KeyGen (FIPS186-4) (#A2393) ECDSA KeyGen (FIPS186-4) (#A2393) ECDSA SigGen (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) Hash DRBG (SP 800- 90Ar1) (#A1947) | G E | Success with fips_state = 2 or 3 |
| CN_EXPORT_PUB_KEY | Exports a public key in PEM- encoded format. | PCU | User keys | None | R | Success with fips_state = 2 or 3 |
| CN_GET_OBJECT_INFO | Obtains Key details like shared sessions, shared users ,and m_values of USE_KEY, MANAGE_KEY services. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_UNWRAP_KEY/ CN_UNWRAP_KEY2 | Unwraps a key with an AES/ Triple- DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. | PCU | User keys KLK | AES-KW (KTS) (SP 800-38F) (#A1948) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1 | W E | Success with fips_state = 2 or 3 |
| CN_WRAP_KEY/CN_WRAP_KE Y2 | Wraps sensitive (private and symmetric) keys from the HSM to the host. | PCU | User keys KLK | AES-KW (KTS) (SP 800-38F) (#A1948) KAS-ECC- SSC SP800- 56Ar3 (#A1947) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) KDA OneStep SP800-56Cr1 (#A1948) KDA TwoStep SP800-56Cr1 (#A1948) KTS-IFC (SP 800-56Br2) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A2393) AES-KW (KTS) (SP 800-38F) (#A1948) KTS-IFC (KTS) (SP 800- 56Br2) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP800- 38D) | R E | Success with fips_state = 2 or 3 |
| CN_NIST_AES_WRAP_UNWRA P/ CN_NIST_AES_WRAP_UNWRA P2 | Wraps/unwraps data with a specified AES key. | PCU | Symmetric User Keys | AES-KW (KTS) (SP 800-38F) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_DERIVE_KEY | Derives a key using a supported KDF mechanism with the params given by the user. | PCU | User keys | KDF SP800- 108 (#A1948) ECDSA KeyVer (FIPS186-4) (#A1948) KDA HKDF SP800-56Cr1 (#A1948) HMAC-SHA2- 256 (FIPS 198- 1) (#A1948) HMAC-SHA2- 384 (FIPS 198- 1) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1948) HMAC-SHA-1 (FIPS 198-1) (#A1948) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800- 56Ar3) KAS ANS 9.63 (SP 800- 56Ar3) | G, E | Success with fips_state = 2 or 3 |
| CN_FIND_OBJECTS_USING_C OUNT/ CN_FIND_ALL_OBJECTS_IN_R ANGE/ CN_FIND_ALL_OBJECTS/ CN_FIND_ALL_OBJECTS_USIN G_COUNT/ | Finds all key(s) in the partition based on input criteria. An array of key handles will be returned for the keys that match the input criteria specified, key class, key label, etc. Search can be requested from an index. | MCO PCO PCU AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_ADMIN_GET_PARTN_KEYH ANDLES_HASH | Gets hash of all keys for a partition. | PCO AU | User keys | SHA-1 (FIPS 180-4) (#A1948) SHA2-256 (FIPS 180-4) (#A1948) SHA2-384 (FIPS 180-4) (#A1948) SHA2-512 (FIPS 180-4) (#A1948) | E R | Success with fips_state = 2 or 3 |
| CN_GET_PARTN_SINGLE_KEY HANDLE_HASH | Gets hash of single key for a partition | PCO PCU AU | User keys | SHA-1 (FIPS 180-4) (#A1948) SHA2-256 (FIPS 180-4) (#A1948) SHA2-384 (FIPS 180-4) (#A1948) SHA2-512 (FIPS 180-4) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_ DESTROY _OBJECT | Deletes the specified object stored on the HSM. | PCU | User keys | None | Z | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_DETAI LS | Gets audit logs details | PCO AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_LOGS | Gets audit logs | PCO AU | None | SHA2-256 (FIPS 180-4) (#A1947) | None | Success with fips_state = 2 or 3 |
| CN_PARTN_GET_AUDIT_SIGN | Gets audit logs hash or RSA signature | PCO AU | PAK | SHA2-256 (FIPS 180-4) (#A1947) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) | E | Success with fips_state = 2 or 3 |
| CN_PARTN_ACK_AUDIT_SIGN | Acks previously retrieved signature. Either hash or signature needs to match with the values stored by HSM for firmware to accept the signature acknowledgment | PCO AU | None | None | None | Success with fips_state = 2 or 3 |
| CN_FINALIZE_LOGS | Finalizes logs by inserting end marker. No more loggable commands are allowed on the partition after this command is run. | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_POLICY | Sets an HSM policy | MCO PCO | None | None | None | Success with fips_state = |
| CN_NIST_AES_WRAP | Wraps data with a specified AES key. | PCU | POKBK | AES-KW (KTS) (SP 800-38F) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_ALLOC_SSL_CTX | Allocates a context segment in the HSM memory and returns its handle, which will be passed later to the processor in the final 8 bytes of the request as Cptr. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_FREE_SSL_CTX | Frees a context segment for use by another SSL connection. | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_FIPS_RAND | Generates FIPS random number of given lengths. | PCU | DRBG Entropy/H ASH_DRB G Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) | E | Success with fips_state = 2 or 3 |
| CN_ME_PKCS_LARGE | ModExp and PKCS#1v1.5 Sign and verify | PCU | Asymmetri c User Keys | RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KTS-IFC (KTS) (SP800-56Br2) (#A2393) | E | Success with fips_state = 2 or 3 |
| CN_ME_PKCS | PKCS#1v2.2 sign and verify. | PCU | Asymmetri c User Keys | RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1947) KTS-IFC (KTS) (SP800-56Br2) (#A2393) | E | Success with fips_state = 2 or 3 |
| CN_FECC | ECDSA sign and point add/ double/mul operation. | PCU | Asymmetri c User Keys | ECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC- SSC SP800- 56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800-135r1) (#A1948) EC Diffie- Hellman with | E | Success with fips_state = 2 or 3 |
| CN_HASH | Computes SHA hash. | PCU | None | SHA-1 (FIPS 180-4) (#A1947) SHA2-256 (FIPS 180-4) (#A1947) SHA2-384 (FIPS 180-4) (#A1947) SHA2-512 (FIPS 180-4) (#A1947) | None | Success with fips_state = 2 or 3 |
| CN_SHA3 | Computes SHA3 Hash | PCU | None | SHA3-224 (FIPS 202) (#A1947) SHA3-256 (FIPS 202) (#A1947) SHA3-384 (FIPS 202) (#A1947) SHA3-512 (FIPS 202) (#A1947) SHAKE-128 (FIPS 202) (#A1947) SHAKE-256 (FIPS 202) (#A1947) | None | Success with fips_state = 2 or 3 |
| CN_HMAC | Computes/verifies the MAC of a complete message. HMAC max message length supported will vary based on hash type. | PCU | Symmetric and HMAC User Keys | HMAC-SHA2- 256 (FIPS 198- 1) (#A1947) HMAC-SHA2- 384 (FIPS 198- 1) (#A1947) HMAC-SHA2- 512 (FIPS 198- 1) (#A1947) AES-CMAC (SP 800-38B) (#A1947) | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_AES_CMAC | Computes/verifies the MAC of a complete message using AES as PRF. | PCU | Symmetric and HMAC | AES-CMAC (SP 800-38B) | E | Success with fips_state = |
| Minor Opcodes are MINOR_OP_START, MINOR_OP_UPDATE and MINOR_OP_FINISH | Minor Opcodes are MINOR_OP_START, MINOR_OP_UPDATE and MINOR_OP_FINISH | User Keys | (#A1948) | 2 or 3 | ||
| CN_ENCRYPT_DECRYPT | AES/Triple-DES(* legacy use only)/AES-GCM encryption and decryption Minor Ops: GCM_INIT, GCM_UPDATE, GCM_FINAL (GCM_MINOR_OP_DEC) | PCU | Symmetric User Keys DRBG Entropy/H ASH_DRB G Internal State | AES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CTR (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) TDES-ECB (SP 800-38A) *legacy use only (#A1947) TDES-CBC (SP 800-38A) *legacy use only (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) AES-GMAC (SP 800-38D) (#A1947) | E E | Success with fips_state = 2 or 3 |
| MAJOR_OP_DECRYPT_AND_EN CRYPT_COMMAND | AES-GCM encryption and decryption Minor Ops: GCM_INIT, GCM_UPDATE, GCM_FINAL (GCM_MINOR_OP_DEC) | PCU | Symmetric User Keys DRBG Entropy/H ASH_DRB G Internal State | AES-GCM (SP 800-38D) (#A1947) Hash DRBG (SP 800- 90Ar1) (#A1947) AES-GMAC (SP 800-38D) (#A1947) | E | Success with fips_state = 2 or 3 |
| MAJOR_OP_ENCRYPT_DECRY PT_RECORD | Encrypts/decrypts records. Sends encrypted E2E request to the FW. | PCU | Symmetric User Keys DRBG Entropy/H | Hash DRBG (SP 800- 90Ar1) (#A1947) AES-GCM (SP 800-38D) | E E | Success with fips_state = 2 or 3 |
| (#A1947) | ASH_DRB G Internal State | (#A1947) | ||||
| CN_CERT_AUTH_GET_SOURC E_RANDOM | Gets the source random number required for mutual trust protocol. | PCO | DRBG Entropy/H ASH_DRB G Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) | E R | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_VALIDATE_P EER_CERTS/ CN_CERT_AUTH_VALIDATE_T ARGET_CERTS | Validates the peer certificates as part of the mutual trust protocol. | PCO | DRBG Entropy/H ASH_DRB G Internal State MARC MAC PAC AOTAC AOAC POTAC POAC | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800-56Br2) (CVL) (#A1948) | E E E E E E E E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_SOURCE_KE Y_EXCHANGE | Generate source key exchange message from the HSM. | PCO | SAZ PAK DRBG Entropy/H ASH_DRB G Internal State | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA SigVer (FIPS186-4) (#A1948) | G E E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_TARGET_KEY _EXCHANGE | Validate key exchange message from peer. Used in cert-based cloning | PCO | PAK SAZ | KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | E G | Success with fips_state = 2 or 3 |
| CN_CLONE_SOURCE_INIT | Fetch the value for the clone target initialization. | PCO | PCPK DRBG Entropy/H ASH_DRB | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA KeyGen | G E | Success with fips_state = 2 or 3 |
| (FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948) | G Internal State Partition Cloning Initiator Public Key | (FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948) | E | |||
| CN_CLONE_SOURCE_STAGE1 | Push clone target output into clone source. | PCO | CSSZ PCSK PCSMK Partition masking key Partition Cloning Responder Public Key | KAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | G G G R E | Success with fips_state = 2 or 3 |
| CN_CLONE_TARGET_INIT | Push clone source output into clone target. | PCO | PCPK DRBG Entropy/H ASH_DRB G Internal State Partition Cloning Responder Public Key Partition Cloning Initiator Public Key | Hash DRBG (SP 800- 90Ar1) (#A1947) RSA KeyGen (FIPS186-4) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948) | G E E E | Success with fips_state = 2 or 3 |
| CN_CLONE_TARGET_STAGE1 | Fetch the value for clone target end. | PCO | CSSZ PCSK PCSMK Partition masking key | KAS-ECC (KAS) (SP 800-56Ar3) ECDSA KeyVer (FIPS186-4) (#A1948) HMAC-SHA2- 512 (FIPS 198- 1) (#A1947) AES-KW | G G G W | Success with fips_state = 2 or 3 |
| CN_LIST_AUTH_PUB_KEYS | List all registered user auth pub keys. | PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_M_VALUE | Gets minimum number of quorum approvals needed for a service in a partition | PCO PCU AU UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_TOKEN | Gets a token from the partition for a given service. | PCO PCU | DRBG Entropy/C TR_DRBG Internal State | Counter DRBG (SP 800- 90Ar1) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_APPROVE_TOKEN | Submit approvals on token, approval could be on a single or multiple blobs. | PCO PCU | 2FA MofNPubk ey | RSA SigVer (FIPS186-4) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_LIST_TOKENS | List all MofN tokens in the current partition. | PCO PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_TOKEN_TIMEOUT | Get the timeout values of the tokens in the partition. | PCO PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_DELETE_TOKEN | Deletes the existing MxN tokens based on the token-delete options. | PCO PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_FRAMLOG_CMD | It is status output of the module for critical messages | UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CFG_PREGEN_CACH E_SZ | Set configured pre generated keys cache size | MCO PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CFG_PREGEN_CACH E_VAL | Returns the key count in pre generated key cache | MCO PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_LIST_UNLINKED_OBJECTS | Return the total tombstone sessions, keys and contexts | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_PARTN_FINGERPRINT | Returns the fingerprint of partition keys, users and objects | MCO PCO | User keys, PAC, POTAC, PAK | SHA2-256 (FIPS 180-4) (#A1948) | E | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_GET_CERT | Fetches certificates stored on the HSM. Certificates like VENDOR_CERT HSM_CERT PARTITION_OWNER_CERT PARTITION_CERT PARTITION_CERT_ISSUED_BY_HSM HSM_OWNER_CERT HSM_CERT_ISSUED_BY_HO | MCO/PCO/ PCU/AU/UN -AUTH | MARC FMAC POAC POTAC PAC AOAC AOTAC | None | R R R R R R R | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_STORE_CERT | Store the partition owner certificate or the partition certificate signed by the partition owner or HSM certificate signed by vendor, HSM owner certificate and HSM certificate signed by HSM owner. | MCO PCO | AOTAC POTAC AOAC POAC | RSA SigVer (FIPS 186-4) [#A1948] ECDSA SigVer(FIPS18 6-4) [#A1948] | W W W W | Success with fips_state = 2 or 3 |
| CN_GET_KBK_SLOT_INFO | Get the stored fixed (KBK) keys ekcv information | MCO PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SET_KBK_PRIMARY | Set the latest stored fixed (KBK) key as the primary key for backup. | MCO PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_SHARE_OBJECT | Share an object between users. | PCU | User Keys | None | W | Success with fips_state = 2 or 3 |
| CN_UNLOCK_CO | On providing response(signature) over the challenge thrown by HSM/Partition during CN_GET_CHALLENGE_CO (CfmGetChallengeCO), session will be marked with "unlock" privileges, allowing the user to generate PEK, zeroizeHSM and change the CO's self password. Session will remain in unlocked state only for 120 seconds. | UN-AUTH | POAC AOAC | RSA SigVer (FIPS 186-4) [#A1948] | E | Success with fips_state = 2 or 3 |
| CN_UNLOCK_USER | Unlock CU or AU user that got locked up due to invalid login attempts | MCO PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_CORE_DUMP | To retrieve the binary core dump | UN-AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_MODULE_INFO | To retrieve board names and hardware versions (how module’s versioning information, Show Status) | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_WRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH _DERIVED_KEY, KBK) | Wrap KBK out of the HSM | PCO | KBK | AES-KW (KTS) (SP 800-38F) (#A1948), AES-KWP (KTS) (SP 800-38F) (#A1948) | R | Success with fips_state = 2 or 3 |
| CN_UNWRAP_KBK (Modes: KBK_WRAP_WITH_KEK, KBK_WRAP_WITH_CERT_AUTH _DERIVED_KEY) | Unwraps KBK into the HSM | PCO | KBK | AES-KW (KTS) (SP 800-38F) (#A1948), AES-KWP (KTS) (SP 800-38F) (#A1948) | W | Success with fips_state = 2 or 3 |
| CN_GET_CHALLENGE_CO | Gets a challenge to be signed by either HSM/Partition's owner to move the session to "unlocked" state using "unlockco" command. | UN-AUTH | POAC AOAC PAK FMAC FMAK DRBG Entropy/CT R_DRBG Internal State | RSA SigGen (FIPS186-4) (#A1948) Counter DRBG (SP 800- 90Ar1) (#A1948) | R R E R E E | Success with fips_state = 2 or 3 |
| CN_SET_M_VALUE | Set the current M value for a CO service. | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_GET_CERT_R EQ | Get the partition or HSM Certificate Signing Request (CSR). | MCO/PCO/ PCU/AU/ UN-AUTH | AOAC POAC | None | R R | Success with fips_state = 2 or 3 |
| CN_CERT_AUTH_REMOVE_CE RT | Stores or removes the Partition TA cert | PCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_UPDATE_LICENSE | Performs license update: uploads the license file and its signature file. | MCO | Manufactu rer License Validation Key (MLVK) | RSA SigVer (FIPS 186-4) [#A1948] | E | Success with fips_state = 2 or 3 |
| CN_GET_LICENSE_INFO | Gets data from license file | MCO | None | None | None | Success with fips_state = 2 or 3 |
| CN_GET_DIAGLOG | Status output of the module for Critical, System and FRAM logs | MCO/UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_NOR_HUK_OP | Shows the status of HUK in NOR Flash | MCO/UN- AUTH | None | None | None | Success with fips_state = 2 or 3 |
| CN_APP_CLEANUP | Closes an application from HSM Partition | MCO/PCO/ PCU/AU/UN -AUTH | User Keys | None | Z | Success with fips_state = 2 or 3 |
| CN_APP_CLEANUP_V2 | Closes multiple applications from HSM Partition | MCO/PCO/ PCU/AU/UN -AUTH | User Keys | None | Z | Success with fips_state = 2 or 3 |
| CN_SAFE_REBOOT | Restarts the HSM or specific partition | UN-AUTH | User Keys | None | Z | Success with |
| CN_GET_ALL_PARTITION_INFO | Diagnostic information for all the HSM Partition | None | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARK_OBJECT | Park based on parkable attributes | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_UNPARK_OBJECT | Unpark based on parkable attributes | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_GENERATE_PBE_KEY | Generate PBE DES3 key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file. | PCU | Counter DRBG Allowed Per IG 2.4.A/ PBE | Success with fips_state = 0 | ||
| LSPAY_GENERATE_ASYMM_KEY | Generates RSA KEY Pair (mod_len>= 2048-bit). Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP) | PCU | RSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_GENERATE_SYMM_KEY | Generates symmetric key AES/ TDEA keys used for LSPay operations | PCU | Counter DRBG Allowed Per IG 2.4.A | Success with fips_state = 0 | ||
| LSPAY_EXPORT_PUBLIC_KEY | Exports public key for RSA BYOK. | PCU | N/A | Success with fips_state = 0 | ||
| LSPAY_IMPORT_KPK | Imports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key. | PCU | RSA (non-compliant), EC-AES / ECDH KDF | Success with fips_state = 0 |
(SP 80090Ar1) E R Z Z Z (SP 80090Ar1) Z (SP 80090Ar1) R E G, E G, E
E E (SP 800AOTAC, r E E E E W W E T KAS-ECCSSC SP80056Ar3 E E W E E
G E E (SP 80090Ar1) HKDF (SP80056Br2) W W E E E E E
W E E G E E E G (SP 80090Ar1) Z G, E R HMAC-SHA2256 (FIPS 198PEK R R R E W, E W
E E R (SP 80090Ar1) E E TLS premaster G, E KAS-ECCSSC SP80056Ar3 G, E G E G (SP 80090Ar1) E
E E W G,E G, E G, E HKDF (SP80056Br2) (SP 80090Ar1) T R R R
G 2.4.A 2.4.A E (SP 80090Ar1) R W E KAS-ECCSSC SP80056Ar3
(SP 80056Br2) 2.4.A 2.4.A (SP 80056Ar3) (SP 80056Br2) (KTS) (SP80038D)
(SP 80056Ar3) D.G D.G R E KAS-ECCSSC SP80056Ar3 (SP 80056Br2) (SP 80056Br2) (KTS) (SP80038D)
E G, E (SP 80056Ar3) (SP 80056Ar3) P/ (SP 80056Ar3) (SP 80056Ar3)
E (SP 80090Ar1) E E E E KAS-ECCSSC SP80056Ar3
E E (SP 80090Ar1) E E (SP 80090Ar1) E
(SP 80090Ar1) E (SP 80090Ar1) E E E E E E E R E (SP 80090Ar1) G E E HKDF (SP80056Br2) E G (SP 80090Ar1) G E
E G G G R HKDF (SP800Key E (SP 80090Ar1) G E E E G G G W
W R R (SP 800FMAK E R E E R E R MCO/UNAUTH MCO/UNAUTH Z
| Name | Description | Roles | Csps Accessed | Approved Functions | Access | Indicator |
|---|---|---|---|---|---|---|
| CN_GET_ALL_PARTITION_INFO | Diagnostic information for all the HSM Partition | None | None | None | None | Success with fips_state = 2 or 3 |
| CN_PARK_OBJECT | Park based on parkable attributes | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_UNPARK_OBJECT | Unpark based on parkable attributes | PCU | None | None | None | Success with fips_state = 2 or 3 |
| CN_GENERATE_PBE_KEY | Generate PBE DES3 key with the given password, salt, and iteration count. Make sure that HSM is initialized with fips_state=0. The fips_state parameter can be found in the hsm_config file. | PCU | Counter DRBG Allowed Per IG 2.4.A/ PBE | Success with fips_state = 0 | ||
| LSPAY_GENERATE_ASYMM_KEY | Generates RSA KEY Pair (mod_len>= 2048-bit). Generates EC KEY PAIR (Curves: Nist P256, 224, 384, 521, Brain pool, x25519/448 and Decp256K1 and FRP) | PCU | RSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_GENERATE_SYMM_KEY | Generates symmetric key AES/ TDEA keys used for LSPay operations | PCU | Counter DRBG Allowed Per IG 2.4.A | Success with fips_state = 0 | ||
| LSPAY_EXPORT_PUBLIC_KEY | Exports public key for RSA BYOK. | PCU | N/A | Success with fips_state = 0 | ||
| LSPAY_IMPORT_KPK | Imports OAEP wrapped or ECDH_AES_PAD wrapped symmetric key. | PCU | RSA (non-compliant), EC-AES / ECDH KDF | Success with fips_state = 0 | ||
| LSPAY_IMPORT_KEY | Import symmetric or asymmetric keys. Wrap mech: TR31, AES_CBC, AES_CBC_PAD. | PCU | AES (non-compliant) Triple-DES (non-compliant). | Success with fips_state = 0 | ||
| LSPAY_IMPORT_TR34_KEY | Import symmetric keys using TR- 34 unwrap. | PCU | RSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_EXPORT_KEY | Exports symmetric key wrapped with TR31/AES_CBC/ AES_CBC_PAD. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_EXPORT_TR34_KEY | Exports symmetric keys wrapped with TR34 mechanism | PCU | RSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_TRANSLATE_KEY | Translates wrapped key from on KPK to other KPK. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_IMPORT_CERTIFICATE | Imports peer’s certificate to read public key required in TR34. Import X901 certificate into HSM. | PCU | N/A | Success with fips_state = 0 | ||
| LSPAY_IMPORT_DECIMAL_TABLE | Imports encrypted decimal table to be used in PIN APIs to decimalize native PIN. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_GENERATE_CSR | Create CSR with given key pair. | PCU | RSA (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_DERIVE_KEY | Derives DUKPT working key from the BDK. | PCU | AES (non-compliant) DES Triple-DES (non-compliant)) | Success with fips_state = 0 | ||
| LSPAY_ENCRYPT | Encrypts input data or PIN. | PCU | AES (non-compliant) Triple-DES (non-compliant) DES Double-DES | Success with fips_state = 0 | ||
| LSPAY_DECRYPT | Decrypts input data or PIN. | PCU | AES (non-compliant) Triple-DES (non-compliant) DES Double-DES | Success with fips_state = 0 | ||
| LSPAY_DECRYPT_THEN_ENCRYPT | Decrypts the input cipher text with one key and encrypts with another key. | PCU | AES (non-compliant) Triple-DES (non-compliant) DES Double-DES | Success with fips_state = 0 | ||
| LSPAY_MAC_GEN | Computes MAC on input data. Algorithm used: DES/Triple-DES | PCU | DES MAC Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_MAC_VERIFY | Verifies MAC with calculated AMC on input data. | PCU | DES MAC Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_MAC_TRANSLATE | Translates MAC by using new key on input data. | PCU | DES MAC Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_FPE_ENCRYPT | Performs FPE FF1/FF3-1 encrypt operation on input data. | PCU | AES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_FPE_DECRYPT | Performs FPE FF1/FF3-1 decrypt operation on input data. | PCU | AES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_SIGN | Performs sign and verify on input data. | PCU | RSA (non-compliant) EDDSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_SIGN_VERIFY | Verifies sign on input data. | PCU | RSA (non-compliant) EDDSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_PINBLK_TRANSLATE | Decrypts the input PIN using decryption key, translates to | PCU | AES (non-compliant) | Success with fips_state = 0 | ||
| given PIN format and encrypts with another key. | given PIN format and encrypts with another key. | Triple-DES (non-compliant) RSA (non-compliant) | ||||
| LSPAY_DERIVE_PIN_FROM_OFFSET | Derive PIN from given offset. Encrypts validation data with DES EDE. Derives native PIN, then offset will be added to derive IBM PIN. PIN will be encoded in given ISO format. Encrypt encoded PIN with PIN encryption key. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_DERIVE_OFFSET_FROM_PIN | Generates IBM offset from given PIN Decrypt and decode received PIN. Generate native from given validation data. Subtract decoded PIN from native PIN t to get PIN offset. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_VERIFY_PIN | Verifies given PIN . Decrypt and decode received PIN. Generate native from given validation data. Add offset to native PIN. Compare resultant PIN with received PIN. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_PVV_GEN | Perform PVV generation on PIN and PAN data. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_PVV_VERIFY | Verifies given PVV. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_EMV_GENVERIFY | Perform EMV crypto operations. Generate ARPC. Generate or Verify ARQC. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_EMV_SECURE_MSG_GEN | Generates MAC over secure message. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_CVV_GEN | Generates CVV, CVV2, iCVV on given card details. | PCU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_CVV_VERIFY | Verifies CVV with given card details | PCU | Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_CREATE | Creates components of Key | PCU | Shamir’s key share algorithm | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_EXPORT_COMPONE NT | Exports created components in encrypted format | PCU | AES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_IMPORT_COMPONE NT | Imports component of the key. | PCU | AES (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_COMBINE_INIT | Starts combine key init. | PCU | N/A | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_COMBINE_KEY | Combines all components of the key. | PCU | Shamir’s key share algorithm | Success with fips_state = 0 | ||
| LSPAY_KEY_SHARE_ZEROIZE | Erases all components of the key. | PCU | N/A | Success with fips_state = 0 | ||
| LSPAY_MFK_GENERATE | Generates MFK key. | PCO | Counter DRBG Allowed Per IG 2.4.A | Success with fips_state = 0 | ||
| LSPAY_MFK_GET_INFO | Returns MFK information for partition. | PCO | N/A | Success with fips_state = 0 | ||
| LSPAY_MFK_SET_PRIMARY | Sets MFK as primary. | PCO | N/A | Success with fips_state = 0 | ||
| LSPAY_MFK_DELETE | Deletes MFK. | PCO | N/A | Success with fips_state = 0 | ||
| LSPAY_FUNCTIONALITY_GET | Gets status of enabled/disabled | PCO | N/A | Success with | ||
| LSPay services | LSPay services | fips_state = 0 | ||||
| LSPAY_FUNCTIONALITY_SET | Enable/Disable services | PCO | N/A | Success with fips_state = 0 | ||
| LSPAY_EXPORT_KPK | Export a Key Block Protection Key (KBPK) | PCU | RSA (non-compliant), EC-AES / ECDH KDF | Success with fips_state = 0 | ||
| LSPAY_IMPORT_PUBLIC_KEY | Import an RSA public key | PCU | RSA (non-compliant) | Success with fips_state = 0 | ||
| LSPAY_VALIDATE_PUBLIC_KEY | Validates the RSA public key | PCU | RSA (non-compliant) | Success with fips_state = 0 | ||
| CN_GENERATE_KEY_PAIR (non-compliant) | Generates asymmetric keys (RSA/ ECC). Updates the public and private key handles in the output on return. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed along with all odd public exponent i.e. even lesser than 65537. • NID_X9_62_prime192v 1/NID_sect163k1/NID_ED255 19/ • NID_sect163r2 /NID_secp192k1/NID_brainpo olP160r1/ • NID_brainpoolP192r1 /NID_X25519/ • NID_X448 | PCU | RSA (non-compliant) ECDSA (non-compliant) KAS-ECC (non-compliant) ML-KEM (non-compliant) ML-DSA (non-compliant) | Success with fips_state = 0 | ||
| CN_GENERATE_KEY (non-compliant) | Generates a symmetric key of given key type and length. Caveats in Non-Approved apart from approved mode: DES token key is allowed. | PCU | Counter DRBG Allowed Per IG 2.4.A | Success with fips_state = 0 | ||
| CN_CREATE_OBJECT (non-compliant) | Imports a public key into HSM. Caveats in Non Approved apart from approved mode: • RSA 1024 bits allowed • NID_ED25519/ NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1/ NID_X25519/NID_X448 | PCU | None | Success with fips_state = 0 | ||
| CN_UNWRAP_KEY (non-compliant) | Unwraps a key with an AES/ Triple-DES/RSA private key existing on HSM or KLK. Takes the output wrapped data of wrapKey2 command. Caveats in Non Approved apart from approved mode: • RSA 1024 bit • RSA PKCS1V1.5 Unwrap • NID_X9_62_prime192v1/ NID_sect163k1/ NID_ED25519/ • NID_sect163r2 / NID_secp192k1/ NID_brainpoolP160r1/ • NID_brainpoolP192r1 / NID_X25519/ • NID_X448 • Triple-DES | PCU | RSA (non-compliant), EC-AES / ECDH KDF AES (non-compliant) Triple-DES (non-compliant) ML-KEM (non-compliant) | Success with fips_state = 0 | ||
| CN_WRAP_KEY (non-compliant) | Wraps sensitive (private and symmetric) keys from the HSM to the host. Caveats in Non Approved apart from approved mode: • AES-ECB mode • AES-CBC mode • AES-CBC-PAD mode • Triple-DES ECB mode • Triple-DES CBC mode • Triple-DES NIST Wrap mode • RSA-PKCS1V1.5 Wrap | PCU | AES (non-compliant) Triple-DES (non-compliant) RSA (non-compliant) ML-KEM (non-compliant) | Success with fips_state = 0 | ||
| CN_EXTRACT_MASKED_OBJECT (non- compliant) | Extracts a masked object; i.e., retrieves an object by wrapping it with a masking key shared by the process of cloning. | PCU PCO AU | AES (non-compliant) | Success with fips_state = 0 | ||
| CN_STORE_FW_SIGNING_KEY (non- compliant) | Configure an RSA or EC public key into HSM as AO attestation key. These keys can be of modulus 1024, 2048, 3072, and 4096 or a supported 256 bits, 384 bits or 521 bits EC curve . Caveats in Non Approved is 192- bit curves supported | MCO | RSA (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| CN_ME_PKCS_LARGE (non-compliant) CN_ME_PKCS (non-compliant) | ModExp and PKCS#1v1.5 and PKCS#1v2.2 Sign and verify. PKCS#1v1.5 and PKCS#1v2.2 encrypt and decrypt | PCU | RSA (non-compliant) | Success with fips_state = 0 | ||
| CN_STORE_VENDOR_PRE_SHARED_KEY (CN_STORE_KBK_SHARE) (non-compliant) | Stores fixed keys (KBK) for backup. Including PKCS#1v1.5 | Manufacture r | RSA (non-compliant) AES (non-compliant) | Success with fips_state = 0 | ||
| CN_INSERT_MASKED_OBJECT (non- compliant) | Inserts a masked object into an HSM that Is extracted from another HSM. | PCU PCO AU | AES (non-compliant) Triple-DES (non-compliant) | Success with fips_state = 0 | ||
| CN_ENCRYPT_SESSION (non-compliant) | Enables encrypted communication channel. Caveat is Non Approved mode allow the additional Cipher suite E2E_RSA_AES128_GCM_SHA2 56 , E2E_RSA_AES128_GCM_SHA3 | UN-AUTH | RSA (non-compliant), EC-AES / ECDH KDF ML-KEM (non-compliant) | Success with fips_state = 0 | ||
| CN_DERIVE_KEY (non-compliant) | Derives a key using a supported KDF mechanism with the params given by the user. | PCU | AES (non-compliant) Triple-DES (non-compliant) RSA (non-compliant) EC-AES / ECDH KDF ML-KEM (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_GENERATE_KEY_PAIR | Generates the Post quantum asymmetric key pair (ML-KEM and ML-DSA). | PCU | ML-KEM (non-compliant) ML-DSA (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_SIG_GEN | Generates a signature using ML- DSA algorithm. | PCU | ML-DSA (non-compliant) Hash DRBG (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_SIG_VERIFY | Verifies a signature using ML- DSA algorithm. | PCU | ML-DSA (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_MULTICALL_SIG_GEN | Generates a signature using ML- DSA algorithm. Minor Ops: MINOR_OP_START, MINOR_OP_UPDATE, and MINOR_OP_FINISH | PCU | ML-DSA (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_MULTICALL_SIG_VERI FY | Verifies a signature using ML- DSA algorithm. Minor Ops: MINOR_OP_START, MINOR_OP_UPDATE, and MINOR_OP_FINISH | PCU | ML-DSA (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_HYBRID_SIG_GEN | Generates a signature using ML- DSA and ECDSA sign algorithm. | PCU | ML-DSA (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| CN_PQC_CRYPTO_HYBRID_SIG_VERIFY | Verifies a signature using ML- DSA and ECDSA sign algorithm. | PCU | ML-DSA (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| HPS_CREATE_PARTITION | Creates a Platform partition with the given name. | MCO | AES (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| HPS_PART_FW_UPDATE_BEGIN HPS_PART_FW_UPDATE HPS_PART_FW_UPDATE_END | Update the Platform firmware for the given partition. | MCO | RSA (non-compliant) ECDSA (non-compliant) | Success with fips_state = 0 | ||
| HPS_PARTITION_MGMT | Handles the commands for Platform partition firmware life cycle such as START, STOP and STATUS | MCO | None | Success with fips_state = 0 | ||
| HPS_PARTITION_INFO | Gets the Platform partition firmware information such as version, status, memory, CPU, etc. | MCO | None | Success with fips_state = 0 | ||
| HPS_DELETE_PARTITION | Deletes a Platform partition and all associated data. | MCO | None | Success with fips_state = 0 | ||
| CN_UPDATE_LICENSE (non-compliant) | Performs license update: uploads the license file and its signature file. | MCO | RSA (non-compliant) | Success with fips_state = 0 | ||
| CN_GET_LICENSE_INFO (non-compliant) | Gets data from license file | UN-AUTH | None | Success with fips_state = 0 |
Indicator for Approved services: The indicator is success for all Approved services when the partition is operated in the approved mode. The following codes are used G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroize: The module zeroizes the SSP. Approved services that also support the use of non-approved security functions are enumerated in the Non-Approved Services table below with their supported non-approved security functions. Table 11 Non-Approved Services 2.4.A
The indicator is success for all non-approved services only when the partition is operated in the non-approved mode. The nonapproved services will fail FIPS POLICY MISMATCH when partition is operated in the approved mode.
| Recommended Frequency of | ||
|---|---|---|
| Physical Security Mechanism | Inspection/Test Guidance Details | |
| Inspection/Test |
Firmware Security Firmware integrity is verified by the bootloader during the boot up using EDC (CRC32) for itself and using RSA 2048 signatures and SHA-256 for next level image. The integrity test can be run on-demand by resetting the module by power-cycling it or by PCIe function reset. As part of firmware load operation, the new firmware’s integrity and authenticity is verified by the active firmware using RSA 2048 signatures and SHA-256. Operational Environment The module implements a limited operational environment running SMP Linux operating system on 64-bit Armv8.2-based control processor. FIPS 140-3 Area 6 Operational Environment requirements do not apply to the module in this validation. Any firmware loaded into this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. The module is a hardware module with a limited operational environment and Physical Security Level 3. 7.1 The module’s cryptographic boundary is defined to be the outer perimeter of the hard epoxy enclosure containing the hardware and firmware components. The module is opaque and completely conceals the internal components of the cryptographic module. The epoxy enclosure of the module prevents physical access to any of the internal components without having to destroy the module. There are no operator required actions. Note: The module’s hardness testing was only performed at ambient temperature (23°C); no assurance is provided for Level 3 hardness conformance at any other temperature. 7.2 Tamper Evidence The module is coated in hard epoxy, such that any physical breach attempt leaves behind evidence of tamper. This is shown in the figure below. Figure 3 Cryptographic Module Showing Tamper Evidence While the module is designed to prevent successful tampering (any physical breach to module circuitry is likely to destroy the module, as per FIPS 140-3 Level 3 Physical Security requirements), the module should still be checked periodically for attempts. Guidelines are provided in the table below. Table 12 Physical Security Inspection Guidelines
| Epoxy Coating | 12 Months | Examine surface of module for scratched or damaged epoxy, especially if circuitry shows. |
|---|---|---|
| Battery life | 6 Months | If the HSM has not been powered on in the last six months, then power it on for at least an hour. |
| Temperature or voltage | Specify if This Condition Results | ||
|---|---|---|---|
| Specify EFP or EFT | |||
| measurement | in a Shutdown or Zeroization | ||
| Low Temperature | -13C (Junction temperature) | EFP | Shutdown |
| High Temperature | 100C (Junction temperature) | EFP | Shutdown |
| Low Voltage | 3.01V (PCIe 3.3V Aux) 3.08V (PCIe 3.3V Rail) 10.9V (PCIe 12V Rail) | EFP | Shutdown |
| High Voltage | 3.68V (PCIe 3.3V Aux) 3.75V (PCIe 3.3V Rail) 13.5V (PCIe 12V Rail) | EFP | Shutdown |
| Hardness-Tested Temperature Measurements | |
|---|---|
| Low Temperature | -13C (Junction temperature) |
| High Temperature | 100C (Junction temperature) |
If the module is found to be meaningfully damaged or tampered with (e.g., circuitry is showing or other significant damage has occurred), it should be removed from use and destroyed. Table 14 Hardness Testing Temperature Ranges Non-Invasive Security N/A due to the module not claiming to implement any non-invasive security protection mechanisms. Sensitive Security Parameter Management 9.1 Definition of Critical Security Parameters (CSPs) The Manufacturer FIPS Data Encryption Key (MFDEK) and HSM Master Partition Master Encryption Key are stored in plaintext form in eMMC Flash. The Partition Master Encryption Key (PMEK) is stored encrypted under the HSM Master Partition Master Encryption Key. All other keys and CSPs stored in the persistent memory are encrypted by the MFDEK, HSM Master Partition Master Encryption Key, or PMEK. All general purpose user CSPs are generated/created by the PCU, and these CSPs can be shared between multiple PCUs. In Table 15, the following notations are used to indicate the type of zeroization: D = Manually zeroized (via CN_DESTROY_OBJECT service) E = Zeroized right after use (Memory is wiped with zeros, immediately after use) MFZ = Zeroize all Partitions’ SSPs, including the HSM adapter owner programmed ones (Brings HSM to factory state. Factory reset via CN_ZEROIZE service with factory-reset as argument with MCO credentials) MZ = Zeroize all Partitions’ SSPs, except vendor programmed ones (Master Partition Regular CN_ZEROIZE) PD = Zeroize all SSPs in the Partition and then delete the User Partition (via CN_DELETE_PARTITION service) PFZ = Zeroize all SSPs in the Partition (Factory reset via CN_ZEROIZE service with factory-reset as argument with PCO credentials)
| Name | Strength | Security Function | Generation | Establishment | Storage | Zeroization | Use | Import Export |
|---|---|---|---|---|---|---|---|---|
| DRBG Entropy (OCTEON HW RBG) | 256-bit | ENT (P) (SP 800- 90B) | ENT (P) (SP 800-90B) | SSP Generation | N/A | PZ MZ MFZ PFZ PD VZ | The entropy input string and seed for the Approved DRBG. Each version of the DRBG has its own DRBG Entropy CSP. | N/A |
| CTR_DRBG Internal State (V and Key) | 256-bit | Counter DRBG (SP 800-90Ar1) (#A1948) | (Derived Entropy from HW) | SSP Generation | N/A | PZ MZ MFZ PFZ PD VZ | The internal state (V, Key) for the Counter DRBG. | N/A |
| HASH_DRBG Internal State (V and C) | 256-bit | Hash DRBG (SP 800-90Ar1) (#A1947) | Derived Entropy from Counter DRBG (SP800- 90Ar1) (#A1948)) | SSP Generation | N/A | PZ MZ MFZ PFZ PD VZ | The internal state (V,C) for the Hash DRBG. | N/A |
| Manufacturer FIPS Data Encryption Key (MFDEK) | 256-bit | AES-CBC (SP 800-38A) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP generation | NOR (plaintext) | VZ | Use: AES 256-bit key used to encrypt manufacturer keys stored in persistent storage of the HSM. Related keys: FMAK, PAK, MFKBK, OKBK,POKBK, FMAEC, FMAEK | No |
| HSM Master Partition Master Encryption Key (MMEK) | 256-bit | AES-CBC (SP 800-38A) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP generation | MCU (plaintext) | MZ | Use: AES 256-bit key used to encrypt Master Partition CSPs and authentication data stored in persistent storage of the HSM. Related keys:PMEK | No |
| Partition Master Encryption Key (PMEK) | 256-bit | AES-CBC (SP 800- 38A) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP Generation | eMMC flash (Encrypted by MMEK, AES-CBC #A1948) | PZ | Use: AES 256-bit key used to encrypt partition CSPs and authentication data stored in persistent storage of the HSM | No |
| Partition Data Encryption Key (PDEK) | 256-bit | AES-KWP (SP 800-38F) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP Generation | eMMC flash (Encrypted by MMEK, AES-CBC #A1948) | PD | Use: AES 256-bit key used to wrap PAK and POKBK | No |
| HSM FIPS Master Authentication Key (FMAK) | 150-bit | RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) | SSP generation | NOR flash (Encrypted by MMEK, AES-CBC #A1948) | VZ | Use: A unique 4096-bit RSA private key. Used to identify the HSM when in the FIPS operating mode. | No |
| KTS-IFC (KTS) (SP 800-56Br2) (#A1948) | KTS-IFC (KTS) (SP 800-56Br2) (#A1948) | (#A1948) | Related keys: PAC, FMAC | |||||
| HSM FIPS Master Authentication ECC Key (FMAEK) | 256-bit | ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP generation | NOR flash (Encrypted by MMEK, AES-CBC #A1948) | VZ | Use: A unique ECC P521 private key. Used to identify the HSM when in the FIPS operating mode. Related keys: PAC, FMAC | No |
| HSM Endorsement ECC Key (HSMEK) | 128-bit | ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP generation | NOR flash (Encrypted by MMEK, AES-CBC #A1948) | VZ | Use: A unique ECC P256 private key. Used to identify the HSM when in the FIPS operating mode. Related keys: PAC, FMAC | No |
| Partition Authentication Key (PAK) | 112-bit | RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) | SSP generation | eMMC flash (Encrypted by PDEK, AES-CBC #A1948) | PD | A unique 2048-bit RSA private key used to identify the HSM partition | No |
| Secure Auth Shared Secret (SAZ) | 112-bit | KDF SP800-108 (#A1948) | KAS (SP800- 56Br2) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | Key agreement | In memory (plaintext) | S | Shared secret Z for SP 800- 56Br2 KAS2, using PAK and POAC | No |
| PswdEncKey (PEK) | 256-bit | AES Cert A1948, Key unwrapping, per IG D.G AES-CBC (SP 800- 38A) (#A1948) | KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | Key agreement | In memory (Encrypted by PMEK, AES-CBC #A1948) | PZ | AES-256 key for encrypting user passwords during user creation and authentication. | No |
| Login Passwords | 8 to 32 Character s | PBKDF (SP 800- 132) (#A1948) | N/A | Key Transport | In eMMC Flash (Encrypted by PMEK, AES-CBC #A1948) | PD | String of 8 to 32 alphanumeric characters. | Yes (import) (Encrypted by PEK, AES-CBC #A1948) |
| Partition Key Loading Private Key | 256-bit | KAS-ECC SP800- 56Ar3 (#A1948) KAS-IFC-SSC (SP 800-56Br2) (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) [#A2393 ] RSA KeyGen (FIPS186- 4) (#A2393) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep | SSP generation | In memory (plaintext) | E | ECC 521-bit or RSA 2048-bit key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 to agree on Z during key loading. | No |
| Partition Key Loading Shared Secret (KLSZ) | 256-bit | KDF SP800-108 (#A1948) | KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | Key agreement | In memory (plaintext) | E | Shared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2. | No |
| Partition Key Loading Key (KLK) | 256-bit | AES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (SP 800-38D) (#A1947) | KAS KDA HKDF (SP 800-56Ar3) KAS-IFC HKDF (SP800- 56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | Key agreement | eMMC flash (encrypted by PMEK, AES-CBC #A1948) | PZ | A 256-bit AES key derived from Z; used to decrypt the imported CSPs. | No |
| Manufacturer FIPS Key Backup Key (MFKBK) | 256-bit | KDF SP800-108 (#A1948) | No | Key transport | eMMC flash (encrypted by MMEK, AES-KWP #A1948) | VZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948) |
| HSM Owner KBK (OKBK) | 256-bit | KDF SP800-108 (#A1948) | No | Key transport | eMMC flash (encrypted by MMEK AES-KWP #A1948) | MFZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948) |
| MCO Recovery Key (MCO_RK) | 256-bit | AES-KW (KTS) (SP 800-38F) (#A1948) | No | Key transport | MCU (plaintext) | MFZ VZ | AES 256-bit key used to double encrypt the manufacturer keys. | Yes (Import) AES-KW (KTS) (SP 800-38F) (#A1948) |
| Partition Owner KBK (POKBK) | 256-bit | KDF SP800-108 (#A1948) | No | Key transport | eMMC flash (encrypted by PDEK AES-KWP (#A1948) | MZ | AES 256-bit key used to derive KBK. | Yes (Import) KTS-IFC (KTS) (SP800-56Br2) (#A1948) |
| HSM Key Backup Key (KBK) | 256-bit | AES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) | KDF SP800-108 (#A1948) | Key derivation/ SSP generation | eMMC flash (Encrypted by MMEK AES-KW #A1948) | MZ | Key used to encrypt/decrypt the backup session key. | No |
| Backup session key | 256-bit | AES-CBC (SP 800-38A) (#A1948) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP800-90Ar1) (#A1948) | SSP generation | In memory (plaintext) | E | Key used to backup and restore partition data. | No |
| Partition | 256-bit | AES-KW (KTS) | CKG SP 800-133Rev2 | SSP | eMMC flash | PZ | AES-256 key for key wrapping. | No |
| masking key | (SP 800-38F) (#A1948) | Section 6.1 Direct symmetric key generation using unmodified DRBG output Counter DRBG (SP800-90Ar1) (#A1948) | generation | (encrypted by PMEK, AES-CBC #A1948) | Used to import/export CSPs and masked objects. | |||
| Partition Cloning Private Key (PCPK) | 256-Bit | KAS-ECC (KAS) (SP 800-56Ar3) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A1948) RSA KeyGen (FIPS186- 4) (#A1948) | SSP generation | In memory (plaintext) | E | ECC 521-bit or RSA 2048-bit ephemeral Private Key used in SP 800-56Ar3 C (2,0, ECC DH) or SP 800 -56Br2 KAS2 -bilateral - confirmation key agreement to generate shared secret Z. At HSM partition level, used to establish secure channel for cloning process (to export partition masking key). | No |
| Partition Cloning Shared Secret (CSSZ) | 256-Bit | KDF SP800-108 (#A1948) | KAS-ECC (KAS) (SP 800-56Ar3) | Key agreement | In memory (plaintext) | E | Shared secret Z for SP 800- 56Ar3 C (2,0, ECC DH) or SP 800-56Br2 KAS2 -bilateral -confirmation scheme. | No |
| Partition Cloning Session Key (PCSK) | 256-Bit | AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) | KAS-ECC (KAS) (SP 800-56Ar3) | Key agreement | In memory (plaintext) | E | AES 256 key for encryption and decryption of partition masking key. | No |
| Partition Cloning Session MAC Key (PCSMK) | 256-bit | HMAC-SHA2-256 (FIPS 198-1) (#A1947) | KAS-ECC (KAS) (SP 800-56Ar3) | Key agreement | In memory (plaintext) | E | HMAC SHA256 key used for key confirmation during SP 800- 56Ar3 key agreement. | No |
| Asymmetric private keys (user keys) | 112-256 bit | ECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) RSA KeyGen (FIPS186-4) (#A2393) KAS-ECC-SSC SP800-56Ar3 (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A2393) RSA KeyGen (FIPS186- 4) (#A2393) | SSP generation/ Key transport | In memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948) | D, S | RSA/ECDSA/ECDH general purpose keys. | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) |
| Asymmetric private session keys (user keys) | 112-256 bit | ECDSA SigGen (FIPS186-4) (CVL) (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL) (FIPS 186-4) (#A1947) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) KAS-ECC-SSC SP800-56Ar3 (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) RSA Decryption | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output (SP800-90Ar1) (#A1948) ECDSA KeyGen (FIPS186-4) (#A2393) RSA KeyGen (FIPS186- 4) (#A2393) | SSP generation/ Key transport | In memory (plaintext) | D, S | RSA/DSA/ECDSA/ECDH general purpose session keys. | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) |
| Symmetric keys (user keys) | 112-256 bit | AES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) AES-CTR (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) AES-GMAC (SP 800-38D) (#A1947) AES-CMAC (SP | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948) | SSP generation/ Key transport | In memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948) | D, S | Triple-DES or AES general purpose keys. | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) |
| Symmetric session keys (user keys) | 112-256 bit | AES-CBC (SP 800-38A) (#A1947) AES-ECB (SP 800-38A) (#A1947) TDES-ECB (SP 800-38A) (#A1947) TDES-CBC (SP 800-38A) (#A1947) AES-CCM (SP 800-38C) (#A1947) AES-GCM (SP 800-38D) (#A1947) AES-GMAC (SP 800-38D) (#A1947) AES-CMAC (SP 800-38B) (#A1947) AES-KW (KTS) (SP 800-38F) (#A1948) AES-CMAC (SP 800-38B) (#A1948) TDES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) AES-GCM (SP 800-38D) (#A1947) TDES-KW (SP 800-38F) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948) | SSP generation/ Key transport | In memory (plaintext) | D, S | Triple-DES or AES general purpose session keys. | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-KWP (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) |
| HMAC keys (user keys) | 112-256 bit | HMAC-SHA2-256 (FIPS 198-1) (#A1947) HMAC-SHA2-384 (FIPS 198-1) (#A1947) HMAC-SHA2-512 (FIPS 198-1) (#A1947) HMAC-SHA-1 | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A1948) | SSP generation/ Key transport | In memory (plaintext)/ eMMC flash (encrypted by PMEK, AES-CBC #A1948) | D S | HMAC general purpose keys (minimum key size of 160 bits). | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP |
| (FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948) | (FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948) | 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) | ||||||
| HMAC session keys (user keys) | 112-256 bit | HMAC-SHA2-256 (FIPS 198-1) (#A1947) HMAC-SHA2-384 (FIPS 198-1) (#A1947) HMAC-SHA2-512 (FIPS 198-1) (#A1947) HMAC-SHA-1 (FIPS 198-1) (#A1948) HMAC-SHA2-256 (FIPS 198-1) (#A1948) HMAC-SHA2-384 (FIPS 198-1) (#A1948) HMAC-SHA2-512 (FIPS 198-1) (#A1948) | CKG SP 800-133Rev2 Section 6.1 Direct symmetric key generation using unmodified DRBG output OUNTER DRBG (SP800-90Ar1) (#A2393) | SSP generation/ Key transport | In memory (plaintext) | D S | HMAC session general purpose keys (minimum key size of 160 bits | Yes (Import/Export) AES-KW (KTS) (SP 800-38F) (#A1948) AES-GCM (KTS) (SP 800-38D) (#A1948) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) |
| TLS session (E2E) ECDH key | 112-256 bit | KAS-ECC-SSC SP800-56Ar3 (#A1947) KAS TLS (SP 800- 56Ar3) | Yes (CKG SP 800- 133r2 using unmodified output of DRBG) DRBG SP 800-90Ar1 (#A1947) ECDSA KEYGEN (FIPS186-4) (#A1948) | SSP Generation | In memory (plaintext) | E | Used for key agreement as part of TLS-1.2 handshake protocol. | No |
| TLS session symmetric key set | 112-256 bit | AES-GCM (SP 800-38D) (#A1947) | KDF TLS (SP800-135r1) (#A1947) | Key Derivation | In memory (plaintext) | E | AES 128, 192, 256, or Triple- DES keys used for encrypting TLS sessions. | No |
| TLS pre-master secret | 112-256 bit | KDF TLS (CVL) (SP 800-135r1) (#A1947) | No | Yes KAS-ECC- SSC SP800- 56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) | In memory (plaintext) | E | pre-master secret, used to derive master secret. | No |
| TLS master secret | 384-bit | KDF TLS (CVL) (SP 800-135r1) (#A1947) | No | Yes CVL SP 800-135r1 (#A1947) | In memory (plaintext) | E | TLS master secret of size 384- bit used to derive session keys | No |
| Manufacturer | 112-bit | RSA SigVer | No | Pre-loading | eMMC flash | VZ | RSA 2048-bit | No |
| Firmware Integrity Check Keys | (FIPS186-4) (#A1948) | of a key | (plaintext) | public keys used to check the integrity of the SW images booted. The SW image is signed by the manufacturer using ECDSA private key. Note: This is not an SSP but is included for completeness of the parameters used by the module | ||||
| Manufacturer Firmware Update Validation Key (MFUVK) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | NA | RSA 2048-bit public key used to authenticate new FW images uploaded into the module. The FW image is signed by the manufacturer using an RSA private key and the signature is verified before upgrading to the new image using the public key. | No |
| Manufacturer License Validation Key (MLVK) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | NA | RSA 2048-bit public key used to authenticate the manufacturer role. | No |
| Manufacturer Authentication Root Cert. (MARC) | 150-bit | RSA SigVer (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | VZ | RSA 4096-bit public key certificate used to issue FMAC certificates. | No |
| HSM FIPS Master Authentication Certificate (FMAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | VZ | RSA 4096-bit public key certificate of FMAK used to identify the HSM FIPS operating mode. | No |
| Manufacturer Authentication Root ECC Cert. (MAREC) | 256-bit | ECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | VZ | ECC P521 public key certificate used to issue FMAEC certificates. | No |
| HSM FIPS Master Authentication ECC Certificate (FMAEC) | 256-bit | ECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | VZ | ECC P521 public key certificate of FMAEK used to identify the HSM FIPS operating mode. | No |
| HSM Endorsement ECC Certificate (HSMEKC) | 128-bit | ECDSA KeyVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (#A1948) | No | Pre-loading of a key | eMMC flash (plaintext) | VZ | ECC P256 public key certificate of HSMEK used to identify the each HSM independently | No |
| HSM/Adapter Owner Trust Anchor Certificate (AOTAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (plaintext) | MFZ | RSA 2048-bit public key certificate used as trust anchor of MCO. | No |
| HSM/Adapter Owner Authentication Certificate (AOAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (plaintext) | MFZ | RSA 2048-bit public key certificate of FMAK used to identify the HSM owner. | No |
| Partition Authentication Certificate (PAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output RSA KEYGEN (FIPS186-4) (#A1948) | SSP Entry/ SSP generation | eMMC flash (plaintext) | PD | RSA 2048-bit public key certificate of PAK used to identify the partition. | No |
| Partition Owner Trust Anchor Certificate (POTAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (plaintext) | PFZ | RSA 2048-bit public key certificate used as trust anchor of PCO. | No |
| Partition Owner Authentication Certificate (POAC) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (plaintext) | PFZ | RSA 2048-bit public key certificate of PAK used to identify the partition owner. | No |
| Partition Cloning Initiator Public Key | 256-bit | ECDSA SigVer (FIPS186-4) (#A1948) KAS-ECC SP800- 56Ar3 (#A1948) | No | SSP Entry | In memory (plaintext) | E | ECC 521-bit ephemeral public key used in SP 800-56Ar3 C (2,0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 - bilateral - confirmation key agreement to generate shared secret Z. | No |
| E2E Client Authentication Public key (CAPubK) | 112-256 Bit | RSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (Plaintext) | PZ | RSA or EC public key of approved modulus or curveId to allow E2E/ TLS client authentication in E2E/ TLS handshake. | No |
| Adapter Owner Attestation Public key (AOAPubK) | 112-256 Bit | RSA SigVer (FIPS186-4) (#A1948) ECDSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (Plaintext) | PZ | RSA or EC public key of approved modulus or curveId to allow HSM/ Adapter Owner to authenticated with signature verification with this public key and perform FW image update | No |
| Partition Cloning Responder Public Key | 256-bit | ECDSA SigVer (FIPS186-4) (#A1948) KAS-ECC SP800- 56Ar3 (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | No | SSP Entry | In memory (plaintext) | E | ECC 521-bit ephemeral public key used in SP 800-56Ar3 C (2, 0, ECC DH) key agreement or RSA 2048- bit ephemeral public key used in SP 800-56Br2 KAS2 - bilateral - confirmation key agreement to generate shared secret Z. | No |
| Host PswdEncKeyPu blic Key | 112-bit | RSA SigVer (FIPS186-4) (#A1948) KAS-IFC HKDF (SP800-56Br2) KAS-IFC OneStep (SP800-56Br2) KAS-IFC TwoStep (SP800-56Br2) | No | SSP Entry | In memory (plaintext) | E | RSA 2048-bit public key loaded by the host used for SP 800- 56Br2 key agreement to generate PswdEncKey. | No |
| Two-Factor Authentication Public Key (2FAMofNPubK ) | 112-bit | RSA SigVer (FIPS186-4) (#A1948) | No | SSP Entry | eMMC flash (Encrypted by PMEK, AES-CBC #A1948) | PZ | RSA 2048-bit public key used to verify signature on encrypted passwords during user creation and login and/or to verify signatures on MofN authentication tokens. | No |
| User Public Keys (User Keys) | 112-256 bit | ECDSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL) (FIPS 186-4) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC-SSC SP800-56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KAS-ECC-SSC SP800-56Ar3 (#A1948) KDF ANS 9.63 (CVL) (SP 800- 135r1) (#A1948) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800-56Ar3) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) | CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output. ECDSA KEYGEN (FIPS186-4) (#A2393) RSA KEYGEN (FIPS186-4) (#A2393) | SSP entry/ SSP generation | eMMC flash (Encrypted by PMEK, AES-CBC #A1948) | D | RSA/ECDSA/ECDH public keys. | Yes (Import Plaintext) |
| User Public Session Keys (User Keys) | 112-256 bit | ECDSA SigVer (FIPS186-4) (#A1948) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1948) RSA Signature Primitive (CVL)(#A1947) (FIPS 186-4) RSA SigGen (FIPS186-4) (#A1948) RSA SigVer (FIPS186-4) (#A1948) ECDSA SigGen (FIPS186-4) (CVL) (#A1947) KAS-ECC-SSC SP800-56Ar3 (#A1947) RSA Decryption Primitive (SP 800- 56Br2) (CVL) (#A1947) KTS-IFC (SP 800- 56Br2) (#A2393) KTS-IFC (KTS) (SP 800-56Br2) (#A2393) KAS KDA HKDF (SP 800-56Ar3) KAS KDA ONESTEP (SP 800-56Ar3) KAS KDA TWOSTEP (SP 800-56Ar3) KAS ANS 9.63 (SP 800-56Ar3) KTS-IFC (KTS) (SP 800-56Br2) (#A1948) | CKG SP 800-133Rev2 Section 5.2 Asymmetric key establishment, key generation using unmodified DRBG output. ECDSA KEYGEN (FIPS186-4) (#A2393) RSA KEYGEN (FIPS186-4) (#A2393) | SSP Entry/SSP Generation | In Memory (Plaintext) | D S | RSA/ECDSA/ECDH public session keys. | No |
= Zeroize all User SSPs in the Partition Regular p (Equivalent to User Partition Regular zeroize via CN_ZEROIZE service) S = Zeroized on session close (Session Close via CN_CLOSE_SESSION, CN_APP_FINALIZE and CN_CLOSE_PARTITION_SESSIONS) = Vendor zeroize (Zeroizes all SSPs including vendor programmed configuration and CSPs. Makes the module unusable; the module must be sent back to the vendor for re-programming.) via CN_VENDOR_ZEROIZE service. * The SSPs are zeroized securely by writing zeros to memory. * Private/Secret keys are always encrypted when doing export/import, and key encapsulation mechanisms are listed in the respective CSP row. * All CSPs from Table 15 and Table 16 are entered through automated electronic entry mechanisms. Table 15 SSPs EstablishStorage Zeroization N/A N/A N/A N/A N/A N/A
EstablishStorage Zeroization DS E E KAS-ECCSSC SP80056Ar3 (SP 80056Br2) E E
EstablishStorage Zeroization DS Table 16 Non-Deterministic Random Number Generation Specification
9.2 Definition of Session Keys The cryptographic module supports the generation/import/export of user keys that are bound to a session and are termed as session keys. The following points apply to session keys:
This section documents the security rules enforced by the cryptographic module to implement the self-test requirements of this FIPS 140-3 Level-3 module. The module always executes the self-tests without operator intervention regardless of approved or non-approved mode or any other configuration. Failure of any of the self-tests causes the module to go into an error state. If the failure happens during periodic execution of Cryptographic Algorithm Self-Tests (CASTs), then module will reject all future commands received. The module need to be reset to recover from the situation. Data output except for status log messages is inhibited during self-tests, zeroization, and error states. Status information does not contain CSPs or sensitive data. The conditional cryptographic algorithm self-tests (CASTs) run periodically. The periodicity is configurable by the MCO and by default runs every 24 hours. The execution of CASTs causes a momentary (less than a second) service interruption. The voltage monitoring happens continuously by the module which samples the voltage rails for every 400 micro-seconds. The temperature monitoring happens continuously by the module for every 30 seconds. Module performs the pre-operational Firmware integrity tests (#A1946) RSA 2048-bit SHA-256 signature verification every 24 hours. The cryptographic module performs the pre-operational and conditional self-tests:
Refer to the sections related to HSM installation and configuration in the user guide (LS2-HSM-NFBE-Driver-SDK- UserGuide; version 1.0 or later). Before installing the HSM, the customer verifies the following:
• There is no evidence of physical tampering on the HSM itself. After this is verified, the customer can physically insert the HSM into the PCIe on the host server. The host must meet the following requirements: • Support low-profile PCIe Gen 3/Gen 4 (x4 or x8 slot) • SR-IOV support enabled. After the HSM is physically installed, the LS2 driver and utilities that communicate with the HSM are installed on the host using standard Linux/Operating system tools. The user must be logged in the host as root/Administrator to perform the installation. The HSM owner then completes the following steps to claim ownership of the HSM and enable the approved mode:
The specific tasks that can be performed by users on the HSM are strictly limited by their user role (see Table 8 for details). A user of the module can query the module’s device information, operational parameters, operating mode by invoking the command getHSMInfo from the Cfm2MasterUtil. “FIPS state” member of the output will indicate the module to be in one of the following modes:
| FIPS Test | Red | Green | Blue | Pattern |
|---|---|---|---|---|
| Any FIPS self-test failure | Y | On | ||
| Hardware RBG for failure | Y | On | ||
| Pairwise consistency | Y | On | ||
| Boot success and healthy state | Y | On |
Note: Unsigned ffffffff indicates zeroized, which is –1.
On successful completion of the FIPS tests, the DA Green LED remains in the “ON” state. If any other LED remains in the permanent glow, the card’s is in ERROR state. Any of these fatal errors will cause the module to reject all future commands received. Resetting the module is required to recover from the situation. Bootloader-level self-test failures will reset the board automatically. There is no separate LED indication for this error. All these fatal errors are shown on UART when the issue is observed. In addition, the latest errors are reported on UART on bootup. Because the logs are maintained within the module’s flash memory, which has no direct access to external users/ applications, they are not vulnerable to any tampering. Table 17 LED Flash Pattern for Errors Y Y Y Y
AES GCM IV restoration upon Power Cycle of Module: If the module’s power is lost and then restored, the module will establish new sessions, which will generate new IVs. For an E2E (TLS) session, this will result in fresh handshake; new AES-GCM keys and IVs will be established for the new session.
No mitigation of other attacks is implemented by the module.
ATF Arm Trusted Firmware CAST Cryptographic Algorithm Self-Tests HSM Hardware Security Module KAS Key Agreement Scheme KAT Known Answer Test KBK Key Backup Key KLK Key Loading Key MCO Master Crypto Officer PCO Partition Crypto Officer PCU Partition Crypto User SR-IOV 2FA Single Root I/O Virtualization 2-Factor Authentication
Marvell first revolutionized the digital storage industry by moving information at speeds never thought possible. Today, that same breakthrough innovation remains at the heart of the company's storage, networking and connectivity solutions. With leading intellectual property and deep system-level knowledge, Marvell semiconductor solutions continue to transform the enterprise, cloud, automotive, industrial, and consumer markets. For more information, visit www.marvell.com. and/or its Affiliates in the US and/or other countries. This document may also contain other registered or common law trademarks of Marvell and/ or its Affiliates. Doc. No. LS2-HSM-SP Revised: January 14, 2025