| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Historical |
| Caveat | Interim validation. When installed, initialized and configured as specified in Section 11.3 of the Security Policy |
| Vendor | Entrust |
flowchart LR
%% Deterministic review-risk graph for nShield 5s Hardware Security Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>recovery<br/>upgrade</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Status output<br/>Show Status<br/>Unauthenticated</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for nShield 5s Hardware Security Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>recovery<br/>upgrade</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Status output<br/>Show Status<br/>Unauthenticated</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>linux<br/>uboot<br/>bootloader</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;nShield 5s Hardware Security Module ``
Version: 2.0.4 Date: 17/12/2024 not been removed or altered. Words and logos marked with ® or ™ are trademarks of nCipher Security Limited or its affiliates in the EU and other countries. Mac and OS X are trademarks of Apple Inc., registered in the U.S. and other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Information in this document is subject to change without notice. nCipher Security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher Security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Where translations have been made in this document English is the canonical language. nCipher Security Limited Registered Office: One Station Square, Cambridge, CB1 2GA, United Kingdom Registered in England No. 11673268 nCipher is an Entrust company. Entrust, Datacard, and the Hexagon Logo are trademarks, registered trademarks, and/or service marks of Entrust Corporation in the U.S. and/or other countries. All other brand or product names are the property of their respective owners. Because we are continuously improving our products and services, Entrust Corporation reserves the right to change specifications without prior notice. Entrust is an equal opportunity employer.
2 of 44 nShield 5s Hardware Security Module
Contents nShield 5s Hardware Security Module 3 of 44
Security Module, i.e. the Cryptographic Module, to meet with the security requirements in FIPS 140-
The Cryptographic Module meets overall FIPS 140-3 Security Level
1 General 3
2 Cryptographic Module Specification 3
3 Cryptographic Module Interfaces 3
4 Roles, Services and Authentication 3
5 Software/Firmware security 3
6 Operational Environment N/A
7 Physical Security 3
8 Non-invasive Security N/A
9 Sensitive Security Parameter Management 3
10 Self-Tests 3
11 Life-cycle Assurance 3
12 Mitigation of Other Attacks N/A
4 of 44 nShield 5s Hardware Security Module
The following product hardware variants and firmware version(s) are in scope of this Security Policy. Model Hardware Firmware Version Distinguishing Features [Part Number and Version] nShield 5s F3 PCB Assembly Part primary: 13.4.5 PCIe form factor Number: PCA10005-01 model number nC5536E recovery: 13.2.4 PCB Assembly Revision: nShield 5s for nShield 5c uboot: 1.1.0, 1.4.1 PCIe form factor identical to the nShield 5s F3 (nC5536E), 03, 04 and for nShield HSMi embedded inside the nShield 5c or the nShield HSMi network appliances. model number nC5536N Table 2 Cryptographic Module Tested Configuration
The nShield 5s Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing. The nShield 5s HSM is also embedded inside the nShield 5c or the nShield HSMi, which are networkattached appliances delivering cryptographic services as a shared network resource for distributed applications and virtual machines, giving organizations a highly secure solution for establishing physical and logical controls for server-based systems. The table below shows the nShield 5s HSM (left, representative of the two hardware variants nC5536E, nC5536N) and the nShield 5c appliance (right). Table 3 nShield 5s (left) and nShield 5c (right) The cryptographic boundary is delimited in red in the images in the table below. It is delimited by the heat sink and the outer edge of the potting material on the top and bottom of the PCB. nShield 5s Hardware Security Module 5 of 44
Table 4 Cryptographic module boundary The module enforces that only approved services are available and plaintext import/export of secret or private keys is not allowed. Refer to Approved mode of operation.
This section describes the cryptographic mechanisms and security functions provided and used by the cryptographic module.
The following tables describe the approved cryptographic algorithms supported by the Cryptographic Module.
CAVP Algorithm and Mode/Method Description / Key Size(s) / Key Use / Function Cert Standard Strength(s) A3707 AES ECB 128 bits Data encryption/decryption [FIPS 197] [SP CBC 192 bits 800-38A] [SP GCM 256 bits 800-38D] A3707 KTS (AES) KW 128 bits Key wrapping/unwrapping [SP 800-38F] [SP KWP 192 bits 800-38D] GCM 256 bits (Key establishment methodology provides between 128 and 256 bits of encryption strength) A3707 KTS-IFC KTS-OAEP-basic with 2048 bits Key transport (encapsulation, unSHA2-224, SHA2-256, SHA2-384, SHA2-512, 3072 bits encapsulation) SHA3-224, SHA3-256, SHA3-384, SHA3-512
(Key establishment methodology provides between 112 and 152 bits of encryption strength) Vendor CKG Section 4 “Using the Output of a Random Bit n/a Key generation affirmed Generator“ [SP 800-133rev2] A3707 RSA RSASSA-PKCS-v1_5 1024 bits (verification only) Key generation
6 of 44 nShield 5s Hardware Security Module
CAVP Algorithm and Mode/Method Description / Key Size(s) / Key Use / Function Cert Standard Strength(s) [FIPS 186-4] RSASSA-PSS 2048 bits Signature generation and verification
A3707 ECDSA n/a NIST P-224, P-256, P-384, P- Key generation [FIPS 186-4] Key verification NIST K-233, K-283, K-409, KSignature generation and verification NIST B-233, B-283, B-409, BA3707 DSA n/a L = 1024 bits, N = 160 bits Key generation (verification only) [FIPS 186-4] Signature generation and L = 2048 bits, N = 224 bits verification L = 2048 bits, N = 256 bits Domain parameter generation and verification L = 3072 bits, N = 256 bits A3707 HMAC HMAC-SHA1, HMAC-SHA2-224, HMAC-SHA2- ≥ 112 bits MAC generation and 256, HMAC-SHA2-384, HMAC-SHA2-512, verification [FIPS 198] HMAC-SHA3-224, HMAC-SHA3-256, HMACSHA3-384, HMAC-SHA3-512 A3707 AES CMAC 128 bits MAC generation and verification [SP 800-38B] 192 bits
A3707 KMAC KMAC-128 ≥ 112 bits MAC generation and verification [SP 800-185] KMAC-256 A3707 KAS-FFC DH MODP-2048 Key agreement [SP 800- MODP-3072 56Arev3] MODP-4096 MODP-6144 MODP-8192 FB FC (Key establishment methodology provides between 112 and 200 bits of encryption strength) A3707 Safe Primes Key KeyGen for KAS-FFC Safe prime groups: MODP- KAS-FFC key generation Generation 2048, MODP-3072, MODP4096, MODP-6144, MODP[SP 8008192 56Arev3] (Provides between 112 and
strength.) A3707 Safe Primes Key KeyVer for KAS-FFC Safe prime groups: MODP- KAS-FFC key verification Verification 2048, MODP-3072, MODP4096, MODP-6144, MODP8192 nShield 5s Hardware Security Module 7 of 44
CAVP Algorithm and Mode/Method Description / Key Size(s) / Key Use / Function Cert Standard Strength(s) [SP 80056Arev3] A3707 KAS-ECC ECDH NIST P-224, P-256, P-384, P- Key agreement [SP 800- ECMQV 56Arev3] NIST K-233, K-283, K-409, KNIST B-233, B-283, B-409, B(Key establishment methodology provides between 112 and 256 bits of encryption strength) A3707 KBKDF counter mode n/a Key derivation [SP 800-108rev1] CMAC-AES256 A3707 SHS SHA-1 n/a Message digest [FIPS 180-4] SHA2-224 SHA2-256 SHA2-384 SHA2-512 A3707 SHA-3 SHA3-224 n/a Message digest [FIPS 202] SHA3-256 SHA3-384 SHA3-512 A3707 DRBG Hash_DRBG 256 bits of security strength Random bit generation [SP 80090Arev1] Table 5 nCore - Approved Algorithms Note: For AES GCM, the 96-bit IV is internally generated using the approved DRBG as per IG C.H.
CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Use / Function Strength(s) A2404 RSA RSASSA-PKCS-v1_5 4096 bits Signature verification A6385 [FIPS 186-4] A2404 SHS SHA2-256 n/a Message digest A6385 [FIPS 180-4] Table 6 Bootloader - Approved Algorithms
8 of 44 nShield 5s Hardware Security Module
CAVP Algorithm and Mode/Method Description / Key Size(s) / Use / Function Cert Standard Key Strength(s) A3706 AES CTR 128 bits Data encryption/decryption [FIPS 197] [SP GCM 800-38A] [SP ECB 800-38D] Vendor CKG Section 4 “Using the n/a Key generation affirmed Output of a Random Bit [SP 800Generator“ 133rev2] A3706 ECDSA n/a NIST P-256 Signature generation and verification [FIPS 186-4] NIST P-521 A3706 HMAC HMAC-SHA2-256 ≥ 112 bits MAC generation and verification [FIPS 198] A3706 KAS-ECC-SSC ECDH NIST P-256 Key agreement [SP 800- (Key establishment 56Arev3] methodology provides between 128 bits of encryption strength) A3706 CVL - Secure n/a n/a Key derivation Shell (SSHv2) KDF [SP 800135rev1] A3706 KAS-ECC ECDH NIST P-256 Key agreement, KAS-ECC-SSC (cert# A3707) in conjunction with SSHv2 KDF of SP 800-135rev1 [SP 800- (Key establishment (cert# A3707), which is compliant with IG D.F. 56Arev3 [SP methodology provides Scenario 2, path 2. 800-135rev1] between 128 bits of encryption strength) A3706 SHS SHA2-256 n/a Message digest [FIPS 180-4] SHA2-512 Table 7 SSH - Approved Algorithms Note: As per IG D.C., no parts of this protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. Note: For AES GCM, the module is compliant with RFCs 4252, 4253 and 5647, and the IV is generated according to the SSHv2 protocol IV generation, as per IG C.H. In case the module’s power is lost and then restored, a new key for use with the AES-GCM encryption/decryption is established.
The following table describes the allowed cryptographic algorithms supported by the Cryptographic Module. nShield 5s Hardware Security Module 9 of 44
Algorithm Caveat Use/Function ECDSA
Only approved and non-approved but allowed cryptographic algorithms are supported.
10 of 44 nShield 5s Hardware Security Module
The Cryptographic Module provides the following physical ports:
The Cryptographic Module supports the following roles:
12 of 44 nShield 5s Hardware Security Module
Table 10 Roles, Service Commands, Input and Output Role Authentication Method Authentication Strength PCO ECDSA P-256, P-521 client key The ciphersuites used are: authentication as part of UC ecdh-sha2-nistp256 , ecdh-sha2-nistp521, aes128-gcm@openssh.com, aes128establishing an SSH based ctr@openssh.com, hmac-sha2-256-etm@openssh.com secure channel. This results in a security strength of 128 bits. A random authentication attempt gives is a probability Identity-based and required. of success of 2-128, which is less than one in 1,000,000. The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-108, which is less than one in 100,000. NSO smartcard authentication. A logical token share stored in a Smartcard or Softcard is encrypted and MAC'ed. An attacker would need to guess the encrypted share value and the associated MAC in order to be able to load a valid Identity-based and required. Logical token share into the module. This requires, as a minimum, guessing a 256-bit HMAC-SHA256 value, which gives a security strength of 256 bits. A random authentication attempt gives is a probability of success of 2-256 , which is less than one in 1,000,000. The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-236, which is less than 10-5, which is less than one in 100,000. Table 11 Roles and Authentication
The following table describes the services provided by the Cryptographic Module and the access policy. The Access column presents the access level given to the SSP G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP
Service Description Approved Security Keys and/or SSPs Roles Access rights Indicator Functions to Keys and/or SSPs info This is a Show Module's Data KSESSION - SSH PCO E return Versioning Information service. encryption/decryption value 0 (AES CTR, GCM) This command prints out the contents of the board-id rom file MAC generation / and a number of flags that verification (HMAC) indicate which other setup subcommands have been previously executed as determined by the existence or non-existence of the relevant files in long-term storage. It also prints out the tag and value pairs nShield 5s Hardware Security Module 13 of 44
Service Description Approved Security Keys and/or SSPs Roles Access rights Indicator Functions to Keys and/or SSPs of any options set with the setopt subcommand. factorystate This is the Perform Zeroisation Data KRESET (note: any SSP PCO Z return service. encryption/decryption that is derived from value 0 E (AES CTR, GCM) KRESET, or protected by It zeroizes unprotected SSPs and an SSP derived from G returns the module to factory MAC generation / KRESET, will also be state. It then initiates a module verification (HMAC) (note: SSH server effectively zeroised.) reboot. authentication keys KSESSION - SSH are only generated on first reboot after a KUSER_SSH, setup KSSH_SETUP, factorystate KSSH_SSHADMIN, command) KSSH_MONITOR, KSSH_UPDATER, KCONTAINER, KCONTAINERSSH, KSSH_NCORE settime This subcommand sets the system Data KSESSION - SSH PCO E return date and time. encryption/decryption value 0 (AES CTR, GCM) MAC generation / verification (HMAC) gettime This subcommand returns Data KSESSION - SSH PCO E return the system date and time. encryption/decryption value 0 (AES CTR, GCM) MAC generation / verification (HMAC) Table 12 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms.
Service Description Approved Security Functions Keys and/or SSPs Roles Access Indicator rights to Keys and/or SSPs set Loads the client public key in the module, that Data encryption/decryption KSSH_CLIENT pub PCO W return will be used to authenticate the requester of a (AES CTR, GCM) value 0 KSESSION - SSH E particular service MAC generation / verification (HMAC) list Obtains the client public key for the service Data encryption/decryption KSSH_CLIENT pub PCO R return given by the 'role' parameter. (AES CTR, GCM) value 0 KSESSION - SSH E MAC generation / verification (HMAC) get- Obtains the server public key for the service Data encryption/decryption KSSH_NCORE pub PCO R return serverkey given by the 'role' parameter. (AES CTR, GCM) value 0 R
14 of 44 nShield 5s Hardware Security Module
Service Description Approved Security Functions Keys and/or SSPs Roles Access Indicator rights to Keys and/or SSPs MAC generation / verification KSSH_UPDATER R (HMAC) pub E KSSH_SETUP pub KSSH_SSHADMIN pub KSSH_MONITOR pub KSESSION - SSH Table 13 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms.
Service Description Approved Security Keys Roles Access Indicator Functions and/or rights SSPs to Keys and/or SSPs info This is a Show Module's Versioning Information service. Data encryption/decryption KSESSION - PCO E return (AES) SSH value 0 Obtains the version number of the HSM firmware. MAC generation / verification (HMAC) receive Transmits a file (intended to be an npkg upgrade file) to Data encryption/decryption KSESSION - PCO E return the HSM. (AES) SSH value 0 MAC generation / verification (HMAC) load Verifies that a file on the HSM filesystem is a valid npkg Digital signature verification NSBIK pub PCO E return upgrade file and, if so loads the file onto its flash (RSA, ECDSA) value 0 NPSK pub E partition. Data encryption/decryption NFIK pub E (AES) NLIK pub E MAC generation / verification (HMAC) KSESSION - E SSH setminvsn Sets the minimum VSN that the module will use to Data encryption/decryption KSESSION - PCO E return check, when the 'load' command above is run, that the (AES) SSH value 0 firmware specified can be validly loaded onto this MAC generation / module. verification (HMAC) Table 14 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. nShield 5s Hardware Security Module 15 of 44
Service Description Approved Security Functions Keys and/or Roles Access Indicator SSPs rights to Keys and/or SSPs getlog This is the Show Status service. Data encryption/decryption (AES KSESSION - PCO E return value CTR, GCM) SSH 0 Obtains the log of the system MAC generation / verification (HMAC) clearlog Clears the log of the system Data encryption/decryption (AES KSESSION - PCO E return value CTR, GCM) SSH 0 MAC generation / verification (HMAC) getenvstats Obtains the environmental stats from Data encryption/decryption (AES KSESSION - PCO E return value the system CTR, GCM) SSH 0 MAC generation / verification (HMAC) Table 15 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms.
Service Description Approved Security Functions Keys and/or Roles Access Indicator SSPs rights to Keys and/or SSPs receive Uploads a file to the launcher service Data encryption/decryption KSESSION - PCO E return for temporary storage. (AES CTR, GCM) SSH value 0 MAC generation / verification (HMAC) machine Creates a SEE machine container from a Digital signature verification DSK pub PCO E return create received file, after successfully being validated. (ECDSA) value 0 KSESSION - E Data encryption/decryption SSH (AES CTR, GCM) MAC generation / verification (HMAC) machine list Lists SEE machines along with their current Data encryption/decryption KSESSION - PCO E return states. (AES CTR, GCM) SSH value 0 MAC generation / verification (HMAC) start Starts a SEE machine after successfully being Digital signature verification DSK pub PCO E return validated. (ECDSA) value 0 KSESSION - E Data encryption/decryption SSH (AES CTR, GCM) MAC generation / verification (HMAC)
16 of 44 nShield 5s Hardware Security Module
Service Description Approved Security Functions Keys and/or Roles Access Indicator SSPs rights to Keys and/or SSPs stop Stops a SEE machine. Data encryption/decryption KSESSION - PCO E return (AES CTR, GCM) SSH value 0 MAC generation / verification (HMAC) destroy Deletes a SEE machine. Data encryption/decryption KSESSION - PCO E return (AES CTR, GCM) SSH value 0 MAC generation / verification (HMAC) ids Management of the SEE machine signing Digital signature verification DSK pub PCO R, W, E return commands certificates. (ECDSA) value 0 ESK pub E Data encryption/decryption KSESSION - E (AES) SSH MAC generation / verification (HMAC) see-log Management of the SEE machine logs. Data encryption/decryption KSESSION - PCO E return commands (AES) SSH value 0 MAC generation / verification (HMAC) Table 16 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms.
Service Description Approved Keys Roles Access Indicator Security and/or rights Functions SSPs to Keys and/or SSPs python- The (logical) network connection between host and HSM uses - - Unauthenticated - return zeroconf TCP/IP protocols over the PCIe bus; however, for ease of value 0 setup it needs to avoid requiring IP configuration by the user. Therefore the HSM uses zeroconf: each end of the virtual 'network segment' has only a link-local (IPv4 and IPv6) address. The HSM's address can be discovered by the host using multicast DNS, responding to mDNS queries. Table 17 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. nShield 5s Hardware Security Module 17 of 44
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs Big number operation Performs an operation on a - - UC - return large integer. status OK Cmd_BignumOp Make Blob Creates a Key blob containing Key derivation (KBKDF) KA, UC R return the key. Note that the key ACL KRE_BLOBKEY, status OK Cmd_MakeBlob Key wrapping (AES CBC E needs to authorize the KR, KM, KNSO, and HMAC, KTS-IFC) operation. LTx BLOBKE, BLOBKM Bulk channel Provides a bulk processing Encryption and KA UC E return channel for crypto operations decryption (AES ECB, status OK Cmd_ChannelOpen CBC, GCM) Cmd_ChannelUpdate MAC generation and verification (HMAC, KMAC, AES CMAC) Digital signature generation and verification (RSA, ECDSA, DSA) Check User Action Determines whether the ACL - KNSO, KA UC R return associated with a key allows a status OK Cmd_CheckUserAction specific operator defined action. Clear Unit This is the Perform Self-tests - KA, KR, UC Z return service. IMPATHKE, status OK Cmd_ClearUnit IMPATHKM, Zeroises all keys, tokens and RAKME, RAKMA shares that are loaded in RAM. Will cause the module to reboot and perform self-tests. Set Module Key Allows a key to be stored Message digest (SHA-1) KM NSO W return internally as a Module key status OK Cmd_SetKM (KM) value. The ACL needs to authorize this operation. Remove Module Key Deletes the KM with a given - KM NSO Z return KM hash value from non- status OK Cmd_RemoveKM volatile memory. Duplicate key handle Creates a second instance of a - KA UC R return Key with the same ACL and status OK Cmd_Duplicate returns a handle to the new instance. Note that the source key ACL needs to authorize this operation. Enable feature Enables the service. This - - UC - return service requires a certificate status OK Cmd_StaticFeatureEnable
18 of 44 nShield 5s Hardware Security Module
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs signed by the Master Feature Enable key. Encryption / decryption Encryption and decryption Data encryption and KA UC E return using the provided key handle. decryption (AES ECB, status OK Cmd_Encrypt CBC, GCM) Cmd_Decrypt Erase from smartcard /softcard Removes a file or a share from - - UC - return a smartcard or softcard status OK Cmd_EraseFile Cmd_EraseShare Format Token Formats a smartcard or a - - UC - return softcard. status OK Cmd_FormatToken File operations Performs file operations in the - - UC - return module. status OK Cmd_FileCopy Cmd_FileCreate Cmd_FileErase Cmd_FileOp Force module to fail Causes the module to enter a - - UC - return failure state. status OK Cmd_Fail Generate prime number Generates a random prime. Random bit generation DRBG entropy UC E return (DRBG) input, seed, status OK Cmd_GeneratePrime internal state ('V' and 'C') Generate random number Generates a random number Random bit generation DRBG entropy UC E return from the Approved DRBG. (DRBG) input, seed, status OK Cmd_GenerateRandom internal state ('V' and 'C') Get ACL Get the ACL of a given key. - KA UC R return status OK Cmd_GetACL Get key application data Get the application data field - KA UC R return from a key. status OK Cmd_GetAppData Get challenge Get a random challenge that Random bit generation DRBG entropy UC E return can be used in fresh (DRBG) input, seed, status OK Cmd_GetChallenge certificates. internal state ('V' and 'C') Get KLF2 Get a handle to the Module - - UC - return Long Term (KLF2) public key. status OK Cmd_GetKLF2 Get Key Information Get the type, length and hash Message digest (SHA-1) KA UC R return of a key. status OK Cmd_GetKeyInfo Cmd_GetKeyInfoEx nShield 5s Hardware Security Module 19 of 44
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs Get module signing key Get a handle to the KML public - KML UC R return key. status OK Cmd_GetKML Get list of slot in the module Get the list of slots that are - - UC - return available from the module. status OK Cmd_GetSlotList Get Logical Token Info Get information about a Message digest (SHA-1) LTx UC R return Logical Token: hash, state and status OK Cmd_GetLogicalTokenInfo number of shares. Cmd_GetLogicalTokenInfoEx Get list of module keys Get the list of the hashes of all Message digest (SHA-1) KM, KNSO UC R return module keys and the KNSO. status OK Cmd_GetKMList Get module state Returns unsigned data about - - UC - return the current state of the status OK Cmd_GetModuleState module. Get real time clock Get the current time from the - - UC - return module Real Time Clock. status OK Cmd_GetRTC Get share access control list Get the Share's ACL. - SHAREKEY UC R return status OK Cmd_GetShareACL Get Slot Information Get information about shares - - UC - return and files on a Smartcard that status OK Cmd_GetSlotInfo has been inserted in a module slot. Get Ticket Get a ticket (an invariant - - UC - return identifier) for a key. This can status OK Cmd_GetTicket be passed to another client or to a SEE World which can redeem it using Redeem Ticket to obtain a new handle to the object. Initialize Unit Causes the nCore API service in Key generation (CKG, HKNSO UC Z, G return the pre-initialization state to RSA, DSA) status OK Cmd_InitializeUnit KA, enter the initialization Message digest (SHA-1) KRE_BLOBKEY, Cmd_InitializeUnitEx state. When the module KR, KM, KAL, enters the initialization state, it KML, KNSO, erases all Module keys (KM), HKNSO, LTx the module's signing key (KML), and the hash of the Security Officer's keys, HKNSO. It then generates a new KML and KM. Insert a Softcard Allocates memory on the - - UC - return module that is used to store status OK Cmd_InsertSoftToken the logical token share and other data objects. Remove a Softcard Removes a Softcard from the - - UC - return module. It returns the updated status OK Cmd_RemoveSoftToken
20 of 44 nShield 5s Hardware Security Module
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs shares and deletes them from the module’s memory. Impath secure channel Support for Impath secure Key agreement (KAS- KML, IMPATHKE, UC G, E return channel. Requires Feature FFC) IMPATHKM status OK Cmd_ImpathGetInfo Enabled. Key derivation (KBKDF) Cmd_ImpathKXBegin Data encryption and Cmd_ImpathKXFinish decryption (AES CBC, Cmd_ImpathReceive GCM) Cmd_ImpathSend MAC generation and verification (HMACSHA256) Key generation Generates a cryptographic key Key generation (CKG, KML, KA, DRBG UC G return of a given type with a specified RSA, ECDSA, DSA) entropy input, status OK Cmd_GenerateKey ACL. It returns a handle to the seed, internal Digital signature Cmd_GenerateKeyPair key. Optionally, it returns a state ('V' and 'C') generation (DSA) KML signed certificate with the hash of the key and its ACL information. Key import Loads a plain text key into the - KA UC W return module. If the module is status OK Cmd_Import initialized in approved mode, this service is available for public keys only. 1Derive Key Performs key wrapping, Key derivation (KBKDF) KA UC R, W return unwrapping, transport, status OK Cmd_DeriveKey Key exchange and derivation. The wrapping/unwrapping ACL needs to authorize this (KTS-AES) operation. Key transport (KTS-IFC) Key agreement (KASFFC, KAS-ECC) Load Blob Load a Key blob into the Key derivation (KBKDF) KA, UC W return module. It returns a handle to KRE_BLOBKEY, status OK Cmd_LoadBlob Key unwrapping (AES E the key suitable for use with KR, KM, KNSO CBC and HMAC, KTS-IFC) module services. BLOBKE, BLOBKM Load Logical Token Initiates loading a Logical Key unwrapping - UC - return Token from Shares, which can status OK Cmd_LoadLogicalToken Key derivation be loaded with the Read Share command. Generate Logical Token Creates a new Logical Token Key generation (CKG) KM, LTx UC G, W return with given properties and status OK Cmd_GenerateLogicalToken secret sharing parameters. Message digest Computes the cryptographic Message digest (SHS, - UC - return hash of a given message. SHA-3) status OK Cmd_Hash Modular Exponentiation Performs a modular - - UC - return exponentiation (standard or status OK nShield 5s Hardware Security Module 21 of 44
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs Cmd_ModExp CRT) on values supplied with the command. Cmd_ModExpCrt Cmd_RSAImmedVerifyEncrypt Cmd_RSAImmedSignDecrypt Module hardware information Reports detailed hardware - - UC - return information. status OK Cmd_ModuleInfo No Operation No operation. - - UC - return status OK Cmd_NoOp Change Share Passphrase Updates the passphrase of a Key derivation (KBKDF) SHAREKEY, LTx, UC G, E, R, return Share. KM W status OK Cmd_ChangeSharePIN Key wrapping/unwrapping Cmd_ChangeShareGroupPIN (AES CBC and HMAC, KTS-IFC) NVRAM Allocate Allocation in NVRAM. - - NSO - return status OK Cmd_NVMemAllocate NVRAM Free Deallocation from NVRAM. - - UC - return status OK Cmd_NVMemFree Operation on NVM list Returns a list of files in - - UC - return NVRAM. status OK Cmd_NVMemList Operation on NVM files Operation on an NVRAM file. - - UC return status OK Cmd_NVMemOp Key export Exports a key in plain text. - KA UC R return status OK Cmd_Export Note: in approved mode, only public keys can be exported. Read file Reads data from a file on a - - UC - return Smartcard or Softcard. The ACL status OK Cmd_ReadFile needs to authorize this operation. Read share Reads a share from a Key derivation (KBKDF) SHAREKEY, LTx, UC G, E, R return Smartcard or Softcard. Once a KM status OK Cmd_ReadShare Key unwrapping (AES quorum of shares have been CBC and HMAC) loaded, the module reassembles the Logical Token. Send share to remote slot Reads a Share and encrypts it Data encryption(AES IMPATHKE, UC R, E return with the Impath session keys CBC, GCM) IMPATHKM, status OK Cmd_SendShare for transmission to the peer SHAREKEY MAC generation module. (HMAC-SHA256) Receive share from remote slot Receives a Share encrypted Data decryption (AES IMPATHKE, UC R, E return with the Impath session keys CBC, GCM) IMPATHKM, status OK Cmd_ReceiveShare by a remote module. SHAREKEY
22 of 44 nShield 5s Hardware Security Module
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs MAC verification (HMAC-SHA256) Redeem Ticket Gets a handle in the current - - UC - return name space for the object status OK Cmd_RedeemTicket referred to by a ticket created by Get Ticket. Remote Administration Provides remote presentation Key agreement (KAS- RAKME, RAKMA, UC G, E return of Smartcards using a secure ECC ECDH) status OK Cmd_DynamicSlotCreateAssociation KWARN_pub E channel between the module Key derivation (KBKDF) Cmd_DynamicSlotExchangeAPDUs and the Smartcard. Data encryption and Cmd_DynamicSlotsConfigure decryption (AES CBC) Cmd_DynamicSlotsConfigureQuery MAC generation and Cmd_VerifyCertificate verification (AES CMAC) Digital signature verification (ECDSA) Destroy Remove handle to an object in - KA, KNSO, LTx UC Z return RAM. If the current handle is status OK Cmd_Destroy the only one remaining, the object is zeroised from RAM. Report statistics Reports the values of the - - UC - return statistics tree. status OK Cmd StatGetValues Cmd_StatEnumTree Show Status This is a Show Status and Show - - UC - return Module's Versioning status OK Cmd_NewEnquiry Information service. Report status information. Set ACL Replaces the ACL of a given key - KA UC W return with a new ACL. The ACL needs status OK Cmd_SetACL to authorize this operation. Set key application data Writes the application - KA UC W return information field of a key. status OK Cmd_SetAppData Set NSO Permissions Sets the NSO key hash and - - NSO - return which permissions require a status OK Cmd_SetNSOPerms Delegation Certificate. Signature generation Generate a digital signature or MAC generation KA, KNSO UC E return MAC value. (HMAC, KMAC, AES status OK Cmd_Sign CMAC) Digital signature generation (RSA, ECDSA, DSA) Sign Module State Returns a signed certificate Digital signature KML UC E return that contains data about the generation (DSA) status OK Cmd_SignModuleState nShield 5s Hardware Security Module 23 of 44
Service Description Approved Security Keys and/or Roles Access Indicator Functions SSPs rights to Keys and/or SSPs current configuration of the module. Signature verification Verifies a digital signature or MAC verification KA UC E return MAC value. (HMAC, KMAC, AES status OK Cmd_Verify CMAC) Digital signature verification (RSA, ECDSA, DSA) Write file Writes a file to a Smartcard or - - NSO - return Softcard. status OK Cmd_WriteFile Write share Writes a Share to a Smartcard Key derivation (KBKDF) SHAREKEY, LTx, UC G, E, W return or Softcard. KM status OK Cmd_WriteShare Key wrapping (AES CBC and HMAC) SEE connection Opens a connection from the - - UC - return nCoreAPI service to the SEE status OK Cmd_CreateSEEConnection machine Table 18 Approved Services Non-approved services will fail with a return an error code indicator "StrictFIPS140". All nCore API services are sent through the SSH channel, performing security functions Data encryption/decryption, MAC generation / verification and access E (execute) of the session keys KSESSION - SSH.
24 of 44 nShield 5s Hardware Security Module
The nShield 5s cryptographic module's executable code is delivered by Entrust as a single signed firmware package (.npkg file). The firmware integrity is verified at start up using RSA with 4096 bit key and SHA2-256. The Library Partition is an internal storage area that contains a number of auxiliary files required for operation of the module. The integrity of the Library Partition is verified using ECDSA with curve P-521 and SHA2-512. Operators can initiate the integrity tests on demand by restarting the module. nShield 5s Hardware Security Module 25 of 44
Not applicable. The module has a limited operational environment, it is designed to accept only controlled firmware changes that successfully pass the software/firmware load test.
26 of 44 nShield 5s Hardware Security Module
The product is a multi-chip embedded Cryptographic Module, as defined in FIPS 140-3. It is enclosed in a hard and opaque epoxy resin which meets the physical security requirements of FIPS 140-3 level 3. The cryptographic module implements Environmental Failure Protections (EFP) which detect out of range voltage and temperature and shuts down the module. Physical Security Recommended Inspection/Test Guidance Details Mechanism Frequency of Inspection/Test Hard and opaque Monthly The module should be inspected periodically for evidence of tamper attempts, including the epoxy entire enclosure including the epoxy resin security coating for obvious signs of damage. Table 19 Physical Security Inspection Guidelines Temperature or voltage Specify EFP or EFT Specify if this condition measurement results in a shutdown or zeroisation Low Temperature 2ºC EFP Shutdown High Temperature 95ºC EFP Shutdown Low Voltage 8V EFP Shutdown High Voltage 14.08V EFP Shutdown Table 20 EFP/EFT Hardness tested temperature measurement Low Temperature 0ºC High Temperature 95ºC Table 21 Hardness testing temperature ranges nShield 5s Hardware Security Module 27 of 44
This section defines the Sensitive Security Parameters (SSPs) managed by the cryptographic module.
Key/SSP/Name/Type Strength Security Generation Import/Export Establishment Storage Zeroisation Use & related Function and keys Cert. Number KRESET 256 bits Re-settable key DRBG Never n/a MSP430 factorystate Key derivation FRAM, in (CSP) A3707 plaintext KUSER_SSH 256 bits Global SSH key Derived at Never n/a RAM, in Power cycle Encryption of encryption key start-up plaintext all the service's (CSP) using KBKDF server AES-256 from KRESET authentication A3707 and other SSH keys fixed parameters KSSH_SETUP 128 bits Server DRBG Private key: n/a In Flash, n/a SSH channel authentication never encrypted session (CSP) protected SSH key for the with Public key: Setup service KUSER_SSH output via ECDSA P-256 SSHAdmin service A3707 A3706 KSSH_UPDATER 128 bits Server DRBG Private key: n/a In Flash, n/a SSH channel authentication never encrypted session (CSP) protected SSH key for with Public key: the Updater KUSER_SSH output via service SSHAdmin ECDSA P-256 service A3707 A3706 KSSH_SSHADMIN 128 bits Server DRBG Private key: n/a In Flash, n/a SSH channel authentication never encrypted session (CSP) protected SSH key for with Public key: the SSH Admin KUSER_SSH output via service SSHAdmin ECDSA P-256 service A3707 A3706 KSSH_MONITOR 128 bits Server DRBG Private key: n/a In Flash, n/a SSH channel authentication never encrypted session (CSP) protected SSH key for the with Public key: Monitor service KUSER_SSH output via ECDSA P-256 nShield 5s Hardware Security Module 29 of 44
Key/SSP/Name/Type Strength Security Generation Import/Export Establishment Storage Zeroisation Use & related Function and keys Cert. Number A3707 SSHAdmin service A3706 KSSH_LAUNCHER 128 bits Server DRBG Private key: n/a In Flash, n/a SSH channel authentication never encrypted session (CSP) protected SSH key for the with Public key: Launcher KUSER_SSH output via service SSHAdmin ECDSA P-256 service A3707 A3706 KSESSION - SSH 128 bits SSH channel n/a Never ECDH RAM, in Power cycle SSH channel session keys plaintext or channel data (CSP) closure encryption and AES GCM or integrity AES CTR, HMAC A3707 NSBIK pub 128 bits Bootloader Entrust Import: n/a Flash, in n/a Firmware public integrity Firmware plaintext integrity test (not an SSP) key update RSA 4096 bit Export: Never A2404 A6385 NFIK pub 128 bits Firmware public Entrust Import: n/a Flash, in n/a Firmware signature Firmware plaintext integrity test (not an SSP) verification key update RSA 4096 bit Export: Never A2404 A6385 NLIK pub 256 bits Library public Entrust Import: n/a Flash, in n/a Firmware integrity key Firmware plaintext integrity test (not an SSP) update ECDSA P-521 Export: Never A3707 NPSK pub 256 bits Package public Entrust Import: n/a Flash, in n/a Firmware signature Firmware plaintext loading test (PSP) verification key update ECDSA P-521 Export: Never A3707 ESK pub 256 bits Root Entrust Entrust Import: n/a Flash n/a Signature SEE public Firmware verification (PSP) signing key update ECDSA P-521 Export: Never A3707
30 of 44 nShield 5s Hardware Security Module
Key/SSP/Name/Type Strength Security Generation Import/Export Establishment Storage Zeroisation Use & related Function and keys Cert. Number DSK pub 256 bits Developer n/a Launcher n/a Flash n/a Signature public signing service ids verification (PSP) key commands ECDSA P-521 A3707 KSSH_CLIENT pub 128 bits Client Client side Through n/a Flash, in factorystate SSH authentication SSHAdmin plaintext authentication (PSP) SSH key for service credentials each of the services (Updater, Setup, SSHAdmin, Launcher, nCoreAPI) ECDSA P-256, PA3707 DRBG entropy input > 256 Platform DRBG 520 bits Never n/a RAM, in Power cycle Random bits from the plaintext number (CSP) A3707 approved generation Entropy Source. DRBG seed 256 bits Platform DRBG Generated Never n/a RAM, in Power cycle Random as per SP plaintext number (CSP) A3707 800-90Arev1 generation with 696 bits from the approved Entropy Source:
random nonce DRBG internal state 256 bits Platform DRBG Generated Never n/a RAM, in Power cycle Random ('V' and 'C' values) as per SP plaintext number A3707 800- generation (CSP) 90Arev1. Table 22 Platform SSP table nShield 5s Hardware Security Module 31 of 44
nCore API service SSPs
The following SSPs are related to the nCore API service. Key/SSP/Name/Type Strength Security Generation Import/Export Establishment Storage Zeroisation Use & Function and related Cert. Number keys KCONTAINER 256 bits Master key for Derived at Never n/a RAM, in plaintext Power Key container start-up using cycle derivation (CSP) KBKDF from A3707 KRESET, container-id and other fixed value. KCONTAINERSSH 256 bits Encryption key Derived at Never n/a RAM, in plaintext Power Encryption for start-up using cycle (CSP) KSSH_NCORE KBKDF from KCONTAINER, AES-256 and other A3707 fixed value. KSSH_NCORE 128 bits Server DRBG Private key: n/a In Flash, n/a SSH authentication Never encrypted with channel (CSP) protected ssh key for KCONTAINERSSH session Public key the nCore API output via SSH service Admin service ECDSA P-256 A3707 A3706 Table 23 nCoreAPI SSP table
The following SSPs are related to the Security World in which the cryptographic module is enrolled into. Key/SSP/Name/Typ Strengt Security Generatio Import/Expor Establishmen Storage Zeroisation Use & related keys e h Function and n t t Cert. Number KRE_BLOBKEY 128 bits Recovery DRBG Import: From n/a RAM, in Power cycle Key used to protect confidentialit key blob, plaintext or recovery keys (KR). (CSP) y key decrypted Cmd_Destro with LTRE y RSA 3072 bit Export: in key A3707 blob, encrypted with LTRE KR 256 bits Recovery key DRBG Import: From n/a RAM, in Power cycle Key used to key blob, plaintext or derive (using SP 800(CSP) AES 256 decrypted Cmd_Destro 108 KDF in counter A3707 with y mode) the keys Ke KRE_BLOBKEY (AES 256-bit) and Km (HMAC-SHA256) that protect an archive
32 of 44 nShield 5s Hardware Security Module
Key/SSP/Name/Typ Strengt Security Generatio Import/Expor Establishmen Storage Zeroisation Use & related keys e h Function and n t t Cert. Number Export: in key copy of an application blob, key. encrypted with KRE_BLOBKEY IMPATHKE 256 bits Session keys n/a Never DH RAM, in Power cycle Encryption and for impath plaintext or channel decryption IMPATHKM channel closure MAC generation and (CSP) A3707 verification KA ≥ 112 Application DRBG Import: From n/a RAM, in Power cycle Application keys used bits keys key blob, plaintext or for general purpose (CSP) decrypted Cmd_Destro cryptographic A3707 with LTA or KR y services: Export: in key
Key/SSP/Name/Typ Strengt Security Generatio Import/Expor Establishmen Storage Zeroisation Use & related keys e h Function and n t t Cert. Number encrypted with LTNSO HKNSO 160 bits Hash of public n/a Never Security Flash, in factorystate nShield Security KNSO World plaintext or Initialize Officer key used for (PSP) creation Unit NSO authorisation A3707 and Security World integrity BLOBKE 256 bits Key blob n/a Never Derived from RAM, in Power cycle Key wrapping encryption LTx plaintext BLOBKM and MAC key (CSP) AES 256 HMACSHA256 A3707 LTx 256 bits Logical token DRBG Import: From From Shares RAM, in Power cycle Key derivation for key x quorum of using Shamir plaintext or (CSP) encrypted Secret Schee Cmd_Destro AES 256 Shares using y A3707 Shamir Secret Scheme Export: To encrypted Shares using Shamir Secret Scheme SHAREKEY 256 bits Share n/a Never Derived from RAM, in Power cycle Protects a share when encryption KM and other plaintext written to a smartcard (CSP) and MAC keys additional or softcard. This key is data used to derive using AES 256 KBKDF the keys HMAC- Ke and Km used to SHA256 wrap the share. A3707 RAKME 256 bits Session keys n/a Never ECDH RAM, in Power cycle Encryption and for remote plaintext or channel decryption RAKMA admin closure MAC generation and (CSP) channel verification AES 256 A3707 KAL 128 bits Audit logging DRBG Never n/a Flash, in factorystate Digital signature key plaintext or Initialize generation of the (CSP) Unit audit trail. DSA 3072-bit A3707 KWARN pub 256 bits Entrust root Entrust Import: fw n/a Flash, in n/a Digital signature warranting update plaintext verification to (PSP) protected public key for , as part authenticate remote Export: never Administrator of the cards. Cards and firmware Operator image Cards
34 of 44 nShield 5s Hardware Security Module
Key/SSP/Name/Typ Strengt Security Generatio Import/Expor Establishmen Storage Zeroisation Use & related keys e h Function and n t t Cert. Number ECDSA P-521 A3707 DRBG entropy input 256 bits nCoreAPI 520 bits Never n/a RAM, in Power cycle Random number DRBG from plaintext generation (CSP) Platform A3707 DRBG DRBG seed 256 bits nCoreAPI Generated Never n/a RAM, in Power cycle Random number DRBG as per SP plaintext generation (CSP) 800A3707 90Arev1 with 696 bits from Platform DRBG:
random nonce DRBG internal state 256 bits nCoreAPI Generated Never n/a RAM, in Power cycle Random number ('V' and 'C' values) DRBG as per SP plaintext generation 800(CSP) A3707 90Arev1. Table 24 Security World SSP table As per IG 9.7.B, the zeroisation of SSPs is explicitly indicated by the successful return code of the setup factorystate command. Temporary SSPs are zeroised implicitly.
Zeroization of all unprotected SSPs keys occurs immediately when the module is reset to the factory state with the setup factorystate command.
The cryptographic module has a hardware based true random number generator used to seed the DRBGs. Entropy sources Minimum number of bits of Details entropy nShield 5s Physical True Random 0.89 bits per output bit Hardware entropy source compliant with SP 800-90B. Number Generator Minimum of 256 bits of entropy As per the Public Use Document, no configuration of the ESV cert#38 for DRBG seed entropy source is required. (total seed size of 512 bits) Table 25 Non-Deterministic Random Number Generation Specification nShield 5s Hardware Security Module 35 of 44
The Cryptographic Module performs pre-operational, conditional and periodic self-tests. It also supports pre-operational self-tests on demand by resetting the module. In the event of a self-test failure, the module enters the error state. While in this state, the module does not process any commands, and will indicate the error on the status LED and the error log, which can be retrieved with the command monitor getlog.
At start up, the following integrity tests are performed:
The following cryptographic algorithm self tests (CASTs) are run before the first use of any cryptographic mechanism. Algorithm Description Bootloader crypto SHA2-256 Known Answer Test RSA Known Answer Test (verification only) with 4096 bit key nCore crypto AES ECB encrypt AES ECB Known Answer Test encryption with 128, 192 and 256-bit keys AES ECB decrypt AES ECB Known Answer Test decryption with 128, 192 and 256-bit keys AES CMAC Known Answer Test: 128-bit key SHA-1 SHA-1 Known Answer Test, other size are tested along with KAT HMAC SHA-3 SHA3-224, SHA3-256, SHA3-384, SHA3-512 Known Answer Test HMAC with SHA-1, SHA2-224, SHA2-256, SHA2-384, Known Answer Test SHA2-512 RSA Known Answer Test: sign/verify, encrypt/decrypt with 2048-bit key Pair-Wise consistency test: sign/verify DSA Known Answer Test: sign/verify with 2048-bit key Pair-Wise consistency test: sign/verify
36 of 44 nShield 5s Hardware Security Module
Algorithm Description ECDSA KAT test: sign/verify with curves P-224 and B-233 Pair-Wise consistency test: sign/verify KAS-FFC Shared Secret Computation Known Answer Test DH KAS-ECC Shared Secret Computation Known Answer Test for ECDH with curves P-384 and B-233 One-step KDF Known Answer Test with SHA2-256 auxiliary function Two-step KDF Known Answer Test with HMAC-SHA256 auxiliary function KBKDF Known Answer Test DRBG Health Tests according to SP 800-90Arev1 section 11.3 SSH crypto AES GCM encrypt Known Answer Test encryption with 128 bit key AES GCM decrypt Known Answer Test decryption with 128 bit key AES CTR encrypt Known Answer Test encryption with 128 bit key AES CTR decrypt Known Answer Test decryption with 128 bit key HMAC with SHA2-256 and SHA2-512 Known Answer Test KAS-ECC Shared Secret Computation Known Answer Test for ECDH with curve P-256 ECDSA KAT test: sign/verify with curves P-256 and P-521 SSH KDF SSH KDF Known Answer Test
At start up, the SP 800-90B Adaptive Proportion Test and Repetition Count Test are run on the output bits of the entropy source. These tests are also run continuously during operation of the entropy source.
The module performs a pair-wise consistency test when RSA, DSA, ECDSA, DH and ECDH keys are generated.
Prior to updating the firmware, the cryptographic module validates the integrity and authenticity of the image update package. The module performs the following actions before replacing the current image:
Note: A firmware image version loaded into this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation.
The following self tests are run periodically every 24 hours:
38 of 44 nShield 5s Hardware Security Module
This section provides specific FIPS-related guidance to Administrators and Operators. This guidance is aimed to complement the product user and installation guides which are delivered with the cryptographic module.
The nShield cryptographic module is sent to the customers using a standard carrier service. After accepting the delivery of the module, a physical inspection of the module shall be performed (refer to Physical Security section). This inspection is done to ensure that the module has not been tampered with during transit. If the inspection results indicate that the module has not been tampered with, the Administrator can then proceed with installation and configuration of the module. The cryptographic module supports firmware upgrades in the field, which are provided by Entrust as a single signed firmware package (.npkg file).
This section provides instructions to inspect the cryptographic module´s fw and hw version information and ensure they correspond with the FIPS 140-3 validated versions.
The cryptographic module provides the service updater info which provides firmware version information in JSON format. Entrust provides the hsmadmin status command-line utility which calls the service updater info internally. hsmadmin status --json { "D5DE-E1F8-D6E7": { "succeeded": true, "data": { "mode": "primary", "primary-version": "13.4.5-751-56c6f1db", "recovery-version": "13.2.4-280-7f4f0c24", "uboot-version": "1.1.0-1245-b9bedfa" } } } The following fields in the output must be checked: nShield 5s Hardware Security Module 39 of 44
Field Expected value primary-version 13.4.5-751-56c6f1db recovery-version 13.2.4-280-7f4f0c24 uboot-version 1.1.0-1245-b9bedfa or 1.4.1-0-edb84d6e
The cryptographic module provides the command Cmd_NewEnquiry which reports hardware version information. Entrust provides the enquiry command-line utility which calls Cmd_NewEnquiry internally. product name nC5536E hardware part no PCA10005-01 revision 03 The following fields in the output must be checked: Field Expected value product name nC5536E or nC5536N hardware part no PCA10005-01 revision 03 or revision 04 Alternatively, the cryptographic module also provides the service setup info which provides hardware version information in JSON format. Entrust provides the hsmadmin info command-line utility which calls the service setup info internally. hsmadmin info --json { "15C8-4387-C748": { "eeprom": { ... , "buildpart": { "value": "PCA10005-01", "crc": xxxxx } , "buildrev": { "value": "03", "crc": xxxxx } ... } } The following fields in the output must be checked:
40 of 44 nShield 5s Hardware Security Module
Field Expected value buildpart "value": "PCA10005-01" buildrev "value": "03" or "value": "04"
When the cryptographic module is in factory state, it first needs to be initialized with the command line utility hsmadmin enroll. To configure the cryptographic module in approved mode, create a FIPS 140-3 level 3 compliant Security World using Entrust supplied utility new-world and setting the mode to fips-140-level-3. An operator can verify that the module is configured in approved mode with the command line utility enquiry, which reports the following active modes: active modes UseFIPSApprovedInternalMechanisms AlwaysUseStrongPrimes FIPSLevel3Enforcedv2 StrictSP80056Ar3 or active modes UseFIPSApprovedInternalMechanisms FIPSLevel3Enforcedv2 StrictSP80056Ar3 Once a FIPS 140-3 level 3 Security World is created, it is not possible to switch into a non-compliant mode without first zeroising the unprotected SSPs.
Per FIPS 140-3 section 7.11.8, in the event that the module is no longer deployed or intended for further use, the Crypto Officer shall zeroize and destroy the module. The module shall be taken to an electronics recycling facility that offers (and assures) the physical destruction of e-waste. nShield 5s Hardware Security Module 41 of 44
Contact Us Web site https://www.entrust.com Support https://nshieldsupport.entrust.com Email Support nShield.support@entrust.com Online documentation: Available from the Support site listed above. You can also contact our Support teams by telephone, using the following numbers: Europe, Middle East, and Africa United Kingdom: +44 1223 622 444 One Station Square Cambridge CB1 2GA UK Americas Toll Free: +1 833 425 1990 Fort Lauderdale: +1 954 953 5229 Sawgrass Commerce Center
Sunrise FL 33323 USA Asia Pacific Australia: +61 9126 9070 World Trade Centre Northbank Wharf Siddeley St Melbourne VIC 3005 Australia Japan: +81 50 3196 4994 Hong Kong: +852 3008 4994 31/F, Hysan Place
Causeway Bay Hong Kong nShield 5s Hardware Security Module 43 of 44
To get help with Entrust nShield HSMs nShield.support@entrust.com nshieldsupport.entrust.com ABOUT ENTRUST CORPORATION Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing egovernment services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us.