| Standard | FIPS 140-3 |
|---|---|
| Overall level | 2 |
| Module type | Hardware |
| Embodiment | Multi-Chip Embedded |
| Status | Active |
| Sunset date | 9/2/2029 |
| Caveat | When installed, initialized and configured as specified in Section 11 of the Security Policy. When entropy is externally loaded, no assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Canon Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-XTS | C217 |
| Hash DRBG | DRBG 2300 |
| RSA SigVer (FIPS186-4) | RSA 3059 |
| SHA2-256 | SHS 4547 |
flowchart LR
%% Deterministic review-risk graph for Canon MFP Security Chip
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-test<br/>Status Output</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3 clue;
class I2,I3 infer;
class R2,R3 risk;
class E2,E3 evidence;flowchart LR
%% Deterministic clue tier for Canon MFP Security Chip
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-test<br/>Status Output</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3 clueLow;Date of Issue: 2024/8/22 Canon MFP Security Chip FIPS140-3 Security Policy Version 1.27 2024/8/22 Canon Inc.
Date of Issue: 2024/8/22 Contents Trademark Notice ・ Canon and the Canon logo are trademarks of Canon Inc. ・ All names of companies and products contained herein are trademarks or registered trademarks of the respective companies.
This security policy (hereinafter referred to as SP) is the security policy for the hardware cryptographic module developed by Canon called the Canon MFP Security Chip. This document describes how the Canon MFP Security Chip meets the FIPS140-3 Level 2 security requirements. This SP is a nonproprietary document.
This section provides basic information about this SP. Title Canon MFP Security Chip FIPS140-3 Security Policy Version 1.27 Issuer Canon Inc. Date of issue 2024/8/22
The following terms and abbreviations are used throughout this SP. Table 1 Terms and abbreviations Term/abbreviation Description AES Advanced Encryption Standard XTS XEX encryption mode with tweak and ciphertext stealing ENT (P) Physical entropy source compliant with NIST SP 800-90B. CO Crypto Officer CSP Critical Security Parameter PSP Public Security Parameter SSP Sensitive Security Parameter FIPS Federal Information Processing Standards Canon MFP/printer A general term that refers to a Canon brand multifunction peripheral or printer. Serial ATA (SATA) A standard for connecting storage devices, based on serial transmission technology. Storage device Refers to the storage device on the Canon MFP/printer such as HDD/SSD.
The Canon MFP Security Chip is a cryptographic module designed and implemented to meet the FIPS140-3 Level 2 security requirements. Table2 shows the security level met by the Canon MFP Security Chip for each of the specified areas. The overall level is level 2.
Date of Issue: 2024/8/22 Table 2 Security Levels ISO/IEC 24759 Section 6. FIPS 140-3 Section Title Security Level [Number Below]
1 General 2
2 Cryptographic module specification 2
3 Cryptographic module interfaces 2
4 Roles, services, and authentication 2
5 Software/Firmware security 2
6 Operational environment N/A
7 Physical security 2
8 Non-invasive security N/A
9 Sensitive security parameter management 2
10 Self-tests 2
11 Life-cycle assurance 2
12 Mitigation of other attacks N/A
When installed, initialized and configured as specified in Section 11 of the Security Policy. When entropy is externally loaded1, no assurance of the minimum strength of generated SSPs (e.g., keys).
1 “externally loaded” caveat is only applicable when “Input secret information” service is used.
The Canon MFP Security Chip handles cryptography for the storage device of the Canon MFP/printer. The Canon MFP Security Chip realizes high-speed data encryption/decryption through a serial ATA interface, using XTS-AES mode. This allows the Canon MFP/printer's storage device to be protected against the risk of information leakage, without compromising objectives such as extensibility, flexibility, usability, and high performance. The Canon MFP Security Chip is a “Multiple-chip embedded cryptographic module” and the cryptographic boundary is the surface of the package. The following table shows the hardware and firmware comprising the Canon MFP Security Chip (As described in Section 2.2, all elements of the module are enclosed in a single package). The firmware includes the boot loader. Table 3 Cryptographic Module Tested Configuration Model Hardware Version Firmware Version Canon MFP Security Chip 3.0 3.00, 3.00(V05L00), 3.00(V05L01) Figure1 and Figure2 show the appearance of the Canon MFP Security Chip. The physical perimeter of the Canon MFP Security Chip is the surface of the package. Figure 1 Appearance of the Canon MFP Security Chip GPIO SATA-I/F non-security relevant signal Figure 2 Appearance of Canon MFP Security Chip (Bottom view)
In addition to the cryptographic process, the Canon MFP Security Chip has SATA HOST and SATA DEVICE interface. Figure 3 shows an example of configuration for cryptographic module operation. The red line in the figure shows the cryptographic boundary. Cryptographic boundary SATA Cryptographic SATA SATA-Device SATA-Host engine RAM HDD I/F I/F (AES) SATA-Host SATA GPIO CPU HDD I/F Reset Clock H Block Host System Power Supply Flash memory F Block Power Supply PCIe Other Controller non-security I/F I/F non-security relevant I Block relevant signal signal Figure 3 Example of operational configuration of Canon MFP Security Chip The Canon MFP Security Chip is located between the host system and storage device. The host system is a system to use the services provided by the Canon MFP Security Chip, while the storage device is a memory device to store data encrypted by the Canon MFP Security Chip. The Canon MFP Security Chip also has a mirroring function thus it is possible to connect two storage devices. However, the second storage device is optional, and it is possible to operate with only one storage device. Serial ATA is used as the interface between the host system and Canon MFP Security Chip, and between the Canon MFP Security Chip and storage device. The Canon MFP Security Chip consists of three blocks: H block for the main process of the cryptographic module; F block where flash memory is mounted; and I block not related to the services provided by the cryptographic module. The Canon MFP Security Chip consists of two dies: H and I blocks sit on one die, and F block, on the other. All these elements are enclosed in a single package, making up the cryptographic chip. All the security services of the cryptographic module are implemented in H block and F block. Firmware and CSP data to be executed in H block are stored in the flash memory in F block. I block does not have any physical I/F with H and F blocks, including the power supply. Therefore, it is not possible to access SSPs from I block and there is no impact on input/output of the cryptographic module. I block has no impact on the security of the Canon MFP Security Chip and thus explicitly excluded from the FIPS140-3 requirements. The following shows the role of each component of H and F blocks: Table 4 Roles of components of the Canon MFP Security Chip Component Role RAM Volatile memory that stores data and programs. CPU Executes programs stored in memory. Flash memory Non-volatile memory that stores the firmware controlling the Canon MFP Security Chip as well as CSPs. SATA-Device I/F Interface to process SATA I/O for the Canon MFP
Date of Issue: 2024/8/22 SATA-Host I/F Security Chip. Cryptographic engine Handles AES encryption and decryption.
The Canon MFP Security Chip supports Approved mode, which implements security features approved by CMVP, and non-Compliant state, which is considered outside the scope of this certification. The Canon MFP Security Chip operates in non-Compliant state when installed. It becomes validated one by using the Initialization operation described in Section 11 and is always in Approved mode. If “Sanitization” service is used in Approved mode, the module will transition to non-Compliant state.
The Canon MFP Security Chip provides the following approved algorithms in Approved mode. Table 5 Approved algorithms CAVP Algorithm and Standard Mode/ Description / Key Size(s) / Use / Function Cert Method Key Strength(s) #C217 AES2 XTS Key Strength: Used in Encryption/ 128 bits, 256 bits encryption/decryption of FIPS PUB 197 Decryption Length: data stored in storage SP 800-38E 128 bits, 256 bits device. #4547 SHS SHA-256 Size: 256 bits Used in Hash_DRBG random bit generation, FIPS PUB 180-4 response generation for Device Identification and Authentication, and RSA digital signature verification. #3059 RSA Signature Modulus: Used for firmware Verification 2048 bits verification. FIPS PUB 186-4 PKCS#1 #2300 Hash_DRBG N/A SHA-256 Used in cryptographic key generation, and challenge SP 800-90A Rev.1 generation for Device Identification and Authentication. ENT(P) Entropy Source N/A Used in generating the seed value for approved SP 800-90B DRBG Vendor CKG N/A Used in cryptographic key Affirmed generation. SP 800-133rev2 As per SP 800-133rev2 Section 4. The Canon MFP Security Chip does not implement any non-Approved algorithms.
2 #C217 includes AES-ECB as validated algorithm. This is used as a prerequisite for XTS-AES
This section describes the physical ports of the Canon MFP Security Chip, and how they relate to the data input/output and power supply interfaces. In terms of the logical interface, the Canon MFP Security Chip operates upon ATA commands that are input from the host system. Each ATA command is associated with a different interface, namely Data Input, Data Output, Control Input, and Status Output. Table 6 Ports and Interfaces Logical Physical port Data that passes over port/interface interface Control Input - Non-data portion of the ATA command Status Output - Non-data portion of the response to the ATA command Data Input - Plaintext user data - "Authentication ID" (plaintext) - "CO authentication information" (plaintext) SATA-Device - Challenge for device authentication - Response for host authentication - New firmware image for Update firmware service - "Key seed" (plaintext) Data Output - "Key seed" (plaintext) - Challenge for host authentication - Response for device authentication Data Input SATA-Host - Ciphertext user data Data Output Power supply Power supply None - Module status output (indicating a status, such as SSD GPIO Status Output access) Reset Control Input - Reset signal Clock Control Input - Clock signal There is no control output in the Canon MFP Security Chip.
This section describes the roles with corresponding service with input and output provided by the Canon MFP Security Chip. Table 7 Roles, Service Commands, Input and Output Role Service Input Output CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) DMA*2 (WRITE DMA) data CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) MULTIPLE*2 (WRITE MULTIPLE) data CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) SECTOR(S) *2 (WRITE SECTOR(S)) data CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) DMA EXT*2 (WRITE DMA EXT) data CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) MULTIPLE EXT*2 (WRITE MULTIPLE EXT) data CO AES encryption Plaintext user data, ATA command Result*1, Ciphertext user (USER) SECTOR(S) EXT*2 (WRITE SECTOR(S) EXT) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) DMA*2 (READ DMA) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) MULTIPLE*2 (READ MULTIPLE) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) SECTOR(S) *2 (READ SECTOR(S)) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) DMA EXT*2 (READ DMA EXT) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) MULTIPLE EXT*2 (READ MULTIPLE EXT) data CO AES decryption Ciphertext user data, ATA command Result*1, Plaintext user (USER) SECTOR(S) EXT*2 (READ SECTOR(S) EXT) data CO Configure secret Authentication ID, CO authentication Result*1 information information, extended ATA command (INSTALL SECRET INFO) CO Output secret extended ATA command*4 (EXPORT Result*1, Key seed information CSP) CO Input secret Key seed, extended ATA Result*1 information command*4 (IMPORT CSP) CO Change CO CO authentication information, Result*1 authentication extended ATA command*4 (CONFIG information SECRET INFO) CO Update firmware New firmware image, extended ATA Result*1 command*4 (UPDATE BUILD IN FW) None Process ATA ATA command (General feature set/ Result*1 command Power Management feature set/ services*3 48-bit Address feature set/ SMART feature set/ General Purpose Logging feature set/ Security feature set/ Long Logical Sector (LLS) feature set/
Date of Issue: 2024/8/22 Trusted Computing feature set/ Sanitize Device feature set/ Software Setting Preservation (SSP) feature set) None Reconfiguration Power on None None Zeroize AES key Power off None None Initialize Settings extended ATA command*4 Result*1 (INITIALIZE SETTINGS) None To Config extended ATA command*4 (TO Result*1 CONFIG) None Setup Mirroring extended ATA command*4 (SETUP Result*1 MIRRORING) None Change Mode extended ATA command*4 Result*1 (CHANGE MODE) None Self-reset extended ATA command*4 (SELF Result*1 RESET) None Show status extended ATA command*4 (GET Result*1, current status and STATUS) the error factor if an error occurs None Get FW Version extended ATA command*4 (GET Result*1, version of the Info VERSION INFO) Firmware module None Get HW Version extended ATA command*4 (CHECK Result*1, version of the Info CHIP VERSION) Hardware module None Zeroize secret extended ATA command*4 (ERASE Result*1 information SECRET INFO) None Sanitization extended ATA command*4 Result*1 (CHANGE TO NONFIPS) None Prepare extended ATA command*4 Result*1 Sanitization (PREPARE CHANGE TO NONFIPS) None Send challenge for Challenge, extended ATA Result*1 Device command*4 (SEND CHA1) Identification and Authentication None Request response extended ATA command*4 Result*1, Response for Device (REQUEST RES1) Identification and Authentication None Request challenge extended ATA command*4 Result*1, Challenge for Device (REQUEST CHA2) Identification and Authentication None Device Response, extended ATA Result*1 Identification and command*4 (SEND RES2) Authentication None Request challenge extended ATA command*4 Result*1, Challenge for C1 (REQUEST CHA C1) authentication None C1 authentication Response, extended ATA Result*1 command*4 (SEND RES C1) None Request challenge extended ATA command*4 Result*1, Challenge for C3 (REQUEST CHA C3) authentication None C3 authentication Response, extended ATA Result*1 command*4 (SEND RES C3) None Request challenge extended ATA command*4 Result*1, Challenge for C4 (REQUEST CHA C4) authentication None C4 authentication Response, extended ATA Result*1
Date of Issue: 2024/8/22 command*4 (SEND RES C4) None Request challenge extended ATA command*4 Result*1, Challenge for C5 (REQUEST CHA C5) authentication None C5 authentication Response, extended ATA Result*1 command*4 (SEND RES C5) None Request challenge extended ATA command*4 Result*1, Challenge for C6 (REQUEST CHA C6) authentication None C6 authentication Response, extended ATA Result*1 command*4 (SEND RES C6) None Self-test Power on None *1 Result indicates success or failure as a result of executing the service. *2 AES encryption/decryption services perform different methods of data transfer to the storage device according to the ATA command (i.e., write a single block or multiple blocks, etc.). No matter which command is executed, the module provides same function (data encryption/decryption). *3 The Process ATA Command services sends non-cryptographic-related ATA commands (as defined in the ANSI INCITS 452 standard document (ATA 8)) received from a host to storage, and sends a response from storage to the host. The Canon MFP Security Chip has a service corresponding to each ATA command, and these services are collectively referred to as the Process ATA Command services. *4 The extended ATA command is proprietary to the Canon MFP Security Chip.
The Canon MFP Security Chip supports two distinct operator roles, CO(USER) and CO. These roles are the "Crypto Officer Role" specified in ISO/IEC 19790 Section 7.4.2. The Canon MFP Security Chip has no "User Role". CO(USER) serves to allow connection to the Host. CO (USER) is allowed use of the AES encryption/decryption services as described in Table 10. CO (USER) is a role that undertakes the CO Role. Further, CO includes C1, C3, C4, C5, and C6. C1 can configure the secret information, C3 can export the secret information, C4 can import the secret information, C5 can change the secret information, and C6 can update the firmware of the Canon MFP Security Chip, respectively. The following table shows the authentication method of each role. The Canon MFP Security Chip does not provide the maintenance service, so no MAINTENANCE role is supported. It does not support concurrent use by multiple operators or bypass function. Table 9 Roles and Authentication Role Authentication Method Authentication Strength CO CO(USER) is authenticated by “Device Identification and 32-byte (USER) Authentication” service. The method is role-based authentication by shared secret. See Section 4.3 for more information. CO CO is authenticated by C1, C3, C4, C5, or C6 authentication 32-byte service. The method is role-based authentication by shared secret. It is possible to set different authentication information for C1, C3, C4, C5, and C6. The authentication method and specification of each authentication information are the same and are referred to as CO authentication. See Section 4.3 for more information.
Before providing any of the services associated with CO(USER) and CO respectively, the Canon MFP Security Chip performs role-based authentication by shared secret. The authentication mechanism differs for each role, as follows. ・ CO(USER) authentication Uses challenge-response authentication based on Authentication ID defined in 9.1. CO(USER) authentication is referred to as “Device Identification and Authentication” service. In Device Identification and Authentication, the challenge generated from the DRBG and a response value derived from the challenge and the Authentication ID, are used to mutually identify/authenticate the host system and the Canon MFP Security Chip. Response value is calculated by concatenating challenge and authentication ID, and then calculating hash values. ・ CO authentication Uses challenge-response authentication based on CO authentication information defined in section 9.1. The Canon MFP Security Chip generates challenge from DRBG and performs CO authentication using the response value notified by the host system. Response value is calculated by concatenating challenge and CO authentication information, and then calculating hash values. The hash algorithm used in CO (USER) and CO authentication is SHS as described in # 4547 of Table 5, and SHA-256 is used to calculate the hash value. For the shared secret, both CO authentication and CO(USER) authentication use a 32-byte random number, so the probability that a random attempt will succeed is 1/2 256, which is less than the objective of 1/1,000,000. The module can perform CO authentication every 60 milliseconds, and CO(USER) authentication, every 120 milliseconds. Therefore, the probability that multiple consecutive random authentication attempts will be successful during a one-minute period is 1000/2256 and 500/2256 respectively, both of which are less than the objective of 1/100,000.
This section describes the cryptographic services provided by the Canon MFP Security Chip. The Access rights shown in the table mean the access rights to Keys and/or SSPs and are defined as follows: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. Zeroisation of SSP is performed by overwriting the area where corresponding SSP is stored with 0 or 1. See Table 9 for the method used for authentication to each operator role. Table 10 Approved Services Service Description Approved Keys and/or SSPs Roles Access Indicator Security rights Functions to Keys and/or SSPs AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response DMA keys AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response MULTIPLE keys
Date of Issue: 2024/8/22 AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response SECTOR(S) keys AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response DMA EXT keys AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response MULTIPLE keys EXT AES Encrypts and writes data AES AES CO E command encryption to the storage device(s). Encryption cryptographic (USER) response SECTOR(S) keys EXT AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response DMA decrypts. keys AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response MULTIPLE decrypts. keys AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response SECTOR(S) decrypts. keys AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response DMA EXT decrypts. keys AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response MULTIPLE decrypts. keys EXT AES Reads data from the AES AES CO E command decryption storage device and Decryption cryptographic (USER) response SECTOR(S) decrypts. keys EXT Configure Configures the Hash_DRBG Authentication ID, CO W command secret authentication ID and CO CKG CO authentication response information authentication information information and AES G generates the key seed cryptographic for AES cryptographic keys key generation. Key seed G/E Writes the Host- DRBG seed G/E/Z originated CSPs to Flash DRBG internal E/G memory. state Output secret Key seed is output in - Key seed CO R command information plaintext form from the response cryptographic module. Input secret Replaces the key seed, - Key seed CO E/W command information with the secret response information received from AES G the host system in cryptographic plaintext form. keys Change CO Modifies CO - CO authentication CO W/Z command authentication authentication information response information information. Update Updates firmware of the RSA Vendor public key CO E command firmware cryptographic module SHA-256 response except for the boot CO authentication Z loader. information, See section 5. key seed, authentication ID, DRBG internal state, AES cryptographic
Date of Issue: 2024/8/22 keys Process ATA Sends non-encryption- - N/A None N/A command command related ATA commands response services received from the host to the storage and sends a response from the storage to the host. Reconfiguratio Initializes the Canon MFP Hash_DRBG AES None G Show status n Security Chip. The CKG cryptographic cryptographic key is RSA keys calculated using the key SHA-256 Key seed E seed and stored in work DRBG seed G/E/Z memory within the DRBG internal G module. state Vendor public key E Zeroize AES Clears the cryptographic - AES None Z The module key key stored in volatile cryptographic is poweredmemory. keys off. Initialize Initializes the non- Hash_DRBG AES None G command Settings security relevant settings CKG cryptographic response of the Canon MFP RSA keys Security Chip. SHA-256 Key seed E After initializing, the DRBG seed G/E/Z module automatically DRBG internal G resets. state Vendor public key E To Config Clears the CO(USER) - N/A None N/A command authentication state and response transitions to the Config state. Setup Configures the behavior - N/A None N/A command Mirroring settings of the Canon response MFP Security Chip for mirroring mode. Change mode Configures the behavior - N/A None N/A command settings of the Canon response MFP Security Chip for mirroring mode. Self-reset Performs self-reset and Hash_DRBG AES None G Show status self-tests. CKG cryptographic RSA keys SHA-256 Key seed E DRBG seed G/E/Z DRBG internal G state Vendor public key E Show status Shows the current status - N/A None N/A command of the module, including response status indicators in response to request of some services. If the service resulted in an error, the cause of the error is also shown. Get FW Shows the version of the - N/A None N/A command Version Info cryptographic Firmware response module. Get HW Shows the version of the - N/A None N/A command Version Info cryptographic Hardware response module. Zeroize secret Clears (zeroizes) secret - Key seed, None Z command information information. authentication ID, response
Date of Issue: 2024/8/22 AES cryptographic keys Sanitization Clears (zeroizes) all - CO authentication None Z command CSPs and transitions to information, key response non-Compliant state. seed, Authentication ID, DRBG internal state, AES cryptographic keys Prepare Prepares to use - None None N/A command Sanitization “Sanitization” service. response Send Provides a challenge - Challenge- None W command challenge for value for Device response response Device Identification and Identification Authentication from the and host system to the Authentication module. Request Provides a response SHA-256 Authentication ID None E command response for value for Device response Device Identification and Identification Authentication from the Challenge- G/Z/R and module to the host response Authentication system. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for Device G state response Device Identification and Identification Authentication from the Challenge- G/W/R and module to the host response Authentication system. Device Uses challenge-response SHA-256 Authentication ID None E command Identification authentication to response and identify/authenticate that Authentication the connection is with the Challenge- Z/W correct host system. The response Canon MFP Security Chip provides services such as encryption/decryption, only when authentication succeeds. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for C1 G state response C1 authentication from the authentication module to the host system. Challenge- G/R response C1 Performs C1 SHA-256 CO authentication None E command authentication authentication with information response challenge-response authentication. The Challenge- Z/W Canon MFP Security response Chip provides services to CO only when authentication succeeds. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for C3 G state response C3 authentication from the authentication module to the host Challenge- G/R system. response
Date of Issue: 2024/8/22 C3 Performs C3 SHA-256 CO authentication None E command authentication authentication with information response challenge-response authentication. The Challenge- Z/W Canon MFP Security response Chip provides services to CO only when authentication succeeds. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for C4 G state response C4 authentication from the Challenge- G/R authentication module to the host response system. C4 Performs C4 SHA-256 CO None E command authentication authentication with authentication response challenge-response information authentication. The Challenge- Z/W Canon MFP Security response Chip provides services to CO only when authentication succeeds. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for C5 G state response C5 authentication from the Challenge- G/R authentication module to the host response system. C5 Performs C5 SHA-256 CO authentication None E command authentication authentication with information response challenge-response Challenge- Z/W authentication. The response Canon MFP Security Chip provides services to CO only when authentication succeeds. Request Provides a challenge Hash_DRB DRBG internal None E/W command challenge for value for C6 G state response C6 authentication from the Challenge- G/R authentication module to the host response system. C6 Performs C6 SHA-256 CO authentication None E command authentication authentication with information response challenge-response Challenge- Z/W authentication. The response Canon MFP Security Chip provides services to CO only when authentication succeeds. Self-test Performs self-tests. Hash_DRBG AES None G Show status CKG cryptographic RSA keys SHA-256 Key seed E DRBG seed G/E/Z DRBG internal G state Vendor public key E
At the start-up, the Canon MFP Security Chip perform the boot loader integrity test using 32-bit CRC and an integrity test of the firmware (ELF format) using digital signature of RSA 2048-bit. By resetting the Canon MFP Security Chip, it is possible to perform an on-demand integrity test of the firmware. It is also possible for CO to update the firmware except for the boot loader by completely replacing it using Update firmware service. For firmware update, the new firmware image for firmware updating is stored to the non-running firmware storage space of the two storage spaces. After receiving all the firmware data, the Canon MFP Security Chip verifies the received digital signature of RSA 2048-bit by public key that is embedded in the current firmware. In case the verification succeeds, the Canon MFP Security Chip zeroizes CSPs, returns a success status and switches to non-Compliant state. Then, the next start-up, the Canon MFP Security Chip starts with the new firmware. The new firmware launches for the first time after the device is reset. After the new firmware becomes effective, the module becomes another one, and new validation is needed. If verification fails, the Canon MFP Security Chip discards the new firmware, returns an error, and quits the firmware update. In that case, the Canon MFP Security Chip will continue to operate with the pre-update firmware. The CO can verify the updated firmware version by Get FW Version Info service. The firmware version is displayed, consisting of the updated part and the unupdated boot loader.
The Canon MFP Security Chip operates in limited operational environment. It has a function to update firmware but the firmware to be updated has to be the one approved by CMVP. In case other firmware is loaded, it is considered outside of the scope of this certification. The firmware will be completely replaced by the update function.
The Canon MFP Security Chip is a multi-chip embedded module where all the components are enclosed in a package and sealed by opaque plastic mold (coating). Therefore, in order to see inside of the Canon MFP Security Chip, it is necessary to remove at least a part of the plastic mold thus tamper evidence will be left if an attempt to remove the mold is made. Table 11 Physical Security Inspection Guidelines Physical Security Mechanism Recommended Inspection/Test Guidance Details Frequency of Inspection/Test All components are enclosed in Before use The administrator shall inspect the coating a package and sealed by for any signs of tampering. opaque plastic mold (coating). If the administrator discovers tamper evidence, the Canon MFP Security Chip should not be used.
The Canon MFP Security Chip does not implement a non-invasive security technology to protect SSPs from non-invasive attacks.
The following tables show CSPs, and PSPs handled by the Canon MFP Security Chip. Key seed, authentication ID and CO authentication information are collectively called “secret information”. There are no cryptographic algorithms and its parameters with an expiration date in this module. Since the establishment method does not apply to all CSPs, the description is omitted. Table 12 SSPs Key/SSP Strength Security Generation Import/Export Establish Storage Zeroisation Use & related Name/ Function ment keys Type and Cert. Number* AES 128 bits, XTS-AES Generated by N/A N/A Plaintext “Zeroize “Symmetric cryptograp 256 bits using CKG in RAM AES key”, Key” for hic keys shown in “Zeroize encryption/de (CSP) Table 5. secret cryption information”, “Update firmware” and “Sanitization ” “Zeroize AES key” implicitly performs zeroisation. Other services explicitly perform zeroisation. Key seed 256 bits Hash_DR Generated by Import/Export: N/A Plaintext “Zeroize Used in AES (CSP) BG the Input from the Host in Flash secret Cryptographic instantiation System by “Input information”, key function of secret information” in “Update generation Hash_DRBG CO Role. The firmware” in Table 5 by importing Key seed and “Configure requires to have 256 “Sanitization secret bits of strength. ” information” in The “Input secret CO Role, that information” service All services uses DRBG assumes that the explicitly seed Key seed output by perform described the “Output secret zeroisation. below. information” service from this module is input. Authentica Refer to N/A N/A Import: N/A Plaintext “Zeroize Used for tion ID Section Set by “Configure in Flash secret mutually (CSP) 4.3 of secret information” information”, authenticating [SP]. service. “Update the Canon firmware” MFP Security and Chip and the “Sanitization host system, ” for Device Identification All services and
Date of Issue: 2024/8/22 explicitly Authentication perform . zeroisation. CO Refer to N/A N/A Import: N/A Plaintext “Sanitization Information for authentica Section Set by “Configure in Flash ”, “Change CO tion 4.3 of secret information” CO authentication informatio [SP]. service and “Change authenticati . n CO authentication on (CSP) information” service. information” It is possible to set and “Update different firmware” authentication information for each All services service and the explicitly cryptographic module perform can retain multiple zeroisation. sets of authentication information. DRBG 256 bits N/A It is generated N/A N/A Plaintext “Sanitization Used for internal by the in RAM ”, challenge state instantiation “Zeroize generation, for (CSP) function of AES key” “Device Hash_DRBG and “Update Identification in Table 5, firmware” and that uses Authentication DRBG seed "Zeroize ”, “C1 described AES key" Authentication below. implicitly ”, “C3 performs authentication zeroisation. ”, “C4 Other authentication services ”, “C5 explicitly authentication perform ” and “C6 zeroisation. authentication ” services. And it is updated whenever the generation function of Hash_DRBG is called. DRBG 256 bits N/A DRBG seed is N/A N/A Plaintext “Configure Used for key seed generated by in RAM secret seed (CSP) combining information” generation. random and Used for numbers from “Reconfigur DRBG internal Chapter 3.4 ation” state ENT (P) that generation. are generated All services as Entropy implicitly Input or perform Nonce. zeroisation. Challenge- N/A Hash_DR Challenge is Import: N/A Plaintext “Device Used for “CO response BG generated for a challenge code is in RAM. Identification authentication (PSP) SHS “Device input into the module Tempora and ” and “Device Identification at "Send challenge rily Authenticati Identification and for Device stored on”, “C1 and Authentication Identification and during authenticati Authentication ” and “CO Authentication" “Device on”, “C3 ”. authentication service, and Identifica authenticati ”. response codes are tion and on”, “C4 Response is input into the module Authenti authenticati
Date of Issue: 2024/8/22 generated for at "C1 cation”, on”, “C5 “Device authentication”, “C3 “C1 authenticati Identification authentication” authentic on”, “C6 and service, “C4 ation”, authenticati Authentication authentication” “C3 on” and ”. service, “C5 authentic “Request authentication” ation”, response for service, “C6 “C4 Device authentication” authentic Identification service, and "Device ation”, and Identification and “C5 Authenticati Authentication" authentic on” service. ation” and “C6 All services Export: authentic implicitly a response code is ation” perform output from the zeroisation module at "Request response for Device Identification and Authentication" service, and challenge codes are output from the module at "Request challenge for Device Identification and Authentication" service, "Request challenge for C1 authentication" service, "Request challenge for C3 authentication" service, "Request challenge for C4 authentication" service, "Request challenge for C5 authentication" service and "Request challenge for C6 authentication" service. Vendor [Strength] RSA Stored when Import: N/A Plaintext N/A Used for public key 112 bits manufacturing Set by “Update in Flash verification of (PSP) [Length] the Canon firmware” service. firmware.
Chip. * See Table 5 for algorithm Certification number. The RBG entropy source is ENT (P). ENT (P) is used in generating the seed value for approved Hash_DRBG shown in Table 5. The Table shows entropy source specification. Table 15 Non-Deterministic Random Number Generation Specification Entropy sources Minimum number Details of bits of entropy ENT (P) 5 bits per 8 bits Minimum entropy provided by the ENT (P) is 5 bits per 8 ring oscillator bits. Total 896 bits random data is provided by ENT (P) embedded in the Canon to Hash_DRBG for key generation, and it includes 560 MFP Security Chip bits (=896 bits x 5 bits/8 bits) entropy.
Date of Issue: 2024/8/22 If the entropy source deteriorates to the point that it can no longer guarantee the generation of a sufficient amount of entropy, the Canon MFP Security Chip transitions to an error state as the result of the Conditional Self-test shown in 11.2. To recover from the error condition, it is necessary to contact the vendor to repair the Canon MFP security chip.
The Canon MFP Security Chip has pre-operational self-test and conditional self-test functions. Table
Table 16 Self-test Test item Test method Test type Parameter Condition Firmware Firmware integrity Pre-operational public key, performed Integrity Test test uses RSA 2048- (software/firmware integrity 2048-bit automatically bit digital signature to test) RSA digital when the verify the firmware signature power is except for the boot turned on loader Boot Loader Boot Loader integrity Pre-operational CRC same as Integrity Test test using CRC (software/firmware integrity above Check(32bit) test) AES Encryption Known answer test Conditional 256-bit key same as (XTS) (Cryptographic algorithm above test) AES Decryption Known answer test Conditional 256-bit key same as (XTS) (Cryptographic algorithm above test) Hash_DRBG Known answer test Conditional None same as (instantiate/generate) (Cryptographic algorithm above test SHA-256 Known answer test Conditional None same as (Cryptographic algorithm above test) RSA signature Known answer test Conditional 2048-bit same as using 2048-bit RSA (Cryptographic algorithm RSA digital above digital signature test) signature Hash_DRBG Continuous random Conditional None performed bit generator test (Cryptographic algorithm before using test) Hash_DRBG Entropy Source Perform the Conditional None performed Test Repetition Count Test (Cryptographic algorithm automatically and Adaptive test) when the Proportion Test as power is "Start-up health turned on tests" and Conditional None performed "Continuous health (Cryptographic algorithm before seed tests" as specified in test) generation SP 800-90B. CSP Integrity Secret information Conditional CRC performed Test integrity test using (Critical functions test) when secret CRC Check (32 bits) information is read Firmware Load Firmware verification Conditional public key, performed Test with 2048-bit RSA (software/firmware load test) 2048-bit when digital signature RSA digital updating the when loading signature firmware firmware
When the power is turned on, the Canon MFP Security Chip performs pre-operational self-test
Date of Issue: 2024/8/22 automatically. It performs the firmware integrity test shown in Table 16 as the pre-operational self-test. Cryptographic algorithm tests are also conducted since the firmware integrity test uses RSA signature verification and SHA-256. In case the result of the firmware integrity test and cryptographic algorithm tests is an error, the Canon MFP Security Chip transitions to an error state immediately, and after that, no data can be written to, or read from, the storage device(s). Status of the error state can be obtained by Show status service. In order to recover from an error state, it is necessary to contact the vendor to repair the cryptographic module. On-demand pre-operational self-test can be performed by resetting the Canon MFP Security Chip.
The Canon MFP Security Chip provides cryptographic algorithm tests, Hash_DRBG continuous random bit generator test, entropy source test, CSP integrity test, and test for firmware loading as the conditional self-test shown in Table 16. The cryptographic algorithm tests are conducted at the same time as the pre-operational self-test, as described in 11.1. Hash_DRBG continuous random bit generator test is conducted every time before using the Hash_DRBG pseudo-random number generator. Entropy source tests are conducted as conditional cryptographic algorithm tests when performing start-up (i.e., as start-up health tests) and seed generation (i.e., as continuous health tests). The Canon MFP Security Chip also provides a management function of secret information as a critical function. It implements CSP integrity test shown in Table 16 as critical functions test. In CSP integrity test, each time secret information stored in the flash memory is read, the integrity of the secret information is confirmed by using 32-bit CRC. The Canon MFP Security Chip has the update firmware function and the firmware load test shown in Table 16 is performed when updating the firmware. In case the result of one of the cryptographic algorithm tests is an error, the Canon MFP Security Chip immediately transitions to an error state, and after that, no data can be written to, or read from, the storage device(s). The status of the error state can be obtained by using Show status service. In order to recover from an error state, it is necessary to contact the vender to repair the Canon MFP Security Chip. In case the transition to the error state is made as a result of the conditional self-test except the cryptographic algorithm tests and firmware load test, it is possible to recover from an error state by transitioning to non-Compliant state using “Sanitization” service. The status of the error state can be obtained by using Show status service. If the Firmware load test fails, the Canon MFP Security Chip will terminate the firmware update and continue to work with the existing firmware. The result can be obtained by using Show status service. No bypass test is implemented because the Canon MFP Security Chip does not have a bypass function.
The Canon MFP Security Chip operates in non-Compliant state when installed. In this state, the SSPs are not in the Canon MFP Security Chip and no security functions can be performed. To use the Canon MFP Security Chip in Approved mode, the CO shall perform the following. The CO first runs "Initialization operation" by the [PREPARE INSTALL] extended ATA command in non-Compliant state, and the Canon MFP Security Chip transitions to Approved mode after conducting pre-operational tests and cryptographic algorithm tests described in Section 10. Then, the CO uses the “Configure secret information” service, to set secret information to the Canon MFP Security Chip.
Date of Issue: 2024/8/22 The Canon MFP Security Chip, in its initial state, does not have default CO authentication information and default authentication ID. In the service, the CO should set both CO authentication information and authentication ID at the same time. The 32 Byte value which is written in the specified position of the setting command is set as the CO authentication information. It should not be easily guessed. Upon receiving a request for this service, the Canon MFP Security Chip writes the authentication ID and CO authentication information to flash memory, and generates the key seed for AES cryptographic key generation. The Canon MFP Security Chip specifies the key size by the [INSTALL SECRET INFO] extended ATA command in the “Configure secret information” service. “Show status” service by the [GET STATUS] extended ATA command can be used to determine the current operating mode. In response, the operator receives status information from the Canon MFP Security Chip indicating whether it is on Approved mode or non-Compliant state. The administrator shall periodically perform tamper evidence inspection of the Canon MFP Security Chip. Physical access to the contents of the module cannot be gained without removing at least one part of the coating that covers the cryptographic chip. The administrator shall inspect the coating for any signs of tampering. If the administrator discovers tamper evidence, the Canon MFP Security Chip should not be used. Although it cannot be switched, key sizes can be re-set after erasing CSPs by the [ERASE SECRET INFO] command. In this case, user data will not be migrated.
The Canon MFP Security Chip zeroizes all CSPs and switches to non-Compliant state by using the “Sanitization” service.
Provide the following private document as Administrator guidance and non-Administrator guidance. - Canon MFP Security Chip Firmware specification
The Canon MFP Security Chip does not implement functions to mitigate the impact of other types of attacks. END