All modules
CMVP Validated Module · FIPS 140-3 Security Policy

PQCryptoLib

Certificate#4800StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorPQShield LTD
Medium review priority  ·  no TCB surface named  ·  last validated 22 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date9/15/2029
CaveatInterim validation. When installed, initialized and configured as specified in Section 11.1 of the Security Policy. No assurance of the minimum strength of generated SSPs (e.g., keys)
VendorPQShield LTD
Hardware versionsN/A

Vendor resources (verify with the vendor)

Product pagehttps://pqshield.com/products/pqc-cor/
Support pagehttps://pqshield.com/products/ partial support
Documentationhttps://pqshield.com/products/certifications/
https://pqshield.com/embedded-post-quantum-cryptography-library-pqcryptolib/
AssessmentPublic product pages and a certifications page describe PQCryptoLib-Core fully; the library, SDK, and integration docs are provided under a commercial engagement / NDA rather than a public portal.

Approved Algorithms (29)

AlgorithmACVP Cert
ECDSA KeyGen (FIPS186-4)A3011
ECDSA KeyVer (FIPS186-4)A3011
ECDSA SigGen (FIPS186-4)A3011
ECDSA SigVer (FIPS186-4)A3011
Hash DRBGA3011
HMAC-SHA2-224A3011
HMAC-SHA2-256A3011
HMAC-SHA2-384A3011
HMAC-SHA2-512A3011
HMAC-SHA3-224A3011
HMAC-SHA3-256A3011
HMAC-SHA3-384A3011
HMAC-SHA3-512A3011
KAS-ECC CDH-ComponentA3011
KAS-ECC-SSC Sp800-56Ar3A3011
KDA HKDF SP800-56Cr2A3011
KDA TwoStep SP800-56Cr2A3011
KDF SP800-108A3011
SHA2-224A3011
SHA2-256A3011
SHA2-384A3011
SHA2-512A3011
SHA3-224A3011
SHA3-256A3011
SHA3-384A3011
SHA3-512A3011
SHAKE-128A3011
SHAKE-256A3011
TLS v1.3 KDFA3011

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Software/Firmware Security1
Operational Environment1
Physical SecurityN/A
Non-Invasive SecurityN/A
Sensitive Security Parameter Management1
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other AttacksN/A

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for PQCryptoLib
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>upgrade</i>"]
    C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for PQCryptoLib
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>upgrade</i><br/>src: text:keyword"]
    C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test</i><br/>src: text:keyword"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3,C5,C6 clueLow;

Security Policy, page by page

Page 1

PQCryptoLib PQShield LTD PQCryptoLib Non-Proprietary FIPS 140-3 Security Policy Document Version: v1.0.0 Date: 26 July 2024 Document Version 1.0.0 PQShield Public Material

Page 2

PQCryptoLib Table of Contents 1. 2. 2.1 2.2 2.3 2.3.1 2.3.2 2.4 2.4.1 2.5 3. 4. 4.1 4.2 4.3 5. 6. 7. 8. 9. 9.1 9.2 9.3 10. 11. 11.1 11.2 11.3 11.4 12. Document Version 1.0.0 PQShield Public Material

Page 3

PQCryptoLib 13. Document Version 1.0.0 PQShield Public Material

Page 4

PQCryptoLib List of Tables Table 7

Page 5
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services and, Authentication1
55Software/Firmware Security1
66Operational Environment1
77Physical SecurityN/A
88Non-Invasive SecurityN/A
99Sensitive Security Parameter Management1
1010Self-Tests1
1111Life-Cycle Assurance1
1212Mitigation of Other AttacksN/A
OverallOverall1

PQCryptoLib hereafter denoted the Module. The Module is a library of cryptographic primitives with a C interface offering security against quantum adversaries. PQShield is a spin-out of the University of Oxford which provides expertise in the design and implementation of quantum-resistant cryptography for software and hardware applications. The FIPS 140-3 security levels for the Module are as follows: Table 1

Page 6
Module configuration
NameOperating SystemHardware PlatformHardware VersionSoftware VersionProcessorPaa PaiFeaturesPackageIntegrity Test#
1Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)with PAA1
2Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)without PAA2
1N/A1.0.0N/Alibpqcrypto.so.1.0.0HMAC-SHA2-5121
1Debian 11 (bullseye)Dell PowerEdge 7401
2Ubuntu 22.04 LTSDell PowerEdge 7402
Module configuration
NameOperating SystemHardware PlatformHardware VersionSoftware VersionProcessorPaa PaiFeaturesPackageIntegrity Test#
1Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)with PAA1
2Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)without PAA2
1N/A1.0.0N/Alibpqcrypto.so.1.0.0HMAC-SHA2-5121
1Debian 11 (bullseye)Dell PowerEdge 7401
2Ubuntu 22.04 LTSDell PowerEdge 7402
Module configuration
NameOperating SystemHardware PlatformHardware VersionSoftware VersionProcessorPaa PaiFeaturesPackageIntegrity Test#
1Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)with PAA1
2Ubuntu 20.04 LTSDell PowerEdge 740Intel® Xeon® Platinum 8276 CPU (SkyLake)without PAA2
1N/A1.0.0N/Alibpqcrypto.so.1.0.0HMAC-SHA2-5121
1Debian 11 (bullseye)Dell PowerEdge 7401
2Ubuntu 22.04 LTSDell PowerEdge 7402

PQCryptoLib 2. Cryptographic Module Specification The Module is classified as a software cryptographic module. It is a software library of cryptographic primitives with unified and easy to use API. The Module is intended for use by US Federal agencies or other markets that require FIPS 140-3 validated general purpose cryptographic library running on GPC. 2.1 Operational Environment A. Software module PQCryptoLib cryptographic module is tested on the following operational environment. Table 2

Page 7

PQCryptoLib 2.2 Cryptographic Boundary The Module is a software library providing cryptographic services through application program interface (API) for use by Applications running in the user space of underlying operating system. The Module’s embodiment is defined as multi-chip standalone. The Figure 1 shows the cryptographic boundary of the Module, its interfaces with the tested operational environment’s physical perimeter (TOEPP) and flow of information between the Module and operator (a calling function of an Application using services of the Module). The software library is called libpqcrypto.so.1.0.0 (software version 1.0.0) that is intended to link with the Application. The Module can run in a multi- threaded environment, it requires POSIX thread library (pthread). The Module may call the CPU directly, that is done by performance optimized functions and to get entropy from the CPU. The module performs no communications other than with the calling application, tested operational environment and the CPU. Figure 1 - Module Block Diagram: Logical relationship of the Module to the other hardware and software components of the GPC. Document Version 1.0.0 PQShield Public Material

Figure 1 - Module Block Diagram
Figure 1 - Module Block Diagram
Page 8
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
CVL: TLS [IG 2.4.B]1)A3011TLS v1.3 KDF, DHE and PSK-DHE running modesSHA2-(256, 384)Key derivation
ECDSA [186]A3011Key pair generationCurve: P-256, Security strength of 128-bitsAsymmetric Key Generation
ECDSA [186]A3011Public key verificationCurve: P-256, Security strength of 128-bitsPublic Key Verification
ECDSA [186] 3)A3011Signature generation Hash Algorithm: SHA2- 256Curve: P-256, Security strength of 128-bitsSignature generation
ECDSA [186] 3)A3011Signature verification Hash Algorithm: SHA2- 256Curve: P-256, Security strength of 128-bitsSignature verification
Hash_DRBG [90A]2)A3011Hash_DRBG [90A]Security strength of 256 bitsDeterministic random bit generation
HMAC [198]4)A3011SHA2-(224,256,384,512) SHA3-(224,256,384,512)Security Strength of 192, 256 bitsMessage authentication
KAS-ECC CDH- Component [56Ar3]A3011CDH-ComponentCurve: P-256, Security strength of 128-bitsShared secret computation
KAS-ECC-SSC [56Ar3] 5) 6)A3011Ephemeral UnifiedCurve: P-256, Security strength of 128-bitsKey generation, Shared secret computation
KDA HKDF [56Cr2]A3011SP 800-56Cr2 Section 5 HKDF [RFC5869] key derivationKey sizes between 224 and 65336 (multiples of 8 bits)Key based key derivation. Used by TLSv1.3 KDF
KDA Two-Step [56Cr2]A3011SP 800-56Cr2 Section 5 Two-step key derivation using KDF mode Feed- backKey sizes between 224 and 65336 (multiples of 8 bits)Key based key derivation.
KDF SP800- 108 [108]A3011KDF SP800HMAC SHA2 and SHA3 using 224, 256, 384 and 512 bitsKey based key derivation
SHA2 [180]A3011SHA2- (224,256,384,512)Security strength of 112, 128, 192, 256 bits Message Length: 0- 65536Message digest generation
SHA3 [202]A3011SHA3- (224,256,384,512)Security strength of 112, 128, 192, 256 bits Message Length: 0- 65536 Large Message Sizes: 1GBMessage digest generation
SHAKE [202]A3011SHAKE-(128,256)Max security strength either 128 or 256 bitsVariable size digest generation

PQCryptoLib 2.3 The Module supports Approved mode of operation only. The Module does not support degraded mode and operates only in normal mode.

2.3.1 Configuration of the Approved Mode of Operation

The Approved mode of operation is configured after the CO loads the module into memory, all self-tests are completed successfully, and only Approved algorithms are invoked. See Table 5 below for the list of approved algorithms.

2.3.2 Configuration of the Non-Approved Modes of Operation

Non-approved mode of operation is not supported. 2.4 Security Functions The Module implements the Approved and Non-Approved but Allowed cryptographic functions listed in the tables below. Table 5 - Approved Algorithms 2.4.B]1) 3) 3) Document Version 1.0.0 PQShield Public Material

Page 9

PQCryptoLib

  1. No parts of this protocol, other than TLS v1.3 KDF, have been tested by the CAVP and CMVP.
  2. Hash_DRBG is instantiated through the API. The security strength for random bit generation assumes that the random bit generator has been provided with at least 256-bits of entropy.
  3. ECDSA always uses SHA2-256 for hashing the input message
  4. Truncated HMAC is CAVP-validated, but not used by the Module
  5. ECDH implements ECC CDH primitive from [56Ar3] by using curve P-256. No KDF is applied on the output.
  6. If run as a recipient, implementation performs partial public key validation compatible with an algorithm specified in [56Ar3], section 5.6.2.3.4. Document Version 1.0.0 PQShield Public Material – May be reproduced only in its original entirety (without revision).
Page 10
Approved algorithm
NamePropertiesReferenceOE
CKG[133] Sections 4 and 5.1 Asymmetric signature key generation using unmodified DRBG output[133]Hardware Platform: Dell PowerEdge R740 Operating System: Ubuntu (version 20.04 LTS) Processor: Intel Xeon Platinum 8276
[133] Sections 4 and 5.2 Asymmetric key establishment key generation using unmodified DRBG output[133] Sections 4 and 5.2 Asymmetric key establishment key generation using unmodified DRBG output[133]Hardware Platform: Dell PowerEdge R740 Operating System: Ubuntu (version 20.04 LTS) Processor: Intel Xeon Platinum 8276
[133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output[133] Sections 4 and 6.1 Direct symmetric key generation using unmodified DRBG output[133]Hardware Platform: Dell PowerEdge R740 Operating System: Ubuntu (version 20.04 LTS) Processor: Intel Xeon Platinum 8276
[133] Section 6.2.1 Derivation of symmetric keys from a key agreement shared secret[133] Section 6.2.1 Derivation of symmetric keys from a key agreement shared secret[133]Hardware Platform: Dell PowerEdge R740 Operating System: Ubuntu (version 20.04 LTS) Processor: Intel Xeon Platinum 8276
[133] Section 6.2.2 Derivation of symmetric keys from a pre-shared key[133] Section 6.2.2 Derivation of symmetric keys from a pre-shared key[133]Hardware Platform: Dell PowerEdge R740 Operating System: Ubuntu (version 20.04 LTS) Processor: Intel Xeon Platinum 8276

PQCryptoLib Table 6

Page 11
Approved algorithm
NameUse FunctionUse / Function
Kyber KEMNo security claimedNon-Approved cryptographic algorithm implementing non- security relevant service. This algorithm is meant to be used between two parties as a method to establish “auxiliary shared secret T” which is used for “hybrid” shared secret Z’ as mentioned in [56Cr2, section 2]. The value Z’ can only be used in the extraction step of the Two- Step Key Derivation process described in [56Cr2, section 5]. Internally, this step is implemented as HKDF-extract function as defined by [RFC5869]. Vendor claims no security over input values consumed by the algorithm and output values generated by the algorithm including value T. The algorithm uses Hash_DRBG for generating random byte strings. It also uses SHA3-{256,512} and SHAKE-{128,256} internally. The algorithm is not intended to be used as a security function and is not used internally by the Module. It must be accessed over API functions that are distinct from APIs used to access approved algorithms.
Service
NameDescriptionApproved FunctionsTypePropertiesAlgorithm Properties
CKGSections 4 and 6.1 Direct symmetric key generation using unmodified DRBG outputDRBGCryptographic Key Generation[133]Hash_DRBG
KAS1Pair-wise Key- Establishment Schemes using Discrete Logarithm ECC Diffie-Hellman with TLS 1.3 KDFSHS DRBG KAS-SSC TLS 1.3 KDFKASKAS (KAS-SSC Cert. #A3011, CVL Cert. #A3011; SSP establishment methodology provides 128 bits of encryption strength), [56Ar3]1, [IG] 2.4.B, [IG] D.FSHA2-256 SHA2-384 P-256 Curve Hash_DRBG
KAS2Pair-wise Key- Establishment Schemes using Discrete Logarithm ECC Diffie- Hellman with KDA HKDFHMAC SHA3 SHS KDA HKDFKASKAS (KAS-SSC Cert. #A3011, KDA Cert. #A3011; SSP establishment methodology provides 128 bits of encryption strength), [56Ar3]2, [56Cr2], [198], [IG] D.F, [IG] D.B, [133], [IG] C.CP-256 Curve Hash_DRBG HMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
KAS3Pair-wise Key- Establishment Schemes using Discrete Logarithm ECC Diffie- Hellman with KDA TwoStepHMAC SHA3 SHS KDA TwoStepKASKAS (KAS-SSC Cert. #A3011, KDA Cert. #A3011; SSP establishment methodology provides 128 bits of encryption strength), [56Ar3]3, [56Cr2], [198], [IG] D.F, [IG] D.B, [133], [IG] C.CP-256 Curve Hash_DRBG HMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
KDA1Key Derivation AlgorithmHMAC SHA3 SHS KDA HKDFHKDF[56Cr2] [198], [IG] C.CHMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
KDA2Key Derivation AlgorithmHMAC SHA3 SHS KDA TwoStepTwoStep[56Cr2] [198], [IG] C.CHMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
KDF1Key Derivation using TLS 1.3 KDFSHS TLS 1.3 KDFKey Derivation Function TLS 1.3 KDF[IG] 2.4.B [IG] D.F [180]SHA2-256 SHA2- 384
KDF2Key Based Key Derivation Function using Feedback methodHMAC SHA3 SHSKDF [108][108] [198] [IG] C.CKDF [108] – Feedback HMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
KeyGenECDSA Key GenerationECDSA DRBGKey generation[186] [133]Hash_DRBG P- 256 Curve
KeyVerECDSA Public Key VerificationECDSAPublic Key Verification[186]P-256 Curve
MACKeyed-Hash Message Authentication CodeHMAC SHS SHA3Message Authentication[198] [IG] C.B, [IG] C.CHMAC SHA2-224 HMAC SHA2-256 HMAC SHA2-384 HMAC SHA2-512 HMAC SHA3-224 HMAC SHA3-256 HMAC SHA3-384 HMAC SHA3-512
HashSecure Hash Standard Permutation-Based Hash and Extendable- Output FunctionsSHS SHA3Message Digest[180] [202] [IG] C.B [IG] C.CSHA2-224 SHA2- 256 SHA2-384 SHA2-512 SHA3- 224 SHA3-256 SHA3-384 SHA3- 512 SHAKE-128 SHAKE- 256
RNGRandom Number GenerationDRBGDeterministic Random Bit Generators[90A] [IG] D.L [IG] D.RHash_DRBG
Shared Secret Establis hment1Shared Secret Establishment Pair- wise Key- Establishment Scheme using Discrete Logarithm - ECC Diffie-HellmanKAS ECC CDH DRBGKAS ECC CDH- Component[56Ar3] [IG] D.F [IG] D.A [IG] D.B [133]Hash_DRBG P- 256 Curve
Shared Secret Establis hment2Shared Secret Establishment Pair- wise Key- Establishment Scheme using Discrete Logarithm - ECC Diffie-HellmanDRBG KAS- SSCKAS ECC -SSC[56Ar3] [IG] D.F [IG] D.B [133]P-256 Curve Hash_DRBG
SigGenDigital Signature Generation using ECDSAECDSA DRBG SHSSignature generation[186] [133]Hash_DRBG P- 256 Curve SHA2- 256
SigVerDigital Signature Verification using ECDSASHSSignature verification[186]P-256 Curve SHA2- 256

PQCryptoLib NOTE: The module does not implement any Non-Approved Algorithms Not Allowed in the Approved Mode of Operation. Table 8 - Security Function Implementations Document Version 1.0.0 PQShield Public Material

Page 12

PQCryptoLib C.C Document Version 1.0.0 PQShield Public Material

Page 13

PQCryptoLib C.C Document Version 1.0.0 PQShield Public Material

Page 14

PQCryptoLib Document Version 1.0.0 PQShield Public Material

Page 15

PQCryptoLib Establishment Pairwise KeyEstablishment Establishment Pairwise KeyEstablishment DRBG KASSSC Per [IG] D.F Scenario 2 path (2), [56Ar3] compliant key agreement scheme where testing is performed separately for the shared secret computation and a KDF compliant with [135] without key confirmation. Per [IG] D.F Scenario 2 path (2), [56Ar3] compliant key agreement scheme where testing is performed separately for the shared secret computation and a KDF compliant with KDA without key confirmation. Per [IG] D.F Scenario 2 path (2), [56Ar3] compliant key agreement scheme where testing is performed separately for the shared secret computation and a KDF compliant with KDA without key confirmation. Document Version 1.0.0 PQShield Public Material

Page 16
2.4.1 Industry Protocols

The Module supports KDF used by TLS protocol version 1.3. 2.5 Rules of Operation The Module is intended to link with the Application. To initialize the Module, the code of an application that wishes to use the Module, must include pqcl.h and fips.h header files. This allows an application to use the Module Initialization service. The Module Initialization service must be used to initialize the Module. The Module is initialized after the Module Initialization service returns with success. The Module Initialization service automatically detects and enables PAA if available. After the Module is initialized, the PAA can be disabled by calling the Disable PAA service. This service can be called only after successful initialization of the Module. The Module Initialization service runs pre-operational and conditional self-tests and the Disable PAA service runs conditional self-tests. The Zeroize service zeroizes the state of internal DRBGs. It must be explicitly called by the CO before the Module is unloaded from the application using it. In addition, the CO can zeroize individual SSPs as described in Section 9.4. Overall Security Design

Page 17
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData inAPI input parameters that specify plaintext data; ciphertext or signed data; cryptographic keys, initialization vectors; kernel I/O.
N/AN/AData outAPI output parameters that receive plaintext data, ciphertext data, digital signatures cryptographic keys and initialization vectors. API Return values.
N/AN/AControl inFunction calls and control data (e.g., algorithms, algorithm modes, or module settings). Values stored in the CPU and read by the Module during initialization phase.
N/AN/AControl Out1)N/A
N/AN/AStatus outAPI return values.
PC Power Supply PortPC Power Supply PortPowerN/A

PQCryptoLib The Module is a software-only implementation. All keys, encrypted data, and control information are exchanged through calls to library functions (logical interfaces). As a software module, it has no access to the physical ports (physical covers, manual controls, physical status indicators) and hence those ports are the same as those of the GPC it runs on. The Module’s ports and associated FIPS defined logical interface categories are listed in Table 9. Table 9

Page 18
Service
NameRolesInputOutput
Disable PAA1CONoneStatus code
Hash_DRBG operation context cleanupCOOperation context. Algorithms: Hash_DRBGOperation context with SSPs deleted
Hash_DRBG pseudorandom byte stream generationCOOperation context, output buffer, length of requested byte stream, optionally buffer with additional data. Algorithms: Hash_DRBGStream of pseudo-random bytes, status code
Hash_DRBG reseedingCOOperation context, buffers with entropy, nonce and personalization string together with sizes of those buffers, optionally buffer with additional data. Algorithms: Hash_DRBGStatus code
Hash_DRBG instantiation and seedingCOOperation context, buffers with entropy, nonce and personalization string together with sizes of those buffers. Algorithms: Hash_DRBGStatus code
HashingCOInput data, input size. Hash functions: SHA2- (224, 256, 384, 512), SHA3-(224, 256, 384, 512).Digest, status code.
KEM context cleanupCOOperation context. Algorithms: Kyber (non- approved)Operation context with SSPs deleted
KEM decapsulationCOOperation context with KEM private key, ciphertext with byte length. Algorithms used: Kyber (non-approved)Shared secret, status code.
KEM encapsulationCOOperation context with KEM public key. Algorithms used: Kyber (non-approved)Shared secret with byte length, ciphertext with byte length, status code
KEM key-pair exportCOOperation context, memory buffers to store public and/or private key. Algorithms: Kyber (non-approved)Public and/or private key stored in memory buffer, status code.
KEM key-pair generationCOOperation context. Algorithms: Kyber (non- approved)Key-pair stored in operation context. Status code.
KEM key-pair importCOOperation context, public key and/or private key in plaintext. Algorithms: Kyber (non- approved)Key-pair stored in operation context, Status code.
Key agreementCOOperation context, peers public key with byte length. Algorithms. ECDH (curve P256).Shared secret stored in a memory buffer, status code
Key agreement key- pair cleanupCOOperation context. Algorithms: ECDH (curve P-256).Operation context with SSPs deleted
Key agreement key- pair exportCOOperation context, memory buffers to store public and/or private key. Algorithms: ECDH (curve P-256).Public and/or private key stored in memory buffer, status code.
Key agreement key- pair generationCOOperation context. Algorithms: ECDH (curve P-256)Key-pair stored in operation context. Status code.
Key agreement key- pair importCOOperation context, public key and/or private key in plaintext. Algorithms: ECDH (curve P- 256).Key-pair stored in operation context, Status code.
Key derivationCOOperation context, key derivation key, salt, shared secret established by approved and auxiliary shared secret (56Cr2), algorithm ID, optional context binding value. Algorithms used: HKDFDerived key, status code.
Key expansion in two-step key derivationCOOperation context, key-derivation key and its size, info label and its size. Algorithms used: KDF [108]Derived key, status code.
Keyed hash context cleanupCOOperation context. Algorithms: HMACOperation context with SSPs deleted
Keyed hash key importCOOperation context, buffer containing key and its size. Key sizes: 112-bits or more (multiple of 8 bits). Algorithms: HMACStatus code
Keyed hash signingCOOperation context, input data, input size, buffer storing output and output size. Algorithms: HMACAn authentication tag, status code
Keyed hash verificationCOOperation context, input data, input size. Algorithms: HMACStatus code
Module initialization 2)CONoneStatus code
Name enquiryCOPointer to the bufferText "pqcryptolib"
Random number generationCOEntropy, output size, additional input. Algorithms used: Hash_DRBG.Stream of randomly generated bytes. Security strength of 256-bits.
Randomness extractionCOOperation context, shared secret established by approved key agreement method (56Cr2) and its size, salt value and its size. Algorithms used: HKDFKey-derivation key, status code
Randomness extraction with auxiliary shared secretCOOperation context, shared secret established by approved key agreement method (56Cr2) and its size, salt value and its size, auxiliary shared secret and its size. Algorithms used: HKDFKey-derivation key, status code
Signature generationCOOperation context, message to sign with byte length, memory buffer. Algorithms: ECDSA (curve P-256)Signature stored in the memory buffer. Status code
Signature verificationCOOperation context, message to verify with byte length. Algorithms: ECDSA (curve P-256)Operation context with SSPs deleted
Signing key-pair cleanupCOOperation context. Algorithms: ECDSA (curve P-256).Operation context with SSPs deleted
Signing key-pair exportCOOperation context, memory buffers to store public and/or private key. Algorithms: ECDSA (curve P-256).Public and/or private key stored in memory buffer. Status code.
Signing key-pair generationCOOperation context. Algorithms: ECDSA (curve P-256)Key-pair stored in operation context. Status code.
Signing key-pair importCOOperation context, public key and/or private key in plaintext. Algorithms: ECDSA (curve P- 256).Key-pair stored in operation context. Status code.
Status enquiryCONoneCurrent state of the module
Symmetric key generationCOBuffer requested key size in bits. Algorithms: Hash_DRBGSymmetric key, status code
TLS v1.3 KDFCOOperation context, key derivation key and its size, shared secret and authentication messages as defined by RFC8446, optionally pre-shared key and its sizeStatus code and all traffic and handshake keys resulting from TLS v1.3 key derivation
Version enquiryCOPointer to the bufferText "1.0.0"
XOFCOOutput size. Algorithms: SHAKE-128, SHAKE- 256Output generated by XOF.
ZeroizeCONoneNone

PQCryptoLib 4. Roles, Services and Authentication 4.1 Assumption of Roles and Related Services The Module implements a single instance of one authorized role: Crypto Officer (CO). The role is implicitly assumed by the entity accessing services implemented by the module and is authorized to access all services provided by the module. Only one concurrent user is allowed, namely, a CO is considered the owner of executing thread. The Module does not support a maintenance role or bypass capability. Table 10 lists all operator roles supported by the Module and their related services. Table 10

Page 19

2) Document Version 1.0.0 PQShield Public Material

Page 20

PQCryptoLib Document Version 1.0.0 PQShield Public Material

Page 21
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicator
Disable PAASwitch off PAACON/AN/AN/AN/A
Hash_DRBG operation context cleanupZeroize Hash_DRBG SSPsCODRBG-SHash_DRBGZDSI
Hash_DRBG pseudorandom byte stream generationGenerate pseudo random byte strings and keysCODRBG-SHash_DRBGERWDSI
Hash_DRBG reseedingSeed Hash_DRBG instance with externally supplied entropyCODRBG-EI, DRBG-N, DRBG-S, DRBG-SEEDHash_DRBGW, R, R, GWDSI
Hash_DRBG instantiation and seedingSeed Hash_DRBG instance with externally supplied entropyCODRBG-EI, DRBG-N, DRBG-S, DRBG-SEEDHash_DRBGW, R, R, GWDSI
HashingCalculate a message digestCON/ASHA2- (224,256,384,512) SHA3- (224,256,384,512)N/AHSI
Key agreementCalculate shared secret key from private and public keysCOECDH-PRV, ECDH-PUB, ECDH-K-ZECDHER, ER, GWXSI
Key agreement key-pair cleanupZeroize SSPsCOECDH-PRV, ECDH-PUBECDHZ, ZXSI
Key agreement key-pair exportExport a public and/or private ECDH key(s)COECDH-PRV, ECDH-PUBECDHR, RXSI
Key agreement key-pair generationGenerate a key-pair for key agreementCOECDH-PRV, ECDH-PUBECDHEGW, GW,XSI
Key agreement key-pair importImport a public and/or private ECDH key(s)COECDH-PRV, ECDH-PUBECDHW, WXSI
Key derivationSymmetric key derivation from shared secret keyCOHKDF-K, HKDF-KDKKDA-HKDF SHA2- (224,256,384,512) SHA3- (224,256,384,512) , CKGER, EGWZKSI
Key expansion in two-step key derivationPRF-based key- derivation function [108]COHKDF-KDKKDA-HKDF, KDF- SP800-108 SHA2- (224,256,38 4,512) SHA3- (224,256,38 4,512), CKGREKSI
Keyed hash context cleanupZeroize HMAC SSPsCOHMAC-KSHA2- (224,256,384,512) SHA3- (224,256,384,512)ZMSI
Keyed hash key importImport a HMAC symmetric key into operation contextCOHMAC-KHMAC, SHA2- (224,256,384,512), SHA3- (224,256,384,512)ERMSI
Keyed hash signingCalculate an authentication tag on dataCOHMAC-KHMAC, SHA2- (224,256,384,512) , SHA3- (224,256,384,512)ERMSI
Keyed hash verificationValidate an authentication tag on dataCOHMAC-KHMAC, SHA2- (224,256,384,512), SHA3- (224,256,384,512)ERMSI
Module initializationInitializes internal structure of the ModuleCODRBG-EI, DRBG-SEED, DRBG-S, DRBG-NHash_DRBG HMACRE, WE, W, WN/A
Name enquiryReturns name of the ModuleCON/AN/AN/AN/A
Random number generationGenerate random byte strings and keys from the Module’s internal instance of Hash_DRBGCODRBG-SHash_DRBGERWRSI
Randomness extractionThe randomness extraction step in two- step key derivation procedure as specified by [56Cr2]COHKDF-K, HKDF-KDKKDA-HKDF SHA2- (224,256,384,512) SHA3- (224,256,384,512)ER, GWKSI
Randomness extraction with auxiliary shared secretThe randomness extraction step in two- step key derivation procedure with auxiliary shared secret T as specified by [56Cr2]COHKDF-K, HKDF-KDKKDA-HKDF SHA2- (224,256,384,512) SHA3- (224,256,384,512)ER, GWKSI
Signature generationCalculate digital signature using a private keyCOECDSA-PRVSHA2-(256), ECDSARESSI
Signature verificationVerify digital signature using a public keyCOECDSA-PUBSHA2-(256), ECDSARESSI
Signing key- pair cleanupZeroize SSPs and deletes operation contextCOECDSA-PRV, ECDSA-PUBECDSAZ, ZSSI
Signing key- pair exportExport a public and/or private ECDSA key(s)COECDSA-PRV, ECDSA-PUBECDSAR, RSSI
Signing key- pair generationGenerate a key-pair for signing and verificationCOECDSA-PRV, ECDSA-PUBECDSAEGW, GWSSI
Signing key- pair importImport a public and/or private asymmetric key into operation contextCOECDSA-PRV, ECDSA-PUBECDSAW, WSSI
Status enquiryReturns state of the ModuleCON/AN/AN/AN/A
Symmetric key generationGenerates symmetric key of size between 112 and 256 bits, multiple of 8.COHMAC-KHash_DRBG, CKGGWDSI
TLS v1.3 KDFExpands key- derivation- key into secret key as specified by the RFC8446COECDH-K-Z, TLS-PSK, TLS-ES, TLS-HS, TLS-MS, TLS-EBK, TLS-RBK, TLS-CETS, TLS-EEMS, TLS-CHTS, TLS-SHTS, TLS-CATS, TLS-SATS, TLS-EMS, TLS-RMS, TLS-ZEROTLS KDF, CKGER, ER, GW, GW, GW, GW, GW, GW, GW, GW, GW, GW, GW, GW, GW, ERTSI
Version enquiryReturns version of the ModuleCON/AN/AN/AN/A
XOFCalculate output from XOFCON/ASHAKE-(128, 256)N/AHSI
ZeroizeDestroys internal state of Hash_DRBGCODRBG-SHash_DRBGZZSI

PQCryptoLib

  1. Ensures PAA is disabled and runs set of self-tests.
  2. Initializes internal structures, enables PAA if available. It runs integrity checks, critical function testing and set of self-tests. 4.2 Authentication Methods The Module does not support authentication. 4.3 Services All security services implemented by the Module are listed in Table 11 and Table 12 below. The SSPs modes of access are defined as: • G = Generate: The Module generates or derives the SSP. • R = Read: The SSP is read from the Module (e.g. the SSP is output). • W = Write: The SSP is updated, imported, or written to the Module. • E = Execute: The Module uses the SSP in performing a cryptographic operation. • Z = Zeroize: The Module zeroizes the SSP The “Indicator” column describes security service indicator (described in [IG] 2.4.C) used by the service. All the indicators are defined below in Table
  3. Table 11 – Approved Services N/A N/A N/A N/A Z W, R, R, W, R, R, Document Version 1.0.0 PQShield Public Material – May be reproduced only in its original entirety (without revision).
Page 22

PQCryptoLib N/A N/A Z, Z R, R W, W Document Version 1.0.0 PQShield Public Material

Page 23

PQCryptoLib Z W, W N/A N/A N/A N/A N/A Document Version 1.0.0 PQShield Public Material

Page 24

PQCryptoLib Z, Z R, R W, W N/A N/A N/A N/A Document Version 1.0.0 PQShield Public Material

Page 25

PQCryptoLib N/A N/A N/A N/A N/A N/A Z The following table contains non-approved, allowed services running in approved mode of operation. All those services implement Key Encapsulation Mechanism but are non-security relevant. Namely we do not declare any security on the keys generated by those algorithms. Document Version 1.0.0 PQShield Public Material

Page 26
Service
NameDescriptionRolesApproved FunctionsIndicator
KEM context cleanupNon-security relevant serviceCONoneESI
KEM decapsulationNon-security relevant serviceCOSHA3-{256,512}, SHAKE-{128, 256}, KyberESI
KEM encapsulationNon-security relevant serviceCOHash_DRBG, SHA3- {256,512}, SHAKE- {128, 256}, KyberESI
KEM key-pair exportNon-security relevant serviceCOKyberESI
KEM key-pair generationNon-security relevant serviceCOHash_DRBG, SHA3- {256,512}, SHAKE- {128, 256}, KyberESI
KEM key-pair importNon-security relevant serviceCOKyberESI

PQCryptoLib Table 12 – Non-Approved Services

  1. Software/Firmware Security The Module is composed of the software component delivered as a library (dynamic loadable shared object library) in a binary form. The software component is protected with the HMAC-SHA2-512 integrity testing technique described in Table
  2. The integrity tests are always performed upon module initialization phase (described in §2.5) and can be performed on demand by power cycling the Module. In case the integrity test fails, the library is moved into ERROR state and the Module needs to be unloaded from the memory of the Application that uses the Module. The method used for integrity testing is detailed in Table
  3. Document Version 1.0.0 PQShield Public Material – May be reproduced only in its original entirety (without revision).
Page 27

PQCryptoLib 6. Operational Environment The Module operates under a modifiable operational environment as per the FIPS 140-3 definitions. The tested operational environment is listed in Table 2 above. In addition, PQShield claims that the Module can be ported on the operational environment listed in Table 4; no statement is made regarding the correct operation of the Module on the Vendor Affirmed Operational Environments. The Module runs on a GPC running one of the tested operational environments. Each tested operational environment manages processes in a logically separated manner, each process is assigned a private memory space, access to that space is restricted to the process running the Module and trusted parts of the operational environment. Process private memory space is used to store CSPs and SSPs. The CO role is considered the owner of the calling application that instantiates the module. Document Version 1.0.0 PQShield Public Material

Page 28

PQCryptoLib

  1. Physical Security Physical security is not applicable to software-only modules.
  2. Non-Invasive Security The Module does not implement any mitigation method against non-invasive attack.
  3. Sensitive Security Parameter (SSP) Management The SSPs generation column shown in Table 13 are defined as: • G1 = FIPS 186-4 compliant ECDSA key generation by testing candidate methods described in [186], subsection B.4.2. • G2 = Symmetric key generated by internal CAVP validated Hash_DRBG • G3 = Generated by the entropy source • G4 = Derived from internal state of Hash_DRBG • G5 = Generated by Hash_df hash derivation function of Hash_DRBG • G6 = KDK generated in two-step key derivation with HMAC used as PRF [56Cr2] • G7 = DKM generated by TLS v1.3 KDF [RFC8446] • G8 = Counter initialized to 0 and incremented during execution of an algorithm • G9 = Value modified during initialization and execution of the module The SSPs establishment column shown in Table 13 are defined as: • A1 = SP800-56A rev3 compliant ECDH key agreement (128 bit) • A2 = Derived using SP 800-108 compliant KDF The SSPs storage column shown in Table 13 are defined as: • S1 = Only stored in volatile memory (RAM) in plaintext • S2 = Publicly known value stored within the module code, validated by integrity check The SSPs import/export column shown in Table 13 are defined as: • E1 = Input in plaintext by the calling application • E2 = Public key output in plaintext • E3 = Secret key output in plaintext The SSPs zeroization column shown in Table 13 are defined as: • Z1 = Zeroized by Module power cycle or hard reset. • Z2 = Zeroized by the internal zeroization function by overwriting with a fixed pattern, that is octetstring filled with 0. • Z3 = Overwriting by new working state of Hash_DRBG during reseeding process Document Version 1.0.0 PQShield Public Material – May be reproduced only in its original entirety (without revision).
Page 29
Approved algorithm
NameKey SizeUse Function
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u F.t r e Cr e b m u Nn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a z io r e Ze s Us y e k d e t a le R
DRBG-S, DRBG-N256Hash_DRBG [90A] entropy inputDRBG-EIG3E1N/AS1Z1 Z2N/A
DRBG-EI DRBG-N DRBG-S256Hash_DRBG [90A] initialization and reseedingDRBG- SEEDG5N/AN/AS1Z1 Z2 Z3DRBG (#A3011)
DRBG-EI DRBG-SEED256Hash_DRBG [90A] working state (values V and C) derived from the seedDRBG-SG4N/AN/AS1Z1 Z2DRBG (#A3011)
DRBG-EI DRBG-SEED256Hash_DRBG [90A] nonceDRBG-NG3E1N/AS1Z1 Z2DRBG (#A3011)
ECDSA-PRV128DRBG additional input. When used for ECDSA signature generation, the input is a ECDSA secret key.DRBG-AIN/AE3N/AS1Z1 Z2DRBG (#A3011)
DRBG-SBetween 128 and 256. Multiple of 8 bitsHMAC [198] authentication key and OPAD valueHMAC-KG2E1N/AS1Z1 Z2HMAC (#A3011)
DRBG-SBetween 224 and 65536. Multiple of 8 bitsKDA-HKDF secret keyHKDF-KG2E1A1S1Z1 Z2KDA-HKDF, Two-Step (#A3011)
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u F.t r e Cr e b m u Nn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a z io r e Ze s Us y e k d e t a le R
HMAC-K ECDH-K- PRV HKDF-CNTBetween 8 and 4096. Multiple of 8 bitsKey-derivation key resulting from the randomness- extraction step that is used in the key- expansion step during the execution of the key- derivation procedure specified in the [56Cr2] and/or [108]HKDF- KDKN/AE3A2S1Z1 Z2KDA-{HKDF, Two-Step} (#A3011)
DRBG-S DRBG-N DRBG-AI128ECDSA signature generation key (P-256)ECDSA- PRVG1E1 E3N/AS1Z1 Z2ECDSA (#A3011)
DRBG-S DRBG-N ECC-PAR128ECDH key agreement private key (P- 256)ECDH- PRVG1E1 E3N/AS1Z1 Z2EC Diffie Hellman Shared Secret Computation (#A3011)
ECDH-K- PRV ECC-PAR128ECDH shared secret (P-256) used to derive session encryption keyECDH-K- ZN/AE1 E3A1S1Z1 Z2EC Diffie Hellman Shared Secret Computation (#A3011)
TLS-RMSBetween 112 and 256. Multiple of 8 bitsA TLS v1.3 pre- shared key, established externally or derived from TLS-RMS.TLS-PSKG6E1N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-PSK ECDH-K-Z256 or 384 bitsTLS v1.3 early secretTLS-ESG6N/AN/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-PSK ECDH-K-Z256 or 384 bitsTLS v1.3 handshake secretTLS-HSG6N/AN/AS1Z1 Z2TLS v1.3 KDF (#A3011)
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u F.t r e Cr e b m u Nn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a z io r e Ze s Us y e k d e t a le R
TLS-PSK ECDH-K-Z256 or 384 bitsTLS v1.3 master secretTLS-MSG6N/AN/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-ES128TLS v1.3 binder secret for external PSKsTLS-EBKG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-ES128TLS v1.3 binder key for resumption PSKsTLS-RBKG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-ES128TLS v1.3 early traffic secretTLS- CETSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-ES128TLS v1.3 early master secretTLS- EEMSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-HS128TLS v1.3 client handshake traffic secretTLS- CHTSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-HS128TLS v1.3 server handshake traffic secretTLS- SHTSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-MS128TLS v1.3 client application traffic secretTLS- CATSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-MS128TLS v1.3 server application traffic secretTLS- SATSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-MS128TLS v1.3 exporter master secretTLS-EMSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
TLS-MS128TLS v1.3 resumption master secretTLS- RMSG7E3N/AS1Z1 Z2TLS v1.3 KDF (#A3011)
N/AN/AGlobal state of the cryptographic moduleGLOBG9N/AN/AS1Z1N/A
P S S / y e KP S S / y e Ke p y T / e m a Nh t g n e r t Sy t ir u c e Sd n a n o it c n u F.t r e Cr e b m u Nn o it a r e n e Gt r o p x E / t r o p m It n e m h s ilb a t s Ee g a r o t Sn o it a z io r e Ze s Us y e k d e t a le R
HKDF-KDKN/ACounter used by KDF in feedback mode [108]HKDF- CNTG8N/AN/AS1Z1 Z2KDA-{HKDF, Two-Step} (#A3011)
ECDSA-PUB ECDH-PUB ECDSA-PRV ECDH-PRVN/AECC domain parametersECC-PARN/AN/AN/AS2Z1ECDSA and EC Diffie Hellman Shared Secret Computation (#A3011)
ECDSA-PRV ECC-PAR128ECDSA signature verification key (P-256)ECDSA- PUBG1E1, E2N/AS1Z1 Z2ECDSA (#A3011)
ECDH-PRV ECC-PAR128ECDH key agreement public key (P- 256)ECDH- PUBG1E1, E2N/AS1Z1 Z2EC Diffie Hellman Shared Secret Computation (#A3011)
All TLS-* SSPs, except TLS- PSKN/AInternal value used by TLS v1.3 KDF in case PSK is not provided. 48-byte long buffer filled with 0.TLS-ZEROG9N/AN/AS1Z1TLS v1.3 KDF (#A3011)

PQCryptoLib 9.1 Sensitive Security Parameters (SSP) All SSPs used by the Module are described in this section. All usage of these SSPs by the Module is described in the services detailed in 4.3. N/A N/A DRBGSEED N/A N/A N/A N/A N/A N/A N/A N/A Document Version 1.0.0 PQShield Public Material

Page 30

HKDFKDK ECDSAPRV ECDHPRV ECDH-KZ N/A N/A N/A N/A N/A N/A N/A N/A randomnessextraction step the keyderivation Document Version 1.0.0 PQShield Public Material

Page 31

N/A N/A Related keys N/A Use Storage Zeroization Establishment Security Function and Cert. Number Import/Export Generation Strength Key/SSP Name/Type PQCryptoLib N/A N/A N/A TLSCHTS N/A TLSCATS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document Version 1.0.0 PQShield Public Material

Page 32

N/A N/A ECDSAPUB ECDHPUB 9.2 N/A N/A N/A N/A Related keys Use N/A Zeroization N/A N/A Storage Establishment Generation Import/Export Security Function and Cert. Number Strength Key/SSP Name/Type PQCryptoLib 0. except TLSPSK DRBG Entropy Source The RNG module leverages two different entropy sources, one provided by the CPU and the other provided by operational environment. The RDSEED is a CPU instruction, used to get entropy directly from the Intel CPU. Additionally, the Module uses the entropy from environmental noise. This is done by using getrandom system call. Returned bytes from both sources are XORd together and provided to the RNG initialization function as an entropy. In case entropy source fails to produce entropy, the RNG initialization procedure sets FSM to an ERROR state, resulting in the Module being not available for use in approved mode operation. The module conforms to FIPS 140-3 IG 9.3.A scenario 2b, thus the following caveat is applicable: No assurance of the minimum strength of generated SSPs (e.g., keys). Document Version 1.0.0 PQShield Public Material

Page 33
Entropy SourcesMinimum numberDetails
of entropy bits
RDSEED256The RDSEED is CPU instruction, that provides an access to the implementation of XOR-NRBG construction (as per [90C]). It uses AES/128-CBC-MAC conditioner (vetted conditioning component as per [90B]) and internal implementation of DRBG based on AES-CTR to produce full entropy output. RDSEED is used as the main entropy source, which provides 256 bits of entropy to seed DRBG. Construction is CAVP certified (Cert. #A1791).
getrandom()8Additional entropy source.

PQCryptoLib Table 14

Page 34
Self test
NameTest MethodTest TypeDetailsSecurityError
DRBGKATCritical function testDRBG Critical Function Tests (Instantiate, Generate and Reseed)DRBGES1
HMACSoftware integritySoftware integrity testIntegrity check of cryptographic module, using HMAC with SHA2-512 with fixed 256-bit key over various continuous segments of the Module binary image; tag compared against reference value stored in the binaryHMACES1
DRBGKATCASTUses Hash_DRBG based on SHA2-256 for 256-bit security strength. Includes instantiate, generate, generate with additional input, reseed and reseed with additional input KATs. Doesn’t include prediction resistance. Performed before the first random data generation. Self-test is performed before being used in the Integrity test.DRBGES1
ECDH Key GenerationPCTPCTECDH P-256 Key Generation Pairwise Consistency TestECDH Key GenerationES1
ECDSAKATCASTECDSA P-256 with SHA2-256 signature generation and verification. Uses 32-byte long message.ECDSAES1
ECDSA Key GenerationPCTPCTECDSA P-256 Key Generation Pairwise Consistency TestECDSA Key GenerationES1
HMACKATCASTHMAC-SHA2-512 KAT with 16-byte long key over 32-byte long message. Self-test is performed before being used in the Integrity test.HMACES1
HMACKATCASTHMAC-SHA2-512 KAT with 16-byte long key over 32-byte long message.HMACES1
KAS-SSCKATCASTECC Diffie-Hellman shared secret generation with P-256 as per [IG] D.FKAS-SSCES1
KDF [108]KATCASTKDF with HMAC-SHA2-256 is used as PRF in feedback mode with an 8-bit counter located after fixed data, an 8-byte long Label string, and a 32-byte long IV set to buffer filled with random data.KDF [108]ES1
KDA HKDFKATCASTHKDF with HMAC-SHA2-256 as an auxiliary function. An input is a 32-byte long value Z, 16- byte long salt and 52-byte long info string as described by the [56Cr2]. Output (DKM) is a 32- byte long derived key.KDA HKDFES1
KDA Two- StepKATCASTTwo-step KDF with HMAC-SHA2-384 as an auxiliary function and concatenation of shared Z and auxiliary secret T as described by the [56Cr2]. An input to the extract step is a 32-byte long value Z and a 16-byte value T. Extraction uses a 128-byte long salt filled with 0. It produces a 48-byte-long KDK. An expansion step uses feedback mode with 16-byte long IV and it does not use counter. An input to the expansion step is a KDK and info string. Info string is formatted as a concatenation of two, 16 bytes long buffers, value T, and a 4-byte long buffer containing a length of output in bits. Output (DKM) is a 32-byte long key.KDA Two- StepES1
SHA3/SHAKEKATCASTSHAKE128 using 16-byte message. Two separated self-tests with the same parameters run for AVX2 optimized and non- optimized implementation.SHA3/SHAKEES1
SHSKATCASTSHA2-256 KAT using 32-byte message.SHSES1
TLS KDF v1.3KATCASTUses random 34-byte long shared secret Z (as defined in the [56Cr2]) and ClientHello, ServerHello, client Finished and server Finished (as defined in the [TLSACVP] and [RFC8446]) – all 34 byte-long. All key schedule secrets are generated and validated against the expected value.TLS KDF v1.3ES1
ErrorDescriptionIndicator
state
ES1The Module fails a KAT or PCT self-test. The module does not perform any cryptographic functions and all data output is inhibited in the error state. The Module needs to be power cycled to clear the error.The Module enters the ERROR state and outputs status of PQCL_STATE_ERROR

PQCryptoLib The Module performs self-tests to ensure the proper operation. Per FIPS 140-3, these are categorized as either pre-operational self-tests or conditional self-tests. Pre-operational self–tests are available on demand by power cycling the Module and calling the Module Initialization service. The module uses critical functions, namely hash-based DRBG and HMAC-SHA2-512. The critical functions are tested both during pre-operational and conditional testing run. There is only one self-tests error state, and it is described in the table below: Table 15

Page 35

PQCryptoLib Table 17

Page 36

PQCryptoLib KDA TwoStep Document Version 1.0.0 PQShield Public Material

Page 37
Service IndicatorType of security service
DSIDeterministic Random Number Generation
HSIHashing
MSIMessage Authentication Code
KSIKey Derivation Function
ESIKey Encapsulation Mechanism
XSIKey Agreement
RSIRandom number generation
SSIDigital Signature
TSITLS v1.3 KDF
ZSIZeroization

PQCryptoLib The Module provides the operator dedicated query function to determine whether the current security service in use is approved. Security services implemented by the Module are grouped by type. The Module provides one query function for each type of service. Details of usage are described in the product documentation. Table 18 defines a mapping between the identifier of the service indicator (used in the tables above) and Table 18

Page 38

PQCryptoLib 11. Life-Cycle Assurance

11.1 Installation, Initialization, Startup and Operation of the Module

The Module is delivered in a form of dynamically linkable software library and the API declared in the header files. The Module is intended to be linked with the Application. The library is delivered in a tarball file, that contains linkable software library and the API declared in the header files, as well as documentation. To install the library, an operator needs to unpack the tarball to target directory of its choice. Following command should be used: mkdir -p /opt/pqshield/pqcryptolib tar xvf pqcryptolib_v1.0.0.0_amd64_linux.tar.gz \ -C /opt/pqshield/pqcryptolib An application that wishes to use the Module includes pqcl.h and fips.h header files in its source code and link the application against binary file of the Module. The Module is initialized by the Application, by calling the Module Initialization service. That function must be called and finished before any other API function of the module is used. Error code returned by the function must be checked. In case of successful initialization, the function returns PQCL_SUCCESS code and any other code returned by the function indicates initialization failure. The deinitialization of the library is done by the Application by calling the Zeroization service. The initialization process automatically detects and enables PAA if available. To disable PAA operator must call the pqcl_disable_hwa() service. The service can be called only after successful initialization of the library.

11.2 Maintenance Requirements

This software module has no specific requirements regarding maintenance. The module is disposed by deleting the binary file of the Module.

11.3 Administrator and Non-Administrator Guidance

Both Administrator and non-Administrator guidance is provided in the Users Manual, which is delivered with the Module.

11.4 End of life Procedure

When the Module is at end of life, the customers of the Module are informed via PQShield’s customer service capabilities. After the 6-month window, the access rights to the FIPS branch in a repository storing the source code of the Module are change to more restrictive, so that only administrators can access and read from the FIPS branch of the Module. This effectively makes it impossible to release new version of the Module. The Module does not possess persistent storage of SSPs. The SSP value only exists in volatile memory and that value vanishes when the Module is powered off. The secure sanitization of the Module is done by powering the Module off. The deprecation of the Module is done by upgrading it to the newer version. During upgrade process the old version of the Module is removed and replaced with a new version. Document Version 1.0.0 PQShield Public Material

Page 39

PQCryptoLib 12. Mitigation of Other Attacks The Module is not designed to mitigate against other attacks. Document Version 1.0.0 PQShield Public Material

Page 40
AbbreviationFull Specification Name
[FIPS140-3]Security Requirements for Cryptographic Modules, March 22, 2019
[ISO19790]International Standard, ISO/IEC 19790, Information technology — Security techniques — Test requirements for cryptographic modules, Third edition, March 2017
[ISO24759]International Standard, ISO/IEC 24759, Information technology — Security techniques — Test requirements for cryptographic modules, Second and Corrected version, 15 December 2015
[IG]Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program, October 7, 2022
[108]NIST Special Publication 800-108r1, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), August 2022
[133]NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, Revision 2, June 2020
[135]National Institute of Standards and Technology, Recommendation for Existing Application-Specific Key Derivation Functions, Special Publication 800-135rev1, December 2011.
[186]National Institute of Standards and Technology, Digital Signature Standard (DSS), Federal Information Processing Standards Publication 186-4, July 2013.
[198]National Institute of Standards and Technology, The Keyed-Hash Message Authentication Code (HMAC), Federal Information Processing Standards Publication 198-1, July, 2008
[180]National Institute of Standards and Technology, Secure Hash Standard, Federal Information Processing Standards Publication 180-4, August, 2015
[202]FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION, SHA3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, August 2015
[56Ar3]NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018
[56Br2]NIST Special Publication 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Finite Field Cryptography, March 2019
[56Cr2]NIST Special Publication 800-56C Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, August 2020

PQCryptoLib 13. References and Definitions The following standards are referred to in this Security Policy. Table 19

Page 41
AbbreviationFull Specification Name
[90A]National Institute of Standards and Technology, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90A, Revision 1, June 2015.
[90B]National Institute of Standards and Technology, Recommendation for the Entropy Sources Used for Random Bit Generation, Special Publication 800-90B, January 2018.
[90C]Recommendation for Random Bit Generator (RBG) Constructions (2nd Draft), Special Publication 800-90C (2nd Draft), April 2016
[RFC5869]Internet Engineering Task Force specification of “HMAC-based Extract-and-Expand Key Derivation Function” by H. Krawczyk, P. Eronen, May 2010. Citated by [56Cr2].
[TLSACVP]“ACVP TLS Key Derivation Function JSON Specification”, https://pages.nist.gov/ACVP/draft-hammett-acvp-kdf-tls-v1.3.html
[RFC8446]Internet Engineering Task Force specification of "The Transport Layer Security (TLS) Protocol Version 1.3“, https://datatracker.ietf.org/doc/html/rfc8446
AcronymDefinition
APTAdaptative Proportion Test
DKMDerived Keying Material. Output of expansion step in two-step key derivation procedure
GPCGeneral Purpose Computer
KATKnow Answer Test
KDKKey Derivation Key. Output from extraction step in two-step key derivation procedure
KEMKey Encapsulation Mechanism
PCTPair-wise Consistency Test
POSIXPortable Operating System Interface
PSKPre-shared key as defined by [RFC8446]
RCTRepetition Count Test
SSPSensitive Security Parameter

PQCryptoLib Table 20

Referenced URLs