All modules
CMVP Validated Module · FIPS 140-3 Security Policy

HP Endpoint Security Controller Cryptographic Library

Certificate#4814StandardFIPS 140-3Level1TypeHardwareEmbodimentSingle ChipStatusActiveVendorHP Inc.
Medium review priority  ·  no TCB surface named  ·  last validated 22 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeHardware
EmbodimentSingle Chip
StatusActive
Sunset date9/20/2028
EntropyENT (P)
CaveatNone
VendorHP Inc.
Hardware versions2.1.3

Approved Algorithms (24)

AlgorithmACVP Cert
AES-CBCA1347
AES-CCMA1347
AES-CFB128A1347
AES-CMACA1347
AES-CTRA1347
AES-ECBA1347
AES-GCMA1347
AES-GMACA1347
AES-OFBA1347
ECDSA KeyGen (FIPS186-4)A1347
ECDSA KeyVer (FIPS186-4)A1347
ECDSA SigGen (FIPS186-4)A1347
ECDSA SigVer (FIPS186-4)A1347
Hash DRBGA1347
HMAC-SHA2-256A1347
HMAC-SHA2-384A1347
HMAC-SHA2-512A1347
KAS-ECC-SSC Sp800-56Ar3A1347
KTS-IFCA1347
RSA SigGen (FIPS186-4)A1347
RSA SigVer (FIPS186-4)A1347
SHA2-256A1347
SHA2-384A1347
SHA2-512A1347

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification1
Cryptographic Module Interfaces1
Roles, Services, and Authentication1
Software/Firmware Security5
Operational Environment1
Physical Security1
Self-Tests1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for HP Endpoint Security Controller Cryptographic Library
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Firmware Load</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Self-test4</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for HP Endpoint Security Controller Cryptographic Library
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Firmware Load</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Self-test4</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

HP Endpoint Security Controller Cryptographic Library Hardware Version 2.1.3 Version 1.1 Last update: 2024-09-12 Prepared by: atsec information security corporation

4516 Seton Center Parkway, Suite 250

Austin, TX 78759 www.atsec.com © 2024 HP Inc. / atsec information security.

Page 2

HP Endpoint Security Controller Cryptographic Library

1 Table of Contents

2.1 2.2 2.3 5.1 9.1 9.2 9.3 9.4 9.5 9.6 10.1 10.2 10.2.1 10.2.2 10.2.3 10.3 11.1 11.2 11.3 11.3.1 11.3.2 © 2024 HP Inc. / atsec information security.

2 of 28
Page 3
Security level
NameISO SectionRequirementLevelSecurity Level
11General1
22Cryptographic Module Specification1
33Cryptographic Module Interfaces1
44Roles, Services, and Authentication1
55Software/Firmware SecurityNot Applicable
66Operational Environment1
77Physical Security1
88Non-invasive SecurityNot Applicable
99Sensitive Security Parameter191
1010Self-tests1
1111Life-cycle Assurance1
1212Mitigation of Other AttacksNot Applicable

HP Endpoint Security Controller Cryptographic Library This document is the non-proprietary FIPS 140-3 Security Policy for Hardware version 2.1.3 of the HP Endpoint Security Controller Cryptographic Library. It has a one-to-one mapping to the [SP 800140B] starting with section B.2.1 named “General” that maps to section 1 in this document and ending with section B.2.12 named “Mitigation of other attacks” that maps to section 12 in this document. This document also contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for a Security Level 1 module. Table 1 describes the individual security areas of FIPS 140-3, as well as the Security Levels of those individual areas: Table 1 - Security Levels © 2024 HP Inc. / atsec information security.

3 of 28
Page 4
Module configuration
NameModelHardware PlatformHardware VersionFirmware Version
Notebook Embedded Controller (EC)Notebook Embedded Controller (EC)Nuvoton NPCX998H2.1.3N/A
Desktop Super I/O (SIO)Desktop Super I/O (SIO)Nuvoton NPCD321H2.1.3N/A
Approved algorithm
NameCAVP CertMode MethodKey SizeUse Function
AESA1347128, 192, 256 bitsAESCBCECBEncryption and AES Decryption
[SP 800-38 A]CCMOFB
AESCTR128, 192, 256 bits

HP Endpoint Security Controller Cryptographic Library

2 Cryptographic Module Specification

The HP Endpoint Security Controller Cryptographic Library cryptographic module (hereafter referred to as “the module”) is a Hardware Single Chip cryptographic module. More specifically, the module is considered a sub-chip cryptographic subsystem as defined in IG 2.3.B. This module validation is a re-branding of a sub-chip cryptographic subsystem that was previously validated under Certificate #4603. The module has been tested by atsec CST lab on the following platforms: [Part Number and Version] 2.1.3 N/A 2.1.3 N/A Table 2 - Cryptographic Module Tested Configuration

2.1 Mode of Operation

The module supports approved services in a FIPS approved mode of operation. There are no allowed algorithms used in approved mode. There are no non-approved algorithms used in the approved mode with no security claimed. There are no non-approved algorithms used in a nonapproved mode.

2.2 Security Functions

The Table 3 below lists all security functions of the module, including specific key strengths employed for approved services, and implemented modes of operation.

1 Both the EC and SIO components are rebranded as the HP Endpoint Security Controller and are used in

select HP Commercial PC products including Notebooks, Desktops, Desktop Workstations, Mobile Workstations, Retail Point of Sale Terminals, and Thin Clients. © 2024 HP Inc. / atsec information security.

4 of 28
Page 5
Approved algorithm
NameCAVP CertMode MethodUse FunctionDescription
AESGCM 2[1]128, 192, 256 bits
AESCMACCMAC Message Authentication128, 192, 256 bits
[SP 800-38 B]Code Generation and CMAC
AESGMACGMAC Message Authentication128, 192, 256 bits
[SP 800-38 D]Code Generation and GMAC
HMACHMAC-SHA2-256HMAC Message Authentication256, 384, 512 bits
[FIPS 198-1]HMAC-SHA2-384Code Generation
RSARSA-PSS using SHA2-RSA Signature Generation,2048 or 3072 modulus
[FIPS 186-4]256, SHA2-384 orRSA Signature Verification
KTS-IFCKTS-OAEP-basicRSA Key Transport (key wrapping2048 or 3072 modulus
[SP800-56Brev2]and un-wrapping)
ECDSAB.4.2 TestingECDSA Key GenerationP-256, P-384, P-521
[FIPS 186-4]Candidatescurves
NANAECDSA Key VerificationP-256, P-384, P-521
SHA2-256, SHA2-384,SHA2-256, SHA2-384,ECDSA Signature Generation,P-256, P-384, P-521
SHA2-512SHA2-512ECDSA Signature Verificationcurves
N/AN/AECDSA Signature GenerationP-256, P-384, P-521
curvesComponentcurves
SHSSHA2-256Message Digest GenerationN/A
[FIPS 180-4]SHA2-384
KAS-ECC-SSCephemeralUnifiedEC Diffie-Hellman Shared SecretP-256, P-384, P-521
[SP800-56Arev3]Computationcurves
Hash_DRBGSHA2-512Random Number Generation512
CKG (Cryptographic KeyVendorSP800-133rev2 SectionECDSA Key GenerationN/A
[SP800-133rev2]approved DRBG; no XOR,
ENT(P)N/AN/ARandom Number GenerationUsed to seed the
[SP800-90B]SP800-90A DRBG

HP Endpoint Security Controller Cryptographic Library N/A N/A

2 The module’s AES-GCM implementation conforms to IG C.H scenario 2. The module uses the approved

Hash_DRBG to generate the IV with a length of 96-bits. The entropy source producing the DRBG seed is located inside the module’s cryptographic boundary © 2024 HP Inc. / atsec information security.

5 of 28
Page 6

HP Endpoint Security Controller Cryptographic Library N/A N/A N/A Table 3 - Approved Algorithms

2.3 Module Overview

Figure 1 depicts the module’s block diagram with a red outline indicating the Tested Operational Environment’s Physical Perimeter (TOEPP) of the NPCX998H and the NPCD321H and the blue dotted outline depicting the cryptographic boundary of the sub-chip embedded within the physical perimeter. Figure 1 - [Block Diagram] © 2024 HP Inc. / atsec information security.

6 of 28
Page 7

HP Endpoint Security Controller Cryptographic Library Figure 2 and 3 shows a picture of the NPCX998H (e.g., EC) and the NPCD321H (e.g., SIO) in which the sub-chip module is embedded. Figure 2: Nuvoton NPCX998HA0BX Figure 3: Nuvoton NPCD321HA0DX © 2024 HP Inc. / atsec information security.

7 of 28
Page 8
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
I/O PortsI/O PortsData InputData inputs are provided in the variables passed in the API and callable service invocations, generally through caller-supplied buffers
I/O PortsI/O PortsData OutputData outputs are provided in the variables passed in the API and callable service invocations, generally through caller-supplied buffers
I/O PortsI/O PortsControl InputControl inputs which control the operation of the module are provided through dedicated parameters.
I/O PortsI/O PortsStatus OutputStatus output is provided in return codes and through messages. Documentation for each API lists possible return codes. A complete list of all return codes returned by the C language APIs within the module is provided in the header files and the API documentation. Messages are documented also in the API documentation.
Power PortPower PortPower InterfacePower interface is provided internally by TEOPP in which the cryptographic module is embedded.

HP Endpoint Security Controller Cryptographic Library Table 4 - Ports and Interfaces © 2024 HP Inc. / atsec information security.

8 of 28
Page 9
Service
NameDescriptionRolesCsps AccessedApproved FunctionsAccessIndicatorInputOutput
AES EncryptionData EncryptionUse rAES keyAES-CBC AES-ECB AES-CCM AES-OFB AES-CFB128 AES-CTR AES-GCMW, ENCL STATUS OKAES key and plain textcipher text
AES DecryptionData DecryptionUse rAES keyAES-CBC AES-ECB AES-CCM AES-OFB AES-CFB128 AES-CTR AES-GCMW, ENCL STATUS OKAES key and cipher textplain text
CMAC Message Authenticatio n Code GenerationMessage Authenticati on Code GenerationUse rAES keyAES-CMACW, ENCL STATUS OKAES key and message MMAC T
CMAC Message Authenticatio n Code VerificationMessage Authenticati on Code VerificationUse rAES keyAES-CMACW, ENCL STATUS OKMAC and Message“VALID” or “INVALID”
GMAC Message Authenticatio n Code GenerationMessage Authenticati on Code GenerationUse rAES keyAES-GMACW, ENCL STATUS OKAES key, AADauthenticati on tag T
GMAC Message Authenticatio n Code VerificationMessage Authenticati on Code VerificationUse rAES keyAES-GMACW, ENCL STATUS OKAES key, AAD, IV, tag T“PASS” or “FAIL”
HMAC Message Authenticatio n Code GenerationMessage Authenticati on Code GenerationUse rHMAC keyHMAC-SHA2- 256 HMAC- SHA2-384 HMAC-SHA2- 512W, ENCL STATUS OKHMAC key and messageMAC
Message Digest GenerationSHS Message Digest GenerationUse rnoneSHA2-256 SHA2-384 SHA2-512N/ANCL STATUS OKmessagedigest (hash value)
RSA Key Transport (encapsulati on)Key Wrapping using KTS- OAEP-basicUse rRSA public keyKTS-IFCW, ENCL STATUS OKRSA public key and key to be wrappedencrypted key
RSA Key Transport (un- encapsulatio n)Key Un- wrapping using KTS- OAEP-basicUse rRSA private keyKTS-IFCW, ENCL STATUS OKRSA private key and key to be un- wrappedplaintext key
RSA Digital Signature GenerationDigital Signature GenerationUse rRSA private keyRSA-PSS, RSA-PKCS#1 v1.5 Signature Generation, HMAC_DRBGW, ENCL STATUS OKRSA private key and messagesignature
RSA Digital Signature VerificationDigital Signature VerificationUse rRSA public keyRSA-PSS, RSA-PKCS#1 v1.5 Signature VerificationW, ENCL STATUS OKRSA public key and signatureTrue or False
ECDSA Digital Signature GenerationDigital Signature GenerationUse rECDSA private keyECDSA Digital Signature Generation, HMAC_DRBGW, ENCL STATUS OKECDSA private key and messagesignature
ECDSA Digital Signature Generation ComponentDigital Signature Generation ComponentUse rECDSA private keyECDSA Digital Signature Generation Component, HMAC_DRBGW, ENCL STATUS OKECDSA private key and message digestsignature
ECDSA Digital Signature VerificationDigital Signature VerificationUse rECDSA public keyECDSA Digital Signature VerificationW, ENCL STATUS OKECDSA public key and signatureTrue or False
ECDSA Key GenerationAsymmetric Key Pair GenerationUse rECDSA Key pairECDSA Key Generation, HMAC_DRBG, CKGG, RNCL STATUS OKCurve sizegenerated private and public key pair
EC Diffie- Hellman Shared Secret ComputationShared Secret Computatio n using Elliptic Curve Cryptograp hyUse rECDH public keyKAS-ECC-SSCW, ENCL STATUS OKreceived public key and possesse d private keyshared secret
ECDH private keyECDH private keyE
shared secretshared secretG, R
Random Number GenerationDeterministi c Random Number GenerationUse rEntrop y input string, nonceHash_DRBGWNCL STATUS OKSeedrandom numbers
seed, V, and Cseed, V, and CG
Module Version InfoOutputs Module Name + Version NumberUse rNoneN/AN/AN/ANoneModule Name + Module Version Number
SSP Zeroisationzeroizes crypto function context and releases memory spaceUse rAll Keys / SSPsN/AZN/Ahandle of crypto function contextzeroized and released memory space
Show-StatusOutputs Operational/ Error status of the moduleUse rNoneN/AN/AN/ANoneOperational /Error status
Self-test4Executes on-demand self-test and outputsUse rHMAC KeyHMAC-SHA2- 512ENCL STATUS OK OK’NonePass/Fail status
SHA2-256N/ASHA2-256
Pass/Fail statusPass/Fail statusAES KeyAES-CCM
AES-CBCAES KeyAES-CBC
RSA PKCS#1 v1.5 Signature GenerationRSA Private KeyRSA PKCS#1 v1.5 Signature Generation
RSA PKCS#1 v1.5 Signature VerificationRSA Public KeyRSA PKCS#1 v1.5 Signature Verification
KTS-IFC (encapsulation)RSA Public KeyKTS-IFC (encapsulation)
ECDSA Signature GenerationECDSA Private KeyECDSA Signature Generation
ECDSA Signature VerificationECDSA Public KeyECDSA Signature Verification
KAS-ECC-SSCECDH Key Pair, Shared SecretKAS-ECC-SSC
Hash_DRBGSeedHash_DRBG

HP Endpoint Security Controller Cryptographic Library

4 Roles, services, and authentication

The module supports two authorized roles: A Crypto Officer Role and a User Role. No support is provided for a Maintenance operator. The module does not implement a bypass mode nor concurrent operators. When a device is delivered, the Crypto Officer is responsible for initializing the module i.e., configure the device by properly setting up key registers for storage of keys/CSPs. The Crypto Officer is implicitly assumed. The User can perform services from Table 5 and 5a only after the Crypto Officer takes possession by initializing it, thus creating data to be protected is generated. The Users of the module are software applications that implicitly assume the User Role when requesting any cryptographic services provided by the module. FIPS 140-3 does not require authentication mechanism for level 1 modules. Therefore, the module does not implement an authentication mechanism. The module only implements Approved security functions in an Approved mode. The Table 5 below lists services available. The module provides an approved service indicator by receiving a return code of “NCL_STATUS_OK to indicate that the service executed an approved security function. NOTE: The module does not implement any non-Approved Algorithms in the Approved Mode of Operation (neither with nor without security claim). The module does not implement any nonapproved security functions. The abbreviations of the access rights to keys and SSPs have the following interpretation: G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g., the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP. s r r © 2024 HP Inc. / atsec information security.

9 of 28
Page 10

HP Endpoint Security Controller Cryptographic Library s M r r r r HMAC-SHA2256 HMACSHA2-384 HMAC-SHA2512 r r r (unencapsulatio n) Key Unwrapping unwrapped r © 2024 HP Inc. / atsec information security.

10 of 28
Page 11

HP Endpoint Security Controller Cryptographic Library r r EC DiffieHellman r E G, R s C G N/A r N/A N/A r N/A r N/A HMAC-SHA2512 r N/A

4 Keys and SSPs used in this service are hard-coded in the module and used exclusively for self-tests.

© 2024 HP Inc. / atsec information security.

11 of 28
Page 12

HP Endpoint Security Controller Cryptographic Library s Table 5 - Approved Services © 2024 HP Inc. / atsec information security.

12 of 28
Page 13

HP Endpoint Security Controller Cryptographic Library

5 Software/Firmware Security
5.1 Software/Firmware Integrity Technique

The module’s executable code is programmed in a masked ROM which is a type of Read-Only Memory (ROM) where content is programmed by the integrated circuit manufacturer during the silicon manufacturing (rather than by the Operator of the module). The memory technology is non reconfigurable memory as defined in IG 5.A, which will not have any change or degradation of data for a minimum of 10 years after manufactured date. As such, it is considered a hardware only module with a non-modifiable operational environment. The requirements of this area are not applicable to the module. © 2024 HP Inc. / atsec information security.

13 of 28
Page 14

HP Endpoint Security Controller Cryptographic Library

6 Operational Environment

The HP Endpoint Security Controller Cryptographic Library operates in a non-modifiable operational environment. The module is programmed by the manufacturer during the silicon manufacturing (rather than by the user). It maintains its own memory region which can only be accessed by the module. There is no additional application present within the operating environment. The module does not spawn any cryptographic processes. The operational environments in which the module was tested are listed in Table 2. © 2024 HP Inc. / atsec information security.

14 of 28
Page 15

HP Endpoint Security Controller Cryptographic Library

7 Physical Security

The HP Endpoint Security Controller Cryptographic Library cryptographic module is a Hardware cryptographic module in a single chip embodiment. More specifically, the module is considered a sub-chip cryptographic subsystem. The module consists of production-grade components that include standard passivation techniques (e.g., a conformal coating applied over the module’s circuitry to protect against environmental or other physical damage). The module does not implement a maintenance role and has no maintenance access interface. © 2024 HP Inc. / atsec information security.

15 of 28
Page 16

HP Endpoint Security Controller Cryptographic Library

8 Non-invasive Security

Currently, the non-invasive security is not required by FIPS 140-3 (see NIST SP 800-140F). The requirements of this area are not applicable to the module. © 2024 HP Inc. / atsec information security.

16 of 28
Page 17
Sensitive security parameter
NameStrengthSecurity FunctionGenerationEstablishmentStorageZeroizationImport ExportKey/SSP Name/ Type
Use: AES Data Encryption and Decryption Related Keys: N/A128, 192, 256 - bits of security strengthAES CAVP Cert. #A134 7Not Applicable . The key is entered via API paramete rNot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BNot Applicable . The key is ephemera l and only held in memory during execution of service.automatic zeroization when structure is deallocate d or when the system is powered down.Entry: N/A. The key may be entered into the module within the TOEPP5 via API input parameters in plaintext. Output: N/AAES key
Use: Key Encapsulatio n and Un- encapsulatio n Related Keys: N/A112 to 128 bits of security strengthKTS-IFC CAVP Cert. #A134 7Not Applicable . The key is entered via API paramete rNot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BNot Applicable . The key is ephemera l and only held in memory during execution of service.automatic zeroization when structure is deallocate d or when the system is powered down.Entry: N/A. The key may be entered into via API input parameters in plaintext. Output: N/ARSA private and public key
Use: Signature Generation and Verification Related Keys: N/A112 to 128 bits of security strengthRSA CAVP Cert. #A134 7Not Applicable . The key is entered via API paramete rNot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BNot Applicable . The key is ephemera l and only held in memory during execution of service.automatic zeroization when structure is deallocate d or when the system is powered down.Entry: N/A. The key may be entered into the module within the TOEPP via API input parameters in plaintext. Output: N/ARSA private and public key pair
Use: Key Generation and Verification, Signature Generation and Verification112 to 256 bits of security strengthECDSA CAVP Cert. #A134 7The private keys can be generated using FIPS186-4 Key Generatio n method,Not Applicable for sub-chip systems that only communicat e with subsystems within the same OE, asNot Applicable . The key is ephemera l and only held in memory duringautomatic zeroization when structure is deallocate d or when the system isEntry: N/A. The key may be entered into the module within the TOEPP via API input parameters in plaintext.ECDSA private and public key pair
Related Keys: DRBG internal stateand the random value used in the key generatio n is generated using SP800- 90A DRBGstated in IG 2.3.Bexecution of service.powered down.Output: The key may be output from the module within the TOEPP 6via API output parameters in plaintext
Use: Hashed Message Authenticatio n Code Generation Related Keys: N/A112 or greater bits of securit y strengt hHMAC CAVP Cert. #A134 7Not Applicable . The key is entered via API paramete rNot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BNot Applicable . The key is ephemera l and only held in memory during execution of service.automatic zeroization when structure is deallocate d or when the system is powered down.Entry: N/A. The key may be entered into the module within the TOEPP via API input parameters in plaintext. Output: N/AHMAC key
Use: ECDH Shared Secret Computation Related Keys: DRBG internal state, EC Diffie- Hellman Shared Secret112 to 256-bits of security strengthKAS- ECC- SSC CAVP Cert. #A134 7The private keys are generated using FIPS186-4 Key Generatio n method, and the random value used in the key generatio n is generated using SP800- 90A DRBGNot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BNot Applicable . The key is ephemera l and only held in memory during execution of service.automatic zeroization when structure is deallocate d or when the system is powered down.Entry: N/A. The public key may be entered into the module within the TOEPP via API input parameters in plaintext. Output: The key may be output from the module within the TOEPP via API output parameters in plaintextECDH key pair (including intermediat e key generation values)
Use: ECDH Shared Secret Computation Related Keys: ECDH key pairN/ANot Applicable for sub-chip systems that only communicat e with subsystems within the same OE, as stated in IG 2.3.BEntry: N/A Output: The key may be output from the module within the TOEPP via API output parameters in plaintextECC Shared Secret
Use: Random Number Generation256-bits ofN/AN/AN/AEntry: N/A. obtained from the ENT(P)Entropy Input String + Nonce

HP Endpoint Security Controller Cryptographic Library

9 Sensitive Security Parameter Management

The following table summarizes the keys and Sensitive Security Parameters (SSPs) that are used by the cryptographic services implemented in the module. Modification of PSPs by unauthorized operators is prohibited. r 2.3.B 2.3.B n and Unencapsulatio n 2.3.B r r

5 TOEPP - Tested Operational Environment’s Physical Perimeter

© 2024 HP Inc. / atsec information security.

17 of 28
Page 18

HP Endpoint Security Controller Cryptographic Library y h SP80090A DRBG 2.3.B r 2.3.B 2.3.B KASECCSSC SP80090A DRBG N/A N/A N/A DiffieHellman 2.3.B N/A

6 TOEPP - Tested Operational Environment’s Physical Perimeter

© 2024 HP Inc. / atsec information security.

18 of 28
Page 19
Sensitive security parameter
NameStrengthOutput
Use: Random Number Generation Related Keys: ECDSA and ECDH key pairs256-bits of security strengthEntry: N/A Output: N/ADRBG internal state (i.e., Hash_DRBG V and C values), SeedN/ADerived from entropy input string as defined by SP800- 90AN/A
Approved algorithm
NameKey Size
DetailsMinimum number ofEntropy Source
The entropy pool is filled with random bits provided by an SP800-90B compliant ENT(P) whose noise source is from Ring Oscillators in hardware TRNG.SP800-90B compliant ENT(P)256

HP Endpoint Security Controller Cryptographic Library N/A by SP80090A N/A Table 6 - SSPs The module employs a Hash_DRBG using a SHA-512 PRF. Per section 10.1.1.1 of [SP800-90A], the reseeding. The estimated amount of entropy per entropy output bit is ~0.6/bit. The DRBG internal state is not accessible by non-DRBG functions. All random values used by approved security functions, SSP generation, or SSP establishment method are provided by the Hash_DRBG. Table 7 - Non-Deterministic Random Number Generation Specification The module generates Keys and SSPs in accordance with FIPS 140-3 IG D.H. The cryptographic module performs Cryptographic Key Generation (CKG) for asymmetric keys as per [SP800133rev2] (vendor affirmed), compliant with [FIPS186-4] and using DRBG compliant with [SP80090Arev1]. A seed (i.e., the random value) used in asymmetric key generation is obtained from for ECDSA, as well as the [SP 800-90Arev1] DRBG have been ACVT tested with algorithm certificates found in Table 3.

9.3 Key/SSP Establishment

The module provides the following key/SSP establishment services:

  1. The module implements KAS-ECC-SSC EC Diffie-Hellman Shared Secret Computation compliant to [SP800-56Arev3] and IG D.F Scenario (2) path (1). o The shared secret computation provides between 128 and 256 bits of encryption
  2. Within the TOEPP, the module offers RSA key wrapping and unwrapping using KTS-OAEPbasic scheme. The implementation supports 2048 and 3072 modulus size, with both key © 2024 HP Inc. / atsec information security.
19 of 28
Page 20

HP Endpoint Security Controller Cryptographic Library encapsulation and un-encapsulation supported. The module does not implement key confirmation. See section 11.3.2 for operator guidance details.

9.4 Key/SSP Entry and Output

Keys/SSPs entered or output the module are electronically entered in plaintext form from the invoking User firmware running on the same device. No Keys/SSPs are entered or output from the module to outside the TOEPP. According to IG 2.3.B, Transferring SSPs including the entropy input between a sub-chip cryptographic subsystem and an intervening functional subsystem for Security Levels 1 and 2 on the same single chip is considered as not having Sensitive Security Parameter Establishment crossing the HMI of the sub-chip module per IG 9.5.A.

9.5 Key/SSP Storage

The module does not provide persistent storage for keys/SSPs. Keys/SSPs are stored in memory only and are received for use by the module only at the request of the User firmware.

9.6 Key/SSP Zeroization

Keys and SSPs are explicitly zeroized automatically when structure associated with the cipher is deallocated or implicitly when the device is powered down thereby rendering the data irretrievable. Interface with the module is inhibited while zeroization is being performed. For Keys and SSPs explicitly zeroized automatically the successful completion of a requested service suffices as the implicit indicator that zeroisation has completed. © 2024 HP Inc. / atsec information security.

20 of 28
Page 21
AlgorithmTest
HMAC• HMAC-SHA2-512 MAC Generation KAT
SHA• SHA2-256 Message Digest KAT
AES• AES-CCM Encryption KAT using 128-bit key • AES-CBC Decryption KAT using 128-bit key
KTS-IFC• KTS-OAEP-basic Encryption KAT with 2048 -bit key and SHA2-256 • KTS-OAEP-basic Decryption KAT with 2048 -bit key and SHA2-256
RSA• PKCS#1 v1.5 Signature Generation KAT with 2048 -bit key and SHA2-256 • PKCS#1 v1.5 Signature Verification KAT with 2048 -bit key and SHA2-256
ECDSA• ECDSA Signature Generation KAT with P-256 curve and SHA2-256 • ECDSA Signature Verification KAT with P-256 curve and SHA2-256

HP Endpoint Security Controller Cryptographic Library

10 Self-tests

Self-tests ensure that the module is not corrupted and that the cryptographic algorithms work as expected. While the module is executing the self-test, no services are not available, and input and output are inhibited. The module will boot only after successfully passing the HMAC-SHA2-512 and SHA2-256 CASTs. If an error is detected in any self-test, the module will enter the Error State.

10.1 Pre-Operational Self-Tests

The module is solely implemented in hardware (i.e., only contains executable code that is stored in non- reconfigurable masked ROM7). As such, the module does not perform any pre-operational software/firmware integrity test, but instead performs a Cryptographic Algorithm Self-Test on the HMAC-SHA2-512 and SHA2-256 algorithms when the module is powered on. The module does not implement a pre-operational bypass test nor pre-operational critical functions test.

10.2 Conditional Self-Tests

The module performs a conditional self-test when the conditions specified for the following tests occur: Conditional Cryptographic Algorithm Self-Test Conditional Pair-Wise Consistency Test The module does not implement a Software/Firmware Load Test, Manual Entry Test, Conditional Bypass Test nor Conditional Critical Functions Test. 10.2.1 Conditional Cryptographic Algorithm Self-Tests The module conducts conditional cryptographic algorithm self-test prior to the first operational use of each cryptographic algorithm. The table below describe the conditional tests supported by the module.

7 A masked ROM is a type of Read-Only Memory (ROM) where content is programmed by the integrated

circuit manufacturer during the silicon manufacturing. © 2024 HP Inc. / atsec information security.

21 of 28
Page 22
AlgorithmTest
KAS-ECC-SSC• ECDH shared secret computation KAT with P-256 curve
Hash_DRBG• Hash_DRBG random number generation KAT using predefined seed.
ENT• RCT (Repetition Count Test) • APT (Adaptive Proportion Test)
Cause of ErrorStatus Indicator
failure in conditional self-test (conditional CAST or conditional PCT)NCL_STATUS_FAIL
failure of the ENT health testENTROPY_SRC_ERROR

HP Endpoint Security Controller Cryptographic Library

22 of 28
Page 23

HP Endpoint Security Controller Cryptographic Library

11 Life-cycle assurance
11.1 Delivery and Operation

As explained in Section 10.1.1, the module is placed in a masked ROM by manufacturer during the silicon manufacturing. The module is delivered as part of the Nuvoton NPCX998H and Nuvoton NPCD321H platforms (listed in Table 2). During manufacturing

11.2 Crypto Officer Guidance

The module is configured to be operational by default. If the device starts up successfully and has successfully passed the HMAC-SHA2-512 and SHA2-256 CAST, it is operating correctly and can begin servicing User requests.

11.3 Operator Guidance

11.3.1 End of Life Once the module reaches its end-of-life stage (End of Life (EOL) date for the HP Endpoint Security Controller Cryptographic Library is 10 years from manufacturing date) or sanitation is initiated by the module’s Operator, it is the Operator’s responsibility to clear all existing SSPs from the module. This can be achieved by either performing a full device reset, or by explicitly invoking the following sequence of APIs to clear the data from all modules: • • • • • NCL_SHA_Clear - For each of existing SHA and HMAC contexts NCL_DRBG_Clear - For each of existing DRBG contexts NCL_AES_Clear - For each of existing AES contexts NCL_RSA_Clear - For each of existing RSA contexts NCL_ECC_Clear - For each of existing ECDSA and ECDH contexts 11.3.2 RSA Key Wrapping To comply with SP800-56Brev2 assurances found in its Section 6 (specifically SP800-56Brev2 Section 6.4 Required Assurances) The entity using the IUT must obtain required assurances listed in section 6.4 of SP 800-56BRev2 by performing the following steps:

  1. The entity requesting the RSA key unwrapping (un-encapsulation) service from the module, shall only use an RSA private key that was generated by an active FIPS validated module that implements FIPS 186-4 compliant RSA key generation service and performs the key pair validity and the pairwise consistency as stated in section 6.4.1.1 of the SP 80056BRev2. Additionally, the entity shall renew these assurances over time by using any method described in section 6.4.1.5 of the SP 800-56BRev2.
  2. For use of an RSA key wrapping (encapsulation) service in the context of key transport per IG D.G, the entity using the module, shall verify the validity of the peer's public key using any method specified in section 6.4.2.1 of the SP 800-56BRev2. © 2024 HP Inc. / atsec information security.
23 of 28
Page 24

HP Endpoint Security Controller Cryptographic Library 3. The entity using the module, shall confirm the peer's possession of private key by using any method specified in section 6.4.2.3 of the SP 800-56BRev2. © 2024 HP Inc. / atsec information security.

24 of 28
Page 25

HP Endpoint Security Controller Cryptographic Library

12 Mitigation of other attacks

The module does not implement security mechanisms to mitigate other attacks. © 2024 HP Inc. / atsec information security.

25 of 28
Page 26

HP Endpoint Security Controller Cryptographic Library Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard ACVP Algorithm Certification Validation Program CBC Cipher Block Chaining CAST Cryptographic Algorithm Self-Test CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ENT Entropy Source EOL End Of Life FFC Finite Field Cryptography FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode HMAC Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test KW AES Key Wrap KWP AES Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PSS Probabilistic Signature Scheme RSA Rivest, Shamir, Addleman SHA Secure Hash Algorithm SHS Secure Hash Standard SSC Shared Secret Computation TOEPP Tested Operational Environment’s Physical Perimeter XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2024 HP Inc. / atsec information security.

26 of 28
Page 27

HP Endpoint Security Controller Cryptographic Library Appendix B. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://doi.org/10.6028/NIST.FIPS.140-3 FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program May 2021 https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validationprogram/documents/fips 140-3/FIPS 140-3 IG.pdf FIPS180-4 Secure Hash Standard (SHS) March 2012 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 http://www.ietf.org/rfc/rfc3447.txt RFC3394 Advanced Encryption Standard (AES) Key Wrap Algorithm September 2002 http://www.ietf.org/rfc/rfc3394.txt RFC5649 Advanced Encryption Standard (AES) Key Wrap with Padding Algorithm September 2009 http://www.ietf.org/rfc/rfc5649.txt SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf SP800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf © 2024 HP Inc. / atsec information security.

27 of 28
Page 28

HP Endpoint Security Controller Cryptographic Library SP800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf SP800-38F NIST Special Publication 800-38F - Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38F.pdf SP80056Arev3 NIST Special Publication 800-56A Revision 3 - Recommendation for Pair Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf SP80056Brev2 Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br2.pdf SP800-90A NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf SP800133rev2 NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-133r2.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2024 HP Inc. / atsec information security.

28 of 28

Referenced URLs