| Standard | FIPS 140-3 |
|---|---|
| Overall level | 3 |
| Module type | Hardware |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 2/6/2027 |
| Caveat | Interim validation. When operated in approved mode. When installed, initialized and configured as specified in Section 11.2 of the Security Policy |
| Vendor | Thales |
flowchart LR
%% Deterministic review-risk graph for Thales Luna G7 Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Firmware Load<br/>recovery<br/>update</i>"]
C3["[low] Self-test / status surface<br/>(referenced in text)<br/><i>Self-Test</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>kernel<br/>bootloader</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Possible only, some<br/>services may process input<br/>before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Thales Luna G7 Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Firmware Load<br/>recovery<br/>update</i><br/>src: text:keyword"]
C3["[low] Self-test / status surface (referenced in text)<br/><i>Self-Test</i><br/>src: text:keyword"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>HTTPS<br/>no library/version identified</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>kernel<br/>bootloader</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C3,C5,C6 clueLow;Thales Luna G7 Cryptographic Module 002-000179-001 Rev. K January 10, 2025
Contents Document Information Document Part Number 002-000149-002 Release Date January 10, 2025 Revision Version K Thales and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. Disclaimer All information herein is either public information or is the property of and owned solely by Thales and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Thales’s information. This document can be copied or distributed for informational, non-commercial, internal and personal use only provided that: appear in all copies. This document shall not be posted on any network computer or broadcast in any media other than on the NIST CMVP validation list and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided “AS IS” without any warranty of any kind. Unless otherwise expressly agreed in writing, Thales makes no warranty as to the value or accuracy of information contained herein. Thales hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and noninfringement. In no event shall Thales be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Thales does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Thales be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Thales products. Thales disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective,
Contents incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy.
Acronyms and Abbreviations ACRONYMS AND ABBREVIATIONS Term Definition AES Advanced Encryption Standard AEK AccessID Encryption Key AEK-KW AEK-Key Wrapping ANSI American National Standards Institute AU Audit User API Application Programming Interface CBC Cipher Block Chaining CDH Cofactor Diffie-Hellman CID Client IDentity CITS Chrysalis ITS CKG Cryptographic Key Generation CFB Cipher FeedBack CMAC Cipher Block Chaining Message Authenticate Code CMVP Cryptographic Module Validation Program CO Crypto Officer CPV3 Cloning Protocol Version 3 CSP Critical Security Parameter CTR CounTeR CU Crypto User CVL Component Validation List DEK Data Encryption Key DH Diffie-Hellman DMK Data MAC Key DPK Data Protection Key
Acronyms and Abbreviations Term Definition DSA Digital Signature Algorithm DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EFP Environmental Failure Protection EFT Environmental Failure Testing EKA Ephemeral Key Agreement EMI ElectroMagnetic Interference FFC Finite Field Cryptography FIPS Federal Information Processing Standard GCM Galois Counter Mode GMAC Galois Message Authentication Code HMAC Keyed-Hash Message Authentication Code HA High Availability HOC Hardware Origin Certificate HOK Hardware Origin Key HSM Hardware Security Module / Host Security Module ICD Interface Control Design/Document IG Implementation Guidance ISO/IEC International Organization for Standardization / International Electrotechnical Commission IV Initialization Vector KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-Based Key Derivation Function
Acronyms and Abbreviations Term Definition KCV Key Cloning Vector KDF Key Derivation Function KDM Key Destruction Method KEV Key Encryption Vector KTS Key Transport Scheme KW Key Wrap KWP Key Wrap with Padding LCO Limited Crypto Officer LED Light Emitting Diode MAC Message Authentication Code MGF Mask Generation Function MIC Manufacturer’s Integrity Certificate MIK Manufacturer’s Integrity Key MK Master Key NIST National Institute of Science and Technology N/A Not Applicable OFB Output FeedBack PAC PED Authentication Certificate PAK PED Authentication Key PBKDF Password Based Key Derivation Function PCIe Peripheral Component Interconnect Express PCT Pair-wise Consistency Test PEC Password Encryption Certificate PED PIN Entry Device PEK Password Encryption Key PKCS Public-Key Cryptography Standards
Acronyms and Abbreviations Term Definition POST Power-on Self-Test PSK Partition Storage Key PSS Probabilistic Signature Scheme PST Periodic Self-Test RDK Role Domain Key RNG Random Number Generator RPV Remote PED Vector RSA Rivest Shamir Adleman RSASVE RSA Secret-Value Encapsulation SHA Secure Hash Algorithm SKA Static Key Agreement SMK SKS Master Key SKS Scalable Key Storage SO Security Officer SSC Shared Secret Computation SSP Sensitive Security Parameter STC Secure Trusted Channel STM Secure Transport Mode Triple-DES Triple Data Encryption Standard TUK Token or Module Unwrapping Key TWC Token or Module Wrapping Certificate USB Universal Serial Bus USK User’s Storage Key XTS XEX Tweakable block cipher ciphertext Stealing
References REFERENCES [FIPS 140-3] Federal Information Processing Standards Publication 140-3, Security Requirements for Cryptographic Modules, March 2019. [FIPS 140-3 IG] NIST, Implementation Guidance for FIPS 140-3 and the Cryptographic Module Validation Program, January 29, 2024. [FIPS 180-4] Federal Information Processing Standards Publication 180-4, Secure Hash Standard (SHS), NIST, August 2015. [FIPS 186-4] Federal Information Processing Standards Publication 186-4, Digital Signature Standards (DSS), NIST, July 2013. [FIPS 186-5] Federal Information Processing Standards Publication 186-5, Digital Signature Standards (DSS), NIST, February 2023. [FIPS 197] Federal Information Processing Standards Publication 197, Specification for the Advanced Encryption Standard (AES), November 26, 2001. [FIPS 198-1] Federal Information Processing Standards Publication 198-1, The Keyed-Hash Message Authentication Code (HMAC), July 2008. [FIPS 202] Federal Information Processing Standards Publication 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, August 2015. [RFC 5639] Lochter M, Merkle J, ‘Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation’, Internet Engineering Task Force, RFC 5639, March 2010. [RFC 7748] Hamburg M, Turner S, “Elliptic Curves for Security”, Internet Research Task Force, RFC 7748, January 2016. [SEC 2] Certicom Research, ‘Standards for Efficient Cryptography - SEC2: Recommended Elliptic Curve Domain Parameters’, Version 2.0, January 27, 2010. [SP800-38A] NIST Special Publication 800-38A, Recommendation for Block Cipher Modes of Operation
References [SP800-56Cr1] NIST Special Publication 800-56C, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, Revision 1, April 2018. [SP800-56Cr2] NIST Special Publication 800-56C, Recommendation for Key-Derivation Methods in Key-Establishment Schemes, Revision 2, August 2020. [SP800-67r2] NIST Special Publication 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Revision 2, November 2017. [SP800-90Ar1] NIST Special Publication SP800-90A, Recommendation for Random Number Generation Using Deterministic Bit Generators, Revision 1, June 2015. [SP800-90B] NIST, SP800-90B, “Recommendation for the Entropy Sources Used for Random Bit Generation”, January 2018. [SP800-108r1] NIST Special Publication 800-108, Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions (Revised), August 2022. [SP800-131Ar2] NIST Special Publication 800-131A, Revision 2, Transitioning the Use of Cryptographic Algorithms and Key Lengths, March 2019. [SP800-132] NIST Special Publication 800-132, Recommendation for Password-Based Key Derivation: Part 1: Storage Applications, December 2010. [SP800-133r2] NIST Special Publication 800-133, Revision 2, Recommendation for Cryptographic Key Generation, June 2020. [SP800-135r1] NIST Special Publication 800-135, Recommendation for Existing Application-Specific Key Derivation Functions, December 2011. [SP800-140Cr2] NIST Special Publication 800-140C, Revision 2, CMVP Approved Security Functions: CMVP Validation Authority Updates to ISO/IEC 24759, July 2023. [SP800-140Dr2] NIST Special Publication 800-140D, Revision 2, CMVP Approved Sensitive Security Parameter Generation and Establishment Methods: CMVP Validation Authority Updates to ISO/IEC 24759, July 2023. [SP800-140E] NIST Special Publication 800-140E, CMVP Approved Authentication Mechanisms: CMVP Validation Authority Requirements for ISO/IEC 19790:2012 Annex E and ISO/IEC 24759 Section 6.17, March 2020. [SP800-140F] NIST Special Publication 800-140F, CMVP Approved Non-Invasive Attack Mitigation Test Metrics: CMVP Validation Authority Updates to ISO/IEC 24759, March 2020. [PKCS #1] PKCS #1: RSA Cryptographic Standard, RSA Laboratories, v2.1. [ANSI X9.42] American National Standard for Financial Services X9.42-2003 (R2013), Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography. [ANSI X9.62] American National Standard Institute ANSI X9.62, ‘Public Key Cryptography for the Financial Services Industry: the Elliptic Curve Digital Signature Algorithm (ECDSA)’, November 16, 2005. [ANSI X9.63] American National Standard for Financial Services X9.63-2011 (R2017), Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography.
References [ISO/IEC 14888-3:2018] ISO/IEC 14888-3:2018, ‘IT Security techniques
Preface PREFACE This document deals only with operations and capabilities of the Thales Luna G7 Cryptographic Module in the technical terms of [FIPS 140-3]. General information on Thales HSM alongside other Thales products is available from the following sources: the Thales internet site contains information on the full line of available products at https://cpl.thalesgroup.com product manuals and technical support literature is available from the Thales Customer Support Portal at https://supportportal.thalesgroup.com/csm online manuals for the product can be found at https://www.thalesdocs.com technical or sales representatives of Thales can be contacted through one of the channels listed on https://cpl.thalesgroup.com/contact-us NOTE: You require an account to access the Customer Support Portal. To create a new account, go to the portal and click on the REGISTER link.
The Thales Luna G7 Cryptographic Module meets all level 3 security requirements for [FIPS 140-3] as summarized in the table below: Table 1-1: Security Levels [ISO 24759:2017] Section 6 FIPS 140-3 Section Title Security Level [Number Below]
1 General 3
2 Cryptographic Module Specification 3
3 Cryptographic Module Interfaces 3
4 Roles, Services, and Authentication 3
5 Software/Firmware Security 3
6 Operational Environment N/A
7 Physical Security 3
8 Non-Invasive Security N/A
9 Sensitive Security Parameter Management 3
10 Self-Tests 3
11 Life-Cycle Assurance 3
12 Mitigation of Other Attacks N/A
The Thales Luna G7 Cryptographic Module is a standalone hardware security module in the form of a USB device. The cryptographic module is contained in its own secure enclosure, which provides physical resistance. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure in the USB device. The module must be explicitly configured to operate in an Approved Mode of Operation using steps outlined in sections 13.3 and 13.4. Configuration steps outlined in these sections are performed during the secure initialization of the module. The module only supports a single approved mode of operation and any configuration changes to settings defining that mode will trigger a zeroization of all partition Sensitive Security Parameter (SSP) and require the full reset and re-initialization of the module. NOTE Thales Luna G7 Cryptographic Module does not support degraded operation as defined in [ISO 19790:2012]. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with support for a broad range of cryptographic services. Access to key material and cryptographic services for users and user application software is provided through the PKCS #11 programming API, which is implemented over the module’s proprietary command interface. The module may host multiple ‘user partitions’ which are cryptographically separated and are presented as ‘virtual tokens’ to user applications. A single ‘admin partition’ exists, which is dedicated to the HSM Security Officer (HSM SO) and Administrator roles. Each partition must be separately authenticated in order to make it available for use.
The cryptographic module as defined in [ISO 19790:2012] is a hardware module with a multi-chip standalone embodiment. NOTE The Thales Luna G7 Cryptographic Module can be used as follows: as a standalone device called the Thales Luna G7 USB HSM; or as a standalone device called the Thales Luna G7 Backup HSM. The Tested Operational Environment’s Physical Perimeter (TOEPP) of the modules is shown in Figure 2-1 and Figure 2-2 below. The TOEPP is defined as the enclosure on the top and bottom sides of the USB device defined as outlined.
Cryptographic Module Specification TOEPP Figure 2-1: Thales Luna G7 Cryptographic Module HW 808-000064-005 and 808-000064-006 TOEPP Figure 2-2: Thales Luna G7 Cryptographic Module HW 808-000080-001 and 808-000080-002 The module includes a CR2032, 3V, coin battery, which is excluded from the TOEPP boundary. This battery is used to power the modules real-time clock when not connected through the 5V power interface. The real-time clock is not used to support any approved security functions supported by the module.
Cryptographic Module Specification The following figure highlights the cryptographic boundary of the module covered by this certification: Cryptographic boundary Bootloader Main Firmware 7.7.3 1.x.x G7 Hardware Platform Figure 2-3: Thales Luna G7 Cryptographic Module cryptographic boundary. The cryptographic boundary includes the bootloader and the main firmware. The bootloader and main firmware are ‘firmware’ within the scope of definitions in [ISO 19790:2012]. NOTE As covered above, ‘firmware’ for the module includes the bootloader and main firmware. To use the module in an approved mode of operation, all firmware, including the bootloader and main firmware must be validated to [FIPS 140-3] to run on Thales Luna G7 Cryptographic Module.
The following tested configurations are covered in this security policy: Table 2-1: Cryptographic module configuration. Model Hardware Firmware Version Distinguishing Features [Part Number and Version] Thales Luna G7 USB 808-000080-001 Main firmware: 7.7.3 with Second USB port and screen with HSM or Bootloader: 1.3.0, 1.5.0 or 1.6.0 higher resolution. Thales Luna G7 Backup HSM Thales Luna G7 USB 808-000080-002 Main firmware: 7.7.3 with Second USB port and screen with HSM or Bootloader: 1.3.0, 1.5.0 or 1.6.0 higher resolution. Functionally Thales Luna G7 equivalent to 808-000080-001 with Backup HSM the difference limited to the supply choice for one of the non-security enforcing internal components. Thales Luna G7 808-000064-005 Main firmware: 7.7.3 with Single USB port and lower Backup HSM Bootloader: 1.3.0, 1.5.0 or 1.6.0 resolution screen. Thales Luna G7 808-000064-006 Main firmware: 7.7.3 with Single USB port and lower Backup HSM Bootloader: 1.3.0, 1.5.0 or 1.6.0 resolution screen. Functionally equivalent to 808-000064-005 with the difference limited to the supply choice for one of the non-security enforcing internal components. This document covers both the PED and password authentication configurations of the Thales Luna G7 Cryptographic Module. NOTE The security features described in this document apply to the Thales Luna G7 Cryptographic Module only and do not include any feature that may be enforced by the client or Thales Luna PED. NOTE As the module is a hardware module of ‘multi-chip standalone’ embodiment, this security policy is not required to list an operating system.
The following cryptographic library and associated CAVP certificates are used by the cryptographic module: SafeNet Bootloader Cryptographic Library (Cert #C2022) and (Cert #A6549); and SafeNet Cryptographic Library (Certs #C2020, #A674 and #A2125). The following entropy noise source and associated ESV certificate is used by the cryptographic module: Thales G7 Hardware Platform TRNG (Cert #E97). The approved algorithms implemented by the module, alongside their mapping to the certificates above, and together with algorithms use by service, are listed in the Table 2-2 below. Listings in the ‘Use / Function’ column map to services listed in Table 4-2 and Table 4-4. NOTE The following certificates referenced above contain redundant listings not used by the cryptographic module: Cert #C2020 includes listing for KAS-ECC, KAS-FFC, CVL (RSADP) and GMAC;; Cert #C2022 includes SHA1 and SHA2-256. The implementations for SHA1 and SHA2-256 are present in the bootloader to verify firmware integrity but are redundant to other approved security functions. Firmware authenticity is checked using RSA PKCS#1 v1.5 with SHA2-384. Implementations for these algorithms are present in the software libraries or hardware integrated circuits used by the module and have completed CAVP testing but where these functions are either not called by the modules executable code or the target function is not used as a security function to satisfy requirements from FIPS 140-3.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #A2125 ECDSA SigGen Signature Generation B-233, B-283, Request HSM self-test, Generate signature or MAC SHA3-224, SHA3-256, SHA3-384, SHA3-512. B-409, B-571, K-233, over user supplied data , Setup Remote PED Session. Standard: [FIPS 186-4] K-283, K-409, K-571, P-224, P-256, P-384, P-521. #A2125 ECDSA SigVer Signature Verification B-233, B-283, Request HSM self-test, Verify signature or MAC over B-409, B-571, K-233, user supplied data, Setup Remote PED Session. Standard: [FIPS 186-4] SHA3-224, SHA3-256, SHA3-384, SHA3-512. K-283, K-409, K-571, P-224, P-256, P-384, P-521. #A2125 HASH_DRBG SHA2-256 256-bits. Clone SMK between partitions, Configure partition for Standard: [SP800-90Ar1]. high-available recovery / login, Create a user partition, Enable/disable STM, Export secret or private key using key wrapping, Extract entropy from DRBG, Generate domain parameters, Generate local symmetric or asymmetric key-pair, Generate signature or MAC over user supplied data, Initialize the HSM, Initialize Remote PED Vector (RPV), Initialize role, Perform encrypt operation on user supplied data object, Request HSM self-test, Setup Remote PED Session, Reseed partition DRBG, Rollover SMK for a given partition. #A2125 KAS-ECC fullUnified with full key validation and key- P-521. Setup Remote PED Session. pair generation Standard: [SP800-56Ar3] KDF: OneStep using SHA2-512. Key Confirmation: HMAC-SHA2-256 with 256bit key. #A2125 KAS-ECC-SSC ephemeralUnified, fullUnified, onePassDH B-233, B-283, B-409, B-571, K-233, K-283, Request HSM self-test, Derive key from existing K-409, K-571, P-224, P-256, P-384, P-521. partition secret or private key object. Standard: [SP800-56Ar3]. #A2125 KAS-FFC-SSC dhHybrid1, dhEphem, dhHybridOneFlow, 2048, 3072 and 4096-bits. Request HSM self-test, Derive key from existing Standard: [SP800-56Ar3] dhOneFlow. partition secret or private key object. #A2125 KAS-IFC KAS1-basic 4096-bits. Clone SMK between partitions, Configure partition for high-available recovery / login. Standards: [SP800-56Br2] and Key generation method: rsakpg1-crt, [SP800-56Cr2]. rsakpg2-crt. KDF method: One-Step Key Derivation from [SP800-56Cr2] using SHA2-512.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #A2125 KDA One-Step Sp800-56Cr1 One-Step Key Derivation Shared secret length: 224-8192, Request HSM self-test, Derive key from existing increment 1 byte. partition secret or private key object. Standard: [SP800-56Cr1]. SHA1. Derived Key length: 512. #A2125 KDA One-Step Sp800-56Cr2 One-Step Key Derivation Shared secret length: 224-8192, Request HSM self-test, Derive key from existing increment 1 byte. partition secret or private key object, Clone SMK Standard: SP800-56Cr2. SHA2-224, SHA2-256, SHA2-384, SHA2-512, Derived Key length: 4096-bits. between partitions. SHA3-224, SHA3-256, SHA3-384, SHA3-512. #A2125 KDF ANS 9.42 (CVL)1 SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2- Shared secret length: 64-4096-bits, Request HSM self-test, Derive key from existing 512, SHA3-224, SHA3-256, SHA3-384, SHA3- increment 1 byte. partition secret or private key object. Standard: [SP800-135r1]. 512. #A2125 KDF ANS 9.63 (CVL) SHA2-224, SHA2-256, SHA2-384, SHA2-512. 128, 4096 bits. Perform encrypt operation on user supplied data object. Standard: [SP800-135r1]. #A2125 KTS-IFC KTS-OAEP-basic 2048, 3072, 4096, 6144, and 8192 bits. Request HSM self-test, Import secret or private key using key wrapping, Initialize the HSM, Initialize role, Standards: [SP800-56Br2] and Key generation method: rsakpg1-crt and Caveat: Key establishment methodology Change authentication data, Login as role. [SP800-56Cr2]. rsakpg2-crt provides between 112 and 201 bits of Hash: SHA2-224, SHA2-256, SHA2-384, SHA2- encryption strength 512, SHA3-224, SHA3-256, SHA3-384, SHA3Mask Generation Function: SHA2-224, SHA2256, SHA2-384, SHA2-512, SHA3-224, SHA3256, SHA3-384, SHA3-512 #A2125 PBKDF2 HMAC-SHA2-512 Derived Key Length: Initialize the HSM, Initialize Remote PED Vector (RPV), 256-bits Initialize role, Change authentication data, Login as Standard: [SP800-132]. Password Length: role, Request HSM self-test. 128-bits Salt Length: 256-bits #A6549 RSA SigVer Signature Verification 4096-bit Request authentication and execution of main SHA2-384 firmware. Standard:. [FIPS 186-5] Used internal to the cryptographic module to derive the storage encryption key used to encrypt the checkword used during password-based authentication. The derived key is separately used to encrypt for storage the USK which is independently also encrypted under the module generated KEK. The module uses method 1a from [SP800-132] where the derived Master Key (MK) is used directly as the Data Protection Key (DPK). Further information on use of PBKDF is provided in section 4.2.1.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #A674 RSA KeyGen Key Generation B.3.3 and B.3.6 4096 bits. Configure partition for high-available recovery / login, Generate local symmetric or asymmetric key-pair, Standard: [FIPS 186-4]. Vendor Note: Key sizes up to modulus Initialize the HSM, Initialize role, Request HSM selflength 8192-bit are supported for key test. generation by the module as permitted by [SP800-131Ar2] but were not supported for test by the NIST CAVP program above modulus 4096-bits at the time of module submission. #A674 RSA SigGen Signature Generation 4096-bit. Clone SMK between partitions, Generate signature or Vendor Note: Key sizes up to modulus MAC over user supplied data, Request HSM self-test. Standard: [FIPS 186-4]. (PKCS #1-v1.5 and PKCS-PSS): SHA2-224, length 8192-bit are supported for key SHA2-256, SHA2-384, SHA2-512, SHA3-224, generation by the module as permitted SHA3-256, SHA3-384, SHA3-512. by [SP800-131Ar2] but were not supported for test by the NIST CAVP (ANSI X9.31): SHA2-224, SHA2-256, SHA2-384, program above modulus 4096-bits at the SHA2-512. time of module submission. Vendor affirmed using [FIPS 140-3 IG], C.C, The Use and the Testing Requirements for the Family of Functions defined in FIPS 202, when using SHA-3. #A674 RSA SigVer Signature Verification 4096-bit. Load configuration update file, Clone SMK between partitions, Configure partition for high-available Standard: [FIPS 186-4]. (PKCS #1-v1.5 and PKCS-PSS): SHA1, SHA2- Vendor Note: Key sizes up to modulus recovery / login, Generate local symmetric or 224, SHA2-256, SHA2-384, SHA2-512, SHA3- length 8192-bit are supported for asymmetric key-pair, Request HSM self-test, Update 224, SHA3-256, SHA3-384, SHA3-512 signature generation and verification by firmware, Verify signature or MAC over user supplied (ANSI X9.31): SHA1, SHA2-224, SHA2-256, the module as permitted by [SP800data. SHA2-384, SHA2-512 131Ar2] but were not supported for test by the NIST CAVP program above Vendor affirmed using [FIPS 140-3 IG], C.C, modulus 4096-bits at the time of module The Use and the Testing Requirements for submission. the Family of Functions defined in FIPS 202, when using SHA-3. #C2020 AES-CBC CBC 128, 192, 256 bits. Perform encrypt operation on user supplied data object, Perform decrypt operation on user supplied Standards: [FIPS 197]. data object, Import secret or private key using key wrapping, Insert key from external storage using SKS, , Request HSM self-test.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 AES-CFB128 CFB128 128, 192, 256 bits. Perform encrypt operation on user supplied data object, Perform decrypt operation on user supplied Standards: [FIPS 197] and data object, Request HSM self-test. [SP800-38A]. #C2020 AES- CFB8 CFB8 128, 192, 256 bits. Perform encrypt operation on user supplied data Standards: [FIPS 197] and object, Perform decrypt operation on user supplied [SP800-38A]. data object, Request HSM self-test. #C2020 AES-CMAC CMAC 128, 192, 256 bits. Generate signature or MAC over user supplied data, Standards: [FIPS 197], Verify signature or MAC over user supplied data, [SP800-38D], [SP800-38E] and Request HSM self-test. [SP800-38F]. #C2020 AES-CTR CTR 128, 192, 256 bits. Send or receive data over PED tunnel (remote PED), Standards: [FIPS 197] and Perform encrypt operation on user supplied data [SP800-38A]. object, Perform decrypt operation on user supplied data object¸ Import secret or private key using key wrapping, Request HSM self-test. #C2020 AES-ECB ECB 128, 192, 256 bits. Perform encrypt operation on user supplied data Standards: [FIPS 197] and object, Perform decrypt operation on user supplied [SP800-38A]. data object, Import secret or private key using key wrapping, Request HSM self-test. #C2020 AES-GCM3 GCM 128, 192, 256 bits. Extract key to external storage using SKS, Perform Standards: [FIPS 197] and encrypt operation on user supplied data object, [SP800-38D]. Perform decrypt operation on user supplied data object, Import secret or private key using key wrapping, Export secret or private key using key wrapping, Request HSM self-test. #C2020 AES-KW KW 128, 192, 256 bits. Perform encrypt operation on user supplied data Standards: [FIPS 197] and object, Perform decrypt operation on user supplied [SP800-38F]. data object, Import secret or private key using key wrapping, Export secret or private key using key wrapping, Request HSM self-test.
3 The module generates IVs internally using the approved DRBG where all IV used are 128-bits in length per [SP800-38D] and in accordance with FIPS 140-3 I.G. C.H, scenario 2.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 AES-KWP KWP 128, 192, 256 bits. Initialize the HSM, Create a user partition, Initialize Standards: [FIPS 197] and role, Export/import audit log secret key, Clone SMK [SP800-38F]. between partitions, Rollover SMK for a given partition, Change authentication data, Initialize role, Configure partition for high-available recovery / login, Login as role, Initialize Remote PED Vector (RPV), Send or receive data over PED tunnel (remote PED), Generate local symmetric or asymmetric key-pair, Generate domain parameters, Derive key from existing partition secret or private key object, Import secret or private key using key wrapping, Export secret or private key using key wrapping, Insert key from external storage using SKS, Extract key to external storage using SKS, Perform encrypt operation on user supplied data object, Perform decrypt operation on user supplied data object, Generate signature or MAC over user supplied data, Verify signature or MAC over user supplied data, Change authentication data , Request HSM self-test. #C2020 AES-OFB OFB 128, 256 bits. Perform encrypt operation on user supplied data Standards: [FIPS 197] and object, Perform decrypt operation on user supplied [SP800-38A]. data object, Request HSM self-test. #C2020 DSA KeyGen Key Generation 2048, 3072 bits. Generate local symmetric or asymmetric key-pair. Standard: [FIPS 186-4]. #C2020 DSA PQGGen Parameter Generation: 2048, 3072 bits. Generate domain parameters. Standard: [FIPS 186-4]. SHA2-224, SHA2-256 #C2020 DSA SigGen Signature Generation 2048, 3072 bits. Generate signature or MAC over user supplied data, Request HSM self-test. Standard: [FIPS 186-4]. SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 #C2020 DSA SigVer Signature Verification 1024, 2048, 3072 bits. Verify signature or MAC over user supplied data, Request HSM self-test. Standard: [FIPS 186-4]. SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2512, SHA3-224, SHA3-256, SHA3-384, SHA3-
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 ECDSA KeyGen Key Generation B-233, B-283, B-409, B-571, K-233, K-283, Generate local symmetric or asymmetric key-pair, K-409, K-571, P-224, P-256, P-384, P-521. Initialize Remote PED Vector (RPV), Setup Remote PED Standard: [FIPS 186-4]. Session. #C2020 ECDSA SigGen Signature Generation B-233, B-283, B-409, B-571, K-233, K-283, Generate signature or MAC over user supplied data, SHA2-224, SHA2-256, SHA2-384, SHA2-512. K-409, K-571, P-224, P-256, P-384, P-521. Request HSM self-test, Setup Remote PED Session,. Standard: [FIPS 186-4]. #C2020 ECDSA SigVer Signature Verification B-163, B-233, B-283, B-409, B-571, K-163, Request HSM self-test, Setup Remote PED Session, K-233, K-283, K-409, K-571, P-192, P-224, Verify signature or MAC over user supplied data. Standard: [FIPS 186-4]. SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2P-256, P-384, P-521. 512. #C2020 HMAC-SHA-1 HMAC-SHA-1 Mac size: 80, 96, 128, 160. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test, Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 202]. #C2020 HMAC-SHA2-224 HMAC-SHA2-224 Mac size: 112, 128, 160, 192, 224. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Verify signature or MAC over user supplied data, Standards: [FIPS 198-1] and block size, key size > block size. Request HSM self-test. [FIPS 180-4]. #C2020 HMAC-SHA2-256 HMAC-SHA2-256 Mac size: 128, 192, 256. Send or receive data over PED tunnel (remote PED), Key size: key size < block size, key size = Request HSM self-test, Generate signature or MAC Standards: [FIPS 198-1] and block size, key size > block size. over user supplied data, Verify signature or MAC over [FIPS 180-4]. user supplied data, Generate secure log record. #C2020 HMAC-SHA2-384 HMAC-SHA2-384 Mac size: 192, 256, 320, 384. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test, Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 180-4]. #C2020 HMAC-SHA2-512 HMAC-SHA2-512 Mac size: 256, 320, 384, 448, 512. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test, Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 180-4]. #C2020 HMAC-SHA3-224 HMAC-SHA3-224 Mac size: 112, 128, 160, 192, 224. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test, Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 202]. #C2020 HMAC-SHA3-256 HMAC-SHA3-256 Mac size: 128, 192, 256. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 202]. #C2020 HMAC-SHA3-384 HMAC-SHA3-384 Mac size: 192, 256, 320, 384. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 202].
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 HMAC-SHA3-512 HMAC-SHA3-512 Mac size: 256, 320, 384, 448, 512. Generate signature or MAC over user supplied data, Key size: key size < block size, key size = Request HSM self-test Verify signature or MAC over Standards: [FIPS 198-1] and block size, key size > block size. user supplied data. [FIPS 202]. #C2020 KDF KBKDF 1024, 1032, 2048, and 2056. Initialize the HSM, Initialize role, Derive key from existing partition secret or private key object, Change Standard: [SP800-108r1]. Mode: Counter Fixed Data Order: Before Fixed Data. authentication data, Login as role, Request HSM selfMAC Mode: CMAC-AES128, CMAC-AES192, Counter Length: 32. test. CMAC-AES256, HMAC-SHA-1, HMAC-SHA2224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512 #C2020 RSA KeyGen Key Generation B.3.3 and B.3.6 2048 and 3072 bits. Request HSM self-test, Generate local symmetric or asymmetric key-pair. Standard: [FIPS 186-4] #C2020 RSA SigGen Signature Generation 2048 and 3072 bits. Request HSM self-test, Generate signature or MAC over user supplied data. Standard: [FIPS 186-4]. (PKCS #1-v1.5 and PKCS-PSS): SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 (ANSI X9.31): SHA2-224, SHA2-256, SHA2-384, SHA2-512 Vendor affirmed using [FIPS 140-3 IG], C.C, The Use and the Testing Requirements for the Family of Functions defined in FIPS 202, when using SHA-3.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 RSA SigVer Signature Verification 1024, 2048 and 3072 bits. Request HSM self-test, Verify signature or MAC over user supplied data. Standard: [FIPS 186-4]. (PKCS #1-v1.5 and PKCS-PSS): SHA1, SHA2224, SHA2-256, SHA2-384, SHA2-512, SHA3- Legacy4 for 1024 bits 224, SHA3-256, SHA3-384, SHA3-512. (ANSI X9.31): SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2-512. Vendor affirmed using [FIPS 140-3 IG], C.C, The Use and the Testing Requirements for the Family of Functions defined in FIPS 202, when using SHA-3. #C2020 SHA1 SHA1 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard: [FIPS 180-4] and supplied data. [FIPS 202]. #C2020 SHA2-224 SHA2-224 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard: [FIPS 180-4] and supplied data. [FIPS 202]. #C2020 SHA2-256 SHA2-256 N/A Request HSM self-test, Protect object integrity, Enable/disable STM, Initialize role, Configure partition Standards: [FIPS 180-4] and for high-available recovery / login, Login as role, [FIPS 202]. Import secret or private key using key wrapping, Insert key from external storage using SKS, Perform digest operation on user supplied data. #C2020 SHA2-384 SHA2-384 N/A Request HSM self-test, Update firmware, Load configuration update file, Configure partition for highStandard: [FIPS 180-4]. available recovery / login, Import secret or private key using key wrapping, Perform digest operation on user supplied data.
4 Legacy usage only. These legacy algorithms can only be used on data that was generated prior to the Legacy Date specified in FIPS 140-3 IG C.M.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 SHA2-512 SHA2-512 N/A Request HSM self-test, Clone SMK between partitions, Enable/disable STM, Initialize role, Configure partition Standard: [FIPS 180-4]. for high-available recovery / login, Initialize Remote PED Vector (RPV), Generate local symmetric or asymmetric key-pair, Generate domain parameters, Derive key from existing partition secret or private key object, Import secret or private key using key wrapping, Export secret or private key using key wrapping, Perform digest operation on user supplied data, Perform encrypt operation on user supplied data object, Generate signature or MAC over user supplied data. #C2020 SHA3-224 SHA3-224 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard:.[FIPS 202]. supplied data. #C2020 SHA3-256 SHA3-256 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard:.[FIPS 202]. supplied data. #C2020 SHA3-384 SHA3-384 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard:.[FIPS 202]. supplied data. #C2020 SHA3-512 SHA3-512 N/A Request HSM self-test, Import secret or private key using key wrapping, Perform digest operation on user Standard:.[FIPS 202]. supplied data. #C2020 SHAKE-128 SHAKE-128 N/A Request HSM self-test, Perform digest operation on user supplied data. Standard:.[FIPS 202]. #C2020 SHAKE-256 SHAKE-256 N/A Request HSM self-test, Perform digest operation on user supplied data. Standard:.[FIPS 202]. #C2020 Triple-DES-CBC CBC 168-bits Request HSM self-test, Perform decrypt operation on Standards:. [SP800-67r2] and user supplied data object, Import secret or private key [SP800-38A]. using key wrapping. Legacy4 Decryption #C2020 Triple-DES-CFB64 CFB64 168-bits Request HSM self-test, Perform decrypt operation on Standards: [SP800-67r2] and user supplied data object. [SP800-38A]. Legacy4 Decryption
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #C2020 Triple-DES-CFB8 CFB8 168-bits Request HSM self-test, Perform decrypt operation on Standards: [SP800-67r2] and user supplied data object. [SP800-38A]. Legacy4 Decryption #C2020 Triple-DES-CMAC CMAC (MAC verify only) 168-bits Request HSM self-test. Verify signature or MAC over Standards: [SP800-67r2] and user supplied data. [SP800-38B]. Legacy4 Verification #C2020 Triple-DES-CTR CTR 168-bits Request HSM self-test, Perform decrypt operation on Standards:. [SP800-67r2] and user supplied data object, Import secret or private key [SP800-38A]. using key wrapping. Legacy4 Decryption #C2020 Triple-DES-ECB ECB 168-bits Request HSM self-test, Perform decrypt operation on Standards:. [SP800-67r2] and user supplied data object, Import secret or private key [SP800-38A]. using key wrapping. Legacy4 Decryption #C2020 Triple-DES-OFB OFB 168-bits Request HSM self-test, Perform decrypt operation on Standards:. [SP800-67r2] and user supplied data object. [SP800-38A]. Legacy4 Decryption #C2022 SHA2-384 SHA2-384 (Byte Only) N/A Request authentication and execution of main firmware. Standard:. [FIPS 180-4] #A2125 KAS (KAS-ECC-SSC (Cert ephemeralUnified, and onePassDH with X9.63 B-233, B-283, B-409, B-571, K-233, K-283, Request HSM self-test, Derive key from existing #A2125) and CVL (Cert KDF from [SP800-135r1] using SHA2-224, K-409, K-571, P-224, P-256, P-384, P-521. partition secret or private key object. #A2125)) SHA2-256, SHA2-384, SHA2-512. Caveat: Key establishment methodology Standards: [SP800-56Ar3], provides between 112 and 256-bits of and [SP800-135r1]. encryption strength. #A2125 KAS (KAS-ECC-SSC (Cert ephemeralUnified, and onePassDH with B-233, B-283, B-409, B-571, K-233, K-283, Request HSM self-test, Derive key from existing #A2125) and KDA (Cert OneStep KDF from [SP800-56Cr2]5 with K-409, K-571, P-224, P-256, P-384, P-521. partition secret or private key object. #A2125)) Auxiliary function: SHA1, SHA2-224, SHA2Caveat: Key establishment methodology Standards: [SP800-56Ar3] and 256, SHA2-384, SHA2-512, SHA3-224, SHA3provides between 112 and 256-bits of [SP800-56Cr2]. 256, SHA3-384, SHA3-512. encryption strength.
Cryptographic Module Specification Table 2-2: Approved Algorithms Description / Key Size(s) / Key CAVP Cert Algorithm and Standard Mode / Method Strength(s) Use / Function #A2125 KAS (KAS-FFC-SSC (Cert Methods: dhHybrid1, dhEphem, 2048, 3072 and 4096 bits. Request HSM self-test, Derive key from existing #A2125) and CVL (Cert dhHybridOneFlow and dhOneFlow with X9.42 partition secret or private key object. #A2125)) KDF from [SP800-135r1] using SHA2-224, Caveat: Key establishment methodology Standards: [SP800-56Ar3] and SHA2-256, SHA2-384, SHA2-512, SHA3-224, provides between 112 and 150-bits of [SP800-135r1]. SHA3-256, SHA3-384, SHA3-512. encryption strength. #A2125 KAS (KAS-FFC-SSC (Cert Methods: dhHybrid1, dhEphem, 2048, 3072 and 4096 bits. Request HSM self-test, Derive key from existing #A2125) and KDA (Cert dhHybridOneFlow and dhOneFlow with partition secret or private key object. #A2125)) OneStep KDF from [SP800-56Cr2] with Caveat: Key establishment methodology Standards: [SP800-56Ar3] and Auxiliary function: SHA1, SHA2-224, SHA2- provides between 112 and 150-bits of [SP800-56Cr2]. 256, SHA2-384, SHA2-512, SHA3-224, SHA3- encryption strength. 256, SHA3-384, SHA3-512. #E97 Physical Live noise source Full Entropy Initialize the HSM, Create a user partition, Clone SMK [SP800-90B], [FIPS 180-4] between partitions, Rollover SMK for a given partition, Enable/disable STM, Request HSM self-test, Initialize role, Configure partition for high-available recovery / login, Initialize Remote PED Vector (RPV), Setup Remote PED Session, Generate local symmetric or asymmetric key-pair, Generate domain parameters, Derive key from existing partition secret or private key object, Export secret or private key using key wrapping, Re-seed partition DRBG, Extract entropy from DRBG, Perform encrypt operation on user supplied data object, Generate signature or MAC over user supplied data.
Cryptographic Module Specification Table 2-3: Vendor Affirmed Approved Algorithms Algorithm Caveat Use / Function CKG6 Vendor Affirmed Initialize the HSM, Create a user partition, Clone SMK between partitions, Rollover SMK for a [SP800-133r2] given partition, Initialize role, Change authentication data, Initialize Remote PED Vector (RPV), Setup Remote PED Session, Generate local symmetric or asymmetric key-pair, Generate domain parameters. Table 2-4: Non-approved algorithms allowed in the approved mode of operation Algorithm Caveat Use / Function Key Agreement Scheme KAS-ECC-SSC ephemeralUnified, fullUnified, onePassDH Derive key from existing partition secret or private key object. (Cert #A2125) When using Non-NIST curves from Table 2-6 and allowances from [FIPS 140-3 IG] C.A, Use of Non-approved elliptic curves. Key Transport KTS (AES Cert. Key unwrapping: key establishment methodology provides between 128 and 256 bits of Clone SMK between partitions, #C2020) encryption strength. Import secret or private key Uses allowances in [FIPS 140-3 IG] D.G, Key transport methods, for key unwrapping using using key wrapping. un-authenticated modes of encryption listed on Cert #C2020 without use of an additional approved hash function. Legacy4 Unwrapping KTS (Triple-DES Key unwrapping: key establishment methodology provides 112 bits of encryption Import secret or private key Cert #C2020) strength. using key wrapping. Uses allowances in [FIPS 140-3 IG] D.G, Key transport methods, for key unwrapping using un-authenticated modes of encryption listed on Cert #C2020 without use of an additional Legacy4 Unwrapping approved hash function. Table 2-5: Non-Approved Algorithms Allowed in the Approved Mode of Operation with No Security Claimed Algorithm Caveat Use / Function N/A N/A N/A
6 Symmetric keys and seed for asymmetric key generation are created based on the direct output of the module DRBG (#C2020)
based on [SP800-133r2] using example 1 from section 4 and 6.1 where V is a string of binary zeroes and as such B = V. Asymmetric Key pairs are generated based on [SP800-133r2], section 5.1 and 5.2 and using methods from [FIPS 186-4]. The module supports derivation of keys from other keys as per [SP800-133r2], section 6.2.2, and supports the derivation of keys from passwords using methods in 6.2.3 and [SP800-132] for storage encryption. Keys can also be recovered from key components entered into the module using methods from [SP800-133r2], section 6.3 and both concatenation of components (option 1) or Exclusive-Oring (option 2).
Cryptographic Module Specification Table 2-6: Supported non-NIST elliptic curve as per [FIPS 140-3] IG C.A Curve Field Type Permitted Operations Curve Name Definition Security Strength Sign Verify Derive Brainpool P512r1 Prime field
Non-Approved security functions are not available for use when the module has been configured to operate in the approved mode (see section 13.3 and 13.4). The following table lists non-approved algorithms supported for use with certain user consumable services when the module is configured in the non-Approved mode of operation during secure initialization. NOTE The module is capable of supporting a single mode of operation. Transition from an approved to non-approved mode of operation automatically triggers HSM zeroize module service. Table 2-7: Non-approved algorithms not allowed in the approved mode of operation. Algorithm / Function Use / Function Symmetric Encryption / Decryption ARIA Perform decrypt operation on user supplied data object, Perform encrypt operation on user CAST3 supplied data object, Derive key from existing CAST5 partition secret or private key object, Import secret or private key using key wrapping. DES RC2 RC4 RC5
Cryptographic Module Specification Algorithm / Function Use / Function RSA (non-compliant with less than 112 bits of encryption strength) RSA X.5097 SEED SM4 Triple-DES (non-compliant for encrypt operations) XOR8 Hashing HAS-160 Derive key from existing partition secret or private key object, Verify signature or MAC over KECCAK user supplied data, Perform digest operation on MD2 user supplied data. MD5 RIPEMD-160 SM3 Message Authentication Code AES-MAC Generate signature or MAC over user supplied data, Verify signature or MAC over user supplied ARIA-CMAC data. ARIA-MAC CAST3-MAC CAST5-MAC COMP128 DES-MAC HAS160-HMAC HMAC (non-compliant with less than 112 bits of encryption strength) MD5-HMAC MILENAGE RC2-MAC RC5-MAC RIPEMD160-HMAC SEED-CMAC SEED-MAC SM3-HMAC SSL3-MD5-MAC SSL3-SHA1-MAC
7 this algorithm allows RSA encryption of a supplied data object without the use of padding. Any required padding is added by the operator ahead
of supplying the data to this variant of the RSA encrypt/decrypt function. this algorithm allows the operator to XOR supplied data with either a supplied base key or key derived from a base key. This function is deprecated for use in any situation where security of the data or key is required .
Cryptographic Module Specification Algorithm / Function Use / Function Triple-DES-CMAC (non-compliant for MAC generation) Triple-DES-MAC Triple-DES-x9.19-MAC TUAK Asymmetric DSA (non-compliant with less than 112 bits of encryption strength) Generate signature or MAC over user supplied data, Verify signature or MAC over user supplied ECDSA (non-compliant with less than 112 bits of encryption strength) data. EdDSA EdDSA PH KCDSA RSA (non-compliant with less than 112 bits of encryption strength) SM2 SM3 Key Derivation AES9 Derive key from existing partition secret or private key object. ARIA BIP32 DES MD5 SHA10 SSL PRE-MASTER SSL3-MASTER SM3 Triple-DES XOR11 Key Agreement Diffie-Hellman (key agreement; key establishment methodology; non-compliant with Derive key from existing partition secret or less than 112 bits of encryption strength) private key object. ECC (non-compliant with less than 112 bits of encryption strength) Key Transport AES12 Import secret or private key using key wrapping, Export secret or private key using key wrapping. ARIA
9 AES is non-approved for key derivation when used to derive keys using methods other than as permitted by NIST standard such as [SP800-
56Cr2] and [SP800-108r1] in particular, use of AES in ECB or CBC mode directly to derive keys. SHA1, SHA2 and SHA3 are non-approved for key derivation when they are used to derive keys in a way that is non-compliant with NIST standards such as [SP800-56Cr2], [SP800-108r1], [SP800-132] and [SP800-135r1]. XOR is non-approved for key derivation when selected as a mechanism to combine supplied user data with an existing module stored key. AES is non-approved for key transport when used to encrypt keys using methods other than as permitted by NIST standards such as [SP80038F]. In particular, use of un-authenticated modes of AES for encryption without a separate authentication tag (e.g. signature or MAC) is nonapproved.
Cryptographic Module Specification Algorithm / Function Use / Function CAST3 CAST5 DES RC2 RSA (key wrapping; key establishment methodology; non-compliant with less than
RSA13 SEED SM4 TDES Asymmetric Key Generation Diffie-Hellman (non-compliant with less than 112 bits of encryption strength) Generate local symmetric or asymmetric keypair, Generate domain parameters. ECC (non-compliant with less than 112 bits of encryption strength) KCDSA RSA (non-compliant with less than 112 bits of encryption strength) SM2 X9.42 Domain Parameter Generation non-compliant when used for key transport using RSA variants that are [SP800-56Br2] non-compliant.
The following figure identifies the physical interfaces to the cryptographic module: Power supply USB port Top side view Battery Excluded USB port 7.7.2 Cryptographic Boundary Right side view Top view LCD touch screen SafeNet Luna Backup HSM Smart Card reader Bottom side view Figure 3-1: Thales Luna G7 Cryptographic Module physical interfaces. NOTE The USB port on the right side of the figure is only present on the 808-000080-001 and 808-000080-002 versions on the hardware. The cryptographic module is a multi-chip standalone hardware module in the small form factor device. The cryptographic boundary of the module is shown above. The cryptographic boundary is defined to encompass all components inside the enclosure, including the LCD touch screen panel. The following table maps the physical interface to logical interfaces and supported data:
Cryptographic Module Interfaces Table 3-1: Ports and interfaces. Physical port Logical interfaces Data that passes over port/interface Top USB3 Type C port Data input interface, data output interface, Diagnostics information when the firmware is control input interface, status output interface operational Primary interface for user interaction with the module using the ICD protocol as maps to PKCS #11 Encrypted channel for Thales Luna PED when connected remotely Right USB2 Type C port Data input interface, data output interface, Channel for the iKey when connected locally (Only present on 808- control input interface, status output interface 000080-001 and 808-000080-
hardware) Smart Card reader Data input interface, data output interface, This is redundant interface not currently used by control input interface, status output interface the module. The interface is disabled in all current configurations of the module LCD Touch Screen Data input interface, data output interface, During boot sequence: control input interface, status output interface used to signal progress during the boot process General operation: Display useful information to the user regarding the state of the device; Primary interface for user interaction when the iKey is connected locally Power supply 5V Power interface N/A
Trusted channel summary Where CSP and authentication are not separately encrypted, these are exclusively passed into or output from the module by a trusted channel. The following trusted channels are defined for Thales Luna G7 Cryptographic Module: Physical Trusted Path (USB)
Cryptographic Module Interfaces Physical Trusted Path (USB) If configured, the module can use an iKey as an external data input/output device for CSP and authentication data. The iKey connects to the module’s rightmost USB port and is used to pass authentication data and CSPs to and from the module via a physical trusted path. CSP’s and authentication data that are output to the iKey are written to the iKey itself. Authentication of the module by the iKey is done by physical means based on the direct physical connection of the iKey to the Thales Luna G7 Cryptographic Module. All authentication data from the user is entered via the module’s LCD screen. Messages exchanged from the iKey and the module are encrypted using AES with a 256-bit key in CTR mode alongside a MAC using HMAC-SHA2-256. Authentication Trusted Path (LCD) Authentication of the module is done using G7 UI via the liquid crystal display (LCD) of the Thales Luna G7 Cryptographic Module. This trusted channel is used as part of the identity based authorization scheme to present the authentication data and is not separately authenticated.
Roles, Services, and Authentication
The Thales Luna G7 Cryptographic Module supports the following roles: Table 4-1: Thales Luna G7 Cryptographic Module Roles Roles Principal Duties HSM Security Officer (HSM SO) The HSM SO is responsible for managing the HSM. As such, the HSM SO is authorized to install and configure the HSM and set and maintain global HSM security policies. He/she is also able to request [Admin Partition Role] the load of new HSM firmware update files (FUF) and new Configuration Update Files (CUF). The HSM SO is able to create and delete partitions, but is not authorized to generate, load or use keys stored on the user partitions that have been created. The HSM SO is able to create, manage and use keys created in the Admin Partition alongside is responsible for initializing the ‘Administrator role’. The HSM SO can reset the Administrator password (configuration dependent). The HSM SO is responsible for selecting the authentication method during the HSM initialization. The HSM can have only one HSM SO. Administrator The Administrator is authorized to create, use, transfer and destroy key objects contained in the Admin partition. This role has privileges that are a subset of the HSM SO role. [Admin Partition Role] Partition Security Officer (Partition The Partition SO creates the partition level Partition CO role, sets and changes partition-level SO) policies. This role also has an option to reset the Partition CO password (configuration dependent) following lockout. [User Partition Role] Partition Crypto Officer (Partition The Partition CO role is authorized to create, use, destroy and transfer key objects for a given CO) partition. The Partition CO can optionally create the Partition LCO and Partition CU, and perform initial assignment of key authorization data. [User Partition Role] Partition Limited Crypto Officer The Partition LCO is an optional partition role authorized to create and use key objects, and perform (Partition LCO) initial assignment of key authorization data. The role is only permitted to delete key objects where per-key authorization is used and the correct authorization data for a given key object can be [User Partition Role] presented to the cryptographic module. Partition Crypto User (Partition CU) The Partition CU is the partition role authorized to use the key objects within the partition (e.g. sign, encrypt/decrypt). [User Partition Role] Audit User (AU) The AU initializes the secret key used to generate Message Authentication Code (MAC) for secure audit messages alongside configuring logging levels for the HSM. [Admin Partition Role]
Roles, Services, and Authentication Roles Principal Duties Public User Unauthenticated user with limited access to perform signature verification with public keys where CKA_PRIVATE = false, initialization of the module and roles and to read module status. [Admin or User Partition Role] The act of logging into the roles can be found in section 13.7. The mapping of the cryptographic module’s roles services can be found in the table below. In this table, ‘Any role’ in the ‘role’ column signifies that any role identified in Table 4-1: Thales Luna G7 Cryptographic Module Roles can access the corresponding service. This includes the ‘public user’ that is an implicit role and unauthenticated by the module. Table 4-2: Roles, Services, Input and Output. Role Service Input Output HSM Management Any role HSM Factory Reset - Any role Initialize the HSM session, user ID, label, authentication data (if PED authentication), domain, authentication return code data (if password authentication) HSM SO Create a user partition session, label return code HSM SO Delete a user partition session return code Any role Query HSM status status information type status data, return code Any role Query partition status status information type status data, return code Any role Query HSM configuration hsm policy number policy status Any role Query partition partition policy numbers policy status configuration HSM SO Set HSM policy hsm policy number, value return code HSM SO (admin partition) Set partition policy partition policy number, return code Partition SO (user partition) value HSM SO Update firmware session, signed firmware return code image Any role Protect object integrity object handle Return code Any role HSM zeroize session return code Any role Trigger user partition session return code zeroize HSM SO Load configuration update session, signed return code file configuration update image Any role Query the audit log status session audit log status, return code Any role Generate secure log record session and app_ID, return code message to log, message type
Roles, Services, and Authentication Role Service Input Output Any role Submit external messages session, message to be return code for entry into secure audit logged log AU Configure the audit log Session, log configuration return code parameter and value AU Export/import audit log session, wrapped log secret wrapped log secret (export only), return code secret key (import only) AU Set time on HSM real time session, time return code clock AU Validate the audit log session, audit log segment, return code audit log key ID HSM SO, Partition CO Clone SMK between session, SMK ID return code partitions HSM SO, Partition CO Rollover SMK for a given session, SMK ID return code partition Any role Enable/disable STM verification data (disable) verification data (enable), calculated fingerprint (disabled), return code Any role Request HSM self-test session, self-test ID return code Role Management Any role Query role status session, role role status, return code HSM SO (required to Initialize role session, user ID, role ID, authentication data (if PED configuration), initialize Administrator) authentication data (if return code HSM SO, Administrator, password authentication) AU, Partition SO, Partition CO, Partition LCO, Partition CU, Public User (required to initialize HSM SO, AU or Partition SO) Partition SO (required to initialize Partition LCO or Partition CU) HSM SO (required to Change authentication data session, user ID, role ID, authentication data (if PED configuration), change HSM SO) authentication data return code AU (required to change AU) HSM SO or Administrator (required to change Administrator) Partition SO (required to change Partition SO and Partition CO) Partition CO or Partition LCO (required to change Partition LCO) Note: Roles are not changed, only the role authentication data
Roles, Services, and Authentication Role Service Input Output HSM SO, Administrator, Configure partition for high- session, HA Login key return code AU, Partition SO, Partition available recovery / login handle CO, Partition LCO, Partition CU HSM SO, Administrator, Login as role session, role ID, return code AU, Partition SO, Partition authentication data CO, Partition LCO, Partition CU Any role Close authenticated - return code sessions Luna PED Configuration HSM SO Initialize Remote PED - return code Vector (RPV) Any role Setup Remote PED Session PED_ID return code Any role Send or receive data over when receiving data: when sending data: plaintext payload PED tunnel (remote PED) plaintext payload when receiving data: return code when sending data: return code Key Management Activities HSM SO, Administrator, Generate local symmetric session, generation public key handle, private key handle, return Partition CO, Partition LCO or asymmetric key-pair algorithm, algorithm code parameters, public key attributes, private key attributes Any role Generate domain session, generation domain object handle, return code parameters algorithm, algorithm parameters HSM SO, Administrator, Derive key from existing session, algorithm, key handle for resulting key, return code Partition CO, Partition LCO partition secret or private algorithm parameters, key key object handles for input derivation keys Any role Import public key, session, object for import imported object handle, return code certificate, domain object or data objects HSM SO, Administrator, Import secret or private key session, unwrapping unwrapped key handle, return code Partition CO, Partition LCO using key wrapping algorithm, algorithm parameters, handle of wrapping key (asymmetric), handle of key to be unwrapped HSM SO, Administrator, Export secret or private key session, wrapping wrapped key, return code Partition CO, Partition LCO using key wrapping algorithm, algorithm parameters, handle of wrapping key, handle of key to be wrapped Any role Read non-sensitive key session, object attributes object data, return code attribute where CKA_PRIVATE = false for a given key object
Roles, Services, and Authentication Role Service Input Output HSM SO, Administrator, Read non-sensitive key session, object attributes object data, return code Partition CO, Partition LCO, attribute where Partition CU, Public User CKA_PRIVATE = true for a given key object HSM SO, Administrator, Insert key from external session, SKS key blob inserted key object handle, return code Partition CO, Partition LCO, storage using SKS Partition CU HSM SO, Administrator, Extract key to external session, key handle SKS key blob, return code Partition CO, Partition LCO, storage using SKS Partition CU Cryptographic Services HSM SO, Administrator, Re-seed partition DRBG session, seed return code Partition SO, Partition CO, Partition LCO, Partition CU HSM SO, Administrator, Extract entropy from DRBG session, size of random random data, return code Partition SO, Partition CO, data requested Partition LCO, Partition CU HSM SO, Administrator, Perform digest operation session, data to hash hash result, return code Partition SO, Partition CO, on user supplied data Partition LCO, Partition CU HSM SO, Administrator, Perform encrypt operation session, algorithm, encrypted data, return code Partition CO, Partition LCO, on user supplied data algorithm parameters, data Partition CU object to encrypt HSM SO, Administrator, Perform decrypt operation session, algorithm, decrypted data, return code Partition CO, Partition LCO, on user supplied data algorithm parameters, data Partition CU object to decrypt HSM SO, Administrator, Generate signature or MAC session, algorithm, signature, return code Partition CO, Partition LCO, over user supplied data. algorithm parameters, data Partition CU to sign HSM SO, Administrator, Verify signature or MAC session, algorithm, return code Partition CO, Partition LCO, over user supplied data algorithm parameters, data Partition CU to verify, signature Bootloader Services Any role Request complete erase of - the HSM main firmware image and key stores (excludes erase of bootloader) Any role Request authentication and - execution of main firmware
Authentication Mechanism Summary All users, except for the Public User, must authenticate to the module using identity-based authentication.
Roles, Services, and Authentication If configured with PED, all roles must authenticate using an iKey. The iKey can be connected directly to the device or to the Luna PED device. In case of Luna PED, the connection needs to be done over the Remote PED channel. When a role is initialized, a module generates the authentication data as a 48-byte random value and writes it to an iKey. Optionally, the Crypto-Officer, Limited Crypto Officer and Crypto-User roles can be configured to use two-factor authentication by also assigning a password to the role. If configured with Password, all roles must authenticate using a minimum of an 8-character password. When a role is initialized under this configuration, the operator enters the initial password for the role. Regardless of configuration (PED or Password), the password is delivered to the module encrypted with the public key from the Password Encryption Certificate (PEC) using KTS-OAEP-basic from [SP800-56Br2]. Table 4-3: Roles and Required Identification and Authentication Authentication Method [SP800-140E] Role Password Authentication Strength PED Configuration Configuration HSM SO Memorized Multi-Factor Crypto Device iKey: 48-byte random authentication data generated when a Secret role is initialized and stored on iKey. The probability of guessing the authentication data in a single attempt is 1 in 2384. With a Auditor Memorized Multi-Factor Crypto Device maximum of 6000 failed login attempts per minute. Secret User provided byte array (minimum 8 bytes): Memorized secret Partition SO Memorized Multi-Factor Crypto Device are limited to a character set of 86 characters14 presented to the Secret module as there ASCII byte representation. The strength of an 8 character password with character set size of 86 is log2(868). Partition CO Memorized Multi-Factor Crypto Device + optional Memorized This makes the probability of guessing the memorized secret in a Secret single attempt 1 in 251 The module supports a maximum of Secret
Partition LCO Memorized Multi-Factor Crypto Device count for a given role is disabled. Secret + optional Memorized Automatic lock-out: This feature, which is enabled by default, Secret can be used to limit the impact of brute force attacks on login Partition CU Memorized Multi-Factor Crypto Device and is covered in more detail in section 4.2.3. Secret + optional Memorized Secret Administrator Memorized Multi-Factor Crypto Device Secret Public User Not Required N/A N/A When using the password authentication mechanism, the module encrypts a known check-word under a key derived using PBKDF from [SP800-132] and option 1a from section 5.4, ‘Using the Derived Master Key to Protect Data’. During a login attempt, the module generates a key from the supplied password, and attempts to decrypt a known checkword. Successful login is achieved if the decrypted checkword matches the expected value. If successful, the PBKDF derived key is used to remove a layer of encryption from the module stored User Storage Key (USK)15. The length of the password used as input to the PBKDF function is consistent with the password length selected by the authenticating user, which is required to be between 8 and 255 characters long. Where passwords are randomly generated, the probability of successfully guessing the password and deriving the storage key for a minimum password length of 8 characters is 1 in 251. This probability is significantly reduced if random passwords are not used.
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 !@#$%^*()-_=+[]{}/:',.~ When ‘decommission’ is enabled as a module capability, the USK is independently encrypted in storage under a 256-bit module generated AES key.
Roles, Services, and Authentication Guidance in Appendix A, ‘Security Considerations’ of [SP800-132] should be consulted when picking an appropriate password length in situations where encryption layers derived from the user password are required to protect the confidentiality of module protected user keys. The module uses an iteration count of 1000 when generating the key used to decrypt the checkword. This limit has been set to account for the fact that objects encrypted under the [SP800-132] derived key are never exported from the module and are exclusively stored inside its cryptographic boundary where they are physically protected. In addition, the module supports lock-out of all identities following a configurable number of failed login attempts where this is the primary mechanism offered by the module to protect against bruteforcing of memorized secret. Activation If PED authentication is configured, the Crypto-Officer, Limited Crypto Officer and Crypto-User roles can be configured to use a two-step authentication process. The first stage is termed “Activation” and is performed using an iKey. Once activated, access to key material and cryptographic services is not allowed until the second stage of authentication, ‘User Login’, has been performed using the role’s password. Once activated, a role stays activated until the role is explicitly deactivated, deleted or the module is reset16. Account lockout behaviours In addition to the cryptographic strength of the authentication mechanisms, all authenticating roles have the ability to maintain a failed authentication count that can be configured to stop attempts to brute force authentication data. The maximum supported failed authentication attempts can be set to between 3 and 10 for each role with the following lockout behaviours observed: lockout of the HSM SO role will trigger the HSM zeroize service; lockout of the Partition SO will trigger the Trigger user partition zeroize service; and lockout of the Administrator, AU, Partition CO, Partition LCO, Partition CU roles will block future authentication attempts until the role is unlocked using the Change authentication data service.
All services listed in the table below can be accessed in approved mode and when in this mode exclusively use the security functions listed in Table 2-2 and Table 2-6. When the module is operating in this mode, security functions in Table 2-7 are disabled and blocked from being used. As notes on the content of Table 4-4: Approved Services: In the ‘Approved Security Functions’ column:
16 A module is reset in response to a trigger signal being received on a request from a host application.
Roles, Services, and Authentication
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator HSM Management HSM Factory Reset Factory reset deletes all roles Algorithms: N/A CITS-DAC, CITS-DAK, ECC Any role Z: (for ALL partition) IND_1 (including HSM SO), all users Key management DAC, Secure Audit AccessID- CITS-DAC, CITS-DAK, ECC and objects and sets all HSM technique: N/A HMAC Key, PSK, USK, DRBG C, DAC, Secure Audit settings and policy to values DRBG V, Entropy Input String, AccessID-HMAC Key, PSK, defined in pre-loaded Authentication Entropy Seed, , KCV, SMK, USK, DRBG C, DRBG V, KCV, configuration update files. technique: N/A HAPUB, HAPK, RND, SMK. HAPUB, HAPK, RND, Asymmetric Key Pairs Asymmetric Key Pairs (general partition or session (general partition or session keys), Symmetric Keys keys), Symmetric Keys (general partition or session (general partition or session keys), SALK, CWKHSM, CWKPED, keys) DEKHSM, DMKHSM, DEKPED, DMKPED, , AEK, AEK-EK, In addition, the following AccessID. HSM level keys are erased: SALK, CWKHSM, CWKPED, DEKHSM, DMKHSM, DEKPED, DMKPED E: AEK, AEK-EK, AccessID.
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Initialize the HSM This service is used to initialize Algorithms: AES (Cert For ALL partition if present
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Delete a user partition This service is used to delete an Algorithms: N/A PSK, USK, DRBG C, DRBG V, HSM SO Z: PSK, USK, DRBG C, DRBG IND_1 existing user partition. Entropy Input String, Entropy V, KCV, SMK, Asymmetric Key management Seed, KCV, SMK, AEK, AEK-EK, Key Pairs (general partition During deletion, the module technique: N/A AccessID, Asymmetric Key or session keys), Symmetric zeroizes all objects associated Authentication Pairs (general partition or Keys (general partition or with the partition. technique: N/A session keys), Symmetric Keys session keys) (general partition or session keys) Query HSM status This service is used to retrieve Algorithms: N/A AEK, AEK-EK, AccessID Any role E: AEK, AEK-EK, AccessID IND_1 general status information on Key management the module including items technique: N/A such as: Authentication hardware, bootloader and technique: N/A main firmware versions; module serial number; module state (e.g., zeroized, initialized); authenticated roles for active session (if present); number of configured partitions; and general error messages and logs. Query partition status This service is used to retrieve Algorithms: N/A AEK, AEK-EK, AccessID Any role E: AEK, AEK-EK, AccessID. IND_1 general status information on a Key management target partition including items technique: N/A such as: Authentication partition label and serial technique: N/A number; partition state (e.g. iKey initialized, user initialized, login required); Active SMK ID. number of stored objects; and used and free storage space.
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Query HSM configuration This service is used to retrieve Algorithms: N/A AEK, AEK-EK, AccessID. Any role E: AEK, AEK-EK, AccessID. IND_1 information on HSM Key management configuration and policy technique: N/A settings. Authentication technique: N/A Query partition This service is used to retrieve Algorithms: N/A AEK, AEK-EK, AccessID. Any role E: AEK, AEK-EK, AccessID. IND_1 configuration information on the Key management configuration and policy technique: N/A settings for a target partition. Authentication technique: N/A Set HSM policy This service is used to set Algorithms: N/A Asymmetric Key Pairs HSM SO Z: for all destructive IND_1 available HSM policy settings. (general partition or session policies - Asymmetric Key Key management HSM policy can only be technique: N/A keys), Symmetric Keys Pairs (general partition or configured if the corresponding (general partition or session session keys), Symmetric Authentication keys), USK, PSK, KCV, SMK, Keys (general partition or configuration item is enabled technique: N/A AEK, AEK-EK, AccessID.. session keys), USK, PSK, which is defined based on loaded configuration update KCV files. If a given policy being set is a ‘destructive policy’
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Update firmware This service validates and then Algorithms: RSA (Cert Root Certificate, Firmware HSM SO E: Root Certificate, IND_1 loads a new module main #A674)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Load configuration This service validated the Algorithms: RSA (Cert Root Certificate and HSM SO E: Root Certificate, IND_1 update file signature on a loaded #A674)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Configure the audit log This service is used to configure Algorithms: N/A AEK, AEK-EK, AccessID. AU E: AEK, AEK-EK, AccessID. IND_1 which audit events are to be Key management recorded in the secure audit log technique: N/A and in addition to configure the location of the secure logging Authentication daemon used to extract log technique: N/A sections from the module. Events are selected based on logging categories assigned to different services with some events always logged unconditionally (e.g. tamper events and self-test failures). Export/import audit log This service exports or imports Algorithms: N/A RDK, SALK, AEK, AEK-EK, AU E: RDK, AEK, AEK-EK, IND_1 secret key and encrypted copy of the AccessID. AccessID. Key management SALK. R: SALK technique: AES (Cert This service can be used to #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Clone SMK between This service uses the cloning Algorithms: DRBG C, DRBG V, Entropy HSM SO is able to E: DRBG C, DRBG V, Entropy IND_1 partitions protocol to establish a shared CPV3: HASH_DRBG Input String, Entropy Seed, clone (or receive) Input String, Entropy Seed, key between source and (Cert #A2125), AES Root Certificate, MIC, HOC the SMK from/to Root Certificate, MIC and destination partitions and then (Cert #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Enable/disable STM This service generates or Algorithms: SHA DRBG C, DRBG V, Entropy Modules in E: DRBG C, DRBG V, Entropy IND_1 validates a checksum for full (Cert #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Initialize role This service is used to initialize Algorithms: AES (Cert DRBG C, DRBG V, Entropy HSM SO (required E: DRBG C, DRBG V, Entropy IND_1 a role (admin partition or user #C2020)
a role are dependent on the to initialize HSM SO, G/W: DRBG C, DRBG V, role being initialized. Key management enabled), Password, Stored AU or Partition SO) Entropy Input String, technique: ESV (Cert User Password Hash, AEK, Entropy Seed, PEK, PEC, AEK-EK, AccessID. Partition SO #E97), CKG, SHA (Cert PED Authentication Data, (required to #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Configure partition for This service is used to setup, Algorithms: AES (Cert DRBG C, DRBG V, Entropy HSM SO, E: DRBG C, DRBG V, Entropy IND_1 high-available recovery / authorize and use the high- #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Login as role This service is used to login as a Algorithms: AES (Cert KEK, PEK (if password HSM SO, E: KEK, PEK (if password IND_1 given role to a session setup #C2020)
Following successful login, the secret enabled), Password, secret enabled), Password, Key management Partition CU authentication state for the recovered USK, PSK, KCV, AEK, AEK-EK, AccessID. technique: PBKDF associated session will be GSK, SMK (if configured) (on (Cert #A2125), KBKDF changed to that of the G/W: PEN. (Cert #C2020), ESV successful presentation of successfully authenticated role. (Cert #E97), correct login credentials), W: recovered USK, PSK, Following login, the HASH_DRBG (Cert AEK, AEK-EK, AccessID. KCV, GSK, SMK (if authentication state of the #A2125) configured) (on successful session is used check and track Authentication presentation of correct privileges associated with the technique: login credentials). role. Memorized Secret, Multi-Factor Crypto Device Close authenticated The service closes Algorithms: N/A USK, PSK, KCV, GSK, SMK (if Any role Z: USK, PSK, KCV, GSK, SMK IND_1 sessions authenticated sessions on the configured) AEK, AEK-EK, (if configured), Asymmetric Key management request of the user. technique: N/A AccessID, Asymmetric Key Key Pairs (session keys), Pairs (session keys), Symmetric Keys (session Authentication technique: N/A Symmetric Keys (session keys). keys)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Luna PED Configuration Initialize Remote PED This service triggers creation of Algorithms: AES (Cert ECC HOK, PAK, DRBG C, DRBG HSM SO E: ECC HOK, PAK, GSK, AEK, IND_1 Vector (RPV) the module Remote PED #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Setup Remote PED This service is used to derive a Algorithms: N/A ECC MIC, ECC-HOCPED, IVHSM, Any role E: ECC MIC, ECC-HOCPED, IND_2 Session number of shared keys DRBG C, DRBG V, Entropy PAC, RPV-C, PED-SKA-C, Key management between the module and a Input String, Entropy Seed, PED-EKA-C HSM-SKAtechnique: ESV Cert remote Thales Luna PED. PAC, RPV-C, PED-SKA-C, PED- KREMOTE, HSM-EKA-C, AEK, #E97), CKG, SHA (Cert EKA-C HSM-SKA-KREMOTE, AEK-EK, AccessID. #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Key Management Activities Generate local symmetric This service is used to generate Algorithms: AES (Cert USK, DRBG C, DRBG V, HSM SO, E: USK, DRBG C, DRBG V, IND_1 or asymmetric key-pair symmetric keys or asymmetric #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Derive key from existing This service is used to derive Algorithms: AES (Cert Asymmetric Key Pairs HSM SO, E: Asymmetric Key Pairs IND_1 partition secret or private keys based on other key #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Import secret or private This service is used to import Algorithms: AES (Cert Asymmetric Key Pairs HSM SO, E: Asymmetric Key Pairs IND_1 key using key wrapping secret or private key from the #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Export secret or private This service is used to export Algorithms: AES (Cert Asymmetric Key Pairs HSM SO, E: Asymmetric Key Pairs IND_1 key using key wrapping secret or private key from the #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Insert key from external This service is used to import Algorithms: AES (Cert SMK, USK. Symmetric Keys HSM SO, E: SMK, USK, AEK, AEK-EK, IND_1 storage using SKS key objects previously #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Extract key to external This service is used to export Algorithms: AES (Cert SMK, USK. Symmetric Keys HSM SO, E: SMK, USK, AEK, AEK-EK, IND_1 storage using SKS key objects from the module #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Perform digest operation This service is used by a user to Algorithms: SHA (Cert AEK, AEK-EK, AccessID. HSM SO, E: AEK, AEK-EK, AccessID. IND_1 on user supplied data request a hash over a block of #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Generate signature or This service is used by a user to Algorithms: RSA (Cert USK (if request requires HSM SO, E: USK (if request requires IND_1 MAC over user supplied request a signature or MAC #C2020), ECDSA (Cert access to key in non-volatile Administrator, access to key in non-volatile data over a block of user supplied #C2020), DSA (Cert storage), Symmetric Keys Partition CO, storage), Symmetric Keys data (or optionally a user #C2020), HMAC (Cert (general partition or session Partition LCO, (general partition or session supplied hash for signatures) #C2020), CMAC (Cert keys) or Asymmetric Key Pairs Partition CU keys) or Asymmetric Key using a module stored #C2020)
Roles, Services, and Authentication Table 4-4: Approved Services Approved Security Key and/or Access Rights to Keys Service Description Functions SSPs Roles and/or SSPs Indicator Bootloader Services Request complete erase This service is used to recover Algorithms: N/A Asymmetric Key Pairs Any role None IND_3 of the HSM main from corrupt main firmware Key management (general partition or session firmware image and key and is performed as a factory technique: N/A keys) stores (excludes erase of operation. bootloader) Authentication Following erase, card needs to technique: N/A repeat manufacturing process including loading factory signed keys before it can be operational again. Request authentication This service is used to launch Algorithms: RSA (Cert Root Certificate and Any role E: Root Certificate and IND_3 and execution of main the main firmware for the #C2022)
Roles, Services, and Authentication
Non-approved services listed in the table below are not available when the module has been configured to operate in the approved mode (see section 13.3 and 13.4). As notes on the content of Table 4-5: In the ‘Indicator Column’:
Roles, Services, and Authentication Table 4-5: Non-Approved Services Service Description Non-Approved Algorithms Accessed Roles Indicator Cryptographic Services Perform digest operation on This service is used by a user to HAS-160, KECCAK, MD2, MD5, RIPEMD-160, SM3. HSM SO, Administrator, Partition IND_1 user supplied data request a hash over a block of SO, Partition CO, Partition LCO, supplied data. Partition CU. This service is not possible for the Backup configuration Perform encrypt operation This service is used by a user to ARIA, CAST3, CAST5, DES, RC2, RC4, RC5, RSA19, RSA X.509, HSM SO, Administrator, Partition IND_1 on user supplied data object request encryption of a block of SEED, SM4, Triple-DES, XOR. CO, Partition LCO, Partition CU. user-supplied data using a module stored cryptographic key. Ciphertext resulting from the service is returned the user and not stored. This service is not possible for the Backup configuration. Perform decrypt operation This service is used by a user to ARIA, CAST3, CAST5, DES, RC2, RC4, RC5, RSA20, RSA X.509, HSM SO, Administrator, Partition IND_1 on user supplied data object request decryption of a block of SEED, SM4, Triple-DES21, XOR. CO, Partition LCO, Partition CU. user-supplied data using a module stored cryptographic key. Plaintext resulting from the service is returned the user and not stored. This service is not possible for the Backup configuration. Generate signature or MAC This service is used by a user to Symmetric Algorithms: ARIA-CMAC, SEED-CMAC, Triple-DES- HSM SO, Administrator, Partition IND_1 over user supplied data request a signature or MAC over a CMAC, HMAC22, HAS160-MAC, MD5-HMAC, SM3-HMAC, CO, Partition LCO, Partition CU. block of user supplied data (or RIPEMD160-HMAC, AES-MAC, ARIA-MAC, CAST3-MAC, CAST5optionally a user supplied hash for MAC, DES-MAC, RC2-MAC, RC5-MAC, SEED-MAC, SSL3-MD5signatures) using a module stored MAC, SSL3-SHA1-MAC, Triple-DES-MAC, Triple-DES-x9.19-MAC, cryptographic key. TUAK, MILENAGE, COMP128. The resulting signature from the operation is returned the user and not stored. RSA is non-compliant when using PKCS#1, v1.5 padding for encryption or decryption. RSA is non-compliant with less than 112 bits of encryption strength. Triple-DES is non-compliant with less than 112 bits of encryption strength. HMAC is non-compliant with less than 112-bits of encryption strength.
Roles, Services, and Authentication Table 4-5: Non-Approved Services Service Description Non-Approved Algorithms Accessed Roles Indicator Asymmetric Algorithms: DSA23, ECDSA24, EdDSA, EdDSA PH, This service is not possible for the KCDSA, RSA25, SM2, SM3. Backup configuration. Verify signature or MAC over This service is used by a user to Symmetric Algorithms: ARIA-CMAC, SEED-CMAC, Triple-DES- HSM SO, Administrator, Partition IND_1 user supplied data request validation of a signature or CMAC26, HMAC27, HAS160-MAC, MD5-HMAC, SM3-HMAC, CO, Partition LCO, Partition CU. MAC over a block of user-supplied RIPEMD160-HMAC, AES-MAC, ARIA-MAC, CAST3-MAC, CAST5data using a module stored MAC, DES-MAC, RC2-MAC, RC5-MAC, SEED-MAC, SSL3-MD5cryptographic key. MAC, SSL3-SHA1-MAC, Triple-DES-MAC, Triple-DES-x9.19-MAC, TUAK, MILENAGE, COMP128. The service returns whether the validation was successful. Asymmetric Algorithms: DSA28, ECDSA29, EdDSA, EdDSA PH, This service is not possible for the KCDSA, RSA30, SM2, SM3. Backup configuration. Key Management Activities Derive key from existing This service is used to derive keys AES31, ARIA, BIP32, DES, MD5, SHA, SSL PRE-MASTER, SSL3- HSM SO, Administrator, Partition IND_1 partition secret or private based on other key material stored MASTER, SM3, Triple-DES, XOR. CO, Partition LCO. key object in the module or supplied to it on request of the end-user. Derived keys are stored in the cryptographic module for use with other user consumable cryptographic services or to export to other cryptographic modules or systems. This service is not possible for the Backup configuration. DSA is non-compliant with less than 112 bits of encryption strength. ECDSA is non-compliant with less than 112 bits of encryption strength. RSA is non-compliant with less than 112 bits of encryption strength. Triple-DES-CMAC is non-compliant with less than 112-bits of encryption strength. HMAC is non-compliant with less than 112-bits of encryption strength. DSA is non-compliant with less than 112 bits of encryption strength. ECDSA is non-compliant with less than 112 bits of encryption strength. RSA is non-compliant with less than 112 bits of encryption strength. AES is non-approved for key derivation when use to derive keys using methods other than as permitted by NIST standard such as [SP800-56Cr2] and [SP800-108r1] in particular, use of AES in ECB or CBC mode directly to derive keys.
Roles, Services, and Authentication Table 4-5: Non-Approved Services Service Description Non-Approved Algorithms Accessed Roles Indicator Generate local symmetric or This service is used to generate Diffie-Hellman32, ECC33, KCDSA, RSA34, SM2. HSM SO, Administrator, Partition IND_1 asymmetric key-pair symmetric keys or asymmetric key CO, Partition LCO. pairs requested by the end-user and stored in the cryptographic module for use with other user consumable cryptographic services or to export to other cryptographic modules or systems. This service is not possible for the Backup configuration Import secret or private key This service is used to import secret ARIA, CAST3, CAST5, DES, RC2, RSA35, SEED, SM4. HSM SO, Administrator, Partition IND_1 using key wrapping or private key from the admin or CO, Partition LCO. user partitions using key wrapping Unauthenticated symmetric encryption is permitted for key unwrapping under Uses allowances in [FIPS 140-3 IG] D.G, Key transport methods. This service is not possible for the Backup configuration. Export secret or private key This service is used to export secret AES36, ARIA, CAST3, CAST5, DES, RC2, RSA, SEED, SM4, TDES. HSM SO, Administrator, Partition IND_1 using key wrapping or private key from the admin or CO, Partition LCO. user partitions using key wrapping. This service is not possible for the Backup configuration. Generate domain This service is used to generate X9.42 Domain Parameter Generation Any role. IND_1 parameters.37 domain parameters requested by the end-user and stored in the cryptographic module for use with other user consumable Diffie-Hellman key generation mechanisms are non-compliant with less than 112-bits of encryption strength. ECC key generation mechanisms are non-compliant with less than 112-bits of encryption strength. RSA key generation mechanisms are non-compliant with less than 112-bits of encryption strength. RSA is non-approved for key transport when used with an encryption strength of 112-bits or when using PKCS#1, v1.5 padding for encryption. AES is non-approved for key transport when used to encrypt keys using methods other than as permitted by NIST standards such as [SP800-38F]. In particular, use of un-authenticated modes of AES for encryption without a separate authentication tag (e.g. signature or MAC) is non-approved. Public users cannot generate any objects where either CKA_SENSITIVE or CKA_PRIVATE attributes are true. As such, the service would not affect the security of the module or the security of the information being protected, as sought by 4.1.A.
Roles, Services, and Authentication Table 4-5: Non-Approved Services Service Description Non-Approved Algorithms Accessed Roles Indicator cryptographic services or to export to other cryptographic modules or systems.
The Thales Luna G7 Cryptographic Module’s firmware integrity is checked on startup as described in section 10.1. The two keys used for the software and firmware Approved integrity techniques are the Root Certificate and Firmware Signing Certificate. The bootloader runs the self-test functions to check the firmware integrity as well as the cryptographic algorithms used to check the bootloader and main firmware image authenticity. Any failures during these tests will result in a module halt in which an error message is output, the module halts all functions and data output is inhibited. The bootloader and main firmware are stored as signed binaries using RSA PKCS #1-v1.5 with a 4096-bit module and SHA2-384. The operator can trigger an on-demand check of the module firmware using the CA_SelfTest Cryptoki API command. An example of the CA_SelfTest Cryptoki API command in use can be found in section 13.5. Periodic Self Tests (PST) are performed every 24 hours and run the firmware integrity tests and a subset of the KAT tests. Failure of either of these self-tests during PST will trigger a module halt. Recovery from this state will require the module to be restarted and for the detected fault to have cleared. Otherwise, the module will re-halt during POST following restart. See section 10 for additional information about the PST.
When new firmware is to be loaded using the hsm updatefw LunaCM command a separate mechanism is used to authenticate the firmware than the pre-operational firmware self-test. An example of the hsm updatefw LunaCM command can be found in section 11.11. Once initiated the firmware load sequence uses a set series of ICD commands and all others are prohibited until the firmware update is completed. Updating the firmware is a two stage process. The first stage is to download the firmware to the module. The second stage involves subsequently re-authenticating and loading the firmware following a module restart, this occurs based on the bootloader during power-on ahead of the communications module being started. The firmware load test can be found in Table 10-2.
The following are the firmware components included on the module: hsm - this component is compiled as a 32bit LSB executable for PowerPC. This is identified throughout this document as the ‘main firmware’. bootloader - the bootloader is an Executable and Linkable Format (ELF) executable. This is identified throughout this document as the ‘bootloader’. No source code, object code or just-in-time compiled code are included in the module.
The module uses a limited modifiable operational environment.
Module Construction The module is enclosed in a plastic enclosure that provides tamper-evidence. Any tampering that might compromise a module’s security is detectable by visual inspection of the physical integrity of a module. The HSM SO should perform a visual inspection of the module at regular intervals. Within the plastic enclosure, a hard opaque epoxy covers the circuitry of the cryptographic module. Attempts to remove this epoxy will cause sufficient damage to the cryptographic module so that it is rendered inoperable. The module’s enclosure is opaque to resist visual inspection of the device design, physical probing of the device and attempts to access sensitive data on individual components of the device. Environment Failure Protection The module supports an EFP mechanism that will trigger module shutdown if low or high temperature extremes and out-of-range voltage conditions are detected whilst the module is active. This is covered in more detail in section 7.3.
The following routine inspections are recommended. Table 7-1: Physical Security Inspection Guidelines Physical Security Mechanism Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Physical inspection of HSM On receipt of HSM following transport <see below>. surfaces for signs of tamper At any point following any un-authorized access to the environment hosting the HSM Following any extended periods of unattended storage for the module Following manufacture, both the front and rear covers of the Thales Luna G7 Cryptographic Module are permanently adhered to the PCB assembly using epoxy resin and with the lid assemblies having feet set into the epoxy. The polycarbonate case will show witness marks if any attempt is made to tamper with the plastic. Any attempts to remove the case and covers will result in significant physical damage to the card rendering it un-usable. In the event of any observed damage, contact Thales to confirm whether observed anomalies are to be expected or are confirmed signs of potential tampering.
The module’s hardware is designed to sense and respond to out-of-range temperature conditions as well as out-of-range voltage conditions. The temperature and voltage conditions are only monitored in the poweredon state. In the event that the module senses an out-of-range temperature or over voltage the module will reset itself, clear all working memory, and log the event. The module can be reset and placed back into operation when in-bound operating conditions have been restored. The module monitors the 5V voltage rails that can independently trigger an EFP event. The following table covers the limits enforced by the module: Table 7-2: EFP/EFT Specify EFP or Specify if this condition results Temperature or voltage measurement EFT in a shutdown or zeroisation Low Temperature 0°C ± 2°C EFP shutdown High Temperature +70°C ± 2°C EFP shutdown Low Voltage 3.9V ± 0.11V EFP shutdown High Voltage 5.71V ± 0.145V EFP shutdown
The module PCB is potted using an epoxy-based compound inside the polycarbonate plastic case that makes up the identified cryptographic boundary in Figure 2-1 and Figure 2-2. The potting material has a Shore D hardness rating of 90 and an operating temperature from -65ºC to +200ºC over which it maintains its hardness. The following table lists the temperature range tested during the assessment of the module. Table 7-3: Hardness testing temperature ranges Hardness tested temperature measurement Low Temperature -20ºC High Temperature +80ºC
N/A: [19790:2012] Section 6.8, Non-invasive security is non-applicable as there are currently no requirement in [SP800-140F].
The following table lists Sensitive Security Parameters (SSP) used to perform approved security function supported by the cryptographic module. The following notes should be observed when reading the table: When reading the ’zeroization’ column the following mapping for listed overwrite methods should be used:
SSP Management Table 9-1: Summary of SSPs Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Loaded at The X.509 public key certificate manufacture as corresponding to the Root Key. It is selfRoot Certificate N/A
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number The X.509 public key certificate Hardware Origin corresponding to the HOK. It is signed by the Certificate (HOC) RSA SigVer [FIPS 186-4], Certificate Output Flash memory in Full HSM Wipe - Manufacturer’s Integrity Key (MIK) at the 150-bits N/A 4096-bit public key (#A674) Appendix B.3.6 in Plaintext plaintext KDM3 time the device is manufactured. Used in certificate verifying all key material signed by the HOK. This key is a PSP. ECC Hardware Origin ECC P-384 private key used to sign other Key device keys and used for a specific PKI Flash memory (ECC HOK) ECDSA SigGen (Cert [FIPS 186-4], Not Input or Full HSM Wipe - implementation requiring assurance that a 192-bits N/A encrypted with #C2020) Appendix B.4.1 Output KDM3 key or a specific action originated within the ECC private key on GSK hardware crypto module. curve P-384 This key is a CSP. The X.509 public key certificate ECC Hardware Origin corresponding to the ECC HOK. It is signed Certificate by the ECC Manufacturing Integrity Key (ECC (ECC HOCtw) ECDSA SigVer (Cert [FIPS 186-4], Certificate Output Flash memory Full HSM Wipe - MIK). It is used for a specific PKI 192-bits N/A ECC public #C2020) Appendix B.4.1 in Plaintext plaintext KDM3 implementation requiring assurance that a certificate for public key or a specific action originated within the key on curve P-384 hardware crypto module. This key is a PSP. Power Cycle
384 bit nonce further details)
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number 256-bit AES key derived during the cloning Cloning Transfer Key OneStep KDF Established using Zeroized protocol and used to transfer key objects AES-CBC (Cert Not Input or Working SDRAM in 256-bits from [SP800- CPV3 as covered in following use
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number 640-bit value that is the concatenation of the Entropy Input String (384-bits), Nonce (128HASH_DRBG (Cert Not Input or Working SDRAM in Power Cycle Entropy Seed 640-bits N/A N/A bits) and 128-bit personalisation string. Used #A2125) Output plaintext KDM2 as to initialise the internal state of HASH_DRBG. This key is a CSP. Internal state generated Part of the secret state of the approved HASH_DRBG (Cert using Not Input or Working SDRAM in Power Cycle - DRBG. The value is generated using the DRBG V 256-bits N/A #A2125) HASH_DRBG Output plaintext KDM2 methods described in [SP800-90Ar1]. from [SP800- This key is a CSP. 90Ar1] Part of the secret state of the approved HASH_DRBG (Cert Internal Not Input or Working SDRAM in Power Cycle DRBG C 256-bits N/A DRBG. The value is generated using the #A2125) Constant value Output plaintext KDM2 methods described in [SP800-90Ar1]. This key is a CSP. 256-bit AES key that is the same for all users Global Storage Key on a specific Luna cryptographic module. It is [SP800-90Ar1] Flash memory (GSK) AES-KWP (Cert Not Input or Full HSM Wipe - used to encrypt permanent parameters 256-bits HASH_DRBG N/A encrypted with #C2020) Output KDM3 within the non-volatile memory area 256-bit AES key with SHA2-256 PSK reserved for use by the module. This key is a CSP.
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number For PED configurations, this is a 256-bit value, the first 32-bytes of which are used as an AES KW 256-bit key that is used to wrap/unwrap the SALK when it is exported / imported from / to the module. [SP800-90Ar1] HASH_DRBG It is either generated by the module or 256-bits with SHA2-256 imprinted onto the module at the time audit Role Domain Key KDA One-Step for PED Input / Output via Flash Memory user role is initialized. The 48-byte random (RDK) Or Factory Reset Sp800-56Cr2 (Cert configuration direct connection N/A encrypted with value is output from the original module KDM1 256-bit key #A2125) to PED USK onto an iKey to enable initializing the Auditor
N/A for role on additional modules into the same bits Password domain. configuration For password configurations, this value is an
user during configuration of the secure audit capability. This key is a CSP. Input / Output Flash memory in A 256-bit key used to verify data integrity Secure Audit Logging [SP800-90Ar1] encrypted under plaintext, and authentication of the log messages. Key (SALK) HMAC-SHA2-256 Factory Reset 256-bits HASH_DRBG the RDK and using N/A Flash memory Saved in the parameter area of Flash (Cert #C2020) KDM1 256-bit HMAC key with SHA2-256 AES-256 in KWP encrypted with memory. mode RDK This key is a CSP. A 256-bit key used to create an HMAC of the Secure Audit AccessID to be used in the Secure Audit logs, [SP800-90Ar1] AccessID-HMAC Key HMAC-SHA2-256 Not Input or Working SDRAM in Power Cycle - to prevent against the theft of the actual 256-bits HASH_DRBG N/A (Cert #C2020) Output plaintext KDM2 AccessID. A new key will be generated at 256-bit HMAC key with SHA2-256 every module power-on or firmware reset. This key is a CSP. Input from host User Password (if using ICD A salted hash of PED configuration communication the password User provided password input by the and optionally path and
32 to 256- PBKDF (Cert stored in Flash Partition operator as a second factor of authentication
selected) N/A encrypted under N/A bits #C2020) memory deletion - KDM1 data. the PEC and using
8 - 255 character encrypted with This key is a CSP.
KTS-OAEP-basic data string PSK from [SP80056Br2]
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number A 256-bit key generated by the Thales Luna client and submitted to the HSM for use to AccessID Encryption wrap the HSM generated AEK for export to Imported Key
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Input / Output via direct connection PED Authentication to PED A 256-bit random value that is generated by Data (if PED [SP800-90Ar1] All messages sent the module when a role is created and is configuration) KBKDF (Cert Not stored on 256-bits HASH_DRBG to the PED are N/A N/A written out to the iKey connected to the #C2020) module 48-byte random with SHA2-256 encrypted using Thales Luna PED. value HSM CSP This key is a CSP. Wrapping Key and AES KWP Input from host Password using ICD (Authentication Data communication if Password path and User provided password input by the
32 to 2040- PBKDF (Cert Not stored on
configuration) N/A encrypted under N/A N/A operator as authentication data. bits #A2125) module the PEC and using This key is a CSP.
8
data string from [SP80056Br2] Flash memory This key is used to encrypt all sensitive User Storage Key [SP800-90Ar1] encrypted with Partition attributes of all private objects owned by (USK) AES-KWP (Cert Not Input or 256-bits HASH_DRBG N/A User’s deletion
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Output encrypted HA Login using AES-256 in Zeroized via ICD Authentication Data KWP mode and command - A 256-bit encryption key used with AES to [SP800-90Ar1] Encryption Key PIN AES-KWP (Cert using a shared Working SDRAM in KDM1 encrypt authentication data for export to the 256-bits HASH_DRBG N/A (RND) #C2020) secret from output plaintext primary HA Login instance. with SHA2-256 of [SP800-56Br2], Session closure This key is a CSP. 256-bit AES key KAS1-basic - KDM1 exchange Zeroized via ICD HA Login Ephemeral command - A 256-bit encryption key used with AES to Wrapping Key [SP800-90Ar1] AES-KWP (Cert Output encrypted Working SDRAM in KDM1 encrypt authentication data for re-import (KSESS) 256-bits HASH_DRBG N/A #C2020) with peer TWC plaintext from the primary HA Login instance. with SHA2-256 256-bit AES key Session closure This key is a CSP. - KDM1 Value that controls a partition’s ability to participate in the cloning protocol. In the case of PED configurations, it is generated by the module or imprinted onto [SP800-90Ar1] the module at partition initialization time. HASH_DRBG Key Cloning Domain KDA One-Step with SHA2-256 Input / Output via Flash Memory Vector (KCV) 32 to 2040- Partition For password configurations, this 8 - 255 Sp800-56Cr2 (Cert direct connection N/A encrypted with bits deletion - KDM1 character data string is supplied by the user 256-bit key #A2125) N/A for to Thales PED PSK during partition initialization. Password configuration For PED configurations, the 48-byte random value is output from the original partition in the domain to an iKey to enable initializing additional modules into the domain. This key is a CSP. Zeroized via ICD command - A randomly generated 256-bit key, which KDM1 must be shared between a remote PED and a Remote PED Vector KDA One-Step [SP800-90Ar1] Output via direct Flash memory cryptographic module in order to establish a (RPV) (if PED 256-bits Sp800-56Cr2 (Cert HASH_DRBG connection to a N/A encrypted with Erased on user secure communication channel between configuration) #A2125) with SHA2-256 Luna PED GSK zeroize request them. or destructive This key is a CSP. policy change
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Power Cycle PED Authentication KDM1 An ECC public key certificate used to verify Certificate (PAC) Output via direct ECDSA SigVer (Cert [FIPS 186-4], Working SDRAM in Erased on user certificates for remote connection with a 256-bits connection to a N/A ECC public key on #C2020) Appendix B.4.1 plaintext zeroize request Luna PED. Luna PED curve P-521 or destructive This key is a PSP. policy change Power Cycle PED Authentication KDM1 An ECC private key used to sign certificates Key (PAK) ECDSA SigGen (Cert [FIPS 186-4], Not Input or Working SDRAM in Erased on user used for local or remote connection with the 256-bits N/A ECC private key on #C2020) Appendix B.4.1 Output plaintext zeroize request Thales Luna PED. curve P-521 or destructive This key is a CSP. policy change HSM Static Key- Power Cycle Agreement Used by the Thales Luna PED to authenticate KDM1 Certificate for the remote HSM to connect to and to extract Output via direct Remote Connections KAS-ECC (Cert [FIPS 186-4], Working SDRAM in Erased on user the HSM’s static ECC public key for: 256-bits connection to a N/A (HSM-SKA-CREMOTE) #A2125) Appendix B.4.1 plaintext zeroize request Luna PED
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number HSM Ephemeral Used by the Thales Luna PED to authenticate Key-Agreement the remote HSM and to extract the HSM’s Private Key (HSM- KAS-ECC (Cert [FIPS 186-4], Not Input or Working SDRAM in KDM1 - ephemeral public key for C(2e,2s, KAS-ECC) EKA-K) 256-bits N/A #A2125) Appendix B.4.1 Output plaintext following use key-agreement agreement for remote ECC private key on connection with a Thales Luna PED. curve P-521 This key is a CSP. Power Cycle KDM2 or KDM1 in response to Remote PED Vector erase request Certificate (RPV-C) Output via direct via ICD An ECC public key certificate used by the ECDSA SigVer (Cert [FIPS 186-4], Working SDRAM in 256-bits connection to a N/A command HSM device to verify PED-SKA-C, PED-EKA-C. ECC public key on #C2020) Appendix B.4.1 plaintext Luna PED This key is a PSP. curve P-521 Erased on user zeroize request or destructive policy change Power Cycle KDM2 or KDM1 in response to Remote PED Vector erase request An ECC private key used by the HSM to sign Private Key (RPV-K) Output via direct via ICD ECDSA SigGen (Cert [FIPS 186-4], Working SDRAM in PED-SKA-C, and by the Luna PED to sign PED256-bits connection to a N/A command ECC private key on #C2020) Appendix B.4.1 plaintext EKA-C. Luna PED curve P-521 This key is a CSP. Erased on user zeroize request or destructive policy change
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Power Cycle KDM2 or KDM1 PED Static Key- in response to Agreement erase request via ICD Used by the HSM to authenticate and extract Certificate for Output via direct the Luna PED’s ECC ephemeral public key for Remote Connections KAS-ECC (Cert [FIPS 186-4], Working SDRAM in command 256-bits connection to a N/A C(2e,2s, KAS-ECC) key-agreement. (PED-SKA-C) #A2125) Appendix B.4.1 plaintext Luna PED Erased on user Uniquely generated for each use. ECC public key on This key is a PSP. curve P-521 zeroize request or destructive policy change Power Cycle KDM2 or KDM1 PED Static Key- in response to Used by the Thales Luna PED for Remote Agreement Private erase request connections. Act as An ECC static private key Key Output via direct via ICD for C(2e,2s, KAS-ECC) key-agreement. KAS-ECC (Cert [FIPS 186-4], Working SDRAM in 256-bits connection to a N/A command (PED-SKA-K) #A2125) Appendix B.4.1 plaintext Luna PED Key is not used by the HSM as a SP but is ECC private key on Erased on user generated by it for use by the Luna PED. curve P-521 zeroize request This key is a CSP. or destructive policy change Intermediate key value used during setup of the Remote PED channel. Key is the output of the ECDH function and PED Master Shared KDA One-Step Zeroized used to generate HSM and PED CSP Secret KAS-ECC (Cert Working SRAM in 256-bits Sp800-56Cr2 (Cert N/A N.A following use
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number PED Channel Derived during Remote PED Channel for Termination - wrapping exchanged SSPs. AES-KWP OneStep KDF [SP800-56Ar3] HSM CSP Wrapping KDM1 (Cert #C2020) from [SP800- fullUnified with Key (CWKHSM) Not Input or Working SDRAM in Key is used with either AES-KWP or AES-CTR, 256-bits 56Cr2] and full key validation Output plaintext Erased on user depending on the cipher suite negotiated 256-bit AES key AES-CTR using SHA2- and key-pair zeroize request between the HSM and PED during remote (Cert #C2020) 512 as hash generation or destructive PED setup. policy change This key is a CSP. PED Channel Derived during Remote PED Channel for Termination - wrapping exchanged SSPs. AES-KWP OneStep KDF [SP800-56Ar3] PED CSP Wrapping KDM1 (Cert #C2020) from [SP800- fullUnified with Key (CWKPED) Not Input or Working SDRAM in Key is used with either AES-KWP or AES-CTR, 256-bits 56Cr2] and full key validation Output plaintext Erased on user depending on the cipher suite negotiated 256-bit AES key AES-CTR using SHA2- and key-pair zeroize request between the HSM and PED during remote (Cert #C2020) 512 as hash generation or destructive PED setup. policy change This key is a CSP. Derived during Remote PED Channel for PED Channel encrypting communication messages (from Termination AES-KWP OneStep KDF [SP800-56Ar3] HSM-to-PED). HSM Data KDM1 (Cert #C2020) from [SP800- fullUnified with Encryption Key Not Input or Working SDRAM in 256-bits 56Cr2] and full key validation Key is used with either AES-KWP or AES-CTR, (DEKHSM) Output plaintext Erased on user AES-CTR using SHA2- and key-pair depending on the cipher suite negotiated 256-bit AES key zeroize request (Cert #C2020) 512 as hash generation between the HSM and PED during remote or destructive PED setup. policy change This key is a CSP. PED Channel Termination OneStep KDF [SP800-56Ar3] KDM1 Derived during Remote PED Channel for HSM MAC Key from [SP800- fullUnified with HMAC-SHA2-256 Not Input or Working SDRAM in message authentication of communication (DMKHSM) 256-bits 56Cr2] and full key validation (#C2020) Output plaintext Erased on user messages (from HSM-to-PED). 256-bit HMAC key using SHA2- and key-pair zeroize request This key is a CSP.
or destructive policy change
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Derived during Remote PED Channel as the PED Channel initialization vector for encrypting Termination - communication messages (from HSM-toAES-KWP OneStep KDF [SP800-56Ar3] KDM1 PED). HSM Initialization (Cert #C2020) from [SP800- fullUnified with Not Input or Working SDRAM in Vector (IVHSM) 256-bits 56Cr2] and full key validation Output plaintext Erased on user Key is used with either AES-KWP or AES-CTR, 256-bit IV AES-CTR using SHA2- and key-pair zeroize request depending on the cipher suite negotiated (Cert #C2020) 512 as hash generation or destructive between the HSM and PED during remote policy change PED setup. This key is a CSP. Derived during Remote PED Channel for PED Channel encrypting communication messages (from Termination AES-KWP OneStep KDF [SP800-56Ar3] PED-to-HSM). KDM1 PED Data Encryption (Cert #C2020) from [SP800- fullUnified with Not Input or Working SDRAM in Key (DEKPED) 256-bits 56Cr2] and full key validation Key is used with either AES-KWP or AES-CTR, Output plaintext Erased on user 256-bit AES key AES-CTR using SHA2- and key-pair depending on the cipher suite negotiated zeroize request (Cert #C2020) 512 as hash generation between the HSM and PED during remote or destructive PED setup. policy change This key is a CSP. PED Channel Termination OneStep KDF [SP800-56Ar3] KDM1 Derived during Remote PED Channel for PED MAC Key from [SP800- fullUnified with HMAC-SHA2-256 Not Input or Working SRAM in message authentication of communication (DMKPED) 256-bits 56Cr2] and full key validation (#C2020) Output plaintext Erased on user messages (from PED-to-HSM). 256-bit HMAC key using SHA2- and key-pair zeroize request This key is a CSP.
or destructive policy change PED Channel Termination OneStep KDF [SP800-56Ar3] Derived during Remote PED Channel as the Not Input or KDM1 PED Initialization from [SP800- fullUnified with initialization vector for encrypting AES-KWP (Cert Output Working RAM in Vector (IVPED) 256-bits 56Cr2] and full key validation communication messages (from PED-to#C2020) plaintext Erased on user 256-bit IV using SHA2- and key-pair HSM). zeroize request
512 as hash generation This key is a CSP.
or destructive policy change
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number Power Cycle KDM1 A 4096-bit RSA private key used to decrypt Password Encryption [FIPS 186-4], user passwords that are provided to the RSA SigGen (Cert Not Input or Working RAM in Key (PEK) 150-bits Appendix N/A Erased on user module. It is generated the first time it is #A674) Output plaintext
4096 bit private key B.3.6 zeroize request required.
or destructive This key is a CSP. policy change Power Cycle Password Encryption KDM1 The X.509 public key certificate [FIPS 186-4], Certificate (PEC) RSA SigVer(Cert Certificate Output Working RAM in corresponding to the PEK. It is created and 150-bits Appendix N/A 4096-bit public key #A674) in Plaintext plaintext Zeroized via ICD signed by the HOK the first it is required. B.3.6 certificate command - This key is a PSP. KDM1 Output in Plaintext Password Encryption [SP800-90Ar1] Imported Zeroized Nonce used to provide replay protection with Working RAM in Nonce (PEN) 192-bits N/A HASH_DRBG encrypted under N/A following use
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number RSA SigGen Input or output RSA SigVer encrypted (Cert #C2020,
#A674) bit for ECC Keys (general keys partition or ECDSA SigGen depending session ECDSA SigVer on the keys) using key (Cert #C2020, curve. wrap/unwrap ICD #A2125) commands using N/A (user
DSA SigGen imported) bit for DSA ICD commands DSA SigVer (Cert keys and [SP800-38F] #C2020) Or depending encryption options on General use asymmetric key KAS (KAS-ECC-SSC [FIPS 186-4], modulus Input using Zeroized via ICD pairs that can be Asymmetric Key (Cert #A2125) and Appendix size. Symmetric command - exported/imported from/to the Pairs (general KDA (Cert #A2125)) B.4.1.
keys) KAS (KAS-ECC-SSC USK bits for RSA session Session closure This key is a CSP. RSA, DSA, ECC, DH (Cert #A2125) and Or keys keys) using key
KAS (KAS-FFC-SSC bit for DH 140-3 IG] D.G, Key (Cert #A2125) and keys transport methods CVL (Cert #A2125)) depending on When transferred KAS-IFC (Cert modulus between #A2125) length partitions using SKS, encrypted KTS-IFC (Cert under the SMK #A2125)
SSP Management Input or output encrypted using Symmetric Triple-DES-CBC Keys (general Triple-DES-CFB64 partition or Triple-DES-CFB8 session Triple-DES-CMAC keys) using key Triple-DES-CTR wrap/unwrap ICD Triple-DES-ECB commands and Triple-DES-OFB [SP800-38F] (Cert #C2020) encryption options HMAC-SHA-1 Input or output HMAC-SHA2-224 encrypted HMAC-SHA2-256 using HMAC-SHA2-384 Asymmetric Keys HMAC-SHA2-512 N/A (user (general partition Can be established HMAC-SHA3-224 imported) or session keys) as the output of 128, 192 or HMAC-SHA3-256 using key Zeroized via ICD General use asymmetric key Symmetric Keys supported [SP800256-bit for HMAC-SHA3-384 Or wrap/unwrap ICD command - pairs that can be (general partition or 56Ar3] compliant Flash memory AES keys. HMAC-SHA3-512 commands and KDM1 exported/imported from/to the session keys) key establishment encrypted with (Cert #C2020) [SP800-90Ar1] KTS-OAEP-basic module or generated by the AES or Triple-DES, using other USK 112-bit for HASH_DRBG from [SP800- Session closure module. MAC, KDF partition stored Triple-DES. KDA (Cert #A2125) with SHA2-256 56Br2]
SSP Management Key / SSP Name / Security Function Strength Generation Import/ Export Establishment Storage Zeroisation Use and Related Keys Type and Cert Number partitions using SKS, encrypted under the SMK
Specification The module includes a non-deterministic Random Number Generator (RNG) within the module boundary. The non-deterministic RNG is used exclusively to feed the DRBG (Cert #C2020). The Non-Deterministic RNG complies with [SP800-90B] and has been certified using [FIPS 140-3 IG] D.J with guidance set out in [FIPS 140-3 IG] D.K. Table 9-2: Non-Deterministic Random Number Generation Specification Entropy sources Minimum number of bits Details of entropy Non-deterministic jitter The noise source outputs [SP800-90B] compliant Non-Deterministic RNG using a hardware based noise from FRO. blocks of entropy in 384 internal to the module boundary (ESV #E97). bits with H = 0.838411. Raw noise collection is performed autonomously by hardware as entropy is Following testing, the required to seed the on-chip DRBG (Cert #C2020). If the entropy register is not DRBG is seeded with a full when the DRBG accesses it, the read will stall until the entropy is generated. 256-bit seed and 128-bit During each entropy collection cycle, 2500 samples of raw noise are collected. nonce from the noise All outputs from the noise source are subjected to statistical testing ahead of source containing 384 * being fed to the DRBG.
321 bits of entropy. The output of the hardware noise source includes a total failure test to check
for bit-patterns consistent with hardware failures.
Depending on the configuration of the module, the following methods of key import and export for ‘Asymmetric Key Pairs (general partition keys)’ and ‘Symmetric Keys (general partition keys)’ are available as a service: Manual Key Import/Export The manual import/export methods of the module are restricted to the G7 GUI and the iKey directly attached to the module via the USB port.
248 bytes) and encrypts using RSA-OAEP with SHA512 for its MGF as defined in [SP800-56Br2] as
SSP Management Plaintext Certificate Import There are various plaintext certificates that can be imported onto the module via the ICD interface. These include:
SSP Management
The module performs the pre-operational self-tests upon power-up to confirm the firmware integrity, and to check the continued correct operation of the random number generator and each of the implemented cryptographic algorithms used in support of the integrity checks. While the module is running these self-tests, all interfaces are disabled until the successful completion of the self-tests. If any test fails an error message is output alongside being recorded in the error log, the module halts, and data output is inhibited. Table 10-1: Pre-operational self-tests Test Operations Performed Indicator Boot loader performs an RSA PKCS #1-v1.5 signature with Verify, Digest Error output and module halt 4096-bit modulus and SHA2-384 signature verification of itself. Boot loader performs an RSA PKCS #1-v1.5 signature with Verify, Digest Error output and module halt 4096-bit modulus and SHA2-384 signature verification of the main firmware prior to firmware start. NOTE Signature verification pre-operational self-tests will always be preceded by the Conditional KAT on the bootloader implementations of RSA supporting a single mode of operation. Transition from an approved to non-approved mode of operation automatically triggers the HSM zeroize module service.
The module automatically performs conditional self-tests based on the module operation. These self-tests do not require operator input to initiate. NOTE When conditional tests are run as part of the pre-operational self-test, the HSM will test all possible implementations of a given algorithm independent of the HSM level configuration and settings. During PST, the module will exclusively test the implementation of a given algorithm in use for a given configuration and settings of the HSM at the time of a given conditional test executing. Implemented conditional tests are in one of the following forms: Known Answer Test (KAT); Pair-wise Consistency Test (PCT); Statistical testing; or Hardware failure testing. All KAT, alongside statistical testing of the noise source, is performed immediately following the preoperational self-test at module power-on.
Self-Tests Table 10-2: Conditional self-tests Test Cryptographic Mechanism Tested Location When Performed Operations Performed Indicator Cryptographic Algorithm Self-Test (CAST) SHA KAT Pre-operational: SHA2-384 Bootloader Prior to first use. Digest. Error output and module halt (#C2022) PST: N/A RSA KAT Pre-operational: RSA PKCS #1-v1.5, modulus Bootloader Prior to first use. Sign and Verify. Error output and module halt (#A6549) 4096, SHA2-384 PST: N/A Diffie-Hellman - FFC full Tested as part of all key agreement operations. Main firmware Ahead of public key use Derive. Error output public-key validation for derive operation. ([SP800-56Ar3]/[SP80056Br2] compliant implementation) ECDH
Self-Tests Test Cryptographic Mechanism Tested Location When Performed Operations Performed Indicator HMAC KAT Pre-operational: HMAC-SHA1, HMAC-SHA2-224, Main firmware Prior to first use., PST Digest. Error output and module halt (#C2020) HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2512, HMAC-SHA3-224, HMAC-SHA3-256, HMACSHA3-384, HMAC-SHA3-512 PST: HMAC-SHA1, HMAC-SHA2-224, HMAC-SHA2384, SHA3-256 RSA KAT Pre-operational: Signature Generation, Sig Main firmware Prior to first use., PST Sign, Verify, Encrypt, and Decrypt. Error output and module halt (#C2020 and #A674). Verification for RSA X9.31 with SHA2-256, RSA PKCS #1-v1.5 with SHA2-256, RSA PKCS #1-v1.5 (no hash), RSA PKCS #1-v1.5 with SHA2-256 and SHA2-256 for MGF, RSA-OAEP-basic with 2048-bit modulus and SHA1, SHA2-256 and SHA2-384, SHA2-512 as MGF PST: Signature Generation, Signature Verification for: PKCS-PSS with modulus of 8192-bits and SHA2-256, PKCS-PSS with modulus of 2048-bit and SHA2-256, RSA-OAEP-basic with 2048-bit modulus and SHA2-256 as MGF DSA KAT (Signature Pre-operational: Signature Generation, Signature Main firmware Prior to first use., PST Sign and Verify. Error output and module halt Generation, Sig Verification for 2048-bit modulus with SHA2-224. Verification) Signature Verification with 1024-bit modulus and (#C2020) SHA1 PST: DSA with 2048-bit modulus and SHA2-224 Diffie-Hellman KAT (Key Pre-operational: X9.42 Diffie-Hellman [SP800- Main firmware Prior to first use., PST Derive (X9.42 Derive operation
Self-Tests Test Cryptographic Mechanism Tested Location When Performed Operations Performed Indicator Triple-DES KAT Pre-operational: ECB, CBC, OFB, CFB64, CTR 168- Main firmware Prior to first use., PST Decrypt. Error output and module halt (#C2020) bit keys. PST: ECB with 168-bit key Triple-DES KAT Pre-operational: CMAC for 168-bit keys. Main firmware Prior to first use., PST Verify. Error output and module halt (#C2020) PST: <as per pre-operational self-test> ECDH KAT Pre-operational: KAS-ECC [SP800-56Ar3] shared Main firmware Pre-operational, PST Derive (no KDF). Error output and module halt (#A2125) secret calculation (only) using curves P-224, P384, P-521 and K-233 PST: KAS-ECC with P-384, OneStep KDF using SHA2-256 ECDSA KAT Pre-operational: Signature Generation, Signature Main firmware Prior to first use., PST Sign, Verify. Error output and module halt (#C2020) Verification with ECDSA and both curves P-256 and K-233 (no hashing) PST: Signature Generation, Signature Verification using ECDSA and curves P-256, K-233 KBKDF KAT Pre-operational: KBKDF [SP800-108r1] with AES- Main firmware Prior to first use., PST Derive. Error output and module halt (#C2020) CMAC, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512 as PRF options PST: KBKDF [SP800-108r1] using AES-CMAC as the PRD with 128-bit key KDF KAT Pre-operational: OneStep KDF [SP800-56Cr2] Main firmware Prior to first use., PST Derive. Error output and module halt (#C2020) with SHA1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3512. X9.42/X9.63 KDF using SHA1. PST: OneStep KDF [SP800-56Cr2] with SHA2-512. X9.42 and X9.63 KDF [SP800-135r1] using SHA1. KAS1-basic KAT Pre-operational: KAS1-basic [SP800-56Br2] with Main firmware Prior to first use., PST Encrypt, Decrypt. Error output and module halt (#A2125) 4096-bit modulus PST: <as per pre-operational self-test>.
Self-Tests Test Cryptographic Mechanism Tested Location When Performed Operations Performed Indicator PBKDF KAT Pre-Operational PBKDF [SP800-132] using HMAC- Main firmware Prior to first use., PST Derive. Error output and module halt (#A2125) SHA1, HMAC-SHA2-224, HMAC-SHA2-256, HMACSHA2-384, HMAC-SHA2-512 PST: PBKDF [SP800-132] using HMAC-SHA2-512 Pair-Wise Consistency Test (PCT) RSA PCT Performed for all RSA key generation mechanism Main firmware On generation Encrypt, Decrypt, Sign, Verify. Error output and module halt DSA PCT Performed for all DSA key generation mechanism Main firmware On generation Sign and Verify. Error output and module halt ECC PCT (covers keys used Performed for all ECC key generation mechanism Main firmware On generation Sign, Verify, and Derive. Error output and module halt for ECDSA and ECDH) Software/Firmware Load Test (SW/FW Load) Firmware Load Test Continuous Test: RSA PKCS #1-v1.5, modulus Main firmware On firmware update Verify. Error output and FW update request
4096 signature and SHA2-384 request rejected
Manual Entry Test N/A Bypass Test N/A Critical Function Test HRNG conditional tests Continuous Test: Total failure test on the output Main firmware Continuous N/A. Error output and module halt from the hardware noise source, Repetition Count Test and Adaptive Proportion Test statistical tests
The module will perform periodic self-tests (PST) at set intervals of time for the pre-operational tests and a subset of the KAT tests. These tests will be performed every 24 hours, at which point the PSTs will be implemented as a single asynchronous command with multiple steps that make up all PSTs that must be executed. The command will be added to the HSM’s command scheduler run queue, alongside any other commands that have been sent to the HSM. Each time the PST command is given time to execute, it will perform a single step and then return priority to other commands in the queue. Each step will be consistent in size with other cryptographic commands so as not to impact overall performance of the HSM. Conditional tests performed periodically are identified in Table 10-2 above as tests with ‘PST’ in the ‘When Performed’ column.
Thales Luna G7 Cryptographic Module should be deployed in a secure environment that will protect the module from sophisticated attackers with direct access. This is standard practice for high-value assets such as HSMs and forms part of a defence-in-depth approach to security. Securing the environment of the HSM typically will include a combination of both: securing its location using physical defences; and procedures for monitoring and managing authorized access to the HSM. The exact measures put in place will vary and should be commensurate with the potential consequences or costs associated with the complete compromise of the HSM and cryptographic keys (or data objects) it protects. Common components of a physical security solution often include: dedicated areas (e.g. locked cage or cabinet) for the HSM as part of a general IT environment; monitored and audited physical access controls on IT environments hosting the HSM; hardened locks, doors and walls to increase the effort required to force access to the HSM; out-of-hours alarm systems on areas containing the HSM; 24hr/365day on-site or remote guard service that will respond to alarms; and CCTV monitoring of areas containing the HSM to allow detection of activity in proximity to the HSM.
Before using the module it must be initialized, after which it should be immediately configured into its approved mode of operation. Prior to secure initialization of the module, access control relies on procedural controls only and the module should be received in the zeroised state with no initialized roles. NOTE Failing to follow the steps to configure the module into the Approved Mode will result in the module operating in a Non-Compliant state, which is outside the scope of this validation. NOTE The module shall be received in a zeroised state. To check the status of the module use the hsm showinfo LunaCM command as described in section 13.1. The module is confirmed as being in the zeroised state when the partition status for the administration slot reports zeroized. Initialization creates the HSM SO role, names the module, defines the authentication mode and associates the admin partition with a key cloning domain.
Life-cycle Assurance Initialization is performed using the hsm init command from LunaCM or LunaSH, though LunaSH can only be used for the Thales Luna G7 Backup HSM. It should be noted that the hsm init command should only be run when an individual has been assigned to the HSM SO role and usually is run either by them or with them present. Following initialization of the module, it should immediately be configured into its approved mode of operation ahead of initialization of any further roles or creation of any stored key objects. Guidance on configuring the approved mode of operation is provided in section 13.3 and 13.4. NOTE As part of initialization when using PED based authentication, the end-user is asked if they wish to duplicate your iKeys. It is strongly recommended that you do this and for duplicate keys to be retained in secure storage for backup purposes. It is not possible to copy iKeys at a later point.
Security of the overall system, including the HSM, is only as strong as its weakest component. As such, the environment needs to take responsibility for securing artefacts relating to the HSM when outside its control. In particular, the following explicit requirements shall be met: Where the Scalable Key Storage (SKS) Master Key (SMK) is transferred to multiple HSMs, all HSMs must be deployed to an environment that meets the minimum security requirements applicable to a given deployment as appropriate and derived from guidance provided in section 11.1. Audit logs extracted from the HSM should have their confidentiality protected (as appropriate) during storage outside the HSM and should be stored in a way to minimize loss of individual log records that could lead to false positives in relation to log integrity verification failure during log parsing activities. Secret data stored on iKeys shall be protected at all times (where PED authentication is in use)
Life-cycle Assurance Where possible, logically-independent ports should be used for data ingress and egress to the server hosting the HSM. All physical and logical connections to Trusted IT system hosting the HSM should be controlled to prohibit attempts to eavesdrop or modify sensitive traffic. No peripheral devices should be connected to the USB port other than authorized Thales devices. In particular, no networking devices (wireless of wired) should be attached to this interface. Permitted devices at the time of writing this document include: iKeys.
The HSM maintains a host accessible log of events in PCIe accessible FRAM memory. This allows the log on the Thales Luna G7 Cryptographic Module to be read by the host driver even if the bootloader or main firmware has failed during power-on leaving the card in an un-responsive state. The FRAM log can viewed using the lunadiag tool installed with the Thales LunaCM client:
Life-cycle Assurance bootloader. If the main firmware experienced a halt during its power-on tests, then further error details will still be accessible through the FRAM logs. An example of the module failing the SHA2-224 self-test on startup is below: ---Entry 155, 0x40 bytes read, timestamp = 6495, reset count = 117: LOG(CRITICAL): SHA2_SelfTest failed, rc=0x30000a
In order to maintain the separation of user roles throughout the life of the HSM deployment and to avoid compromise of a role, end users MUST: securely store authentication iKeys (where used) at all times; avoid (where used) storing corresponding PIN alongside authentication iKeys; never lend iKeys and/or disclose challenge-secret, PIN or passwords to anyone including other authorized end users of the HSM; always inspect authentication iKeys (where used) prior to use to check for any signs of possible tamper; and avoid writing down challenge-secrets, PIN or passwords in plaintext form and/or ensure any printed or written copies of passwords are either separately encrypted or stored in a secure container only accessible to the owner of the password or challenge-secret. CAUTION! Should the end user fail to comply with these requirements this could lead to subsequent compromise or malicious misuse of the HSM and its cryptographic keys. CAUTION! In order to securely use the Thales Luna PED in its remote configuration, it is important to check and acknowledge the serial number of the target HSM during setup of the Remote PED tunnel. If the displayed serial number does not match the expected target HSM serial number the user must reject the displayed serial number at the PED, which will halt channel setup.
User Authentication iKeys Should an end user lose an iKey or believe their iKey to have been compromised it is imperative for the security of the HSM deployment that immediate action is taken to: 1. minimize the chances of subsequent misuse of the lost or compromised iKey; and 2. check for evidence of misuse of the iKey to allow for wider compromise recovery actions to be considered. Following identification of a lost or compromised iKey, the following actions should be taken: If a backup iKey was made and it includes a corresponding PIN, duplicate the iKey to allow re-issue (while retaining a backup) but ensure the PIN is changed on all residual copies of the duplicated iKey prior to re-deployment of the iKey.
Life-cycle Assurance If the iKey was originally issued with no PIN, the iKey should be considered compromised and will need to be recreated:
General Should a role believe their PIN or password to have been compromised (where used) but access to the corresponding iKey or to the HSM was not possible, the following action should be taken: the PIN or password should be changed using:
Life-cycle Assurance In order to recover from complete loss of a domain secret, the objects in the HSM (where configuration permits) need to be exported and re-imported into an HSM registered with a new domain. Remote PED iKeys When a Remote iKey is considered to be compromised, a new iKey should be generated and distributed to all remote PED on the Orange iKey. In order to create a new Remote PED iKey:
When an individual no longer has the requirement to hold the authorized role associated with the HSM, a hand-over of iKeys and corresponding PIN or password should be arranged. When an iKey has been lost for a role to be revoked, guidance on recovering from a lost end user authentication iKey in section 11.6 should be followed.
Keys can be deleted from a partition in one of a number of ways: deleting the partition using the partition delete LunaCM command as the HSM SO; calling in the C_DestroyObject Cryptoki API command that lets a Partition CO delete any partition object owned by them; zeroization in response to authentication failure events (e.g. the HSM SO exceeding failed login threshold for the HSM zeroizes the entire HSM; the Partition SO exceeding failed login threshold for a user partition will zeroize the partition); and the entire module flash is erased using the bootloader terase and tplease commands. This erases the main firmware (excluding bootloader) and all keys on the module. NOTE Use of the terase and tplease bootloader commands to perform a complete erase of all Flash based storage is not intended to be performed by customers and is included here for completeness only. The Flash contains keys created during manufacture that cannot be replaced without repeating the full manufacturing process for the card. Following erase of the flash, only signed main firmware in a format not made publicly available can be loaded onto the module.
Resetting is the process of removing all sensitive information from the cryptographic module. Run the LunaCM hsm factoryreset command to reset the HSM to factory default settings. Care should be taken to observe that the command executes to a successful completion.
Life-cycle Assurance An example output from a successful factory reset is shown below: lunacm:>hsm factoryreset You are about to factory reset the HSM. All contents of the HSM will be destroyed. HSM policies will be reset and the remote PED vector will be erased. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now ->proceed Command Result : No Error Figure 11-1: Example successful factory reset console output from LunaCM
Updating the module’s firmware requires the HSM SO and the firmware update file to complete. Run the LunaCM hsm updatefw command to update the current firmware to a new version. If any failures are detected during the update, the command will fail and the module will continue running on the existing firmware. An example output from a successful firmware update is shown below: lunacm:>hsm updatefw -fuf fwupdateG7_testCert_7.0.1_RC327.fuf authcode fwupdateG7_testCert_7.0.1_RC327.fuf.txt You are about to update the firmware. The HSM will be reset. Are you sure you wish to continue? Type 'proceed' to continue, or 'quit' to quit now -> proceed Updating firmware. This may take several minutes. Firmware update passed. Resetting HSM Command Result : No Error Figure 11-2: Example successful FW update console output from LunaCM NOTE All updates of the firmware MUST be FIPS 140-3 validated before they can be loaded for the module to remain in an approved mode of operation.
The module does not require any periodic maintenance outside the routine inspection of tamper evidence as documented in Section 7.2.
Mitigation of Other Attacks
No assured mitigations to ‘other attacks’ are covered in this security policy.
Ahead of putting the module into its approved mode of operation, it is important to identify the hardware, main firmware and bootloader versions of the target module and to check these correspond to one of the tested modules listed in section Table 2-1. The following sections provide guidance on checking each element. NOTE Any module returning hardware, main firmware and bootloader versions not listed in this security policy is out of the scope of this validation and requires a separate FIPS 140-3 certificate. Both hardware part numbers in this security policy are correlated with the Thales Luna G7 Cryptographic Module. Checking the module’s name, hardware, bootloader and main firmware versions with38: hsm showinfo when using LunaCM. The command returns status information on the target cryptographic module including the version numbers for both bootloader, main firmware and separately the hardware identity. Example output for the command for a valid module is shown in the figure below with relevant versions and the module’s name highlighted in red: lunacm:>hsm showinfo Slot Id -> 6 Partition Label -> g7_597068 Partition Serial Number -> 597068 Partition Model -> Luna G7 Partition Manufacturer -> Gemalto Partition Status -> L3 Device, OK39 Session State -> CKS_RW_PUBLIC_SESSION Role Status -> none logged in RPV Initialized -> No Partition SMK OUIDs: SMK-FW4: Not Initialized SMK-FW6: Not Initialized SMK-FW7-FM: Not Initialized SMK-FW7-Rollover: Not Initialized SMK-FW7-Primary: 3c000000170000124c1c0900 LunaCM maps to the Luna ICD logical interface at the cryptographic module boundary. The command will show “Zeroized” instead of “OK” if the module is in a zeroized state.
Guidance Partition Storage: Total Storage Space: 655360 Used Storage Space: 0 Free Storage Space: 655360 Object Count: 0 Overhead: 24408 HSM Storage: Total Storage Space: 33554432 Used Storage Space: 679768 Free Storage Space: 32874664 Allowed Partitions: 1 Number of Partitions: 0 HSM Part Number -> 808-000080-001 Environmental: System Temperature : 35 deg. C Firmware Version -> 7.7.3 Bootloader Version -> 1.6.0 Rollback Firmware Version -> Not Available License Count: 1. 621000186-000 G7 Base CUF *** The HSM is in FIPS approved operation mode. *** Command Result : No Error 13-1: Example output of hsm showinfo command from LunaCM
The Thales Luna G7 Cryptographic Module comes in two configurations, the Thales Luna G7 USB HSM and the Thales Luna G7 Backup HSM. Check the configuration with: slot list when using LunaCM. The command returns status information of the cryptographic module including the configurations. Example output for the command for a valid module is shown in the figure below with relevant configurations highlighted in red: Available HSMs: Slot Id -> 105 Label -> g7backup_596424
Guidance Serial Number -> 596424 Model -> Luna G7 Firmware Version -> 7.7.3 Bootloader Version -> 1.6.0 Configuration -> Luna HSM Admin Partition (PW) Backup Mode Slot Description -> Admin Token Slot HSM Status -> L3 Device, OK Slot Id -> 108 Label -> g7_121212 Serial Number -> 121212 Model -> Luna G7 Firmware Version -> 7.7.3 Bootloader Version -> 1.6.0 Configuration -> Luna HSM Admin Partition (PW) Key Export With Cloning Mode Slot Description -> Admin Token Slot HSM Status -> L3 Device, OK 13-2: Example output of slot list command from LunaCM
The module is configured to be in an Approved Mode of Operation on a per-partition basis. To place a partition into its approved mode of operation, the HSM SO (Admin Partition) or Partition SO (User Partition) must check and, if necessary, set the following partition level policy: Partition Policy (43) Enable non-FIPS Algorithms - this policy is set to true by default if HSM Policy (12), Allow Non-FIPS Algorithms is separately set to true. If HSM Policy (12), Allow Non-FIPS Algorithms is set to false, the module will set this value to false (enforced by the module). This policy shall be set to false. Ahead of configuring the individual partitions, the HSM SO must set the following HSM level policies: HSM Policy (56), Allow User Defined ECC Curves is enabled by default and shall be disabled. If the HSM SO attempts to enable or disable these policies, a warning is displayed and the HSM SO is prompted to confirm the selection. If this policy is left as enabled, the module will be operating in the nonapproved mode of operation. Following entry into an approved mode of operation, any changes to either policy will trigger an automatic zeroization of the HSM erasing all roles and partition stored key objects.
To place the Thales Luna G7 Backup HSM into its approved mode of operation, the HSM SO must check and, if necessary, set the following HSM level policy: HSM Policy (55), Enable Restricted Restore
Guidance If the HSM SO attempts to disable these policies, a warning is displayed and the HSM SO is prompted to confirm the selection. If this policy is left as disabled, the module will be operating in the non-approved mode of operation. Following entry into an approved mode of operation, any changes to HSM Policy (55), Enable Restricted Restore will trigger an automatic zeroization of the HSM erasing all roles and partition stored key objects.
To make the module perform its cryptographic self-tests as described in section 10.2 you must use the following: Self Test (Option #90) when using the client tool. This will give you 3 options of self-tests to run on the module: Option 1, H/W Test
Guidance (TITLE) menu titles, (99 or FULL) Full Help, (NONE) No help, (0 or EXIT) Quit Status: Doing great, no errors (CKR_OK) 13-3: Example output of the Self Test command from CKDemo
The nominal operating temperatures of the module are between 5 and 35°C. The module’s tamper thresholds can be found in section 7.3. The nominal operation voltage of the module is 5V DC. The module’s voltage thresholds can also be found in section 7.3.
To log into the module’s roles as described in section 4.1 you must first set the slot to the partition you wish to log into. To set the slot you must first use the slot list LunaCM command to view the available slots, as shown above in section 13.2. Once you have the chosen slot you wish to log into use the following: set slot when using LunaCM. lunacm:> slot set -slot 4 Command Result : No Error 13-4: Example output of set slot command from LunaCM Once set you may now log into any of the available roles to the partition by using: role login when using LunaCM. lunacm:> role list Roles (short) ============================ Partition SO po Crypto Officer co Limited Crypto Officer lco Crypto User cu Command Result : No Error lunacm:>role login -name po Please attend to the PED. Command Result : No Error 13-5: Example output of role list and role login commands from LunaCM
Guidance NOTE Some roles must first be initialized before they can be logged in. To do so you must use the role init command in LunaCM
In addition to the direct guidance provided in this Security Policy, both Thales Luna G7 USB HSM and Thales Luna G7 Backup HSM include extensive user guidance in their online free to access manual. The full manuals for these products can be accessed at www.thalesdocs.com where the target products can be found under ‘Luna HSMs’ and where the ‘read docs’ link will take you to the front page where the document portal for Thales Luna G7 USB HSM. Thales Luna G7 Backup HSM documentation is part of the Luna PCIe HSM and Luna Network HSM documentations. As part of the product documentation: HSM Administration Guide