All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Ideem ZSM Cryptographic Module

Certificate#4982StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorIdeem, Inc.
Low review priority  ·  no TCB surface named  ·  last validated 14 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date3/2/2030
CaveatNo assurance of the minimum strength of generated SSPs (e.g., keys)
VendorIdeem, Inc.

Approved Algorithms (53)

AlgorithmACVP Cert
AES-CBCA5056
AES-CCMA5056
AES-CFB1A5056
AES-CFB128A5056
AES-CFB8A5056
AES-CMACA5056
AES-CTRA5055
AES-ECBA5055
AES-GCMA5056
AES-GMACA5056
AES-KWA5056
AES-KWPA5056
AES-OFBA5056
AES-XTS Testing Revision 2.0A5056
Counter DRBGA5056
ECDSA KeyGen (FIPS186-4)A5055
ECDSA KeyGen (FIPS186-5)A5056
ECDSA KeyVer (FIPS186-5)A5056
ECDSA SigGen (FIPS186-4)A5055
ECDSA SigGen (FIPS186-5)A5056
ECDSA SigVer (FIPS186-5)A5056
HMAC-SHA-1A5056
HMAC-SHA2-224A5056
HMAC-SHA2-256A5056
HMAC-SHA2-384A5056
HMAC-SHA2-512A5056
HMAC-SHA2- 512/224A5056
HMAC-SHA2- 512/256A5056
HMAC-SHA3-224A5056
HMAC-SHA3-256A5056
HMAC-SHA3-384A5056
HMAC-SHA3-512A5056
KAS-ECC-SSC Sp800-56Ar3A5056
KDA HKDF SP800- 56Cr2A5056
KDF TLS (CVL)A5056
PBKDFA5056
RSA KeyGen (FIPS186-5)A5055
RSA SigGen (FIPS186-5)A5055
RSA SigVer (FIPS186-5)A5056
SHA-1A5056
SHA2-224A5056
SHA2-256A5056
SHA2-384A5056
SHA2-512A5056
SHA2-512/224A5056
SHA2-512/256A5056
SHA3-224A5056
SHA3-256A5056
SHA3-384A5056
SHA3-512A5056
SHAKE-128A5056
SHAKE-256A5056
TLS v1.2 KDF RFC7627 (CVL)A5056

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Ideem ZSM Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>AES for Multi-party Symmetric Encryption/Decryption<br/>AES for Symmetric Encryption/Decryption<br/>AES-XTS for Symmetric Encryption/Decryption</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Ideem ZSM Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>AES for Multi-party Symmetric Encryption/Decryption<br/>AES for Symmetric Encryption/Decryption<br/>AES-XTS for Symmetric Encryption/Decryption</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

Ideem, Inc. Ideem ZSM Cryptographic Module Software Version: 1.0 FIPS Security Level: 1 Document Version: 1.0 Prepared for: Prepared by: Ideem, Inc.

800 W. 47th Street

Kansas City, MO 64112 United States of America Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 816 280 4456 www.useideem.com Phone: +1 703 267 6050 www.corsec.com

Page 2

February 19, 2025 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Ideem ZSM Cryptographic Module (version: 1.0) from Ideem, Inc. (Ideem). This Security Policy describes how the Ideem ZSM Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Ideem ZSM Cryptographic Module is referred to in this document as Ideem Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:

Page 3

February 19, 2025 Table of Contents 1. 1.1 1.2 2. 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3. 3.1 4. 4.1 4.2 4.3 4.4 5. 5.1 5.2 6. 6.1 7. 8. 9. 9.1 9.2 9.3 9.4 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 4

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 5

February 19, 2025 List of Tables List of Figures Figure 4 - Logical Diagram of the Cryptographic Module Running on Different Virtual Machines in the Same Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical securityN/A
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacks1
Overall LevelOverall Level1

1. 1.1 Overview February 19, 2025 Ideem ZSM Cryptographic Module randomly splits keys across servers and mobile devices so that they are never in any single place to be stolen. The advanced protocols used in Ideem Cryptographic Module ensure that even if servers or devices are breached and completely controlled by an attacker, the secrets and credentials cannot be stolen. The result is that digital assets remain safe, even if all else fails and attackers get inside the network. Furthermore, Ideem Cryptographic Module frequently refreshes the random split key process by distributing different, random key parts to each Ideem server or device. As a result of the refresh, even in the extremely unlikely case that an attacker breaches the server and steals a key part, the key part alone is useless, and it becomes obsolete as soon as the next refresh takes place. This provides a very high level of security and enables enterprise servers to be used with a much lower level of risk. 1.2 Security Levels The Ideem ZSM Cryptographic Module is validated at the FIPS 140-3 section levels shown below. Table 1: Security Levels N/A N/A Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 7

February 19, 2025 2. Cryptographic Module Specification 2.1 Description

2.1.1 Purpose and Use

Ideem Cryptographic Module is able to protect all types of standard cryptographic keys for all purposes, including encryption/decryption, digital signing, and authentication. Ideem’s technology for securing keys secure multiparty computation (MPC) is fully transparent to the calling application.

2.1.2 Module Type

The Ideem ZSM Cryptographic Module 1.0 is a Software module.

2.1.3 Module Embodiment

The Ideem ZSM Cryptographic Module has a MultiChipStand embodiment. The module is designed to utilize the following processor algorithm acceleration (PAA) instructions sets for its AES and SHA implementations:

2.1.4 Module Characteristics

The module does not have any additional characteristics.

2.1.5 Cryptographic Boundary

As a software cryptographic module, the module takes on the physical characteristics of the host platform. The physical perimeter of the cryptographic module is defined by each host device on which the module is installed. The cryptographic boundary is the contiguous perimeter that surrounds all memory-mapped functionality provided by the module when loaded and stored in the host platform’s memory. The module is entirely contained within the physical perimeter. The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled source code. The module’s software component comprises 3 shared library files and 3 digest files for testing integrity. All hardware and software components are contained within the host platform’s physical enclosure. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 8

February 19, 2025 The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled source code. On the RedHat and Android operating systems the module is comprised of the following binary files:

2.1.6 Tested Operational Environment’s Physical Perimeter

(TOEPP) Figure 1 illustrates a block diagram of a typical GPC and the module’s physical perimeter. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 9

Hardware Management February 19, 2025 DVD Network Interface RAM HDD Clock Generator SCSI/SATA Controller LEDs/LCD Serial CPU I/O Hub Audio Cache Power Interface PCI/PCIe Slots USB BIOS PCI/PCIe Slots Graphics Controller External Power Supply KEY: Plaintext Data Encrypted Data Control Input Status Output Physical Perimeter BIOS

Page 10
KEY: Data Input Cryptographic Boundary Data Output Control Input Physical Perimeter Control Output Status Output System Calls
Data Input Data Output Control Input Control Output Status OutputCryptographic Boundary Physical Perimeter System Calls

HMAC SHA digests February 19, 2025 MPC Library (AES, ECDSA, and RSA) TLS Library Calling Application Operating System CPU Memory Storage Ports Host Device Figure 2. Module Block Diagram (with Cryptographic Boundaries) 2.2 Tested and Vendor Affirmed Module Version and Identification

2.2.1 Tested Module Identification – Hardware

This section is only applicable to hardware modules. N/A for this module.

2.2.2 Tested Module Identification – Software, Firmware, Hybrid

(Executable Code Sets) The table below lists the executable code sets of the module. The module count is 3. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 11
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiFeaturesPackage
RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesRedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesAndroid: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesiOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2Yes
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2No
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)Yes
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)No
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)Yes
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)No
RedHat 7 and aboveRedHat 7 and aboveAny x86-based platform
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiFeaturesPackage
RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesRedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesAndroid: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesiOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2Yes
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2No
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)Yes
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)No
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)Yes
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)No
RedHat 7 and aboveRedHat 7 and aboveAny x86-based platform
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiFeaturesPackage
RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesRedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesAndroid: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac1.0YesiOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2Yes
RedHat 9.2RedHat 9.2Dell T56101.0Intel Xeon CPU E5-2609 v2No
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)Yes
iOS 16.5iOS 16.5iPhone 141.0Apple A15 Bionic (ARMv8)No
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)Yes
Android 13Android 13Pixel 61.0Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55)No
RedHat 7 and aboveRedHat 7 and aboveAny x86-based platform
CentOS 7 and aboveCentOS 7 and aboveAny x86-based platform
Ubuntu 16 and aboveUbuntu 16 and aboveAny x86-based platform
iOS 12 and aboveiOS 12 and aboveiPhone 8 and newer
Android 11 and aboveAndroid 11 and abovePixel 4a and newer
RedHat 7 and above and iOS 12 and aboveRedHat 7 and above and iOS 12 and aboveAny x86-based platform and iPhone 8 and newer (mixed configuration)
CentOS 7 and above and iOS 12 and aboveCentOS 7 and above and iOS 12 and aboveAny x86-based platform and iPhone 8 and newer (mixed configuration)
Ubuntu 16 and above and iOS 12 and aboveUbuntu 16 and above and iOS 12 and aboveAny x86-based platform and iPhone 8 and newer (mixed configuration)
RedHat 7 and above and Android 11 and aboveRedHat 7 and above and Android 11 and aboveAny x86-based platform and Pixel 4a and newer (mixed configuration)
CentOS 7 and above and Android 11 and aboveCentOS 7 and above and Android 11 and aboveAny x86-based platform and Pixel 4a and newer (mixed configuration)
Ubuntu 16 and above and Android 11 and aboveUbuntu 16 and above and Android 11 and aboveAny x86-based platform and Pixel 4a and newer (mixed configuration)

February 19, 2025 1.0 1.0 1.0 Table 2: Tested Module Identification

2.2.3 Tested Module Identification – Hybrid Disjoint Hardware

This section is only applicable to hybrid modules. N/A for this module.

2.2.4 Tested Operational Environments – Software, Firmware,

Hybrid The module was tested and found to be compliant with FIPS 140-3 requirements on the environments listed in the table below. 9.2 9.2 1.0 1.0 1.0 1.0 1.0 1.0 Table 3: Tested Operational Environments - Software, Firmware, Hybrid

2.2.5 Vendor-Affirmed Operational Environments – Software,

Firmware, Hybrid The vendor affirms the module’s continued validation compliance when operating on the platforms listed below. The table below also lists operational environments that support the mixed configuration. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 12

February 19, 2025 Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid The mixed configuration operating environments refer to a distributed system where two instances of the cryptographic module are configured to execute the multi-party services in communication with each other, via the calling Application.

  1. Each logical component of the Cryptographic Module is installed on a different machine (Figure 3).
  2. Each logical component of the Cryptographic Module is installed on a different virtual machine running in a single hypervisor on a single physical machine (Figure 4).
  3. Each logical component of the Cryptographic Module is installed on a different Docker container running on a single machine (Figure 5)
  4. Each logical component of the Cryptographic Module is part of a different process running on the same machine (Figure 6).
  5. All logical components of the Cryptographic Module are part of a single process (Figure 7). Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
Page 13

February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic ModuleServer Operational Environment Operational Environment General Purpose Hardware General Purpose Hardware Host Device Key: Logical Boundary Physical Boundary Figure 3 - Logical Diagram of the Cryptographic Module Running on Different Machines Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 14

February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server VM 1 VM 2 Hypervisor Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 4 - Logical Diagram of the Cryptographic Module Running on Different Virtual Machines in the Same Hypervisor Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 15

February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Docker Container 1 Docker Container 2 Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 5 - Logical Diagram of the Cryptographic Module Running on Different Docker Containers Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 16

February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Process 1 Process 2 Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 6 - Logical Diagram of the Cryptographic Module Running on Different Processes Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 17

February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Single Process Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 7 - Logical Diagram of the Cryptographic Module Running on a Single Process Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 18
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA5056Key Length - 128, 192, 256SP 800-38C
AES-CFB1A5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CMACA5056Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA5055Direction - Decrypt, Encrypt Key Length - 128SP 800-38A
AES-CTRA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5055Direction - Encrypt Key Length - 128SP 800-38A
AES-ECBA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA5056Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-GMACA5056Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256SP 800-38D
AES-KWA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-OFBA5056Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-XTS Testing Revision 2.0A5056Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA5056Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A5055Curve - P-256 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyGen (FIPS186-5)A5056Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyVer (FIPS186-5)A5056Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA SigGen (FIPS186-4)A5055Curve - P-256 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3- 256, SHA3-384, SHA3-512FIPS 186-4
ECDSA SigGen (FIPS186-5)A5056Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5056Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-5
HMAC-SHA-1A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2-224A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2-256A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2-384A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2-512A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA3-224A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA3-256A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA3-384A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
HMAC-SHA3-512A5056Key Length - Key Length: 8-524288 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A5056Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KDA HKDF SP800- 56Cr2A5056Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-3968 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512SP 800-56C Rev. 2
KDF TLS (CVL)A5056TLS Version - v1.2 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
PBKDFA5056Iteration Count - Iteration Count: 10-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
RSA KeyGen (FIPS186-5)A5055Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5056Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA SigGen (FIPS186-5)A5055Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigGen (FIPS186-5)A5056Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
RSA SigVer (FIPS186-5)A5056Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pssFIPS 186-5
SHA-1A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-224A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-256A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-384A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512/224A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA2-512/256A5056Message Length - Message Length: 0-65528 Increment 8FIPS 180-4
SHA3-224A5056Message Length - Message Length: 0-65528 Increment 8FIPS 202
SHA3-256A5056Message Length - Message Length: 0-65528 Increment 8FIPS 202
SHA3-384A5056Message Length - Message Length: 0-65528 Increment 8FIPS 202
SHA3-512A5056Message Length - Message Length: 0-65528 Increment 8FIPS 202
SHAKE-128A5056Output Length - Output Length: 16-1024 Increment 8FIPS 202
SHAKE-256A5056Output Length - Output Length: 16-1024 Increment 8FIPS 202
TLS v1.2 KDF RFC7627 (CVL)A5056Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1

February 19, 2025 The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC for the software module uses any single-user operating system/mode specified on the validation certificate, or another compatible single-user operating system. The module also maintains compliance when operating in a virtual environment provided by any of the following supported hypervisors:

2.4.1 Modes List and Description

By design, the module only supports operation in the Approved mode. 2.5 Table 5: Modes List and Description Algorithms

2.5.1 Approved Algorithms

The module employs cryptographic algorithm implementations from the following sources:

Page 19

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 20
Service
NameProperties
CKGIdeem ZSM Single-party Cryptographic LibrarySP 800-133 Rev. 2

February 19, 2025 Table 6: Approved Algorithms

2.5.2 Vendor Affirmed Algorithms

The vendor affirms the following cryptographic security methods: Table 7: Vendor-Affirmed Algorithms ©2024 Ideem, Inc.

Page 21
Service
NameDescriptionApproved FunctionsType
AES for Multi-party Symmetric Encryption/DecryptionBlock cipher unauthenticatedAES-CTR AES-ECBBC-UnAuth
ECDSA for Multi-party Asymmetric Key Pair GenerationAsymmetric key-pair generationECDSA KeyGen (FIPS186-4)AsymKeyPair-KeyGen
ECDSA for Multi-party Digital Signature GenerationDigital signature generationECDSA SigGen (FIPS186- 4)DigSig-SigGen
RSA for Multi-party Asymmetric Key Pair GenerationAsymmetric key-pair generationRSA KeyGen (FIPS186-5)AsymKeyPair-KeyGen
RSA for Multi-party Digital Signature GenerationDigital signature generationRSA SigGen (FIPS186-5)DigSig-SigGen
AES for Symmetric Encryption/DecryptionBlock cipher unauthenticatedAES-CBC AES-CFB1 AES-CFB8 AES-CFB128 AES-CTR AES-ECB AES-OFBBC-UnAuth
AES-CMAC for Message AuthenticationMessage AuthenticationAES-CMACMAC
AES-GMAC for Message AuthenticationMessage AuthenticationAES-GMACMAC
AES-CCM for Authenticated Symmetric Encryption/DecryptionBlock cipher authenticatedAES-CCMBC-Auth
AES-GCM for Authenticated Symmetric Encryption/DecryptionBlock cipher authenticatedAES-GCMBC-Auth
AES-XTS for Symmetric Encryption/DecryptionBlock cipher unauthenticatedAES-XTS Testing Revision 2.0BC-UnAuth
DRBGDeterministic random bit generatorCounter DRBGDRBG
ECDSA for Key GenerationAsymmetric key-pair generationECDSA KeyGen (FIPS186-5) Counter DRBGAsymKeyPair-KeyGen
ECDSA for Key VerificationAsymmetric key-pair verificationECDSA KeyVer (FIPS186- 5)AsymKeyPair-KeyVer
ECDSA for Digital Signature GenerationDigital signature generationECDSA SigGen (FIPS186- 5) SHA2-224 SHA2-256 SHA2-384 SHA2-512 Counter DRBGDigSig-SigGen
ECDSA for Digital Signature VerificationDigital signature verificationECDSA SigVer (FIPS186- 5) SHA2-224 SHA2-256 SHA2-384 SHA2-512DigSig-SigVer
HMAC for Message AuthenticationMessage authenticationHMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512MAC
ECDH Shared Secret ComputationShared secret computationKAS-ECC-SSC Sp800- 56Ar3 ECDSA KeyGen (FIPS186-5) ECDSA KeyVer (FIPS186- 5) Counter DRBGKAS-SSC
AES for Key Wrapping/UnwrappingKey WrapAES-CBC AES-CFB8 AES-CFB1 AES-CFB128 AES-CTR AES-ECB AES-OFB AES-CMAC AES-GMAC AES-CCM AES-GCM AES-KW AES-KWP HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512KTS-Wrap
HKDF for Key DerivationHMAC-based Extract- and-Expand Key Derivation FunctionKDA HKDF SP800-56Cr2 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512KAS-56CKDF
PBKDF for Key DerivationPassword-based key derivationPBKDF SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA3-224 SHA3-256 SHA3-384 SHA3-512PBKDF
RSA for Key GenerationKey generationRSA KeyGen (FIPS186-5) Counter DRBGAsymKeyPair-KeyGen
RSA for Signature GenerationSignature generationRSA SigGen (FIPS186-5) Counter DRBG SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512DigSig-SigGen
RSA for Signature VerificationSignature verificationRSA SigVer (FIPS186-5) SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512DigSig-SigVer
SHA for Message DigestMessage DigestSHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256SHA
SHA3 for Message DigestMessage DigestSHA3-224 SHA3-256 SHA3-384 SHA3-512SHA
SHAKE for Extendable Output FunctionExtendable output functionSHAKE-128 SHAKE-256XOF
TLS v1.2 Key AgreementKey agreementKAS-ECC-SSC Sp800- 56Ar3 ECDSA KeyGen (FIPS186-5) ECDSA KeyVer (FIPS186- 5) SHA2-256 SHA2-384 SHA2-512 Counter DRBG TLS v1.2 KDF RFC7627 KDF TLSKAS-Full
TLS v1.2 AuthenticationTLS v1.2 signature verificationRSA SigVer (FIPS186-5) Modulo: 2048 Hash Algorithm: SHA2- 256 SHA2-256DigSig-SigVer
TLS v1.2 Data Encryption/DecryptionTLS v1.2 encryption and decryptionAES-CBC Key size: 128, 256 Direction: Encrypt, Decrypt AES-GCM Key Length: 128, 256 IV Generation: Internal IV Generation Mode: 8.2.1 Direction: Decrypt, EncryptBC-Auth BC-UnAuth
TLS v1.2 Key DerivationTLS v1.2 key derivationKDF TLS TLS v1.2 KDF RFC7627 SHA2-256 SHA2-384 SHA2-512KAS-135KDF
2.5.3 Non-Approved, Allowed Algorithms

The module does not offer any non-Approved algorithms allowed in the Approved mode of operation. N/A for this module.

2.5.4 Non-Approved, Allowed Algorithms with No Security Claimed

The module does not offer any non-Approved algorithms allowed in the Approved mode of operation with no security claimed. N/A for this module.

2.5.5 Non-Approved, Not Allowed Algorithms

The module does not offer non-Approved algorithms not allowed in the Approved mode of operation. N/A for this module. 2.6 Security Function Implementations The table below lists the security function implementations for this module. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 22

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 23

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 24

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 25

February 19, 2025 8.2.1 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 26

February 19, 2025 Table 8: Security Function Implementations 2.7 Algorithm Specific Information The information below provides algorithm information of references to specifications.

Page 27

February 19, 2025 As specified in NIST SP 800-132, keys derived from passwords/passphrases may only be used in storage applications. 2.8 RBG and Entropy The module does not have any entropy certificates. N/A for this module. The calling application provides a minimum number of 256 bits of entropy. The calling application and its entropy source are outside the module cryptographic boundary. The calling application shall use entropy sources that meet the security strength required for the Counter DRBG as shown in Table 3 of SP 800-90A Rev. 1. This entropy shall be supplied by means of a callback function. The callback function must return an error if the minimum entropy strength cannot be met. N/A for this module. 2.9 Key Generation Please refer to Table 8: Security Function Implementations for specification of the module’s key generation methods. 2.10 Key Establishment

2.10.1 Key Agreement Information

Please refer to Table 8: Security Function Implementations for specification of the module’s key agreement methods.

2.10.2 Key Transport Information

Please refer to Table 8: Security Function Implementations for specification of the module’s transport methods. 2.11 Industry Protocols The module implements the following industry protocol:

1 No parts of the TLS protocol, other than the KDF, have been tested by the CAVP or CMVP.

Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 28
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
Physical data input port(s) of the tested platformsPhysical data input port(s) of the tested platformsData InputLogical interface is defined as API input arguments that provide input data for processing. This includes data to be encrypted, decrypted, signed, verified, and hashed, keys to be used in cryptographic services, random seed material for the DRBG of the module, keying material used as input to key establishment services, and intermediate data required for services.
Physical data output port(s) of the tested platformsPhysical data output port(s) of the tested platformsData OutputLogical interface is defined as API output arguments that return generated or processed data back to the caller. This includes data that has been encrypted/decrypted/verified, digital signatures, hashes, random values generated by the DRBG of the module, keys established using key establishment methods of the module, and key components/intermediate data/traffic (client and server data and messages).
Physical control input port(s) of the tested platformsPhysical control input port(s) of the tested platformsControl InputLogical interface is defined as API input arguments that are used to initialize and control the operation of the module. This includes API commands invoking cryptographic services, modes, key sizes, etc. used with cryptographic services.
Physical status output port(s) of the tested platformsPhysical status output port(s) of the tested platformsStatus OutputLogical interface is defined as API call return values. This includes status information regarding the module or invoked service/operation.

February 19, 2025 3. 3.1 Ports and Interfaces The module supports the following logical interfaces:

Page 29
Service
NameRole AccessType
Crypto OfficerCORoleNone
UserUserRoleNone

February 19, 2025 4. Roles, Services, and Authentication 4.1 The module does not support authentication mechanisms; operators implicitly assume an authorized role (or set of roles) based on the service selected. N/A for this module. 4.2 Roles The module supports a Crypto Officer (CO) that authorized operators can assume. The CO role performs cryptographic initialization or management functions and general security services. The module also supports the following role:

Page 30
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Show statusReturn FIPS mode statusUnauthenticatedNoneN/AAPI call parametersCurrent operational status
Perform self-tests on- demandPerform pre- operational self-testsUnauthenticatedNoneAPI return valueAPI call parametersStatus

February 19, 2025 The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:

Page 31
ZeroizeZeroize and de- allocate memory containing sensitive dataN/AAPI call parametersNoneNoneCrypto Officer - MPC AES Key: Z - MPC ECDSA Public key: Z - MPC ECDSA Private key: Z - MPC RSA public key: Z - MPC RSA private key: Z - AES key: Z - AES CCM key: Z - AES GCM key: Z - AES GCM IV: Z - AES XTS key: Z - AES CMAC key: Z - AES GMAC key: Z - ECDH private component: Z - ECDH public component: Z - DRBG entropy input: Z - DRBG seed: Z - DRBG 'V' value: Z - DRBG 'Key' value: Z - ECDSA private key: Z - ECDSA public key: Z - HMAC key: Z - RSA private key: Z - RSA public key: Z - TLS extended pre-master secret: Z - TLS master secret: Z - TLS Session Key: Z - TLS Authentication Key (HMAC key): Z - TLS Server Authentication Key: Z - HKDF Derived key: Z - PBKDF Derived key: Z - Password: Z

N/A February 19, 2025 Z Z Z Z Z Z Z Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 32
Service
NameDescriptionCsps AccessedApproved FunctionsIndicatorInputOutput
Show versioning informationReturn module versioning informationUnauthenticatedNoneN/AAPI call parametersModule name, version
Perform Multi-party symmetric encryptionEncrypt plaintext dataUser - MPC AES Key: W,EAES for Multi-party Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, plaintextStatus, ciphertext
Perform Multi-party symmetric decryptionDecrypt ciphertext dataUser - MPC AES Key: W,EAES for Multi-party Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, ciphertextStatus, plaintext
Generate Multi-party asymmetric key pairGenerate a public/private key pairUser - MPC ECDSA Public key: G,R - MPC ECDSA Private key: G,R - MPC RSA public key: G,R - MPC RSA private key: G,RECDSA for Multi-party Asymmetric Key Pair Generation RSA for Multi-party Asymmetric Key Pair GenerationAPI return valueAPI call parametersStatus, key pair
Generate Multi-party digital signatureGenerate a digital signatureUser - MPC ECDSA Private key: W,E - MPC RSA public key: W,EECDSA for Multi-party Digital Signature Generation RSA for Multi-party Digital Signature GenerationAPI return valueAPI call parameters, key, messageStatus, signature
Perform symmetric encryptionEncrypt plaintext dataUser - AES key: W,E - AES XTS key: W,EAES for Symmetric Encryption/Decryption AES-XTS for Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, plaintextStatus, ciphertext
Perform symmetric decryptionDecrypt ciphertext dataUser - AES key: W,E - AES XTS key: W,EAES for Symmetric Encryption/Decryption AES-XTS for Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, ciphertextStatus, plaintext
Generate symmetric digestGenerate symmetric digestUser - AES CMAC key: W,E - AES GMAC key: W,EAES-CMAC for Message Authentication AES-GMAC for Message AuthenticationAPI return valueAPI call parameters, key, plaintextStatus, digest
Verify symmetric digestVerify symmetric digestUser - AES CMAC key: W,E - AES GMAC key: W,EAES-CMAC for Message Authentication AES-GMAC for Message AuthenticationAPI return valueAPI call parameters, key, digestStatus
Perform authenticated symmetric encryptionEncrypt plaintextUser - AES CCM key: W,E - AES GCM key: W,E - AES GCM IV: G,R,EAES-CCM for Authenticated Symmetric Encryption/Decryption AES-GCM for Authenticated Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, plaintextStatus, ciphertext
Perform authenticated symmetric decryptionDecrypt ciphertextUser - AES CCM key: W,E - AES GCM key: W,E - AES GCM IV: W,EAES-CCM for Authenticated Symmetric Encryption/Decryption AES-GCM for Authenticated Symmetric Encryption/DecryptionAPI return valueAPI call parameters, key, ciphertextStatus, plaintext
Generate random numberGenerate random bits using DRBGUser - DRBG entropy input: W,E - DRBG seed: G,E - DRBG 'V' value: G,E - DRBG 'Key' value: G,EDRBGAPI return valueAPI call parametersStatus, random bits
Perform keyed hash operationCompute a message authentication codeUser - HMAC key: W,EHMAC for Message AuthenticationAPI return valueAPI call parameters, key, messageStatus, MAC
Perform hash operationCompute a message digestUserSHA for Message Digest SHA3 for Message Digest SHAKE for Extendable Output FunctionAPI return valueAPI call parametersStatus, hash
Generate asymmetric key pairGenerate a public/private key pairUser - ECDSA public key: G,R - ECDSA private key: G,R - RSA public key: G,R - RSA private key: G,R - ECDH public component: G,R - ECDH private component: G,RECDSA for Key Generation RSA for Key GenerationAPI return valueAPI call parametersStatus, key pair
Verify ECDSA public keyVerify an ECDSA public keyUser - ECDSA public key: WECDSA for Key VerificationAPI return valueAPI call parameters, keyStatus
Generate digital signatureGenerate a digital signatureUser - ECDSA private key: W,E - RSA private key: W,EECDSA for Digital Signature Generation RSA for Signature GenerationAPI return valueAPI call parameters, key, messageStatus, signature
Verify digital signatureVerify a digital signatureUser - ECDSA public key: W,E - RSA public key: W,EECDSA for Digital Signature Verification RSA for Signature VerificationAPI return valueAPI call parameters, key, signature, messageStatus
Perform key wrapPerform key wrapUser - AES key: W,E - AES CCM key: W,E - AES CMAC key: W,E - AES GMAC key: W,E - AES GCM key: W,E - AES GCM IV: G,R,EAES for Key Wrapping/UnwrappingAPI return valueAPI call parameters, encryption key, keyStatus, encrypted key
Perform key unwrapPerform key unwrapUser - AES key: W,E - AES CCM key: W,E - AES CMAC key: W,E - AES GMAC key: W,E - AES GCM key: W,E - AES GCM IV: W,EAES for Key Wrapping/UnwrappingAPI return valueAPI call parameters, decryption key, keyStatus, decrypted key
Compute shared secretCompute ECDH shared secret suitable for use as input to a TLS KDFUser - ECDH public component: W,E - ECDH private component: W,EECDH Shared Secret ComputationAPI return valueAPI call parametersStatus, shared secret
TLS v1.2 network protocolUtilize TLS protocolUser - ECDH public component: W,E - ECDH private component: W,E - TLS extended pre-master secret: W,E - TLS master secret: W,E - TLS Authentication Key (HMAC key): W,E - TLS Session Key: W,E - TLS Server Authentication Key: R,ETLS v1.2 Key Agreement TLS v1.2 Authentication TLS v1.2 Data Encryption/DecryptionAPI return valueAPI call parameters, TLS certs and keys, raw application data, TLS session dataStatus, TLS keys, TLS session data, decrypted application data
Derive keys via TLS v1.2 KDFDerive TLS session and integrity keysUser - TLS extended pre-master secret: W,E - TLS master secret: G,E - TLS Session Key: G,ETLS v1.2 Key DerivationAPI return valueAPI call parameters, TLS extended pre-master secretStatus, TLS keys
Certificate Management/HandlingCertificate management servicesUser - AES key: W,E - AES XTS key: W,E - ECDSA public key: R,W,E - ECDSA private key: R,W,E - RSA public key: R,W,E - RSA private key: R,W,EAES for Symmetric Encryption/Decryption ECDSA for Digital Signature Generation ECDSA for Digital Signature Verification RSA for Signature Generation RSA for Signature Verification SHA for Message Digest SHA3 for Message DigestAPI return valueAPI call parameters, AES key, private keys, public keys, certificates, certificate data.Status
Perform key agreement functionsEstablish symmetric key using ECDH key agreementUser - ECDH public component: W,E - ECDH private component: W,E - AES key: G,R - AES GCM key: G,R - AES GCM IV: G,R - HMAC key: G,RTLS v1.2 Key AgreementAPI return valueAPI call parametersStatus, symmetric key
Derive key via HKDFDerive key from HKDFUser - HKDF Derived key: G,RHKDF for Key DerivationAPI return valueAPI call parameters, input key materialStatus, key
Derive key via PBKDF2Derive key from PBKDF2User - Password: W,E - PBKDF Derived key: G,RPBKDF for Key DerivationAPI return valueAPI call parameters, passwordStatus, key

February 19, 2025 N/A W,E W,E W,E W,E W,E W,E W,E W,E W,E W,E G,R,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 33

February 19, 2025 W,E W,E W,E G,E G,R G,R W,E W,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 34

February 19, 2025 W,E W,E W,E W,E G,R,E W,E W,E W,E W,E W,E W,E W,E G,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 35

February 19, 2025 Table 11: Approved Services W,E R,W,E R,W,E G,R G,R * Per FIPS 140-3 Implementation Guidance 2.4.C, the Show Status and Show Versioning Information services do not require a service indicator. 4.4 Non-Approved Services The module does not offer any non-Approved services. N/A for this module. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 36

5. Software/Firmware Security 5.1 Integrity Techniques February 19, 2025 All software components within the cryptographic boundary are verified using an approved integrity technique implemented within the cryptographic module itself. The module implements independent HMAC SHA2-256 checks for the integrity test of each library file; failure of the integrity test for any file will cause the module to enter a critical error state. The calling application is responsible for the initialization process and loading of the library. The module is designed with a default entry point (DEP) that ensures that the pre-operational self-tests are initiated automatically when the module is loaded without action from the module operator. 5.2 Initiate on Demand The CO can initiate the pre-operational tests on demand by issuing the securikey_fips_self_test() call. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 37

6. Operational Environment 6.1 Operational Environment Type and Requirements February 19, 2025 The Ideem ZSM Cryptographic Module comprises a software cryptographic library that executes in a Modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host platform’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environments. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 38

7. February 19, 2025 Physical Security The cryptographic module is a multi-chip standalone software module and does not include physical security mechanisms. Therefore, per section 7.5 of the FIPS PUB 140-3 Management Manual this section is not applicable. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 39

8. February 19, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in Annex F of ISO/IEC 19790. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 40
Sensitive security parameter
NameTypeDescription
RAMDynamicSSPs stored in RAM
Service
NameTypeFromTo
Plaintext import via API parameterPlaintextExternalRAMManualElectronic
Plaintext export via API parameterPlaintextRAMExternalManualElectronic
ZeroizationDescriptionRationaleOperator Initiation
Method
Zeroize serviceThe OpenSSL_cleanse() function zeroizes SSPs. OpenSSL_cleanse() may only be called directly by the calling application for some SSPs. However, other SSPs will be zeroized by an indirect call to OpenSSL_cleanse() via object destruction APIs.The OpenSSL_cleanse() service zeroizes SSPs, which makes them irretrievable.The operator calls the OpenSSL_cleanse(). The successful completion of the procedural zeroization suffices as the implicit indicator that zeroization has completed.

February 19, 2025 9. Sensitive Security Parameters Management 9.1 Storage Areas The table below lists sensitive security parameters (SSPs) storage areas for this module. 9.2 Table 12: Storage Areas SSP Input-Output Methods The table below lists SSP input and output methods for this module. Table 13: SSP Input-Output Methods 9.3 SSP Zeroization Methods The table below lists SSP zeroization methods for this module. Table 14: SSP Zeroization Methods 9.4 The module supports the keys and other SSPs listed in the table below. Note that all SSP imports and exports are electronic and performed withing the Tested OE’s Physical Parameter (TOEPP). Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 41
Sensitive security parameter
NameTypeDescriptionStrengthEstablishmentUse
MPC AES KeySymmetric Key - CSPMulti-party symmetric encryption and decryption128 bits - 128 bitsAES for Multi-party Symmetric Encryption/Decryption
MPC ECDSA Public keyPublic/Private - PSPPublic key paired with the MPC ECDSA private key.256 bits - 128 bitsECDSA for Multi-party Asymmetric Key Pair Generation
MPC ECDSA Private keyPublic/Private - CSPMulti-party digital signature generation256 bits - 128 bitsECDSA for Multi-party Digital Signature GenerationECDSA for Multi-party Asymmetric Key Pair Generation
MPC RSA public keyPublic/Private - PSPPublic key paired with the MPC ECDSA private keyBetween 2048 and 4096 bits - Between 112 and 150 bitsRSA for Multi-party Asymmetric Key Pair Generation
MPC RSA private keyPublic/Private - CSPMulti-party digital signature generationBetween 2048 and 4096 bits - Between 112 and 150 bitsRSA for Multi-party Digital Signature GenerationRSA for Multi-party Asymmetric Key Pair Generation
AES keySymmetric Key - CSPSymmetric encryption and decryption; key wrap and unwrap Modes: (CBC, CFB, CTR, ECB, OFB, KW, KWP)Between 128 and 256 bits - Between 128 and 256 bitsTLS v1.2 Key Derivation AES for Key Wrapping/UnwrappingAES for Symmetric Encryption/Decryption
AES CCM keySymmetric Key - CSPAuthenticated symmetric encryption, decryption; key transportBetween 128 and 256 bits - Between 128 and 256 bitsTLS v1.2 Key Derivation AES for Key Wrapping/UnwrappingAES-CCM for Authenticated Symmetric Encryption/Decryption
AES GCM keySymmetric Key - CSPAuthenticated symmetric encryption, decryption; key transportBetween 128 and 256 bits - Between 128 and 256 bitsTLS v1.2 Key DerivationAES-GCM for Authenticated Symmetric Encryption/Decryption
AES GCM IVInitialization Vector - CSPInitialization vector for AES GCM96 bits - n/aAES-GCM for Authenticated Symmetric Encryption/DecryptionGenerated internally in compliance with the provisions of a peer-to- peer industry standard protocol. Technique 1.a. as specified in FIPS 140-3 IG C.H.
AES XTS keySymmetric Key - CSPSymmetric encryption, decryption256-bits - 256-bitsAES-XTS for Symmetric Encryption/Decryption
AES CMAC keySymmetric Key - CSPKey wrap and unwrapBetween 128 and 256 bits - Between 128 and 256 bitsAES-CMAC for Message Authentication
AES GMAC keyAuthentication Key - CSPMAC generation, verificationBetween 128 and 256 bits - Between 128 and 256 bitsAES-GMAC for Message Authentication
ECDH private componentPublic/Private - CSPECDH shared secret computationBetween 224 and 521 bits - Between 112 and 256 bitsECDH Shared Secret Computation TLS v1.2 Key AgreementECDSA for Key Generation
ECDH public componentPublic/Private - PSPECDH shared secret computationBetween 224 and 521 bits - Between 112 and 256 bitsECDH Shared Secret Computation TLS v1.2 Key AgreementECDSA for Key Generation
DRBG entropy inputEntropy Input - CSPEntropy material for DRBGBetween 128 and 512 bits - Between 128 and 512 bitsDRBG
DRBG seedSeed - CSPSeeding material for DRBGBetween 256 and 384 - Between 256 and 384DRBGDRBG
DRBG 'V' valueDRBG state - CSPState values for DRBG128 bits - 128 bitsDRBGDRBG
DRBG 'Key' valueDRBG state - CSPState values for DRBGBetween 128 and 256 bits - Between 128 and 256 bitsDRBGDRBG
ECDSA private keyPublic/Private - CSPDigital signature generationBetween 224 and 521 bits - Between 112 and 256 bitsECDSA for Digital Signature GenerationECDSA for Key Generation
ECDSA public keyPublic/Private - PSPDigital signature generationBetween 224 and 521 bits - Between 112 and 256 bitsECDSA for Digital Signature VerificationECDSA for Key Generation
HMAC keyAuthentication - CSPKeyed hash224 bits (minimum) - 112 bits (minimum)TLS v1.2 Key DerivationHMAC for Message Authentication AES for Key Wrapping/Unwrapping
RSA private keyPublic/Private - CSPDigital signature generationBetween 2048 and 4096 bits - Between 112 and 150 bitsRSA for Signature GenerationRSA for Key Generation
RSA public keyPublic/Private - PSPDigital signature verificationBetween 2048 and 4096 bits - Between 112 and 150 bitsRSA for Signature VerificationRSA for Key Generation
TLS extended pre-master secretPre-master secret - CSPDerivation of the TLS master secret384 bits - 384 bitsTLS v1.2 Key AgreementTLS v1.2 Key Derivation
TLS master secretMaster secret - CSPDerivation of the AES key, AES-GCM key, and HMAC key used for securing TLS connections384 bits - 384 bitsTLS v1.2 Key AgreementTLS v1.2 Key Derivation
TLS Session KeySymmetric key - CSPEncryption and decryption of TLS session packets128 or 256 bits - 128 or 256 bitsTLS v1.2 Key DerivationTLS v1.2 Data Encryption/Decryption
TLS Authentication Key (HMAC key)Authentication - CSPAuthentication of TLS session packetsBetween 160 and 384 bits - Between 160 and 384 bitsTLS v1.2 Key DerivationTLS v1.2 Data Encryption/Decryption

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 42

February 19, 2025 a peer-topeer Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 43

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 44
Sensitive security parameter
NameTypeDescriptionStrengthEstablishmentStorageZeroizationUseInputRelated SSPs
TLS Server Authentication KeyPublic - PSPDigital signature verification2048 bits - 128 bitsTLS v1.2 Authentication
HKDF Derived keySymmetric key - CSPSymmetric encryption and decryption256 bits - 256 bitsHKDF for Key Derivation
PBKDF Derived keySymmetric key - CSPSymmetric encryption and decryption; Storage application only256 bits - 256 bitsPBKDF for Key Derivation
PasswordPassword - CSPInput to PBKDF for key derivationn/a - n/aPBKDF for Key Derivation
MPC AES KeyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameter
MPC ECDSA Public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC ECDSA Private key:Paired With
MPC ECDSA Private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC ECDSA Public key:Paired With
MPC RSA public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC RSA private key:Paired With
MPC RSA private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC RSA public key:Paired With
AES keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameter
AES CCM keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES GCM keyRAM:PlaintextZeroize servicePlaintext import via API parameterAES GCM IV:Other
AES GCM IVRAM:PlaintextZeroize servicePlaintext export via API parameter
AES XTS keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES CMAC keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES GMAC keyRAM:PlaintextZeroize servicePlaintext import via API parameter
Sensitive security parameter
NameTypeDescriptionStrengthEstablishmentStorageZeroizationUseInputRelated SSPs
TLS Server Authentication KeyPublic - PSPDigital signature verification2048 bits - 128 bitsTLS v1.2 Authentication
HKDF Derived keySymmetric key - CSPSymmetric encryption and decryption256 bits - 256 bitsHKDF for Key Derivation
PBKDF Derived keySymmetric key - CSPSymmetric encryption and decryption; Storage application only256 bits - 256 bitsPBKDF for Key Derivation
PasswordPassword - CSPInput to PBKDF for key derivationn/a - n/aPBKDF for Key Derivation
MPC AES KeyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameter
MPC ECDSA Public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC ECDSA Private key:Paired With
MPC ECDSA Private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC ECDSA Public key:Paired With
MPC RSA public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC RSA private key:Paired With
MPC RSA private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterMPC RSA public key:Paired With
AES keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameter
AES CCM keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES GCM keyRAM:PlaintextZeroize servicePlaintext import via API parameterAES GCM IV:Other
AES GCM IVRAM:PlaintextZeroize servicePlaintext export via API parameter
AES XTS keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES CMAC keyRAM:PlaintextZeroize servicePlaintext import via API parameter
AES GMAC keyRAM:PlaintextZeroize servicePlaintext import via API parameter
ECDH private componentRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterECDH public component:Paired With
ECDH public componentRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterECDH private component:Paired With
DRBG entropy inputRAM:PlaintextZeroize servicePlaintext import via API parameter
DRBG seedRAM:PlaintextZeroize service
DRBG 'V' valueRAM:PlaintextZeroize service
DRBG 'Key' valueRAM:PlaintextZeroize service
ECDSA private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterECDSA public key:Paired With
ECDSA public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterECDSA private key:Paired With
HMAC keyRAM:PlaintextZeroize servicePlaintext import via API parameter
RSA private keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterRSA public key:Paired With
RSA public keyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameterRSA private key:Paired With
TLS extended pre-master secretRAM:PlaintextZeroize servicePlaintext import via API parameter
TLS master secretRAM:PlaintextZeroize service
TLS Session KeyRAM:PlaintextZeroize service
TLS Authentication Key (HMAC key)RAM:PlaintextZeroize service
TLS Server Authentication KeyRAM:PlaintextZeroize servicePlaintext import via API parameter Plaintext export via API parameter
HKDF Derived keyRAM:PlaintextZeroize servicePlaintext export via API parameter
PBKDF Derived keyRAM:PlaintextZeroize servicePlaintext export via API parameter
PasswordRAM:PlaintextZeroize servicePlaintext import via API parameter

February 19, 2025 n/a - n/a Table 15: SSP Table 1 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 45

February 19, 2025 Table 16: SSP Table 2 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 46
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorTest PropertiesTest Method
HMAC-SHA2- 256 (A5056)HMAC-SHA2- 256 (A5056)Software IntegritySW/FW IntegritySoftware integrity test for libcryptoSHA2-256A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call.
HMAC-SHA2- 256 (A5056)HMAC-SHA2- 256 (A5056)Software IntegritySW/FW IntegritySoftware integrity test for libsslSHA2-256A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call.
HMAC-SHA2- 256 (A5056)HMAC-SHA2- 256 (A5056)Software IntegritySW/FW IntegritySoftware integrity test for libsecurikeySHA2-256A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call.
AES-ECB (A5055)AES-ECB (A5055)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Triggered upon first usage of MPC services.128-bitEncryptKATCAST
ECDSA SigGen (FIPS186-4) (A5055)ECDSA SigGen (FIPS186-4) (A5055)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Triggered upon first usage of MPC services.P-256; SHA2- 256SignKATCAST
RSA SigGen (FIPS186-5) (A5055)RSA SigGen (FIPS186-5) (A5055)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Triggered upon first usage of MPC services.2048-bit; SHA2-224; PKCS#1.5 schemeSignKATCAST
AES-ECB (A5056)AES-ECB (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bitEncryptKATCAST
AES-ECB (A5056)AES-ECB (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bitDecryptKATCAST
AES-CCM (A5056)AES-CCM (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.192-bitEncryptKATCAST
AES-CCM (A5056)AES-CCM (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.192-bitDecryptKATCAST
AES-GCM (A5056)AES-GCM (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bitEncryptKATCAST
AES-GCM (A5056)AES-GCM (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bitDecryptKATCAST
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bit, 256-bitEncryptKATCAST
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.128-bit, 256-bitDecryptKATCAST
AES-CMAC (A5056)AES-CMAC (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.CBC mode; 128-bit, 192- bit, 256-bitGenerateKATCAST
Counter DRBG (A5056)Counter DRBG (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.AES, 256-bit, with derivation functionInstantiate, Reseed, GenerateKATCAST
ECDSA SigGen (FIPS186-5) (A5056)ECDSA SigGen (FIPS186-5) (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.P-224; SHA2- 256SignKATCAST
ECDSA SigVer (FIPS186-5) (A5056)ECDSA SigVer (FIPS186-5) (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.P-224; SHA2- 256VerifyKATCAST
RSA SigGen (FIPS186-5) (A5056)RSA SigGen (FIPS186-5) (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.2048-bit; SHA2-256; PKCS#1.5 schemeSignKATCAST
RSA SigVer (FIPS186-5) (A5056)RSA SigVer (FIPS186-5) (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.2048-bit; SHA2-256; PKCS#1.5 schemeVerifyKATCAST
HMAC-SHA-1 (A5056)HMAC-SHA-1 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.SHA-1Hashed message authenticationKATCAST
HMAC-SHA2- 224 (A5056)HMAC-SHA2- 224 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.SHA2-224Hashed message authenticationKATCAST
HMAC-SHA2- 256 (A5056)HMAC-SHA2- 256 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.SHA2-256Hashed message authenticationKATCAST
HMAC-SHA2- 384 (A5056)HMAC-SHA2- 384 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.SHA2-384Hashed message authenticationKATCAST
HMAC-SHA2- 512 (A5056)HMAC-SHA2- 512 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.SHA2-512Hashed message authenticationKATCAST
SHA-1 (A5056)SHA-1 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
SHA2-224 (A5056)SHA2-224 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
SHA2-256 (A5056)SHA2-256 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
SHA2-384 (A5056)SHA2-384 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
SHA2-512 (A5056)SHA2-512 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
SHA3-256 (A5056)SHA3-256 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.Upon power-up and before the pre- operational software integrity tests.HashKATCAST
KAS-ECC-SSC Sp800-56Ar3 (A5056)KAS-ECC-SSC Sp800-56Ar3 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.P-224Shared Secret "Z" ComputationKATCAST
KDA HKDF SP800-56Cr2 (A5056)KDA HKDF SP800-56Cr2 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.SHA2-256DeriveKATCAST
PBKDF (A5056)PBKDF (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.SHA2-256DeriveKATCAST
TLS v1.2 KDF RFC7627 (A5056)TLS v1.2 KDF RFC7627 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.SHA2-256DeriveKATCAST
ECDSA KeyGen (FIPS186-4) (A5055)ECDSA KeyGen (FIPS186-4) (A5055)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.Sign/VerifyPCTPCT
RSA KeyGen (FIPS186-5) (A5055)RSA KeyGen (FIPS186-5) (A5055)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.Sign/VerifyPCTPCT
ECDSA KeyGen (FIPS186-5) (A5056)ECDSA KeyGen (FIPS186-5) (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.Sign/VerifyPCTPCT
RSA KeyGen (FIPS186-5) (A5056)RSA KeyGen (FIPS186-5) (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.Sign/VerifyPCTPCT
ECDHECDHAn integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.Sign/VerifyPCTPCT
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon initialization of AES- XTS cipher with key data.Duplicate key testDuplicate Key TestCritical Function
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
AES-ECB (A5055)AES-ECB (A5055)KATCASTOn DemandManually
ECDSA SigGen (FIPS186- 4) (A5055)ECDSA SigGen (FIPS186- 4) (A5055)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5055)RSA SigGen (FIPS186-5) (A5055)KATCASTOn DemandManually
AES-ECB (A5056)AES-ECB (A5056)KATCASTOn DemandManually
AES-ECB (A5056)AES-ECB (A5056)KATCASTOn DemandManually

February 19, 2025 10. Self-Tests The module performs pre-operational self-tests and conditional self-tests. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. In normal operation, the module uses MPC techniques to spread the load of cryptographic operation between several nodes. However, for self-testing, the module is able to perform all of the steps of each algorithm within the boundary of the module. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s): Table 17: Pre-Operational Self-Tests 10.2 Conditional Self-Tests The module performs the following conditional self-tests: P-256; SHA2256 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 47

P-224; SHA2256 P-224; SHA2256 February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 48

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 49
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsTest PropertiesTest MethodIndicator
TLS v1.2 KDF RFC7627 (A5056)TLS v1.2 KDF RFC7627 (A5056)A boolean value indicating success (true) or failure (false) of the self-test procedure call.After successful completion of software integrity tests.SHA2-256KATCASTDerive
ECDSA KeyGen (FIPS186-4) (A5055)ECDSA KeyGen (FIPS186-4) (A5055)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.PCTPCTSign/Verify
RSA KeyGen (FIPS186-5) (A5055)RSA KeyGen (FIPS186-5) (A5055)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.PCTPCTSign/Verify
ECDSA KeyGen (FIPS186-5) (A5056)ECDSA KeyGen (FIPS186-5) (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.PCTPCTSign/Verify
RSA KeyGen (FIPS186-5) (A5056)RSA KeyGen (FIPS186-5) (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.PCTPCTSign/Verify
ECDHECDHAn integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon key pair generation before returning key pair.PCTPCTSign/Verify
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)An integer value indicating success (1) or failure (0) of the self- test procedure call.Executed upon initialization of AES- XTS cipher with key data.Duplicate Key TestCritical FunctionDuplicate key test
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)Software IntegritySW/FW IntegrityOn DemandManually
AES-ECB (A5055)AES-ECB (A5055)KATCASTOn DemandManually
ECDSA SigGen (FIPS186- 4) (A5055)ECDSA SigGen (FIPS186- 4) (A5055)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5055)RSA SigGen (FIPS186-5) (A5055)KATCASTOn DemandManually
AES-ECB (A5056)AES-ECB (A5056)KATCASTOn DemandManually
AES-ECB (A5056)AES-ECB (A5056)KATCASTOn DemandManually
AES-CCM (A5056)AES-CCM (A5056)KATCASTOn DemandManually
AES-CCM (A5056)AES-CCM (A5056)KATCASTOn DemandManually
AES-GCM (A5056)AES-GCM (A5056)KATCASTOn DemandManually
AES-GCM (A5056)AES-GCM (A5056)KATCASTOn DemandManually
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)KATCASTOn DemandManually
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)KATCASTOn DemandManually
AES-CMAC (A5056)AES-CMAC (A5056)KATCASTOn DemandManually
Counter DRBG (A5056)Counter DRBG (A5056)KATCASTOn DemandManually
ECDSA SigGen (FIPS186- 5) (A5056)ECDSA SigGen (FIPS186- 5) (A5056)KATCASTOn DemandManually
ECDSA SigVer (FIPS186- 5) (A5056)ECDSA SigVer (FIPS186- 5) (A5056)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5056)RSA SigGen (FIPS186-5) (A5056)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5056)RSA SigVer (FIPS186-5) (A5056)KATCASTOn DemandManually
HMAC-SHA-1 (A5056)HMAC-SHA-1 (A5056)KATCASTOn DemandManually
HMAC-SHA2-224 (A5056)HMAC-SHA2-224 (A5056)KATCASTOn DemandManually
HMAC-SHA2-256 (A5056)HMAC-SHA2-256 (A5056)KATCASTOn DemandManually
HMAC-SHA2-384 (A5056)HMAC-SHA2-384 (A5056)KATCASTOn DemandManually
HMAC-SHA2-512 (A5056)HMAC-SHA2-512 (A5056)KATCASTOn DemandManually
SHA-1 (A5056)SHA-1 (A5056)KATCASTOn DemandManually
SHA2-224 (A5056)SHA2-224 (A5056)KATCASTOn DemandManually
SHA2-256 (A5056)SHA2-256 (A5056)KATCASTOn DemandManually
SHA2-384 (A5056)SHA2-384 (A5056)KATCASTOn DemandManually
SHA2-512 (A5056)SHA2-512 (A5056)KATCASTOn DemandManually
SHA3-256 (A5056)SHA3-256 (A5056)KATCASTOn DemandManually
KAS-ECC-SSC Sp800- 56Ar3 (A5056)KAS-ECC-SSC Sp800- 56Ar3 (A5056)KATCASTOn DemandManually
KDA HKDF SP800-56Cr2 (A5056)KDA HKDF SP800-56Cr2 (A5056)KATCASTOn DemandManually
PBKDF (A5056)PBKDF (A5056)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5056)TLS v1.2 KDF RFC7627 (A5056)KATCASTOn DemandManually
ECDSA KeyGen (FIPS186-4) (A5055)ECDSA KeyGen (FIPS186-4) (A5055)PCTPCTn/an/a
RSA KeyGen (FIPS186-5) (A5055)RSA KeyGen (FIPS186-5) (A5055)PCTPCTn/an/a
ECDSA KeyGen (FIPS186-5) (A5056)ECDSA KeyGen (FIPS186-5) (A5056)PCTPCTn/an/a
RSA KeyGen (FIPS186-5) (A5056)RSA KeyGen (FIPS186-5) (A5056)PCTPCTn/an/a
ECDHECDHPCTPCTn/an/a
AES-XTS Testing Revision 2.0 (A5056)AES-XTS Testing Revision 2.0 (A5056)Duplicate Key TestCritical Functionn/an/a

February 19, 2025 10.3 Table 18: Conditional Self-Tests The module does not implement automatic periodic self-tests, however the operator can perform all module selftests on demand by issuing the securikey_fips_self_test() call. Table 19: Pre-Operational Periodic Information Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 50

February 19, 2025 n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a Table 20: Conditional Periodic Information Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 51
Service
NameDescriptionRole AccessIndicator
Critical ErrorThe module immediately terminates the calling application’s API call. Subsequent requests made by the calling application for cryptographic services will return failure indicator, disabling all access to cryptographic functions, SSPs, and data output services.If the module fails pre-operational integrity tests, the SHA/HMAC pre- operational KATs (SHA, HMAC), or the conditional CASTs (DRBG, AES-ECB, AES- CCM, AES-GCM, AES-XTS, AES-CMAC, ECDSA Sign/Verify, RSA Sign/Verify, KAS- ECC Shared Secret “Z” Computation, HKDF, PBKDF, TLS v1.2 KDF).Returned error code and sets an internal flag. Further requests will return this failure indicator.The module must be re-instantiated by the calling application. If errors persist, the CO should contact Ideem, Inc. for assistance.
Soft ErrorThe module enters this state upon the failure of a PCT or self-test. The module transitions back to normal operation where the service requiring the self-test can be re-run or a new service can be performed.If the module fails ECDSA/RSA/ECDH PCTs or the AES-XTS duplicate key test.Returns error codeModule records the error and resumes normal operation

10.4 February 19, 2025 Error States The tables below describe the error states the status indicators of the module. Table 21: Error States

Page 52

February 19, 2025 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:

11.1.1 Secure Installation

As the module is an integrated component of Ideem’s product application software, module operators have no ability to independently load the module onto the target platform. The module is distributed to the end operator as part of an SDK 2 developed by Ideem. The module is distributed as a package containing the pre-compiled binaries and HMAC digest files. The module and its calling application are to be installed on a platform specified in section 2.2 or one where portability is maintained. For correct operation the module must be installed on both a server RHEL environment) and client (iOS or Android) side. Ideem does not provide any mechanisms to directly access the module, its source code, its APIs, or any information sent between it and other Ideem applications.

11.1.2 Initialization

This module is designed to support the Ideem application solely, and this application are the sole consumers of the cryptographic services provided by the module. No end-user action is required to initialize the module for operation; the calling application performs any actions required to initialize the module. The pre-operational integrity test and conditional CASTs are performed automatically via a default entry point (DEP) when the module is loaded for execution, without any specific action from the calling application or the end-user. End-users have no means to short-circuit or bypass these actions. Failure of any of the initialization actions will result in a failure of the module to load for execution.

11.1.3 Startup

No startup steps are required to be performed by end-users.

2 SDK – Software Development Kit

Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 53

11.2 February 19, 2025 Administrator Guidance There are no specific management activities required of the CO role to ensure that the module runs securely. If any irregular activity is observed, or if the module is consistently reporting errors, then Ideem Customer Support should be contacted. The following list provides additional guidance for the CO:

Page 54
Page 55

February 19, 2025 12. Mitigation of Other Attacks 12.1 Attack List Key Leakage: The use of MPC techniques within the module ensures that knowledge of a key share provides no information about the logical key that it is a part of and that compromising a single module gives an attacker no knowledge about the secret and private keys used by that module. 12.2 Mitigation Effectiveness Secure multi-party computation is used to generate and split a cryptographic key into two or more key shares, such that knowledge of a key share provides no information about the logical key. The original key is never stored nor recomputed, so leakage of the key share from a single module gives an attacker no knowledge about the private keying material used by that module. 12.3 Guidance and Constraints There is no further guidance or constraints. 12.4 Additional Information There is no additional information. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 56
Acronyms
NameTermDefinition
AESAESAdvanced Encryption Standard
APIAPIApplication Programming Interface
CBCCBCCipher Block Chaining
CCCSCCCSCanadian Centre for Cyber Security
CMVPCMVPCryptographic Module Validation Program
COCOCryptographic Officer
CPUCPUCentral Processing Unit
CTRCTRCounter
CVLCVLComponent Validation List
DEPDEPDefault Entry Point
DESDESData Encryption Standard
DHDHDiffie-Hellman
DRBGDRBGDeterministic Random Bit Generator
ECBECBElectronic Code Book
ECC CDHECC CDHElliptic Curve Cryptography Cofactor Diffie-Hellman
ECDHECDHElliptic Curve Diffie-Hellman
ECDSAECDSAElliptic Curve Digital Signature Algorithm
EMI/EMCEMI/EMCElectromagnetic Interference /Electromagnetic Compatibility
FIPSFIPSFederal Information Processing Standard
GCMGCMGalois/Counter Mode
GMACGMACGalois Message Authentication Code
GPCGPCGeneral-Purpose Computer
HMACHMAC(keyed-) Hash Message Authentication Code
KASKASKey Agreement Scheme
KATKATKnown Answer Test
KTSKTSKey Transport Scheme
KWKWKey Wrap
KWPKWPKey Wrap with Padding
NISTNISTNational Institute of Standards and Technology
OSOSOperating System
PCTPCTPairwise Consistency Test
PKCSPKCSPublic Key Cryptography Standard
PSSPSSProbabilistic Signature Scheme
RNGRNGRandom Number Generator
RSARSARivest, Shamir, and Adleman
SHASHASecure Hash Algorithm
SHSSHSSecure Hash Standard
SPSPSpecial Publication
TDESTDESTriple Data Encryption Standard

February 19, 2025 Appendix A. Acronyms and Abbreviations Table 22 provides definitions for the acronyms and abbreviations used in this document. Table 22. Acronyms and Abbreviations Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 57

February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.

Page 58

Prepared by: Corsec Security, Inc.

12600 Fair Lakes Circle, Suite 210

Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com

Referenced URLs