| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 3/2/2030 |
| Caveat | No assurance of the minimum strength of generated SSPs (e.g., keys) |
| Vendor | Ideem, Inc. |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A5056 |
| AES-CCM | A5056 |
| AES-CFB1 | A5056 |
| AES-CFB128 | A5056 |
| AES-CFB8 | A5056 |
| AES-CMAC | A5056 |
| AES-CTR | A5055 |
| AES-ECB | A5055 |
| AES-GCM | A5056 |
| AES-GMAC | A5056 |
| AES-KW | A5056 |
| AES-KWP | A5056 |
| AES-OFB | A5056 |
| AES-XTS Testing Revision 2.0 | A5056 |
| Counter DRBG | A5056 |
| ECDSA KeyGen (FIPS186-4) | A5055 |
| ECDSA KeyGen (FIPS186-5) | A5056 |
| ECDSA KeyVer (FIPS186-5) | A5056 |
| ECDSA SigGen (FIPS186-4) | A5055 |
| ECDSA SigGen (FIPS186-5) | A5056 |
| ECDSA SigVer (FIPS186-5) | A5056 |
| HMAC-SHA-1 | A5056 |
| HMAC-SHA2-224 | A5056 |
| HMAC-SHA2-256 | A5056 |
| HMAC-SHA2-384 | A5056 |
| HMAC-SHA2-512 | A5056 |
| HMAC-SHA2- 512/224 | A5056 |
| HMAC-SHA2- 512/256 | A5056 |
| HMAC-SHA3-224 | A5056 |
| HMAC-SHA3-256 | A5056 |
| HMAC-SHA3-384 | A5056 |
| HMAC-SHA3-512 | A5056 |
| KAS-ECC-SSC Sp800-56Ar3 | A5056 |
| KDA HKDF SP800- 56Cr2 | A5056 |
| KDF TLS (CVL) | A5056 |
| PBKDF | A5056 |
| RSA KeyGen (FIPS186-5) | A5055 |
| RSA SigGen (FIPS186-5) | A5055 |
| RSA SigVer (FIPS186-5) | A5056 |
| SHA-1 | A5056 |
| SHA2-224 | A5056 |
| SHA2-256 | A5056 |
| SHA2-384 | A5056 |
| SHA2-512 | A5056 |
| SHA2-512/224 | A5056 |
| SHA2-512/256 | A5056 |
| SHA3-224 | A5056 |
| SHA3-256 | A5056 |
| SHA3-384 | A5056 |
| SHA3-512 | A5056 |
| SHAKE-128 | A5056 |
| SHAKE-256 | A5056 |
| TLS v1.2 KDF RFC7627 (CVL) | A5056 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for Ideem ZSM Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>AES for Multi-party Symmetric Encryption/Decryption<br/>AES for Symmetric Encryption/Decryption<br/>AES-XTS for Symmetric Encryption/Decryption</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>application</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for Ideem ZSM Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>AES for Multi-party Symmetric Encryption/Decryption<br/>AES for Symmetric Encryption/Decryption<br/>AES-XTS for Symmetric Encryption/Decryption</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: openssl</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>application</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;Ideem, Inc. Ideem ZSM Cryptographic Module Software Version: 1.0 FIPS Security Level: 1 Document Version: 1.0 Prepared for: Prepared by: Ideem, Inc.
Kansas City, MO 64112 United States of America Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 816 280 4456 www.useideem.com Phone: +1 703 267 6050 www.corsec.com
February 19, 2025 Abstract This is a non-proprietary Cryptographic Module Security Policy for the Ideem ZSM Cryptographic Module (version: 1.0) from Ideem, Inc. (Ideem). This Security Policy describes how the Ideem ZSM Cryptographic Module meets the security requirements of Federal Information Processing Standards (FIPS) Publication 140-3, which details the U.S. and Canadian government requirements for cryptographic modules. More information about the FIPS 140-3 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure Approved mode of operation. This policy was prepared as part of the Level 1 FIPS 140-3 validation of the module. The Ideem ZSM Cryptographic Module is referred to in this document as Ideem Cryptographic Module or the module. References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-3 cryptographic module security policy. More information is available on the module from the following sources:
February 19, 2025 Table of Contents 1. 1.1 1.2 2. 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 3. 3.1 4. 4.1 4.2 4.3 4.4 5. 5.1 5.2 6. 6.1 7. 8. 9. 9.1 9.2 9.3 9.4 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 List of Tables List of Figures Figure 4 - Logical Diagram of the Cryptographic Module Running on Different Virtual Machines in the Same Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
1. 1.1 Overview February 19, 2025 Ideem ZSM Cryptographic Module randomly splits keys across servers and mobile devices so that they are never in any single place to be stolen. The advanced protocols used in Ideem Cryptographic Module ensure that even if servers or devices are breached and completely controlled by an attacker, the secrets and credentials cannot be stolen. The result is that digital assets remain safe, even if all else fails and attackers get inside the network. Furthermore, Ideem Cryptographic Module frequently refreshes the random split key process by distributing different, random key parts to each Ideem server or device. As a result of the refresh, even in the extremely unlikely case that an attacker breaches the server and steals a key part, the key part alone is useless, and it becomes obsolete as soon as the next refresh takes place. This provides a very high level of security and enables enterprise servers to be used with a much lower level of risk. 1.2 Security Levels The Ideem ZSM Cryptographic Module is validated at the FIPS 140-3 section levels shown below. Table 1: Security Levels N/A N/A Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 2. Cryptographic Module Specification 2.1 Description
Ideem Cryptographic Module is able to protect all types of standard cryptographic keys for all purposes, including encryption/decryption, digital signing, and authentication. Ideem’s technology for securing keys secure multiparty computation (MPC) is fully transparent to the calling application.
The Ideem ZSM Cryptographic Module 1.0 is a Software module.
The Ideem ZSM Cryptographic Module has a MultiChipStand embodiment. The module is designed to utilize the following processor algorithm acceleration (PAA) instructions sets for its AES and SHA implementations:
The module does not have any additional characteristics.
As a software cryptographic module, the module takes on the physical characteristics of the host platform. The physical perimeter of the cryptographic module is defined by each host device on which the module is installed. The cryptographic boundary is the contiguous perimeter that surrounds all memory-mapped functionality provided by the module when loaded and stored in the host platform’s memory. The module is entirely contained within the physical perimeter. The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled source code. The module’s software component comprises 3 shared library files and 3 digest files for testing integrity. All hardware and software components are contained within the host platform’s physical enclosure. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 The module’s cryptographic boundary consists of all functionalities contained within the module’s compiled source code. On the RedHat and Android operating systems the module is comprised of the following binary files:
(TOEPP) Figure 1 illustrates a block diagram of a typical GPC and the module’s physical perimeter. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
Hardware Management February 19, 2025 DVD Network Interface RAM HDD Clock Generator SCSI/SATA Controller LEDs/LCD Serial CPU I/O Hub Audio Cache Power Interface PCI/PCIe Slots USB BIOS PCI/PCIe Slots Graphics Controller External Power Supply KEY: Plaintext Data Encrypted Data Control Input Status Output Physical Perimeter BIOS
| KEY: Data Input Cryptographic Boundary Data Output Control Input Physical Perimeter Control Output Status Output System Calls | |
|---|---|
| Data Input Data Output Control Input Control Output Status Output | Cryptographic Boundary Physical Perimeter System Calls |
HMAC SHA digests February 19, 2025 MPC Library (AES, ECDSA, and RSA) TLS Library Calling Application Operating System CPU Memory Storage Ports Host Device Figure 2. Module Block Diagram (with Cryptographic Boundaries) 2.2 Tested and Vendor Affirmed Module Version and Identification
This section is only applicable to hardware modules. N/A for this module.
(Executable Code Sets) The table below lists the executable code sets of the module. The module count is 3. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Features | Package |
|---|---|---|---|---|---|---|---|---|
| RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | Yes | |||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | No | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | Yes | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | No | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | Yes | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | No | |||
| RedHat 7 and above | RedHat 7 and above | Any x86-based platform |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Features | Package |
|---|---|---|---|---|---|---|---|---|
| RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | Yes | |||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | No | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | Yes | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | No | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | Yes | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | No | |||
| RedHat 7 and above | RedHat 7 and above | Any x86-based platform |
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Features | Package |
|---|---|---|---|---|---|---|---|---|
| RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | RedHat: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | Android: libcrypto.so, libsecurikey.so, libssl.so, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | 1.0 | Yes | iOS: libcrypto.dylib, libsecurikey.dylib, libssl.dylib, libcrypto.hmac, libsecurikey.hmac, libssl.hmac | |||||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | Yes | |||
| RedHat 9.2 | RedHat 9.2 | Dell T5610 | 1.0 | Intel Xeon CPU E5-2609 v2 | No | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | Yes | |||
| iOS 16.5 | iOS 16.5 | iPhone 14 | 1.0 | Apple A15 Bionic (ARMv8) | No | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | Yes | |||
| Android 13 | Android 13 | Pixel 6 | 1.0 | Octa-core (2x2.80 GHz Cortex-X1 & 2x2.25 GHz Cortex-A76 & 4x1.80 GHz Cortex-A55) | No | |||
| RedHat 7 and above | RedHat 7 and above | Any x86-based platform | ||||||
| CentOS 7 and above | CentOS 7 and above | Any x86-based platform | ||||||
| Ubuntu 16 and above | Ubuntu 16 and above | Any x86-based platform | ||||||
| iOS 12 and above | iOS 12 and above | iPhone 8 and newer | ||||||
| Android 11 and above | Android 11 and above | Pixel 4a and newer | ||||||
| RedHat 7 and above and iOS 12 and above | RedHat 7 and above and iOS 12 and above | Any x86-based platform and iPhone 8 and newer (mixed configuration) | ||||||
| CentOS 7 and above and iOS 12 and above | CentOS 7 and above and iOS 12 and above | Any x86-based platform and iPhone 8 and newer (mixed configuration) | ||||||
| Ubuntu 16 and above and iOS 12 and above | Ubuntu 16 and above and iOS 12 and above | Any x86-based platform and iPhone 8 and newer (mixed configuration) | ||||||
| RedHat 7 and above and Android 11 and above | RedHat 7 and above and Android 11 and above | Any x86-based platform and Pixel 4a and newer (mixed configuration) | ||||||
| CentOS 7 and above and Android 11 and above | CentOS 7 and above and Android 11 and above | Any x86-based platform and Pixel 4a and newer (mixed configuration) | ||||||
| Ubuntu 16 and above and Android 11 and above | Ubuntu 16 and above and Android 11 and above | Any x86-based platform and Pixel 4a and newer (mixed configuration) |
February 19, 2025 1.0 1.0 1.0 Table 2: Tested Module Identification
This section is only applicable to hybrid modules. N/A for this module.
Hybrid The module was tested and found to be compliant with FIPS 140-3 requirements on the environments listed in the table below. 9.2 9.2 1.0 1.0 1.0 1.0 1.0 1.0 Table 3: Tested Operational Environments - Software, Firmware, Hybrid
Firmware, Hybrid The vendor affirms the module’s continued validation compliance when operating on the platforms listed below. The table below also lists operational environments that support the mixed configuration. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid The mixed configuration operating environments refer to a distributed system where two instances of the cryptographic module are configured to execute the multi-party services in communication with each other, via the calling Application.
February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic ModuleServer Operational Environment Operational Environment General Purpose Hardware General Purpose Hardware Host Device Key: Logical Boundary Physical Boundary Figure 3 - Logical Diagram of the Cryptographic Module Running on Different Machines Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server VM 1 VM 2 Hypervisor Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 4 - Logical Diagram of the Cryptographic Module Running on Different Virtual Machines in the Same Hypervisor Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Docker Container 1 Docker Container 2 Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 5 - Logical Diagram of the Cryptographic Module Running on Different Docker Containers Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Process 1 Process 2 Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 6 - Logical Diagram of the Cryptographic Module Running on Different Processes Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Application Application Ideem ZSM Cryptographic Module Client Ideem ZSM Cryptographic Module Server Single Process Operational Environment General Purpose Hardware Host Device KEY: Logical Boundary Physical Boundary Figure 7 - Logical Diagram of the Cryptographic Module Running on a Single Process Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A5056 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB1 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A5056 | Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A5055 | Direction - Decrypt, Encrypt Key Length - 128 | SP 800-38A |
| AES-CTR | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5055 | Direction - Encrypt Key Length - 128 | SP 800-38A |
| AES-ECB | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A5056 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5056 | Direction - Decrypt, Encrypt IV Generation - Internal IV Generation Mode - 8.2.1 Key Length - 128, 192, 256 | SP 800-38D |
| AES-KW | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A5056 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A5056 | Prediction Resistance - No, Yes Mode - AES-128, AES-192, AES-256 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-4) | A5055 | Curve - P-256 Secret Generation Mode - Testing Candidates | FIPS 186-4 |
| ECDSA KeyGen (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-4) | A5055 | Curve - P-256 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 | FIPS 186-4 |
| ECDSA SigGen (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5056 | Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512 | FIPS 186-5 |
| HMAC-SHA-1 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-384 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2-512 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-224 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-256 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-384 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3-512 | A5056 | Key Length - Key Length: 8-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A5056 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA HKDF SP800- 56Cr2 | A5056 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-3968 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2-512/256, SHA3-224, SHA3-256, SHA3-384, SHA3-512 | SP 800-56C Rev. 2 |
| KDF TLS (CVL) | A5056 | TLS Version - v1.2 Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| PBKDF | A5056 | Iteration Count - Iteration Count: 10-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-5) | A5055 | Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5056 | Key Generation Mode - probable Modulo - 2048, 3072, 4096 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5055 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5056 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5056 | Modulo - 2048, 3072, 4096 Signature Type - pkcs1v1.5, pss | FIPS 186-5 |
| SHA-1 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-384 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-512 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-512/224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA2-512/256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 180-4 |
| SHA3-224 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202 |
| SHA3-256 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202 |
| SHA3-384 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202 |
| SHA3-512 | A5056 | Message Length - Message Length: 0-65528 Increment 8 | FIPS 202 |
| SHAKE-128 | A5056 | Output Length - Output Length: 16-1024 Increment 8 | FIPS 202 |
| SHAKE-256 | A5056 | Output Length - Output Length: 16-1024 Increment 8 | FIPS 202 |
| TLS v1.2 KDF RFC7627 (CVL) | A5056 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
February 19, 2025 The cryptographic module maintains validation compliance when operating on any general-purpose computer (GPC) provided that the GPC for the software module uses any single-user operating system/mode specified on the validation certificate, or another compatible single-user operating system. The module also maintains compliance when operating in a virtual environment provided by any of the following supported hypervisors:
By design, the module only supports operation in the Approved mode. 2.5 Table 5: Modes List and Description Algorithms
The module employs cryptographic algorithm implementations from the following sources:
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Properties | |
|---|---|---|
| CKG | Ideem ZSM Single-party Cryptographic Library | SP 800-133 Rev. 2 |
February 19, 2025 Table 6: Approved Algorithms
The vendor affirms the following cryptographic security methods: Table 7: Vendor-Affirmed Algorithms ©2024 Ideem, Inc.
| Name | Description | Approved Functions | Type |
|---|---|---|---|
| AES for Multi-party Symmetric Encryption/Decryption | Block cipher unauthenticated | AES-CTR AES-ECB | BC-UnAuth |
| ECDSA for Multi-party Asymmetric Key Pair Generation | Asymmetric key-pair generation | ECDSA KeyGen (FIPS186-4) | AsymKeyPair-KeyGen |
| ECDSA for Multi-party Digital Signature Generation | Digital signature generation | ECDSA SigGen (FIPS186- 4) | DigSig-SigGen |
| RSA for Multi-party Asymmetric Key Pair Generation | Asymmetric key-pair generation | RSA KeyGen (FIPS186-5) | AsymKeyPair-KeyGen |
| RSA for Multi-party Digital Signature Generation | Digital signature generation | RSA SigGen (FIPS186-5) | DigSig-SigGen |
| AES for Symmetric Encryption/Decryption | Block cipher unauthenticated | AES-CBC AES-CFB1 AES-CFB8 AES-CFB128 AES-CTR AES-ECB AES-OFB | BC-UnAuth |
| AES-CMAC for Message Authentication | Message Authentication | AES-CMAC | MAC |
| AES-GMAC for Message Authentication | Message Authentication | AES-GMAC | MAC |
| AES-CCM for Authenticated Symmetric Encryption/Decryption | Block cipher authenticated | AES-CCM | BC-Auth |
| AES-GCM for Authenticated Symmetric Encryption/Decryption | Block cipher authenticated | AES-GCM | BC-Auth |
| AES-XTS for Symmetric Encryption/Decryption | Block cipher unauthenticated | AES-XTS Testing Revision 2.0 | BC-UnAuth |
| DRBG | Deterministic random bit generator | Counter DRBG | DRBG |
| ECDSA for Key Generation | Asymmetric key-pair generation | ECDSA KeyGen (FIPS186-5) Counter DRBG | AsymKeyPair-KeyGen |
| ECDSA for Key Verification | Asymmetric key-pair verification | ECDSA KeyVer (FIPS186- 5) | AsymKeyPair-KeyVer |
| ECDSA for Digital Signature Generation | Digital signature generation | ECDSA SigGen (FIPS186- 5) SHA2-224 SHA2-256 SHA2-384 SHA2-512 Counter DRBG | DigSig-SigGen |
| ECDSA for Digital Signature Verification | Digital signature verification | ECDSA SigVer (FIPS186- 5) SHA2-224 SHA2-256 SHA2-384 SHA2-512 | DigSig-SigVer |
| HMAC for Message Authentication | Message authentication | HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | MAC |
| ECDH Shared Secret Computation | Shared secret computation | KAS-ECC-SSC Sp800- 56Ar3 ECDSA KeyGen (FIPS186-5) ECDSA KeyVer (FIPS186- 5) Counter DRBG | KAS-SSC |
| AES for Key Wrapping/Unwrapping | Key Wrap | AES-CBC AES-CFB8 AES-CFB1 AES-CFB128 AES-CTR AES-ECB AES-OFB AES-CMAC AES-GMAC AES-CCM AES-GCM AES-KW AES-KWP HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | KTS-Wrap |
| HKDF for Key Derivation | HMAC-based Extract- and-Expand Key Derivation Function | KDA HKDF SP800-56Cr2 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512/224 HMAC-SHA2-512/256 HMAC-SHA3-224 HMAC-SHA3-256 HMAC-SHA3-384 HMAC-SHA3-512 SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | KAS-56CKDF |
| PBKDF for Key Derivation | Password-based key derivation | PBKDF SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | PBKDF |
| RSA for Key Generation | Key generation | RSA KeyGen (FIPS186-5) Counter DRBG | AsymKeyPair-KeyGen |
| RSA for Signature Generation | Signature generation | RSA SigGen (FIPS186-5) Counter DRBG SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | DigSig-SigGen |
| RSA for Signature Verification | Signature verification | RSA SigVer (FIPS186-5) SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 SHA3-224 SHA3-256 SHA3-384 SHA3-512 | DigSig-SigVer |
| SHA for Message Digest | Message Digest | SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 SHA2-512/224 SHA2-512/256 | SHA |
| SHA3 for Message Digest | Message Digest | SHA3-224 SHA3-256 SHA3-384 SHA3-512 | SHA |
| SHAKE for Extendable Output Function | Extendable output function | SHAKE-128 SHAKE-256 | XOF |
| TLS v1.2 Key Agreement | Key agreement | KAS-ECC-SSC Sp800- 56Ar3 ECDSA KeyGen (FIPS186-5) ECDSA KeyVer (FIPS186- 5) SHA2-256 SHA2-384 SHA2-512 Counter DRBG TLS v1.2 KDF RFC7627 KDF TLS | KAS-Full |
| TLS v1.2 Authentication | TLS v1.2 signature verification | RSA SigVer (FIPS186-5) Modulo: 2048 Hash Algorithm: SHA2- 256 SHA2-256 | DigSig-SigVer |
| TLS v1.2 Data Encryption/Decryption | TLS v1.2 encryption and decryption | AES-CBC Key size: 128, 256 Direction: Encrypt, Decrypt AES-GCM Key Length: 128, 256 IV Generation: Internal IV Generation Mode: 8.2.1 Direction: Decrypt, Encrypt | BC-Auth BC-UnAuth |
| TLS v1.2 Key Derivation | TLS v1.2 key derivation | KDF TLS TLS v1.2 KDF RFC7627 SHA2-256 SHA2-384 SHA2-512 | KAS-135KDF |
The module does not offer any non-Approved algorithms allowed in the Approved mode of operation. N/A for this module.
The module does not offer any non-Approved algorithms allowed in the Approved mode of operation with no security claimed. N/A for this module.
The module does not offer non-Approved algorithms not allowed in the Approved mode of operation. N/A for this module. 2.6 Security Function Implementations The table below lists the security function implementations for this module. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 8.2.1 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Table 8: Security Function Implementations 2.7 Algorithm Specific Information The information below provides algorithm information of references to specifications.
February 19, 2025 As specified in NIST SP 800-132, keys derived from passwords/passphrases may only be used in storage applications. 2.8 RBG and Entropy The module does not have any entropy certificates. N/A for this module. The calling application provides a minimum number of 256 bits of entropy. The calling application and its entropy source are outside the module cryptographic boundary. The calling application shall use entropy sources that meet the security strength required for the Counter DRBG as shown in Table 3 of SP 800-90A Rev. 1. This entropy shall be supplied by means of a callback function. The callback function must return an error if the minimum entropy strength cannot be met. N/A for this module. 2.9 Key Generation Please refer to Table 8: Security Function Implementations for specification of the module’s key generation methods. 2.10 Key Establishment
Please refer to Table 8: Security Function Implementations for specification of the module’s key agreement methods.
Please refer to Table 8: Security Function Implementations for specification of the module’s transport methods. 2.11 Industry Protocols The module implements the following industry protocol:
1 No parts of the TLS protocol, other than the KDF, have been tested by the CAVP or CMVP.
Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| Physical data input port(s) of the tested platforms | Physical data input port(s) of the tested platforms | Data Input | Logical interface is defined as API input arguments that provide input data for processing. This includes data to be encrypted, decrypted, signed, verified, and hashed, keys to be used in cryptographic services, random seed material for the DRBG of the module, keying material used as input to key establishment services, and intermediate data required for services. |
| Physical data output port(s) of the tested platforms | Physical data output port(s) of the tested platforms | Data Output | Logical interface is defined as API output arguments that return generated or processed data back to the caller. This includes data that has been encrypted/decrypted/verified, digital signatures, hashes, random values generated by the DRBG of the module, keys established using key establishment methods of the module, and key components/intermediate data/traffic (client and server data and messages). |
| Physical control input port(s) of the tested platforms | Physical control input port(s) of the tested platforms | Control Input | Logical interface is defined as API input arguments that are used to initialize and control the operation of the module. This includes API commands invoking cryptographic services, modes, key sizes, etc. used with cryptographic services. |
| Physical status output port(s) of the tested platforms | Physical status output port(s) of the tested platforms | Status Output | Logical interface is defined as API call return values. This includes status information regarding the module or invoked service/operation. |
February 19, 2025 3. 3.1 Ports and Interfaces The module supports the following logical interfaces:
| Name | Role Access | Type | |
|---|---|---|---|
| Crypto Officer | CO | Role | None |
| User | User | Role | None |
February 19, 2025 4. Roles, Services, and Authentication 4.1 The module does not support authentication mechanisms; operators implicitly assume an authorized role (or set of roles) based on the service selected. N/A for this module. 4.2 Roles The module supports a Crypto Officer (CO) that authorized operators can assume. The CO role performs cryptographic initialization or management functions and general security services. The module also supports the following role:
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Show status | Return FIPS mode status | Unauthenticated | None | N/A | API call parameters | Current operational status |
| Perform self-tests on- demand | Perform pre- operational self-tests | Unauthenticated | None | API return value | API call parameters | Status |
February 19, 2025 The keys and Sensitive Security Parameters (SSPs) listed in the table indicate the type of access required using the following notation:
| Zeroize | Zeroize and de- allocate memory containing sensitive data | N/A | API call parameters | None | None | Crypto Officer - MPC AES Key: Z - MPC ECDSA Public key: Z - MPC ECDSA Private key: Z - MPC RSA public key: Z - MPC RSA private key: Z - AES key: Z - AES CCM key: Z - AES GCM key: Z - AES GCM IV: Z - AES XTS key: Z - AES CMAC key: Z - AES GMAC key: Z - ECDH private component: Z - ECDH public component: Z - DRBG entropy input: Z - DRBG seed: Z - DRBG 'V' value: Z - DRBG 'Key' value: Z - ECDSA private key: Z - ECDSA public key: Z - HMAC key: Z - RSA private key: Z - RSA public key: Z - TLS extended pre-master secret: Z - TLS master secret: Z - TLS Session Key: Z - TLS Authentication Key (HMAC key): Z - TLS Server Authentication Key: Z - HKDF Derived key: Z - PBKDF Derived key: Z - Password: Z |
|---|
N/A February 19, 2025 Z Z Z Z Z Z Z Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Description | Csps Accessed | Approved Functions | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Show versioning information | Return module versioning information | Unauthenticated | None | N/A | API call parameters | Module name, version |
| Perform Multi-party symmetric encryption | Encrypt plaintext data | User - MPC AES Key: W,E | AES for Multi-party Symmetric Encryption/Decryption | API return value | API call parameters, key, plaintext | Status, ciphertext |
| Perform Multi-party symmetric decryption | Decrypt ciphertext data | User - MPC AES Key: W,E | AES for Multi-party Symmetric Encryption/Decryption | API return value | API call parameters, key, ciphertext | Status, plaintext |
| Generate Multi-party asymmetric key pair | Generate a public/private key pair | User - MPC ECDSA Public key: G,R - MPC ECDSA Private key: G,R - MPC RSA public key: G,R - MPC RSA private key: G,R | ECDSA for Multi-party Asymmetric Key Pair Generation RSA for Multi-party Asymmetric Key Pair Generation | API return value | API call parameters | Status, key pair |
| Generate Multi-party digital signature | Generate a digital signature | User - MPC ECDSA Private key: W,E - MPC RSA public key: W,E | ECDSA for Multi-party Digital Signature Generation RSA for Multi-party Digital Signature Generation | API return value | API call parameters, key, message | Status, signature |
| Perform symmetric encryption | Encrypt plaintext data | User - AES key: W,E - AES XTS key: W,E | AES for Symmetric Encryption/Decryption AES-XTS for Symmetric Encryption/Decryption | API return value | API call parameters, key, plaintext | Status, ciphertext |
| Perform symmetric decryption | Decrypt ciphertext data | User - AES key: W,E - AES XTS key: W,E | AES for Symmetric Encryption/Decryption AES-XTS for Symmetric Encryption/Decryption | API return value | API call parameters, key, ciphertext | Status, plaintext |
| Generate symmetric digest | Generate symmetric digest | User - AES CMAC key: W,E - AES GMAC key: W,E | AES-CMAC for Message Authentication AES-GMAC for Message Authentication | API return value | API call parameters, key, plaintext | Status, digest |
| Verify symmetric digest | Verify symmetric digest | User - AES CMAC key: W,E - AES GMAC key: W,E | AES-CMAC for Message Authentication AES-GMAC for Message Authentication | API return value | API call parameters, key, digest | Status |
| Perform authenticated symmetric encryption | Encrypt plaintext | User - AES CCM key: W,E - AES GCM key: W,E - AES GCM IV: G,R,E | AES-CCM for Authenticated Symmetric Encryption/Decryption AES-GCM for Authenticated Symmetric Encryption/Decryption | API return value | API call parameters, key, plaintext | Status, ciphertext |
| Perform authenticated symmetric decryption | Decrypt ciphertext | User - AES CCM key: W,E - AES GCM key: W,E - AES GCM IV: W,E | AES-CCM for Authenticated Symmetric Encryption/Decryption AES-GCM for Authenticated Symmetric Encryption/Decryption | API return value | API call parameters, key, ciphertext | Status, plaintext |
| Generate random number | Generate random bits using DRBG | User - DRBG entropy input: W,E - DRBG seed: G,E - DRBG 'V' value: G,E - DRBG 'Key' value: G,E | DRBG | API return value | API call parameters | Status, random bits |
| Perform keyed hash operation | Compute a message authentication code | User - HMAC key: W,E | HMAC for Message Authentication | API return value | API call parameters, key, message | Status, MAC |
| Perform hash operation | Compute a message digest | User | SHA for Message Digest SHA3 for Message Digest SHAKE for Extendable Output Function | API return value | API call parameters | Status, hash |
| Generate asymmetric key pair | Generate a public/private key pair | User - ECDSA public key: G,R - ECDSA private key: G,R - RSA public key: G,R - RSA private key: G,R - ECDH public component: G,R - ECDH private component: G,R | ECDSA for Key Generation RSA for Key Generation | API return value | API call parameters | Status, key pair |
| Verify ECDSA public key | Verify an ECDSA public key | User - ECDSA public key: W | ECDSA for Key Verification | API return value | API call parameters, key | Status |
| Generate digital signature | Generate a digital signature | User - ECDSA private key: W,E - RSA private key: W,E | ECDSA for Digital Signature Generation RSA for Signature Generation | API return value | API call parameters, key, message | Status, signature |
| Verify digital signature | Verify a digital signature | User - ECDSA public key: W,E - RSA public key: W,E | ECDSA for Digital Signature Verification RSA for Signature Verification | API return value | API call parameters, key, signature, message | Status |
| Perform key wrap | Perform key wrap | User - AES key: W,E - AES CCM key: W,E - AES CMAC key: W,E - AES GMAC key: W,E - AES GCM key: W,E - AES GCM IV: G,R,E | AES for Key Wrapping/Unwrapping | API return value | API call parameters, encryption key, key | Status, encrypted key |
| Perform key unwrap | Perform key unwrap | User - AES key: W,E - AES CCM key: W,E - AES CMAC key: W,E - AES GMAC key: W,E - AES GCM key: W,E - AES GCM IV: W,E | AES for Key Wrapping/Unwrapping | API return value | API call parameters, decryption key, key | Status, decrypted key |
| Compute shared secret | Compute ECDH shared secret suitable for use as input to a TLS KDF | User - ECDH public component: W,E - ECDH private component: W,E | ECDH Shared Secret Computation | API return value | API call parameters | Status, shared secret |
| TLS v1.2 network protocol | Utilize TLS protocol | User - ECDH public component: W,E - ECDH private component: W,E - TLS extended pre-master secret: W,E - TLS master secret: W,E - TLS Authentication Key (HMAC key): W,E - TLS Session Key: W,E - TLS Server Authentication Key: R,E | TLS v1.2 Key Agreement TLS v1.2 Authentication TLS v1.2 Data Encryption/Decryption | API return value | API call parameters, TLS certs and keys, raw application data, TLS session data | Status, TLS keys, TLS session data, decrypted application data |
| Derive keys via TLS v1.2 KDF | Derive TLS session and integrity keys | User - TLS extended pre-master secret: W,E - TLS master secret: G,E - TLS Session Key: G,E | TLS v1.2 Key Derivation | API return value | API call parameters, TLS extended pre-master secret | Status, TLS keys |
| Certificate Management/Handling | Certificate management services | User - AES key: W,E - AES XTS key: W,E - ECDSA public key: R,W,E - ECDSA private key: R,W,E - RSA public key: R,W,E - RSA private key: R,W,E | AES for Symmetric Encryption/Decryption ECDSA for Digital Signature Generation ECDSA for Digital Signature Verification RSA for Signature Generation RSA for Signature Verification SHA for Message Digest SHA3 for Message Digest | API return value | API call parameters, AES key, private keys, public keys, certificates, certificate data. | Status |
| Perform key agreement functions | Establish symmetric key using ECDH key agreement | User - ECDH public component: W,E - ECDH private component: W,E - AES key: G,R - AES GCM key: G,R - AES GCM IV: G,R - HMAC key: G,R | TLS v1.2 Key Agreement | API return value | API call parameters | Status, symmetric key |
| Derive key via HKDF | Derive key from HKDF | User - HKDF Derived key: G,R | HKDF for Key Derivation | API return value | API call parameters, input key material | Status, key |
| Derive key via PBKDF2 | Derive key from PBKDF2 | User - Password: W,E - PBKDF Derived key: G,R | PBKDF for Key Derivation | API return value | API call parameters, password | Status, key |
February 19, 2025 N/A W,E W,E W,E W,E W,E W,E W,E W,E W,E W,E G,R,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 W,E W,E W,E G,E G,R G,R W,E W,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 W,E W,E W,E W,E G,R,E W,E W,E W,E W,E W,E W,E W,E G,E Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Table 11: Approved Services W,E R,W,E R,W,E G,R G,R * Per FIPS 140-3 Implementation Guidance 2.4.C, the Show Status and Show Versioning Information services do not require a service indicator. 4.4 Non-Approved Services The module does not offer any non-Approved services. N/A for this module. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
5. Software/Firmware Security 5.1 Integrity Techniques February 19, 2025 All software components within the cryptographic boundary are verified using an approved integrity technique implemented within the cryptographic module itself. The module implements independent HMAC SHA2-256 checks for the integrity test of each library file; failure of the integrity test for any file will cause the module to enter a critical error state. The calling application is responsible for the initialization process and loading of the library. The module is designed with a default entry point (DEP) that ensures that the pre-operational self-tests are initiated automatically when the module is loaded without action from the module operator. 5.2 Initiate on Demand The CO can initiate the pre-operational tests on demand by issuing the securikey_fips_self_test() call. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
6. Operational Environment 6.1 Operational Environment Type and Requirements February 19, 2025 The Ideem ZSM Cryptographic Module comprises a software cryptographic library that executes in a Modifiable operational environment. The cryptographic module has control over its own SSPs. The process and memory management functionality of the host platform’s OS prevents unauthorized access to plaintext private and secret keys, intermediate key generation values and other SSPs by external processes during module execution. The module only allows access to SSPs through its well-defined API. The operational environments provide the capability to separate individual application processes from each other by preventing uncontrolled access to CSPs and uncontrolled modifications of SSPs regardless of whether this data is in the process memory or stored on persistent storage within the operational environments. Processes that are spawned by the module are owned by the module and are not owned by external processes/operators. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
7. February 19, 2025 Physical Security The cryptographic module is a multi-chip standalone software module and does not include physical security mechanisms. Therefore, per section 7.5 of the FIPS PUB 140-3 Management Manual this section is not applicable. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
8. February 19, 2025 Non-Invasive Security This section is not applicable. There are currently no approved non-invasive mitigation techniques references in Annex F of ISO/IEC 19790. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | SSPs stored in RAM |
| Name | Type | From | To | ||
|---|---|---|---|---|---|
| Plaintext import via API parameter | Plaintext | External | RAM | Manual | Electronic |
| Plaintext export via API parameter | Plaintext | RAM | External | Manual | Electronic |
| Zeroization | Description | Rationale | Operator Initiation | |
|---|---|---|---|---|
| Method | ||||
| Zeroize service | The OpenSSL_cleanse() function zeroizes SSPs. OpenSSL_cleanse() may only be called directly by the calling application for some SSPs. However, other SSPs will be zeroized by an indirect call to OpenSSL_cleanse() via object destruction APIs. | The OpenSSL_cleanse() service zeroizes SSPs, which makes them irretrievable. | The operator calls the OpenSSL_cleanse(). The successful completion of the procedural zeroization suffices as the implicit indicator that zeroization has completed. |
February 19, 2025 9. Sensitive Security Parameters Management 9.1 Storage Areas The table below lists sensitive security parameters (SSPs) storage areas for this module. 9.2 Table 12: Storage Areas SSP Input-Output Methods The table below lists SSP input and output methods for this module. Table 13: SSP Input-Output Methods 9.3 SSP Zeroization Methods The table below lists SSP zeroization methods for this module. Table 14: SSP Zeroization Methods 9.4 The module supports the keys and other SSPs listed in the table below. Note that all SSP imports and exports are electronic and performed withing the Tested OE’s Physical Parameter (TOEPP). Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Type | Description | Strength | Establishment | Use | |
|---|---|---|---|---|---|---|
| MPC AES Key | Symmetric Key - CSP | Multi-party symmetric encryption and decryption | 128 bits - 128 bits | AES for Multi-party Symmetric Encryption/Decryption | ||
| MPC ECDSA Public key | Public/Private - PSP | Public key paired with the MPC ECDSA private key. | 256 bits - 128 bits | ECDSA for Multi-party Asymmetric Key Pair Generation | ||
| MPC ECDSA Private key | Public/Private - CSP | Multi-party digital signature generation | 256 bits - 128 bits | ECDSA for Multi-party Digital Signature Generation | ECDSA for Multi-party Asymmetric Key Pair Generation | |
| MPC RSA public key | Public/Private - PSP | Public key paired with the MPC ECDSA private key | Between 2048 and 4096 bits - Between 112 and 150 bits | RSA for Multi-party Asymmetric Key Pair Generation | ||
| MPC RSA private key | Public/Private - CSP | Multi-party digital signature generation | Between 2048 and 4096 bits - Between 112 and 150 bits | RSA for Multi-party Digital Signature Generation | RSA for Multi-party Asymmetric Key Pair Generation | |
| AES key | Symmetric Key - CSP | Symmetric encryption and decryption; key wrap and unwrap Modes: (CBC, CFB, CTR, ECB, OFB, KW, KWP) | Between 128 and 256 bits - Between 128 and 256 bits | TLS v1.2 Key Derivation AES for Key Wrapping/Unwrapping | AES for Symmetric Encryption/Decryption | |
| AES CCM key | Symmetric Key - CSP | Authenticated symmetric encryption, decryption; key transport | Between 128 and 256 bits - Between 128 and 256 bits | TLS v1.2 Key Derivation AES for Key Wrapping/Unwrapping | AES-CCM for Authenticated Symmetric Encryption/Decryption | |
| AES GCM key | Symmetric Key - CSP | Authenticated symmetric encryption, decryption; key transport | Between 128 and 256 bits - Between 128 and 256 bits | TLS v1.2 Key Derivation | AES-GCM for Authenticated Symmetric Encryption/Decryption | |
| AES GCM IV | Initialization Vector - CSP | Initialization vector for AES GCM | 96 bits - n/a | AES-GCM for Authenticated Symmetric Encryption/Decryption | Generated internally in compliance with the provisions of a peer-to- peer industry standard protocol. Technique 1.a. as specified in FIPS 140-3 IG C.H. | |
| AES XTS key | Symmetric Key - CSP | Symmetric encryption, decryption | 256-bits - 256-bits | AES-XTS for Symmetric Encryption/Decryption | ||
| AES CMAC key | Symmetric Key - CSP | Key wrap and unwrap | Between 128 and 256 bits - Between 128 and 256 bits | AES-CMAC for Message Authentication | ||
| AES GMAC key | Authentication Key - CSP | MAC generation, verification | Between 128 and 256 bits - Between 128 and 256 bits | AES-GMAC for Message Authentication | ||
| ECDH private component | Public/Private - CSP | ECDH shared secret computation | Between 224 and 521 bits - Between 112 and 256 bits | ECDH Shared Secret Computation TLS v1.2 Key Agreement | ECDSA for Key Generation | |
| ECDH public component | Public/Private - PSP | ECDH shared secret computation | Between 224 and 521 bits - Between 112 and 256 bits | ECDH Shared Secret Computation TLS v1.2 Key Agreement | ECDSA for Key Generation | |
| DRBG entropy input | Entropy Input - CSP | Entropy material for DRBG | Between 128 and 512 bits - Between 128 and 512 bits | DRBG | ||
| DRBG seed | Seed - CSP | Seeding material for DRBG | Between 256 and 384 - Between 256 and 384 | DRBG | DRBG | |
| DRBG 'V' value | DRBG state - CSP | State values for DRBG | 128 bits - 128 bits | DRBG | DRBG | |
| DRBG 'Key' value | DRBG state - CSP | State values for DRBG | Between 128 and 256 bits - Between 128 and 256 bits | DRBG | DRBG | |
| ECDSA private key | Public/Private - CSP | Digital signature generation | Between 224 and 521 bits - Between 112 and 256 bits | ECDSA for Digital Signature Generation | ECDSA for Key Generation | |
| ECDSA public key | Public/Private - PSP | Digital signature generation | Between 224 and 521 bits - Between 112 and 256 bits | ECDSA for Digital Signature Verification | ECDSA for Key Generation | |
| HMAC key | Authentication - CSP | Keyed hash | 224 bits (minimum) - 112 bits (minimum) | TLS v1.2 Key Derivation | HMAC for Message Authentication AES for Key Wrapping/Unwrapping | |
| RSA private key | Public/Private - CSP | Digital signature generation | Between 2048 and 4096 bits - Between 112 and 150 bits | RSA for Signature Generation | RSA for Key Generation | |
| RSA public key | Public/Private - PSP | Digital signature verification | Between 2048 and 4096 bits - Between 112 and 150 bits | RSA for Signature Verification | RSA for Key Generation | |
| TLS extended pre-master secret | Pre-master secret - CSP | Derivation of the TLS master secret | 384 bits - 384 bits | TLS v1.2 Key Agreement | TLS v1.2 Key Derivation | |
| TLS master secret | Master secret - CSP | Derivation of the AES key, AES-GCM key, and HMAC key used for securing TLS connections | 384 bits - 384 bits | TLS v1.2 Key Agreement | TLS v1.2 Key Derivation | |
| TLS Session Key | Symmetric key - CSP | Encryption and decryption of TLS session packets | 128 or 256 bits - 128 or 256 bits | TLS v1.2 Key Derivation | TLS v1.2 Data Encryption/Decryption | |
| TLS Authentication Key (HMAC key) | Authentication - CSP | Authentication of TLS session packets | Between 160 and 384 bits - Between 160 and 384 bits | TLS v1.2 Key Derivation | TLS v1.2 Data Encryption/Decryption |
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 a peer-topeer Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Type | Description | Strength | Establishment | Storage | Zeroization | Use | Input | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|
| TLS Server Authentication Key | Public - PSP | Digital signature verification | 2048 bits - 128 bits | TLS v1.2 Authentication | |||||
| HKDF Derived key | Symmetric key - CSP | Symmetric encryption and decryption | 256 bits - 256 bits | HKDF for Key Derivation | |||||
| PBKDF Derived key | Symmetric key - CSP | Symmetric encryption and decryption; Storage application only | 256 bits - 256 bits | PBKDF for Key Derivation | |||||
| Password | Password - CSP | Input to PBKDF for key derivation | n/a - n/a | PBKDF for Key Derivation | |||||
| MPC AES Key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ||||||
| MPC ECDSA Public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC ECDSA Private key:Paired With | |||||
| MPC ECDSA Private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC ECDSA Public key:Paired With | |||||
| MPC RSA public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC RSA private key:Paired With | |||||
| MPC RSA private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC RSA public key:Paired With | |||||
| AES key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ||||||
| AES CCM key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES GCM key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | AES GCM IV:Other | |||||
| AES GCM IV | RAM:Plaintext | Zeroize service | Plaintext export via API parameter | ||||||
| AES XTS key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES CMAC key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES GMAC key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter |
| Name | Type | Description | Strength | Establishment | Storage | Zeroization | Use | Input | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|
| TLS Server Authentication Key | Public - PSP | Digital signature verification | 2048 bits - 128 bits | TLS v1.2 Authentication | |||||
| HKDF Derived key | Symmetric key - CSP | Symmetric encryption and decryption | 256 bits - 256 bits | HKDF for Key Derivation | |||||
| PBKDF Derived key | Symmetric key - CSP | Symmetric encryption and decryption; Storage application only | 256 bits - 256 bits | PBKDF for Key Derivation | |||||
| Password | Password - CSP | Input to PBKDF for key derivation | n/a - n/a | PBKDF for Key Derivation | |||||
| MPC AES Key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ||||||
| MPC ECDSA Public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC ECDSA Private key:Paired With | |||||
| MPC ECDSA Private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC ECDSA Public key:Paired With | |||||
| MPC RSA public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC RSA private key:Paired With | |||||
| MPC RSA private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | MPC RSA public key:Paired With | |||||
| AES key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ||||||
| AES CCM key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES GCM key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | AES GCM IV:Other | |||||
| AES GCM IV | RAM:Plaintext | Zeroize service | Plaintext export via API parameter | ||||||
| AES XTS key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES CMAC key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| AES GMAC key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| ECDH private component | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ECDH public component:Paired With | |||||
| ECDH public component | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ECDH private component:Paired With | |||||
| DRBG entropy input | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| DRBG seed | RAM:Plaintext | Zeroize service | |||||||
| DRBG 'V' value | RAM:Plaintext | Zeroize service | |||||||
| DRBG 'Key' value | RAM:Plaintext | Zeroize service | |||||||
| ECDSA private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ECDSA public key:Paired With | |||||
| ECDSA public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ECDSA private key:Paired With | |||||
| HMAC key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| RSA private key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | RSA public key:Paired With | |||||
| RSA public key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | RSA private key:Paired With | |||||
| TLS extended pre-master secret | RAM:Plaintext | Zeroize service | Plaintext import via API parameter | ||||||
| TLS master secret | RAM:Plaintext | Zeroize service | |||||||
| TLS Session Key | RAM:Plaintext | Zeroize service | |||||||
| TLS Authentication Key (HMAC key) | RAM:Plaintext | Zeroize service | |||||||
| TLS Server Authentication Key | RAM:Plaintext | Zeroize service | Plaintext import via API parameter Plaintext export via API parameter | ||||||
| HKDF Derived key | RAM:Plaintext | Zeroize service | Plaintext export via API parameter | ||||||
| PBKDF Derived key | RAM:Plaintext | Zeroize service | Plaintext export via API parameter | ||||||
| Password | RAM:Plaintext | Zeroize service | Plaintext import via API parameter |
February 19, 2025 n/a - n/a Table 15: SSP Table 1 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Table 16: SSP Table 2 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Test Properties | Test Method | |
|---|---|---|---|---|---|---|---|---|---|---|
| HMAC-SHA2- 256 (A5056) | HMAC-SHA2- 256 (A5056) | Software Integrity | SW/FW Integrity | Software integrity test for libcrypto | SHA2-256 | A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call. | ||||
| HMAC-SHA2- 256 (A5056) | HMAC-SHA2- 256 (A5056) | Software Integrity | SW/FW Integrity | Software integrity test for libssl | SHA2-256 | A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call. | ||||
| HMAC-SHA2- 256 (A5056) | HMAC-SHA2- 256 (A5056) | Software Integrity | SW/FW Integrity | Software integrity test for libsecurikey | SHA2-256 | A boolean value is returned indicating the success (true) or failure (false) of the self-test procedure call. | ||||
| AES-ECB (A5055) | AES-ECB (A5055) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Triggered upon first usage of MPC services. | 128-bit | Encrypt | KAT | CAST | |||
| ECDSA SigGen (FIPS186-4) (A5055) | ECDSA SigGen (FIPS186-4) (A5055) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Triggered upon first usage of MPC services. | P-256; SHA2- 256 | Sign | KAT | CAST | |||
| RSA SigGen (FIPS186-5) (A5055) | RSA SigGen (FIPS186-5) (A5055) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Triggered upon first usage of MPC services. | 2048-bit; SHA2-224; PKCS#1.5 scheme | Sign | KAT | CAST | |||
| AES-ECB (A5056) | AES-ECB (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit | Encrypt | KAT | CAST | |||
| AES-ECB (A5056) | AES-ECB (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit | Decrypt | KAT | CAST | |||
| AES-CCM (A5056) | AES-CCM (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 192-bit | Encrypt | KAT | CAST | |||
| AES-CCM (A5056) | AES-CCM (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 192-bit | Decrypt | KAT | CAST | |||
| AES-GCM (A5056) | AES-GCM (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit | Encrypt | KAT | CAST | |||
| AES-GCM (A5056) | AES-GCM (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit | Decrypt | KAT | CAST | |||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit, 256-bit | Encrypt | KAT | CAST | |||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 128-bit, 256-bit | Decrypt | KAT | CAST | |||
| AES-CMAC (A5056) | AES-CMAC (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | CBC mode; 128-bit, 192- bit, 256-bit | Generate | KAT | CAST | |||
| Counter DRBG (A5056) | Counter DRBG (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | AES, 256-bit, with derivation function | Instantiate, Reseed, Generate | KAT | CAST | |||
| ECDSA SigGen (FIPS186-5) (A5056) | ECDSA SigGen (FIPS186-5) (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | P-224; SHA2- 256 | Sign | KAT | CAST | |||
| ECDSA SigVer (FIPS186-5) (A5056) | ECDSA SigVer (FIPS186-5) (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | P-224; SHA2- 256 | Verify | KAT | CAST | |||
| RSA SigGen (FIPS186-5) (A5056) | RSA SigGen (FIPS186-5) (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 2048-bit; SHA2-256; PKCS#1.5 scheme | Sign | KAT | CAST | |||
| RSA SigVer (FIPS186-5) (A5056) | RSA SigVer (FIPS186-5) (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | 2048-bit; SHA2-256; PKCS#1.5 scheme | Verify | KAT | CAST | |||
| HMAC-SHA-1 (A5056) | HMAC-SHA-1 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | SHA-1 | Hashed message authentication | KAT | CAST | |||
| HMAC-SHA2- 224 (A5056) | HMAC-SHA2- 224 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | SHA2-224 | Hashed message authentication | KAT | CAST | |||
| HMAC-SHA2- 256 (A5056) | HMAC-SHA2- 256 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | SHA2-256 | Hashed message authentication | KAT | CAST | |||
| HMAC-SHA2- 384 (A5056) | HMAC-SHA2- 384 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | SHA2-384 | Hashed message authentication | KAT | CAST | |||
| HMAC-SHA2- 512 (A5056) | HMAC-SHA2- 512 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | SHA2-512 | Hashed message authentication | KAT | CAST | |||
| SHA-1 (A5056) | SHA-1 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| SHA2-224 (A5056) | SHA2-224 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| SHA2-256 (A5056) | SHA2-256 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| SHA2-384 (A5056) | SHA2-384 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| SHA2-512 (A5056) | SHA2-512 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| SHA3-256 (A5056) | SHA3-256 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | Upon power-up and before the pre- operational software integrity tests. | Hash | KAT | CAST | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5056) | KAS-ECC-SSC Sp800-56Ar3 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | P-224 | Shared Secret "Z" Computation | KAT | CAST | |||
| KDA HKDF SP800-56Cr2 (A5056) | KDA HKDF SP800-56Cr2 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | SHA2-256 | Derive | KAT | CAST | |||
| PBKDF (A5056) | PBKDF (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | SHA2-256 | Derive | KAT | CAST | |||
| TLS v1.2 KDF RFC7627 (A5056) | TLS v1.2 KDF RFC7627 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | SHA2-256 | Derive | KAT | CAST | |||
| ECDSA KeyGen (FIPS186-4) (A5055) | ECDSA KeyGen (FIPS186-4) (A5055) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | Sign/Verify | PCT | PCT | ||||
| RSA KeyGen (FIPS186-5) (A5055) | RSA KeyGen (FIPS186-5) (A5055) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | Sign/Verify | PCT | PCT | ||||
| ECDSA KeyGen (FIPS186-5) (A5056) | ECDSA KeyGen (FIPS186-5) (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | Sign/Verify | PCT | PCT | ||||
| RSA KeyGen (FIPS186-5) (A5056) | RSA KeyGen (FIPS186-5) (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | Sign/Verify | PCT | PCT | ||||
| ECDH | ECDH | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | Sign/Verify | PCT | PCT | ||||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon initialization of AES- XTS cipher with key data. | Duplicate key test | Duplicate Key Test | Critical Function | ||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| AES-ECB (A5055) | AES-ECB (A5055) | KAT | CAST | On Demand | Manually | |||||
| ECDSA SigGen (FIPS186- 4) (A5055) | ECDSA SigGen (FIPS186- 4) (A5055) | KAT | CAST | On Demand | Manually | |||||
| RSA SigGen (FIPS186-5) (A5055) | RSA SigGen (FIPS186-5) (A5055) | KAT | CAST | On Demand | Manually | |||||
| AES-ECB (A5056) | AES-ECB (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-ECB (A5056) | AES-ECB (A5056) | KAT | CAST | On Demand | Manually |
February 19, 2025 10. Self-Tests The module performs pre-operational self-tests and conditional self-tests. Pre-operational tests are performed between the time the cryptographic module is instantiated and before the module transitions to the operational state. Conditional self-tests are performed by the module during module operation when certain conditions exist. The following sections list the self-tests performed by the module, their expected error status, and the error resolutions. In normal operation, the module uses MPC techniques to spread the load of cryptographic operation between several nodes. However, for self-testing, the module is able to perform all of the steps of each algorithm within the boundary of the module. 10.1 Pre-Operational Self-Tests The module performs the following pre-operational self-test(s): Table 17: Pre-Operational Self-Tests 10.2 Conditional Self-Tests The module performs the following conditional self-tests: P-256; SHA2256 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
P-224; SHA2256 P-224; SHA2256 February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Test Properties | Test Method | Indicator | |
|---|---|---|---|---|---|---|---|---|---|---|
| TLS v1.2 KDF RFC7627 (A5056) | TLS v1.2 KDF RFC7627 (A5056) | A boolean value indicating success (true) or failure (false) of the self-test procedure call. | After successful completion of software integrity tests. | SHA2-256 | KAT | CAST | Derive | |||
| ECDSA KeyGen (FIPS186-4) (A5055) | ECDSA KeyGen (FIPS186-4) (A5055) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | PCT | PCT | Sign/Verify | ||||
| RSA KeyGen (FIPS186-5) (A5055) | RSA KeyGen (FIPS186-5) (A5055) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | PCT | PCT | Sign/Verify | ||||
| ECDSA KeyGen (FIPS186-5) (A5056) | ECDSA KeyGen (FIPS186-5) (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | PCT | PCT | Sign/Verify | ||||
| RSA KeyGen (FIPS186-5) (A5056) | RSA KeyGen (FIPS186-5) (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | PCT | PCT | Sign/Verify | ||||
| ECDH | ECDH | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon key pair generation before returning key pair. | PCT | PCT | Sign/Verify | ||||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | An integer value indicating success (1) or failure (0) of the self- test procedure call. | Executed upon initialization of AES- XTS cipher with key data. | Duplicate Key Test | Critical Function | Duplicate key test | ||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | Software Integrity | SW/FW Integrity | On Demand | Manually | |||||
| AES-ECB (A5055) | AES-ECB (A5055) | KAT | CAST | On Demand | Manually | |||||
| ECDSA SigGen (FIPS186- 4) (A5055) | ECDSA SigGen (FIPS186- 4) (A5055) | KAT | CAST | On Demand | Manually | |||||
| RSA SigGen (FIPS186-5) (A5055) | RSA SigGen (FIPS186-5) (A5055) | KAT | CAST | On Demand | Manually | |||||
| AES-ECB (A5056) | AES-ECB (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-ECB (A5056) | AES-ECB (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-CCM (A5056) | AES-CCM (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-CCM (A5056) | AES-CCM (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-GCM (A5056) | AES-GCM (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-GCM (A5056) | AES-GCM (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | KAT | CAST | On Demand | Manually | |||||
| AES-CMAC (A5056) | AES-CMAC (A5056) | KAT | CAST | On Demand | Manually | |||||
| Counter DRBG (A5056) | Counter DRBG (A5056) | KAT | CAST | On Demand | Manually | |||||
| ECDSA SigGen (FIPS186- 5) (A5056) | ECDSA SigGen (FIPS186- 5) (A5056) | KAT | CAST | On Demand | Manually | |||||
| ECDSA SigVer (FIPS186- 5) (A5056) | ECDSA SigVer (FIPS186- 5) (A5056) | KAT | CAST | On Demand | Manually | |||||
| RSA SigGen (FIPS186-5) (A5056) | RSA SigGen (FIPS186-5) (A5056) | KAT | CAST | On Demand | Manually | |||||
| RSA SigVer (FIPS186-5) (A5056) | RSA SigVer (FIPS186-5) (A5056) | KAT | CAST | On Demand | Manually | |||||
| HMAC-SHA-1 (A5056) | HMAC-SHA-1 (A5056) | KAT | CAST | On Demand | Manually | |||||
| HMAC-SHA2-224 (A5056) | HMAC-SHA2-224 (A5056) | KAT | CAST | On Demand | Manually | |||||
| HMAC-SHA2-256 (A5056) | HMAC-SHA2-256 (A5056) | KAT | CAST | On Demand | Manually | |||||
| HMAC-SHA2-384 (A5056) | HMAC-SHA2-384 (A5056) | KAT | CAST | On Demand | Manually | |||||
| HMAC-SHA2-512 (A5056) | HMAC-SHA2-512 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA-1 (A5056) | SHA-1 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA2-224 (A5056) | SHA2-224 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA2-256 (A5056) | SHA2-256 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA2-384 (A5056) | SHA2-384 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA2-512 (A5056) | SHA2-512 (A5056) | KAT | CAST | On Demand | Manually | |||||
| SHA3-256 (A5056) | SHA3-256 (A5056) | KAT | CAST | On Demand | Manually | |||||
| KAS-ECC-SSC Sp800- 56Ar3 (A5056) | KAS-ECC-SSC Sp800- 56Ar3 (A5056) | KAT | CAST | On Demand | Manually | |||||
| KDA HKDF SP800-56Cr2 (A5056) | KDA HKDF SP800-56Cr2 (A5056) | KAT | CAST | On Demand | Manually | |||||
| PBKDF (A5056) | PBKDF (A5056) | KAT | CAST | On Demand | Manually | |||||
| TLS v1.2 KDF RFC7627 (A5056) | TLS v1.2 KDF RFC7627 (A5056) | KAT | CAST | On Demand | Manually | |||||
| ECDSA KeyGen (FIPS186-4) (A5055) | ECDSA KeyGen (FIPS186-4) (A5055) | PCT | PCT | n/a | n/a | |||||
| RSA KeyGen (FIPS186-5) (A5055) | RSA KeyGen (FIPS186-5) (A5055) | PCT | PCT | n/a | n/a | |||||
| ECDSA KeyGen (FIPS186-5) (A5056) | ECDSA KeyGen (FIPS186-5) (A5056) | PCT | PCT | n/a | n/a | |||||
| RSA KeyGen (FIPS186-5) (A5056) | RSA KeyGen (FIPS186-5) (A5056) | PCT | PCT | n/a | n/a | |||||
| ECDH | ECDH | PCT | PCT | n/a | n/a | |||||
| AES-XTS Testing Revision 2.0 (A5056) | AES-XTS Testing Revision 2.0 (A5056) | Duplicate Key Test | Critical Function | n/a | n/a |
February 19, 2025 10.3 Table 18: Conditional Self-Tests The module does not implement automatic periodic self-tests, however the operator can perform all module selftests on demand by issuing the securikey_fips_self_test() call. Table 19: Pre-Operational Periodic Information Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a n/a Table 20: Conditional Periodic Information Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Critical Error | The module immediately terminates the calling application’s API call. Subsequent requests made by the calling application for cryptographic services will return failure indicator, disabling all access to cryptographic functions, SSPs, and data output services. | If the module fails pre-operational integrity tests, the SHA/HMAC pre- operational KATs (SHA, HMAC), or the conditional CASTs (DRBG, AES-ECB, AES- CCM, AES-GCM, AES-XTS, AES-CMAC, ECDSA Sign/Verify, RSA Sign/Verify, KAS- ECC Shared Secret “Z” Computation, HKDF, PBKDF, TLS v1.2 KDF). | Returned error code and sets an internal flag. Further requests will return this failure indicator. | The module must be re-instantiated by the calling application. If errors persist, the CO should contact Ideem, Inc. for assistance. |
| Soft Error | The module enters this state upon the failure of a PCT or self-test. The module transitions back to normal operation where the service requiring the self-test can be re-run or a new service can be performed. | If the module fails ECDSA/RSA/ECDH PCTs or the AES-XTS duplicate key test. | Returns error code | Module records the error and resumes normal operation |
10.4 February 19, 2025 Error States The tables below describe the error states the status indicators of the module. Table 21: Error States
February 19, 2025 11. Life-Cycle Assurance The sections below describe how to ensure the module is operating in its validated configuration, including the following:
As the module is an integrated component of Ideem’s product application software, module operators have no ability to independently load the module onto the target platform. The module is distributed to the end operator as part of an SDK 2 developed by Ideem. The module is distributed as a package containing the pre-compiled binaries and HMAC digest files. The module and its calling application are to be installed on a platform specified in section 2.2 or one where portability is maintained. For correct operation the module must be installed on both a server RHEL environment) and client (iOS or Android) side. Ideem does not provide any mechanisms to directly access the module, its source code, its APIs, or any information sent between it and other Ideem applications.
This module is designed to support the Ideem application solely, and this application are the sole consumers of the cryptographic services provided by the module. No end-user action is required to initialize the module for operation; the calling application performs any actions required to initialize the module. The pre-operational integrity test and conditional CASTs are performed automatically via a default entry point (DEP) when the module is loaded for execution, without any specific action from the calling application or the end-user. End-users have no means to short-circuit or bypass these actions. Failure of any of the initialization actions will result in a failure of the module to load for execution.
No startup steps are required to be performed by end-users.
Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
11.2 February 19, 2025 Administrator Guidance There are no specific management activities required of the CO role to ensure that the module runs securely. If any irregular activity is observed, or if the module is consistently reporting errors, then Ideem Customer Support should be contacted. The following list provides additional guidance for the CO:
February 19, 2025 12. Mitigation of Other Attacks 12.1 Attack List Key Leakage: The use of MPC techniques within the module ensures that knowledge of a key share provides no information about the logical key that it is a part of and that compromising a single module gives an attacker no knowledge about the secret and private keys used by that module. 12.2 Mitigation Effectiveness Secure multi-party computation is used to generate and split a cryptographic key into two or more key shares, such that knowledge of a key share provides no information about the logical key. The original key is never stored nor recomputed, so leakage of the key share from a single module gives an attacker no knowledge about the private keying material used by that module. 12.3 Guidance and Constraints There is no further guidance or constraints. 12.4 Additional Information There is no additional information. Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
| Name | Term | Definition |
|---|---|---|
| AES | AES | Advanced Encryption Standard |
| API | API | Application Programming Interface |
| CBC | CBC | Cipher Block Chaining |
| CCCS | CCCS | Canadian Centre for Cyber Security |
| CMVP | CMVP | Cryptographic Module Validation Program |
| CO | CO | Cryptographic Officer |
| CPU | CPU | Central Processing Unit |
| CTR | CTR | Counter |
| CVL | CVL | Component Validation List |
| DEP | DEP | Default Entry Point |
| DES | DES | Data Encryption Standard |
| DH | DH | Diffie-Hellman |
| DRBG | DRBG | Deterministic Random Bit Generator |
| ECB | ECB | Electronic Code Book |
| ECC CDH | ECC CDH | Elliptic Curve Cryptography Cofactor Diffie-Hellman |
| ECDH | ECDH | Elliptic Curve Diffie-Hellman |
| ECDSA | ECDSA | Elliptic Curve Digital Signature Algorithm |
| EMI/EMC | EMI/EMC | Electromagnetic Interference /Electromagnetic Compatibility |
| FIPS | FIPS | Federal Information Processing Standard |
| GCM | GCM | Galois/Counter Mode |
| GMAC | GMAC | Galois Message Authentication Code |
| GPC | GPC | General-Purpose Computer |
| HMAC | HMAC | (keyed-) Hash Message Authentication Code |
| KAS | KAS | Key Agreement Scheme |
| KAT | KAT | Known Answer Test |
| KTS | KTS | Key Transport Scheme |
| KW | KW | Key Wrap |
| KWP | KWP | Key Wrap with Padding |
| NIST | NIST | National Institute of Standards and Technology |
| OS | OS | Operating System |
| PCT | PCT | Pairwise Consistency Test |
| PKCS | PKCS | Public Key Cryptography Standard |
| PSS | PSS | Probabilistic Signature Scheme |
| RNG | RNG | Random Number Generator |
| RSA | RSA | Rivest, Shamir, and Adleman |
| SHA | SHA | Secure Hash Algorithm |
| SHS | SHS | Secure Hash Standard |
| SP | SP | Special Publication |
| TDES | TDES | Triple Data Encryption Standard |
February 19, 2025 Appendix A. Acronyms and Abbreviations Table 22 provides definitions for the acronyms and abbreviations used in this document. Table 22. Acronyms and Abbreviations Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
February 19, 2025 Ideem ZSM Cryptographic Module 1.0 ©2024 Ideem, Inc.
Prepared by: Corsec Security, Inc.
Fairfax, VA 22033 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com