`` 2 of 44 nShield 5s Hardware Security Module Version: 2.0.3 Date: 07/08/2024 Copyright © 2020 nCipher Security Limited. All rights reserved. Copyright in this document is property of nCipher Security Limited. This document may be reproduced and distributed in whole (i.e., without modification) provided that the copyright notice and Entrust branding has not been removed or altered. Words and logos marked with ® or ™ are trademarks of nCipher Security Limited or its affiliates in the EU and other countries. Mac and OS X are trademarks of Apple Inc., registered in the U.S. and other countries. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Information in this document is subject to change without notice. nCipher Security Limited makes no warranty of any kind with regard to this information, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. nCipher Security Limited shall not be liable for errors contained herein or for incidental or consequential damages concerned with the furnishing, performance or use of this material. Where translations have been made in this document English is the canonical language. nCipher Security Limited Registered Office: One Station Square, Cambridge, CB1 2GA, United Kingdom Registered in England No. 11673268 nCipher is an Entrust company. Entrust, Datacard, and the Hexagon Logo are trademarks, registered trademarks, and/or service marks of Entrust Corporation in the U.S. and/or other countries. All other brand or product names are the property of their respective owners. Because we are continuously improving our products and services, Entrust Corporation reserves the right to change specifications without prior notice. Entrust is an equal opportunity employer. nShield 5s Hardware Security Module 3 of 44 Contents 1 General...............................................................................................................................................4 2 Cryptographic module specification..................................................................................................5 2.1 Scope..........................................................................................................................................5 2.2 Cryptographic module description ............................................................................................5 2.3 Supported cryptographic algorithms .........................................................................................6 3 Cryptographic module interfaces ....................................................................................................11 4 Roles, services and authentication..................................................................................................12 4.1 Roles.........................................................................................................................................12 4.2 Services ....................................................................................................................................13 5 Software/Firmware security............................................................................................................25 6 Operational environment................................................................................................................26 7 Physical security...............................................................................................................................27 8 Non-invasive security.......................................................................................................................28 9 Sensitive security parameters management ...................................................................................29 9.1 Keys and Sensitive Security Parameters ..................................................................................29 9.2 SSP zeroization methods..........................................................................................................35 9.3 Entropy sources........................................................................................................................35 10 Self tests...........................................................................................................................................36 10.1Pre-operational self tests.........................................................................................................36 10.2Conditional self tests................................................................................................................36 10.3Periodic self tests .....................................................................................................................38 11 Life-cycle assurance.........................................................................................................................39 11.1Delivery ....................................................................................................................................39 11.2Cryptographic module identification.......................................................................................39 11.3Approved mode of operation ..................................................................................................41 11.4End of life .................................................................................................................................41 12 Mitigation of other attacks..............................................................................................................42 Contact Us.............................................................................................................................................43 4 of 44 nShield 5s Hardware Security Module 1 General This document defines the non-proprietary Security Policy enforced by the nShield 5s Hardware Security Module, i.e. the Cryptographic Module, to meet with the security requirements in FIPS 140- 3 and ISO/IEC 19790. The Cryptographic Module meets overall FIPS 140-3 Security Level 3. The following table specifies the security level in detail. ISO/IEC 24759 Section 6. [Number Below] FIPS 140-3 Section Title Security Level 1 General 3 2 Cryptographic Module Specification 3 3 Cryptographic Module Interfaces 3 4 Roles, Services and Authentication 3 5 Software/Firmware security 3 6 Operational Environment N/A 7 Physical Security 3 8 Non-invasive Security N/A 9 Sensitive Security Parameter Management 3 10 Self-Tests 3 11 Life-cycle Assurance 3 12 Mitigation of Other Attacks N/A Table 1 Security levels nShield 5s Hardware Security Module 5 of 44 2 Cryptographic module specification 2.1 Scope The following product hardware variants and firmware version(s) are in scope of this Security Policy. Model Hardware [Part Number and Version] Firmware Version Distinguishing Features nShield 5s F3 model number nC5536E PCB Assembly Part Number: PCA10005-01 PCB Assembly Revision: 03, 04 primary: 13.4.5 recovery: 13.2.4 uboot: 1.1.0 PCIe form factor nShield 5s for nShield 5c and for nShield HSMi model number nC5536N PCIe form factor identical to the nShield 5s F3 (nC5536E), embedded inside the nShield 5c or the nShield HSMi network appliances. Table 2 Cryptographic Module Tested Configuration 2.2 Cryptographic module description The nShield 5s Hardware Security Module (HSM) is a multi-chip embedded hardware Cryptographic Module as defined in FIPS 140-3, which comes in a PCI express board form factor protected by a tamper resistant enclosure, and performs encryption, digital signing, and key management on behalf of an extensive range of commercial and custom-built applications including public key infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing. The nShield 5s HSM is also embedded inside the nShield 5c or the nShield HSMi, which are network- attached appliances delivering cryptographic services as a shared network resource for distributed applications and virtual machines, giving organizations a highly secure solution for establishing physical and logical controls for server-based systems. The table below shows the nShield 5s HSM (left, representative of the two hardware variants nC5536E, nC5536N) and the nShield 5c appliance (right). Table 3 nShield 5s (left) and nShield 5c (right) The cryptographic boundary is delimited in red in the images in the table below. It is delimited by the heat sink and the outer edge of the potting material on the top and bottom of the PCB. 6 of 44 nShield 5s Hardware Security Module Table 4 Cryptographic module boundary The module enforces that only approved services are available and plaintext import/export of secret or private keys is not allowed. Refer to Approved mode of operation. 2.3 Supported cryptographic algorithms This section describes the cryptographic mechanisms and security functions provided and used by the cryptographic module. 2.3.1 Approved algorithms The following tables describe the approved cryptographic algorithms supported by the Cryptographic Module. 2.3.1.1 nCore crypto CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function A3707 AES [FIPS 197] [SP 800- 38A] [SP 800-38D] ECB CBC GCM 128 bits 192 bits 256 bits Data encryption/decryption A3707 KTS (AES) [SP 800-38F] [SP 800-38D] KW KWP GCM 128 bits 192 bits 256 bits (Key establishment methodology provides between 128 and 256 bits of encryption strength) Key wrapping/unwrapping A3707 KTS-IFC KTS-OAEP-basic with SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA3-224, SHA3-256, SHA3-384, SHA3-512 2048 bits 3072 bits 4096 bits (Key establishment methodology provides between 112 and 152 bits of encryption strength) Key transport (encapsulation, un-encapsulation) Vendor affirmed CKG [SP 800-133rev2] Section 4 “Using the Output of a Random Bit Generator“ n/a Key generation A3707 RSA [FIPS 186-4] RSASSA-PKCS-v1_5 RSASSA-PSS 1024 bits (verification only) 2048 bits Key generation nShield 5s Hardware Security Module 7 of 44 CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function 3072 bits 4096 bits Signature generation and verification A3707 ECDSA [FIPS 186-4] n/a NIST P-224, P-256, P-384, P-521 NIST K-233, K-283, K-409, K-571 NIST B-233, B-283, B-409, B-571 Key generation Key verification Signature generation and verification A3707 DSA [FIPS 186-4] n/a L = 1024 bits, N = 160 bits (verification only) L = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bits Key generation Signature generation and verification Domain parameter generation and verification A3707 HMAC [FIPS 198] HMAC-SHA1, HMAC-SHA2-224, HMAC-SHA2-256, HMAC-SHA2-384, HMAC-SHA2-512, HMAC-SHA3-224, HMAC-SHA3-256, HMAC-SHA3-384, HMAC-SHA3-512 ≥ 112 bits MAC generation and verification A3707 AES [SP 800-38B] CMAC 128 bits 192 bits 256 bits MAC generation and verification A3707 KMAC [SP 800-185] KMAC-128 KMAC-256 ≥ 112 bits MAC generation and verification A3707 KAS-FFC [SP 800-56Arev3] DH MODP-2048 MODP-3072 MODP-4096 MODP-6144 MODP-8192 FB FC (Key establishment methodology provides between 112 and 200 bits of encryption strength) Key agreement A3707 Safe Primes Key Generation [SP 800-56Arev3] KeyGen for KAS-FFC Safe prime groups: MODP-2048, MODP-3072, MODP-4096, MODP- 6144, MODP-8192 (Provides between 112 and 200 bits of encryption strength.) KAS-FFC key generation A3707 Safe Primes Key Verification [SP 800-56Arev3] KeyVer for KAS-FFC Safe prime groups: MODP-2048, MODP-3072, MODP-4096, MODP- 6144, MODP-8192 KAS-FFC key verification A3707 KAS-ECC [SP 800-56Arev3] ECDH ECMQV NIST P-224, P-256, P-384, P-521 NIST K-233, K-283, K-409, K-571 NIST B-233, B-283, B-409, B-571 Key agreement 8 of 44 nShield 5s Hardware Security Module CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function (Key establishment methodology provides between 112 and 256 bits of encryption strength) A3707 KBKDF [SP 800-108rev1] counter mode CMAC-AES256 n/a Key derivation A3707 SHS [FIPS 180-4] SHA-1 SHA2-224 SHA2-256 SHA2-384 SHA2-512 n/a Message digest A3707 SHA-3 [FIPS 202] SHA3-224 SHA3-256 SHA3-384 SHA3-512 n/a Message digest A3707 DRBG [SP 800-90Arev1] Hash_DRBG 256 bits of security strength Random bit generation Table 5 nCore - Approved Algorithms Note: For AES GCM, the 96-bit IV is internally generated using the approved DRBG as per IG C.H. 2.3.1.2 Bootloader crypto CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function A2404 RSA [FIPS 186-4] RSASSA-PKCS-v1_5 4096 bits Signature verification A2404 SHS [FIPS 180-4] SHA2-256 n/a Message digest Table 6 Bootloader - Approved Algorithms 2.3.1.3 SSH crypto CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function A3706 AES [FIPS 197] [SP 800-38A] [SP 800-38D] CTR GCM ECB 128 bits Data encryption/decryption Vendor affirmed CKG [SP 800- 133rev2] Section 4 “Using the Output of a Random Bit Generator“ n/a Key generation A3706 ECDSA [FIPS 186-4] n/a NIST P-256 NIST P-521 Signature generation and verification nShield 5s Hardware Security Module 9 of 44 CAVP Cert Algorithm and Standard Mode/Method Description / Key Size(s) / Key Strength(s) Use / Function A3706 HMAC [FIPS 198] HMAC-SHA2-256 ≥ 112 bits MAC generation and verification A3706 KAS-ECC-SSC [SP 800- 56Arev3] ECDH NIST P-256 (Key establishment methodology provides between 128 bits of encryption strength) Key agreement A3706 CVL - Secure Shell (SSHv2) KDF [SP 800- 135rev1] n/a n/a Key derivation A3706 KAS-ECC [SP 800- 56Arev3 [SP 800-135rev1] ECDH NIST P-256 (Key establishment methodology provides between 128 bits of encryption strength) Key agreement, KAS-ECC-SSC (cert# A3707) in conjunction with SSHv2 KDF of SP 800-135rev1 (cert# A3707), which is compliant with IG D.F. Scenario 2, path 2. A3706 SHS [FIPS 180-4] SHA2-256 SHA2-512 n/a Message digest Table 7 SSH - Approved Algorithms Note: As per IG D.C., no parts of this protocol, other than the approved cryptographic algorithms and the KDFs, have been tested by the CAVP and CMVP. Note: For AES GCM, the module is compliant with RFCs 4252, 4253 and 5647, and the IV is generated according to the SSHv2 protocol IV generation, as per IG C.H. In case the module’s power is lost and then restored, a new key for use with the AES-GCM encryption/decryption is established. 2.3.2 Allowed algorithms The following table describes the allowed cryptographic algorithms supported by the Cryptographic Module. 2.3.2.1 nCore crypto Algorithm Caveat Use/Function ECDSA [FIPS 186-4] • brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength) Key generation Signature generation and verification KAS-ECC [SP 800-56Arev3] • brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) Key agreement 10 of 44 nShield 5s Hardware Security Module Algorithm Caveat Use/Function • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength) Table 8 nCore - Non-Approved Algorithms Allowed in the Approved Mode of Operation 2.3.3 Non-approved algorithms Only approved and non-approved but allowed cryptographic algorithms are supported. nShield 5s Hardware Security Module 11 of 44 3 Cryptographic module interfaces The Cryptographic Module provides the following physical ports: • Status LED • Recovery button • Smartcard reader serial port • Host interface PCIe bus • Battery (including external backup battery power supply) The following table maps the FIPS logical interfaces and physical ports to the module´s services Physical port Logical interface Data that passes over port/interface PCIe bus Data input nCoreAPI, Updater, SSHAdmin, Launcher Data output nCoreAPI, SSHAdmin, Launcher Control input nCoreAPI, SSHAdmin, Setup, Monitor, Launcher, Discovery Status output nCoreAPI, Updater, Setup, Monitor, Launcher, Discovery Power n/a Smartcard reader serial port Data input APDU commands Data output APDU commands Status LED Status output n/a Recovery button Control input n/a Battery Power n/a Table 9 Ports and Interfaces Note: Control output is omitted because the module does not implement it. 12 of 44 nShield 5s Hardware Security Module 4 Roles, services and authentication 4.1 Roles The Cryptographic Module supports the following roles: • Platform Crypto Officer (PCO) • nShield Security Officer (NSO) • User Client (UC) Platform Crypto Officer (PCO) This role is responsible of administration tasks of the HSM platform. To assume this role, an operator needs to open a session with the SSHAdmin, Updater, Setup, Monitor or Launcher services, using its SSH private key for each service. When the module is in factory state, the SSHAdmin client SSH keys are set to a default value. These keys must be changed with the SSHAdmin set service before the module can be initialised and used. nShield Security Officer (NSO) This role is represented by Administrator Card holders, which have access to KNSO and are responsible for the overall management of a Security World. To assume this role, an operator or group of operators need to present a quorum m of N of smartcards, and the KNSO Key Blob. Each operator is identified by its individual smartcard, which contains a unique logical token share. User Client (UC) This role is authorised to use the general purpose cryptographic services offered by the cryptographic module. To assume this role, a client application needs to open a session with the nCoreAPI service, using its SSH private key. Role Service Input Output PCO SSHAdmin Updater Setup Monitor Launcher Data Control Data Status UC nCoreAPI Data Control Data Status NSO nCoreAPI Data Control Data Status nShield 5s Hardware Security Module 13 of 44 Table 10 Roles, Service Commands, Input and Output Role Authentication Method Authentication Strength PCO UC ECDSA P-256, P-521 client key authentication as part of establishing an SSH based secure channel. Identity-based and required. The ciphersuites used are: ecdh-sha2-nistp256 , ecdh-sha2-nistp521, aes128-gcm@openssh.com, aes128- ctr@openssh.com, hmac-sha2-256-etm@openssh.com This results in a security strength of 128 bits. A random authentication attempt gives is a probability of success of 2-128, which is less than one in 1,000,000. The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-108, which is less than one in 100,000. NSO smartcard authentication. Identity-based and required. A logical token share stored in a Smartcard or Softcard is encrypted and MAC'ed. An attacker would need to guess the encrypted share value and the associated MAC in order to be able to load a valid Logical token share into the module. This requires, as a minimum, guessing a 256-bit HMAC-SHA256 value, which gives a security strength of 256 bits. A random authentication attempt gives is a probability of success of 2-256 , which is less than one in 1,000,000. The module can process around 220 commands per minute. This gives a probability of success in a one minute period of 2-236, which is less than 10-5, which is less than one in 100,000. Table 11 Roles and Authentication 4.2 Services The following table describes the services provided by the Cryptographic Module and the access policy. The Access column presents the access level given to the SSP G = Generate: The module generates or derives the SSP. R = Read: The SSP is read from the module (e.g. the SSP is output). W = Write: The SSP is updated, imported, or written to the module. E = Execute: The module uses the SSP in performing a cryptographic operation. Z = Zeroise: The module zeroises the SSP 4.2.1 Setup service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator info This is a Show Module's Versioning Information service. This command prints out the contents of the board-id rom file and a number of flags that indicate which other setup subcommands have been previously executed as determined by the existence or non-existence of the relevant files in long-term storage. It also prints out the tag and value pairs Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 14 of 44 nShield 5s Hardware Security Module Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator of any options set with the setopt subcommand. factorystate This is the Perform Zeroisation service. It zeroizes unprotected SSPs and returns the module to factory state. It then initiates a module reboot. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KRESET (note: any SSP that is derived from KRESET, or protected by an SSP derived from KRESET, will also be effectively zeroised.) KSESSION - SSH KUSER_SSH, KSSH_SETUP, KSSH_SSHADMIN, KSSH_MONITOR, KSSH_UPDATER, KCONTAINER, KCONTAINERSSH, KSSH_NCORE PCO Z E G (note: SSH server authentication keys are only generated on first reboot after a setup factorystate command) return value 0 settime This subcommand sets the system date and time. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 gettime This subcommand returns the system date and time. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 Table 12 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 4.2.2 SSHAdmin service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator set Loads the client public key in the module, that will be used to authenticate the requester of a particular service Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSSH_CLIENT pub KSESSION - SSH PCO W E return value 0 list Obtains the client public key for the service given by the 'role' parameter. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSSH_CLIENT pub KSESSION - SSH PCO R E return value 0 get- serverkey Obtains the server public key for the service given by the 'role' parameter. Data encryption/decryption (AES CTR, GCM) KSSH_NCORE pub PCO R R return value 0 nShield 5s Hardware Security Module 15 of 44 Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator MAC generation / verification (HMAC) KSSH_UPDATER pub KSSH_SETUP pub KSSH_SSHADMIN pub KSSH_MONITOR pub KSESSION - SSH R E Table 13 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 4.2.3 Updater service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator info This is a Show Module's Versioning Information service. Obtains the version number of the HSM firmware. Data encryption/decryption (AES) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 receive Transmits a file (intended to be an npkg upgrade file) to the HSM. Data encryption/decryption (AES) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 load Verifies that a file on the HSM filesystem is a valid npkg upgrade file and, if so loads the file onto its flash partition. Digital signature verification (RSA, ECDSA) Data encryption/decryption (AES) MAC generation / verification (HMAC) NSBIK pub NPSK pub NFIK pub NLIK pub KSESSION - SSH PCO E E E E E return value 0 setminvsn Sets the minimum VSN that the module will use to check, when the 'load' command above is run, that the firmware specified can be validly loaded onto this module. Data encryption/decryption (AES) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 Table 14 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 16 of 44 nShield 5s Hardware Security Module 4.2.4 Monitor service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator getlog This is the Show Status service. Obtains the log of the system Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 clearlog Clears the log of the system Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 getenvstats Obtains the environmental stats from the system Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 Table 15 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 4.2.5 Launcher service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator receive Uploads a file to the launcher service for temporary storage. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 machine create Creates a SEE machine container from a received file, after successfully being validated. Digital signature verification (ECDSA) Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) DSK pub KSESSION - SSH PCO E E return value 0 machine list Lists SEE machines along with their current states. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 start Starts a SEE machine after successfully being validated. Digital signature verification (ECDSA) Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) DSK pub KSESSION - SSH PCO E E return value 0 nShield 5s Hardware Security Module 17 of 44 Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator stop Stops a SEE machine. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 destroy Deletes a SEE machine. Data encryption/decryption (AES CTR, GCM) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 ids commands Management of the SEE machine signing certificates. Digital signature verification (ECDSA) Data encryption/decryption (AES) MAC generation / verification (HMAC) DSK pub ESK pub KSESSION - SSH PCO R, W, E E E return value 0 see-log commands Management of the SEE machine logs. Data encryption/decryption (AES) MAC generation / verification (HMAC) KSESSION - SSH PCO E return value 0 Table 16 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 4.2.6 Discovery service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator python- zeroconf The (logical) network connection between host and HSM uses TCP/IP protocols over the PCIe bus; however, for ease of setup it needs to avoid requiring IP configuration by the user. Therefore the HSM uses zeroconf: each end of the virtual 'network segment' has only a link-local (IPv4 and IPv6) address. The HSM's address can be discovered by the host using multicast DNS, responding to mDNS queries. - - Unauthenticated - return value 0 Table 17 Approved Services The approved service indicator is the successful completion of these services (return value 0), as they only use approved mechanisms. 18 of 44 nShield 5s Hardware Security Module 4.2.7 nCoreAPI service Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator Big number operation Cmd_BignumOp Performs an operation on a large integer. - - UC - return status OK Make Blob Cmd_MakeBlob Creates a Key blob containing the key. Note that the key ACL needs to authorize the operation. Key derivation (KBKDF) Key wrapping (AES CBC and HMAC, KTS-IFC) KA, KRE_BLOBKEY, KR, KM, KNSO, LTx BLOBKE, BLOBKM UC R E return status OK Bulk channel Cmd_ChannelOpen Cmd_ChannelUpdate Provides a bulk processing channel for crypto operations Encryption and decryption (AES ECB, CBC, GCM) MAC generation and verification (HMAC, KMAC, AES CMAC) Digital signature generation and verification (RSA, ECDSA, DSA) KA UC E return status OK Check User Action Cmd_CheckUserAction Determines whether the ACL associated with a key allows a specific operator defined action. - KNSO, KA UC R return status OK Clear Unit Cmd_ClearUnit This is the Perform Self-tests service. Zeroises all keys, tokens and shares that are loaded in RAM. Will cause the module to reboot and perform self-tests. - KA, KR, IMPATHKE, IMPATHKM, RAKME, RAKMA UC Z return status OK Set Module Key Cmd_SetKM Allows a key to be stored internally as a Module key (KM) value. The ACL needs to authorize this operation. Message digest (SHA-1) KM NSO W return status OK Remove Module Key Cmd_RemoveKM Deletes the KM with a given KM hash value from non- volatile memory. - KM NSO Z return status OK Duplicate key handle Cmd_Duplicate Creates a second instance of a Key with the same ACL and returns a handle to the new instance. Note that the source key ACL needs to authorize this operation. - KA UC R return status OK Enable feature Cmd_StaticFeatureEnable Enables the service. This service requires a certificate - - UC - return status OK nShield 5s Hardware Security Module 19 of 44 Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator signed by the Master Feature Enable key. Encryption / decryption Cmd_Encrypt Cmd_Decrypt Encryption and decryption using the provided key handle. Data encryption and decryption (AES ECB, CBC, GCM) KA UC E return status OK Erase from smartcard /softcard Cmd_EraseFile Cmd_EraseShare Removes a file or a share from a smartcard or softcard - - UC - return status OK Format Token Cmd_FormatToken Formats a smartcard or a softcard. - - UC - return status OK File operations Cmd_FileCopy Cmd_FileCreate Cmd_FileErase Cmd_FileOp Performs file operations in the module. - - UC - return status OK Force module to fail Cmd_Fail Causes the module to enter a failure state. - - UC - return status OK Generate prime number Cmd_GeneratePrime Generates a random prime. Random bit generation (DRBG) DRBG entropy input, seed, internal state ('V' and 'C') UC E return status OK Generate random number Cmd_GenerateRandom Generates a random number from the Approved DRBG. Random bit generation (DRBG) DRBG entropy input, seed, internal state ('V' and 'C') UC E return status OK Get ACL Cmd_GetACL Get the ACL of a given key. - KA UC R return status OK Get key application data Cmd_GetAppData Get the application data field from a key. - KA UC R return status OK Get challenge Cmd_GetChallenge Get a random challenge that can be used in fresh certificates. Random bit generation (DRBG) DRBG entropy input, seed, internal state ('V' and 'C') UC E return status OK Get KLF2 Cmd_GetKLF2 Get a handle to the Module Long Term (KLF2) public key. - - UC - return status OK Get Key Information Cmd_GetKeyInfo Cmd_GetKeyInfoEx Get the type, length and hash of a key. Message digest (SHA-1) KA UC R return status OK 20 of 44 nShield 5s Hardware Security Module Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator Get module signing key Cmd_GetKML Get a handle to the KML public key. - KML UC R return status OK Get list of slot in the module Cmd_GetSlotList Get the list of slots that are available from the module. - - UC - return status OK Get Logical Token Info Cmd_GetLogicalTokenInfo Cmd_GetLogicalTokenInfoEx Get information about a Logical Token: hash, state and number of shares. Message digest (SHA-1) LTx UC R return status OK Get list of module keys Cmd_GetKMList Get the list of the hashes of all module keys and the KNSO. Message digest (SHA-1) KM, KNSO UC R return status OK Get module state Cmd_GetModuleState Returns unsigned data about the current state of the module. - - UC - return status OK Get real time clock Cmd_GetRTC Get the current time from the module Real Time Clock. - - UC - return status OK Get share access control list Cmd_GetShareACL Get the Share's ACL. - SHAREKEY UC R return status OK Get Slot Information Cmd_GetSlotInfo Get information about shares and files on a Smartcard that has been inserted in a module slot. - - UC - return status OK Get Ticket Cmd_GetTicket Get a ticket (an invariant identifier) for a key. This can be passed to another client or to a SEE World which can redeem it using Redeem Ticket to obtain a new handle to the object. - - UC - return status OK Initialize Unit Cmd_InitializeUnit Cmd_InitializeUnitEx Causes the nCore API service in the pre-initialization state to enter the initialization state. When the module enters the initialization state, it erases all Module keys (KM), the module's signing key (KML), and the hash of the Security Officer's keys, HKNSO. It then generates a new KML and KM. Key generation (CKG, RSA, DSA) Message digest (SHA-1) HKNSO KA, KRE_BLOBKEY, KR, KM, KAL, KML, KNSO, HKNSO, LTx UC Z, G return status OK Insert a Softcard Cmd_InsertSoftToken Allocates memory on the module that is used to store the logical token share and other data objects. - - UC - return status OK Remove a Softcard Cmd_RemoveSoftToken Removes a Softcard from the module. It returns the updated - - UC - return status OK nShield 5s Hardware Security Module 21 of 44 Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator shares and deletes them from the module’s memory. Impath secure channel Cmd_ImpathGetInfo Cmd_ImpathKXBegin Cmd_ImpathKXFinish Cmd_ImpathReceive Cmd_ImpathSend Support for Impath secure channel. Requires Feature Enabled. Key agreement (KAS- FFC) Key derivation (KBKDF) Data encryption and decryption (AES CBC, GCM) MAC generation and verification (HMAC- SHA256) KML, IMPATHKE, IMPATHKM UC G, E return status OK Key generation Cmd_GenerateKey Cmd_GenerateKeyPair Generates a cryptographic key of a given type with a specified ACL. It returns a handle to the key. Optionally, it returns a KML signed certificate with the hash of the key and its ACL information. Key generation (CKG, RSA, ECDSA, DSA) Digital signature generation (DSA) KML, KA, DRBG entropy input, seed, internal state ('V' and 'C') UC G return status OK Key import Cmd_Import Loads a plain text key into the module. If the module is initialized in approved mode, this service is available for public keys only. - KA UC W return status OK 1Derive Key Cmd_DeriveKey Performs key wrapping, unwrapping, transport, exchange and derivation. The ACL needs to authorize this operation. Key derivation (KBKDF) Key wrapping/unwrapping (KTS-AES) Key transport (KTS-IFC) Key agreement (KAS- FFC, KAS-ECC) KA UC R, W return status OK Load Blob Cmd_LoadBlob Load a Key blob into the module. It returns a handle to the key suitable for use with module services. Key derivation (KBKDF) Key unwrapping (AES CBC and HMAC, KTS-IFC) KA, KRE_BLOBKEY, KR, KM, KNSO BLOBKE, BLOBKM UC W E return status OK Load Logical Token Cmd_LoadLogicalToken Initiates loading a Logical Token from Shares, which can be loaded with the Read Share command. Key unwrapping Key derivation - UC - return status OK Generate Logical Token Cmd_GenerateLogicalToken Creates a new Logical Token with given properties and secret sharing parameters. Key generation (CKG) KM, LTx UC G, W return status OK Message digest Cmd_Hash Computes the cryptographic hash of a given message. Message digest (SHS, SHA-3) - UC - return status OK Modular Exponentiation Performs a modular exponentiation (standard or - - UC - return status OK 22 of 44 nShield 5s Hardware Security Module Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator Cmd_ModExp Cmd_ModExpCrt Cmd_RSAImmedVerifyEncrypt Cmd_RSAImmedSignDecrypt CRT) on values supplied with the command. Module hardware information Cmd_ModuleInfo Reports detailed hardware information. - - UC - return status OK No Operation Cmd_NoOp No operation. - - UC - return status OK Change Share Passphrase Cmd_ChangeSharePIN Cmd_ChangeShareGroupPIN Updates the passphrase of a Share. Key derivation (KBKDF) Key wrapping/unwrapping (AES CBC and HMAC, KTS-IFC) SHAREKEY, LTx, KM UC G, E, R, W return status OK NVRAM Allocate Cmd_NVMemAllocate Allocation in NVRAM. - - NSO - return status OK NVRAM Free Cmd_NVMemFree Deallocation from NVRAM. - - UC - return status OK Operation on NVM list Cmd_NVMemList Returns a list of files in NVRAM. - - UC - return status OK Operation on NVM files Cmd_NVMemOp Operation on an NVRAM file. - - UC return status OK Key export Cmd_Export Exports a key in plain text. Note: in approved mode, only public keys can be exported. - KA UC R return status OK Read file Cmd_ReadFile Reads data from a file on a Smartcard or Softcard. The ACL needs to authorize this operation. - - UC - return status OK Read share Cmd_ReadShare Reads a share from a Smartcard or Softcard. Once a quorum of shares have been loaded, the module re- assembles the Logical Token. Key derivation (KBKDF) Key unwrapping (AES CBC and HMAC) SHAREKEY, LTx, KM UC G, E, R return status OK Send share to remote slot Cmd_SendShare Reads a Share and encrypts it with the Impath session keys for transmission to the peer module. Data encryption(AES CBC, GCM) MAC generation (HMAC-SHA256) IMPATHKE, IMPATHKM, SHAREKEY UC R, E return status OK Receive share from remote slot Cmd_ReceiveShare Receives a Share encrypted with the Impath session keys by a remote module. Data decryption (AES CBC, GCM) IMPATHKE, IMPATHKM, SHAREKEY UC R, E return status OK nShield 5s Hardware Security Module 23 of 44 Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator MAC verification (HMAC-SHA256) Redeem Ticket Cmd_RedeemTicket Gets a handle in the current name space for the object referred to by a ticket created by Get Ticket. - - UC - return status OK Remote Administration Cmd_DynamicSlotCreateAssociation Cmd_DynamicSlotExchangeAPDUs Cmd_DynamicSlotsConfigure Cmd_DynamicSlotsConfigureQuery Cmd_VerifyCertificate Provides remote presentation of Smartcards using a secure channel between the module and the Smartcard. Key agreement (KAS- ECC ECDH) Key derivation (KBKDF) Data encryption and decryption (AES CBC) MAC generation and verification (AES CMAC) Digital signature verification (ECDSA) RAKME, RAKMA, KWARN_pub UC G, E E return status OK Destroy Cmd_Destroy Remove handle to an object in RAM. If the current handle is the only one remaining, the object is zeroised from RAM. - KA, KNSO, LTx UC Z return status OK Report statistics Cmd StatGetValues Cmd_StatEnumTree Reports the values of the statistics tree. - - UC - return status OK Show Status Cmd_NewEnquiry This is a Show Status and Show Module's Versioning Information service. Report status information. - - UC - return status OK Set ACL Cmd_SetACL Replaces the ACL of a given key with a new ACL. The ACL needs to authorize this operation. - KA UC W return status OK Set key application data Cmd_SetAppData Writes the application information field of a key. - KA UC W return status OK Set NSO Permissions Cmd_SetNSOPerms Sets the NSO key hash and which permissions require a Delegation Certificate. - - NSO - return status OK Signature generation Cmd_Sign Generate a digital signature or MAC value. MAC generation (HMAC, KMAC, AES CMAC) Digital signature generation (RSA, ECDSA, DSA) KA, KNSO UC E return status OK Sign Module State Cmd_SignModuleState Returns a signed certificate that contains data about the Digital signature generation (DSA) KML UC E return status OK 24 of 44 nShield 5s Hardware Security Module Service Description Approved Security Functions Keys and/or SSPs Roles Access rights to Keys and/or SSPs Indicator current configuration of the module. Signature verification Cmd_Verify Verifies a digital signature or MAC value. MAC verification (HMAC, KMAC, AES CMAC) Digital signature verification (RSA, ECDSA, DSA) KA UC E return status OK Write file Cmd_WriteFile Writes a file to a Smartcard or Softcard. - - NSO - return status OK Write share Cmd_WriteShare Writes a Share to a Smartcard or Softcard. Key derivation (KBKDF) Key wrapping (AES CBC and HMAC) SHAREKEY, LTx, KM UC G, E, W return status OK SEE connection Cmd_CreateSEEConnection Opens a connection from the nCoreAPI service to the SEE machine - - UC - return status OK Table 18 Approved Services Non-approved services will fail with a return an error code indicator "StrictFIPS140". All nCore API services are sent through the SSH channel, performing security functions Data encryption/decryption, MAC generation / verification and access E (execute) of the session keys KSESSION - SSH. nShield 5s Hardware Security Module 25 of 44 5 Software/Firmware security The nShield 5s cryptographic module's executable code is delivered by Entrust as a single signed firmware package (.npkg file). The firmware integrity is verified at start up using RSA with 4096 bit key and SHA2-256. The Library Partition is an internal storage area that contains a number of auxiliary files required for operation of the module. The integrity of the Library Partition is verified using ECDSA with curve P-521 and SHA2-512. Operators can initiate the integrity tests on demand by restarting the module. 26 of 44 nShield 5s Hardware Security Module 6 Operational environment Not applicable. The module has a limited operational environment, it is designed to accept only controlled firmware changes that successfully pass the software/firmware load test. nShield 5s Hardware Security Module 27 of 44 7 Physical security The product is a multi-chip embedded Cryptographic Module, as defined in FIPS 140-3. It is enclosed in a hard and opaque epoxy resin which meets the physical security requirements of FIPS 140-3 level 3. The cryptographic module implements Environmental Failure Protections (EFP) which detect out of range voltage and temperature and shuts down the module. Physical Security Mechanism Recommended Frequency of Inspection/Test Inspection/Test Guidance Details Hard and opaque epoxy Monthly The module should be inspected periodically for evidence of tamper attempts, including the entire enclosure including the epoxy resin security coating for obvious signs of damage. Table 19 Physical Security Inspection Guidelines Temperature or voltage measurement Specify EFP or EFT Specify if this condition results in a shutdown or zeroisation Low Temperature 2ºC EFP Shutdown High Temperature 95ºC EFP Shutdown Low Voltage 8V EFP Shutdown High Voltage 14.08V EFP Shutdown Table 20 EFP/EFT Hardness tested temperature measurement Low Temperature 0ºC High Temperature 95ºC Table 21 Hardness testing temperature ranges 28 of 44 nShield 5s Hardware Security Module 8 Non-invasive security Not applicable. nShield 5s Hardware Security Module 29 of 44 9 Sensitive security parameters management 9.1 Keys and Sensitive Security Parameters This section defines the Sensitive Security Parameters (SSPs) managed by the cryptographic module. 9.1.1 Platform SSPs Key/SSP/Name/Type Strength Security Function and Cert. Number Generation Import/Export Establishment Storage Zeroisation Use & related keys KRESET (CSP) 256 bits Re-settable key A3707 DRBG Never n/a MSP430 FRAM, in plaintext factorystate Key derivation KUSER_SSH (CSP) 256 bits Global SSH key encryption key AES-256 A3707 Derived at start-up using KBKDF from KRESET and other fixed parameters Never n/a RAM, in plaintext Power cycle Encryption of all the service's server authentication SSH keys KSSH_SETUP (CSP) 128 bits Server authentication SSH key for the Setup service ECDSA P-256 A3707 A3706 DRBG Private key: never Public key: output via SSHAdmin service n/a In Flash, encrypted with KUSER_SSH n/a protected SSH channel session KSSH_UPDATER (CSP) 128 bits Server authentication SSH key for the Updater service ECDSA P-256 A3707 A3706 DRBG Private key: never Public key: output via SSHAdmin service n/a In Flash, encrypted with KUSER_SSH n/a protected SSH channel session KSSH_SSHADMIN (CSP) 128 bits Server authentication SSH key for the SSH Admin service ECDSA P-256 A3707 A3706 DRBG Private key: never Public key: output via SSHAdmin service n/a In Flash, encrypted with KUSER_SSH n/a protected SSH channel session KSSH_MONITOR (CSP) 128 bits Server authentication SSH key for the Monitor service ECDSA P-256 DRBG Private key: never Public key: output via n/a In Flash, encrypted with KUSER_SSH n/a protected SSH channel session 30 of 44 nShield 5s Hardware Security Module Key/SSP/Name/Type Strength Security Function and Cert. Number Generation Import/Export Establishment Storage Zeroisation Use & related keys A3707 A3706 SSHAdmin service KSSH_LAUNCHER (CSP) 128 bits Server authentication SSH key for the Launcher service ECDSA P-256 A3707 A3706 DRBG Private key: never Public key: output via SSHAdmin service n/a In Flash, encrypted with KUSER_SSH n/a protected SSH channel session KSESSION - SSH (CSP) 128 bits SSH channel session keys AES GCM or AES CTR, HMAC A3707 n/a Never ECDH RAM, in plaintext Power cycle or channel closure SSH channel data encryption and integrity NSBIK pub (not an SSP) 128 bits Bootloader public integrity key RSA 4096 bit A2404 Entrust Import: Firmware update Export: Never n/a Flash, in plaintext n/a Firmware integrity test NFIK pub (not an SSP) 128 bits Firmware public signature verification key RSA 4096 bit A2404 Entrust Import: Firmware update Export: Never n/a Flash, in plaintext n/a Firmware integrity test NLIK pub (not an SSP) 256 bits Library public integrity key ECDSA P-521 A3707 Entrust Import: Firmware update Export: Never n/a Flash, in plaintext n/a Firmware integrity test NPSK pub (PSP) 256 bits Package public signature verification key ECDSA P-521 A3707 Entrust Import: Firmware update Export: Never n/a Flash, in plaintext n/a Firmware loading test ESK pub (PSP) 256 bits Root Entrust SEE public signing key ECDSA P-521 A3707 Entrust Import: Firmware update Export: Never n/a Flash n/a Signature verification DSK pub (PSP) 256 bits Developer public signing key ECDSA P-521 n/a Launcher service ids commands n/a Flash n/a Signature verification nShield 5s Hardware Security Module 31 of 44 Key/SSP/Name/Type Strength Security Function and Cert. Number Generation Import/Export Establishment Storage Zeroisation Use & related keys A3707 KSSH_CLIENT pub (PSP) 128 bits Client authentication SSH key for each of the services (Updater, Setup, SSHAdmin, Launcher, nCoreAPI) ECDSA P-256, P- 521 A3707 Client side Through SSHAdmin service n/a Flash, in plaintext factorystate SSH authentication credentials DRBG entropy input (CSP) > 256 bits Platform DRBG A3707 520 bits from the approved Entropy Source. Never n/a RAM, in plaintext Power cycle Random number generation DRBG seed (CSP) 256 bits Platform DRBG A3707 Generated as per SP 800-90Arev1 with 696 bits from the approved Entropy Source: 520 bits entropy input 176 bits random nonce Never n/a RAM, in plaintext Power cycle Random number generation DRBG internal state ('V' and 'C' values) (CSP) 256 bits Platform DRBG A3707 Generated as per SP 800- 90Arev1. Never n/a RAM, in plaintext Power cycle Random number generation Table 22 Platform SSP table nCore API service SSPs 32 of 44 nShield 5s Hardware Security Module 9.1.1.1 Service SSPs The following SSPs are related to the nCore API service. Key/SSP/Name/Type Strength Security Function and Cert. Number Generation Import/Export Establishment Storage Zeroisation Use & related keys KCONTAINER (CSP) 256 bits Master key for container A3707 Derived at start-up using KBKDF from KRESET, container-id and other fixed value. Never n/a RAM, in plaintext Power cycle Key derivation KCONTAINERSSH (CSP) 256 bits Encryption key for KSSH_NCORE AES-256 A3707 Derived at start-up using KBKDF from KCONTAINER, and other fixed value. Never n/a RAM, in plaintext Power cycle Encryption KSSH_NCORE (CSP) 128 bits Server authentication ssh key for the nCore API service ECDSA P-256 A3707 A3706 DRBG Private key: Never Public key output via SSH Admin service n/a In Flash, encrypted with KCONTAINERSSH n/a protected SSH channel session Table 23 nCoreAPI SSP table 9.1.1.2 Security World SSPs The following SSPs are related to the Security World in which the cryptographic module is enrolled into. Key/SSP/Name/Typ e Strengt h Security Function and Cert. Number Generatio n Import/Expor t Establishmen t Storage Zeroisation Use & related keys KRE_BLOBKEY (CSP) 128 bits Recovery confidentialit y key RSA 3072 bit A3707 DRBG Import: From key blob, decrypted with LTRE Export: in key blob, encrypted with LTRE n/a RAM, in plaintext Power cycle or Cmd_Destro y Key used to protect recovery keys (KR). KR (CSP) 256 bits Recovery key AES 256 A3707 DRBG Import: From key blob, decrypted with KRE_BLOBKEY Export: in key blob, encrypted n/a RAM, in plaintext Power cycle or Cmd_Destro y Key used to derive (using SP 800- 108 KDF in counter mode) the keys Ke (AES 256-bit) and Km (HMAC-SHA256) that protect an archive copy of an application key. nShield 5s Hardware Security Module 33 of 44 Key/SSP/Name/Typ e Strengt h Security Function and Cert. Number Generatio n Import/Expor t Establishmen t Storage Zeroisation Use & related keys with KRE_BLOBKEY IMPATHKE IMPATHKM (CSP) 256 bits Session keys for impath channel A3707 n/a Never DH RAM, in plaintext Power cycle or channel closure Encryption and decryption MAC generation and verification KA (CSP) ≥ 112 bits Application keys A3707 DRBG Import: From key blob, decrypted with LTA or KR Export: in key blob, encrypted with LTA or KR n/a RAM, in plaintext Power cycle or Cmd_Destro y Application keys used for general purpose cryptographic services: • Encryption and decryption • Digital signature generation and verification • MAC generation and verification • Key derivation, key agreement . KM (CSP) 256 bits Security World module key AES 256 A3707 DRBG Import: From key blob, decrypted with LTM Export: in key blob, encrypted with LTM n/a Flash, in plaintext factorystate or Initialize Unit Key used for key derivation to protect logical tokens and associated module Key Blobs. KML (CSP) 128 bits Module Signing key DSA 3072 bit A3707 DRBG Never n/a Flash, in plaintext factorystate or Initialize Unit Digital signature generation for key generation certificates and module state certificates. KNSO (CSP) 128 bits NSO key DSA 3072 bit A3707 DRBG Import: From key blob, decrypted with LTNSO Export: in key blob, encrypted with LTNSO n/a RAM, in plaintext Power cycle or Cmd_Destro y nShield Security Officer key used for NSO authorisation and Security World integrity 34 of 44 nShield 5s Hardware Security Module Key/SSP/Name/Typ e Strengt h Security Function and Cert. Number Generatio n Import/Expor t Establishmen t Storage Zeroisation Use & related keys HKNSO (PSP) 160 bits Hash of public KNSO A3707 n/a Never Security World creation Flash, in plaintext factorystate or Initialize Unit nShield Security Officer key used for NSO authorisation and Security World integrity BLOBKE BLOBKM (CSP) 256 bits Key blob encryption and MAC key AES 256 HMAC- SHA256 A3707 n/a Never Derived from LTx RAM, in plaintext Power cycle Key wrapping LTx (CSP) 256 bits Logical token for key x AES 256 A3707 DRBG Import: From quorum of encrypted Shares using Shamir Secret Scheme Export: To encrypted Shares using Shamir Secret Scheme From Shares using Shamir Secret Schee RAM, in plaintext Power cycle or Cmd_Destro y Key derivation SHAREKEY (CSP) 256 bits Share encryption and MAC keys AES 256 HMAC- SHA256 A3707 n/a Never Derived from KM and other additional data RAM, in plaintext Power cycle Protects a share when written to a smartcard or softcard. This key is used to derive using KBKDF the keys Ke and Km used to wrap the share. RAKME RAKMA (CSP) 256 bits Session keys for remote admin channel AES 256 A3707 n/a Never ECDH RAM, in plaintext Power cycle or channel closure Encryption and decryption MAC generation and verification KAL (CSP) 128 bits Audit logging key DSA 3072-bit A3707 DRBG Never n/a Flash, in plaintext factorystate or Initialize Unit Digital signature generation of the audit trail. KWARN pub (PSP) 256 bits Entrust root warranting public key for Administrator Cards and Operator Cards ECDSA P-521 Entrust Import: fw update Export: never n/a Flash, in plaintext , as part of the firmware image n/a protected Digital signature verification to authenticate remote cards. nShield 5s Hardware Security Module 35 of 44 Key/SSP/Name/Typ e Strengt h Security Function and Cert. Number Generatio n Import/Expor t Establishmen t Storage Zeroisation Use & related keys A3707 DRBG entropy input (CSP) 256 bits nCoreAPI DRBG A3707 520 bits from Platform DRBG Never n/a RAM, in plaintext Power cycle Random number generation DRBG seed (CSP) 256 bits nCoreAPI DRBG A3707 Generated as per SP 800- 90Arev1 with 696 bits from Platform DRBG: 520 bits entropy input 176 bits random nonce Never n/a RAM, in plaintext Power cycle Random number generation DRBG internal state ('V' and 'C' values) (CSP) 256 bits nCoreAPI DRBG A3707 Generated as per SP 800- 90Arev1. Never n/a RAM, in plaintext Power cycle Random number generation Table 24 Security World SSP table As per IG 9.7.B, the zeroisation of SSPs is explicitly indicated by the successful return code of the setup factorystate command. Temporary SSPs are zeroised implicitly. 9.2 SSP zeroization methods Zeroization of all unprotected SSPs keys occurs immediately when the module is reset to the factory state with the setup factorystate command. 9.3 Entropy sources The cryptographic module has a hardware based true random number generator used to seed the DRBGs. Entropy sources Minimum number of bits of entropy Details nShield 5s Physical True Random Number Generator ESV cert#38 0.89 bits per output bit Minimum of 256 bits of entropy for DRBG seed (total seed size of 512 bits) Hardware entropy source compliant with SP 800-90B. As per the Public Use Document, no configuration of the entropy source is required. Table 25 Non-Deterministic Random Number Generation Specification 36 of 44 nShield 5s Hardware Security Module 10 Self tests The Cryptographic Module performs pre-operational, conditional and periodic self-tests. It also supports pre-operational self-tests on demand by resetting the module. In the event of a self-test failure, the module enters the error state. While in this state, the module does not process any commands, and will indicate the error on the status LED and the error log, which can be retrieved with the command monitor getlog. 10.1 Pre-operational self tests 10.1.1 Integrity tests At start up, the following integrity tests are performed: • Firmware integrity is verified using RSA with 4096 bit key and SHA2-256. • Library partition integrity, is verified using ECDSA with curve P-521 and SHA2-512. 10.2 Conditional self tests 10.2.1 Crypto self tests The following cryptographic algorithm self tests (CASTs) are run before the first use of any cryptographic mechanism. Algorithm Description Bootloader crypto SHA2-256 Known Answer Test RSA Known Answer Test (verification only) with 4096 bit key nCore crypto AES ECB encrypt AES ECB Known Answer Test encryption with 128, 192 and 256-bit keys AES ECB decrypt AES ECB Known Answer Test decryption with 128, 192 and 256-bit keys AES CMAC Known Answer Test: 128-bit key SHA-1 SHA-1 Known Answer Test, other size are tested along with KAT HMAC SHA-3 SHA3-224, SHA3-256, SHA3-384, SHA3-512 Known Answer Test HMAC with SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 Known Answer Test RSA Known Answer Test: sign/verify, encrypt/decrypt with 2048-bit key Pair-Wise consistency test: sign/verify DSA Known Answer Test: sign/verify with 2048-bit key Pair-Wise consistency test: sign/verify nShield 5s Hardware Security Module 37 of 44 Algorithm Description ECDSA KAT test: sign/verify with curves P-224 and B-233 Pair-Wise consistency test: sign/verify KAS-FFC Shared Secret Computation Known Answer Test DH KAS-ECC Shared Secret Computation Known Answer Test for ECDH with curves P-384 and B-233 One-step KDF Known Answer Test with SHA2-256 auxiliary function Two-step KDF Known Answer Test with HMAC-SHA256 auxiliary function KBKDF Known Answer Test DRBG Health Tests according to SP 800-90Arev1 section 11.3 SSH crypto AES GCM encrypt Known Answer Test encryption with 128 bit key AES GCM decrypt Known Answer Test decryption with 128 bit key AES CTR encrypt Known Answer Test encryption with 128 bit key AES CTR decrypt Known Answer Test decryption with 128 bit key HMAC with SHA2-256 and SHA2-512 Known Answer Test KAS-ECC Shared Secret Computation Known Answer Test for ECDH with curve P-256 ECDSA KAT test: sign/verify with curves P-256 and P-521 SSH KDF SSH KDF Known Answer Test 10.2.2 SP 800-90B health tests At start up, the SP 800-90B Adaptive Proportion Test and Repetition Count Test are run on the output bits of the entropy source. These tests are also run continuously during operation of the entropy source. 10.2.3 Pair-wise consistency tests The module performs a pair-wise consistency test when RSA, DSA, ECDSA, DH and ECDH keys are generated. 10.2.4 Firmware load test Prior to updating the firmware, the cryptographic module validates the integrity and authenticity of the image update package. The module performs the following actions before replacing the current image: • Code signature verification with NPSK pub. The signature algorithm is ECDSA with SHA2-512 using the P-521 curve. • Verification that the Version Security Number (VSN) of the new image is not less than the VSN of the current image. This check is done for roll-back protection. 38 of 44 nShield 5s Hardware Security Module Note: A firmware image version loaded into this module that is not shown on the module certificate is out of the scope of this validation and requires a separate FIPS 140-3 validation. 10.3 Periodic self tests The following self tests are run periodically every 24 hours: • nCore crypto and SSH crypto self tests • SP 800-90B health tests As per IG 10.3E Resolution #3 c), the bootloader is designed exclusively to launch the main firmware for the module. In this architecture, as the module isn’t complete until the main firmware is launched (replacing the bootloader in executable memory), it is redundant that the bootloader itself implement a mechanism to run periodic tests. nShield 5s Hardware Security Module 39 of 44 11 Life-cycle assurance This section provides specific FIPS-related guidance to Administrators and Operators. This guidance is aimed to complement the product user and installation guides which are delivered with the cryptographic module. 11.1 Delivery The nShield cryptographic module is sent to the customers using a standard carrier service. After accepting the delivery of the module, a physical inspection of the module shall be performed (refer to Physical Security section). This inspection is done to ensure that the module has not been tampered with during transit. If the inspection results indicate that the module has not been tampered with, the Administrator can then proceed with installation and configuration of the module. The cryptographic module supports firmware upgrades in the field, which are provided by Entrust as a single signed firmware package (.npkg file). 11.2 Cryptographic module identification This section provides instructions to inspect the cryptographic module´s fw and hw version information and ensure they correspond with the FIPS 140-3 validated versions. 11.2.1 FW identification The cryptographic module provides the service updater info which provides firmware version information in JSON format. Entrust provides the hsmadmin status command-line utility which calls the service updater info internally. hsmadmin status --json { "D5DE-E1F8-D6E7": { "succeeded": true, "data": { "mode": "primary", "primary-version": "13.4.5-751-56c6f1db", "recovery-version": "13.2.4-280-7f4f0c24", "uboot-version": "1.1.0-1245-b9bedfa" } } } The following fields in the output must be checked: 40 of 44 nShield 5s Hardware Security Module Field Expected value primary-version 13.4.5-751-56c6f1db recovery-version 13.2.4-280-7f4f0c24 uboot-version 1.1.0-1245-b9bedfa 11.2.2 HW identification The cryptographic module provides the command Cmd_NewEnquiry which reports hardware version information. Entrust provides the enquiry command-line utility which calls Cmd_NewEnquiry internally. product name nC5536E hardware part no PCA10005-01 revision 03 The following fields in the output must be checked: Field Expected value product name nC5536E or nC5536N hardware part no PCA10005-01 revision 03 or revision 04 Alternatively, the cryptographic module also provides the service setup info which provides hardware version information in JSON format. Entrust provides the hsmadmin info command-line utility which calls the service setup info internally. hsmadmin info --json { "15C8-4387-C748": { "eeprom": { ... , "buildpart": { "value": "PCA10005-01", "crc": xxxxx } , "buildrev": { "value": "03", "crc": xxxxx } ... } } The following fields in the output must be checked: nShield 5s Hardware Security Module 41 of 44 Field Expected value buildpart "value": "PCA10005-01" buildrev "value": "03" or "value": "04" 11.3 Approved mode of operation When the cryptographic module is in factory state, it first needs to be initialized with the command line utility hsmadmin enroll. To configure the cryptographic module in approved mode, create a FIPS 140-3 level 3 compliant Security World using Entrust supplied utility new-world and setting the mode to fips-140-level-3. An operator can verify that the module is configured in approved mode with the command line utility enquiry, which reports the following active modes: active modes UseFIPSApprovedInternalMechanisms AlwaysUseStrongPrimes FIPSLevel3Enforcedv2 StrictSP80056Ar3 or active modes UseFIPSApprovedInternalMechanisms FIPSLevel3Enforcedv2 StrictSP80056Ar3 Once a FIPS 140-3 level 3 Security World is created, it is not possible to switch into a non-compliant mode without first zeroising the unprotected SSPs. 11.4 End of life Per FIPS 140-3 section 7.11.8, in the event that the module is no longer deployed or intended for further use, the Crypto Officer shall zeroize and destroy the module. The module shall be taken to an electronics recycling facility that offers (and assures) the physical destruction of e-waste. 42 of 44 nShield 5s Hardware Security Module 12 Mitigation of other attacks Not applicable. nShield 5s Hardware Security Module 43 of 44 Contact Us Web site https://www.entrust.com Support https://nshieldsupport.entrust.com Email Support nShield.support@entrust.com Online documentation: Available from the Support site listed above. You can also contact our Support teams by telephone, using the following numbers: Europe, Middle East, and Africa United Kingdom: +44 1223 622 444 One Station Square Cambridge CB1 2GA UK Americas Toll Free: +1 833 425 1990 Fort Lauderdale: +1 954 953 5229 Sawgrass Commerce Center – A Suite 130, 13800 NW 14 Street Sunrise FL 33323 USA Asia Pacific Australia: +61 9126 9070 World Trade Centre Northbank Wharf Siddeley St Melbourne VIC 3005 Australia Japan: +81 50 3196 4994 Hong Kong: +852 3008 4994 31/F, Hysan Place 500 Hennessy Road Causeway Bay Hong Kong Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e- government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. To get help with Entrust nShield HSMs nShield.support@entrust.com nshieldsupport.entrust.com