`` 2 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 3 of 38 4 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Variant name Marketing model number Firmware version MiniHSM nC4031Z-10 12.72.0 12.72.2 MiniHSM inside nShield Edge F3 nC4031U-10 Security requirements section Level Cryptographic Module Specification 3 Module Ports and Interfaces 3 Roles, Services and Authentication 3 Finite State Model 3 Physical Security 3 Operational Environment N/A Cryptographic Key Management 3 EMI/EMC 3 Self-Tests 3 Design Assurance 3 Mitigation of Other Attacks N/A MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 5 of 38 • • • • • 6 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 7 of 38 • • • • `` CSP Type Description Generation Input Output Storage Zeroization KRE - Recovery Confidentiality Key RSA 3072-bit Key used to protect recovery keys (KR). KTS cert #A1931 DRBG Load Blob - encrypted with LT Make Blob - encrypted with LT Ephemeral, stored in volatile RAM. Initialize Unit KR - Recovery Key AES 256-bit Key used to derive (using SP 800-108 KDF in counter mode) the keys Ke (AES 256-bit) and Km (HMAC-SHA256) that protect an archive copy of an application key. • AES cert #A1931 DRBG Load Blob - encrypted with KRE Make Blob - encrypted with KRE Ephemeral, stored in volatile RAM. Initialize Unit, Clear Unit, power cycle or reboot. Impath session keys AES 256-bit in CBC mode. Integrity with HMAC SHA-256. Used for secure channel between two modules. It consists of a set of four session keys used in an Impath session for encryption, decryption, MAC generation and MAC validation. • AES cert #A1931 • HMAC cert #A1931 3072-bit DH key exchange No No Ephemeral, stored in volatile RAM. Clear Unit, new session, power cycle or reboot. KJSO - JSO key DSA 3072-bit nShield Junior Security Officer key used with its associated certificate to perform the operations allowed by the NSO. • DSA cert #A1931 DRBG Load Blob - encrypted with LT Make Blob - encrypted with LT Ephemeral, stored in volatile RAM. Destroy, Initialize Unit, Clear Unit, MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 9 of 38 CSP Type Description Generation Input Output Storage Zeroization power cycle or reboot. KA - Application key AES 128, 192, 256 bits HMAC with key sizes >= 112 bits RSA with key sizes >= 2048 bits DSA, DH with key sizes >= 2048 bits ECDSA, ECDH, EC MQV with curves: • P-224, P- 256, P-384, P-521 • K-233, K- 283, K-409, K-571 • B-233, B- 283, B-409, B-571 • Brainpool Keys associated with a user to perform cryptographic operations, that can be used with one of the following validated algorithms: • AES and KTS cert #A1931 • HMAC cert #A1931 • RSA cert #A1931 • DSA cert #A1931 • ECDSA cert #A1931 • Key Agreement (KAS) cert #A1931 • KBKDF cert #A1931 • KTS cert #A1931 DRBG Load Blob - encrypted with LT or KR Make Blob - encrypted with LT or KR Ephemeral, stored in volatile RAM. Destroy, Initialize Unit, Clear Unit, power cycle or reboot 10 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 CSP Type Description Generation Input Output Storage Zeroization KM - Module Key AES 256-bit Key used to protect logical tokens and associated module Key Blobs. • AES cert #A1931 DRBG Load Blob - encrypted with LT Make Blob - encrypted with LT Non-volatile memory Initialize Unit KML - Module Signing Key DSA 3072-bit Module Signing Key used by the module to sign key generation and module state certificates. When the nShield module is initialized, it automatically generates this key that it uses to sign certificates using DSA with SHA-256. This key is only ever used to verify that a certificate was generated by a specific module. • DSA cert #A1931 DRBG No No Non-volatile memory Initialize Unit KNSO - NSO key DSA 3072-bit nShield Security Officer key used for NSO authorisation and Security World integrity. Used to sign Delegation Certificates and to directly authorize commands during recovery operations • DSA cert #A1931 DRBG Load Blob - encrypted with LT Make Blob - encrypted with LT Ephemeral, stored in volatile RAM. Destroy, Initialize Unit, Clear Unit, power cycle or reboot. LT - Logical Token AES 256-bit Key used to derive the keys that are used to protect token protected key blobs. Logical Tokens are split in shares (encrypted with Share Key) between one or more smartcards or a softcard, using the Shamir Secret Sharing scheme. DRBG Read Share - encrypted with Share Key Write Share - encrypted with Share Key Ephemeral, stored in volatile RAM. Destroy, Initialize Unit, power cycle or reboot MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 11 of 38 CSP Type Description Generation Input Output Storage Zeroization • AES cert #A1931 • KBKDF cert #A1931 • HMAC cert #A1931 Share Key AES 256-bit Protects a share when written to a smartcard or softcard. This key is used to derive (using SP 800-108 AES CTR KDF) the keys Ke (AES 256-bit) and Km (HMAC- SHA256) that wrap the share. • AES cert #A1931 • KBKDF cert #A1931 • HMAC cert #A1931 DRBG No No Ephemeral, stored in volatile RAM. N/A Remote Administration session keys AES 256-bit in CBC mode Integrity with CMAC Used for secure channel between the module and a smartcard. This is a set of four AES 256-bit session keys, namely Km-e (for encrypting data send to the smartcard), Kc-e (for decrypting data from the smartcard), Km-a (for CMAC generation) and Kc-a (for CMAC verification). • AES cert #A1931 ECDH P-521 key agreement No No Ephemeral, stored in volatile RAM. Clear Unit, new session, power cycle or reboot. KAL - Key Audit Logging DSA 3072-bit Used for signing the log trail. • DSA cert #A1931 DRBG No No Non-volatile memory Initialize Unit 12 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 CSP Type Description Generation Input Output Storage Zeroization DRBG internal state Hash_DRBG The module uses the Hash_DRBG with SHA- 256 compliant with SP800-90A. • Hash DRBG cert #A1931 Entropy source No No Ephemeral, stored in volatile RAM. Clear Unit, power cycle or reboot. DRBG entropy input 520 bits Entropy input string used to initialize and re-seed the DRBG. Entropy source No No Ephemeral, stored in volatile RAM. Clear Unit, power cycle or reboot. Public Key Type Description Generation Input Output Storage Firmware Integrity key (KFI) DSA 3072- bit Public key used to ensure the integrity of firmware updates. The module validates the signature before new firmware is written to non-volatile storage. • DSA cert #A1931 At Entrust Firmware update No In firmware KJWAR ECDSA P- 521 Entrust root warranting public key for Remote Administrator Cards and Remote Operator Cards • ECDSA cert #A1931 At Entrust Firmware update None Persistent storage in plaintext inside the module (EEPROM) Application keys public key See description Public keys associated with private Application keys: At creation of the Load Blob - encrypted with LT Key export Stored in the key blob of the application key MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 13 of 38 Public Key Type Description Generation Input Output Storage • RSA cert #A1931 • DSA cert #A1931 • ECDSA cert #A1931 • Key Agreement (KAS) cert #A1931 • KTS cert #A1931 application key KJSO public key DSA 3072- bit Public key associated to KJSO • DSA cert #A1931 At creation of the KJSO Load Blob - encrypted with LT Key export Public key hash stored in the module persistent storage KNSO public key DSA 3072- bit Public key associated to KNSO • DSA cert #A1931 At creation of the KNSO Load Blob - encrypted with LT Key export Public key hash stored in the module persistent storage KML public key DSA 3072- bit Public key associated to KML • DSA cert #A1931 At creation of KML No Key export Public key hash stored in the module persistent storage KAL public key DSA 3072- bit Public key associated to KAL • DSA cert #A1931 At creation of KAL No Included in the audit trail Public key hash stored in the module persistent storage 14 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Public Key Type Description Generation Input Output Storage KRE public key RSA 3072- bit Public key associated to KRE • KTS cert #A1931 At creation of the KNSO Load Blob - encrypted with LT Key export Stored in a key blob FET public key DSA 1024- bit Feature Enable Tool (FET) public key used to verify FET certificates • DSA cert #TBD At Entrust Firmware update No Persistent storage in plaintext inside the module (EEPROM) Impath DH public key DH 3072- bit Public key from peer used in the Impath DH key agreement • KAS cert #A1931 No Loaded with Cmd_ImpathKXFinish No Ephemeral, stored in volatile RAM. Remote Administration ECDH public key NIST P-521 Public key from peer used in the Remote Administration ECDH key agreement • KAS cert #A1931 No Loaded with Cmd_DynamicSlotExchangeAPDUs No Ephemeral, stored in volatile RAM. `` Cert # Algorithm and mode Standard Key sizes Use A1931 Advanced Encryption Standard (AES) • ECB • CBC • CTR • GCM FIPS 197 SP800- 38A SP800- 38D 128 bits 192 bits 256 bits Data encryption/decryption A1931 KTS • AES Key Wrapping (AES KW) • AES Key Wrapping with Padding (AES KWP) • AES GCM SP800- 38F SP800- 38D 128 bits 192 bits 256 bits Key wrapping/unwrapping A1931 KTS • RSA OAEP SP 800- 56Brev2 2048 bits 3072 bits 4096 bits Caveat: Cert. #A1931 key establishment methodology provides between 112 and 152 bits of encryption strength. Key transport (encapsulation, un- encapsulation) A1931 RSA • PKCS#1 v1.5 • PSS FIPS 186- 4 1024 bits (verification only) 2048 bits 3072 bits 4096 bits Key generation Signature generation and verification 16 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Cert # Algorithm and mode Standard Key sizes Use A1931 Elliptic Curve Digital Signature Algorithm (ECDSA) FIPS 186- 4 • NIST P- 224, P- 256, P- 384, P-521 • NIST K- 233, K- 283, K- 409, K-571 • NIST B- 233, B- 283, B- 409, B-571 Signature generation and verification A1931 Digital Signature Algorithm (DSA) FIPS 186- 4 L = 1024 bits, N = 160 bits (verification only) L = 2048 bits, N = 224 bits L = 2048 bits, N = 256 bits L = 3072 bits, N = 256 bits Signature generation and verification A1931 HMAC-SHA1 HMAC-SHA2 FIPS 198- 1 >= 112 bits MAC generation and verification A1931 Advanced Encryption Standard (AES) • CMAC SP800- 38B 128 bits 192 bits 256 bits MAC generation and verification A1931 KAS-FFC • Diffie-Hellman (DH) SP 800- 56Arev3 MODP-2048 MODP-3072 MODP-4096 MODP-6144 MODP-8192 FB FC Key establishment A1931 KAS-ECC • Elliptic Curve Diffie- Hellman (ECDH) SP 800- 56Arev3 • NIST P- 224, P- Key establishment MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 17 of 38 Cert # Algorithm and mode Standard Key sizes Use 256, P- 384, P-521 • NIST K- 233, K- 283, K- 409, K-571 • NIST B- 233, B- 283, B- 409, B-571 A1931 KAS-ECC • Elliptic Curve Menezes– Qu–Vanstone (ECMQV) SP 800- 56Arev3 • NIST P- 224, P- 256, P- 384, P-521 • NIST K- 233, K- 283, K- 409, K-571 • NIST B- 233, B- 283, B- 409, B-571 Key establishment A1931 Key Based KDF (KBKDF): • counter mode SP 800- 108 n/a Key derivation A1931 SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512 FIPS 180- 4 n/a Message digest A1931 Hash-based DRBG SP 800- 90A n/a Random bit generation ENT (P) Hardware based entropy source This cryptographic module has been validated for compliance with NIST SP 800-90B. Based on noise source testing and analysis, the estimated minimum amount of entropy per the source output bit is about 0.356 bits. The overall amount of generated entropy meets the required security strength of 256 bits based on the SP800- 90B n/a Random bit generation 18 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Cert # Algorithm and mode Standard Key sizes Use entropy per bit and amount of entropy requested by the module. Vendor affirmed CKG SP800- 133 Symmetric keys are generated using the unmodified output of the approved DRBG. Key generation Cert # Algorithm and mode Standard Key sizes Use A1931 Elliptic Curve Digital Signature Algorithm (ECDSA) using non-NIST elliptic curves FIPS 186-4 RFC 5639 • brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength) Signature generation and verification A1931 EC Diffie-Hellman using non-NIST elliptic curves SP 800- 56Arev3 RFC 5639 • brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength) Key establishment A1931 EC MQV using non-NIST elliptic curves SP 800- 56Arev3 RFC 5639 • brainpoolP224r1/P224t1 (112 bits of strength) • brainpoolP256r1/P256t1 (128 bits of strength) Key establishment MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 19 of 38 Cert # Algorithm and mode Standard Key sizes Use • brainpoolP320r1/P320t1 (160 bits of strength) • brainpoolP384r1/P384t1 (192 bits of strength) • brainpoolP512r1/P512t1 (256 bits of strength) Algorithm Symmetric encryption and decryption DES Triple DES encryption, MAC generation AES GCM with externally generated IV AES CBC MAC Aria Camellia Arc Four (compatible with RC4) CAST 256 (RFC2612) SEED (Korean Data Encryption Standard) Asymmetric KTS-OAEP-basic with SHA-256 with key size less than 2048 bits ElGamal (encryption using Diffie-Hellman keys) KCDSA (Korean Certificate-based Digital Signature Algorithm) 20 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Algorithm RSA digital signature generation with SHA-1 or key size less than 2048 bits DSA digital signature generation with SHA-1 or key size less than 2048 bits ECDSA digital signature generation with SHA-1 or curves P-192, K-163 , B-163 DH with key size p < 2048 bits or q < 224 bits, or non-compliant with SP800-56Arev3 ECDH with curves P-192, K-163, B-163, or non-compliant with SP800-56Arev3 EC MQV with curves P-192, K-163 or B-163, or non-compliant with SP800-56Arev3 Deterministic DSA compliant with RFC6979 Ed25519 public-key signature X25519 key exchange ECIES encryption/wrapping and decryption/unwrapping ECKA-EG key agreement Hash HAS-160 MD5 RIPEMD-160 Tiger Message Authentication Codes HMAC with MD5, RIPEMD-160 and Tiger HMAC with key size less than 112 bits Other PKCS#8 padding EMV support: Cryptogram (ARQC) generation and verification (includes EMV2000, M/Chip 4 and Visa Cryptogram Version 14, EMV 2004, M/Chip 2.1, Visa Cryptogram Version 10) Watchword generation and verification Hyperledger client side KDF MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 21 of 38 • • • Authentication mechanism Type of authentication Strength of Mechanism Smartcard Identity based 22 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Authentication mechanism Type of authentication Strength of Mechanism Softcard Identity based A logical token share stored in a Smartcard or Softcard is encrypted and MAC'ed. An attacker would need to guess the encrypted share value and the associated MAC in order to be able to load a valid Logical token share into the module. This requires, as a minimum, guessing a 256-bit HMAC-SHA256 value, which gives a probability of 2^-256. This probability is less than 10^-6. The module can process around 2^16 commands per minute. This gives a probability of success in a one minute period of 2^- 240, which is less than 10^-5. Service Description Authorized roles Access CSPs Big number operation Cmd_BignumOp Performs an operation on a large integer. Unauthenticated - None Make Blob Cmd_MakeBlob Creates a Key blob containing the key. Note that the key ACL needs to authorize the operation. User / JSO / NSO W KA, KRE, KR, KJSO, KM, KNSO, LT Buffer operations Cmd_CreateBuffer Cmd_LoadBuffer Mechanism for loading of data into the module volatile memory. The data can be loaded in encrypted form which can be decrypted inside the module with a key that has been previously loaded. Unauthenticated R KA Bulk channel Provides a bulk processing channel User R KA MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 23 of 38 Service Description Authorized roles Access CSPs Cmd_ChannelOpen Cmd_ChannelUpdate for encryption / decryption, MAC generation / verification and signature generation / verification. Check User Action Cmd_CheckUserAction Determines whether the ACL associated with a key allows a specific operator defined action. User / JSO / NSO R KNSO, KJSO; KA Clear Unit Cmd_ClearUnit Zeroises all keys, tokens and shares that are loaded into the module. Will cause the module to reboot and perform self-tests. Unauthenticated Z KA, KR, Impath keys, KJSO, remote administration session keys Set Module Key Cmd_SetKM Allows a key to be stored internally as a Module key (KM) value. The ACL needs to authorize this operation. NSO W KM Remove Module Key Cmd_RemoveKM Deletes a given KM from non-volatile memory. NSO Z KM Duplicate key handle Cmd_Duplicate Creates a second instance of a Key with the same ACL and returns a handle to the new instance. Note that the source key ACL needs to authorize this operation. User / JSO / NSO R KA Enable feature Cmd_StaticFeatureEnable Enables the service. This service requires a certificate signed by the Master Feature Enable key. Unauthenticated - None 24 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Service Description Authorized roles Access CSPs Encryption / decryption Cmd_Encrypt Cmd_Decrypt Encryption and decryption using the provided key handle. User R KA Erase from smartcard /softcard Cmd_EraseFile Cmd_EraseShare Removes a file or a share from a smartcard or softcard NSO / JSO / User - None Format Token Cmd_FormatToken Formats a smartcard or a softcard. NSO / JSO - None File operations Cmd_FileCopy Cmd_FileCreate Cmd_FileErase Cmd_FileOp Performs file operations in the module. NSO / JSO - None Firmware Authenticate Cmd_FirmwareAuthenticate Reports firmware version, using a zero knowledge challenge response protocol based on HMAC. The protocol generates a random value to use as the HMAC key. Note: in FIPS Level 3 mode this services is not available. Unauthenticated - None Force module to fail Cmd_Fail Causes the module to enter a failure state. Unauthenticated - None Foreign Token open Cmd_ForeignTokenOpen Opens a channel for direct data access to a Smartcard Requires Feature Enabled. NSO / JSO - None Foreign Token command Cmd_ForeignTokenCommand Sends an ISO-7816 command to a smartcard over the Unauthenticated - None MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 25 of 38 Service Description Authorized roles Access CSPs channel opened by ForeignTokenOpen. Firmware Update Cmd_Maintenance Cmd_ProgrammingBegin Cmd_ProgrammingBeginChunk Cmd_ProgrammingLoadBlock Cmd_ProgrammingEndChunk Cmd_ProgrammingEnd Cmd_ProgrammingGetKeyList Perform a firmware update. Restricted service to Entrust signed Firmware. Unauthenticated R KFI Generate prime number Cmd_GeneratePrime Generates a random prime number. Unauthenticated R, W DRBG internal state Generate random number Cmd_GenerateRandom Generates a random number from the Approved DRBG. Unauthenticated R, W DRBG internal state Get ACL Cmd_GetACL Get the ACL of a given key. User R KA Get key application data Cmd_GetAppData Get the application data field from a key. User R KA Get challenge Cmd_GetChallenge Get a random challenge that can be used in fresh certificates. Unauthenticated R, W DRBG internal state Get KLF2 Cmd_GetKLF2 Get a handle to the Module Long Term (KLF2) public key. Unauthenticated - None Get Key Information Cmd_GetKeyInfo Cmd_GetKeyInfoEx Get the type, length and hash of a key. NSO / JSO / User R KA Get module signing key Cmd_GetKML Get a handle to the KML public key. Unauthenticated R KML Get list of slot in the module Cmd_GetSlotList Get the list of slots that are available from the module. Unauthenticated - None 26 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Service Description Authorized roles Access CSPs Get Logical Token Info Cmd_GetLogicalTokenInfo Cmd_GetLogicalTokenInfoEx Get information about a Logical Token: hash, state and number of shares. NSO / JSO / User R LT Get list of module keys Cmd_GetKMList Get the list of the hashes of all module keys and the KNSO. Unauthenticated R KM, KNSO Get module state Cmd_GetModuleState Returns unsigned data about the current state of the module. Unauthenticated - None Get real time clock Cmd_GetRTC Get the current time from the module Real Time Clock. Unauthenticated - None Get share access control list Cmd_GetShareACL Get the Share's ACL. NSO / JSO / User R Share Key Get Slot Information Cmd_GetSlotInfo Get information about shares and files on a Smartcard that has been inserted in a module slot. Unauthenticated - None Get Ticket Cmd_GetTicket Get a ticket (an invariant identifier) for a key. This can be passed to another client or to a SEE World which can redeem it using Redeem Ticket to obtain a new handle to the object. NSO / JSO / User - None Initialize Unit Cmd_InitializeUnit Cmd_InitializeUnitEx Causes a module in the pre-initialization state to enter the initialization state. When the module enters the initialization state, it erases all Module keys (KM), the Unauthenticated Z KA, KRE, KR, KJSO, KM, KAL, KML, KNSO, LT MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 27 of 38 Service Description Authorized roles Access CSPs module's signing key (KML), and the hash of the Security Officer's keys, HKNSO. It then generates a new KML and KM. Insert a Softcard Cmd_InsertSoftToken Allocates memory on the module that is used to store the logical token share and other data objects. Unauthenticated R Share Key Remove a Softcard Cmd_RemoveSoftToken Removes a Softcard from the module. It returns the updated shares and deletes them from the module’s memory. Unauthenticated Z Share Key Impath secure channel Cmd_ImpathGetInfo Cmd_ImpathKXBegin Cmd_ImpathKXFinish Cmd_ImpathReceive Cmd_ImpathSend Support for Impath secure channel. Requires Feature Enabled. NSO / JSO / User R, W KML, Impath keys Key generation Cmd_GenerateKey Cmd_GenerateKeyPair Generates a cryptographic key of a given type with a specified ACL. It returns a handle to the key. Optionally, it returns a KML signed certificate with the hash of the key and its ACL information. NSO / JSO R, W KML, DRBG internal state, KA, KJSO, Key import Cmd_Import Loads a plain text key into the module. If the module is initialized in FIPS level 3 mode, this NSO / JSO R KA, KJSO 28 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Service Description Authorized roles Access CSPs service is available for public keys only. Derive Key Cmd_DeriveKey Performs key wrapping, unwrapping, transport, exchange and derivation. The ACL needs to authorize this operation. NSO / JSO / User R, W KA, KJSO Load Blob Cmd_LoadBlob Load a Key blob into the module. It returns a handle to the key suitable for use with module services. NSO / JSO / User W KA, KRE, KR, KJSO, KM, KNSO Load Logical Token Cmd_LoadLogicalToken Initiates loading a Logical Token from Shares, which can be loaded with the Read Share command. Unauthenticated - None Generate Logical Token Cmd_GenerateLogicalToken Creates a new Logical Token with given properties and secret sharing parameters. NSO / JSO W KM, LT, KJSO Message digest Cmd_Hash Computes the cryptographic hash of a given message. Unauthenticated - None Modular Exponentiation Cmd_ModExp Cmd_ModExpCrt Cmd_RSAImmedVerifyEncrypt Cmd_RSAImmedSignDecrypt Performs a modular exponentiation (standard or CRT) on values supplied with the command. Unauthenticated - None Module hardware information Cmd_ModuleInfo Reports detailed hardware information. Unauthenticated - None No Operation Cmd_NoOp No operation. Unauthenticated - None MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 29 of 38 Service Description Authorized roles Access CSPs Change Share Passphrase Cmd_ChangeSharePIN Cmd_ChangeShareGroupPIN Updates the passphrase of a Share. NSO / JSO / User R, W Share Keys NVRAM Allocate Cmd_NVMemAllocate Allocation in NVRAM. NSO / JSO - None NVRAM Free Cmd_NVMemFree Deallocation from NVRAM. NSO / JSO - None Operation on NVM list Cmd_NVMemList Returns a list of files in NVRAM. Unauthenticated - None Operation on NVM files Cmd_NVMemOp Operation on an NVRAM file. Unauthenticated None Key export Cmd_Export Exports a key in plain text. Note: in FIPS level 3 mode, only public keys can be exported. NSO / JSO / User R KA Pause for notifications Cmd_PauseForNotifications Wait for a response from the module. Unauthenticated None Read file Cmd_ReadFile Reads data from a file on a Smartcard or Softcard. The ACL needs to authorize this operation. NSO / JSO - None Read share Cmd_ReadShare Reads a share from a Smartcard or Softcard. Once a quorum of shares have been loaded, the module re- assembles the Logical Token. NSO / JSO / User R Share Keys, LT Send share to remote slot Cmd_SendShare Reads a Share and encrypts it with the Impath session keys for transmission to the peer module. NSO / JSO / User R Impath Keys, Share Keys 30 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Service Description Authorized roles Access CSPs Receive share from remote slot Cmd_ReceiveShare Receives a Share encrypted with the Impath session keys by a remote module. NSO / JSO / User R Impath Keys, Share Keys Redeem Ticket Cmd_RedeemTicket Gets a handle in the current name space for the object referred to by a ticket created by Get Ticket. NSO / JSO / User - None Remote Administration Cmd_DynamicSlotCreateAssociation Cmd_DynamicSlotExchangeAPDUs Cmd_DynamicSlotsConfigure Cmd_DynamicSlotsConfigureQuery Cmd_VerifyCertificate Provides remote presentation of Smartcards using a secure channel between the module and the Smartcard. NSO / JSO / User R, W Remote administration session keys Destroy Cmd_Destroy Remove handle to an object in RAM. If the current handle is the only one remaining, the object is deleted from RAM. Unauthenticated Z KA, KJSO, KNSO, LT Report statistics Cmd StatGetValues Cmd_StatEnumTree Reports the values of the statistics tree. Unauthenticated - None Show Status Cmd_NewEnquiry Report status information. Unauthenticated - None Secure Execution Engine Cmd_CreateSEEWorld Cmd_GetWorldSigners Cmd_SEEJob Cmd_SetSEEMachine Cmd_TraceSEEWorld Creation and interaction with SEE machines. NSO / JSO - None Set ACL Replaces the ACL of a given key with a new NSO / JSO / User W KA MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 31 of 38 Service Description Authorized roles Access CSPs Cmd_SetACL ACL. The ACL needs to authorize this operation. Set key application data Cmd_SetAppData Writes the application information field of a key. User W KA Set NSO Permissions Cmd_SetNSOPerms Sets the NSO key hash and which permissions require a Delegation Certificate. NSO - None Set real time clock Cmd_SetRTC Sets the Real-Time Clock value. NSO / JSO - None Signature generation Cmd_Sign Generate a digital signature or MAC value. NSO / JSO / User R KA, KNSO, KJSO Sign Module State Cmd_SignModuleState Returns a signed certificate that contains data about the current configuration of the module. Unauthenticated R KML Signature verification Cmd_Verify Verifies a digital signature or MAC value. NSO / JSO / User R KA Write file Cmd_WriteFile Writes a file to a Smartcard or Softcard. NSO / JSO - None Write share Cmd_WriteShare Writes a Share to a Smartcard or Softcard. Unauthenticated - None 32 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 33 of 38 new-world enquiry active modes UseFIPSApprovedInternalMechanisms AlwaysUseStrongPrimes FIPSLevel3Enforcedv2 StrictSP80056Ar3 active modes UseFIPSApprovedInternalMechanisms FIPSLevel3Enforcedv2 StrictSP80056Ar3 34 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 35 of 38 • • • Algorithm Description AES Known Answer Test: ECB encryption and decryption with 128, 192 and 256-bit keys AES CMAC Known Answer Test: 128-bit key SHA1 SHA1 KAT test, other size are tested along with KAT HMAC HMAC with SHA1, SHA224, SHA256, SHA384, SHA512 Known Answer Test RSA Known Answer Test: sign/verify, encrypt/decrypt with 2048- bit key Pair-Wise consistency test: sign/verify DSA Known Answer Test: sign/verify with 2048-bit key Pair-Wise consistency test: sign/verify ECDSA Pair-Wise consistency test: sign/verify with curves P-224 and B-233 Key Agreement Shared Secret Computation Known Answer Test for DH Key Agreement Shared Secret Computation Known Answer Test for ECDH with curves P-384 and B-233 One-step KDF Known Answer Test with SHA-256 auxiliary function Two-step KDF Known Answer Test with HMAC-SHA256 auxiliary function 36 of 38 MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 Algorithm Description KBKDF Known Answer Test DRBG Health Tests according to SP 800-90A Entropy source SP800-90B section 4.4 health tests: adaptive proportion test and repetition count test • • • MiniHSM & MiniHSM for nShield Edge F3 Non-proprietary Security Policy for FIPS 140-2 Level 3 37 of 38