nShield Support for Cryptographic Algorithms
Introduction
This topic details the implemented restrictions imposed in various firmware modes.
Security World mode designation | new-world "mode" parameter | Description | ||
---|---|---|---|---|
Unrestricted |
The unrestricted Security World mode protects keys with FIPS approved cryptography, but it is not designed to be fully compliant with all the requirements and restrictions of a particular certification standard. This mode can be used by customers who want their keys securely managed within the FIPS level 3 boundary, but don’t need full compliance with the certification approved modes of operation.
|
|||
FIPS 140 Level 3 |
|
This is the FIPS 140 level 3 approved mode of operation. Customers needing FIPS 140 Level 3 compliance can use this mode on an HSM with a FIPS validated fw version. |
||
Common Criteria CMTS |
|
The Common Criteria approved mode of operation for Protection Profile EN 419 221-5 Cryptographic Module for Trust Services. Customers needing Common Criteria (CC) compliance can use this mode on an HSM with a CC validated fw version. |
Features and Restrictions
Introductory Notes
-
This topic covers all sorts of module features, not just algorithm/mechanisms
-
For the most part a blank table cell means "no restriction"; there are a few exceptions to this, for example, flag settings for particular modes
-
The information is low-level and may need interpreting to answer high-level questions
-
This topic does not cover higher level APIs like PKCS#11 or JCE
The details are correct as of July 2023, except that there are a couple of gaps for very new functionality Feature/Mode Matrix.
Configuration
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
InitModeFlags |
UseFIPSApprovedInternalMechanisms |
UseFIPSApprovedInternalMechanisms |
|
NSOPermsModeFlags |
AlwaysUseStrongPrimes |
FIPSLevel3Enforcedv2 |
CommonCriteriaCMTSRestrictions |
Public NSOPerms |
ReadFile |
LoadLogicalToken |
ReadFile |
Functionality
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Cmd_Import |
No private key import |
No private key import |
|
ExportAsPlain |
Forbidden for private keys |
||
Key generation |
Requires FIPS auth |
||
Key generation |
Pairwise check always on |
||
Impath |
Forbidden |
||
Minimum impath groups |
DHPrime3072 |
DHPrimeMODP3072 |
n/a |
Default module attributes |
ModuleAttribTag_Challenge |
||
SignModuleState with KLF |
Forbidden |
||
Audit logging |
Mandatory |
||
AlwaysUseStrongPrimes |
Mandatory |
Asymmetric Algorithms/Mechanisms
Diffie-Hellman Key Agreement
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
DHPrivate key generation |
Forbidden |
||
DHPrivate default size |
1024/160 |
2048/224 |
1024/160 |
DHPrivate key agreement |
Forbidden |
||
DHExPrivate key generation |
|||
DHExPrivate domain parameters |
Restricted as per SP800-56Ar3 |
||
DHExPrivate key generation minimum size |
2048/224 minimum |
||
DHExPrivate default size |
2048/256 |
||
DHExPrivate key agreement minimum size |
2048 |
||
DHExPrivate key agreement |
Forbidden with Cmd_Decrypt |
||
ElGamal encryption/decryption |
Forbidden |
||
IEEE DLIES with ANSI X9.63 KDF |
Forbidden |
||
IEEE DLIES with ANSI X9.63 KDF |
Forbidden |
||
IEEE DLIES with ANSI X9.63 KDF |
When a DHEx key is loaded into the module, the domain parameters are validated. If the domain parameters do not match those found in SP800-56Ar3, the validation time is significantly longer. Entrust recommends that you always use SP800-56Ar3 domain parameters.
DSA Signature
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
DSA key generation |
|||
DSA key generation sizes |
FIPS 186-4 sizes only; |
||
DSA signature key sizes |
FIPS 186-4 sizes only; |
||
DSA signature hashes |
RIPEMD160 & SHA-1 forbidden |
||
Legacy DSA domain generation |
Forbidden |
||
Legacy DSA domain generation |
|||
FIPS 186-4 DSA domain generation |
|||
DSA SHA-1 signature |
Forbidden |
||
DSA SHA-2 signature |
|||
DSA RIPMED160 signature |
Forbidden |
RSA Signature/Encryption
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
RSA key generation |
Strong primes always on |
||
RSA key generation public modulus size |
2048 minimum; |
||
RSA key generation rules (<1024) |
FIPS 186-4 B.3.6 |
Forbidden |
FIPS 186-4 B.3.6 |
RSA key generation rules (>=1024) |
FIPS 186-4 B.3.6 |
||
RSA key generation/import public exponent |
16-256 bits |
||
RSA signature key sizes |
2048 minimum |
||
RSA signature hashes |
RIPEMD160 & SHA-1 forbidden |
||
RSA raw encryption/decryption |
Forbidden with Mech_RSApPKCS1 |
||
RSA PKCS#1 encryption/decryption |
Forbidden |
||
RSA raw sign/verify |
Forbidden with Mech_RSApPKCS1 |
||
RSA PKCS#1 any-hash signature |
Forbidden |
||
RSA PKCS#1 SHA-1 signature |
Forbidden |
||
RSA PKCS#1 SHA-2 signature |
|||
RSA PKCS#1 SHA-3 signature |
|||
RSA PSS SHA-1 signature |
Forbidden |
||
RSA PSS SHA-2 signature |
|||
RSA PSS SHA-3 signature |
|||
RSA PSS RIPEMD160 signature |
Forbidden |
||
RSA SHA-1 OAEP encryption |
|||
RSA SHA-2 OAEP encryption |
|||
RSA SHA-3 OAEP encryption |
Elliptic Curve Key Agreement
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ECC enablement |
EllipticCurve feature (enabled by default from firmware V13.5 onwards) |
||
ECC domain parameters |
224 minimum; SECP256k1 forbidden; |
||
ECDH key agreement |
Forbidden with Cmd_Decrypt |
||
ECDHC key agreement |
Forbidden with Cmd_Decrypt |
||
ECDH key generation |
|||
ECDHLax key generation |
Forbidden |
||
ECDHLax key agreement |
Forbidden |
Elliptic Curve Signature
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ECC enablement |
EllipticCurve feature enabled by default from V13.5 onwards |
||
ECC domain parameters |
224 minimum; SECP256k1 forbidden; |
||
ECDSA key generation |
|||
ECDSA signature RNG |
Never uses unvalidated RNG |
||
ECDSA signature hash |
RIPEMD160 & SHA-1 forbidden |
||
ECDSA verify hash |
RIPEMD160 forbidden |
||
ECDSA SHA-1 sign |
Forbidden |
||
ECDSA SHA-1 verify |
|||
ECDSA RIPMED160 sign/verify |
Forbidden |
||
ECDSA SHA-2 sign/verify |
|||
ECDSA SHA-3 sign/verify |
|||
ECDSA sign/verify GBCS mode |
Forbidden |
X25519/Curve25519 Signature/Encryption
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Ed25519 key generation |
Forbidden |
||
Pure Ed25519 sign/verify |
Forbidden |
||
Prehashed Ed25519 sign/verify |
Forbidden |
||
Prehashed Ed25519 sign/verify with context |
Forbidden |
||
X25519 key generation |
Forbidden |
||
X25519 key agreement |
Forbidden |
Ed448 Signature
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Ed448 key generation |
Forbidden |
||
Pure Ed448 sign/verify |
Forbidden |
||
Pure Ed448 sign/verify with context |
Forbidden |
||
Prehashed Ed448 sign/verify |
Forbidden |
||
Prehashed Ed448 sign/verify with context |
Forbidden |
KCDSA Signature
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
KCDSA enablement |
KISAAlgorithms feature required |
||
KCDSA key generation |
Forbidden |
||
KCDSA signature |
Forbidden |
||
KCDSA domain generation |
Forbidden |
Symmetric Mechanisms/Algorithms
ARIA
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ARIA key generation |
Forbidden |
||
ARIA CBC no padding |
Forbidden |
||
ARIA ECB no padding |
Forbidden |
Camellia
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Camellia key generation |
Forbidden |
||
Camellia CBC no padding |
Forbidden |
||
Camellia ECB no padding |
Forbidden |
CAST256
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
CAST256 key generation |
Forbidden |
||
CAST256 CBC PKCS#5 padding |
Forbidden |
||
CAST256 ECB PKCS#5 padding |
Forbidden |
||
CAST256 CBC no padding |
Forbidden |
||
CAST256 ECB no padding |
Forbidden |
||
CAST256 CBC-MAC PKCS#5 padding |
Forbidden |
DES
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
Single-DES key generation |
Forbidden |
||
Single-DES CBC PKCS#5 padding |
Forbidden |
||
Single-DES CBC no padding |
Forbidden |
||
Single-DES ECC PKCS#5 padding |
Forbidden |
||
Single-DES ECB no padding |
Forbidden |
||
Single-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
Single-DES CBC-MAC no padding |
Forbidden |
||
2-key triple-DES key generation |
Forbidden |
||
2-key triple-DES PKCS#5 padding |
Forbidden |
||
2-key triple-DES CBC no padding |
Forbidden |
||
2-key triple-DES ECC PKCS#5 padding |
Forbidden |
||
2-key triple-DESS ECB no padding |
Forbidden |
||
2-key triple-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
2-key triple-DES CBC-MAC no padding |
Forbidden |
||
3-key triple-DES key generation |
Forbidden |
||
3-key triple-DES PKCS#5 padding |
Decrypt only |
||
3-key triple-DES CBC no padding |
Decrypt only |
||
3-key triple-DES ECC PKCS#5 padding |
Decrypt only |
||
3-key triple-DESS ECB no padding |
Decrypt only |
||
3-key triple-DES CBC-MAC PKCS#5 padding |
Forbidden |
||
3-key triple-DES CBC-MAC no padding |
Forbidden |
AES (aka Rijndael)
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
AES key generation |
|||
AES CBC PKCS#5 padding |
|||
AES ECB PKCS#5 padding |
|||
AES CBC no padding |
|||
AES ECB no padding |
|||
AES GCM |
|||
AES GCM |
Forbidden |
||
AES GCM |
|||
AES KWP |
|||
AES CMAC with PKCS#5 padding |
|||
AES CBC-MAC with PKCS#5 padding |
Forbidden |
||
AES CBC-MAC with no padding |
Forbidden |
RC4
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
RC4 key generation |
Forbidden |
||
RC4 encrypt/decrypt |
Forbidden |
SEED
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
SEED key generation |
Forbidden |
||
SEED CBC PKCS#5 padding |
|||
SEED ECBPKCS#5 padding |
|||
SEED CBC no padding |
|||
SEED ECB no padding |
|||
SEED CBC-MAC PKCS#5 padding |
HMAC
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
HMAC SHA-1/2/3 key generation |
Minimum 14 bytes |
||
HMAC SHA-1/2/3 sign/verify |
|||
HMAC MD5 key generation |
Forbidden |
||
HMACMD5 sign/verify |
Forbidden |
||
HMAC RIPEMD160 key generation |
Forbidden |
||
HMACRIPEMD160 sign/verify |
Forbidden |
DeriveKey Mechanisms
Key Wrapping (see also IES variants)
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
EncryptMarshalled |
AESKeyWrapPadded & |
||
AESKW non-default ICV |
Forbidden (wrap & unwrap) |
||
Raw encryption |
AESKeyWrapPadded, |
||
Padded raw encryption |
Forbidden |
||
PKCS#8 wrap |
AESKeyWrapPadded, |
||
AES Key Wrap |
Key Derivation
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
MAC on a key |
KeyType_Random output only |
||
NIST SP800-56Cr1 KDF |
|||
NIST SP800-56Cr1 KDF |
Forbidden |
||
ANSI X9.63 KDF |
Forbidden |
||
Either ConcatenationKDF with RSA key agreement |
Forbidden |
||
Either ConcatenationKDF with ECDHC key agreement |
|||
Either ConcatenationKDF with ECDH key agreement |
|||
Either ConcatenationKDF with ECDH |
Forbidden |
||
SP800-108 KDF with AES-CMAC |
|||
SP800-108 KDF with AES-CMAC or HMAC SHA-256, |
|||
DES split/join XOR |
Forbidden |
||
Random split/join XOR |
|||
AES split/join XOR |
|||
Key concatenation |
|||
Public from private |
Key Agreement
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ECCMQV with ANSI X9.63 KDF |
Forbidden |
||
ECCMQV with SP800-56Ar3 KDF |
|||
ECDH key agreement |
Forbidden |
||
DH key agreement |
Forbidden |
||
X25519 key agreement |
Forbidden |
IES Variants
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ECIES |
Forbidden |
||
X25519 ECIES |
Forbidden |
||
RSA key wrap of symmetric key |
|||
RSA key wrap of asymmetric key |
Rainbow
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
ARQC verification |
Forbidden |
||
Watchword sign/verify |
Forbidden |
HyperLedger
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
HyperLedger client key derivation |
Forbidden |
MILENAGE
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
MILENAGEOP key generation |
Forbidden |
||
MILENAGESubscriber key generation |
Forbidden |
||
MILENAGERC key generation |
Forbidden |
||
MILENAGEOPC key derivation |
Forbidden |
||
MILENAGEAV key derivation (f1…f5) |
Forbidden |
||
MILENAGEResync (f1s/f5s) |
Forbidden |
||
MILENAGEGenAUTS (for testing) |
Forbidden |
TUAK
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
TUAKSubscriber key generation |
Forbidden |
||
TUAKTOP key generation |
Forbidden |
||
TUAKf1 key derivation |
Forbidden |
||
TUAKf1s key derivation |
Forbidden |
||
TUAKf2345 key derivation |
Forbidden |
||
TUAKf5s key derivation |
Forbidden |
Hashing
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
SHA-1 |
|||
SHA-2 |
|||
SHA-3 |
|||
HAS160 |
Forbidden |
||
RIPEMD160 |
Forbidden |
||
Tiger |
Forbidden |
Internal Security Mechanisms
Feature | Unrestricted | FIPS 140 Level 3 | Common Criteria CMTS |
---|---|---|---|
3DES internal security mechanisms |
Forbidden |
||
V2 Blobcrypt |
Forbidden |
||
V3 Blobcrypt |
Mandatory |
||
Share key KDF |
Mandatory |
NISTKDFmCTRpRijndaelCMACr32 |