Operating modes

The HSM can operate in different modes, each with its own set of algorithms.

Info

Physical and logical security, as well as the access controls used, are the same in all modes.

The available operating modes are:

  1. Non Restricted Mode(NRM);
  2. Restricted Mode 1(RM1);
  3. Restricted Mode 2(RM2).

In NRM non-restricted mode, all the cryptographic algorithms and security functions available in the HSM are loaded.

The RM1 operating mode complies with all security directives and restrictions relating to the ITI MCT-7 and NIST FIPS 140-2 L3 standards.

The RM2 operating mode complies with all security directives and restrictions relating to the NIST FIPS 140-2 L3 standard.

Some services, algorithms and cryptographic functions not approved by the respective standard are disabled in restricted operating modes.

Info

The modes of operation are progressively restrictive but the implementations of the algorithms are unique. Example: DRBG (SP 800-90A), SHA-½/3 (FIPS PUB 180-4. FIPS PUB 202), AES (FIPS PUB 197), ECC (FIPS PUB 186-4), RSA (FIPS PUB 186-⅔/4), EdDSA (FIPS PUB 186-5 draft) etc.

As of version 5.0.32, the implementations of the following algorithms have been updated: ECC (FIPS PUB 186-5), RSA (FIPS PUB 186-5) and EdDSA (FIPS PUB 186-5/SP800-186).

There is no communication between modes, meaning that a key created in one mode cannot be used in another. In fact, the HSM's database needs to be reset in order to change operation. A backup made in one mode cannot be restored when the HSM is operating in another.

The HSM's behavior in the event of a cryptographic boundary violation is the same in all modes: the operator can reset the violation flag and continue operating the HSM. The status record (TAMPERED) will be kept and can be checked by the operator on the local console. Only the equipment manufacturer can remove this record.

The HSM is configured to leave the factory in non-restricted mode (NRM).

The operator can check the current operating mode of the HSM either via the local console or via the remote console.

When configured to operate in RM1, the following algorithms are supported by the HSM:

  • Data encryption
    • DES with 56-bit key size, in ECB and CBC operating modes.
    • Triple-DES (3DES) with key sizes of 112 or 168 bits, in ECB and CBC operating modes.
    • AES(Advanced Encryption Standard) with key sizes of 128, 192 and 256 bits in ECB, CBC, CTR and GCM operating modes.
  • Entity authentication with public key cryptography:
    • RSA with key sizes equal to or greater than 2048 bits.
    • ECDSA -- Elliptic Curve Digital Signature Algorithm with key sizes equal to or greater than 224 bits (Brainpool standards key sizes 224, 256, 320, 384, and 512 bits, SECG/NIST key sizes 224, 256, 384, and 521 bits).
    • EdDSA -- Edwards-Curve Digital Signature Algorithm with key sizes of 256 and 448 bits.
  • Cryptographic data summarization (Hash):
    • SHA2(Secure Hash Algorithm 2).
    • SHA3(Secure Hash Algorithm 3).
  • Authentication and integrity:
    • HMAC based on the SHA2 and SHA3 hash algorithms.
    • CMAC based on 3DES and AES.
  • Negotiating/setting up keys:
    • ECDH.
    • XECDH.

When configured to operate in RM2, the HSM supports the same algorithms as RM1, with the exception of DES, 3DES, RSA above 3072 bits and ECX encryption (EdDSA/XECDH).

Info

As of version 5.0.32, HSM supports the same algorithms in RM2 as in RM1, with the exception of DES, 3DES, and RSA above 4096 bits.

When configured to operate in NRM, in addition to the above algorithms, the HSM also supports:

  • Data encryption
    • RC4.
    • RC5.
    • DESX.
    • RC2.
  • Entity authentication with public key cryptography:
    • RSA with key sizes less than 2048 bits.
    • ECDSA -- Elliptic Curve Digital Signature Algorithm with key sizes of less than 224 bits.
  • Negotiating/setting up keys:
    • ECDH with key sizes of less than 224 bits.
  • Cryptographic data summarization (Hash):
    • MD5(Message Digest Algorithm 5).
    • SHA1(Secure Hash Algorithm).
  • Authentication and integrity:
    • HMAC based on the MD5 and SHA1 summarization algorithms.

In restricted modes RM1 and RM2 the enabled modules are:

  • Core Crypto Engine
  • State Manager
  • OATH Engine
  • SVault Engine
  • TSP Engine
  • XML DSig Engine

In NRM mode all modules are enabled.