Luna HSM Firmware 7.7.0

Luna HSM firmware 7.7.0 was released in October 2020. It includes bug fixes and updated FIPS compliance requirements, and is the FIPS-validated firmware version recommended by Thales.

>Download Luna HSM Firmware 7.7.0

Refer to NIST certificate #4090 for FIPS 140-2 Level 3 certification:

https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/4090

This release is certified under the Common Criteria standard. The certificates are posted here:

>https://www.commoncriteriaportal.org/files/epfiles/CC-20-195307.pdf

>CC Certificate -- Thales Luna K7 HSM

This release is certified under the eIDAS standard and the certificate is posted here:

>https://www.tuv-nederland.nl/assets/files/cerfiticaten/2021/02/eidas-certificate-luna-k7-20-195307-2.pdf

New Features and Enhancements

Luna HSM firmware 7.7.0 includes the following new features and enhancements:

Scalable Key Storage

Scalable Key Storage is an optional feature that allows off-board storage of keys and objects in quantities greater than the capacity of a cryptographic module (HSM) - virtually unlimited storage, for use with your RSS (Remote Signing and Sealing) and other applications that require thousands or millions of keys. An SKS Master Key (SMK, which never leaves the crypto module) securely encrypts extracted keys and objects, such that they remain within the cryptographic module's security perimeter, and can be reinserted (decrypted inside the crypto module) for immediate use by your application.

Preserves key attributes through the life-cycle of a key.

Provides the option of new SKS function, or classic Luna "keys always in hardware" operation, on a partition-by-partition basis.

This feature also requires Luna HSM Client 10.3.0 or newer.

Per-Key Authorization

Per-Key Authorization allows granular control of key material for applications requiring high assurance by providing authorization on a per-key basis.

This feature also requires Luna HSM Client 10.3.0 or newer.

Initialize the Orange RPV Key Remotely

You can now initialize the Luna PCIe HSM 7's Remote PED Vector (orange key) using a Luna PED connected to a remote workstation running PEDserver. A one-time numeric password is used to authenticate the Remote PED to the HSM before initializing the RPV. This optional method is useful if the HSM SO only has remote SSH access to the HSM host. The HSM must be in a zeroized state (uninitialized), for security. Your firewall settings must allow an HSM-initiated Remote PED connection.

See Initializing the Remote PED Vector and Creating an Orange Remote PED key.

This feature also requires Luna HSM Client 10.3.0.

3GPP Cryptography for 5G Mobile Networks

The new 3GPP crypto functions support the authentication and re-synchronization of a mobile device to the back-end authentication center (AUC). Milenage, Tuak and Comp128 algorithms are available and are relevant to 2/2.5G, 3G, 4G(LTE) and newer 5G mobile networks. The primary benefit of using the Luna HSM ensures that the subscribers key (Ki) is never exposed in the clear outside the security perimeter of a hardware security device. Optionally the Operators Variant string (OP) may also be encrypted under a storage key only found inside the HSM. See 3GPP Mechanisms for 5G Mobile Networks.

SM2/SM4 Support

SM2 is comparable to Elliptic Curve (EC) in terms of key structure though the signing algorithm is different. SM2 is required for sign/verify. There is a new key type CKK_SM2. SM4 is comparable to Advanced Encryption Standard (AES-128) in terms of key size though the encryption algorithm is different. SM4 is required for encrypt/decrypt (modes ECB, CBC, CBC-PAD). There is a new key type CKK_SM4. See SM2/SM4 Mechanisms.

SHA-3 Function Support

This provides a guide to using the SHA-3 crypto functions in the Luna HSM. The SHA-3 implementation conforms to the NIST publication FIPS PUB 202. The SHA-3 hash algorithm has been implemented in the K7 FW. This provides the ability to send message data to the Luna HSM in order to receive the SHA-3 digest of the data. The algorithm is implemented for digest bit lengths of 224, 256, 384 and 512 similar to the SHA-2 family of hash algorithms. Other mechanisms that make use of a digest include support for SHA-3 by either specifying the mechanism type or specifying mechanism parameters. See SHA-3 Mechanisms.

Updated Bootloader

The bootloader 1.1.5, when contained in an HSM release, or when added by patch, provides important security updates. It does not affect the Common Criteria validated status of the HSM, as indicated by the report at the following link

MaintenanceReport (commoncriteriaportal.org)

Valid Update Paths

You can update the Luna HSM firmware to version 7.7.0 from the following previous versions:

>7.0.1, 7.0.2, 7.0.3, 7.1.0, 7.2.0, 7.3.0, 7.3.3, 7.4.0

Special Considerations for Luna HSM Firmware 7.7.0 and Newer

Luna HSM Firmware 7.7.0 introduces new capabilities, features, and other significant changes that affect the operation of the HSM. Due to some of these changes, you must be aware of some special considerations before updating to Luna HSM Firmware 7.7.0 or newer. For more information, refer to Special Considerations for Luna HSM Firmware 7.7.0 and Newer before proceeding with the update.

Advisory Notes

This section highlights important issues you should be aware of before deploying HSM firmware 7.7.0.

3DES Usage Counter

For Luna HSM Firmware 7.7.0 and newer, triple-DES keys have a usage counter that limits each key instance to encrypting a maximum of 2^16 8-byte blocks of data when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms is set to 0). When the counter runs out for a key instance, that key instance can no longer be used for encryption or wrapping or deriving or signing, but can still be used for decrypting and unwrapping and verifying pre-existing objects.

The CKA_BYTES_REMAINING attribute is available when HSM policy 12: Allow non-FIPS algorithms is set to 0, but cannot be viewed if that policy is set to 1.

The attribute is preserved during backup/restore using a Luna Backup HSM 7; restoring puts the counter back to whatever value it had before backup.

The attribute is not preserved through backup/restore using a Luna Backup HSM G5; restoring sets the counter to like-new state (no usage).

FIPS Changes in Luna HSM Firmware 7.7.0 and Newer

New restrictions have been added to some mechanisms when the HSM is in FIPS mode (HSM policy 12: Allow non-FIPS algorithms set to OFF), to comply with FIPS SP800-131a Rev2, published in March 2019.

Mechanisms not permitted to wrap objects in FIPS mode

The following mechanisms are not permitted to wrap objects in FIPS mode (unwrap operations are permitted):

>CKM_AES_CBC

>CKM_AES_CBC_PAD

>CKM_AES_CTR

>CKM_AES_ECB

>CKM_DES3_CBC

>CKM_DES3_CBC_PAD

>CKM_DES3_CTR

>CKM_DES3_ECB

>CKM_RSA_PKCS

Mechanisms not permitted to sign data in FIPS mode

The following mechanisms are not permitted to sign data in FIPS mode (verify operations are permitted):

>CKM_AES_MAC

>CKM_AES_MAC_GENERAL

>CKM_DES3_MAC

>CKM_DES3_MAC_GENERAL

>CKM_DSA_SHA1

>CKM_ECDSA_SHA1

>CKM_SHA1_RSA_PKCS

>CKM_SHA1_RSA_PKCS_PSS

>CKM_SHA1_RSA_X9_31