Releases for FIPS 140-3 Level 3 deployments

The following ProtectServer 3 HSM Firmware versions have been released to date for FIPS 140-3 Level 3 deployments:

• ProtectServer 3 HSM Firmware 7.03.01

Note

Thales recommends using matching minor versions of ProtectToolkit 7, the ProtectServer 3 HSM Firmware, and the ProtectServer 3 Network HSM Appliance Software for most deployments. Some new features and enhancements for a ProtectServer 3 HSM Firmware version listed below may require a specific version of ProtectToolkit 7. In such cases, the required ProtectToolkit 7 minor version is mentioned in parentheses.

If you are reconfiguring a ProtectServer 3 HSM deployment for FIPS 140-3 Level 3-compliance, read Advisory notes to take note of the operational changes that this firmware version introduces and reconfigure applications where necessary, before reconfiguring the deployment for 140-3 Level 3-compliance.

ProtectServer 3 HSM Firmware 7.03.01

Note

ProtectServer 3 HSM Firmware 7.03.01 includes all the changes that Thales introduced with the following firmware versions:

• ProtectServer 3 HSM Firmware 7.02.04

• ProtectServer 3 HSM Firmware 7.02.03

• ProtectServer 3 HSM Firmware 7.02.02

Refer to the CRN entries of the above mentioned firmware versions for more information about which features, enhancements, and advisory notes are applicable to ProtectServer 3 HSM Firmware 7.03.01.

• New features and enhancements

• Advisory notes

New features and enhancements

Advisory notes

Some mechanisms have new operational and key size restrictions in FIPS Mode

The EdDSA mechanism signature generation scheme is updated in FIPS mode as per section 7, appendix A.2.3 of the Digital Signature Standard.

• CKM_EDDSA

The ECDSA signature generation scheme is updated as per section 6.3.1, appendices A.3.1 and A.3.2 of the Digital Signature Standard.

New operational and key size restrictions apply to the following mechanisms when they are used in FIPS mode:

• CKM_ECDSA_SHA3_224 - new minimum modulus.

• CKM_ECDSA_SHA3_256 - new minimum modulus.

• CKM_ECDSA_SHA3_384 - new minimum modulus.

• CKM_ECDSA_SHA3_512 - new minimum modulus.

• CKM_ECDSA_SHA224 - new minimum modulus.

• CKM_ECDSA_SHA256 - new minimum modulus.

• CKM_ECDSA_SHA384 - new minimum modulus.

• CKM_ECDSA_SHA512 - new minimum modulus.

• ProtectServer 3 HSM Firmware 7.03.00

ProtectServer 3 HSM Firmware 7.03.00

Note

ProtectServer 3 HSM Firmware 7.03.00 does not include all the changes that Thales introduced with the following firmware versions:

• ProtectServer 3 HSM Firmware 7.02.04

• ProtectServer 3 HSM Firmware 7.02.03

• ProtectServer 3 HSM Firmware 7.02.02

Refer to the CRN entries of the abovementioned firmware versions for more information about which features, enhancements, and advisory notes are not applicable to ProtectServer 3 HSM Firmware 7.03.00.

• New features and enhancements

• Advisory notes

New features and enhancements

ProtectServer 3 HSM Firmware 7.03.00 supports the latest features and enhancements introduced with ProtectToolkit 7.3.0, resolves various known issues described in Known and resolved issues, and introduces other new features and enhancements.

ProtectServer 3 HSM factory reset capability (requires ProtectToolkit 7.3.0)

The ProtectServer 3 HSM can be reset to factory settings, erasing all cryptographic objects, ProtectServer identity keys and certificates, and functionality modules (FMs). For more information, refer to Resetting the HSM to factory settings.

ProtectServer 3 HSM runs periodic self-tests

The ProtectServer 3 HSM now runs periodic self-tests (PSTs) without any user intervention or on demand external triggers. For more information about these periodic self-tests, refer to Self-tests.

Advisory notes

This section highlights important issues you should be aware of before deploying ProtectServer 3 HSM Firmware 7.03.00.

New FIPS restrictions for RSA and ECC signing key pairs

New RSA and ECC signing key pairs can be generated and used for signing and verification operations only.

Minimum PIN length increased from 4 characters to 8 characters in FIPS Mode

When the FIPS Algorithms Only security flag is set, all PINs, with the exception of smart card PINs, must be 8 to 32 characters in length. If PINs that are less than 8 characters long are carried over to FIPS Mode, you can continue using the PINs but are blocked from completing cryptographic operations until the PIN is reset.

CKM_KEY_WRAP_SET_OAEP not supported in FIPS Mode

CKM_KEY_WRAP_SET_OAEP can no longer be used in FIPS Mode.

Some mechanisms have new operational and key size restrictions in FIPS Mode

New operational and key size restrictions apply to the following mechanisms when they are used in FIPS mode:

• CKM_DES3_CBC - no encryption.

• CKM_DES3_CBC_PAD - no encryption.

• CKM_DES3_CMAC - no signing.

• CKM_DES3_CMAC_GENERAL - no signing.

• CKM_DES3_ECB - no encryption.

• CKM_DES3_ECB_PAD - no encryption.

• CKM_DES3_OFB64 - no encryption.

• CKM_DSA - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA1 - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA1_PKCS - new minimum modulus.

• CKM_DSA_SHA224 - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA224_PKCS - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA256 - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA256_PKCS - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA384 - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA384_PKCS - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA512 - new minimum prime modulus and subprime modulus.

• CKM_DSA_SHA512_PKCS - new minimum prime modulus and subprime modulus.

• CKM_ECDH1_DERIVE - new minimum modulus and key size restrictions. CKD_NULL key derivation function (KDF) cannot be used.

• CKM_ECDSA_SHA3_224 - new minimum modulus.

• CKM_ECDSA_SHA3_256 - new minimum modulus.

• CKM_ECDSA_SHA3_384 - new minimum modulus.

• CKM_ECDSA_SHA3_512 - new minimum modulus.

• CKM_ECDSA_SHA224 - new minimum modulus.

• CKM_ECDSA_SHA256 - new minimum modulus.

• CKM_ECDSA_SHA384 - new minimum modulus.

• CKM_ECDSA_SHA512 - new minimum modulus.

• CKM_RSA_PKCS - no wrapping or unwrapping. New minimum key size restrictions.

• CKM_RSA_PKCS_OAEP - new minimum modulus and key size restrictions.

• CKM_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA1_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA1_RSA_PKCS_PSS - no signing, new salt length requirements, and new minimum key size restrictions.

• CKM_SHA224_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA224_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA256_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA256_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA3_224_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA3_224_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA3_256_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA3_256_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA3_384_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA3_384_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA3_512_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA3_512_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA384_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA384_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_SHA512_RSA_PKCS - new minimum key size restrictions.

• CKM_SHA512_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.

• CKM_TDEA_TKW - no wrapping.