Releases for FIPS 140-3 Level 3 deployments
The following ProtectServer 3 HSM Firmware versions have been released to date for FIPS 140-3 Level 3 deployments:
Note
Thales recommends using matching minor versions of ProtectToolkit 7, the ProtectServer 3 HSM Firmware, and the ProtectServer 3 Network HSM Appliance Software for most deployments. Some new features and enhancements for a ProtectServer 3 HSM Firmware version listed below may require a specific version of ProtectToolkit 7. In such cases, the required ProtectToolkit 7 minor version is mentioned in parentheses.
If you are reconfiguring a ProtectServer 3 HSM deployment for FIPS 140-3 Level 3-compliance, read Advisory notes to take note of the operational changes that this firmware version introduces and reconfigure applications where necessary, before reconfiguring the deployment for 140-3 Level 3-compliance.
ProtectServer 3 HSM Firmware 7.03.01
Note
ProtectServer 3 HSM Firmware 7.03.01 includes all the changes that Thales introduced with the following firmware versions:
Refer to the CRN entries of the above mentioned firmware versions for more information about which features, enhancements, and advisory notes are applicable to ProtectServer 3 HSM Firmware 7.03.01.
New features and enhancements
Advisory notes
Some mechanisms have new operational and key size restrictions in FIPS Mode
The EdDSA mechanism signature generation scheme is updated in FIPS mode as per section 7, appendix A.2.3 of the Digital Signature Standard.
The ECDSA signature generation scheme is updated as per section 6.3.1, appendices A.3.1 and A.3.2 of the Digital Signature Standard.
New operational and key size restrictions apply to the following mechanisms when they are used in FIPS mode:
-
CKM_ECDSA_SHA3_224 - new minimum modulus.
-
CKM_ECDSA_SHA3_256 - new minimum modulus.
-
CKM_ECDSA_SHA3_384 - new minimum modulus.
-
CKM_ECDSA_SHA3_512 - new minimum modulus.
-
CKM_ECDSA_SHA224 - new minimum modulus.
-
CKM_ECDSA_SHA256 - new minimum modulus.
-
CKM_ECDSA_SHA384 - new minimum modulus.
-
CKM_ECDSA_SHA512 - new minimum modulus.
ProtectServer 3 HSM Firmware 7.03.00
Note
ProtectServer 3 HSM Firmware 7.03.00 does not include all the changes that Thales introduced with the following firmware versions:
Refer to the CRN entries of the abovementioned firmware versions for more information about which features, enhancements, and advisory notes are not applicable to ProtectServer 3 HSM Firmware 7.03.00.
New features and enhancements
ProtectServer 3 HSM Firmware 7.03.00 supports the latest features and enhancements introduced with ProtectToolkit 7.3.0, resolves various known issues described in Known and resolved issues, and introduces other new features and enhancements.
ProtectServer 3 HSM factory reset capability (requires ProtectToolkit 7.3.0)
The ProtectServer 3 HSM can be reset to factory settings, erasing all cryptographic objects, ProtectServer identity keys and certificates, and functionality modules (FMs). For more information, refer to Resetting the HSM to factory settings.
ProtectServer 3 HSM runs periodic self-tests
The ProtectServer 3 HSM now runs periodic self-tests (PSTs) without any user intervention or on demand external triggers. For more information about these periodic self-tests, refer to Self-tests.
Advisory notes
This section highlights important issues you should be aware of before deploying ProtectServer 3 HSM Firmware 7.03.00.
New FIPS restrictions for RSA and ECC signing key pairs
New RSA and ECC signing key pairs can be generated and used for signing and verification operations only.
Minimum PIN length increased from 4 characters to 8 characters in FIPS Mode
When the FIPS Algorithms Only security flag is set, all PINs, with the exception of smart card PINs, must be 8 to 32 characters in length. If PINs that are less than 8 characters long are carried over to FIPS Mode, you can continue using the PINs but are blocked from completing cryptographic operations until the PIN is reset.
CKM_KEY_WRAP_SET_OAEP not supported in FIPS Mode
CKM_KEY_WRAP_SET_OAEP can no longer be used in FIPS Mode.
Some mechanisms have new operational and key size restrictions in FIPS Mode
New operational and key size restrictions apply to the following mechanisms when they are used in FIPS mode:
-
CKM_DES3_CBC - no encryption.
-
CKM_DES3_CBC_PAD - no encryption.
-
CKM_DES3_CMAC - no signing.
-
CKM_DES3_CMAC_GENERAL - no signing.
-
CKM_DES3_ECB - no encryption.
-
CKM_DES3_ECB_PAD - no encryption.
-
CKM_DES3_OFB64 - no encryption.
-
CKM_DSA - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA1 - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA1_PKCS - new minimum modulus.
-
CKM_DSA_SHA224 - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA224_PKCS - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA256 - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA256_PKCS - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA384 - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA384_PKCS - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA512 - new minimum prime modulus and subprime modulus.
-
CKM_DSA_SHA512_PKCS - new minimum prime modulus and subprime modulus.
-
CKM_ECDH1_DERIVE - new minimum modulus and key size restrictions. CKD_NULL key derivation function (KDF) cannot be used.
-
CKM_ECDSA_SHA3_224 - new minimum modulus.
-
CKM_ECDSA_SHA3_256 - new minimum modulus.
-
CKM_ECDSA_SHA3_384 - new minimum modulus.
-
CKM_ECDSA_SHA3_512 - new minimum modulus.
-
CKM_ECDSA_SHA224 - new minimum modulus.
-
CKM_ECDSA_SHA256 - new minimum modulus.
-
CKM_ECDSA_SHA384 - new minimum modulus.
-
CKM_ECDSA_SHA512 - new minimum modulus.
-
CKM_RSA_PKCS - no wrapping or unwrapping. New minimum key size restrictions.
-
CKM_RSA_PKCS_OAEP - new minimum modulus and key size restrictions.
-
CKM_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA1_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA1_RSA_PKCS_PSS - no signing, new salt length requirements, and new minimum key size restrictions.
-
CKM_SHA224_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA224_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA256_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA256_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA3_224_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA3_224_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA3_256_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA3_256_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA3_384_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA3_384_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA3_512_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA3_512_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA384_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA384_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_SHA512_RSA_PKCS - new minimum key size restrictions.
-
CKM_SHA512_RSA_PKCS_PSS - new salt length requirements and minimum key size restrictions.
-
CKM_TDEA_TKW - no wrapping.
