Module Name
NITROXIII CNN35XX-NFBE HSM Family
Caveat
When operated in approved mode. When installed, initialized and configured as specified in Section 11 of the Security Policy. The module generates SSPs whose strengths are modified by available entropy
Security Level Exceptions
- Operational environment: N/A
- Non-invasive security: N/A
- Mitigation of other attacks: N/A
- Documentation requirements: N/A
- Cryptographic module security policy: N/A
Embodiment
Multi-Chip Embedded
Description
The NITROXIII CNN35XX-NFBE HSM Family module by Marvell (formerly Cavium Inc.) is a high-performance purpose-built security solution for crypto acceleration. The module provides a FIPS 140-3 overall Level 3 security solution. The module is deployed in a PCIe slot to provide crypto and TLS 1.0/1.1/1.2 acceleration in a secure manner to the system host. It is typically deployed in a server or an appliance to provide crypto offload. The module’s functions are accessed over the PCIe interface via an API defined by the module.
Allowed Algorithms
AES (Cert. #C819, key unwrapping provides 128, 192 or 256 bits of encryption strength. Per IG D.G.; Key unwrap only N3FIPS-OpenSSL-1.1.1-AES ECB mode: Decrypt; 128, 192 and 256 bits CBC mode: Decrypt: 128, 192 and 256 bits *Legacy use only);EC Diffie-Hellman with non-NIST recommended curves (Cert. #C829, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A. ; EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512));ECDSA with non-NIST recommended curves (Cert. #C825, provides 112, 128, 160, 192 or 256 bits of encryption strength. Per IG C.A. ; EC Key generation, sign, verify Secp224k1(112 bits), Secp256K1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512))
Hardware Versions
HW-1.0 (CNL3510-NFBE-G; CNL3510P-NFBE-G; CNL3530-NFBE-G; CNL3560-NFBE-G; CNL3560P-NFBE-G; CNN3510-NFBE-G; CNN3530-NFBE-G; CNN3560-NFBE-G; CNN3560P-NFBE-G); HW-2.0 (CNL3510-NFBE-2.0-G; CNL3510B-NFBE-2.0-G; CNL3510P-NFBE-2.0-G; CNL3510PB-NFBE-2.0-G; CNL3530-NFBE-2.0-G; CNL3530B-NFBE-2.0-G; CNL3560-NFBE-2.0-G; CNL3560B-NFBE-2.0-G; CNL3560P-NFBE-2.0-G; CNL3560PB-NFBE-2.0-G; CNN3505LP-NFBE-2.0-G; CNN3510-NFBE-2.0-G; CNN3510LP-NFBE-2.0-G; CNN3510LPB-NFBE-2.0-G; CNN3530-NFBE-2.0-G; CNN3560-NFBE-2.0-G; CNN3560P-NFBE-2.0-G); HW-3.0 (CNL3510-NFBE-3.0-G; CNL3510A-NFBE-3.0-G; CNL3510C-NFBE-3.0-G; CNL3510D-NFBE-3.0-G; CNL3510E-NFBE-3.0-G; CNL3510F-NFBE-3.0-G; CNL3510I-NFBE-3.0-G; CNL3510P-NFBE-3.0-G; CNL3530-NFBE-3.0-G; CNL3530A-NFBE-3.0-G; CNL3530B-NFBE-3.0-G; CNL3530C-NFBE-3.0-G; CNL3530D-NFBE-3.0-G; CNL3530E-NFBE-3.0-G; CNL3530F-NFBE-3.0-G; CNL3560-NFBE-3.0-G; CNL3560A-NFBE-3.0-G; CNL3560B-NFBE-3.0-G; CNL3560B-NFBE-3.0-G-FB; CNL3560C-NFBE-3.0-G; CNL3560D-NFBE-3.0-G; CNL3560E-NFBE-3.0-G; CNL3560F-NFBE-3.0-G; CNL3560P-NFBE-3.0-G; CNN3505LP-NFBE-3.0-G; CNN3505LPA-NFBE-3.0-G; CNN3505LPC-NFBE-3.0-G; CNN3505LPD-NFBE-3.0-G; CNN3505LPE-NFBE-3.0-G; CNN3505LPF-NFBE-3.0-G; CNN3510-NFBE-3.0-G; CNN3510A-NFBE-3.0-G; CNN3510C-NFBE-3.0-G; CNN3510D-NFBE-3.0-G; CNN3510E-NFBE-3.0-G; CNN3510F-NFBE-3.0-G; CNN3510LP-NFBE-3.0-G; CNN3510LPA-NFBE-3.0-G; CNN3510LPB-NFBE-3.0-G; CNN3510LPC-NFBE-3.0-G; CNN3510LPD-NFBE-3.0-G; CNN3510LPE-NFBE-3.0-G; CNN3510LPF-NFBE-3.0-G; CNN3530-NFBE-3.0-G; CNN3530A-NFBE-3.0-G; CNN3530C-NFBE-3.0-G; CNN3530D-NFBE-3.0-G; CNN3530E-NFBE-3.0-G; CNN3530F-NFBE-3.0-G; CNN3560-NFBE-3.0-G; CNN3560A-NFBE-3.0-G; CNN3560C-NFBE-3.0-G; CNN3560D-NFBE-3.0-G; CNN3560E-NFBE-3.0-G; CNN3560F-NFBE-3.0-G; CNN3560P-NFBE-3.0-G)
Firmware Versions
CNN35XX-NFBE-FW-2.09-0702, CNN35XX-NFBE-SMW-2.09-0702, CNN35XX-UBOOT-4.03-03