Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cryptographic Module Validation Program CMVP

Certificate #4703

Details

Module Name
Marvell LS2 HSM Family
Standard
FIPS 140-3
Status
Active
Sunset Date
6/5/2029
Overall Level
3
Caveat
When operated in approved mode. When installed, initialized and configured as specified in Section 11of the Security Policy
Security Level Exceptions
  • Operational environment: N/A
  • Non-invasive security: N/A
  • Mitigation of other attacks: N/A
  • Documentation requirements: N/A
  • Cryptographic module security policy: N/A
Module Type
Hardware
Embodiment
Multi-Chip Embedded
Description
The LS2 HSM module is a multi-chip PCIe adapter with firmware. It consists of multiple firmware components, including an operating system, applications exposing services and interfaces related to secure key management, crypto operations, and policy management of the module
Tested Configuration(s)
  • N/A
Approved Algorithms
AES-CBC
AES-CBC
AES-CCM
AES-CMAC
AES-CMAC
AES-CTR
AES-ECB
AES-GCM
AES-GCM
AES-GMAC
AES-KW
AES-KWP
Counter DRBG
ECDSA KeyGen (FIPS186-4)
ECDSA KeyGen (FIPS186-4)
ECDSA KeyVer (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigGen (FIPS186-4)
ECDSA SigVer (FIPS186-4)
Hash DRBG
HMAC-SHA-1
HMAC-SHA2-256
HMAC-SHA2-256
HMAC-SHA2-384
HMAC-SHA2-384
HMAC-SHA2-512
HMAC-SHA2-512
KAS-ECC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-ECC-SSC Sp800-56Ar3
KAS-IFC-SSC
KDA HKDF Sp800-56Cr1
KDA OneStep Sp800-56Cr1
KDA TwoStep Sp800-56Cr1
KDF ANS 9.63
KDF SP800-108
KDF TLS
KTS-IFC
KTS-IFC
PBKDF
RSA Decryption Primitive
RSA Decryption Primitive
RSA KeyGen (FIPS186-4)
RSA KeyGen (FIPS186-4)
RSA SigGen (FIPS186-4)
RSA Signature Primitive
RSA SigVer (FIPS186-4)
RSA SigVer (FIPS186-4)
SHA-1
SHA-1
SHA2-256
SHA2-256
SHA2-256
SHA2-384
SHA2-384
SHA2-512
SHA2-512
SHA3-224
SHA3-256
SHA3-384
SHA3-512
SHAKE-128
SHAKE-256
TDES-CBC
TDES-ECB
TDES-ECB
TDES-KW
Allowed Algorithms
AES (Cert A1947, Key unwrapping. Per IG D.G.; Legacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit);AES (Cert A1948, Key unwrapping. Per IG D.G; Legacy Key unwrap only • ECB mode: Decrypt; 128, 192, and 256-bit • CBC mode: Decrypt; 128, 192, and 256-bit);EC Diffie-Hellman with non-NIST recommended curves (Cert A1947, Provides between 112 and 256 bits of encryption strength. Per IGs D.F and C.A.; EC-DH Secp224k1(112 bits), Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512));ECDSA with non-NIST recommended curves (Cert A1947, Provides between 112 and 256 bits of encryption strength. Per IG C.A.; EC Key generation, sign Secp256K1 (128 bits) brainpoolP224r1(112 bits), brainpoolP256r1(128 bits), brainpoolP320r1(160 bits), brainpoolP384r1(192 bits), brainpoolP512r1(256 bits) FRP256v1 (128 bits) • Prime order curve, generated as per FIPS 186-4 Section 6.1.1 (SHA-1*, SHA2-224, SHA2-256, SHA2-384, SHA2-512))
Entropy
ENT (P)
Hardware Versions
LS2-G-A100-B0; LS2-G-A200-B0; LS2-G-A300-B0; LS2-G-A400-B0
Firmware Versions
MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.01-10; MARVELL-LS2-FW-10.02-1102, MARVELL-LS2-UBOOT-10.02-1200

Vendor

Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

Dhanalakshmi Saravanan
rdhana@marvell.com
Phone: 408-222-2500
Fax: 408-988-8279
Rajendar Kalwa
rkalwa@marvell.com
Phone: 408-222-2500
Fax: 408-988-8279

Validation History

Date Type Lab
6/6/2024 Initial LEIDOS CSTL